OpenLDAP supportcleanup

These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.

1 files changed, 2 insertions, 893 deletions

diff --git a/lib/ldaputil/ldapauth.c b/lib/ldaputil/ldapauth.c
index b483e42f..f01e6417 100644
--- a/lib/ldaputil/ldapauth.c
+++ b/lib/ldaputil/ldapauth.c
@@ -60,12 +60,7 @@
 
 #include <ldaputili.h>
 
-/* If we are not interested in the returned attributes, just ask for one
- * attribute in the call to ldap_search.  Also don't ask for the attribute
- * value -- just the attr.
- */
-static const char *default_search_attrs[] = { "c" , 0 };
-static int default_search_attrsonly = 1;
+#include "slapi-plugin.h"
 
 /*
  * ldapu_find
@@ -188,7 +183,7 @@ int ldapu_find_entire_tree (LDAP *ld, int scope,
     result_entry = ldapu_first_entry(ld, result);
     suffix = ldapu_get_values(ld, result_entry, suffix_attr[0]);
     suffix_list = suffix;
-    num_namingcontexts = ldap_count_values(suffix);
+    num_namingcontexts = slapi_ldap_count_values(suffix);
 	/* add private suffixes to our list of suffixes to search */
 	if (num_private_suffix) {
 		suffix_list = ldapu_realloc(suffix_list,
@@ -249,889 +244,3 @@ int ldapu_find_entire_tree (LDAP *ld, int scope,
     return retval;
 }
 
-
-
-/*
- * ldapu_find_uid_attrs
- *   Description:
- *	Maps the given uid to a user dn.  Caller should free res if it is not
- *	NULL.  Accepts the attrs & attrsonly args.
- *   Arguments:
- *	ld		Pointer to LDAP (assumes connection has been
- *	    		established and the client has called the
- *	    		appropriate bind routine)
- *	uid		User's name
- *	base		basedn (where to start the search)
- *	attrs		list of attributes to retrieve
- *	attrsonly	flag indicating if attr values are to be retrieved
- *	res		A result parameter which will contain the results of
- *			the search upon completion of the call.
- *   Return Values:
- *	LDAPU_SUCCESS	if entry is found
- *	LDAPU_FAILED	if entry is not found
- *	<rv>		if error, where <rv> can be passed to
- *			ldap_err2string to get an error string.
- */
-int ldapu_find_uid_attrs (LDAP *ld, const char *uid, const char *base,
-			  const char **attrs, int attrsonly,
-			  LDAPMessage **res)
-{
-    int		scope = LDAP_SCOPE_SUBTREE;
-    char	filter[ BUFSIZ ];
-    int		retval;
-
-    /* setup filter as (uid=<uid>) */
-    PR_snprintf(filter, sizeof(filter), ldapu_strings[LDAPU_STR_FILTER_USER], uid);
-
-    retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, res);
-
-    return retval;
-}
-
-/*
- * ldapu_find_uid
- *   Description:
- *	Maps the given uid to a user dn.  Caller should free res if it is not
- *	NULL. 
- *   Arguments:
- *	ld		Pointer to LDAP (assumes connection has been
- *	    		established and the client has called the
- *	    		appropriate bind routine)
- *	uid		User's name
- *	base		basedn (where to start the search)
- *	res		A result parameter which will contain the results of
- *			the search upon completion of the call.
- *   Return Values:
- *	LDAPU_SUCCESS	if entry is found
- *	LDAPU_FAILED	if entry is not found
- *	<rv>		if error, where <rv> can be passed to
- *			ldap_err2string to get an error string.
- */
-int ldapu_find_uid (LDAP *ld, const char *uid, const char *base,
-		    LDAPMessage **res)
-{
-    const char	**attrs = 0;	/* get all attributes ... */
-    int		attrsonly = 0;	/* ... and their values */
-    int		retval;
-
-    retval = ldapu_find_uid_attrs(ld, uid, base, attrs, attrsonly, res);
-
-    return retval;
-}
-
-/*
- * ldapu_find_userdn
- *   Description:
- *	Maps the given uid to a user dn.  Caller should free dn if it is not
- *	NULL. 
