From 8a9fdbfb039bf1894cf3b301c8a0f84261ec8c1c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 3 Jan 2011 16:16:57 +0100
Subject: Do not use LDAP_DEPRECATED in plugins

Remove the LDAP_DEPRECATED constant and do not use functions that are
marked as deprecated in recent OpenLDAP releases. Also always define
WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that
depend on that constant.

https://fedorahosted.org/freeipa/ticket/576
---
 daemons/configure.ac                               |  2 +
 daemons/ipa-kpasswd/ipa_kpasswd.c                  | 18 +++++---
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h   |  2 -
 .../ipa-pwd-extop/ipapwd_common.c                  | 50 +++++++++++++++++-----
 .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c    | 24 +++++++++--
 5 files changed, 75 insertions(+), 21 deletions(-)

(limited to 'daemons')

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 221a63a7..370c5d6d 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -199,9 +199,11 @@ AC_ARG_WITH([openldap],
 if test "x$with_openldap" == xyes; then
     LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR4 $NSS3 -DUSE_OPENLDAP"
     LDAP_LIBS="${OPENLDAP_LIBS}"
+    AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries])
 else
     LDAP_CFLAGS="${MOZLDAP_CFLAGS}"
     LDAP_LIBS="${MOZLDAP_LIBS}"
+    AC_DEFINE_UNQUOTED(WITH_MOZLDAP, 1, [Use Mozilla LDAP libraries])
 fi
 AC_SUBST(LDAP_CFLAGS)
 AC_SUBST(LDAP_LIBS)
diff --git a/daemons/ipa-kpasswd/ipa_kpasswd.c b/daemons/ipa-kpasswd/ipa_kpasswd.c
index 9b4c2ddc..a506cec1 100644
--- a/daemons/ipa-kpasswd/ipa_kpasswd.c
+++ b/daemons/ipa-kpasswd/ipa_kpasswd.c
@@ -42,7 +42,6 @@
 #ifdef WITH_MOZLDAP
 #include <mozldap/ldap.h>
 #else
-#define LDAP_DEPRECATED 1
 #include <ldap.h>
 #endif
 #include <sasl/sasl.h>
@@ -331,6 +330,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
 	struct berval *control = NULL;
 	struct berval newpw;
 	char hostname[1024];
+	char *uri;
 	struct berval **ncvals;
 	char *ldap_base = NULL;
 	char *filter;
@@ -386,11 +386,19 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
 		goto done;
 	}
 
+	ret = asprintf(&uri, "ldap://%s:389", hostname);
+	if (ret == -1) {
+	    syslog(LOG_ERR, "Out of memory!");
+	    goto done;
+	}
+
 	/* connect to ldap server */
 	/* TODO: support referrals ? */
-	ld = ldap_init(hostname, 389);
-	if(ld == NULL) {
-		syslog(LOG_ERR, "Unable to connect to ldap server");
+	ret = ldap_initialize(&ld, uri);
+	free(uri);
+	if(ret != LDAP_SUCCESS) {
+		syslog(LOG_ERR, "Unable to connect to ldap server: %s",
+				ldap_err2string(ret));
 		goto done;
 	}
 
@@ -414,7 +422,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
 	/* find base dn */
 	/* TODO: address the case where we have multiple naming contexts */
 	tv.tv_sec = 10;
-	tv.tv_usec = 0; 
+	tv.tv_usec = 0;
 
 	ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE,
 				"objectclass=*", root_attrs, 0,
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
index 4f8764f4..aaaeeb71 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
@@ -49,8 +49,6 @@
 #include <unistd.h>
 #include <stdbool.h>
 
-#define LDAP_DEPRECATED 1
-
 #include <prio.h>
 #include <ssl.h>
 #include <dirsrv/slapi-plugin.h>
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index cf6b3fc9..2bc36c09 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -373,6 +373,40 @@ static void pwd_values_free(Slapi_ValueSet** results,
     slapi_vattr_values_free(results, actual_type_name, buffer_flags);
 }
 
