Bugzilla BZ 606944: Convert TPS to use ldap utilities and API from OpenLDAP instead of the Mozldap

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1766 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

1 files changed, 35 insertions, 30 deletions

diff --git a/pki/base/tps/src/authentication/LDAP_Authentication.cpp b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
index ff2f82d0c..651557fa7 100644
--- a/pki/base/tps/src/authentication/LDAP_Authentication.cpp
+++ b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
@@ -24,8 +24,6 @@
 #include <math.h>
 #include "engine/RA.h"
 #include "ldap.h"
-#include "ldap_ssl.h"
-#include "ldappr.h"
 #include "authentication/LDAP_Authentication.h"
 #include "authentication/Authentication.h"
 #include "main/Memory.h"
@@ -69,7 +67,7 @@ LDAP_Authentication::~LDAP_Authentication ()
 /*
  * Search for password name "name" in the password file "filepath"
  */
-static char *get_pwd_from_conf(char *filepath, char *name)
+static char *get_pwd_from_conf(char *filepath, const char *name)
 {
     PRFileDesc *fd;
     char line[1024];
@@ -155,6 +153,7 @@ void LDAP_Authentication::Initialize(int instanceIndex) {
 int LDAP_Authentication::Authenticate(AuthParams *params)
 {
     char buffer[500];
+    char ldapuri[1024];
     char *host = NULL;
     char *portStr = NULL;
     int port = 0;
@@ -166,6 +165,7 @@ int LDAP_Authentication::Authenticate(AuthParams *params)
     char *uid = NULL;
     char *password = NULL;
     int retries = 0;
+    int rc =0;
 
     if (params == NULL) {
         status = TPS_AUTH_ERROR_USERNOTFOUND;
@@ -178,27 +178,26 @@ int LDAP_Authentication::Authenticate(AuthParams *params)
     GetHostPort(&host, &portStr);
     port = atoi(portStr); 
 
-    if (m_ssl != NULL & strcmp(m_ssl, "true")==0) {
+    if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) {
       /* handling of SSL */
-      ld = ldapssl_init(host, port, 1); 
+      snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port);
     } else {
-      /* NOTE:  ldapssl_init() already utilizes */
-      /*        prldap (IPv6) functionality.    */
-      ld = prldap_init(host, port, 1); 
+      snprintf(ldapuri, 1024, "ldap://%s:%i", host, port);
     }
-    while (ld == NULL && retries < m_connectRetries) {
+    status = ldap_initialize(&ld, ldapuri);
+
+    while ((ld == NULL) && (retries < m_connectRetries)) {
         RA::IncrementAuthCurrentIndex(m_connInfo->GetHostPortListLen());
         GetHostPort(&host, &portStr);
         port = atoi(portStr);
-        if (m_ssl != NULL & strcmp(m_ssl, "true")==0) {
+        if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) {
           /* handling of SSL */
-          ld = ldapssl_init(host, port, 1); 
+          snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port);
         } else {
-          /* NOTE:  ldapssl_init() already utilizes */
-          /*        prldap (IPv6) functionality.    */
-          ld = prldap_init(host, port, 1); 
+          snprintf(ldapuri, 1024, "ldap://%s:%i", host, port);
         }
-            retries++;    
+        status = ldap_initialize(&ld, ldapuri);
+        retries++;    
     }
 
     if (ld == NULL) {
@@ -213,14 +212,13 @@ int LDAP_Authentication::Authenticate(AuthParams *params)
         GetHostPort(&host, &portStr);
         port = atoi(portStr);
         RA::Debug("ldap auth:"," host=%s, portstr=%s, port=%d", host, portStr, port);
-        if (m_ssl != NULL & strcmp(m_ssl, "true")==0) {
+        if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) {
           /* handling of SSL */
-          ld = ldapssl_init(host, port, 1); 
+          snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port);
         } else {
-          /* NOTE:  ldapssl_init() already utilizes */
-          /*        prldap (IPv6) functionality.    */
-          ld = prldap_init(host, port, 1); 
+          snprintf(ldapuri, 1024, "ldap://%s:%i", host, port);
         }
+        status = ldap_initialize(&ld, ldapuri);
 