- *   Arguments:
- *	ld		Pointer to LDAP (assumes connection has been
- *	    		established and the client has called the
- *	    		appropriate bind routine)
- *	uid		User's name
- *	base		basedn (where to start the search)
- *	dn 		user dn
- *   Return Values:
- *	LDAPU_SUCCESS	if entry is found
- *	LDAPU_FAILED	if entry is not found
- *	<rv>		if error, where <rv> can be passed to
- *			ldap_err2string to get an error string.
- */
-int ldapu_find_userdn (LDAP *ld, const char *uid, const char *base,
-		       char **dn)
-{
-    LDAPMessage *res = 0;
-    int		retval;
-
-    retval = ldapu_find_uid_attrs(ld, uid, base, default_search_attrs,
-				  default_search_attrsonly, &res);
-
-    if (retval == LDAPU_SUCCESS) {
-	LDAPMessage *entry;
-
-	entry = ldapu_first_entry(ld, res);
-	*dn = ldapu_get_dn(ld, entry);
-    }
-    else {
-	*dn = 0;
-    }
-
-    if (res) ldapu_msgfree(ld, res);
-
-    return retval;
-}
-
-/*
- * ldapu_find_group_attrs
- *   Description:
- *	Maps the given groupid to a group dn.  Caller should free res if it is
- *	not NULL.  Accepts the attrs & attrsonly args.
- *   Arguments:
- *	ld		Pointer to LDAP (assumes connection has been
- *	    		established and the client has called the
- *	    		appropriate bind routine)
- *	groupid		Groups's name
- *	base		basedn (where to start the search)
- *	attrs		list of attributes to retrieve
- *	attrsonly	flag indicating if attr values are to be retrieved
- *	res		A result parameter which will contain the results of
- *			the search upon completion of the call.
- *   Return Values:
- *	LDAPU_SUCCESS	if entry is found
- *	LDAPU_FAILED	if entry is not found
- *	<rv>		if error, where <rv> can be passed to
- *			ldap_err2string to get an error string.
- */
-int ldapu_find_group_attrs (LDAP *ld, const char *groupid,
-			    const char *base, const char **attrs,
-			    int attrsonly, LDAPMessage **res)
-{
-    int		scope = LDAP_SCOPE_SUBTREE;
-    char	filter[ BUFSIZ ];
-    int		retval;
-
-    /* setup the filter */
-    PR_snprintf(filter, sizeof(filter),
-	    ldapu_strings[LDAPU_STR_FILTER_GROUP],
-	    groupid);
-
-    retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, res);
-
-    return retval;
-}
-
-/*
- * ldapu_find_group
- *   Description:
- *	Maps the given groupid to a group dn.  Caller should free res if it is
- *	not NULL. 
- *   Arguments:
- *	ld		Pointer to LDAP (assumes connection has been
- *	    		established and the client has called the
- *	    		appropriate bind routine)
- *	groupid		Groups's name
- *	base		basedn (where to start the search)
- *	res		A result parameter which will contain the results of
- *			the search upon completion of the call.
- *   Return Values:
- *	LDAPU_SUCCESS	if entry is found
- *	LDAPU_FAILED	if entry is not found
- *	<rv>		if error, where <rv> can be passed to
- *			ldap_err2string to get an error string.
- */
-int ldapu_find_group (LDAP *ld, const char *groupid, const char *base,
-		      LDAPMessage **res)
-{
-    const char	**attrs = 0;	/* get all attributes ... */
-    int		attrsonly = 0;	/* ... and their values */
-    int		retval;
-
-    retval = ldapu_find_group_attrs (ld, groupid, base, attrs, attrsonly, res);
-
-    return retval;
-}
-
-/*
- * ldapu_find_groupdn
- *   Description:
- *	Maps the given groupid to a group dn.  Caller should free dn if it is
- *	not NULL. 
- *   Arguments:
- *	ld		Pointer to LDAP (assumes connection has been
- *	    		established and the client has called the
- *	    		appropriate bind routine)
- *	groupid		Groups's name
- *	base		basedn (where to start the search)
- *	dn 		group dn
- *   Return Values:
- *	LDAPU_SUCCESS	if entry is found
- *	LDAPU_FAILED	if entry is not found
- *	<rv>		if error, where <rv> can be passed to
- *			ldap_err2string to get an error string.
