summaryrefslogtreecommitdiffstats
path: root/lib/ldaputil
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2009-07-06 12:11:01 -0600
committerRich Megginson <rmeggins@redhat.com>2009-07-07 08:32:42 -0600
commit209521323f731daad54682fd98715f7b22c88c78 (patch)
tree74a1fa8df06641fe543c8518e4db4357ab610828 /lib/ldaputil
parent3116dbec570b65d2d0a1df5bd000f6e63439e8ee (diff)
downloadds-cleanup.tar.gz
ds-cleanup.tar.xz
ds-cleanup.zip
OpenLDAP supportcleanup
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes: * #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks * where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs * I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP * I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated * I removed some unused code NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
Diffstat (limited to 'lib/ldaputil')
-rw-r--r--lib/ldaputil/cert.c10
-rw-r--r--lib/ldaputil/init.c4
-rw-r--r--lib/ldaputil/ldapauth.c895
-rw-r--r--lib/ldaputil/ldapdb.c594
-rw-r--r--lib/ldaputil/vtable.c223
5 files changed, 12 insertions, 1714 deletions
diff --git a/lib/ldaputil/cert.c b/lib/ldaputil/cert.c
index ceb57118..30fd0f4b 100644
--- a/lib/ldaputil/cert.c
+++ b/lib/ldaputil/cert.c
@@ -55,6 +55,8 @@
#include <ldaputil/cert.h>
#include "ldaputili.h"
+#include "slapi-plugin.h"
+
NSAPI_PUBLIC int ldapu_get_cert (void *SSLendpoint, void **cert)
{
/* TEMPORARY -- not implemented yet*/
@@ -209,7 +211,7 @@ _rdns_free (char*** rdns)
{
auto char*** rdn;
for (rdn = rdns; *rdn; ++rdn) {
- ldap_value_free (*rdn);
+ slapi_ldap_value_free (*rdn);
}
free (rdns);
}
@@ -230,12 +232,12 @@ _explode_dn (const char* dn)
if (exp) {
exp[expLen++] = avas;
} else {
- ldap_value_free (avas);
+ slapi_ldap_value_free (avas);
break;
}
} else { /* parse error */
if (avas) {
- ldap_value_free (avas);
+ slapi_ldap_value_free (avas);
}
if (exp) {
exp[expLen] = NULL;
@@ -248,7 +250,7 @@ _explode_dn (const char* dn)
if (exp) {
exp[expLen] = NULL;
}
- ldap_value_free (rdns);
+ slapi_ldap_value_free (rdns);
}
}
return exp;
diff --git a/lib/ldaputil/init.c b/lib/ldaputil/init.c
index 51a09600..ffbde7e1 100644
--- a/lib/ldaputil/init.c
+++ b/lib/ldaputil/init.c
@@ -54,6 +54,8 @@
#include "ldaputil/errors.h"
#include "ldaputil/init.h"
+#include "slapi-plugin.h"
+
#ifdef XP_WIN32
#define DLL_SUFFIX ".dll"
#ifndef FILE_PATHSEP
@@ -200,7 +202,7 @@ NSAPI_PUBLIC int CertMapDLLInitFn(LDAPUDispatchVector_t **table)
NSAPI_PUBLIC int CertMapDLLInitFn(LDAPUDispatchVector_t **table)
{
- *table = (LDAPUDispatchVector_t *)malloc(sizeof(LDAPUDispatchVector_t));
+ *table = (LDAPUDispatchVector_t *)slapi_ch_malloc(sizeof(LDAPUDispatchVector_t));
if (!*table) return LDAPU_ERR_OUT_OF_MEMORY;
diff --git a/lib/ldaputil/ldapauth.c b/lib/ldaputil/ldapauth.c
index b483e42f..f01e6417 100644
--- a/lib/ldaputil/ldapauth.c
+++ b/lib/ldaputil/ldapauth.c
@@ -60,12 +60,7 @@
#include <ldaputili.h>
-/* If we are not interested in the returned attributes, just ask for one
- * attribute in the call to ldap_search. Also don't ask for the attribute
- * value -- just the attr.
