LDAP patch from Novell, 2006-10-13

Patch from 13 November from Savitha R: > Fix for delpol deleting ticket policies > Removed references to old schema > Moved some unused code under #ifdef HAVE_EDIRECTORY ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18812 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2006-11-15 23:56:02 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2006-11-15 23:56:02 +0000
commit: ba4eb5f71605d6d966df9ad4c9d38fee1a350b76 (patch)
tree: 76f9629183f1556d8250c2008ef3800ab7926f05
parent: b9a7f41a37c3e52606bcd79bb0e67b56bc336e27 (diff)
download: krb5-ba4eb5f71605d6d966df9ad4c9d38fee1a350b76.zip
krb5-ba4eb5f71605d6d966df9ad4c9d38fee1a350b76.tar.gz
krb5-ba4eb5f71605d6d966df9ad4c9d38fee1a350b76.tar.bz2
10 files changed, 53 insertions, 241 deletions
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
index 77b7e82..a13bdfa 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -900,7 +900,6 @@ void kdb5_ldap_modify(argc, argv)
 #ifdef HAVE_EDIRECTORY
     int j = 0;
     char *list[MAX_LIST_ENTRIES];
-    char **slist = {NULL};
     int existing_entries = 0, list_entries = 0;
     int newkdcdn = 0, newadmindn = 0, newpwddn = 0;
     char **tempstr = NULL;
@@ -1432,6 +1431,8 @@ void kdb5_ldap_modify(argc, argv)
 	}
 
 	if ((mask & LDAP_REALM_SUBTREE)) {
+            int check_subtree = 1;
+
             newsubtrees = (char**) calloc(rparams->subtreecount, sizeof(char*));
 
             if (newsubtrees == NULL) {
@@ -1452,7 +1453,7 @@ void kdb5_ldap_modify(argc, argv)
             for(j=0;oldsubtrees[j]!=NULL;j++) {
                 check_subtree = 1;
                 for(i=0; ( (oldsubtrees[j] && !rparams->subtree[i]) ||
-                        (!oldsubtrees[j] && rparams->subtree[i]))i; i++) {
+                        (!oldsubtrees[j] && rparams->subtree[i])); i++) {
                     if(strcasecmp( oldsubtrees[j], rparams->subtree[i]) == 0) {
                         check_subtree = 0;
                         continue;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index e5bf6c1..883897b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -330,6 +330,7 @@ krb5_error_code krb5_ldap_open(krb5_context context,
 	    }
 
 	    srv_cnt++;
+#ifdef HAVE_EDIRECTORY
 	} else if (opt && !strcmp(opt, "cert")) {
 	    if (val == NULL) {
 		status = EINVAL;
@@ -374,6 +375,7 @@ krb5_error_code krb5_ldap_open(krb5_context context,
 		sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val);
 		free (oldstr);
 	    }
+#endif
 	} else {
 	    /* ignore hash argument. Might have been passed from create */
 	    status = EINVAL;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index 97da15d..b1ffd84 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -195,7 +195,9 @@ struct _krb5_ldap_server_info {
     krb5_ldap_server_handle      *ldap_server_handles;
     time_t                       downtime;
     char			*server_name;
+#ifdef HAVE_EDIRECTORY
     char			*root_certificate_file;
+#endif
     struct _krb5_ldap_server_info *next;
 };
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
index 768ba6a..8c60c17 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
@@ -180,6 +180,7 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 	    }
 
 	    srv_cnt++;
+#ifdef HAVE_EDIRECTORY
 	} else if (opt && !strcmp(opt, "cert")) {
 	    if (val == NULL) {
 		status = EINVAL;
@@ -224,6 +225,7 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 		sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val);
 		free (oldstr);
 	    }
+#endif
 	} else {
 	/* ignore hash argument. Might have been passed from create */
 	    status = EINVAL;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index efcb73e..f76a6e8 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -229,6 +229,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 	    goto cleanup;
     }
 