- */
-int ldapu_find_groupdn (LDAP *ld, const char *groupid, const char *base,
-			char **dn)
-{
-    LDAPMessage *res = 0;
-    int		retval;
-
-    retval = ldapu_find_group_attrs(ld, groupid, base, default_search_attrs,
-				    default_search_attrsonly, &res);
-
-    if (retval == LDAPU_SUCCESS) {
-	LDAPMessage *entry;
-
-	/* get ldap entry */
-	entry = ldapu_first_entry(ld, res);
-	*dn = ldapu_get_dn(ld, entry);
-    }
-    else {
-	*dn = 0;
-    }
-
-    if (res) ldapu_msgfree(ld, res);
-
-    return retval;
-}
-
-
-/*
- * continuable_err
- *	Description:
- *	    Returns true for benign errors (i.e. errors for which recursive
- *	    search can continue.
- *	Return Values:
- *	    0 (zero) - if not a benign error
- *	    1        - if a benign error -- search can continue.
- */
-static int continuable_err (int err)
-{
-    return (err == LDAPU_FAILED);
-}
-
-int ldapu_auth_udn_gdn_recurse (LDAP *ld, const char *userdn,
-				const char *groupdn, const char *base,
-				int recurse_cnt)
-{
-    char	filter[ BUFSIZ ];
-    const char	**attrs = default_search_attrs;
-    int		attrsonly = default_search_attrsonly;
-    LDAPMessage *res = 0;
-    int		retval;
-    char	member_filter[ BUFSIZ ];
-
-    if (recurse_cnt >= 30)
-	return LDAPU_ERR_CIRCULAR_GROUPS;
-
-    /* setup the filter */
-    PR_snprintf(member_filter, sizeof(member_filter), ldapu_strings[LDAPU_STR_FILTER_MEMBER], userdn, userdn);
-
-    retval = ldapu_find(ld, groupdn, LDAP_SCOPE_BASE, member_filter, attrs,
-			attrsonly, &res);
-
-    if (res) ldap_msgfree(res);
-
-    if (retval != LDAPU_SUCCESS && continuable_err(retval)) {
-	LDAPMessage *entry;
-
-	DBG_PRINT2("Find parent groups of \"%s\"\n", userdn);
-
-	/* Modify the filter to include the objectclass check */
-	PR_snprintf(filter, sizeof(filter), ldapu_strings[LDAPU_STR_FILTER_MEMBER_RECURSE],
-		member_filter);
-	retval = ldapu_find(ld, base, LDAP_SCOPE_SUBTREE, filter,
-			    attrs, attrsonly, &res);
-
-	if (retval == LDAPU_SUCCESS || retval == LDAPU_ERR_MULTIPLE_MATCHES) {
-	    /* Found at least one group the userdn is member of */
-
-	    if (!res) {
-		/* this should never happen */
-		retval = LDAPU_ERR_EMPTY_LDAP_RESULT;
-	    }
-	    else {
-		retval = LDAPU_ERR_MISSING_RES_ENTRY;
-
-		for (entry = ldap_first_entry(ld, res); entry != NULL;
-		     entry = ldap_next_entry(ld, entry))
-		{
-		    char *dn = ldap_get_dn(ld, entry);
-
-		    retval = ldapu_auth_udn_gdn_recurse(ld, dn, groupdn,
-							base, recurse_cnt+1);
-		    ldap_memfree(dn);
-
-		    if (retval == LDAPU_SUCCESS || !continuable_err(retval)) {
-			break;
-		    }
-		}
-	    }
-	}
-
-	if (res) ldap_msgfree(res);
-    }
-
-    return retval;
-}
-
-/*
- *  ldapu_auth_userdn_groupdn:
- *	Description:
- *	    Checks if the user (userdn) belongs to the given group (groupdn).
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    userdn		User's full DN -- actually it could be a group
- *				dn to check subgroup membership.