- */
-static const char *default_search_attrs[] = { "c" , 0 };
-static int default_search_attrsonly = 1;
+#include "slapi-plugin.h"
/*
* ldapu_find
@@ -188,7 +183,7 @@ int ldapu_find_entire_tree (LDAP *ld, int scope,
result_entry = ldapu_first_entry(ld, result);
suffix = ldapu_get_values(ld, result_entry, suffix_attr[0]);
suffix_list = suffix;
- num_namingcontexts = ldap_count_values(suffix);
+ num_namingcontexts = slapi_ldap_count_values(suffix);
/* add private suffixes to our list of suffixes to search */
if (num_private_suffix) {
suffix_list = ldapu_realloc(suffix_list,
@@ -249,889 +244,3 @@ int ldapu_find_entire_tree (LDAP *ld, int scope,
return retval;
}
-
-
-/*
- * ldapu_find_uid_attrs
- * Description:
- * Maps the given uid to a user dn. Caller should free res if it is not
- * NULL. Accepts the attrs & attrsonly args.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * uid User's name
- * base basedn (where to start the search)
- * attrs list of attributes to retrieve
- * attrsonly flag indicating if attr values are to be retrieved
- * res A result parameter which will contain the results of
- * the search upon completion of the call.
- * Return Values:
- * LDAPU_SUCCESS if entry is found
- * LDAPU_FAILED if entry is not found
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_find_uid_attrs (LDAP *ld, const char *uid, const char *base,
- const char **attrs, int attrsonly,
- LDAPMessage **res)
-{
- int scope = LDAP_SCOPE_SUBTREE;
- char filter[ BUFSIZ ];
- int retval;
-
- /* setup filter as (uid=<uid>) */
- PR_snprintf(filter, sizeof(filter), ldapu_strings[LDAPU_STR_FILTER_USER], uid);
-
- retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, res);
-
- return retval;
-}
-
-/*
- * ldapu_find_uid
- * Description:
- * Maps the given uid to a user dn. Caller should free res if it is not
- * NULL.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * uid User's name
- * base basedn (where to start the search)
- * res A result parameter which will contain the results of
- * the search upon completion of the call.
- * Return Values:
- * LDAPU_SUCCESS if entry is found
- * LDAPU_FAILED if entry is not found
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_find_uid (LDAP *ld, const char *uid, const char *base,
- LDAPMessage **res)
-{
- const char **attrs = 0; /* get all attributes ... */
- int attrsonly = 0; /* ... and their values */
- int retval;
-
- retval = ldapu_find_uid_attrs(ld, uid, base, attrs, attrsonly, res);
-
- return retval;
-}
-
-/*
- * ldapu_find_userdn
- * Description:
- * Maps the given uid to a user dn. Caller should free dn if it is not
- * NULL.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * uid User's name
- * base basedn (where to start the search)
- * dn user dn
- * Return Values:
- * LDAPU_SUCCESS if entry is found
- * LDAPU_FAILED if entry is not found
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_find_userdn (LDAP *ld, const char *uid, const char *base,
- char **dn)
-{
- LDAPMessage *res = 0;
- int retval;
-
- retval = ldapu_find_uid_attrs(ld, uid, base, default_search_attrs,
- default_search_attrsonly, &res);
-
- if (retval == LDAPU_SUCCESS) {
- LDAPMessage *entry;
-
- entry = ldapu_first_entry(ld, res);
- *dn = ldapu_get_dn(ld, entry);
- }
- else {
- *dn = 0;
- }
-
- if (res) ldapu_msgfree(ld, res);
-
- return retval;
-}
-
-/*
- * ldapu_find_group_attrs
- * Description:
- * Maps the given groupid to a group dn. Caller should free res if it is
- * not NULL. Accepts the attrs & attrsonly args.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * groupid Groups's name
- * base basedn (where to start the search)
- * attrs list of attributes to retrieve
- * attrsonly flag indicating if attr values are to be retrieved
- * res A result parameter which will contain the results of
- * the search upon completion of the call.