+#ifdef HAVE_EDIRECTORY
     /*
      * If root certificate file is not set read it from database
      * module section of conf file this is the trusted root
@@ -241,6 +242,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 	if (st)
 	    goto cleanup;
     }
+#endif
 
     /*
      * If the ldap server parameter is not set read the list of ldap
@@ -270,7 +272,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 	    (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
 								  sizeof(krb5_ldap_server_info));
 
-	    (*server_info)[ele]->server_name = strdup("localhost");
+	    (*server_info)[ele]->server_name = strdup("ldapi://");
 	    if ((*server_info)[ele]->server_name == NULL) {
 		st = ENOMEM;
 		goto cleanup;
@@ -326,9 +328,11 @@ krb5_ldap_free_server_params(ldap_context)
 	    if (ldap_context->server_info_list[i]->server_name) {
 		free (ldap_context->server_info_list[i]->server_name);
 	    }
+#ifdef HAVE_EDIRECTORY
 	    if (ldap_context->server_info_list[i]->root_certificate_file) {
 		free (ldap_context->server_info_list[i]->root_certificate_file);
 	    }
+#endif
 	    if (ldap_context->server_info_list[i]->ldap_server_handles) {
 		ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles;
 		while (ldap_server_handle) {
@@ -365,10 +369,12 @@ krb5_ldap_free_server_params(ldap_context)
 	ldap_context->service_password_file = NULL;
     }
 
+#ifdef HAVE_EDIRECTORY
     if (ldap_context->root_certificate_file != NULL) {
 	krb5_xfree(ldap_context->root_certificate_file);
 	ldap_context->root_certificate_file = NULL;
     }
+#endif
 
     if (ldap_context->service_cert_path != NULL) {
 	krb5_xfree(ldap_context->service_cert_path);
@@ -915,8 +921,10 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
     char                        **values=NULL, *attributes[2] = {NULL};
     LDAPMessage                 *result=NULL, *entry=NULL;
 
-    if (strlen(dn) == 0)
-	return LDAP_NO_SUCH_OBJECT;
+    if (strlen(dn) == 0) {
+	st = set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH);
+	return st;
+    }
 
     attributes[0] = attribute;
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 9bfef15..e0ada5d 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -1076,10 +1076,9 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
 		int p, q, r=0, amask=0;
 
 		if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn,
-					    "objectclass", attrvalues, &amask)) != 0) {
-		    st = KRB5_KDB_UK_RERROR;
+					    "objectclass", attrvalues, &amask)) != 0)
 		    goto cleanup;
-		}
+
 		memset(strval, 0, sizeof(strval));
 		for (p=1, q=0; p<=2; p<<=1, ++q) {
 		    if ((p & amask) == 0)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
index 3c229c0..6f8b3ef 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
@@ -323,7 +323,8 @@ krb5_ldap_delete_password_policy (context, policy)
     krb5_context                context;
     char                        *policy;
 {
-    char                        *policy_dn = NULL;
+    int                         mask = 0;
+    char                        *policy_dn = NULL, *class[] = {"krbpwdpolicy", NULL};
     krb5_error_code             st=0;
     LDAP                        *ld=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
@@ -344,6 +345,15 @@ krb5_ldap_delete_password_policy (context, policy)
     if (st != 0)
 	goto cleanup;
 
+    /* Ensure that the object is a password policy */
+    if ((st=checkattributevalue(ld, policy_dn, "objectclass", class, &mask)) != 0)
+	goto cleanup;
+
+    if (mask == 0) {
+	st = KRB5_KDB_NOENTRY;
+	goto cleanup;
+    }
+
     if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != LDAP_SUCCESS) {
 	st = set_ldap_error (context, st, OP_DEL);
 	goto cleanup;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index 3013838..b5e198f 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -42,10 +42,9 @@
 #define END_OF_LIST -1
 char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef", 
 			     "krbMaxTicketLife", "krbMaxRenewableAge",
-			     "krbTicketFlags", "krbDefaultEncType",
-			     "krbDefaultSaltType", "krbUpEnabled",
-			     "krbTicketPolicyReference", "krbSupportedEncTypes",
-			     "krbSupportedSaltTypes", "krbLdapServers",
+			     "krbTicketFlags", "krbUpEnabled",
+			     "krbTicketPolicyReference",
+			     "krbLdapServers",
 			     "krbKdcServers",  "krbAdmServers",
 			     "krbPwdServers", NULL};
 
@@ -64,14 +63,6 @@ char  *pwdclass[] =        { "krbPwdService", NULL };
 char  *subtreeclass[] =    { "Organization", "OrganizationalUnit", "Domain", "krbContainer",
                              "krbRealmContainer", "Country", "Locality", NULL };
 
-int supportedenctypes[] = { ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD4, ENCTYPE_DES_CBC_MD5,
-			    ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-			    ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC, -1};
-
-int supportedsalttypes[] = { KRB5_KDB_SALTTYPE_NORMAL, KRB5_KDB_SALTTYPE_V4,
-			     KRB5_KDB_SALTTYPE_NOREALM, KRB5_KDB_SALTTYPE_ONLYREALM,
-			     KRB5_KDB_SALTTYPE_SPECIAL, -1};
-
 
 char  *krbContainerRefclass[] = { "krbContainerRefAux", NULL};
 
@@ -460,9 +451,6 @@ krb5_ldap_modify_realm(context, rparams, mask)
 	rparams->tl_data->tl_data_contents == NULL ||
 	((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
 	((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
-	/* This has to be fixed ... */
-	((mask & LDAP_REALM_DEFENCTYPE) && rparams->suppenctypes == NULL) ||
-	((mask & LDAP_REALM_DEFSALTTYPE) && rparams->suppsalttypes == NULL) ||
 #ifdef HAVE_EDIRECTORY
 	((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
 	((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
@@ -490,22 +478,6 @@ krb5_ldap_modify_realm(context, rparams, mask)
 	}
     }
 
-    /*
-     * Sort the list of salt-types / enc-types ... just to eliminate duplicates
-     * later.
-     */
-    {
-	if ((mask & LDAP_REALM_SUPPENCTYPE) && rparams->suppenctypes) {
-	    for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) {
-	    }
-	    qsort ((void *)rparams->suppenctypes, (unsigned) i, sizeof(krb5_int32), compare);
-	}
-	if ((mask & LDAP_REALM_SUPPSALTTYPE) && rparams->suppsalttypes) {
-	    for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) {
-	    }
-	    qsort ((void *)rparams->suppsalttypes, (unsigned) i, sizeof(krb5_int32), compare);
-	}
-    }
 
     /* SUBTREE ATTRIBUTE */
     if (mask & LDAP_REALM_SUBTREE) {
@@ -575,124 +547,6 @@ krb5_ldap_modify_realm(context, rparams, mask)
     }
 
 
-    /* DEFENCTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_DEFENCTYPE) {
-	/* check if the entered enctype is valid */
-	if (krb5_c_valid_enctype(rparams->defenctype)) {
-
-	    /* check if the defenctype exists in the suppenctypes list */
-	    for (i = 0; rparams->suppenctypes[i] != END_OF_LIST; ++i)
-		if (rparams->defenctype == rparams->suppenctypes[i])
-		    break;
-
-	    /* touching the end of list means defenctype is missing */
-	    if (rparams->suppenctypes[i] == END_OF_LIST) {
-		st = EINVAL;
-		krb5_set_error_message (context, st, "Default enctype not in the supported list");
-		goto cleanup;
-	    }
-
-	    if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultenctype", LDAP_MOD_REPLACE,
-					      rparams->defenctype)) != 0)
-		goto cleanup;
-	} else {
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "Invalid default enctype");
-	    goto cleanup;
-	}
-    }
-
-    /* DEFSALTTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_DEFSALTTYPE) {
-	/* check if the entered salttype is valid */
-	if (rparams->defsalttype>=0 && rparams->defsalttype<6) {
-
-	    /* check if the defsalttype exists in the suppsalttypes list */
-	    for (i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i)
-		if (rparams->defsalttype == rparams->suppsalttypes[i])
-		    break;
-
-	    /* touching the end of the list means defsalttype is missing */
-	    if (rparams->suppsalttypes[i] == END_OF_LIST) {
-		st = EINVAL;
-		krb5_set_error_message (context, st, "Default salttype not in the supported list");
-		goto cleanup;
-	    }
-
-	    if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultsalttype",
-					      LDAP_MOD_REPLACE, rparams->defsalttype)) != 0)
-		goto cleanup;
-
-	} else {
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "Invalid default salttype");
-	    goto cleanup;
-	}
-    }
-
-    /* SUPPSALTTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_SUPPSALTTYPE) {
-	krb5_boolean flag=FALSE;
-
-	for (i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i) {
-	    /* check if the salttypes entered is valid */
-	    if (!(rparams->suppsalttypes[i]>=0 && rparams->suppsalttypes[i]<6)) {
-		st = EINVAL;
-		krb5_set_error_message (context, st, "salttype %d not valid", rparams->suppsalttypes[i]);
-		goto cleanup;
-	    }
-
-	    /* Ensure that the default salt type is supported */
-	    if ((oldmask & LDAP_REALM_DEFSALTTYPE ||
-		 mask & LDAP_REALM_DEFSALTTYPE) &&
-		rparams->defsalttype == rparams->suppsalttypes[i])
-		flag = TRUE;
-	}
-
-	if (flag == FALSE) { /* Default salt type is not supported */
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "Default salttype not in the supported list");
-	    goto cleanup;
-	}
-	ignore_duplicates(rparams->suppsalttypes);
-
-	if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes",
-					      LDAP_MOD_REPLACE, rparams->suppsalttypes)) != 0)
-	    goto cleanup;
-    }
-
-    /* SUPPENCTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_SUPPENCTYPE) {
-	krb5_boolean flag=FALSE;
-
-	for (i=0; rparams->suppenctypes[i] != END_OF_LIST; ++i) {
-
-	    /* check if the enctypes entered is valid */
-	    if (krb5_c_valid_enctype(rparams->suppenctypes[i]) == 0) {
-		st = EINVAL;
-		krb5_set_error_message (context, st, "Enctype %d not valid", rparams->suppenctypes[i]);
-		goto cleanup;
-	    }
-
-	    /* Ensure that the default encryption type is supported */
-	    if ((oldmask & LDAP_REALM_DEFENCTYPE ||
-		 mask & LDAP_REALM_DEFENCTYPE) &&
-		rparams->defenctype == rparams->suppenctypes[i])
-		flag = TRUE;
-	}
-
-	if (flag == FALSE) { /* Default encryption type is not supported */
-	    st = EINVAL;
-	    krb5_set_error_message(context, st, "Default enctype not in the supported list");
-	    goto cleanup;
-	}
-	ignore_duplicates(rparams->suppenctypes);
-
-	if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes",
-					      LDAP_MOD_REPLACE, rparams->suppenctypes)) != 0)
-	    goto cleanup;
-    }
-
 #ifdef HAVE_EDIRECTORY
 
     /* KDCSERVERS ATTRIBUTE */
@@ -1147,8 +1001,6 @@ krb5_ldap_create_realm(context, rparams, mask)
 	((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
 	((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || 
 	((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
-	((mask & LDAP_REALM_SUPPSALTTYPE) && rparams->suppsalttypes == NULL) ||
-	((mask & LDAP_REALM_SUPPENCTYPE) && rparams->suppenctypes == NULL) ||
 #ifdef HAVE_EDIRECTORY
 	((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
 	((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
@@ -1428,8 +1280,7 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
     LDAP_SEARCH(rlparams->realmdn, LDAP_SCOPE_BASE, "(objectclass=krbRealmContainer)", realm_attributes);
 
-    if ((st = ldap_count_entries(ld, result)) == 0)
-    {
+    if ((st = ldap_count_entries(ld, result)) <= 0) {
         /* This could happen when the DN used to bind and read the realm object
          * does not have sufficient rights to read its attributes
          */
@@ -1504,49 +1355,6 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 	    ldap_value_free(values);
 	}
 
