IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Search for users in all the naming contexts present on the directory server.

Browse Source 
ticket 1655, 1656
This commit is contained in:
Jan Cholasta 2011-08-23 10:53:22 +02:00 committed by Rob Crittenden
parent aa2bd245bf
commit a797f907ee
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
daemons/ipa-kpasswd/ipa_kpasswd.c
View File

@ -322,7 +322,6 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
char hostname[1024]; char hostname[1024];
char *uri; char *uri;
struct berval **ncvals; struct berval **ncvals;
char *ldap_base = NULL;
char *filter; char *filter;
char *attrs[] = {"krbprincipalname", NULL}; char *attrs[] = {"krbprincipalname", NULL};
char *root_attrs[] = {"namingContexts", NULL}; char *root_attrs[] = {"namingContexts", NULL};
@ -340,6 +339,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
int ret, rc; int ret, rc;
int fd; int fd;
int kpwd_err = KRB5_KPASSWD_HARDERROR; int kpwd_err = KRB5_KPASSWD_HARDERROR;
int i;
tmp_file = strdup(TMP_TEMPLATE); tmp_file = strdup(TMP_TEMPLATE);
if (!tmp_file) { if (!tmp_file) {
@ -410,7 +410,6 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
} }
/* find base dn */ /* find base dn */
/* TODO: address the case where we have multiple naming contexts */
tv.tv_sec = 10; tv.tv_sec = 10;
tv.tv_usec = 0; tv.tv_usec = 0;
@ -433,10 +432,8 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
goto done; goto done;
} }
ldap_base = strdup(ncvals[0]->bv_val);
ldap_value_free_len(ncvals);
ldap_msgfree(res); ldap_msgfree(res);
res = NULL;
/* find user dn */ /* find user dn */
ret = asprintf(&filter, "krbPrincipalName=%s", client_name); ret = asprintf(&filter, "krbPrincipalName=%s", client_name);
@ -448,8 +445,26 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
tv.tv_sec = 10; tv.tv_sec = 10;
tv.tv_usec = 0; tv.tv_usec = 0;
ret = ldap_search_ext_s(ld, ldap_base, LDAP_SCOPE_SUBTREE, for (i = 0; !userdn && ncvals[i]; i++) {
filter, attrs, 1, NULL, NULL, &tv, 0, &res); ret = ldap_search_ext_s(ld, ncvals[i]->bv_val,
LDAP_SCOPE_SUBTREE, filter, attrs, 1,
NULL, NULL, &tv, 0, &res);
if (ret != LDAP_SUCCESS) {
break;
}
/* for now just use the first result we get */
entry = ldap_first_entry(ld, res);
if (entry) {
userdn = ldap_get_dn(ld, entry);
}
ldap_msgfree(res);
res = NULL;
}
ldap_value_free_len(ncvals);
if (ret != LDAP_SUCCESS) { if (ret != LDAP_SUCCESS) {
syslog(LOG_ERR, "Search for %s failed with error %d", syslog(LOG_ERR, "Search for %s failed with error %d",
@ -460,14 +475,9 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
} }
goto done; goto done;
} }
free(filter); free(filter);
filter = NULL;
/* for now just use the first result we get */
entry = ldap_first_entry(ld, res);
userdn = ldap_get_dn(ld, entry);
ldap_msgfree(res);
res = NULL;
if (!userdn) { if (!userdn) {
syslog(LOG_ERR, "No userdn, can't change password!"); syslog(LOG_ERR, "No userdn, can't change password!");
@ -651,6 +661,7 @@ done:
if (control) ber_bvfree(control); if (control) ber_bvfree(control);
free(exterr1); free(exterr1);
free(exterr2); free(exterr2);
free(filter);
free(userdn); free(userdn);
if (ld) ldap_unbind_ext(ld, NULL, NULL); if (ld) ldap_unbind_ext(ld, NULL, NULL);
if (tmp_file) { if (tmp_file) {