- * Return Values:
- * LDAPU_SUCCESS if entry is found
- * LDAPU_FAILED if entry is not found
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_find_group_attrs (LDAP *ld, const char *groupid,
- const char *base, const char **attrs,
- int attrsonly, LDAPMessage **res)
-{
- int scope = LDAP_SCOPE_SUBTREE;
- char filter[ BUFSIZ ];
- int retval;
-
- /* setup the filter */
- PR_snprintf(filter, sizeof(filter),
- ldapu_strings[LDAPU_STR_FILTER_GROUP],
- groupid);
-
- retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, res);
-
- return retval;
-}
-
-/*
- * ldapu_find_group
- * Description:
- * Maps the given groupid to a group dn. Caller should free res if it is
- * not NULL.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * groupid Groups's name
- * base basedn (where to start the search)
- * res A result parameter which will contain the results of
- * the search upon completion of the call.
- * Return Values:
- * LDAPU_SUCCESS if entry is found
- * LDAPU_FAILED if entry is not found
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_find_group (LDAP *ld, const char *groupid, const char *base,
- LDAPMessage **res)
-{
- const char **attrs = 0; /* get all attributes ... */
- int attrsonly = 0; /* ... and their values */
- int retval;
-
- retval = ldapu_find_group_attrs (ld, groupid, base, attrs, attrsonly, res);
-
- return retval;
-}
-
-/*
- * ldapu_find_groupdn
- * Description:
- * Maps the given groupid to a group dn. Caller should free dn if it is
- * not NULL.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * groupid Groups's name
- * base basedn (where to start the search)
- * dn group dn
- * Return Values:
- * LDAPU_SUCCESS if entry is found
- * LDAPU_FAILED if entry is not found
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_find_groupdn (LDAP *ld, const char *groupid, const char *base,
- char **dn)
-{
- LDAPMessage *res = 0;
- int retval;
-
- retval = ldapu_find_group_attrs(ld, groupid, base, default_search_attrs,
- default_search_attrsonly, &res);
-
- if (retval == LDAPU_SUCCESS) {
- LDAPMessage *entry;
-
- /* get ldap entry */
- entry = ldapu_first_entry(ld, res);
- *dn = ldapu_get_dn(ld, entry);
- }
- else {
- *dn = 0;
- }
-
- if (res) ldapu_msgfree(ld, res);
-
- return retval;
-}
-
-
-/*
- * continuable_err
- * Description:
- * Returns true for benign errors (i.e. errors for which recursive
- * search can continue.
- * Return Values:
- * 0 (zero) - if not a benign error
- * 1 - if a benign error -- search can continue.
- */
-static int continuable_err (int err)
-{
- return (err == LDAPU_FAILED);
-}
-
-int ldapu_auth_udn_gdn_recurse (LDAP *ld, const char *userdn,
- const char *groupdn, const char *base,
- int recurse_cnt)
-{
- char filter[ BUFSIZ ];
- const char **attrs = default_search_attrs;
- int attrsonly = default_search_attrsonly;
- LDAPMessage *res = 0;
- int retval;
- char member_filter[ BUFSIZ ];
-
- if (recurse_cnt >= 30)
- return LDAPU_ERR_CIRCULAR_GROUPS;
-
- /* setup the filter */
- PR_snprintf(member_filter, sizeof(member_filter), ldapu_strings[LDAPU_STR_FILTER_MEMBER], userdn, userdn);
-
- retval = ldapu_find(ld, groupdn, LDAP_SCOPE_BASE, member_filter, attrs,
- attrsonly, &res);
-
- if (res) ldap_msgfree(res);
-
- if (retval != LDAPU_SUCCESS && continuable_err(retval)) {
- LDAPMessage *entry;
-
- DBG_PRINT2("Find parent groups of \"%s\"\n", userdn);
-
- /* Modify the filter to include the objectclass check */
- PR_snprintf(filter, sizeof(filter), ldapu_strings[LDAPU_STR_FILTER_MEMBER_RECURSE],
- member_filter);
- retval = ldapu_find(ld, base, LDAP_SCOPE_SUBTREE, filter,
- attrs, attrsonly, &res);
-
- if (retval == LDAPU_SUCCESS || retval == LDAPU_ERR_MULTIPLE_MATCHES) {
- /* Found at least one group the userdn is member of */
-
- if (!res) {
- /* this should never happen */
- retval = LDAPU_ERR_EMPTY_LDAP_RESULT;
- }
- else {
- retval = LDAPU_ERR_MISSING_RES_ENTRY;
-
- for (entry = ldap_first_entry(ld, res); entry != NULL;
- entry = ldap_next_entry(ld, entry))
- {
- char *dn = ldap_get_dn(ld, entry);
-
- retval = ldapu_auth_udn_gdn_recurse(ld, dn, groupdn,
- base, recurse_cnt+1);
- ldap_memfree(dn);
-
- if (retval == LDAPU_SUCCESS || !continuable_err(retval)) {
- break;
- }
- }
- }
- }
-
- if (res) ldap_msgfree(res);
- }
-
- return retval;
-}
-
-/*
- * ldapu_auth_userdn_groupdn:
- * Description:
- * Checks if the user (userdn) belongs to the given group (groupdn).
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * userdn User's full DN -- actually it could be a group
- * dn to check subgroup membership.
- * groupdn Group's full DN
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of the group
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_groupdn (LDAP *ld, const char *userdn,
- const char *groupdn, const char *base)
-{
- return ldapu_auth_udn_gdn_recurse(ld, userdn, groupdn, base, 0);
-}
-
-
-/*
- * ldapu_auth_uid_groupdn:
- * Description:
- * Similar to ldapu_auth_userdn_groupdn but first maps the uid to a
- * full user DN before calling ldapu_auth_userdn_groupdn.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * uid User's login name
- * groupdn Group's full DN
- * base basedn (where to start the search)
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of the group
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_groupdn (LDAP *ld, const char *uid, const char *groupdn,
- const char *base)
-{
- int retval;
- char *dn;
-
- /* First find userdn for the given uid and
- then call ldapu_auth_userdn_groupdn */
- retval = ldapu_find_userdn(ld, uid, base, &dn);
-
- if (retval == LDAPU_SUCCESS) {
-
- retval = ldapu_auth_userdn_groupdn(ld, dn, groupdn, base);
- ldap_memfree(dn);
- }
-
- return retval;
-}
-
-/*
- * ldapu_auth_uid_groupid:
- * Description:
- * Similar to ldapu_auth_uid_groupdn but first maps the groupid to a
- * full group DN before calling ldapu_auth_uid_groupdn.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * uid User's login name
- * groupid Group's name
- * base basedn (where to start the search)
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of the group
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_groupid (LDAP *ld, const char *uid,
- const char *groupid, const char *base)
-{
- int retval;
- char *dn;
-
- /* First find groupdn for the given groupid and
- then call ldapu_auth_uid_groupdn */
- retval = ldapu_find_groupdn(ld, groupid, base, &dn);
-
- if (retval == LDAPU_SUCCESS) {
- retval = ldapu_auth_uid_groupdn(ld, uid, dn, base);
- ldapu_memfree(ld, dn);
- }
-
- return retval;
-}
-
-/*
- * ldapu_auth_userdn_groupid:
- * Description:
- * Similar to ldapu_auth_userdn_groupdn but first maps the groupid to a
- * full group DN before calling ldapu_auth_userdn_groupdn.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * userdn User's full DN
- * groupid Group's name
- * base basedn (where to start the search)
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of the group
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_groupid (LDAP *ld, const char *userdn,
- const char *groupid, const char *base)
-{
- int retval;
- char *groupdn;
-
- /* First find groupdn for the given groupid and
- then call ldapu_auth_userdn_groupdn */
- retval = ldapu_find_groupdn(ld, groupid, base, &groupdn);
-
- if (retval == LDAPU_SUCCESS) {
- retval = ldapu_auth_userdn_groupdn(ld, userdn, groupdn, base);
- ldap_memfree(groupdn);
- }
-
- return retval;
-}
-
-
-LDAPUStr_t *ldapu_str_alloc (const int size)
-{
- LDAPUStr_t *lstr = (LDAPUStr_t *)ldapu_malloc(sizeof(LDAPUStr_t));