- *	    groupdn		Group's full DN
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of the group
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_groupdn (LDAP *ld, const char *userdn,
-			       const char *groupdn, const char *base)
-{
-    return ldapu_auth_udn_gdn_recurse(ld, userdn, groupdn, base, 0);
-}
-
-
-/*
- *  ldapu_auth_uid_groupdn:
- *	Description:
- *	    Similar to ldapu_auth_userdn_groupdn but first maps the uid to a
- *	    full user DN before calling ldapu_auth_userdn_groupdn.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    uid   		User's login name
- *	    groupdn		Group's full DN
- *	    base		basedn (where to start the search)
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of the group
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_groupdn (LDAP *ld, const char *uid, const char *groupdn,
-			    const char *base)
-{
-    int  retval;
-    char *dn;
-
-    /* First find userdn for the given uid and
-       then call ldapu_auth_userdn_groupdn */
-    retval = ldapu_find_userdn(ld, uid, base, &dn);
-
-    if (retval == LDAPU_SUCCESS) {
-
-	retval = ldapu_auth_userdn_groupdn(ld, dn, groupdn, base);
-	ldap_memfree(dn);
-    }
-
-    return retval;
-}
-
-/*
- *  ldapu_auth_uid_groupid:
- *	Description:
- *	    Similar to ldapu_auth_uid_groupdn but first maps the groupid to a
- *	    full group DN before calling ldapu_auth_uid_groupdn.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    uid   		User's login name
- *	    groupid		Group's name
- *	    base		basedn (where to start the search)
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of the group
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_groupid (LDAP *ld, const char *uid,
-			    const char *groupid, const char *base)
-{
-    int	    retval;
-    char    *dn;
-
-    /* First find groupdn for the given groupid and
-       then call ldapu_auth_uid_groupdn */
-    retval = ldapu_find_groupdn(ld, groupid, base, &dn);
-
-    if (retval == LDAPU_SUCCESS) {
-	retval = ldapu_auth_uid_groupdn(ld, uid, dn, base);
-	ldapu_memfree(ld, dn);
-    }
-
-    return retval;
-}
-
-/*
- *  ldapu_auth_userdn_groupid:
- *	Description:
- *	    Similar to ldapu_auth_userdn_groupdn but first maps the groupid to a
- *	    full group DN before calling ldapu_auth_userdn_groupdn.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    userdn		User's full DN
- *	    groupid		Group's name
- *	    base		basedn (where to start the search)
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of the group
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_groupid (LDAP *ld, const char *userdn,
-			       const char *groupid, const char *base)
-{
-    int	    retval;
-    char    *groupdn;
-
-    /* First find groupdn for the given groupid and
-       then call ldapu_auth_userdn_groupdn */
-    retval = ldapu_find_groupdn(ld, groupid, base, &groupdn);
-
-    if (retval == LDAPU_SUCCESS) {
-	retval = ldapu_auth_userdn_groupdn(ld, userdn, groupdn, base);
-	ldap_memfree(groupdn);
-    }
-
-    return retval;
-}
-
-
-LDAPUStr_t *ldapu_str_alloc (const int size)
-{
-    LDAPUStr_t *lstr = (LDAPUStr_t *)ldapu_malloc(sizeof(LDAPUStr_t));
-
-    if (!lstr) return 0;
-    lstr->size = size < 0 ? 1024 : size;
-    lstr->str = (char *)ldapu_malloc(lstr->size*sizeof(char));
-    lstr->len = 0;
-    lstr->str[lstr->len] = 0;
-
-    return lstr;
-}
-
-
-void ldapu_str_free (LDAPUStr_t *lstr)
-{
-    if (lstr) {
-	if (lstr->str) ldapu_free(lstr->str);
-	ldapu_free((void *)lstr);
-    }
-}
-
-
-int ldapu_str_append(LDAPUStr_t *lstr, const char *arg)
-{
-    int arglen = strlen(arg);
-    int len = lstr->len + arglen;
-
-    if (len >= lstr->size) {
-	/* realloc some more */
-	lstr->size += arglen > 4095 ? arglen+1 : 4096;
-	lstr->str = (char *)ldapu_realloc(lstr->str, lstr->size);
-	if (!lstr->str) return LDAPU_ERR_OUT_OF_MEMORY;
-    }
-
-    memcpy((void *)&(lstr->str[lstr->len]), (void *)arg, arglen);
-    lstr->len += arglen;
-    lstr->str[lstr->len] = 0;
-    return LDAPU_SUCCESS;
-}
-
-
-/*
- *  ldapu_auth_userdn_groupids_recurse:
- *	Description:
- *	    Checks if the user is member of the given comma separated list of
- *	    group names.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    filter		filter to use in the search
- *	    groupids		some representation of group names.  Example,
- *				a comma separated names in a string, hash
- *				table, etc.  This function doesn't need to
- *				know the name of the groups.  It calls the
- *				following function to check if one of the
- *				groups returned by the search is in the list.
- *	    grpcmpfn		group name comparison function.
