From: Howard Chu Date: Tue, 9 Jan 2007 23:48:28 +0000 (+0000) Subject: ITS#4799 remove all references to kbind X-Git-Tag: OPENLDAP_REL_ENG_2_4_4ALPHA~8^2~225 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9ece06c8f565f8df9e61685d56a5fc6e4a066d01;p=openldap ITS#4799 remove all references to kbind --- diff --git a/libraries/libldap/Makefile.in b/libraries/libldap/Makefile.in index 76a63b899b..8b62c45cc1 100644 --- a/libraries/libldap/Makefile.in +++ b/libraries/libldap/Makefile.in @@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest urltest SRCS = bind.c open.c result.c error.c compare.c search.c \ controls.c messages.c references.c extended.c cyrus.c \ modify.c add.c modrdn.c delete.c abandon.c \ - sasl.c sbind.c kbind.c unbind.c cancel.c \ + sasl.c sbind.c unbind.c cancel.c \ filter.c free.c sort.c passwd.c whoami.c \ getdn.c getentry.c getattr.c getvalues.c addentry.c \ request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ @@ -31,7 +31,7 @@ SRCS = bind.c open.c result.c error.c compare.c search.c \ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ controls.lo messages.lo references.lo extended.lo cyrus.lo \ modify.lo add.lo modrdn.lo delete.lo abandon.lo \ - sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \ + sasl.lo sbind.lo unbind.lo cancel.lo \ filter.lo free.lo sort.lo passwd.lo whoami.lo \ getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ diff --git a/libraries/libldap/bind.c b/libraries/libldap/bind.c index c55fec7647..f70b1e20db 100644 --- a/libraries/libldap/bind.c +++ b/libraries/libldap/bind.c @@ -56,8 +56,7 @@ * ldap_bind - bind to the ldap server (and X.500). The dn and password * of the entry to which to bind are supplied, along with the authentication * method to use. The msgid of the bind request is returned on success, - * -1 if there's trouble. Note, the kerberos support assumes the user already - * has a valid tgt for now. ldap_result() should be called to find out the + * -1 if there's trouble. ldap_result() should be called to find out the * outcome of the bind request. * * Example: @@ -74,14 +73,6 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho case LDAP_AUTH_SIMPLE: return( ldap_simple_bind( ld, dn, passwd ) ); -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - case LDAP_AUTH_KRBV41: - return( ldap_kerberos_bind1( ld, dn ) ); - - case LDAP_AUTH_KRBV42: - return( ldap_kerberos_bind2( ld, dn ) ); -#endif - case LDAP_AUTH_SASL: /* user must use ldap_sasl_bind */ /* FALL-THRU */ @@ -97,8 +88,7 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho * of the entry to which to bind are supplied, along with the authentication * method to use. This routine just calls whichever bind routine is * appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or - * some other error indication). Note, the kerberos support assumes the - * user already has a valid tgt for now. + * some other error indication). * * Examples: * ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us", @@ -119,17 +109,6 @@ ldap_bind_s( case LDAP_AUTH_SIMPLE: return( ldap_simple_bind_s( ld, dn, passwd ) ); -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - case LDAP_AUTH_KRBV4: - return( ldap_kerberos_bind_s( ld, dn ) ); - - case LDAP_AUTH_KRBV41: - return( ldap_kerberos_bind1_s( ld, dn ) ); - - case LDAP_AUTH_KRBV42: - return( ldap_kerberos_bind2_s( ld, dn ) ); -#endif - case LDAP_AUTH_SASL: /* user must use ldap_sasl_bind */ /* FALL-THRU */ diff --git a/libraries/libldap/kbind.c b/libraries/libldap/kbind.c deleted file mode 100644 index 36bcac5f59..0000000000 --- a/libraries/libldap/kbind.c +++ /dev/null @@ -1,291 +0,0 @@ -/* $OpenLDAP$ */ -/* This work is part of OpenLDAP Software . - * - * Copyright 1998-2007 The OpenLDAP Foundation. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted only as authorized by the OpenLDAP - * Public License. - * - * A copy of this license is available in the file LICENSE in the - * top-level directory of the distribution or, alternatively, at - * . - */ -/* Portions Copyright (c) 1993 Regents of the University of Michigan. - * All rights reserved. - */ - -#include "portable.h" - -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - -#include -#include - -#include -#include -#include -#include - -#include "ldap-int.h" - -/* - * BindRequest ::= SEQUENCE { - * version INTEGER, - * name DistinguishedName, -- who - * authentication CHOICE { - * simple [0] OCTET STRING -- passwd -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - * krbv42ldap [1] OCTET STRING - * krbv42dsa [2] OCTET STRING -#endif - * sasl [3] SaslCredentials -- LDAPv3 - * } - * } - * - * BindResponse ::= SEQUENCE { - * COMPONENTS OF LDAPResult, - * serverSaslCreds OCTET STRING OPTIONAL -- LDAPv3 - * } - * - */ - -/* - * ldap_kerberos_bind1 - initiate a bind to the ldap server using - * kerberos authentication. The dn is supplied. It is assumed the user - * already has a valid ticket granting ticket. The msgid of the - * request is returned on success (suitable for passing to ldap_result()), - * -1 is returned if there's trouble. - * - * Example: - * ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" ) - */ -int -ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn ) -{ - BerElement *ber; - char *cred; - int rc; - ber_len_t credlen; - ber_int_t id; - - Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 ); - - if( ld->ld_version > LDAP_VERSION2 ) { - ld->ld_errno = LDAP_NOT_SUPPORTED; - return -1; - } - - if ( dn == NULL ) - dn = ""; - - if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "ldapserver", - &credlen )) == NULL ) { - return( -1 ); /* ld_errno should already be set */ - } - - /* create a message to send */ - if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { - LDAP_FREE( cred ); - return( -1 ); - } - - LDAP_NEXT_MSGID( ld, id ); - /* fill it in */ - rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND, - ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen ); - - if ( rc == -1 ) { - LDAP_FREE( cred ); - ber_free( ber, 1 ); - ld->ld_errno = LDAP_ENCODING_ERROR; - return( -1 ); - } - - LDAP_FREE( cred ); - - - /* send the message */ - return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id )); -} - -int -ldap_kerberos_bind1_s( LDAP *ld, LDAP_CONST char *dn ) -{ - int msgid; - LDAPMessage *res; - - Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1_s\n", 0, 0, 0 ); - - /* initiate the bind */ - if ( (msgid = ldap_kerberos_bind1( ld, dn )) == -1 ) - return( ld->ld_errno ); - - /* wait for a result */ - if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) 0, &res ) - == -1 ) { - return( ld->ld_errno ); /* ldap_result sets ld_errno */ - } - - return( ldap_result2error( ld, res, 1 ) ); -} - -/* - * ldap_kerberos_bind2 - initiate a bind to the X.500 server using - * kerberos authentication. The dn is supplied. It is assumed the user - * already has a valid ticket granting ticket. The msgid of the - * request is returned on success (suitable for passing to ldap_result()), - * -1 is returned if there's trouble. - * - * Example: - * ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" ) - */ -int -ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn ) -{ - BerElement *ber; - char *cred; - int rc; - ber_len_t credlen; - ber_int_t id; - - Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2\n", 0, 0, 0 ); - - if( ld->ld_version > LDAP_VERSION2 ) { - ld->ld_errno = LDAP_NOT_SUPPORTED; - return -1; - } - - if ( dn == NULL ) - dn = ""; - - if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen )) - == NULL ) { - return( -1 ); /* ld_errno should already be set */ - } - - /* create a message to send */ - if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { - LDAP_FREE( cred ); - return( -1 ); - } - - LDAP_NEXT_MSGID( ld, id ); - /* fill it in */ - rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND, - ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen ); - - LDAP_FREE( cred ); - - if ( rc == -1 ) { - ber_free( ber, 1 ); - ld->ld_errno = LDAP_ENCODING_ERROR; - return( -1 ); - } - - /* send the message */ - return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id )); -} - -/* synchronous bind to DSA using kerberos */ -int -ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn ) -{ - int msgid; - LDAPMessage *res; - - Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2_s\n", 0, 0, 0 ); - - /* initiate the bind */ - if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 ) - return( ld->ld_errno ); - - /* wait for a result */ - if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) 0, &res ) - == -1 ) { - return( ld->ld_errno ); /* ldap_result sets ld_errno */ - } - - return( ldap_result2error( ld, res, 1 ) ); -} - -/* synchronous bind to ldap and DSA using kerberos */ -int -ldap_kerberos_bind_s( LDAP *ld, LDAP_CONST char *dn ) -{ - int err; - - Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind_s\n", 0, 0, 0 ); - - if ( (err = ldap_kerberos_bind1_s( ld, dn )) != LDAP_SUCCESS ) - return( err ); - - return( ldap_kerberos_bind2_s( ld, dn ) ); -} - - -#ifndef AUTHMAN -/* - * ldap_get_kerberosv4_credentials - obtain kerberos v4 credentials for ldap. - * The dn of the entry to which to bind is supplied. It's assumed the - * user already has a tgt. - */ - -char * -ldap_get_kerberosv4_credentials( - LDAP *ld, - LDAP_CONST char *who, - LDAP_CONST char *service, - ber_len_t *len ) -{ - KTEXT_ST ktxt; - int err; - char realm[REALM_SZ], *cred, *krbinstance; - - Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 ); - - if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) { - Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: " - "krb_get_tf_realm failed: %s\n", krb_err_txt[err], 0, 0 ); - ld->ld_errno = LDAP_AUTH_UNKNOWN; - return( NULL ); - } - - err = 0; -#ifdef LDAP_R_COMPILE - ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex ); -#endif - if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) { - /* not connected yet */ - err = ldap_open_defconn( ld ); - } -#ifdef LDAP_R_COMPILE - ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex ); -#endif - if ( err < 0 ) return NULL; - - krbinstance = ld->ld_defconn->lconn_krbinstance; - - if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 )) - != KSUCCESS ) - { - Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: " - "krb_mk_req failed (%s)\n", krb_err_txt[err], 0, 0 ); - ld->ld_errno = LDAP_AUTH_UNKNOWN; - return( NULL ); - } - - if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) { - ld->ld_errno = LDAP_NO_MEMORY; - return( NULL ); - } - - *len = ktxt.length; - AC_MEMCPY( cred, ktxt.dat, ktxt.length ); - - return( cred ); -} - -#endif /* !AUTHMAN */ -#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */ diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index 31f386b99c..8db35241a8 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -480,18 +480,6 @@ LDAP_F (int) ldap_int_client_controls LDAP_P(( */ LDAP_F (int) ldap_int_next_line_tokens LDAP_P(( char **bufp, ber_len_t *blenp, char ***toksp )); -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND -/* - * in kerberos.c - */ -LDAP_F (char *) ldap_get_kerberosv4_credentials LDAP_P(( - LDAP *ld, - LDAP_CONST char *who, - LDAP_CONST char *service, - ber_len_t *len )); - -#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */ - /* * in open.c diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c index 7194c827fb..e6a140a9d0 100644 --- a/libraries/libldap/os-ip.c +++ b/libraries/libldap/os-ip.c @@ -705,8 +705,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, return rc; } -#if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \ - defined( HAVE_CYRUS_SASL ) +#if defined( HAVE_CYRUS_SASL ) char * ldap_host_connected_to( Sockbuf *sb, const char *host ) {