154925bf6Swillf /*
254925bf6Swillf  * lib/kdb/kdb_ldap/ldap_tkt_policy.c
354925bf6Swillf  *
454925bf6Swillf  * Copyright (c) 2004-2005, Novell, Inc.
554925bf6Swillf  * All rights reserved.
654925bf6Swillf  *
754925bf6Swillf  * Redistribution and use in source and binary forms, with or without
854925bf6Swillf  * modification, are permitted provided that the following conditions are met:
954925bf6Swillf  *
1054925bf6Swillf  *   * Redistributions of source code must retain the above copyright notice,
1154925bf6Swillf  *       this list of conditions and the following disclaimer.
1254925bf6Swillf  *   * Redistributions in binary form must reproduce the above copyright
1354925bf6Swillf  *       notice, this list of conditions and the following disclaimer in the
1454925bf6Swillf  *       documentation and/or other materials provided with the distribution.
1554925bf6Swillf  *   * The copyright holder's name is not used to endorse or promote products
1654925bf6Swillf  *       derived from this software without specific prior written permission.
1754925bf6Swillf  *
1854925bf6Swillf  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
1954925bf6Swillf  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2054925bf6Swillf  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2154925bf6Swillf  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
2254925bf6Swillf  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2354925bf6Swillf  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2454925bf6Swillf  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
2554925bf6Swillf  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
2654925bf6Swillf  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2754925bf6Swillf  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2854925bf6Swillf  * POSSIBILITY OF SUCH DAMAGE.
2954925bf6Swillf  */
3054925bf6Swillf 
3154925bf6Swillf #include "ldap_main.h"
3254925bf6Swillf #include "kdb_ldap.h"
3354925bf6Swillf #include "ldap_tkt_policy.h"
3454925bf6Swillf #include "ldap_err.h"
3554925bf6Swillf #include <libintl.h>
3654925bf6Swillf 
3754925bf6Swillf /* Ticket policy object management */
3854925bf6Swillf 
3954925bf6Swillf /*
4054925bf6Swillf  * create the Ticket policy object in Directory.
4154925bf6Swillf  */
4254925bf6Swillf krb5_error_code
krb5_ldap_create_policy(context,policy,mask)4354925bf6Swillf krb5_ldap_create_policy(context, policy, mask)
4454925bf6Swillf     krb5_context	        context;
4554925bf6Swillf     krb5_ldap_policy_params     *policy;
4654925bf6Swillf     int                         mask;
4754925bf6Swillf {
4854925bf6Swillf     krb5_error_code             st=0;
4954925bf6Swillf     LDAP                        *ld=NULL;
5054925bf6Swillf     char                        *strval[3]={NULL}, *policy_dn = NULL;
5154925bf6Swillf     LDAPMod                     **mods=NULL;
5254925bf6Swillf     kdb5_dal_handle             *dal_handle=NULL;
5354925bf6Swillf     krb5_ldap_context           *ldap_context=NULL;
5454925bf6Swillf     krb5_ldap_server_handle     *ldap_server_handle=NULL;
5554925bf6Swillf 
5654925bf6Swillf     /* validate the input parameters */
5754925bf6Swillf     if (policy == NULL || policy->policy == NULL) {
5854925bf6Swillf 	st = EINVAL;
5954925bf6Swillf 	krb5_set_error_message (context, st, gettext("Ticket Policy Name missing"));
6054925bf6Swillf 	goto cleanup;
6154925bf6Swillf     }
6254925bf6Swillf 
6354925bf6Swillf     SETUP_CONTEXT();
6454925bf6Swillf     GET_HANDLE();
6554925bf6Swillf 
6654925bf6Swillf     if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
6754925bf6Swillf 	goto cleanup;
6854925bf6Swillf 
6954925bf6Swillf     memset(strval, 0, sizeof(strval));
7054925bf6Swillf     strval[0] = policy->policy;
7154925bf6Swillf     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
7254925bf6Swillf 	goto cleanup;
7354925bf6Swillf 
7454925bf6Swillf     memset(strval, 0, sizeof(strval));
7554925bf6Swillf     strval[0] = "krbTicketPolicy";
7654925bf6Swillf     strval[1] = "krbTicketPolicyaux";
7754925bf6Swillf     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
7854925bf6Swillf 	goto cleanup;
7954925bf6Swillf 
8054925bf6Swillf     if (mask & LDAP_POLICY_MAXTKTLIFE) {
8154925bf6Swillf 	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
8254925bf6Swillf 					  policy->maxtktlife)) != 0)
8354925bf6Swillf 	    goto cleanup;
8454925bf6Swillf     }
8554925bf6Swillf 
8654925bf6Swillf     if (mask & LDAP_POLICY_MAXRENEWLIFE) {
8754925bf6Swillf 	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
8854925bf6Swillf 					  policy->maxrenewlife)) != 0)
8954925bf6Swillf 	    goto cleanup;
9054925bf6Swillf     }
91