diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2009-07-06 12:11:01 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2009-07-07 08:32:42 -0600 |
| commit | 209521323f731daad54682fd98715f7b22c88c78 (patch) | |
| tree | 74a1fa8df06641fe543c8518e4db4357ab610828 /ldap/servers/plugins | |
| parent | 3116dbec570b65d2d0a1df5bd000f6e63439e8ee (diff) | |
| download | ds-cleanup.tar.gz ds-cleanup.tar.xz ds-cleanup.zip | |
OpenLDAP supportcleanup
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
Diffstat (limited to 'ldap/servers/plugins')
27 files changed, 279 insertions, 233 deletions
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c index f7f58650..b708cada 100644 --- a/ldap/servers/plugins/acl/acl.c +++ b/ldap/servers/plugins/acl/acl.c @@ -195,9 +195,9 @@ static int check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, char *dn, } } } - ldap_value_free( rdns ); + slapi_ldap_value_free( rdns ); } - ldap_value_free( dns ); + slapi_ldap_value_free( dns ); } return(retCode); diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c index f0c1da5d..599fdbd0 100644 --- a/ldap/servers/plugins/acl/aclutil.c +++ b/ldap/servers/plugins/acl/aclutil.c @@ -585,8 +585,8 @@ aclutil_expand_paramString ( char *str, Slapi_Entry *e ) cleanup: - ldap_value_free ( a_dns ); - ldap_value_free ( e_dns ); + slapi_ldap_value_free ( a_dns ); + slapi_ldap_value_free ( e_dns ); if ( 0 != rc ) /* error */ { slapi_ch_free ( (void **) &buf ); buf = NULL; diff --git a/ldap/servers/plugins/chainingdb/cb.h b/ldap/servers/plugins/chainingdb/cb.h index 209fdd37..a93950d9 100644 --- a/ldap/servers/plugins/chainingdb/cb.h +++ b/ldap/servers/plugins/chainingdb/cb.h @@ -485,7 +485,6 @@ int cb_back_cleanup (Slapi_PBlock *pb ); long cb_atol(char *str); Slapi_Entry * cb_LDAPMessage2Entry(LDAP * ctx, LDAPMessage * msg, int attrsonly); -char * cb_urlparse_err2string( int err ); char * cb_get_rootdn(); struct berval ** referrals2berval(char ** referrals); cb_backend_instance * cb_get_instance(Slapi_Backend * be); diff --git a/ldap/servers/plugins/chainingdb/cb_bind.c b/ldap/servers/plugins/chainingdb/cb_bind.c index d8c9f87b..638404a6 100644 --- a/ldap/servers/plugins/chainingdb/cb_bind.c +++ b/ldap/servers/plugins/chainingdb/cb_bind.c @@ -162,7 +162,7 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism, char * matcheddnp2, * errmsgp2; matcheddnp2=errmsgp2=NULL; - rc = ldap_get_lderrno( ld, &matcheddnp2, &errmsgp2 ); + rc = slapi_ldap_get_lderrno( ld, &matcheddnp2, &errmsgp2 ); /* Need to allocate errmsgs */ if (matcheddnp2) @@ -185,7 +185,7 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism, &referrals, resctrlsp, 1 ); if ( referrals != NULL ) { *refurlsp = referrals2berval( referrals ); - ldap_value_free( referrals ); + slapi_ldap_value_free( referrals ); } /* realloc matcheddn & errmsg because the mem alloc model */ /* may differ from malloc */ diff --git a/ldap/servers/plugins/chainingdb/cb_instance.c b/ldap/servers/plugins/chainingdb/cb_instance.c index f813cec0..1c08bd9f 100644 --- a/ldap/servers/plugins/chainingdb/cb_instance.c +++ b/ldap/servers/plugins/chainingdb/cb_instance.c @@ -714,15 +714,16 @@ static int cb_instance_hosturl_set(void *arg, void *value, char *errorbuf, int p char *url = (char *) value; LDAPURLDesc *ludp=NULL; int rc=LDAP_SUCCESS; + int secure = 0; - if (( rc = ldap_url_parse( url, &ludp )) != 0 ) { - PL_strncpyz(errorbuf,cb_urlparse_err2string( rc ), SLAPI_DSE_RETURNTEXT_SIZE); + if (( rc = slapi_ldap_url_parse( url, &ludp, 0, &secure )) != 0 ) { + PL_strncpyz(errorbuf,slapi_urlparse_err2string( rc ), SLAPI_DSE_RETURNTEXT_SIZE); if (CB_CONFIG_PHASE_INITIALIZATION == phase) inst->pool->url=slapi_ch_strdup(""); return(LDAP_INVALID_SYNTAX); } - if (ludp && (ludp->lud_options & LDAP_URL_OPT_SECURE) && inst && inst->rwl_config_lock) { + if (ludp && secure && inst && inst->rwl_config_lock) { int isgss = 0; PR_RWLock_Rlock(inst->rwl_config_lock); isgss = inst->pool->mech && !PL_strcasecmp(inst->pool->mech, "GSSAPI"); @@ -768,7 +769,7 @@ static int cb_instance_hosturl_set(void *arg, void *value, char *errorbuf, int p inst->pool->hostname = slapi_ch_strdup( ludp->lud_host ); } inst->pool->url = slapi_ch_strdup( url); - inst->pool->secure = (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 ); + inst->pool->secure = secure; if ((ludp->lud_port==0) && inst->pool->secure) inst->pool->port=CB_LDAP_SECURE_PORT; diff --git a/ldap/servers/plugins/chainingdb/cb_search.c b/ldap/servers/plugins/chainingdb/cb_search.c index 94b680f7..895d6f2b 100644 --- a/ldap/servers/plugins/chainingdb/cb_search.c +++ b/ldap/servers/plugins/chainingdb/cb_search.c @@ -298,7 +298,7 @@ chainingdb_build_candidate_list ( Slapi_PBlock *pb ) switch ( rc ) { case -1: /* An error occurred. return now */ - rc = ldap_get_lderrno(ld,NULL,NULL); + rc = slapi_ldap_get_lderrno(ld,NULL,NULL); /* tuck away some errors in a OPERATION_ERROR */ if (CB_LDAP_CONN_ERROR(rc)) { cb_send_ldap_result(pb,LDAP_OPERATIONS_ERROR, NULL, @@ -366,7 +366,7 @@ chainingdb_build_candidate_list ( Slapi_PBlock *pb ) rc=-1; } else if ( rc != LDAP_SUCCESS ) { - ldap_get_lderrno( ctx->ld, &matched_msg, &error_msg ); + slapi_ldap_get_lderrno( ctx->ld, &matched_msg, &error_msg ); cb_send_ldap_result( pb, rc, matched_msg, error_msg,0,NULL); /* BEWARE: matched_msg and error_msg points */ @@ -558,7 +558,7 @@ chainingdb_next_search_entry ( Slapi_PBlock *pb ) case -1: /* An error occurred. */ - rc = ldap_get_lderrno( ctx->ld, NULL, NULL ); + rc = slapi_ldap_get_lderrno( ctx->ld, NULL, NULL ); slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET,NULL); slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY,NULL); @@ -670,7 +670,7 @@ chainingdb_next_search_entry ( Slapi_PBlock *pb ) } if (referrals != NULL) { - ldap_value_free( referrals ); + slapi_ldap_value_free( referrals ); } return 0; @@ -694,7 +694,7 @@ chainingdb_next_search_entry ( Slapi_PBlock *pb ) retcode=-1; } else if ( rc != LDAP_SUCCESS ) { - ldap_get_lderrno( ctx->ld, &matched_msg, &error_msg ); + slapi_ldap_get_lderrno( ctx->ld, &matched_msg, &error_msg ); cb_send_ldap_result( pb, rc, matched_msg, NULL, 0, NULL); /* BEWARE: Don't free matched_msg && error_msg */ diff --git a/ldap/servers/plugins/chainingdb/cb_utils.c b/ldap/servers/plugins/chainingdb/cb_utils.c index 128c2adc..4878e1a8 100644 --- a/ldap/servers/plugins/chainingdb/cb_utils.c +++ b/ldap/servers/plugins/chainingdb/cb_utils.c @@ -94,7 +94,7 @@ Slapi_Entry * cb_LDAPMessage2Entry(LDAP * ld, LDAPMessage * msg, int attrsonly) } } if ( NULL != ber ) - ldap_ber_free( ber, 0 ); + ber_free( ber, 0 ); return e; } @@ -120,35 +120,6 @@ struct berval ** referrals2berval(char ** referrals) { return val; } - -char * -cb_urlparse_err2string( int err ) -{ - char *s="internal error"; - - switch( err ) { - case 0: - s = "no error"; - break; - case LDAP_URL_ERR_NOTLDAP: - s = "missing ldap:// or ldaps://"; - break; - case LDAP_URL_ERR_NODN: - s = "missing suffix"; - break; - case LDAP_URL_ERR_BADSCOPE: - s = "invalid search scope"; - break; - case LDAP_URL_ERR_MEM: - s = "unable to allocate memory"; - break; - case LDAP_URL_ERR_PARAM: - s = "bad parameter to an LDAP URL function"; - break; - } - - return( s ); -} /* ** Return LDAP_SUCCESS if an internal operation needs to be forwarded to diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c index 0f509c05..b198ef3a 100644 --- a/ldap/servers/plugins/dna/dna.c +++ b/ldap/servers/plugins/dna/dna.c @@ -53,7 +53,6 @@ #include "dirlite_strings.h" #include "dirver.h" #include "prclist.h" -#include "ldif.h" /* Required to get portable printf/scanf format macros */ #ifdef HAVE_INTTYPES_H @@ -1499,7 +1498,10 @@ static int dna_request_range(struct configEntry *config_entry, int set_extend_flag = 0; int ret = LDAP_OPERATIONS_ERROR; int port = 0; - + int timelimit; +#if defined(USE_OPENLDAP) + struct timeval timeout; +#endif /* See if we're allowed to send a range request now */ slapi_lock_mutex(config_entry->extend_lock); if (config_entry->extend_in_progress) { @@ -1543,9 +1545,15 @@ static int dna_request_range(struct configEntry *config_entry, /* Disable referrals and set timelimit and a connect timeout */ ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); - ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &config_entry->timeout); + timelimit = config_entry->timeout / 1000; /* timeout is in msec */ + ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit); +#if defined(USE_OPENLDAP) + timeout.tv_sec = config_entry->timeout / 1000; + timeout.tv_usec = (config_entry->timeout % 1000) * 1000; + ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout); +#else ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &config_entry->timeout); - +#endif /* Bind to the replica server */ ret = slapi_ldap_bind(ld, bind_dn, bind_passwd, bind_method, NULL, NULL, NULL, NULL); diff --git a/ldap/servers/plugins/passthru/passthru.h b/ldap/servers/plugins/passthru/passthru.h index 022a57ae..34f8f696 100644 --- a/ldap/servers/plugins/passthru/passthru.h +++ b/ldap/servers/plugins/passthru/passthru.h @@ -163,6 +163,5 @@ void passthru_close_all_connections( PassThruConfig *cfg ); struct berval **passthru_strs2bervals( char **ss ); char ** passthru_bervals2strs( struct berval **bvs ); void passthru_free_bervals( struct berval **bvs ); -char *passthru_urlparse_err2string( int err ); #endif /* _PASSTHRU_H_ */ diff --git a/ldap/servers/plugins/passthru/ptbind.c b/ldap/servers/plugins/passthru/ptbind.c index 2cce0b57..063ba150 100644 --- a/ldap/servers/plugins/passthru/ptbind.c +++ b/ldap/servers/plugins/passthru/ptbind.c @@ -158,7 +158,7 @@ passthru_simple_bind_once_s( PassThruServer *srvr, char *dn, /* * Some other error occurred (no result received). */ - rc = ldap_get_lderrno( ld, matcheddnp, errmsgp ); + rc = slapi_ldap_get_lderrno( ld, matcheddnp, errmsgp ); } else { /* * Got a result from remote server -- parse it. @@ -167,7 +167,7 @@ passthru_simple_bind_once_s( PassThruServer *srvr, char *dn, &referrals, resctrlsp, 1 ); if ( referrals != NULL ) { *refurlsp = passthru_strs2bervals( referrals ); - ldap_value_free( referrals ); + slapi_ldap_value_free( referrals ); } } diff --git a/ldap/servers/plugins/passthru/ptconfig.c b/ldap/servers/plugins/passthru/ptconfig.c index b7bb1386..fac0c5bd 100644 --- a/ldap/servers/plugins/passthru/ptconfig.c +++ b/ldap/servers/plugins/passthru/ptconfig.c @@ -131,6 +131,7 @@ passthru_config( int argc, char **argv ) */ prevsrvr = NULL; for ( i = 0; i < argc; ++i ) { + int secure = 0; char *p = NULL; srvr = (PassThruServer *)slapi_ch_calloc( 1, sizeof( PassThruServer )); srvr->ptsrvr_url = slapi_ch_strdup( argv[i] ); @@ -230,10 +231,10 @@ passthru_config( int argc, char **argv ) /* * parse the LDAP URL */ - if (( rc = ldap_url_parse( srvr->ptsrvr_url, &ludp )) != 0 ) { + if (( rc = slapi_ldap_url_parse( srvr->ptsrvr_url, &ludp, 0, &secure )) != 0 ) { slapi_log_error( SLAPI_LOG_FATAL, PASSTHRU_PLUGIN_SUBSYSTEM, "unable to parse LDAP URL \"%s\" (%s)\n", - srvr->ptsrvr_url, passthru_urlparse_err2string( rc )); + srvr->ptsrvr_url, slapi_urlparse_err2string( rc )); return( LDAP_PARAM_ERROR ); } @@ -246,8 +247,7 @@ passthru_config( int argc, char **argv ) srvr->ptsrvr_hostname = slapi_ch_strdup( ludp->lud_host ); srvr->ptsrvr_port = ludp->lud_port; - srvr->ptsrvr_secure = - (( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 ); + srvr->ptsrvr_secure = secure; if (starttls) { srvr->ptsrvr_secure = 2; } @@ -265,7 +265,7 @@ passthru_config( int argc, char **argv ) /* * split the DN into multiple suffixes (separated by ';') */ - if (( suffixarray = ldap_str2charray( ludp->lud_dn, ";" )) == NULL ) { + if (( suffixarray = slapi_str2charray( ludp->lud_dn, ";" )) == NULL ) { slapi_log_error( SLAPI_LOG_FATAL, PASSTHRU_PLUGIN_SUBSYSTEM, "unable to parse suffix string \"%s\" within \"%s\"\n", ludp->lud_dn, srvr->ptsrvr_url ); diff --git a/ldap/servers/plugins/passthru/ptutil.c b/ldap/servers/plugins/passthru/ptutil.c index 399e5b5a..48f3c405 100644 --- a/ldap/servers/plugins/passthru/ptutil.c +++ b/ldap/servers/plugins/passthru/ptutil.c @@ -116,33 +116,3 @@ passthru_free_bervals( struct berval **bvs ) } slapi_ch_free( (void **)&bvs ); } - - -char * -passthru_urlparse_err2string( int err ) -{ - char *s; - - switch( err ) { - case 0: - s = "no error"; - break; - case LDAP_URL_ERR_NOTLDAP: - s = "missing ldap:// or ldaps://"; - break; - case LDAP_URL_ERR_NODN: - s = "missing suffix"; - break; - case LDAP_URL_ERR_BADSCOPE: - s = "invalid search scope"; - break; - case LDAP_URL_ERR_MEM: - s = "unable to allocate memory"; - break; - case LDAP_URL_ERR_PARAM: - s = "bad parameter to an LDAP URL function"; - break; - } - - return( s ); -} diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c index fd8ab46b..19011ac6 100644 --- a/ldap/servers/plugins/pwdstorage/clear_pwd.c +++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c @@ -52,13 +52,13 @@ #include "pwdstorage.h" int -clear_pw_cmp( char *userpwd, char *dbpwd ) +clear_pw_cmp( const char *userpwd, const char *dbpwd ) { return( strcmp( userpwd, dbpwd )); } char * -clear_pw_enc( char *pwd ) +clear_pw_enc( const char *pwd ) { /* Just return NULL if pwd is NULL */ if (!pwd) diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c index 02ec7d08..666fd4b3 100644 --- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c +++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c @@ -79,7 +79,7 @@ crypt_init() } int -crypt_pw_cmp( char *userpwd, char *dbpwd ) +crypt_pw_cmp( const char *userpwd, const char *dbpwd ) { int rc; char *cp; @@ -96,7 +96,7 @@ crypt_pw_cmp( char *userpwd, char *dbpwd ) } char * -crypt_pw_enc( char *pwd ) +crypt_pw_enc( const char *pwd ) { char *cry, salt[3]; char *enc= NULL; diff --git a/ldap/servers/plugins/pwdstorage/md5_pwd.c b/ldap/servers/plugins/pwdstorage/md5_pwd.c index b63c5b04..7dec2d47 100644 --- a/ldap/servers/plugins/pwdstorage/md5_pwd.c +++ b/ldap/servers/plugins/pwdstorage/md5_pwd.c @@ -57,7 +57,7 @@ #define MD5_SUBSYSTEM_NAME "MD5 password hash" int -md5_pw_cmp( char *userpwd, char *dbpwd ) +md5_pw_cmp( const char *userpwd, const char *dbpwd ) { int rc=-1; char * bver; @@ -96,7 +96,7 @@ loser: } char * -md5_pw_enc( char *pwd ) +md5_pw_enc( const char *pwd ) { char * bver, *enc=NULL; PK11Context *ctx=NULL; diff --git a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c index 467766fb..3dc7e34d 100644 --- a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c +++ b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c @@ -77,7 +77,7 @@ ns_mta_hexify(char *buffer, char *str, int len) } static char * -ns_mta_hash_alg(char *buffer, char *salt, char *passwd) +ns_mta_hash_alg(char *buffer, char *salt, const char *passwd) { mta_MD5_CTX context; char *saltstr; @@ -102,7 +102,7 @@ ns_mta_hash_alg(char *buffer, char *salt, char *passwd) } int -ns_mta_md5_pw_cmp(char * clear, char *mangled) +ns_mta_md5_pw_cmp(const char * clear, const char *mangled) { char mta_hash[33]; char mta_salt[33]; diff --git a/ldap/servers/plugins/pwdstorage/pwdstorage.h b/ldap/servers/plugins/pwdstorage/pwdstorage.h index ccd0deee..975d789e 100644 --- a/ldap/servers/plugins/pwdstorage/pwdstorage.h +++ b/ldap/servers/plugins/pwdstorage/pwdstorage.h @@ -46,6 +46,7 @@ #include "slapi-plugin.h" #include <ssl.h> #include "nspr.h" +#include "plbase64.h" #include "ldif.h" #include "md5.h" @@ -54,7 +55,7 @@ #define PWD_HASH_PREFIX_START '{' #define PWD_HASH_PREFIX_END '}' -#define MAX_SHA_HASH_SIZE 64 +#define MAX_SHA_HASH_SIZE HASH_LENGTH_MAX #define SHA1_SCHEME_NAME "SHA" #define SHA1_NAME_LEN 3 @@ -81,31 +82,31 @@ #define MD5_SCHEME_NAME "MD5" #define MD5_NAME_LEN 3 -SECStatus sha_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt, unsigned int secOID); -int sha_pw_cmp( char *userpwd, char *dbpwd, unsigned int shaLen ); -char * sha_pw_enc( char *pwd, unsigned int shaLen ); -char * salted_sha_pw_enc( char *pwd, unsigned int shaLen ); -int sha1_pw_cmp( char *userpwd, char *dbpwd ); -char * sha1_pw_enc( char *pwd ); -char * salted_sha1_pw_enc( char *pwd ); -int sha256_pw_cmp( char *userpwd, char *dbpwd ); -char * sha256_pw_enc( char *pwd ); -char * salted_sha256_pw_enc( char *pwd ); -int sha384_pw_cmp( char *userpwd, char *dbpwd ); -char * sha384_pw_enc( char *pwd ); -char * salted_sha384_pw_enc( char *pwd ); -int sha512_pw_cmp( char *userpwd, char *dbpwd ); -char * sha512_pw_enc( char *pwd ); -char * salted_sha512_pw_enc( char *pwd ); -int clear_pw_cmp( char *userpwd, char *dbpwd ); -char *clear_pw_enc( char *pwd ); +SECStatus sha_salted_hash(char *hash_out, const char *pwd, struct berval *salt, unsigned int secOID); +int sha_pw_cmp( const char *userpwd, const char *dbpwd, unsigned int shaLen ); +char * sha_pw_enc( const char *pwd, unsigned int shaLen ); +char * salted_sha_pw_enc( const char *pwd, unsigned int shaLen ); +int sha1_pw_cmp( const char *userpwd, const char *dbpwd ); +char * sha1_pw_enc( const char *pwd ); +char * salted_sha1_pw_enc( const char *pwd ); +int sha256_pw_cmp( const char *userpwd, const char *dbpwd ); +char * sha256_pw_enc( const char *pwd ); +char * salted_sha256_pw_enc( const char *pwd ); +int sha384_pw_cmp( const char *userpwd, const char *dbpwd ); +char * sha384_pw_enc( const char *pwd ); +char * salted_sha384_pw_enc( const char *pwd ); +int sha512_pw_cmp( const char *userpwd, const char *dbpwd ); +char * sha512_pw_enc( const char *pwd ); +char * salted_sha512_pw_enc( const char *pwd ); +int clear_pw_cmp( const char *userpwd, const char *dbpwd ); +char *clear_pw_enc( const char *pwd ); #ifndef _WIN32 void crypt_init(); -int crypt_pw_cmp( char *userpwd, char *dbpwd ); -char *crypt_pw_enc( char *pwd ); +int crypt_pw_cmp( const char *userpwd, const char *dbpwd ); +char *crypt_pw_enc( const char *pwd ); #endif -int ns_mta_md5_pw_cmp( char *userpwd, char *dbpwd ); -int md5_pw_cmp( char *userpwd, char *dbpwd ); -char *md5_pw_enc( char *pwd ); +int ns_mta_md5_pw_cmp( const char *userpwd, const char *dbpwd ); +int md5_pw_cmp( const char *userpwd, const char *dbpwd ); +char *md5_pw_enc( const char *pwd ); #endif /* _PWDSTORAGE_H */ diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c index ea0afdd0..e54feab7 100644 --- a/ldap/servers/plugins/pwdstorage/sha_pwd.c +++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c @@ -67,20 +67,21 @@ static char *plugin_name = "NSPwdStoragePlugin"; */ int -sha_pw_cmp (char *userpwd, char *dbpwd, unsigned int shaLen ) +sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen ) { /* * SHA passwords are stored in the database as shaLen bytes of * hash, followed by zero or more bytes of salt, all BASE64 encoded. */ int result = 1; /* failure */ - unsigned char userhash[MAX_SHA_HASH_SIZE]; - unsigned char quick_dbhash[MAX_SHA_HASH_SIZE + SHA_SALT_LENGTH + 3]; - unsigned char *dbhash = quick_dbhash; + char userhash[MAX_SHA_HASH_SIZE]; + char quick_dbhash[MAX_SHA_HASH_SIZE + SHA_SALT_LENGTH + 3]; + char *dbhash = quick_dbhash; struct berval salt; int hash_len; /* must be a signed valued -- see below */ unsigned int secOID; char *schemeName; + char *hashresult = NULL; /* Determine which algorithm we're using */ switch (shaLen) { @@ -107,24 +108,20 @@ sha_pw_cmp (char *userpwd, char *dbpwd, unsigned int shaLen ) /* * Decode hash stored in database. - * - * Note that ldif_base64_decode() returns a value less than zero to - * indicate that a decoding error occurred, so it is critical that - * hash_len be a signed value. */ - hash_len = (((strlen(dbpwd) + 3) / 4) * 3); /* maybe less */ + hash_len = (strlen(dbpwd) * 3) / 4; /* includes the trailing = if any */ if ( hash_len > sizeof(quick_dbhash) ) { /* get more space: */ - dbhash = (unsigned char*) slapi_ch_malloc( hash_len ); + dbhash = (char*) slapi_ch_malloc( hash_len ); if ( dbhash == NULL ) goto loser; } - hash_len = ldif_base64_decode( dbpwd, dbhash ); - if (hash_len < 0) { + hashresult = PL_Base64Decode( dbpwd, 0, dbhash ); + if (NULL == hashresult) { slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, hasherrmsg, schemeName, dbpwd ); goto loser; } else if ( hash_len >= shaLen ) { salt.bv_val = (void*)(dbhash + shaLen); - salt.bv_len = hash_len - shaLen; - } else if ( hash_len == DS40B1_SALTED_SHA_LENGTH ) { + salt.bv_len = SHA_SALT_LENGTH; + } else if ( hash_len >= DS40B1_SALTED_SHA_LENGTH ) { salt.bv_val = (void*)dbhash; salt.bv_len = 8; } else { /* unsupported, invalid BASE64 (hash_len < 0), or similar */ @@ -139,19 +136,19 @@ sha_pw_cmp (char *userpwd, char *dbpwd, unsigned int shaLen ) } /* the proof is in the comparison... */ - result = ( hash_len == DS40B1_SALTED_SHA_LENGTH ) ? - ( memcmp( userhash, dbhash + 8, hash_len - 8 )) : - ( memcmp( userhash, dbhash, shaLen )); + result = ( hash_len >= shaLen ) ? + ( memcmp( userhash, dbhash, shaLen )) : /* include salt */ + ( memcmp( userhash, dbhash + 8, hash_len - 8 )); /* exclude salt */ loser: - if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free( (void**)&dbhash ); + if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( &dbhash ); return result; } char * -sha_pw_enc( char *pwd, unsigned int shaLen ) +sha_pw_enc( const char *pwd, unsigned int shaLen ) { - unsigned char hash[MAX_SHA_HASH_SIZE]; + char hash[MAX_SHA_HASH_SIZE]; char *enc; char *schemeName; unsigned int schemeNameLen; @@ -196,8 +193,7 @@ sha_pw_enc( char *pwd, unsigned int shaLen ) sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, schemeName, PWD_HASH_PREFIX_END ); - (void)ldif_base64_encode( hash, enc + 2 + schemeNameLen, - shaLen, -1 ); + (void)PL_Base64Encode( hash, shaLen, enc + 2 + schemeNameLen ); return( enc ); } @@ -206,25 +202,25 @@ sha_pw_enc( char *pwd, unsigned int shaLen ) * Wrapper password comparison functions */ int -sha1_pw_cmp (char *userpwd, char *dbpwd ) +sha1_pw_cmp (const char *userpwd, const char *dbpwd ) { return sha_pw_cmp( userpwd, dbpwd, SHA1_LENGTH ); } int -sha256_pw_cmp (char *userpwd, char *dbpwd ) +sha256_pw_cmp (const char *userpwd, const char *dbpwd ) { return sha_pw_cmp( userpwd, dbpwd, SHA256_LENGTH ); } int -sha384_pw_cmp (char *userpwd, char *dbpwd ) +sha384_pw_cmp (const char *userpwd, const char *dbpwd ) { return sha_pw_cmp( userpwd, dbpwd, SHA384_LENGTH ); } int -sha512_pw_cmp (char *userpwd, char *dbpwd ) +sha512_pw_cmp (const char *userpwd, const char *dbpwd ) { return sha_pw_cmp( userpwd, dbpwd, SHA512_LENGTH ); } @@ -233,25 +229,25 @@ sha512_pw_cmp (char *userpwd, char *dbpwd ) * Wrapper password encryption functions */ char * -sha1_pw_enc( char *pwd ) +sha1_pw_enc( const char *pwd ) { return sha_pw_enc( pwd, SHA1_LENGTH ); } char * -sha256_pw_enc( char *pwd ) +sha256_pw_enc( const char *pwd ) { return sha_pw_enc( pwd, SHA256_LENGTH ); } char * -sha384_pw_enc( char *pwd ) +sha384_pw_enc( const char *pwd ) { return sha_pw_enc( pwd, SHA384_LENGTH ); } char * -sha512_pw_enc( char *pwd ) +sha512_pw_enc( const char *pwd ) { return sha_pw_enc( pwd, SHA512_LENGTH ); } diff --git a/ldap/servers/plugins/pwdstorage/ssha_pwd.c b/ldap/servers/plugins/pwdstorage/ssha_pwd.c index 048eee42..14b8d443 100644 --- a/ldap/servers/plugins/pwdstorage/ssha_pwd.c +++ b/ldap/servers/plugins/pwdstorage/ssha_pwd.c @@ -74,7 +74,7 @@ ssha_rand_array(void *randx, size_t len) } SECStatus -sha_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt, unsigned int secOID) +sha_salted_hash(char *hash_out, const char *pwd, struct berval *salt, unsigned int secOID) { PK11Context *ctx; unsigned int outLen; @@ -108,7 +108,7 @@ sha_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt, unsigne PK11_DigestBegin(ctx); PK11_DigestOp(ctx, (unsigned char*)pwd, strlen(pwd)); PK11_DigestOp(ctx, (unsigned char*)(salt->bv_val), salt->bv_len); - PK11_DigestFinal(ctx, hash_out, &outLen, shaLen); + PK11_DigestFinal(ctx, (unsigned char*)hash_out, &outLen, shaLen); PK11_DestroyContext(ctx, 1); if (outLen == shaLen) rc = SECSuccess; @@ -118,17 +118,17 @@ sha_salted_hash(unsigned char *hash_out, char *pwd, struct berval *salt, unsigne } else { /*backward compatibility*/ - rc = PK11_HashBuf(secOID, hash_out, (unsigned char *)pwd, strlen(pwd)); + rc = PK11_HashBuf(secOID, (unsigned