Commit a34c4091 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Ripe out Kbind

parent 317d04a5
......@@ -24,7 +24,6 @@
#include <ac/time.h>
#include <ac/unistd.h>
#include <lber.h>
#include <ldap.h>
#include "slurp.h"
......@@ -64,7 +63,7 @@ doargs(
g->myname = strdup( g->myname + 1 );
}
while ( (i = getopt( argc, argv, "hd:f:r:t:k:o" )) != EOF ) {
while ( (i = getopt( argc, argv, "hd:f:r:t:o" )) != EOF ) {
switch ( i ) {
case 'd': /* set debug level and 'do not detach' flag */
g->no_detach = 1;
......@@ -114,13 +113,6 @@ doargs(
g->slurpd_rdir = (char *)malloc (strlen(optarg) + strlen("/replica") + 1);
sprintf(g->slurpd_rdir, "%s/replica", optarg);
break;
case 'k': /* name of kerberos srvtab file */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
g->default_srvtab = strdup( optarg );
#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
fprintf( stderr, "must compile with KERBEROS to use -k option\n" );
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
break;
case 'h':
usage( g->myname );
return( -1 );
......
......@@ -25,7 +25,6 @@
#include <ac/socket.h>
#include <ac/ctype.h>
#include <lber.h>
#include <ldap.h>
#include "slurp.h"
......@@ -299,7 +298,7 @@ add_replica(
* Parse a "replica" line from the config file. replica lines should be
* in the following format:
* replica host=<hostname:portnumber> binddn=<binddn>
* bindmethod="simple|kerberos" credentials=<creds>
* bindmethod="simple" credentials=<creds>
*
* where:
* <hostname:portnumber> describes the host name and port number where the
......@@ -307,12 +306,10 @@ add_replica(
*
* <binddn> is the DN to bind to the replica slapd as,
*
* bindmethod is either "simple" or "kerberos", and
* bindmethod is "simple", and
*
* <creds> are the credentials (e.g. password) for binddn. <creds> are
* only used for bindmethod=simple. For bindmethod=kerberos, the
* credentials= option should be omitted. Credentials for kerberos
* authentication are in the system srvtab file.
* only used for bindmethod=simple.
*
* The "replica" config file line may be split across multiple lines. If
* a line begins with whitespace, it is considered a continuation of the
......@@ -355,21 +352,10 @@ parse_replica_line(
strlen( BINDMETHSTR ))) {
val = cargv[ i ] + strlen( BINDMETHSTR ) + 1;
if ( !strcasecmp( val, KERBEROSSTR )) {
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
ri->ri_bind_method = AUTH_KERBEROS;
if ( ri->ri_srvtab == NULL ) {
ri->ri_srvtab = strdup( sglob->default_srvtab );
}
gots |= GOT_METHOD;
#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
fprintf( stderr, "Error: a bind method of \"kerberos\" was\n" );
fprintf( stderr, "specified in the slapd configuration file,\n" );
fprintf( stderr, "but slurpd was not built with kerberos.\n" );
fprintf( stderr, "You must rebuild the LDAP release with\n" );
fprintf( stderr, "kerberos support if you wish to use\n" );
fprintf( stderr, "bindmethod=kerberos\n" );
fprintf( stderr, "specified in the slapd configuration file.\n" );
fprintf( stderr, "slurpd no longer supports Kerberos.\n" );
exit( EXIT_FAILURE );
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
} else if ( !strcasecmp( val, SIMPLESTR )) {
ri->ri_bind_method = AUTH_SIMPLE;
gots |= GOT_METHOD;
......
......@@ -27,14 +27,6 @@
#include <ac/time.h>
#include <ac/unistd.h>
#include <ac/krb.h>
#if defined( STR_TRANSLATION ) && defined( LDAP_DEFAULT_CHARSET )
/* Get LDAP->ld_lberoptions. Must precede slurp.h, both define ldap_debug. */
#include "../../libraries/libldap/ldap-int.h"
#endif
#include <lber.h>
#include <ldap.h>
#include "slurp.h"
......@@ -50,19 +42,10 @@ static void free_ldapmod LDAP_P(( LDAPMod * ));
static void free_ldmarr LDAP_P(( LDAPMod ** ));
static int getmodtype LDAP_P(( char * ));
static void dump_ldm_array LDAP_P(( LDAPMod ** ));
static char **read_krbnames LDAP_P(( Ri * ));
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
static void upcase LDAP_P(( char * ));
#endif
static int do_bind LDAP_P(( Ri *, int * ));
static int do_unbind LDAP_P(( Ri * ));
static char *kattrs[] = {"kerberosName", NULL };
static struct timeval kst = {30L, 0L};
/*
* Determine the type of ldap operation being performed and call the
* appropriate routine.
......@@ -431,7 +414,7 @@ op_ldap_modrdn(
Debug( LDAP_DEBUG_ANY,
"Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
mi[ i ].mi_val, 0, 0 );
*errmsg = "Multiple newrdn argument";
*errmsg = "Multiple newsuperior argument";
return -1;
}
......@@ -784,81 +767,3 @@ dump_ldm_array(
}
}
}
/*
* Get the kerberos names from the binddn for "replica" via an ldap search.
* Returns a null-terminated array of char *, or NULL if the entry could
* not be found or there were no kerberosName attributes. The caller is
* responsible for freeing the returned array and strings it points to.
*/
static char **
read_krbnames(
Ri *ri
)
{
int rc;
char **krbnames;
int ne;
LDAPMessage *result, *entry;
/* First need to bind as NULL */
rc = ldap_simple_bind_s( ri->ri_ldp, NULL, NULL );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"Error: null bind failed getting krbnames for %s:%d: %s\n",
ri->ri_hostname, ri->ri_port, ldap_err2string( rc ));
return( NULL );
}
rc = ldap_search_st( ri->ri_ldp, ri->ri_bind_dn, LDAP_SCOPE_BASE,
NULL, kattrs, 0, &kst, &result );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"Error: search failed getting krbnames for %s:%d: %s\n",
ri->ri_hostname, ri->ri_port, ldap_err2string( rc ));
return( NULL );
}
ne = ldap_count_entries( ri->ri_ldp, result );
if ( ne == 0 ) {
Debug( LDAP_DEBUG_ANY,
"Error: Can't find entry \"%s\" for %s:%d kerberos bind\n",
ri->ri_bind_dn, ri->ri_hostname, ri->ri_port );
return( NULL );
}
if ( ne > 1 ) {
Debug( LDAP_DEBUG_ANY,
"Error: Kerberos binddn \"%s\" for %s:%dis ambiguous\n",
ri->ri_bind_dn, ri->ri_hostname, ri->ri_port );
return( NULL );
}
entry = ldap_first_entry( ri->ri_ldp, result );
if ( entry == NULL ) {
Debug( LDAP_DEBUG_ANY,
"Error: Can't find \"%s\" for kerberos binddn for %s:%d\n",
ri->ri_bind_dn, ri->ri_hostname, ri->ri_port );
return( NULL );
}
krbnames = ldap_get_values( ri->ri_ldp, entry, "kerberosName" );
ldap_msgfree( result );
return( krbnames );
}
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
/*
* upcase a string
*/
static void
upcase(
char *s
)
{
char *p;
for ( p = s; ( p != NULL ) && ( *p != '\0' ); p++ ) {
*p = TOUPPER( (unsigned char) *p );
}
}
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment