4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
34 #include <rpcsvc/nis.h>
35 #include <rpc/key_prot.h>
41 extern char *getpassphrase();
42 extern char *program_name
;
43 static const char *CRED_TABLE
= "cred.org_dir";
45 #define ROOTKEY_FILE "/etc/.rootkey"
47 #ifndef MAXHOSTNAMELEN
48 #define MAXHOSTNAMELEN 256
55 #define LDAP_BINDDN_DEFAULT "cn=Directory Manager"
56 #define PROMPTGET_SUCCESS 1
57 #define PROMPTGET_FAIL -1
58 #define PROMPTGET_MEMORY_FAIL -2
59 #define PASSWD_UNMATCHED -3
61 #define FREE_CREDINFO(s) \
62 if ((s)) { (void) memset((s), 0, strlen((s))); }
65 /* ************************ switch functions *************************** */
67 /* NSW_NOTSUCCESS NSW_NOTFOUND NSW_UNAVAIL NSW_TRYAGAIN */
68 #define DEF_ACTION {__NSW_RETURN, __NSW_RETURN, __NSW_CONTINUE, __NSW_CONTINUE}
70 static struct __nsw_lookup lookup_files
= {"files", DEF_ACTION
, NULL
, NULL
},
71 lookup_nis
= {"nis", DEF_ACTION
, NULL
, &lookup_files
};
72 static struct __nsw_switchconfig publickey_default
=
73 {0, "publickey", 2, &lookup_nis
};
75 static int get_ldap_bindDN(char **);
76 static int get_ldap_bindPassword(char **);
79 * Prompt the users for a ldap bind DN. If users do not enter a value but just
80 * simply hit the return key, the default bindDN "cn=Directory Manager"
84 get_ldap_bindDN(char **ret_bindDN
) {
90 /* set the initial value for bindDN buffer */
91 (void) memset(bindDN
, 0, BUFSIZ
);
93 (void) snprintf(prompt
, BUFSIZ
,
94 "\nThe LDAP bind DN and password are required for this update.\n"
95 "If you are not sure what values to enter, please contact your\n"
96 "LDAP administrator.\n\nPlease enter LDAP bind DN [%s]: ",
101 if (fgets(bindDN
, sizeof (bindDN
), stdin
) == NULL
) {
102 (void) strlcpy(bindDN
, LDAP_BINDDN_DEFAULT
, BUFSIZ
);
105 blen
= strlen(bindDN
);
107 /* Check if the buffer ends with a newline */
108 if ((blen
> 0) && (bindDN
[blen
- 1] == '\n')) {
109 bindDN
[blen
- 1] = '\0';
113 /* Remove the white spaces */
115 for (pos
= blen
- 1; pos
>= 0; pos
--) {
116 if (isspace(bindDN
[pos
]))
123 /* Use the default bindDN, if the buffer contains no characters */
124 if (strlen(bindDN
) == 0)
125 (void) strlcpy(bindDN
, LDAP_BINDDN_DEFAULT
, BUFSIZ
);
127 if ((*ret_bindDN
= (char *)malloc(strlen(bindDN
)+1)) == NULL
) {
128 (void) memset(bindDN
, 0, BUFSIZ
);
129 return (PROMPTGET_MEMORY_FAIL
);
132 (void) strlcpy(*ret_bindDN
, bindDN
, strlen(bindDN
)+1);
134 /* Clean up and erase the credential info */
135 (void) memset(bindDN
, 0, BUFSIZ
);
137 return (PROMPTGET_SUCCESS
);
142 * Prompt the user for a ldap bind password.
145 get_ldap_bindPassword(char **ret_bindPass
) {
147 char bindPassword
[BUFSIZ
];
149 char *bindPass
= NULL
;
151 /* set the initial value for bindPassword buffer */
152 (void) memset(bindPassword
, 0, BUFSIZ
);
153 *ret_bindPass
= NULL
;
155 (void) snprintf(prompt
, BUFSIZ
,
156 "Please enter LDAP bind password: ");
158 bindPass
= getpassphrase(prompt
);
160 if (bindPass
== NULL
)
161 return (PROMPTGET_FAIL
);
163 (void) strlcpy(bindPassword
, bindPass
, BUFSIZ
);
165 /* clean the static buffer returned from getpassphrase call */
166 (void) memset(bindPass
, 0, strlen(bindPass
));
170 * Re-enter the bind passowrd and compare it with the one
171 * from previous entered.
173 (void) snprintf(prompt
, BUFSIZ
,
174 "Re-enter LDAP bind password to confirm: ");
176 bindPass
= getpassphrase(prompt
);
178 if (bindPass
== NULL
) {
179 (void) memset(bindPassword
, 0, BUFSIZ
);
180 return (PASSWD_UNMATCHED
);
183 if (strcmp(bindPass
, bindPassword
) != 0) {
184 (void) memset(bindPassword
, 0, BUFSIZ
);
185 (void) memset(bindPass
, 0, strlen(bindPass
));
186 return (PASSWD_UNMATCHED
);
188 (void) memset(bindPass
, 0, strlen(bindPass
));
189 if ((*ret_bindPass
= (char *)malloc(strlen(bindPassword
)+1))
191 (void) memset(bindPassword
, 0, BUFSIZ
);
192 return (PROMPTGET_MEMORY_FAIL
);
195 (void) strlcpy(*ret_bindPass
, bindPassword
,
196 strlen(bindPassword
)+1);
198 /* Clean up and erase the credential info */
199 (void) memset(bindPassword
, 0, BUFSIZ
);
201 return (PROMPTGET_SUCCESS
);
208 switch_policy_str(struct __nsw_switchconfig
*conf
)
210 struct __nsw_lookup
*look
;
211 static char policy
[256]; /* 256 is enough for (nis, files...etc) */
214 memset((char *)policy
, 0, 256);
216 for (look
= conf
->lookups
; look
; look
= look
->next
) {
219 strcat(policy
, look
->service_name
);
226 no_switch_policy(struct __nsw_switchconfig
*conf
)
228 return (conf
== NULL
|| conf
->lookups
== NULL
);
232 is_switch_policy(struct __nsw_switchconfig
*conf
, char *target
)
236 strcmp(conf
->lookups
->service_name
, target
) == 0 &&
237 conf
->lookups
->next
== NULL
);
241 first_and_only_switch_policy(char *policy
,
242 struct __nsw_switchconfig
*default_conf
,
245 struct __nsw_switchconfig
*conf
;
246 enum __nsw_parse_err perr
;
247 int policy_correct
= 1;
248 char *target_service
= 0;
251 if (default_conf
== 0)
252 default_conf
= &publickey_default
;
254 conf
= __nsw_getconfig(policy
, &perr
);
255 if (no_switch_policy(conf
)) {
260 target_service
= conf
->lookups
->service_name
;
262 if (conf
->lookups
->next
!= NULL
) {
265 (void) fprintf(stderr
,
266 "\n%s\n There is no publickey entry in %s.\n",
267 head_msg
, __NSW_CONFIG_FILE
);
268 (void) fprintf(stderr
,
269 "The default publickey policy is \"publickey: %s\".\n",
270 switch_policy_str(default_conf
));
272 (void) fprintf(stderr
,
273 "\n%s\nThe publickey entry in %s is \"publickey: %s\".\n",
274 head_msg
, __NSW_CONFIG_FILE
,
275 switch_policy_str(conf
));
278 if (policy_correct
== 0)
279 (void) fprintf(stderr
,
280 "I cannot figure out which publickey database you want to update.\n");
281 if (!use_default
&& conf
)
282 __nsw_freeconfig(conf
);
285 return (target_service
);
293 check_switch_policy(char *policy
, char *target_service
,
294 struct __nsw_switchconfig
*default_conf
,
295 char *head_msg
, char *tail_msg
)
297 struct __nsw_switchconfig
*conf
;
298 enum __nsw_parse_err perr
;
299 int policy_correct
= 1;
301 if (default_conf
== 0)
302 default_conf
= &publickey_default
;
304 conf
= __nsw_getconfig(policy
, &perr
);
305 if (no_switch_policy(conf
)) {
306 if (!is_switch_policy(default_conf
, target_service
)) {
307 (void) fprintf(stderr
,
308 "\n%s\nThere is no publickey entry in %s.\n",
309 head_msg
, __NSW_CONFIG_FILE
);
310 (void) fprintf(stderr
,
311 "The default publickey policy is \"publickey: %s\".\n",
312 switch_policy_str(default_conf
));
315 } else if (!is_switch_policy(conf
, target_service
)) {
316 (void) fprintf(stderr
,
317 "\n%s\nThe publickey entry in %s is \"publickey: %s\".\n",
318 head_msg
, __NSW_CONFIG_FILE
,
319 switch_policy_str(conf
));
322 /* should we exit ? */
323 if (policy_correct
== 0)
324 (void) fprintf(stderr
,
325 "It should be \"publickey: %s\"%s\n\n",
326 target_service
, tail_msg
);
328 __nsw_freeconfig(conf
);
330 return (policy_correct
);
334 get_pk_source(char *pk_service
)
336 int db
= 0, got_from_switch
= 0;
338 /* No service specified, try to figure out from switch */
339 if (pk_service
== 0) {
340 pk_service
= first_and_only_switch_policy("publickey", 0,
344 (void) fprintf(stdout
,
345 "Updating %s publickey database.\n",
350 if (strcmp(pk_service
, "ldap") == 0)
352 else if (strcmp(pk_service
, "nis") == 0)
354 else if (strcmp(pk_service
, "files") == 0)
359 * If we didn't get service name from switch, check switch
360 * and print warning about it source of publickeys if not unique
362 if (got_from_switch
== 0)
363 check_switch_policy("publickey", pk_service
, 0, "WARNING:",
364 db
== PK_FILES
? "" :
365 "; add 'files' if you want the 'nobody' key.");
368 return (db
); /* all passed */
372 /* ***************************** keylogin stuff *************************** */
374 keylogin(char *netname
, char *secret
)
376 struct key_netstarg netst
;
378 netst
.st_pub_key
[0] = 0;
379 memcpy(netst
.st_priv_key
, secret
, HEXKEYBYTES
);
380 netst
.st_netname
= netname
;
383 nra
.authtype
= AUTH_DES
; /* only revoke DES creds */
384 nra
.uid
= getuid(); /* use the real uid */
385 if (_nfssys(NFS_REVAUTH
, &nra
) < 0) {
386 perror("Warning: NFS credentials not destroyed");
392 /* do actual key login */
393 if (key_setnet(&netst
) < 0) {
394 (void) fprintf(stderr
,
395 "Could not set %s's secret key\n", netname
);
396 (void) fprintf(stderr
, "May be the keyserv is down?\n");
406 static nis_object obj
;
407 static entry_col cred_data
[10];
410 memset((char *)(&obj
), 0, sizeof (obj
));
411 memset((char *)(cred_data
), 0, sizeof (entry_col
) * 10);
413 obj
.zo_name
= "cred";
416 obj
.zo_data
.zo_type
= NIS_ENTRY_OBJ
;
418 eo
->en_type
= "cred_tbl";
419 eo
->en_cols
.en_cols_val
= cred_data
;
420 eo
->en_cols
.en_cols_len
= 5;
421 cred_data
[4].ec_flags
|= EN_CRYPT
;
426 static char *attrFilter
[] = {
434 /* Determines if there is a NisKeyObject objectclass in a given entry */
436 ldap_keyobj_exist(ns_ldap_entry_t
*entry
)
440 fattrs
= __ns_ldap_getAttr(entry
, "objectClass");
446 if (strcasecmp("NisKeyObject", *fattrs
) == 0)
455 static char *keyAttrs
[] = {
462 * Replace or append new attribute value(s) to an attribute.
463 * Don't care about memory leaks, because program is short running.
467 ldap_attr_mod(ns_ldap_entry_t
*entry
,
470 ns_ldap_attr_t
**pkeyattrs
,
472 ns_ldap_attr_t
**ckeyattrs
)
481 int keycount
[] = {0, 0};
482 ns_ldap_attr_t
*attrs
;
487 mechfilter
= (char *)malloc(strlen(mechname
) + 3);
488 if (mechfilter
== NULL
)
490 sprintf(mechfilter
, "{%s}", mechname
);
491 mechfilterlen
= strlen(mechfilter
);
493 for (q
= 0; keyAttrs
[q
] != NULL
; q
++) {
496 for (i
= 0; i
< entry
->attr_count
; i
++) {
498 ns_ldap_attr_t
*attr
= entry
->attr_pair
[i
];
499 char *name
= attr
->attrname
;
502 if (strcasecmp(keyAttrs
[q
], name
) == 0) {
504 count
= attr
->value_count
;
505 alist
[q
] = (char **)malloc(sizeof (char *) * (count
+ 1));
506 if (alist
[q
] == NULL
)
508 alist
[q
][attr
->value_count
] = NULL
;
509 for (j
= 0; j
< attr
->value_count
; j
++) {
510 char *val
= attr
->attrvalue
[j
];
511 if (strncasecmp(val
, mechfilter
,
512 mechfilterlen
) == 0) {
515 alist
[q
][j
] = keys
[q
];
521 /* Add entry to list */
522 alist
[q
] = (char **)realloc(alist
[q
],
523 sizeof (char *) * (count
+ 2));
524 if (alist
[q
] == NULL
)
526 alist
[q
][attr
->value_count
+ 1] = NULL
;
527 alist
[q
][attr
->value_count
] = keys
[q
];
533 /* Attribute does not exist, add entry anyways */
534 alist
[q
] = (char **)malloc(sizeof (char *) * 2);
535 if (alist
[q
] == NULL
)
537 alist
[q
][0] = keys
[q
];
542 if ((attrs
= (ns_ldap_attr_t
*)calloc(1,
543 sizeof (ns_ldap_attr_t
))) == NULL
)
545 attrs
->attrname
= "nisPublicKey";
546 attrs
->attrvalue
= alist
[0];
547 attrs
->value_count
= keycount
[0];
550 if ((attrs
= (ns_ldap_attr_t
*)calloc(1,
551 sizeof (ns_ldap_attr_t
))) == NULL
)
553 attrs
->attrname
= "nisSecretKey";
554 attrs
->attrvalue
= alist
[1];
555 attrs
->value_count
= keycount
[1];
562 * Do the actual Add or update of attributes in attrs.
563 * The parameter 'update4host' is a flag that tells the function which
564 * DN and password should be used to bind to ldap. If it is an update
565 * for a host (update4host > 0), the two parameters "bindDN" and
566 * "bindPasswd" would be used to bind as the directory manager,
567 * otherwise "dn" and "passwd" would be used to bind as an individual
571 update_ldap_attr(const char *dn
,
572 ns_ldap_attr_t
**attrs
,
577 const char *bindPasswd
)
583 char **certpath
= NULL
;
585 ns_auth_t
**authpp
= NULL
;
586 ns_auth_t
*authp
= NULL
;
588 ns_ldap_error_t
*errorp
= NULL
;
591 if ((credp
= (ns_cred_t
*)calloc(1, sizeof (ns_cred_t
))) == NULL
) {
592 fprintf(stderr
, "Can not allocate cred buffer.\n");
597 * if this is an update for host, use the bindDN from the
598 * command prompt, otherwise use user's DN directly.
601 credp
->cred
.unix_cred
.userID
= strdup(bindDN
);
603 credp
->cred
.unix_cred
.userID
= strdup(dn
);
605 if (credp
->cred
.unix_cred
.userID
== NULL
) {
606 fprintf(stderr
, "Memory allocation failure (userID)\n");
611 credp
->cred
.unix_cred
.passwd
= strdup(bindPasswd
);
614 credp
->cred
.unix_cred
.passwd
= strdup(passwd
);
616 /* Make sure a valid password is received. */
617 status
= get_ldap_bindPassword(&ldap_pw
);
619 if (status
!= PROMPTGET_SUCCESS
) {
624 credp
->cred
.unix_cred
.passwd
= ldap_pw
;
628 if (credp
->cred
.unix_cred
.passwd
== NULL
) {
629 fprintf(stderr
, "Memory allocation failure (passwd)\n");
633 /* get host certificate path, if one is configured */
634 if (__ns_ldap_getParam(NS_LDAP_HOST_CERTPATH_P
,
635 (void ***)&certpath
, &errorp
) != NS_LDAP_SUCCESS
)
638 if (certpath
&& *certpath
)
639 credp
->hostcertpath
= *certpath
;
641 /* Load the service specific authentication method */
642 if (__ns_ldap_getServiceAuthMethods("keyserv", &authpp
, &errorp
) !=
647 * if authpp is null, there is no serviceAuthenticationMethod
648 * try default authenticationMethod
650 if (authpp
== NULL
) {
651 if (__ns_ldap_getParam(NS_LDAP_AUTH_P
, (void ***)&authpp
,
652 &errorp
) != NS_LDAP_SUCCESS
)
657 * if authpp is still null, then can not authenticate, log
658 * error message and return error
660 if (authpp
== NULL
) {
661 fprintf(stderr
, "No LDAP authentication method configured.\n"
667 * Walk the array and try all authentication methods in order except
670 for (app
= authpp
; *app
; app
++) {
672 /* what about disabling other mechanisms? "tls:sasl/EXTERNAL" */
673 if (authp
->type
== NS_LDAP_AUTH_NONE
)
676 credp
->auth
.type
= authp
->type
;
677 credp
->auth
.tlstype
= authp
->tlstype
;
678 credp
->auth
.saslmech
= authp
->saslmech
;
679 credp
->auth
.saslopt
= authp
->saslopt
;
682 ldaprc
= __ns_ldap_addAttr("publickey", dn
,
683 (const ns_ldap_attr_t
* const *)attrs
,
684 credp
, NULL
, &errorp
);
686 ldaprc
= __ns_ldap_repAttr("publickey", dn
,
687 (const ns_ldap_attr_t
* const *)attrs
,
688 credp
, NULL
, &errorp
);
689 if (ldaprc
== NS_LDAP_SUCCESS
) {
690 /* clean up ns_cred_t structure in memory */
692 (void) __ns_ldap_freeCred(&credp
);
696 /* XXX add checking for cases of authentication errors */
697 if ((ldaprc
== NS_LDAP_INTERNAL
) &&
698 ((errorp
->status
== LDAP_INAPPROPRIATE_AUTH
) ||
699 (errorp
->status
== LDAP_INVALID_CREDENTIALS
))) {
700 fprintf(stderr
, "LDAP authentication failed.\n");
705 fprintf(stderr
, "No legal authentication method configured.\n");
708 /* clean up ns_cred_t structure in memory */
710 (void) __ns_ldap_freeCred(&credp
);
714 __ns_ldap_err2str(errorp
->status
, &msg
);
715 fprintf(stderr
, "LDAP error: %s.\n", msg
);
717 fprintf(stderr
, "%s: key-pair(s) unchanged.\n", program_name
);
723 * Update LDAP nisplublickey entry with new key information via SLDAP.
724 * Free and clean up memory that stores credential data soon after
725 * they are not used or an error comes up.