         if (ld == NULL) {
             RA::Debug("LDAP_Authentication::Authenticate:", "ld null.  Trying failover...");
@@ -235,11 +233,14 @@ int LDAP_Authentication::Authenticate(AuthParams *params)
 
         if (m_bindDN != NULL && strlen(m_bindDN) > 0) {
             RA::Debug("LDAP_Authentication::Authenticate", "Simple bind required '%s'", m_bindDN);
-            ldap_simple_bind_s(ld, m_bindDN, m_bindPwd);
+            struct berval credential;
+            credential.bv_val = m_bindPwd;
+            credential.bv_len= strlen(m_bindPwd);
+            rc = ldap_sasl_bind_s(ld, m_bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
         }
 
         int ldap_status = LDAP_OTHER;
-        if ((ldap_status = ldap_search_s(ld, m_baseDN, LDAP_SCOPE_SUBTREE, buffer, NULL, 0, &result)) != LDAP_SUCCESS) {
+        if ((ldap_status = ldap_search_ext_s(ld, m_baseDN, LDAP_SCOPE_SUBTREE, buffer, NULL, 0, NULL, NULL, NULL, 0, &result)) != LDAP_SUCCESS) {
             if (ldap_status != LDAP_NO_SUCH_OBJECT) {
               RA::Debug("LDAP_Authentication::Authenticate:", "LDAP_UNAVAILABLE.  Trying failover...");
               retries++;
@@ -250,7 +251,11 @@ int LDAP_Authentication::Authenticate(AuthParams *params)
             for (e = ldap_first_entry(ld, result); e != NULL; e = ldap_next_entry(ld, e)) {
                 if ((dn = ldap_get_dn(ld, e)) != NULL) {
                     RA::Debug("LDAP_Authentication::Authenticate", "User bind required '%s' '(sensitive)'", dn );
-                    if (ldap_simple_bind_s(ld, dn, password) == LDAP_SUCCESS) {
+                    struct berval credential;
+                    credential.bv_val = password;
+                    credential.bv_len= strlen(password);
+                    rc = ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+                    if (rc == LDAP_SUCCESS) {
                         /* retrieve attributes and, */
                         /* put them into the auth parameters */
                         if (m_attributes != NULL) { 
@@ -259,16 +264,16 @@ int LDAP_Authentication::Authenticate(AuthParams *params)
                              char *token = NULL; 
                              token = strtok(m_dup_attributes, ","); 
                              while( token != NULL ) { 
-                                 char **v = NULL;
-                                 v = ldap_get_values(ld, e, token);
-                                 if (v != NULL) {
-                                     RA::Debug("LDAP_Authentication::Authenticate", "Exposed %s=%s", token, v[0]);
-                                     params->Add(token, PL_strdup(v[0]));
+                                 struct berval **v = NULL;
+                                 v = ldap_get_values_len(ld, e, token);
+                                 if ((v != NULL) && (v[0]!= NULL) && (v[0]->bv_val != NULL)) {
+                                     RA::Debug("LDAP_Authentication::Authenticate", "Exposed %s=%s", token, v[0]->bv_val);
+                                     params->Add(token, PL_strdup(v[0]->bv_val));
                                      RA::Debug("LDAP_Authentication::Authenticate", "Size %d", params->Size());
                                  }
                                  token = strtok( NULL, "," ); 
                                  if( v != NULL ) {
-                                     ldap_value_free( v );
+                                     ldap_value_free_len( v );
                                      v = NULL;
                                  }
 
@@ -306,7 +311,7 @@ loser:
     }
 
     if (ld != NULL) {
-        ldap_unbind(ld);
+        ldap_unbind_ext_s(ld, NULL, NULL);
         ld = NULL;
     } 
     return status;