diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-22 06:17:39 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-22 06:17:39 +0000 |
commit | fcb037f34cfacf3f961955d3f2d0839ce69920a5 (patch) | |
tree | d0c86d2aa5b9efe435ca36242ea2d9032472ef3e /pki/base/tps/src/authentication/LDAP_Authentication.cpp | |
parent | 277cc0e0f10ac4f9c90cc45434533be716310b5b (diff) | |
download | pki-fcb037f34cfacf3f961955d3f2d0839ce69920a5.tar.gz pki-fcb037f34cfacf3f961955d3f2d0839ce69920a5.tar.xz pki-fcb037f34cfacf3f961955d3f2d0839ce69920a5.zip |
Bugzilla BZ 606944: Convert TPS to use ldap utilities and API from OpenLDAP instead of the Mozldap
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1766 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps/src/authentication/LDAP_Authentication.cpp')
-rw-r--r-- | pki/base/tps/src/authentication/LDAP_Authentication.cpp | 65 |
1 files changed, 35 insertions, 30 deletions
diff --git a/pki/base/tps/src/authentication/LDAP_Authentication.cpp b/pki/base/tps/src/authentication/LDAP_Authentication.cpp index ff2f82d0c..651557fa7 100644 --- a/pki/base/tps/src/authentication/LDAP_Authentication.cpp +++ b/pki/base/tps/src/authentication/LDAP_Authentication.cpp @@ -24,8 +24,6 @@ #include <math.h> #include "engine/RA.h" #include "ldap.h" -#include "ldap_ssl.h" -#include "ldappr.h" #include "authentication/LDAP_Authentication.h" #include "authentication/Authentication.h" #include "main/Memory.h" @@ -69,7 +67,7 @@ LDAP_Authentication::~LDAP_Authentication () /* * Search for password name "name" in the password file "filepath" */ -static char *get_pwd_from_conf(char *filepath, char *name) +static char *get_pwd_from_conf(char *filepath, const char *name) { PRFileDesc *fd; char line[1024]; @@ -155,6 +153,7 @@ void LDAP_Authentication::Initialize(int instanceIndex) { int LDAP_Authentication::Authenticate(AuthParams *params) { char buffer[500]; + char ldapuri[1024]; char *host = NULL; char *portStr = NULL; int port = 0; @@ -166,6 +165,7 @@ int LDAP_Authentication::Authenticate(AuthParams *params) char *uid = NULL; char *password = NULL; int retries = 0; + int rc =0; if (params == NULL) { status = TPS_AUTH_ERROR_USERNOTFOUND; @@ -178,27 +178,26 @@ int LDAP_Authentication::Authenticate(AuthParams *params) GetHostPort(&host, &portStr); port = atoi(portStr); - if (m_ssl != NULL & strcmp(m_ssl, "true")==0) { + if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) { /* handling of SSL */ - ld = ldapssl_init(host, port, 1); + snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port); } else { - /* NOTE: ldapssl_init() already utilizes */ - /* prldap (IPv6) functionality. */ - ld = prldap_init(host, port, 1); + snprintf(ldapuri, 1024, "ldap://%s:%i", host, port); } - while (ld == NULL && retries < m_connectRetries) { + status = ldap_initialize(&ld, ldapuri); + + while ((ld == NULL) && (retries < m_connectRetries)) { RA::IncrementAuthCurrentIndex(m_connInfo->GetHostPortListLen()); GetHostPort(&host, &portStr); port = atoi(portStr); - if (m_ssl != NULL & strcmp(m_ssl, "true")==0) { + if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) { /* handling of SSL */ - ld = ldapssl_init(host, port, 1); + snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port); } else { - /* NOTE: ldapssl_init() already utilizes */ - /* prldap (IPv6) functionality. */ - ld = prldap_init(host, port, 1); + snprintf(ldapuri, 