char*)hash_out, (unsigned char *)pwd, strlen(pwd)); } return rc; } char * -salted_sha_pw_enc( char *pwd, unsigned int shaLen ) +salted_sha_pw_enc( const char *pwd, unsigned int shaLen ) { - unsigned char hash[ MAX_SHA_HASH_SIZE + SHA_SALT_LENGTH ]; - unsigned char *salt = hash + shaLen; + char hash[ MAX_SHA_HASH_SIZE + SHA_SALT_LENGTH ]; + char *salt = hash + shaLen; struct berval saltval; char *enc; char *schemeName; @@ -184,8 +184,7 @@ salted_sha_pw_enc( char *pwd, unsigned int shaLen ) sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, schemeName, PWD_HASH_PREFIX_END ); - (void)ldif_base64_encode( hash, enc + 2 + schemeNameLen, - (shaLen + SHA_SALT_LENGTH), -1 ); + (void)PL_Base64Encode( hash, (shaLen + SHA_SALT_LENGTH), enc + 2 + schemeNameLen ); return( enc ); } @@ -194,25 +193,25 @@ salted_sha_pw_enc( char *pwd, unsigned int shaLen ) * Wrapper functions for password encoding */ char * -salted_sha1_pw_enc( char *pwd ) +salted_sha1_pw_enc( const char *pwd ) { return salted_sha_pw_enc( pwd, SHA1_LENGTH ); } char * -salted_sha256_pw_enc( char *pwd ) +salted_sha256_pw_enc( const char *pwd ) { return salted_sha_pw_enc( pwd, SHA256_LENGTH ); } char * -salted_sha384_pw_enc( char *pwd ) +salted_sha384_pw_enc( const char *pwd ) { return salted_sha_pw_enc( pwd, SHA384_LENGTH ); } char * -salted_sha512_pw_enc( char *pwd ) +salted_sha512_pw_enc( const char *pwd ) { return salted_sha_pw_enc( pwd, SHA512_LENGTH ); } diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c index b0c9f4e7..dfc5765d 100644 --- a/ldap/servers/plugins/replication/cl5_api.c +++ b/ldap/servers/plugins/replication/cl5_api.c @@ -1308,9 +1308,14 @@ done:; */ int cl5ImportLDIF (const char *clDir, const char *ldifFile, Object **replicas) { - FILE *file; +#if defined(USE_OPENLDAP) + LDIFFP *file = NULL; + int buflen; +#else + FILE *file = NULL; +#endif int rc; - char *buff; + char *buff = NULL; int lineno = 0; slapi_operation_parameters op; Object *replica = NULL; @@ -1345,7 +1350,11 @@ int cl5ImportLDIF (const char *clDir, const char *ldifFile, Object **replicas) } /* open LDIF file */ +#if defined(USE_OPENLDAP) + file = ldif_open (ldifFile, "r"); +#else file = fopen (ldifFile, "r"); /* XXXggood Does fopen reliably work if > 255 files open? */ +#endif if (file == NULL) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, @@ -1374,10 +1383,14 @@ int cl5ImportLDIF (const char *clDir, const char *ldifFile, Object **replicas) } /* read entries and write them to changelog */ +#if defined(USE_OPENLDAP) + while (ldif_read_record( file, &lineno, &buff, &buflen )) +#else while ((buff = ldif_get_entry( file, &lineno )) != NULL) +#endif { rc = _cl5LDIF2Operation (buff, &op, &replGen); - slapi_ch_free ((void**)&buff); + slapi_ch_free_string(&buff); if (rc != CL5_SUCCESS) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, @@ -1394,7 +1407,7 @@ int cl5ImportLDIF (const char *clDir, const char *ldifFile, Object **replicas) "cl5ImportLDIF: failed to locate replica for target dn (%s) and " "replica generation %s\n", op.target_address.dn, replGen); - slapi_ch_free ((void**)&replGen); + slapi_ch_free_string(&replGen); operation_parameters_done (&op); goto done; } @@ -1409,18 +1422,25 @@ int cl5ImportLDIF (const char *clDir, const char *ldifFile, Object **replicas) slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, "cl5ImportLDIF: failed to write operation to the changelog\n"); object_release (replica); - slapi_ch_free ((void**)&replGen); + slapi_ch_free_string(&replGen); operation_parameters_done (&op); goto done; } } object_release (replica); - slapi_ch_free ((void**)&replGen); + slapi_ch_free_string(&replGen); operation_parameters_done (&op); } done:; + if (file) { +#if defined(USE_OPENLDAP) + ldif_close(file); +#else + fclose(file); +#endif + } _cl5Close (); PR_RWLock_Unlock (s_cl5Desc.stLock); return rc; @@ -5041,46 +5061,46 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char } /* fill buffer */ - ldif_put_type_and_value(&buff, T_CHANGETYPESTR, (char*)strType, strlen (strType)); - ldif_put_type_and_value(&buff, T_REPLGEN, (char*)replGen, strlen (replGen)); - ldif_put_type_and_value(&buff, T_CSNSTR, (char*)strCSN, strlen (strCSN)); - ldif_put_type_and_value(&buff, T_UNIQUEIDSTR, op->target_address.uniqueid, - strlen (op->target_address.uniqueid)); + slapi_ldif_put_type_and_value_with_options(&buff, T_CHANGETYPESTR, (char*)strType, strlen (strType), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_REPLGEN, (char*)replGen, strlen (replGen), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_CSNSTR, (char*)strCSN, strlen (strCSN), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_UNIQUEIDSTR, op->target_address.uniqueid, + strlen (op->target_address.uniqueid), 0); switch (op->operation_type) { case SLAPI_OPERATION_ADD: if (op->p.p_add.parentuniqueid) - ldif_put_type_and_value(&buff, T_PARENTIDSTR, - op->p.p_add.parentuniqueid, strlen (op->p.p_add.parentuniqueid)); - ldif_put_type_and_value(&buff, T_DNSTR, rawDN, strlen (rawDN)); - ldif_put_type_and_value(&buff, T_CHANGESTR, l->ls_buf, l->ls_len); + slapi_ldif_put_type_and_value_with_options(&buff, T_PARENTIDSTR, + op->p.p_add.parentuniqueid, strlen (op->p.p_add.parentuniqueid), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, rawDN, strlen (rawDN), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_CHANGESTR, l->ls_buf, l->ls_len, 0); slapi_ch_free ((void**)&rawDN); break; - case SLAPI_OPERATION_MODIFY: ldif_put_type_and_value(&buff, T_DNSTR, op->target_address.dn, - strlen (op->target_address.dn)); - ldif_put_type_and_value(&buff, T_CHANGESTR, l->ls_buf, l->ls_len); + case SLAPI_OPERATION_MODIFY: slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, op->target_address.dn, + strlen (op->target_address.dn), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_CHANGESTR, l->ls_buf, l->ls_len, 0); break; - case SLAPI_OPERATION_MODRDN: ldif_put_type_and_value(&buff, T_DNSTR, op->target_address.dn, - strlen (op->target_address.dn)); - ldif_put_type_and_value(&buff, T_NEWRDNSTR, op->p.p_modrdn.modrdn_newrdn, - strlen (op->p.p_modrdn.modrdn_newrdn)); - ldif_put_type_and_value(&buff, T_DRDNFLAGSTR, strDeleteOldRDN, - strlen (strDeleteOldRDN)); + case SLAPI_OPERATION_MODRDN: slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, op->target_address.dn, + strlen (op->target_address.dn), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_NEWRDNSTR, op->p.p_modrdn.modrdn_newrdn, + strlen (op->p.p_modrdn.modrdn_newrdn), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_DRDNFLAGSTR, strDeleteOldRDN, + strlen (strDeleteOldRDN), 0); if (op->p.p_modrdn.modrdn_newsuperior_address.dn) - ldif_put_type_and_value(&buff, T_NEWSUPERIORDNSTR, + slapi_ldif_put_type_and_value_with_options(&buff, T_NEWSUPERIORDNSTR, op->p.p_modrdn.modrdn_newsuperior_address.dn, - strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn)); + strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn), 0); if (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid) - ldif_put_type_and_value(&buff, T_NEWSUPERIORIDSTR, + slapi_ldif_put_type_and_value_with_options(&buff, T_NEWSUPERIORIDSTR, op->p.p_modrdn.modrdn_newsuperior_address.uniqueid, - strlen (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid)); - ldif_put_type_and_value(&buff, T_CHANGESTR, l->ls_buf, l->ls_len); + strlen (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid), 0); + slapi_ldif_put_type_and_value_with_options(&buff, T_CHANGESTR, l->ls_buf, l->ls_len, 0); break; - case SLAPI_OPERATION_DELETE: ldif_put_type_and_value(&buff, T_DNSTR, op->target_address.dn, - strlen (op->target_address.dn)); + case SLAPI_OPERATION_DELETE: slapi_ldif_put_type_and_value_with_options(&buff, T_DNSTR, op->target_address.dn, + strlen (op->target_address.dn), 0); break; } @@ -5101,7 +5121,11 @@ static int _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, char **replGen) { int rc; +#if defined(USE_OPENLDAP) + ber_len_t vlen; +#else int vlen; +#endif char *next, *line; char *type, *value; Slapi_Mods *mods; diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c index 5a171cb5..47d07be4 100644 --- a/ldap/servers/plugins/replication/repl5_connection.c +++ b/ldap/servers/plugins/replication/repl5_connection.c @@ -52,8 +52,14 @@ replica locked. Seems like right thing to do. */ #include "repl5.h" +#if defined(USE_OPENLDAP) +#include "ldap.h" +#else #include "ldappr.h" #include "ldap-extension.h" +#endif +#include "nspr.h" +#include "private/pprio.h" #include "nss.h" typedef struct repl_connection @@ -365,7 +371,7 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda if (0 == rc) { /* Timeout */ - rc = ldap_get_lderrno(conn->ld, NULL, NULL); + rc = slapi_ldap_get_lderrno(conn->ld, NULL, NULL); conn->last_ldap_error = LDAP_TIMEOUT; return_value = CONN_TIMEOUT; } @@ -383,7 +389,7 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda /* Error */ char *s = NULL; - rc = ldap_get_lderrno(conn->ld, NULL, &s); + rc = slapi_ldap_get_lderrno(conn->ld, NULL, &s); conn->last_ldap_errmsg = s; conn->last_ldap_error = rc; /* some errors will require a disconnect and retry the connection @@ -485,6 +491,61 @@ conn_read_result(Repl_Connection *conn, int *message_id) * on the same connection), we need to _first_ verify that the connection * is writable. If it isn't, we can deadlock if we proceed any further... */ +#if defined(USE_OPENLDAP) +/* openldap has LBER_SB_OPT_DATA_READY but that doesn't really + work for our purposes - so we grab the openldap fd from the + ber sockbuf layer, import it into a PR Poll FD, then + do the poll +*/ +static ConnResult +see_if_write_available(Repl_Connection *conn, PRIntervalTime timeout) +{ + PRFileDesc *pollfd = NULL; + PRPollDesc polldesc; + ber_socket_t fd = 0; + int rc; + + /* get the sockbuf */ + ldap_get_option(conn->ld, LDAP_OPT_DESC, &fd); + if (fd <= 0) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: invalid connection insee_if_write_available \n", + agmt_get_long_name(conn->agmt)); + conn->last_ldap_error = LDAP_PARAM_ERROR; + return CONN_OPERATION_FAILED; + } + /* wrap the sockbuf fd with a NSPR FD created especially + for use with polling, and only with polling */ + pollfd = PR_CreateSocketPollFd(fd); + polldesc.fd = pollfd; + polldesc.in_flags = PR_POLL_WRITE|PR_POLL_EXCEPT; + polldesc.out_flags = 0; + + /* do the poll */ + rc = PR_Poll(&polldesc, 1, timeout); + + /* unwrap the socket */ + PR_DestroySocketPollFd(pollfd); + + /* check */ + if (rc == 0) { /* timeout */ + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: poll timed out - poll interval [%d]\n", + agmt_get_long_name(conn->agmt), + timeout); + return CONN_TIMEOUT; + } else if ((rc < 0) || ((polldesc.out_flags|PR_POLL_WRITE) == 0)) { /* error */ + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: error during poll attempt [%d:%s]\n", + agmt_get_long_name(conn->agmt), + PR_GetError(), slapd_pr_strerror(PR_GetError())); + conn->last_ldap_error = LDAP_PARAM_ERROR; + return CONN_OPERATION_FAILED; + } + + return CONN_OPERATION_SUCCESS; +} +#else /* ! USE_OPENLDAP */ /* Since we're poking around with ldap c sdk internals, we have to be careful since the PR layer stores different session and socket info than the NSS SSL layer than the SASL layer - and they all @@ -504,7 +565,7 @@ see_if_write_available(Repl_Connection *conn, PRIntervalTime timeout) memset(&iofns, 0, sizeof(iofns)); iofns.lextiof_size = LDAP_X_EXTIO_FNS_SIZE; if (ldap_get_option(conn->ld, LDAP_X_OPT_EXTIO_FN_PTRS, &iofns) < 0) { - rc = ldap_get_lderrno(conn->ld, NULL, NULL); + rc = slapi_ldap_get_lderrno(conn->ld, NULL, NULL); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: Failed call to ldap_get_option to get extiofns in " "see_if_write_available: LDAP error %d (%s)\n", @@ -517,7 +578,7 @@ see_if_write_available(Repl_Connection *conn, PRIntervalTime timeout) /* set up the poll structure */ if (ldap_get_option(conn->ld, LDAP_OPT_DESC, &pollstr.lpoll_fd) < 0) { - rc = ldap_get_lderrno(conn->ld, NULL, NULL); + rc = slapi_ldap_get_lderrno(conn->ld, NULL, NULL); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: Failed call to ldap_get_option for poll_fd in " "see_if_write_available: LDAP error %d (%s)\n", @@ -529,7 +590,7 @@ see_if_write_available(Repl_Connection *conn, PRIntervalTime timeout) if (ldap_get_option(conn->ld, LDAP_X_OPT_SOCKETARG, &pollstr.lpoll_socketarg) < 0) { - rc = ldap_get_lderrno(conn->ld, NULL, NULL); + rc = slapi_ldap_get_lderrno(conn->ld, NULL, NULL); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: Failed call to ldap_get_option for socketarg in " "see_if_write_available: LDAP error %d (%s)\n", @@ -553,6 +614,7 @@ see_if_write_available(Repl_Connection *conn, PRIntervalTime timeout) return CONN_OPERATION_SUCCESS; } +#endif /* ! USE_OPENLDAP */ /* * Common code to send an LDAPv3 operation and collect the result. @@ -1010,7 +1072,9 @@ conn_connect(Repl_Connection *conn) } if (return_value == CONN_OPERATION_SUCCESS) { +#if !defined(USE_OPENLDAP) int io_timeout_ms; +#endif /* Now we initialize the LDAP Structure and set options */ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, @@ -1055,10 +1119,13 @@ conn_connect(Repl_Connection *conn) ldap_set_option(conn->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); /* override the default timeout with the specified timeout */ +#if defined(USE_OPENLDAP) + ldap_set_option(conn->ld, LDAP_OPT_NETWORK_TIMEOUT, &conn->timeout); +#else io_timeout_ms = conn->timeout.tv_sec * 1000 + conn->timeout.tv_usec / 1000; prldap_set_session_option(conn->ld, NULL, PRLDAP_OPT_IO_MAX_TIMEOUT, io_timeout_ms); - +#endif /* We've got an ld. Now bind to the server. */ conn->last_operation = CONN_BIND; @@ -1066,7 +1133,7 @@ conn_connect(Repl_Connection *conn) if ( bind_and_check_pwp(conn, binddn, conn->plain) == CONN_OPERATION_FAILED ) { - conn->last_ldap_error = ldap_get_lderrno (conn->ld, NULL, NULL); + conn->last_ldap_error = slapi_ldap_get_lderrno (conn->ld, NULL, NULL); conn->state = STATE_DISCONNECTED; return_value = CONN_OPERATION_FAILED; } @@ -1308,36 +1375,38 @@ attribute_string_value_present(LDAP *ld, LDAPMessage *entry, const char *type, const char *value) { int return_value = 0; + ber_len_t vallen; if (NULL != entry) { char *atype = NULL; BerElement *ber = NULL; + vallen = strlen(value); atype = ldap_first_attribute(ld, entry, &ber); while (NULL != atype && 0 == return_value) { if (strcasecmp(atype, type) == 0) { - char **strvals = ldap_get_values(ld, entry, atype); + struct berval **vals = ldap_get_values_len(ld, entry, atype); int i; - for (i = 0; return_value == 0 && NULL != strvals && NULL != strvals[i]; i++) + for (i = 0; return_value == 0 && NULL != vals && NULL != vals[i]; i++) { - if (strcmp(strvals[i], value) == 0) + if ((vallen == vals[i]->bv_len) && !strncmp(vals[i]->bv_val, value, vallen)) { return_value = 1; } } - if (NULL != strvals) + if (NULL != vals) { - ldap_value_free(strvals); + ldap_value_free_len(vals); } } ldap_memfree(atype); atype = ldap_next_attribute(ld, entry, ber); } if (NULL != ber) - ldap_ber_free(ber, 0); + ber_free(ber, 0); /* The last atype has not been freed yet */ if (NULL != atype) ldap_memfree(atype); @@ -1659,7 +1728,7 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) char *errmsg = NULL; conn->last_ldap_error = rc; /* errmsg is a pointer directly into the ld structure - do not free */ - rc = ldap_get_lderrno( ld, NULL, &errmsg ); + rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg ); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n", agmt_get_long_name(conn->agmt), diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c index 30b7ee9c..5f280b1d 100644 --- a/ldap/servers/plugins/replication/repl5_replica.c +++ b/ldap/servers/plugins/replication/repl5_replica.c @@ -1011,10 +1011,10 @@ replica_set_referrals(Replica *r,const Slapi_ValueSet *vs) while (vv) { const char *ref = slapi_value_get_string(vv); - struct ldap_url_desc *lud = NULL; - int myrc = ldap_url_parse(ref, &lud); + LDAPURLDesc *lud = NULL; + int myrc = slapi_ldap_url_parse(ref, &lud, 0, NULL); /* see if the dn is already in the referral URL */ - if (myrc == LDAP_URL_ERR_NODN || !lud || !lud->lud_dn) { + if (!lud || !lud->lud_dn) { /* add the dn */ Slapi_Value *newval = NULL; int len = strlen(ref); diff --git a/ldap/servers/plugins/replication/repl5_total.c b/ldap/servers/plugins/replication/repl5_total.c index e82d8da3..a555bec6 100644 --- a/ldap/servers/plugins/replication/repl5_total.c +++ b/ldap/servers/plugins/replication/repl5_total.c @@ -472,7 +472,7 @@ static int my_ber_scanf_value(BerElement *ber, Slapi_Value **value, PRBool *deleted) { struct berval *attrval = NULL; - ber_len_t len; + ber_len_t len = -1; ber_tag_t tag; CSN *csn = NULL; char csnstring[CSN_STRSIZE + 1]; diff --git a/ldap/servers/plugins/replication/replutil.c b/ldap/servers/plugins/replication/replutil.c index c1a86255..8703c7c2 100644 --- a/ldap/servers/plugins/replication/replutil.c +++ b/ldap/servers/plugins/replication/replutil.c @@ -381,9 +381,9 @@ make_changes_string(LDAPMod **ldm, char **includeattrs) ldm[ i ]->mod_bvalues[ j ]->bv_len ) + 1; buf = slapi_ch_malloc( len ); bufp = buf; - ldif_put_type_and_value( &bufp, ldm[ i ]->mod_type, + slapi_ldif_put_type_and_value_with_options( &bufp, ldm[ i ]->mod_type, ldm[ i ]->mod_bvalues[ j ]->bv_val, - ldm[ i ]->mod_bvalues[ j ]->bv_len ); + ldm[ i ]->mod_bvalues[ j ]->bv_len, 0 ); *bufp = '\0'; addlenstr( l, buf ); @@ -739,10 +739,10 @@ repl_set_mtn_state_and_referrals( /* next, add the repl root dn to each referral if not present */ for (ii = 0; referrals_to_set && referrals_to_set[ii]; ++ii) { - struct ldap_url_desc *lud = NULL; - int myrc = ldap_url_parse(referrals_to_set[ii], &lud); + LDAPURLDesc *lud = NULL; + int myrc = slapi_ldap_url_parse(referrals_to_set[ii], &lud, 0, NULL); /* see if the dn is already in the referral URL */ - if (myrc == LDAP_URL_ERR_NODN || !lud || !lud->lud_dn) { + if (!lud || !lud->lud_dn) { /* add the dn */ int len = strlen(referrals_to_set[ii]); const char *cdn = slapi_sdn_get_dn(repl_root_sdn); diff --git a/ldap/servers/plugins/replication/urp_glue.c