-
- if (!lstr) return 0;
- lstr->size = size < 0 ? 1024 : size;
- lstr->str = (char *)ldapu_malloc(lstr->size*sizeof(char));
- lstr->len = 0;
- lstr->str[lstr->len] = 0;
-
- return lstr;
-}
-
-
-void ldapu_str_free (LDAPUStr_t *lstr)
-{
- if (lstr) {
- if (lstr->str) ldapu_free(lstr->str);
- ldapu_free((void *)lstr);
- }
-}
-
-
-int ldapu_str_append(LDAPUStr_t *lstr, const char *arg)
-{
- int arglen = strlen(arg);
- int len = lstr->len + arglen;
-
- if (len >= lstr->size) {
- /* realloc some more */
- lstr->size += arglen > 4095 ? arglen+1 : 4096;
- lstr->str = (char *)ldapu_realloc(lstr->str, lstr->size);
- if (!lstr->str) return LDAPU_ERR_OUT_OF_MEMORY;
- }
-
- memcpy((void *)&(lstr->str[lstr->len]), (void *)arg, arglen);
- lstr->len += arglen;
- lstr->str[lstr->len] = 0;
- return LDAPU_SUCCESS;
-}
-
-
-/*
- * ldapu_auth_userdn_groupids_recurse:
- * Description:
- * Checks if the user is member of the given comma separated list of
- * group names.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * filter filter to use in the search
- * groupids some representation of group names. Example,
- * a comma separated names in a string, hash
- * table, etc. This function doesn't need to
- * know the name of the groups. It calls the
- * following function to check if one of the
- * groups returned by the search is in the list.
- * grpcmpfn group name comparison function.
- * base basedn (where to start the search)
- * recurse_cnt recursion count to detect circular groups
- * group_out if successful, pointer to the user's group
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of one of the groups
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-static int ldapu_auth_userdn_groupids_recurse (LDAP *ld, const char *filter,
- void *groupids,
- LDAPU_GroupCmpFn_t grpcmpfn,
- const char *base,
- int recurse_cnt,
- char **group_out)
-{
- LDAPMessage *res = 0;
- const char *attrs[] = { "CN", 0 };
- int attrsonly = 0;
- LDAPMessage *entry;
- int rv;
- int retval;
- int i;
- int done;
-
- if (recurse_cnt >= 30)
- return LDAPU_ERR_CIRCULAR_GROUPS;
-
- /* Perform the ldap lookup */
- retval = ldapu_find(ld, base, LDAP_SCOPE_SUBTREE, filter, attrs,
- attrsonly, &res);
-
- if (retval != LDAPU_SUCCESS && retval != LDAPU_ERR_MULTIPLE_MATCHES ) {
- /* user is not a member of any group */
- if (res) ldap_msgfree(res);
- return retval;
- }
-
- retval = LDAPU_FAILED;
- done = 0;
-
- /* check if one of the matched groups is one of the given groups */
- for (entry = ldap_first_entry(ld, res); entry != NULL && !done;
- entry = ldap_next_entry(ld, entry))
- {
- struct berval **bvals;
-
- if ((bvals = ldap_get_values_len(ld, entry, "CN")) == NULL) {
- /* This shouldn't happen */
- retval = LDAPU_ERR_MISSING_ATTR_VAL;
- continue;
- }
-
- /* "CN" may have multiple values */
- /* Check each value of "CN" against the 'groupids' */
- for ( i = 0; bvals[i] != NULL; i++ ) {
- rv = (*grpcmpfn)(groupids, bvals[i]->bv_val, bvals[i]->bv_len);
- if (rv == LDAPU_SUCCESS) {
- char *group = (char *)ldapu_malloc(bvals[i]->bv_len+1);
-
- if (!group) {
- retval = LDAPU_ERR_OUT_OF_MEMORY;
- }
- else {
- strncpy(group, bvals[i]->bv_val, bvals[i]->bv_len);
- group[bvals[i]->bv_len] = 0;
- *group_out = group;
- retval = LDAPU_SUCCESS;
- }
- done = 1; /* exit from the outer loop too */
- break;
- }
- }
-
- ldap_value_free_len(bvals);
- }
-
- if (retval == LDAPU_FAILED) {
- /* None of the matched groups is in 'groupids' */
- /* Perform the nested group membership check */
- LDAPUStr_t *filter1;
- LDAPUStr_t *filter2;
- char *rfilter = 0;
- int rlen;
- /* Finally we need a filter which looks like:
- (| (& (objectclass=groupofuniquenames)
- (| (uniquemember=<grp1dn>)(uniquemember=<grp2dn>) ...))