1024, "ldap://%s:%i", host, port); } - retries++; + status = ldap_initialize(&ld, ldapuri); + retries++; } if (ld == NULL) { @@ -213,14 +212,13 @@ int LDAP_Authentication::Authenticate(AuthParams *params) GetHostPort(&host, &portStr); port = atoi(portStr); RA::Debug("ldap auth:"," host=%s, portstr=%s, port=%d", host, portStr, port); - if (m_ssl != NULL & strcmp(m_ssl, "true")==0) { + if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) { /* handling of SSL */ - ld = ldapssl_init(host, port, 1); + snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port); } else { - /* NOTE: ldapssl_init() already utilizes */ - /* prldap (IPv6) functionality. */ - ld = prldap_init(host, port, 1); + snprintf(ldapuri, 1024, "ldap://%s:%i", host, port); } + status = ldap_initialize(&ld, ldapuri); if (ld == NULL) { RA::Debug("LDAP_Authentication::Authenticate:", "ld null. Trying failover..."); @@ -235,11 +233,14 @@ int LDAP_Authentication::Authenticate(AuthParams *params) if (m_bindDN != NULL && strlen(m_bindDN) > 0) { RA::Debug("LDAP_Authentication::Authenticate", "Simple bind required '%s'", m_bindDN); - ldap_simple_bind_s(ld, m_bindDN, m_bindPwd); + struct berval credential; + credential.bv_val = m_bindPwd; + credential.bv_len= strlen(m_bindPwd); + rc = ldap_sasl_bind_s(ld, m_bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL); } int ldap_status = LDAP_OTHER; - if ((ldap_status = ldap_search_s(ld, m_baseDN, LDAP_SCOPE_SUBTREE, buffer, NULL, 0, &result)) != LDAP_SUCCESS) { + if ((ldap_status = ldap_search_ext_s(ld, m_baseDN, LDAP_SCOPE_SUBTREE, buffer, NULL, 0, NULL, NULL, NULL, 0, &result)) != LDAP_SUCCESS) { if (ldap_status != LDAP_NO_SUCH_OBJECT) { RA::Debug("LDAP_Authentication::Authenticate:", "LDAP_UNAVAILABLE. Trying failover..."); retries++; @@ -250,7 +251,11 @@ int LDAP_Authentication::Authenticate(AuthParams *params) for (e = ldap_first_entry(ld, result); e != NULL; e = ldap_next_entry(ld, e)) { if ((dn = ldap_get_dn(ld, e)) != NULL) { RA::Debug("LDAP_Authentication::Authenticate", "User bind required '%s' '(sensitive)'", dn ); - if (ldap_simple_bind_s(ld, dn, password) == LDAP_SUCCESS) { + struct berval credential; + credential.bv_val = password; + credential.bv_len= strlen(password); + rc = ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL); + if (rc == LDAP_SUCCESS) { /* retrieve attributes and, */ /* put them into the auth parameters */ if (m_attributes != NULL) { @@ -259,16 +264,16 @@ int LDAP_Authentication::Authenticate(AuthParams *params) char *token = NULL; token = strtok(m_dup_attributes, ","); while( token != NULL ) { - char **v = NULL; - v = ldap_get_values(ld, e, token); - if (v != NULL) { - RA::Debug("LDAP_Authentication::Authenticate", "Exposed %s=%s", token, v[0]); - params->Add(token, PL_strdup(v[0])); + struct berval **v = NULL; + v = ldap_get_values_len(ld, e, token); + if ((v != NULL) && (v[0]!= NULL) && (v[0]->bv_val != NULL)) { + RA::Debug("LDAP_Authentication::Authenticate", "Exposed %s=%s", token, v[0]->bv_val); + params->Add(token, PL_strdup(v[0]->bv_val)); RA::Debug("LDAP_Authentication::Authenticate", "Size %d", params->Size()); } token = strtok( NULL, "," ); if( v != NULL ) { - ldap_value_free( v ); + ldap_value_free_len( v ); v = NULL; } @@ -306,7 +311,7 @@ loser: } if (ld != NULL) { - ldap_unbind(ld); + ldap_unbind_ext_s(ld, NULL, NULL); ld = NULL; } return status; |