- *	    base		basedn (where to start the search)
- *	    recurse_cnt		recursion count to detect circular groups
- *	    group_out		if successful, pointer to the user's group
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of one of the groups
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-static int ldapu_auth_userdn_groupids_recurse (LDAP *ld, const char *filter,
-					       void *groupids,
-					       LDAPU_GroupCmpFn_t grpcmpfn,
-					       const char *base,
-					       int recurse_cnt,
-					       char **group_out)
-{
-    LDAPMessage *res = 0;
-    const char	*attrs[] = { "CN", 0 };
-    int		attrsonly = 0;
-    LDAPMessage *entry;
-    int		rv;
-    int		retval;
-    int		i;
-    int		done;
-
-    if (recurse_cnt >= 30)
-	return LDAPU_ERR_CIRCULAR_GROUPS;
-
-    /* Perform the ldap lookup */
-    retval = ldapu_find(ld, base, LDAP_SCOPE_SUBTREE, filter, attrs,
-			attrsonly, &res);
-
-    if (retval != LDAPU_SUCCESS && retval != LDAPU_ERR_MULTIPLE_MATCHES ) {
-	/* user is not a member of any group */
-	if (res) ldap_msgfree(res);
-	return retval;
-    }
-
-    retval = LDAPU_FAILED;
-    done = 0;
-
-    /* check if one of the matched groups is one of the given groups */
-    for (entry = ldap_first_entry(ld, res); entry != NULL && !done;
-	 entry = ldap_next_entry(ld, entry))
-    {
-	struct berval **bvals;
-
-	if ((bvals = ldap_get_values_len(ld, entry, "CN")) == NULL) {
-	    /* This shouldn't happen */
-	    retval = LDAPU_ERR_MISSING_ATTR_VAL;
-	    continue;
-	}
-
-	/* "CN" may have multiple values */
-	/* Check each value of "CN" against the 'groupids' */
-	for ( i = 0; bvals[i] != NULL; i++ ) {
-	    rv = (*grpcmpfn)(groupids, bvals[i]->bv_val, bvals[i]->bv_len);
-	    if (rv == LDAPU_SUCCESS) {
-		char *group = (char *)ldapu_malloc(bvals[i]->bv_len+1);
-		
-		if (!group) {
-		    retval = LDAPU_ERR_OUT_OF_MEMORY;
-		}
-		else {
-		    strncpy(group, bvals[i]->bv_val, bvals[i]->bv_len);
-		    group[bvals[i]->bv_len] = 0;
-		    *group_out = group;
-		    retval = LDAPU_SUCCESS;
-		}
-		done = 1;	/* exit from the outer loop too */
-		break;
-	    }
-	}
-
-	ldap_value_free_len(bvals);
-    }
-
-    if (retval == LDAPU_FAILED) {
-	/* None of the matched groups is in 'groupids' */
-	/* Perform the nested group membership check */
-	LDAPUStr_t *filter1;
-	LDAPUStr_t *filter2;
-	char *rfilter = 0;
-	int rlen;
-	/* Finally we need a filter which looks like:
-	   (| (& (objectclass=groupofuniquenames)
-	         (| (uniquemember=<grp1dn>)(uniquemember=<grp2dn>) ...))
-	      (& (objectclass=groupofnames)
-	         (| (member=<grp1dn>)(member=<grp2dn>) ...)))
-	   Construct 2 sub-filters first as follows:
-	       (uniquemember=<grp1dn>)(uniquemember=<grp2dn>)...  AND
-	       (member=<grp1dn>)(member=<grp2dn>)...
-	   Then insert them in the main filter.
