refine previous commit

[openldap] / contrib / slapd-modules / smbk5pwd / smbk5pwd.c

diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
index fc881db5522d2e81c318e8d213c7140035e49b73..278b3c7ca5ea41b0178d00315f0b777da3fa7406 100644 (file)
--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
@@ -12,6 +12,12 @@
  * top-level directory of the distribution or, alternatively, at
  * <http://www.OpenLDAP.org/license.html>.
  */
+/*
+ * Support for sambaPwdMustChange added by Marco D'Ettorre.
+ * Support for table-driven configuration added by Pierangelo Masarati.
+ *
+ * The conditions of the OpenLDAP Public License apply.
+ */
 
 #include <portable.h>
 
@@ -666,6 +672,12 @@ smbk5pwd_cf_func( ConfigArgs *c )
        switch( c->type ) {
        case PC_SMB_MUST_CHANGE:
 #ifdef DO_SAMBA
+               if ( c->value_int < 0 ) {
+                       Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+                               "<%s> invalid negative value \"%d\".",
+                               c->log, c->argv[ 0 ], 0 );
+                       return 1;
+               }
                pi->smb_must_change = c->value_int;
 #else /* ! DO_SAMBA */
                Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
@@ -677,22 +689,27 @@ smbk5pwd_cf_func( ConfigArgs *c )
                break;
 
        case PC_SMB_ENABLE: {
-               slap_mask_t     m;
+               slap_mask_t     mode = pi->mode, m;
 
                rc = verbs_to_mask( c->argc, c->argv, smbk5pwd_modules, &m );
-               if ( rc ) {
+               if ( rc > 0 ) {
                        Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                                "<%s> unknown module \"%s\".\n",
                                c->log, c->argv[ 0 ], c->argv[ rc ] );
                        return 1;
                }
+
+               /* we can hijack the smbk5pwd_t structure because
+                * from within the configuration, this is the only
+                * active thread. */
                pi->mode |= m;
 
 #ifndef DO_KRB5
                if ( SMBK5PWD_DO_KRB5( pi ) ) {
                        Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                                "<%s> module \"%s\" only allowed when compiled with -DDO_KRB5.\n",
-                               c->log, c->argv[ 0 ], c->argv[ i ] );
+                               c->log, c->argv[ 0 ], c->argv[ rc ] );
+                       pi->mode = mode;
                        return 1;
                }
 #endif /* ! DO_KRB5 */
@@ -701,7 +718,8 @@ smbk5pwd_cf_func( ConfigArgs *c )
                if ( SMBK5PWD_DO_SAMBA( pi ) ) {
                        Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                                "<%s> module \"%s\" only allowed when compiled with -DDO_SAMBA.\n",
-                               c->log, c->argv[ 0 ], c->argv[ i ] );
+                               c->log, c->argv[ 0 ], c->argv[ rc ] );
+                       pi->mode = mode;
                        return 1;
                }
 #endif /* ! DO_SAMBA */
@@ -709,9 +727,12 @@ smbk5pwd_cf_func( ConfigArgs *c )
                {
                        BackendDB       db = *c->be;
 
+                       /* Re-initialize the module, because
+                        * the configuration might have changed */
                        db.bd_info = (BackendInfo *)on;
                        rc = smbk5pwd_modules_init( pi );
                        if ( rc ) {
+                               pi->mode = mode;
                                return 1;
                        }
                }
@@ -737,7 +758,7 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
                extern HDB      *_kadm5_s_get_db(void *);
 
                /* Make sure all of our necessary schema items are loaded */
-               oc_krb5KDCEntry = oc_find("krb5KDCEntry");
+               oc_krb5KDCEntry = oc_find( "krb5KDCEntry" );
                if ( !oc_krb5KDCEntry ) {
                        Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                                "unable to find \"krb5KDCEntry\" objectClass.\n",
@@ -746,6 +767,7 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
                        goto cleanup_krb5;
                }
 
+               ad_krb5Key = NULL;
                rc = slap_str2ad( "krb5Key", &ad_krb5Key, &text );
                if ( rc != LDAP_SUCCESS ) {
                        Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
@@ -754,6 +776,7 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
                        goto cleanup_krb5;
                }
 
+               ad_krb5KeyVersionNumber = NULL;
                rc = slap_str2ad( "krb5KeyVersionNumber", &ad_krb5KeyVersionNumber, &text );
                if ( rc != LDAP_SUCCESS ) {
                        Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
@@ -762,6 +785,7 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
                        goto cleanup_krb5;
                }
 
+               ad_krb5PrincipalName = NULL;
                rc = slap_str2ad( "krb5PrincipalName", &ad_krb5PrincipalName, &text );
                if ( rc != LDAP_SUCCESS ) {
                        Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
@@ -780,13 +804,15 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
                        goto cleanup_krb5;
                }
 
-               ret = kadm5_s_init_with_password_ctx( context,
-                       KADM5_ADMIN_SERVICE,
-                       NULL,
-                       KADM5_ADMIN_SERVICE,
-                       &conf, 0, 0, &kadm_context );
+               if ( context == NULL ) {
+                       ret = kadm5_s_init_with_password_ctx( context,
+                               KADM5_ADMIN_SERVICE,
+                               NULL,
+                               KADM5_ADMIN_SERVICE,
+                               &conf, 0, 0, &kadm_context );
        
-               db = _kadm5_s_get_db(kadm_context);
+                       db = _kadm5_s_get_db( kadm_context );
+               }
 
                if ( 0 ) {
 cleanup_krb5:;
@@ -808,6 +834,7 @@ cleanup_krb5:;
                        goto cleanup_samba;
                }
 
+               ad_sambaLMPassword = NULL;
                rc = slap_str2ad( "sambaLMPassword", &ad_sambaLMPassword, &text );
                if ( rc != LDAP_SUCCESS ) {
                        Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
@@ -816,18 +843,27 @@ cleanup_krb5:;
                        goto cleanup_samba;
                }
 
+               ad_sambaNTPassword = NULL;
                rc = slap_str2ad( "sambaNTPassword", &ad_sambaNTPassword, &text );
                if ( rc != LDAP_SUCCESS ) {
                        Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
-                               "unable to find \"sambaLMPassword\" attributeType: %s (%d).\n",
+                               "unable to find \"sambaNTPassword\" attributeType: %s (%d).\n",
                                text, rc, 0 );
                        goto cleanup_samba;
                }
 
-               rc = slap_str2ad( "sambaPwdLastSet", &ad_sambaPwdLastSet, &text );
+               ad_sambaPwdLastSet = NULL;
                if ( rc != LDAP_SUCCESS ) {
                        Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
-                               "unable to find \"sambaLMPassword\" attributeType: %s (%d).\n",
+                               "unable to find \"sambaPwdLastSet\" attributeType: %s (%d).\n",
+                               text, rc, 0 );
+                       goto cleanup_samba;
+               }
+
+               ad_sambaPwdMustChange = NULL;
+               if ( rc != LDAP_SUCCESS ) {
+                       Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+                               "unable to find \"sambaPwdMustChange\" attributeType: %s (%d).\n",
                                text, rc, 0 );
                        goto cleanup_samba;
                }
@@ -836,6 +872,7 @@ cleanup_krb5:;
 cleanup_samba:;
                        oc_sambaSamAccount = NULL;
 
+
                        return rc;
                }
        }