-	if ((values=ldap_get_values(ld, ent, "krbDefaultEncType")) != NULL) {
-	    rlparams->defenctype = atoi(values[0]);
-	    if (krb5_c_valid_enctype(rlparams->defenctype) == 0)
-		rlparams->defenctype = ENCTYPE_DES3_CBC_SHA1;
-	    *mask |= LDAP_REALM_DEFENCTYPE;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbDefaultSaltType")) != NULL) {
-	    rlparams->defsalttype = atoi(values[0]);
-	    if (!(rlparams->defsalttype>=0 && rlparams->defsalttype<6))
-		rlparams->defsalttype = KRB5_KDB_SALTTYPE_NORMAL;
-	    *mask |= LDAP_REALM_DEFSALTTYPE;
-	    ldap_value_free(values);
-	}
-	if ((values=ldap_get_values(ld, ent, "krbSupportedEncTypes")) != NULL) {
-	    count = ldap_count_values(values);
-	    rlparams->suppenctypes = malloc (sizeof(krb5_int32) * (count + 1));
-	    if (rlparams->suppenctypes == NULL) {
-		st = ENOMEM;
-		goto cleanup;
-	    }
-	    for (i=0; i<count; ++i)
-		rlparams->suppenctypes[i] = atoi(values[i]);
-	    rlparams->suppenctypes[count] = -1;
-	    *mask |= LDAP_REALM_SUPPENCTYPE;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbSupportedSaltTypes")) != NULL) {
-	    count = ldap_count_values(values);
-	    rlparams->suppsalttypes =  malloc (sizeof(krb5_int32) * (count + 1));
-	    if (rlparams->suppsalttypes == NULL) {
-		st = ENOMEM;
-		goto cleanup;
-	    }
-	    for (i=0; i<count; ++i)
-		rlparams->suppsalttypes[i] = atoi(values[i]);
-	    rlparams->suppsalttypes[count] = -1;
-	    *mask |= LDAP_REALM_SUPPSALTTYPE;
-	    ldap_value_free(values);
-	}
-
 #ifdef HAVE_EDIRECTORY
 
 	if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
@@ -1659,12 +1467,6 @@ krb5_ldap_free_realm_params(rparams)
 	    krb5_xfree(rparams->subtree);
         }
 
-	if (rparams->suppenctypes)
-	    krb5_xfree(rparams->suppenctypes);
-
-	if (rparams->suppsalttypes)
-	    krb5_xfree(rparams->suppsalttypes);
-
 	if (rparams->kdcservers) {
 	    for (i=0; rparams->kdcservers[i]; ++i)
 		krb5_xfree(rparams->kdcservers[i]);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
index 3879bf4..05c2b14 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
@@ -34,20 +34,16 @@
 /* realm specific mask */
 #define LDAP_REALM_SUBTREE            0x0001
 #define LDAP_REALM_SEARCHSCOPE        0x0002
-#define LDAP_REALM_DEFENCTYPE         0x0004
-#define LDAP_REALM_DEFSALTTYPE        0x0008
-#define LDAP_REALM_SUPPENCTYPE        0x0010
-#define LDAP_REALM_SUPPSALTTYPE       0x0020
-#define LDAP_REALM_POLICYREFERENCE    0x0040
-#define LDAP_REALM_UPENABLED          0x0080
-#define LDAP_REALM_LDAPSERVERS        0x0100
-#define LDAP_REALM_KDCSERVERS         0x0200
-#define LDAP_REALM_ADMINSERVERS       0x0400
-#define LDAP_REALM_PASSWDSERVERS      0x0800
-#define LDAP_REALM_MAXTICKETLIFE      0x1000
-#define LDAP_REALM_MAXRENEWLIFE       0x2000
-#define LDAP_REALM_KRBTICKETFLAGS     0x4000
-#define LDAP_REALM_CONTREF  	      0x8000 
+#define LDAP_REALM_POLICYREFERENCE    0x0004
+#define LDAP_REALM_UPENABLED          0x0008
+#define LDAP_REALM_LDAPSERVERS        0x0010
+#define LDAP_REALM_KDCSERVERS         0x0020
+#define LDAP_REALM_ADMINSERVERS       0x0040
+#define LDAP_REALM_PASSWDSERVERS      0x0080
+#define LDAP_REALM_MAXTICKETLIFE      0x0100
+#define LDAP_REALM_MAXRENEWLIFE       0x0200
+#define LDAP_REALM_KRBTICKETFLAGS     0x0400
+#define LDAP_REALM_CONTREF  	      0x0800 
 
 extern char *policy_attributes[];
 
@@ -67,10 +63,6 @@ typedef struct _krb5_ldap_realm_params {
   krb5_int32    max_life;
   krb5_int32    max_renewable_life;
   krb5_int32    tktflags;
-  krb5_enctype  defenctype;
-  krb5_int32    defsalttype;
-  krb5_enctype  *suppenctypes;
-  krb5_int32    *suppsalttypes;
   char          **kdcservers;
   char          **adminservers;
   char          **passwdservers;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
index e4a28a5..b32ba91 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
@@ -151,10 +151,8 @@ static char *kdcrights_realmcontainer[][2]={
     {"2#subtree#","#krbPrincContainerRef"}, 
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
-    {"2#subtree#","#krbSupportedEncTypes"},
-    {"2#subtree#","#krbSupportedSaltTypes"},
-    {"2#subtree#","#krbDefaultEncType"},
-    {"2#subtree#","#krbDefaultSaltType"},
+    {"2#subtree#","#krbSupportedEncSaltTypes"},
+    {"2#subtree#","#krbDefaultEncSaltTypes"},
     {"2#subtree#","#krbKdcServers"},
     {"2#subtree#","#krbPwdServers"},
     {"2#subtree#","#krbTicketFlags"},
@@ -195,10 +193,8 @@ static char *adminrights_realmcontainer[][2]={
     {"2#subtree#","#krbPrincContainerRef"}, 
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
-    {"2#subtree#","#krbSupportedEncTypes"},
-    {"2#subtree#","#krbSupportedSaltTypes"},
-    {"2#subtree#","#krbDefaultEncType"},
-    {"2#subtree#","#krbDefaultSaltType"},
+    {"2#subtree#","#krbSupportedEncSaltTypes"},
+    {"2#subtree#","#krbDefaultEncSaltTypes"},
     {"2#subtree#","#krbKdcServers"},
     {"2#subtree#","#krbPwdServers"},
     {"6#subtree#","#krbTicketFlags"},
@@ -244,10 +240,8 @@ static char *pwdrights_realmcontainer[][2]={
     {"2#subtree#","#krbPrincContainerRef"}, 
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
-    {"2#subtree#","#krbSupportedEncTypes"},
-    {"2#subtree#","#krbSupportedSaltTypes"},
-    {"2#subtree#","#krbDefaultEncType"},
-    {"2#subtree#","#krbDefaultSaltType"},
+    {"2#subtree#","#krbSupportedEncSaltTypes"},
+    {"2#subtree#","#krbDefaultEncSaltTypes"},
     {"2#subtree#","#krbKdcServers"},
     {"2#subtree#","#krbPwdServers"},
     {"6#subtree#","#krbTicketFlags"},
author	Ken Raeburn <raeburn@mit.edu>	2006-11-15 23:56:02 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2006-11-15 23:56:02 +0000
commit	ba4eb5f71605d6d966df9ad4c9d38fee1a350b76 (patch)
tree	76f9629183f1556d8250c2008ef3800ab7926f05
parent	b9a7f41a37c3e52606bcd79bb0e67b56bc336e27 (diff)
download	krb5-ba4eb5f71605d6d966df9ad4c9d38fee1a350b76.zip krb5-ba4eb5f71605d6d966df9ad4c9d38fee1a350b76.tar.gz krb5-ba4eb5f71605d6d966df9ad4c9d38fee1a350b76.tar.bz2