- (& (objectclass=groupofnames)
- (| (member=<grp1dn>)(member=<grp2dn>) ...)))
- Construct 2 sub-filters first as follows:
- (uniquemember=<grp1dn>)(uniquemember=<grp2dn>)... AND
- (member=<grp1dn>)(member=<grp2dn>)...
- Then insert them in the main filter.
- */
- filter1 = ldapu_str_alloc(1024);
- filter2 = ldapu_str_alloc(1024);
- if (!filter1 || !filter2) return LDAPU_ERR_OUT_OF_MEMORY;
- rv = LDAPU_SUCCESS;
-
- for (entry = ldap_first_entry(ld, res); entry != NULL;
- entry = ldap_next_entry(ld, entry))
- {
- char *dn = ldap_get_dn(ld, entry);
- if (((rv = ldapu_str_append(filter1, "(uniquemember="))
- != LDAPU_SUCCESS) ||
- ((rv = ldapu_str_append(filter1, dn)) != LDAPU_SUCCESS) ||
- ((rv = ldapu_str_append(filter1, ")")) != LDAPU_SUCCESS) ||
- ((rv = ldapu_str_append(filter2, "(member="))
- != LDAPU_SUCCESS) ||
- ((rv = ldapu_str_append(filter2, dn)) != LDAPU_SUCCESS) ||
- ((rv = ldapu_str_append(filter2, ")")) != LDAPU_SUCCESS))
- {
- ldap_memfree(dn);
- break;
- }
- ldap_memfree(dn);
- }
-
- if (rv != LDAPU_SUCCESS) {
- /* something went wrong in appending to filter1 or filter2 */
- ldapu_str_free(filter1);
- ldapu_str_free(filter2);
- retval = rv;
- }
- else {
- /* Insert the 2 filters in the main filter */
- rlen = filter1->len + filter2->len +
- strlen("(| (& (objectclass=groupofuniquenames)"
- "(| ))"
- "(& (objectclass=groupofnames)"
- "(| )))") + 1;
- rfilter = (char *)ldapu_malloc(rlen);
- if (!rfilter) return LDAPU_ERR_OUT_OF_MEMORY;
- sprintf(rfilter,
- "(| (& (objectclass=groupofuniquenames)"
- "(| %s))"
- "(& (objectclass=groupofnames)"
- "(| %s)))",
- filter1->str, filter2->str);
- ldapu_str_free(filter1);
- ldapu_str_free(filter2);
- retval = ldapu_auth_userdn_groupids_recurse(ld, rfilter, groupids,
- grpcmpfn, base,
- ++recurse_cnt,
- group_out);
- ldapu_free(rfilter);
- }
-
- }
-
- if (res) ldap_msgfree(res);
- return retval;
-}
-
-/*
- * ldapu_auth_userdn_groupids:
- * Description:
- * Checks if the user is member of the given comma separated list of
- * group names.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * userdn User's full DN
- * groupids some representation of group names. Example,
- * a comma separated names in a string, hash
- * table, etc. This function doesn't need to
- * know the name of the groups. It calls the
- * following function to check if one of the
- * groups returned by the search is in the list.