+static int ipapwd_rdn_count(const char *dn)
+{
+    int rdnc = 0;
+
+#ifdef WITH_MOZLDAP
+    char **edn;
+
+    edn = ldap_explode_dn(dn, 0);
+    if (!edn) {
+        LOG_TRACE("ldap_explode_dn(dn) failed ?!");
+        return -1;
+    }
+
+    for (rdnc = 0; edn != NULL && edn[rdnc]; rdnc++) /* count */ ;
+    ldap_value_free(edn);
+#else
+    /* both ldap_explode_dn and ldap_value_free are deprecated
+     * in OpenLDAP */
+    LDAPDN ldn;
+    int ret;
+
+    ret = ldap_str2dn(dn, &ldn, LDAP_DN_FORMAT_LDAPV3);
+    if (ret != LDAP_SUCCESS) {
+        LOG_TRACE("ldap_str2dn(dn) failed ?!");
+        return -1;
+    }
+
+    for (rdnc = 0; ldn != NULL && ldn[rdnc]; rdnc++) /* count */ ;
+    ldap_dnfree(ldn);
+#endif
+
+    return rdnc;
+}
+
 static int ipapwd_getPolicy(const char *dn,
                             Slapi_Entry *target, Slapi_Entry **e)
 {
@@ -386,7 +420,6 @@ static int ipapwd_getPolicy(const char *dn,
                       "krbPwdHistoryLength", NULL};
     Slapi_Entry **es = NULL;
     Slapi_Entry *pe = NULL;
-    char **edn;
     int ret, res, dist, rdnc, scope, i;
     Slapi_DN *sdn = NULL;
     int buffer_flags=0;
@@ -465,14 +498,12 @@ static int ipapwd_getPolicy(const char *dn,
     }
 
     /* count number of RDNs in DN */
-    edn = ldap_explode_dn(dn, 0);
-    if (!edn) {
-        LOG_TRACE("ldap_explode_dn(dn) failed ?!");
+    rdnc = ipapwd_rdn_count(dn);
+    if (rdnc == -1) {
+        LOG_TRACE("ipapwd_rdn_count(dn) failed");
         ret = -1;
         goto done;
     }
-    for (rdnc = 0; edn[rdnc]; rdnc++) /* count */ ;
-    ldap_value_free(edn);
 
     pe = NULL;
     dist = -1;
@@ -490,15 +521,12 @@ static int ipapwd_getPolicy(const char *dn,
         }
         if (slapi_sdn_issuffix(sdn, esdn)) {
             const char *dn1;
-            char **e1;
             int c1;
 
             dn1 = slapi_sdn_get_dn(esdn);
             if (!dn1) continue;
-            e1 = ldap_explode_dn(dn1, 0);
-            if (!e1) continue;
-            for (c1 = 0; e1[c1]; c1++) /* count */ ;
-            ldap_value_free(e1);
+            c1 = ipapwd_rdn_count(dn1);
+            if (c1 == -1) continue;
             if ((dist == -1) ||
                 ((rdnc - c1) < dist)) {
                 dist = rdnc - c1;
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
index 10aa1880..bfad0cf2 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
@@ -41,8 +41,6 @@
 #  include <config.h>
 #endif
 
-#define LDAP_DEPRECATED 1
-
 /*
  * Windows Synchronization Plug-in for IPA
  * This plugin allows IPA to intercept operations sent from
@@ -375,7 +373,6 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
                                   Slapi_Entry *ad_entry, char **new_dn_string,
                                   const Slapi_DN *ds_suffix, const Slapi_DN *ad_suffix)
 {
-    char **rdns = NULL;
     PRBool flatten = PR_TRUE;
     IPA_WinSync_Config *ipaconfig = ipa_winsync_get_config();
 
@@ -390,6 +387,9 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
         return;
     }
 
+#ifdef WITH_MOZLDAP
+    char **rdns = NULL;
+
     rdns = ldap_explode_dn(*new_dn_string, 0);
     if (!rdns || !rdns[0]) {
         ldap_value_free(rdns);
@@ -399,6 +399,24 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
     slapi_ch_free_string(new_dn_string);
     *new_dn_string = slapi_ch_smprintf("%s,%s", rdns[0], slapi_sdn_get_dn(ds_suffix));
     ldap_value_free(rdns);
+#else
+    /* both ldap_explode_dn and ldap_value_free are deprecated
+     * in OpenLDAP */
+    LDAPDN ldn;
+    int ret;
+    char *rdn;
+
+    ret = ldap_str2dn(*new_dn_string, &ldn, LDAP_DN_FORMAT_LDAPV3);
+    if (ret != LDAP_SUCCESS) {
+        LOG_TRACE("ldap_str2dn(dn) failed ?!");
+        return;
+    }
+
+    ldap_rdn2str(ldn[0], &rdn, LDAP_DN_FORMAT_UFN);
+    *new_dn_string = slapi_ch_smprintf("%s,%s", rdn, slapi_sdn_get_dn(ds_suffix));
+    ldap_dnfree(ldn);
+    ldap_memfree(rdn);
+#endif
 
     LOG("<-- ipa_winsync_get_new_ds_user_dn_cb -- new dn [%s] -- end\n",
                     *new_dn_string);
-- 
cgit