b/ldap/servers/plugins/replication/urp_glue.c index 6bceb5a0..15b29d41 100644 --- a/ldap/servers/plugins/replication/urp_glue.c +++ b/ldap/servers/plugins/replication/urp_glue.c @@ -186,7 +186,7 @@ do_create_glue_entry(const Slapi_RDN *rdn, const Slapi_DN *superiordn, const cha rdnstr = slapi_ch_realloc(rdnstr, alloc_len); rdnpair = &rdnstr[rdnstr_len]; } - ldif_put_type_and_value_with_options(&rdnpair, rdntype, + slapi_ldif_put_type_and_value_with_options(&rdnpair, rdntype, rdnval, rdnval_len, LDIF_OPT_NOWRAP); *rdnpair = '\0'; } diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c index 01b61cf9..b9643b5f 100644 --- a/ldap/servers/plugins/replication/windows_connection.c +++ b/ldap/servers/plugins/replication/windows_connection.c @@ -53,7 +53,9 @@ replica locked. Seems like right thing to do. #include "repl5.h" #include "windowsrepl.h" +#if !defined(USE_OPENLDAP) #include "ldappr.h" +#endif #include "slap.h" #include "nss.h" @@ -352,7 +354,7 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn, if (0 == rc) { /* Timeout */ - rc = ldap_get_lderrno(conn->ld, NULL, NULL); + rc = slapi_ldap_get_lderrno(conn->ld, NULL, NULL); conn->last_ldap_error = LDAP_TIMEOUT; return_value = CONN_TIMEOUT; } @@ -361,7 +363,7 @@ windows_perform_operation(Repl_Connection *conn, int optype, const char *dn, /* Error */ char *s = NULL; - rc = ldap_get_lderrno(conn->ld, NULL, &s); + rc = slapi_ldap_get_lderrno(conn->ld, NULL, &s); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: Received error %d: %s for %s operation\n", agmt_get_long_name(conn->agmt), @@ -591,7 +593,7 @@ windows_LDAPMessage2Entry(Repl_Connection *conn, LDAPMessage * msg, int attrsonl } if ( NULL != ber ) { - ldap_ber_free( ber, 0 ); + ber_free( ber, 0 ); } windows_private_set_raw_entry(conn->agmt, rawentry); /* windows private now owns rawentry */ @@ -1214,7 +1216,9 @@ windows_conn_connect(Repl_Connection *conn) } if (return_value == CONN_OPERATION_SUCCESS) { +#if !defined(USE_OPENLDAP) int io_timeout_ms; +#endif /* Now we initialize the LDAP Structure and set options */ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, @@ -1260,10 +1264,13 @@ windows_conn_connect(Repl_Connection *conn) ldap_set_option(conn->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); /* override the default timeout with the specified timeout */ +#if defined(USE_OPENLDAP) + ldap_set_option(conn->ld, LDAP_OPT_NETWORK_TIMEOUT, &conn->timeout); +#else io_timeout_ms = conn->timeout.tv_sec * 1000 + conn->timeout.tv_usec / 1000; prldap_set_session_option(conn->ld, NULL, PRLDAP_OPT_IO_MAX_TIMEOUT, io_timeout_ms); - +#endif /* We've got an ld. Now bind to the server. */ conn->last_operation = CONN_BIND; @@ -1271,7 +1278,7 @@ windows_conn_connect(Repl_Connection *conn) if ( bind_and_check_pwp(conn, binddn, conn->plain) == CONN_OPERATION_FAILED ) { - conn->last_ldap_error = ldap_get_lderrno (conn->ld, NULL, NULL); + conn->last_ldap_error = slapi_ldap_get_lderrno (conn->ld, NULL, NULL); conn->state = STATE_DISCONNECTED; return_value = CONN_OPERATION_FAILED; } @@ -1594,6 +1601,7 @@ attribute_string_value_present(LDAP *ld, LDAPMessage *entry, const char *type, const char *value) { int return_value = 0; + ber_len_t vallen; LDAPDebug( LDAP_DEBUG_TRACE, "=> attribute_string_value_present\n", 0, 0, 0 ); @@ -1602,30 +1610,31 @@ attribute_string_value_present(LDAP *ld, LDAPMessage *entry, const char *type, char *atype = NULL; BerElement *ber = NULL; + vallen = strlen(value); atype = ldap_first_attribute(ld, entry, &ber); while (NULL != atype && 0 == return_value) { if (strcasecmp(atype, type) == 0) { - char **strvals = ldap_get_values(ld, entry, atype); + struct berval **vals = ldap_get_values_len(ld, entry, atype); int i; - for (i = 0; return_value == 0 && NULL != strvals && NULL != strvals[i]; i++) + for (i = 0; return_value == 0 && NULL != vals && NULL != vals[i]; i++) { - if (strcmp(strvals[i], value) == 0) + if ((vallen == vals[i]->bv_len) && !strncmp(vals[i]->bv_val, value, vallen)) { return_value = 1; } } - if (NULL != strvals) + if (NULL != vals) { - ldap_value_free(strvals); + ldap_value_free_len(vals); } } ldap_memfree(atype); atype = ldap_next_attribute(ld, entry, ber); } if (NULL != ber) - ldap_ber_free(ber, 0); + ber_free(ber, 0); /* The last atype has not been freed yet */ if (NULL != atype) ldap_memfree(atype); @@ -1768,7 +1777,7 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) char *errmsg = NULL; conn->last_ldap_error = rc; /* errmsg is a pointer directly into the ld structure - do not free */ - rc = ldap_get_lderrno( ld, NULL, &errmsg ); + rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg ); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n", agmt_get_long_name(conn->agmt), @@ -1816,13 +1825,13 @@ do_simple_bind (Repl_Connection *conn, LDAP *ld, char * binddn, char *password) LDAPDebug( LDAP_DEBUG_TRACE, "=> do_simple_bind\n", 0, 0, 0 ); - if( ( msgid = ldap_simple_bind( ld, binddn, password ) ) == -1 ) + if( ( msgid = slapi_ldap_bind( ld, binddn, password, LDAP_SASL_SIMPLE, NULL, NULL, NULL, &msgid ) ) == -1 ) { char *ldaperrtext = NULL; int ldaperr; int prerr = PR_GetError(); - ldaperr = ldap_get_lderrno( ld, NULL, &ldaperrtext ); + ldaperr = slapi_ldap_get_lderrno( ld, NULL, &ldaperrtext ); /* Do not report the same error over and over again */ if (conn->last_ldap_error != ldaperr) { diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c index d9844b83..a29fefbe 100644 --- a/ldap/servers/plugins/retrocl/retrocl_po.c +++ b/ldap/servers/plugins/retrocl/retrocl_po.c @@ -126,9 +126,9 @@ static lenstr *make_changes_string(LDAPMod **ldm, const char **includeattrs) ldm[ i ]->mod_bvalues[ j ]->bv_len ) + 1; buf = slapi_ch_malloc( len ); bufp = buf; - ldif_put_type_and_value( &bufp, ldm[ i ]->mod_type, + slapi_ldif_put_type_and_value_with_options( &bufp, ldm[ i ]->mod_type, ldm[ i ]->mod_bvalues[ j ]->bv_val, - ldm[ i ]->mod_bvalues[ j ]->bv_len ); + ldm[ i ]->mod_bvalues[ j ]->bv_len, 0 ); *bufp = '\0'; addlenstr( l, buf ); |