diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2011-01-03 16:16:57 +0100 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-01-07 05:00:44 -0500 |
| commit | 8a9fdbfb039bf1894cf3b301c8a0f84261ec8c1c (patch) | |
| tree | f08d850fd5b68f8bb06a5e92cbbea5fb49b277c0 /daemons | |
| parent | 21bf175e0c10b087deb10b8e328a6a6bd549c0f9 (diff) | |
| download | freeipa-8a9fdbfb039bf1894cf3b301c8a0f84261ec8c1c.tar.gz freeipa-8a9fdbfb039bf1894cf3b301c8a0f84261ec8c1c.tar.xz freeipa-8a9fdbfb039bf1894cf3b301c8a0f84261ec8c1c.zip | |
Do not use LDAP_DEPRECATED in plugins
Remove the LDAP_DEPRECATED constant and do not use functions that are
marked as deprecated in recent OpenLDAP releases. Also always define
WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that
depend on that constant.
https://fedorahosted.org/freeipa/ticket/576
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/configure.ac | 2 | ||||
| -rw-r--r-- | daemons/ipa-kpasswd/ipa_kpasswd.c | 18 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h | 2 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 50 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c | 24 |
5 files changed, 75 insertions, 21 deletions
diff --git a/daemons/configure.ac b/daemons/configure.ac index 221a63a7..370c5d6d 100644 --- a/daemons/configure.ac +++ b/daemons/configure.ac @@ -199,9 +199,11 @@ AC_ARG_WITH([openldap], if test "x$with_openldap" == xyes; then LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR4 $NSS3 -DUSE_OPENLDAP" LDAP_LIBS="${OPENLDAP_LIBS}" + AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries]) else LDAP_CFLAGS="${MOZLDAP_CFLAGS}" LDAP_LIBS="${MOZLDAP_LIBS}" + AC_DEFINE_UNQUOTED(WITH_MOZLDAP, 1, [Use Mozilla LDAP libraries]) fi AC_SUBST(LDAP_CFLAGS) AC_SUBST(LDAP_LIBS) diff --git a/daemons/ipa-kpasswd/ipa_kpasswd.c b/daemons/ipa-kpasswd/ipa_kpasswd.c index 9b4c2ddc..a506cec1 100644 --- a/daemons/ipa-kpasswd/ipa_kpasswd.c +++ b/daemons/ipa-kpasswd/ipa_kpasswd.c @@ -42,7 +42,6 @@ #ifdef WITH_MOZLDAP #include <mozldap/ldap.h> #else -#define LDAP_DEPRECATED 1 #include <ldap.h> #endif #include <sasl/sasl.h> @@ -331,6 +330,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e struct berval *control = NULL; struct berval newpw; char hostname[1024]; + char *uri; struct berval **ncvals; char *ldap_base = NULL; char *filter; @@ -386,11 +386,19 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e goto done; } + ret = asprintf(&uri, "ldap://%s:389", hostname); + if (ret == -1) { + syslog(LOG_ERR, "Out of memory!"); + goto done; + } + /* connect to ldap server */ /* TODO: support referrals ? */ - ld = ldap_init(hostname, 389); - if(ld == NULL) { - syslog(LOG_ERR, "Unable to connect to ldap server"); + ret = ldap_initialize(&ld, uri); + free(uri); + if(ret != LDAP_SUCCESS) { + syslog(LOG_ERR, "Unable to connect to ldap server: %s", + ldap_err2string(ret)); goto done; } @@ -414,7 +422,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e /* find base dn */ /* TODO: address the case where we have multiple naming contexts */ tv.tv_sec = 10; - tv.tv_usec = 0; + tv.tv_usec = 0; ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, "objectclass=*", root_attrs, 0, diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index 4f8764f4..aaaeeb71 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -49,8 +49,6 @@ #include <unistd.h> #include <stdbool.h> -#define LDAP_DEPRECATED 1 - #include <prio.h> #include <ssl.h> #include <dirsrv/slapi-plugin.h> diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index cf6b3fc9..2bc36c09 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -373,6 +373,40 @@ static void pwd_values_free(Slapi_ValueSet** results, slapi_vattr_values_free(results, actual_type_name, buffer_flags); } +static int ipapwd_rdn_count(const char *dn) +{ + int rdnc = 0; + +#ifdef WITH_MOZLDAP + char **edn; + + edn = ldap_explode_dn(dn, 0); + if (!edn) { + LOG_TRACE("ldap_explode_dn(dn) failed ?!"); + return -1; + } + + for (rdnc = 0; edn != NULL && edn[rdnc]; rdnc++) /* count */ ; + ldap_value_free(edn); +#else + /* both ldap_explode_dn and ldap_value_free are deprecated + * in OpenLDAP */ + LDAPDN ldn; + int ret; + + ret = ldap_str2dn(dn, &ldn, LDAP_DN_FORMAT_LDAPV3); + if (ret != LDAP_SUCCESS) { + LOG_TRACE("ldap_str2dn(dn) failed ?!"); + return -1; + } + + for (rdnc = 0; ldn != NULL && ldn[rdnc]; rdnc++) /* count */ ; + ldap_dnfree(ldn); +#endif + + return rdnc; +} + static int ipapwd_getPolicy(const char *dn, Slapi_Entry *target, Slapi_Entry **e) { @@ -386,7 +420,6 @@ static int ipapwd_getPolicy(const char *dn, "krbPwdHistoryLength", NULL}; Slapi_Entry **es = NULL; Slapi_Entry *pe = NULL; - char **edn; int ret, res, dist, rdnc, scope, i; Slapi_DN *sdn = NULL; int buffer_flags=0; @@ -465,14 +498,12 @@ static int ipapwd_getPolicy(const char *dn, } /* count number of RDNs in DN */ - edn = ldap_explode_dn(dn, 0); - if (!edn) { - LOG_TRACE("ldap_explode_dn(dn) failed ?!"); + rdnc = ipapwd_rdn_count(dn); + if (rdnc == -1) { + LOG_TRACE("ipapwd_rdn_count(dn) failed"); ret = -1; goto done; } - for (rdnc = 0; edn[rdnc]; rdnc++) /* count */ ; - ldap_value_free(edn); pe = NULL; dist = -1; @@ -490,15 +521,12 @@ static int ipapwd_getPolicy(const char *dn, } if (slapi_sdn_issuffix(sdn, esdn)) { const char *dn1; - char **e1; int c1; dn1 = slapi_sdn_get_dn(esdn); if (!dn1) continue; - e1 = ldap_explode_dn(dn1, 0); - if (!e1) continue; - for (c1 = 0; e1[c1]; c1++) /* count */ ; - ldap_value_free(e1); + c1 = ipapwd_rdn_count(dn1); + if (c1 == -1) continue; if ((dist == -1) || ((rdnc - c1) < dist)) { dist = rdnc - c1; diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c index 10aa1880..bfad0cf2 100644 --- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c +++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c @@ -41,8 +41,6 @@ # include <config.h> #endif -#define LDAP_DEPRECATED 1 - /* * Windows Synchronization Plug-in for IPA * This plugin allows IPA to intercept operations sent from @@ -375,7 +373,6 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry, char **new_dn_string, const Slapi_DN *ds_suffix, const Slapi_DN *ad_suffix) { - char **rdns = NULL; PRBool flatten = PR_TRUE; IPA_WinSync_Config *ipaconfig = ipa_winsync_get_config(); @@ -390,6 +387,9 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry, return; } +#ifdef WITH_MOZLDAP + char **rdns = NULL; + rdns = ldap_explode_dn(*new_dn_string, 0); if (!rdns || !rdns[0]) { ldap_value_free(rdns); @@ -399,6 +399,24 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry, slapi_ch_free_string(new_dn_string); *new_dn_string = slapi_ch_smprintf("%s,%s", rdns[0], slapi_sdn_get_dn(ds_suffix)); ldap_value_free(rdns); +#else + /* both ldap_explode_dn and ldap_value_free are deprecated + * in OpenLDAP */ + LDAPDN ldn; + int ret; + char *rdn; + + ret = ldap_str2dn(*new_dn_string, &ldn, LDAP_DN_FORMAT_LDAPV3); + if (ret != LDAP_SUCCESS) { + LOG_TRACE("ldap_str2dn(dn) failed ?!"); + return; + } + + ldap_rdn2str(ldn[0], &rdn, LDAP_DN_FORMAT_UFN); + *new_dn_string = slapi_ch_smprintf("%s,%s", rdn, slapi_sdn_get_dn(ds_suffix)); + ldap_dnfree(ldn); + ldap_memfree(rdn); +#endif LOG("<-- ipa_winsync_get_new_ds_user_dn_cb -- new dn [%s] -- end\n", *new_dn_string); |