-	 */
-	filter1 = ldapu_str_alloc(1024);
-	filter2 = ldapu_str_alloc(1024);
-	if (!filter1 || !filter2) return LDAPU_ERR_OUT_OF_MEMORY;
-	rv = LDAPU_SUCCESS;
-
-	for (entry = ldap_first_entry(ld, res); entry != NULL;
-	     entry = ldap_next_entry(ld, entry))
-	{
-	    char *dn = ldap_get_dn(ld, entry);
-	    if (((rv = ldapu_str_append(filter1, "(uniquemember="))
-		 != LDAPU_SUCCESS) ||
-		((rv = ldapu_str_append(filter1, dn)) != LDAPU_SUCCESS) ||
-		((rv = ldapu_str_append(filter1, ")")) != LDAPU_SUCCESS) ||
-		((rv = ldapu_str_append(filter2, "(member="))
-		 != LDAPU_SUCCESS) ||
-		((rv = ldapu_str_append(filter2, dn)) != LDAPU_SUCCESS) ||
-		((rv = ldapu_str_append(filter2, ")")) != LDAPU_SUCCESS))
-	    {
-		ldap_memfree(dn);
-		break;
-	    }
-	    ldap_memfree(dn);
-	}
-
-	if (rv != LDAPU_SUCCESS) {
-	    /* something went wrong in appending to filter1 or filter2 */
-	    ldapu_str_free(filter1);
-	    ldapu_str_free(filter2);
-	    retval = rv;
-	}
-	else {
-	    /* Insert the 2 filters in the main filter */
-	    rlen = filter1->len + filter2->len +
-		strlen("(| (& (objectclass=groupofuniquenames)"
-		       "(| ))"
-		       "(& (objectclass=groupofnames)"
-		       "(| )))") + 1;
-	    rfilter = (char *)ldapu_malloc(rlen);
-	    if (!rfilter) return LDAPU_ERR_OUT_OF_MEMORY;
-	    sprintf(rfilter,
-		    "(| (& (objectclass=groupofuniquenames)"
-		    "(| %s))"
-		    "(& (objectclass=groupofnames)"
-		    "(| %s)))",
-		    filter1->str, filter2->str);
-	    ldapu_str_free(filter1);
-	    ldapu_str_free(filter2);
-	    retval = ldapu_auth_userdn_groupids_recurse(ld, rfilter, groupids,
-							grpcmpfn, base, 
-							++recurse_cnt,
-							group_out);
-	    ldapu_free(rfilter);
-	}
-
-    }
-
-    if (res) ldap_msgfree(res);
-    return retval;
-}
-
-/*
- *  ldapu_auth_userdn_groupids:
- *	Description:
- *	    Checks if the user is member of the given comma separated list of
- *	    group names.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    userdn		User's full DN
- *	    groupids		some representation of group names.  Example,
- *				a comma separated names in a string, hash
- *				table, etc.  This function doesn't need to
- *				know the name of the groups.  It calls the
- *				following function to check if one of the
- *				groups returned by the search is in the list.
- *	    grpcmpfn		group name comparison function.
- *	    base		basedn (where to start the search)
- *	    group_out		if successful, pointer to the user's group
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of one of the groups
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_groupids (LDAP *ld, const char *userdn,
-				void *groupids,
-				LDAPU_GroupCmpFn_t grpcmpfn,
-				const char *base,
-				char **group_out)
-{
-    char	*filter;
-    int		len;
-    int		rv;
-
-    *group_out = 0;
-    /* allocate a big enough filter */
-    /* The filter looks like:
-       (| (& (objectclass=groupofuniquenames)(uniquemember=<userdn>))
-          (& (objectclass=groupofnames)(member=<userdn>)))
-     */
-
-    len = 2 * strlen(userdn) + 1 +
-	strlen("(| (& (objectclass=groupofuniquenames)(uniquemember=))"
-	       "(& (objectclass=groupofnames)(member=)))");
-    filter = (char *)ldapu_malloc(len);
-
-    if (!filter) return LDAPU_ERR_OUT_OF_MEMORY;
-
-    sprintf(filter, "(| (& (objectclass=groupofuniquenames)(uniquemember=%s))"
-	    "(& (objectclass=groupofnames)(member=%s)))",
-	    userdn, userdn);
-
-    rv = ldapu_auth_userdn_groupids_recurse(ld, filter, groupids,
-					    grpcmpfn, base, 
-					    0, group_out);
-
-    ldapu_free(filter);
-    return rv;
-}
-
-
-/*
- *  ldapu_auth_userdn_attrfilter:
- *	Description:
- *	    Checks if the user's entry has the given attributes
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    userdn		User's full DN
- *	    attrfilter		attribute filter
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of the group
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_attrfilter (LDAP *ld, const char *userdn,
-				  const char *attrfilter)
-{
-    const char	*base = userdn;
-    int		scope = LDAP_SCOPE_BASE;
-    const char	*filter = attrfilter;