728 ldap_update(char *mechname
,
740 ns_ldap_error_t
*errorp
;
741 char *pkeyatval
, *ckeyatval
;
742 ns_ldap_result_t
*res
;
743 ns_ldap_attr_t
*pattrs
, *cattrs
;
744 int update4host
= FALSE
;
746 char *bindPasswd
= NULL
;
750 if ((netnamecpy
= strdup(netname
)) == NULL
)
752 if (((id
= strchr(netnamecpy
, '.')) == NULL
) ||
753 ((domain
= strchr(netnamecpy
, '@')) == NULL
))
762 fprintf(stderr
, "LDAP memory error (id)\n");
765 domain
= strdup(domain
);
766 if (domain
== NULL
) {
769 fprintf(stderr
, "LDAP memory error (domain)\n");
777 __ns_ldap_uid2dn(id
, &dn
, NULL
, &errorp
);
779 fprintf(stderr
, "Could not obtain LDAP dn\n");
780 fprintf(stderr
, "%s: key-pair(s) unchanged.\n",
785 filter
= (char *)malloc(strlen(id
) + 13);
787 sprintf(filter
, "(uidnumber=%s)", id
);
789 fprintf(stderr
, "Can not allocate filter buffer.\n");
790 fprintf(stderr
, "%s: key-pair(s) unchanged.\n",
798 __ns_ldap_host2dn(id
, NULL
, &dn
, NULL
, &errorp
);
800 fprintf(stderr
, "Could not obtain LDAP dn\n");
801 fprintf(stderr
, "%s: key-pair(s) unchanged.\n",
807 filter
= (char *)malloc(strlen(id
) + 6);
809 sprintf(filter
, "(cn=%s)", id
);
811 fprintf(stderr
, "Can not allocate filter buffer.\n");
812 fprintf(stderr
, "%s: key-pair(s) unchanged.\n",
817 /* Prompt for ldap bind DN for entry udpates */
818 status
= get_ldap_bindDN(&bindDN
);
820 if (status
!= PROMPTGET_SUCCESS
) {
821 FREE_CREDINFO(bindDN
);
823 "Failed to get a valid LDAP bind DN.\n"
824 "%s: key-pair(s) unchanged.\n",
829 /* Prompt for ldap bind password */
830 status
= get_ldap_bindPassword(&bindPasswd
);
832 if (status
!= PROMPTGET_SUCCESS
) {
833 FREE_CREDINFO(bindPasswd
);
834 FREE_CREDINFO(bindDN
);
837 "Failed to get a valid LDAP bind password."
838 "\n%s: key-pair(s) unchanged.\n",
844 /* Construct attribute values */
845 pkeyatval
= (char *)malloc(strlen(mechname
) + strlen(public) + 3);
846 if (pkeyatval
== NULL
) {
847 FREE_CREDINFO(bindPasswd
);
848 FREE_CREDINFO(bindDN
);
849 fprintf(stderr
, "LDAP memory error (pkeyatval)\n");
850 fprintf(stderr
, "%s: key-pair(s) unchanged.\n", program_name
);
853 sprintf(pkeyatval
, "{%s}%s", mechname
, public);
854 ckeyatval
= (char *)malloc(strlen(mechname
) + strlen(crypt
) + 3);
855 if (ckeyatval
== NULL
) {
856 FREE_CREDINFO(pkeyatval
);
857 FREE_CREDINFO(bindPasswd
);
858 FREE_CREDINFO(bindDN
);
859 fprintf(stderr
, "LDAP memory error (pkeyatval)\n");
860 fprintf(stderr
, "%s: key-pair(s) unchanged.\n", program_name
);
863 sprintf(ckeyatval
, "{%s}%s", mechname
, crypt
);
865 /* Does entry exist? */
866 if ((__ns_ldap_list(db
, filter
, NULL
, (const char **)attrFilter
,
867 NULL
, 0, &res
, &errorp
,
868 NULL
, NULL
) == NS_LDAP_SUCCESS
) && res
== NULL
) {
869 FREE_CREDINFO(ckeyatval
