154925bfwillf/*
254925bfwillf * lib/kdb/kdb_ldap/ldap_tkt_policy.c
354925bfwillf *
454925bfwillf * Copyright (c) 2004-2005, Novell, Inc.
554925bfwillf * All rights reserved.
654925bfwillf *
754925bfwillf * Redistribution and use in source and binary forms, with or without
854925bfwillf * modification, are permitted provided that the following conditions are met:
954925bfwillf *
1054925bfwillf *   * Redistributions of source code must retain the above copyright notice,
1154925bfwillf *       this list of conditions and the following disclaimer.
1254925bfwillf *   * Redistributions in binary form must reproduce the above copyright
1354925bfwillf *       notice, this list of conditions and the following disclaimer in the
1454925bfwillf *       documentation and/or other materials provided with the distribution.
1554925bfwillf *   * The copyright holder's name is not used to endorse or promote products
1654925bfwillf *       derived from this software without specific prior written permission.
1754925bfwillf *
1854925bfwillf * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
1954925bfwillf * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2054925bfwillf * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2154925bfwillf * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
2254925bfwillf * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2354925bfwillf * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2454925bfwillf * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
2554925bfwillf * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
2654925bfwillf * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2754925bfwillf * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2854925bfwillf * POSSIBILITY OF SUCH DAMAGE.
2954925bfwillf */
3054925bfwillf
3154925bfwillf#include "ldap_main.h"
3254925bfwillf#include "kdb_ldap.h"
3354925bfwillf#include "ldap_tkt_policy.h"
3454925bfwillf#include "ldap_err.h"
3554925bfwillf#include <libintl.h>
3654925bfwillf
3754925bfwillf/* Ticket policy object management */
3854925bfwillf
3954925bfwillf/*
4054925bfwillf * create the Ticket policy object in Directory.
4154925bfwillf */
4254925bfwillfkrb5_error_code
4354925bfwillfkrb5_ldap_create_policy(context, policy, mask)
4454925bfwillf    krb5_context	        context;
4554925bfwillf    krb5_ldap_policy_params     *policy;
4654925bfwillf    int                         mask;
4754925bfwillf{
4854925bfwillf    krb5_error_code             st=0;
4954925bfwillf    LDAP                        *ld=NULL;
5054925bfwillf    char                        *strval[3]={NULL}, *policy_dn = NULL;
5154925bfwillf    LDAPMod                     **mods=NULL;
5254925bfwillf    kdb5_dal_handle             *dal_handle=NULL;
5354925bfwillf    krb5_ldap_context           *ldap_context=NULL;
5454925bfwillf    krb5_ldap_server_handle     *ldap_server_handle=NULL;
5554925bfwillf
5654925bfwillf    /* validate the input parameters */
5754925bfwillf    if (policy == NULL || policy->policy == NULL) {
5854925bfwillf	st = EINVAL;
5954925bfwillf	krb5_set_error_message (context, st, gettext("Ticket Policy Name missing"));
6054925bfwillf	goto cleanup;
6154925bfwillf    }
6254925bfwillf
6354925bfwillf    SETUP_CONTEXT();
6454925bfwillf    GET_HANDLE();
6554925bfwillf
6654925bfwillf    if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
6754925bfwillf	goto cleanup;
6854925bfwillf
6954925bfwillf    memset(strval, 0, sizeof(strval));
7054925bfwillf    strval[0] = policy->policy;
7154925bfwillf    if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
7254925bfwillf	goto cleanup;
7354925bfwillf
7454925bfwillf    memset(strval, 0, sizeof(strval));
7554925bfwillf    strval[0] = "krbTicketPolicy";
7654925bfwillf    strval[1] = "krbTicketPolicyaux";
7754925bfwillf    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
7854925bfwillf	goto cleanup;
7954925bfwillf
8054925bfwillf    if (mask & LDAP_POLICY_MAXTKTLIFE) {
8154925bfwillf	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
8254925bfwillf					  policy->maxtktlife)) != 0)
8354925bfwillf	    goto cleanup;
8454925bfwillf    }
8554925bfwillf
8654925bfwillf    if (mask & LDAP_POLICY_MAXRENEWLIFE) {
8754925bfwillf	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
8854925bfwillf					  policy->maxrenewlife)) != 0)
8954925bfwillf	    goto cleanup;
9054925bfwillf    }
9154925bfwillf
9254925bfwillf    if (mask & LDAP_POLICY_TKTFLAGS) {
93