154925bf6Swillf
254925bf6Swillf /*
354925bf6Swillf * kadmin/ldap_util/kdb5_ldap_policy.c
454925bf6Swillf */
554925bf6Swillf
6*dd9ccd46S /*
7*dd9ccd46S * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
8*dd9ccd46S * Use is subject to license terms.
9*dd9ccd46S */
10*dd9ccd46S
1154925bf6Swillf /* Copyright (c) 2004-2005, Novell, Inc.
1254925bf6Swillf * All rights reserved.
1354925bf6Swillf *
1454925bf6Swillf * Redistribution and use in source and binary forms, with or without
1554925bf6Swillf * modification, are permitted provided that the following conditions are met:
1654925bf6Swillf *
1754925bf6Swillf * * Redistributions of source code must retain the above copyright notice,
1854925bf6Swillf * this list of conditions and the following disclaimer.
1954925bf6Swillf * * Redistributions in binary form must reproduce the above copyright
2054925bf6Swillf * notice, this list of conditions and the following disclaimer in the
2154925bf6Swillf * documentation and/or other materials provided with the distribution.
2254925bf6Swillf * * The copyright holder's name is not used to endorse or promote products
2354925bf6Swillf * derived from this software without specific prior written permission.
2454925bf6Swillf *
2554925bf6Swillf * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
2654925bf6Swillf * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2754925bf6Swillf * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2854925bf6Swillf * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
2954925bf6Swillf * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
3054925bf6Swillf * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
3154925bf6Swillf * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3254925bf6Swillf * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
3354925bf6Swillf * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3454925bf6Swillf * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
3554925bf6Swillf * POSSIBILITY OF SUCH DAMAGE.
3654925bf6Swillf */
3754925bf6Swillf
3854925bf6Swillf /*
3954925bf6Swillf * Create / Delete / Modify / View / List policy objects.
4054925bf6Swillf */
4154925bf6Swillf
4254925bf6Swillf #include <stdio.h>
4354925bf6Swillf #include <time.h>
4454925bf6Swillf #include <k5-int.h>
4554925bf6Swillf #include <kadm5/admin.h>
4654925bf6Swillf #include <libintl.h>
4754925bf6Swillf #include <locale.h>
4854925bf6Swillf #include "kdb5_ldap_util.h"
4954925bf6Swillf #include "kdb5_ldap_list.h"
5054925bf6Swillf #include "ldap_tkt_policy.h"
5154925bf6Swillf extern time_t get_date(char *); /* kadmin/cli/getdate.o */
5254925bf6Swillf
5354925bf6Swillf static void print_policy_params(krb5_ldap_policy_params *policyparams, int mask);
5454925bf6Swillf static char *strdur(time_t duration);
5554925bf6Swillf
5654925bf6Swillf extern char *yes;
5754925bf6Swillf extern kadm5_config_params global_params;
58*dd9ccd46S
init_ldap_realm(int argc,char * argv[])5954925bf6Swillf static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
6054925bf6Swillf /* This operation is being performed in the context of a realm. So,
6154925bf6Swillf * initialize the realm */
6254925bf6Swillf int mask = 0;
6354925bf6Swillf krb5_error_code retval = 0;
6454925bf6Swillf kdb5_dal_handle *dal_handle = NULL;
6554925bf6Swillf krb5_ldap_context *ldap_context=NULL;
6654925bf6Swillf
6754925bf6Swillf dal_handle = (kdb5_dal_handle *) util_context->db_context;
6854925bf6Swillf ldap_context = (krb5_ldap_context *) dal_handle->db_context;
6954925bf6Swillf if (!ldap_context) {
7054925bf6Swillf retval = EINVAL;
7154925bf6Swillf goto cleanup;
7254925bf6Swillf }
7354925bf6Swillf
7454925bf6Swillf if (ldap_context->krbcontainer == NULL) {
7554925bf6Swillf retval = krb5_ldap_read_krbcontainer_params (util_context,
7654925bf6Swillf &(ldap_context->krbcontainer));
7754925bf6Swillf if (retval != 0) {
78*dd9ccd46S /* Solaris Kerberos */
79*dd9ccd46S com_err(progname, retval, gettext("while reading kerberos container information"));
8054925bf6Swillf goto cleanup;
8154925bf6Swillf }
8254925bf6Swillf }
8354925bf6Swillf
8454925bf6Swillf if (ldap_context->lrparams == NULL) {
8554925bf6Swillf retval = krb5_ldap_read_realm_params(util_context,
8654925bf6Swillf global_params.realm,
8754925bf6Swillf &(ldap_context->lrparams),
8854925bf6Swillf &mask);
8954925bf6Swillf
9054925bf6Swillf if (retval != 0) {
9154925bf6Swillf goto cleanup;
9254925bf6Swillf }
9354925bf6Swillf }
9454925bf6Swillf cleanup:
9554925bf6Swillf return retval;
9654925bf6Swillf }
9754925bf6Swillf
9854925bf6Swillf /*
99