- * grpcmpfn group name comparison function.
- * base basedn (where to start the search)
- * group_out if successful, pointer to the user's group
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of one of the groups
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_groupids (LDAP *ld, const char *userdn,
- void *groupids,
- LDAPU_GroupCmpFn_t grpcmpfn,
- const char *base,
- char **group_out)
-{
- char *filter;
- int len;
- int rv;
-
- *group_out = 0;
- /* allocate a big enough filter */
- /* The filter looks like:
- (| (& (objectclass=groupofuniquenames)(uniquemember=<userdn>))
- (& (objectclass=groupofnames)(member=<userdn>)))
- */
-
- len = 2 * strlen(userdn) + 1 +
- strlen("(| (& (objectclass=groupofuniquenames)(uniquemember=))"
- "(& (objectclass=groupofnames)(member=)))");
- filter = (char *)ldapu_malloc(len);
-
- if (!filter) return LDAPU_ERR_OUT_OF_MEMORY;
-
- sprintf(filter, "(| (& (objectclass=groupofuniquenames)(uniquemember=%s))"
- "(& (objectclass=groupofnames)(member=%s)))",
- userdn, userdn);
-
- rv = ldapu_auth_userdn_groupids_recurse(ld, filter, groupids,
- grpcmpfn, base,
- 0, group_out);
-
- ldapu_free(filter);
- return rv;
-}
-
-
-/*
- * ldapu_auth_userdn_attrfilter:
- * Description:
- * Checks if the user's entry has the given attributes
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * userdn User's full DN
- * attrfilter attribute filter
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of the group
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_attrfilter (LDAP *ld, const char *userdn,
- const char *attrfilter)
-{
- const char *base = userdn;
- int scope = LDAP_SCOPE_BASE;
- const char *filter = attrfilter;
- const char **attrs = default_search_attrs;
- int attrsonly = default_search_attrsonly;
- LDAPMessage *res = 0;
- int retval;
-
- retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, &res);
-
- if (res) ldapu_msgfree(ld, res);
-
- return retval;
-}
-
-/*
- * ldapu_auth_uid_attrfilter:
- * Description:
- * Checks if the user's entry has the given attributes. First maps
- the uid to userdn.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * uid User's name
- * attrfilter attribute filter
- * base basedn (where to start the search)
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user is member of the group
- * LDAPU_FAILED if user is not a member of the group
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_attrfilter (LDAP *ld, const char *uid, const char *attrfilter,
- const char *base)
-{
- int scope = LDAP_SCOPE_SUBTREE;
- char filter[ BUFSIZ ];
- const char **attrs = default_search_attrs;
- int attrsonly = default_search_attrsonly;
- LDAPMessage *res = 0;
- int retval;
-
- /* setup filter as (& (uid=<uid>) (attrfilter)) */
- if (*attrfilter == '(')
- PR_snprintf(filter, sizeof(filter), "(& (uid=%s) %s)", uid, attrfilter);
- else
- PR_snprintf(filter, sizeof(filter), "(& (uid=%s) (%s))", uid, attrfilter);
-
- retval = ldapu_find(ld, base, scope, filter, attrs, attrsonly, &res);
-
- if (res) ldapu_msgfree(ld, res);
-
- return retval;
-}
-
-/*
- * ldapu_auth_userdn_password:
- * Description:
- * Checks the user's password against LDAP by binding using the
- * userdn and the password.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * userdn User's full DN
- * password User's password (clear text)
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user credentials are valid
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_userdn_password (LDAP *ld, const char *userdn, const char *password)
-{
- int retval;
-
- DBG_PRINT2("\tuserdn:\t\"%s\"\n", userdn);
- DBG_PRINT2("\tpassword:\t\"%s\"\n", password);
-
- retval = ldap_simple_bind_s(ld, userdn, password);
-
- if (retval != LDAP_SUCCESS)
- {
- DBG_PRINT2("ldap_simple_bind_s: %s\n", ldap_err2string(retval));
- return(retval);
- }
-
- return LDAPU_SUCCESS;
-}
-
-/*
- * ldapu_auth_uid_password:
- * Description:
- * First converts the uid to userdn and calls
- * ldapu_auth_userdn_password.
