From 8a9fdbfb039bf1894cf3b301c8a0f84261ec8c1c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 3 Jan 2011 16:16:57 +0100 Subject: Do not use LDAP_DEPRECATED in plugins Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576 --- ipa-client/ipa-client-common.h | 4 ++++ ipa-client/ipa-getkeytab.c | 4 ---- ipa-client/ipa-join.c | 31 +++++++++++++++++++++++++++---- 3 files changed, 31 insertions(+), 8 deletions(-) (limited to 'ipa-client') diff --git a/ipa-client/ipa-client-common.h b/ipa-client/ipa-client-common.h index 863b805a..b738fb4a 100644 --- a/ipa-client/ipa-client-common.h +++ b/ipa-client/ipa-client-common.h @@ -23,6 +23,10 @@ #include #define _(STRING) gettext(STRING) +#ifndef discard_const +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) +#endif + int init_gettext(void); #endif /* __IPA_CLIENT_COMMON_H */ diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c index 96747a86..8f108de4 100644 --- a/ipa-client/ipa-getkeytab.c +++ b/ipa-client/ipa-getkeytab.c @@ -57,10 +57,6 @@ #define KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1" #define KEYTAB_RET_OID "2.16.840.1.113730.3.8.3.2" -#ifndef discard_const -#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) -#endif - struct krb_key_salt { krb5_enctype enctype; krb5_int32 salttype; diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index 5c3d1402..ff0fed9a 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -18,7 +18,6 @@ */ #define _GNU_SOURCE -#define LDAP_DEPRECATED 1 #include #include @@ -178,6 +177,9 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) { int version = LDAP_VERSION3; int ret; int ldapdebug = 0; + char *uri; + struct berval bindpw_bv; + if (debug) { ldapdebug=2; ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldapdebug); @@ -186,7 +188,20 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) { if (ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, CAFILE) != LDAP_OPT_SUCCESS) goto fail; - ld = (LDAP *)ldap_init(hostname, 636); + ret = asprintf(&uri, "ldaps://%s:636", hostname); + if (ret == -1) { + fprintf(stderr, _("Out of memory!")); + goto fail; + } + + ret = ldap_initialize(&ld, uri); + free(uri); + if(ret != LDAP_SUCCESS) { + fprintf(stderr, _("Unable to initialize connection to ldap server: %s"), + ldap_err2string(ret)); + goto fail; + } + if (ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl) != LDAP_OPT_SUCCESS) { fprintf(stderr, _("Unable to enable SSL in LDAP\n")); goto fail; @@ -198,7 +213,12 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) { goto fail; } - ret = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE); + bindpw_bv.bv_val = discard_const(bindpw); + bindpw_bv.bv_len = strlen(bindpw); + + ret = ldap_sasl_bind_s(ld, binddn, LDAP_SASL_SIMPLE, &bindpw_bv, + NULL, NULL, NULL); + if (ret != LDAP_SUCCESS) { int err; @@ -446,7 +466,10 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) { if (!quiet) fprintf(stderr, _("principal not found in host entry\n")); - if (debug) ldap_perror(ld, "ldap_extended_operation_s"); + if (debug) { + fprintf(stderr, "ldap_extended_operation_s failed: %s", + ldap_err2string(rc)); + } rval = 18; goto ldap_done; } -- cgit