);
870 FREE_CREDINFO(pkeyatval
);
871 FREE_CREDINFO(bindPasswd
);
872 FREE_CREDINFO(bindDN
);
873 fprintf(stderr
, "LDAP entry does not exist.\n");
874 fprintf(stderr
, "%s: key-pair(s) unchanged.\n", program_name
);
878 /* Entry exists, modify attributes for public and secret keys */
880 /* Is there a NisKeyObject in entry? */
881 if (!ldap_keyobj_exist(&res
->entry
[0])) {
882 /* Add NisKeyObject objectclass and the keys */
884 ns_ldap_attr_t
*attrs
[4]; /* objectclass, pk, sk, NULL */
886 /* set objectclass */
887 newattr
= (char **)calloc(2, sizeof (char *));
888 newattr
[0] = "NisKeyObject";
890 if ((attrs
[0] = (ns_ldap_attr_t
*)calloc(1,
891 sizeof (ns_ldap_attr_t
))) == NULL
) {
892 FREE_CREDINFO(ckeyatval
);
893 FREE_CREDINFO(pkeyatval
);
894 FREE_CREDINFO(bindPasswd
);
895 FREE_CREDINFO(bindDN
);
896 fprintf(stderr
, "Memory allocation failed\n");
897 fprintf(stderr
, "%s: key-pair(s) unchanged.\n",
901 attrs
[0]->attrname
= "objectClass";
902 attrs
[0]->attrvalue
= newattr
;
903 attrs
[0]->value_count
= 1;
906 newattr
= (char **)calloc(2, sizeof (char *));
907 newattr
[0] = pkeyatval
;
909 if ((attrs
[1] = (ns_ldap_attr_t
*)calloc(1,
910 sizeof (ns_ldap_attr_t
))) == NULL
) {
911 FREE_CREDINFO(ckeyatval
);
912 FREE_CREDINFO(pkeyatval
);
913 FREE_CREDINFO(bindPasswd
);
914 FREE_CREDINFO(bindDN
);
915 fprintf(stderr
, "Memory allocation failed\n");
916 fprintf(stderr
, "%s: key-pair(s) unchanged.\n",
920 attrs
[1]->attrname
= "nisPublicKey";
921 attrs
[1]->attrvalue
= newattr
;
922 attrs
[1]->value_count
= 1;
925 newattr
= (char **)calloc(2, sizeof (char *));
926 newattr
[0] = ckeyatval
;
928 if ((attrs
[2] = (ns_ldap_attr_t
*)calloc(1,
929 sizeof (ns_ldap_attr_t
))) == NULL
) {
930 FREE_CREDINFO(ckeyatval
);
931 FREE_CREDINFO(pkeyatval
);
932 FREE_CREDINFO(bindPasswd
);
933 FREE_CREDINFO(bindDN
);
934 fprintf(stderr
, "Memory allocation failed\n");
935 fprintf(stderr
, "%s: key-pair(s) unchanged.\n",
939 attrs
[2]->attrname
= "nisSecretKey";
940 attrs
[2]->attrvalue
= newattr
;
941 attrs
[2]->value_count
= 1;
946 update_ldap_attr(dn
, attrs
, passwd
, TRUE
, update4host
,
949 /* object class already exists, replace keys */
950 ns_ldap_attr_t
*attrs
[4]; /* objectclass, pk, sk, NULL */
952 if (!ldap_attr_mod(&res
->entry
[0], mechname
,
954 ckeyatval
, &cattrs
)) {
955 FREE_CREDINFO(ckeyatval
);
956 FREE_CREDINFO(pkeyatval
);
957 FREE_CREDINFO(bindPasswd
);
958 FREE_CREDINFO(bindDN
);
960 "Could not generate LDAP attribute list.\n");
962 "%s: key-pair(s) unchanged.\n", program_name
);
970 update_ldap_attr(dn
, attrs
, passwd
, FALSE
, update4host
,
974 FREE_CREDINFO(ckeyatval
);
975 FREE_CREDINFO(pkeyatval
);
976 FREE_CREDINFO(bindPasswd
);
977 FREE_CREDINFO(bindDN
);