-    const char	**attrs = default_search_attrs;
-    int		attrsonly = default_search_attrsonly;
-    LDAPMessage *res = 0;
-    int		retval;
-
-    retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, &res);
-
-    if (res) ldapu_msgfree(ld, res);
-
-    return retval;
-}
-
-/*
- *  ldapu_auth_uid_attrfilter:
- *	Description:
- *	    Checks if the user's entry has the given attributes.  First maps
-	    the uid to userdn.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    uid   		User's name
- *	    attrfilter		attribute filter
- *	    base		basedn (where to start the search)
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user is member of the group
- *	    LDAPU_FAILED	if user is not a member of the group
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_attrfilter (LDAP *ld, const char *uid, const char *attrfilter,
-			       const char *base)
-{
-    int		scope = LDAP_SCOPE_SUBTREE;
-    char	filter[ BUFSIZ ];
-    const char	**attrs = default_search_attrs;
-    int		attrsonly = default_search_attrsonly;
-    LDAPMessage *res = 0;
-    int		retval;
-
-    /* setup filter as (& (uid=<uid>) (attrfilter)) */
-    if (*attrfilter == '(') 
-	PR_snprintf(filter, sizeof(filter), "(& (uid=%s) %s)", uid, attrfilter);
-    else
-	PR_snprintf(filter, sizeof(filter), "(& (uid=%s) (%s))", uid, attrfilter);
-
-    retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, &res);
-
-    if (res) ldapu_msgfree(ld, res);
-
-    return retval;
-}
-
-/*
- *  ldapu_auth_userdn_password:
- *	Description:
- *	    Checks the user's password against LDAP by binding using the
- *	    userdn and the password.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    userdn		User's full DN
- *	    password		User's password (clear text)
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user credentials are valid
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_password (LDAP *ld, const char *userdn, const char *password)
-{
-    int retval;
-
-    DBG_PRINT2("\tuserdn:\t\"%s\"\n", userdn);
-    DBG_PRINT2("\tpassword:\t\"%s\"\n", password);
-
-    retval = ldap_simple_bind_s(ld, userdn, password);
-
-    if (retval != LDAP_SUCCESS)
-    {
-	DBG_PRINT2("ldap_simple_bind_s: %s\n", ldap_err2string(retval));
-	return(retval);
-    }
-
-    return LDAPU_SUCCESS;
-}
-
-/*
- *  ldapu_auth_uid_password:
- *	Description:
- *	    First converts the uid to userdn and calls
- *	    ldapu_auth_userdn_password.
- *	Arguments:
- *	    ld			Pointer to LDAP (assumes connection has been
- *				established and the client has called the
- *				appropriate bind routine)
- *	    uid   		User's name
- *	    password		User's password (clear text)
- *	Return Values: (same as ldapu_find)
- *	    LDAPU_SUCCESS	if user credentials are valid
- *	    <rv>		if error, where <rv> can be passed to
- *				ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_password (LDAP *ld, const char *uid,
-			     const char *password, const char *base)
-{
-    int retval;
-    char *dn;
-
-    /* First find userdn for the given uid and
-       then call ldapu_auth_userdn_password */
-    retval = ldapu_find_userdn(ld, uid, base, &dn);
-
-    if (retval == LDAPU_SUCCESS) {
-	retval = ldapu_auth_userdn_password(ld, dn, password);
-	ldapu_memfree(ld, dn);
-    }
-
-    return retval;
-}
-
-
-/* ldapu_string_set --
- * This function is not tested yet for its usefulness.  This is to be used to
- * customize the strings used in the LDAP searches performed through
- * 'ldaputil'.  This could also be extended to setting customized error
- * messages (and even i18n equivalent of error messages).
- */
-NSAPI_PUBLIC int ldapu_string_set (const int type, const char *filter)
-{
-    if (!filter || !*filter) return LDAPU_ERR_INVALID_STRING;
-
-    if (type < 0 || type >= LDAPU_STR_MAX_INDEX)
-	return LDAPU_ERR_INVALID_STRING_INDEX;
-
-    ldapu_strings[type] = strdup(filter);
-
-    if (!ldapu_strings[type]) return LDAPU_ERR_OUT_OF_MEMORY;
-
-    return LDAPU_SUCCESS;
-}
-
-
-NSAPI_PUBLIC const char *ldapu_string_get (const int type)
-{
-    if (type < 0 || type >= LDAPU_STR_MAX_INDEX)
-	return 0;
-
-    return ldapu_strings[type];
-}