- * Arguments:
- * ld Pointer to LDAP (assumes connection has been
- * established and the client has called the
- * appropriate bind routine)
- * uid User's name
- * password User's password (clear text)
- * Return Values: (same as ldapu_find)
- * LDAPU_SUCCESS if user credentials are valid
- * <rv> if error, where <rv> can be passed to
- * ldap_err2string to get an error string.
- */
-int ldapu_auth_uid_password (LDAP *ld, const char *uid,
- const char *password, const char *base)
-{
- int retval;
- char *dn;
-
- /* First find userdn for the given uid and
- then call ldapu_auth_userdn_password */
- retval = ldapu_find_userdn(ld, uid, base, &dn);
-
- if (retval == LDAPU_SUCCESS) {
- retval = ldapu_auth_userdn_password(ld, dn, password);
- ldapu_memfree(ld, dn);
- }
-
- return retval;
-}
-
-
-/* ldapu_string_set --
- * This function is not tested yet for its usefulness. This is to be used to
- * customize the strings used in the LDAP searches performed through
- * 'ldaputil'. This could also be extended to setting customized error
- * messages (and even i18n equivalent of error messages).
- */
-NSAPI_PUBLIC int ldapu_string_set (const int type, const char *filter)
-{
- if (!filter || !*filter) return LDAPU_ERR_INVALID_STRING;
-
- if (type < 0 || type >= LDAPU_STR_MAX_INDEX)
- return LDAPU_ERR_INVALID_STRING_INDEX;
-
- ldapu_strings[type] = strdup(filter);
-
- if (!ldapu_strings[type]) return LDAPU_ERR_OUT_OF_MEMORY;
-
- return LDAPU_SUCCESS;
-}
-
-
-NSAPI_PUBLIC const char *ldapu_string_get (const int type)
-{
- if (type < 0 || type >= LDAPU_STR_MAX_INDEX)
- return 0;
-
- return ldapu_strings[type];
-}
diff --git a/lib/ldaputil/ldapdb.c b/lib/ldaputil/ldapdb.c
deleted file mode 100644
index 478b4f8c..00000000
--- a/lib/ldaputil/ldapdb.c
+++ /dev/null
@@ -1,594 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * This Program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
- * Foundation; version 2 of the License.
- *
- * This Program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place, Suite 330, Boston, MA 02111-1307 USA.
- *
- * In addition, as a special exception, Red Hat, Inc. gives You the additional
- * right to link the code of this Program with code not covered under the GNU
- * General Public License ("Non-GPL Code") and to distribute linked combinations
- * including the two, subject to the limitations in this paragraph. Non-GPL Code
- * permitted under this exception must only link to the code of this Program
- * through those well defined interfaces identified in the file named EXCEPTION
- * found in the source code files (the "Approved Interfaces"). The files of
- * Non-GPL Code may instantiate templates or use macros or inline functions from
- * the Approved Interfaces without causing the resulting work to be covered by
- * the GNU General Public License. Only Red Hat, Inc. may make changes or
- * additions to the list of Approved Interfaces. You must obey the GNU General
- * Public License in all respects for all of the Program code and other code used
- * in conjunction with the Program except the Non-GPL Code covered by this
- * exception. If you modify this file, you may extend this exception to your
- * version of the file, but you are not obligated to do so. If you do not wish to
- * provide this exception without modification, you must delete this exception
- * statement from your version and license this file solely under the GPL without
- * exception.
- *
- *
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-
-#ifndef DONT_USE_LDAP_SSL
-#define USE_LDAP_SSL
-#endif
-
-
-#include <string.h>
-#include <malloc.h>
-
-#include <nspr.h>
-#include <prthread.h>
-#include <prmon.h>
-
-#include "ldaputil/errors.h"
-#include "ldaputil/certmap.h"
-#include "ldaputil/ldapdb.h"
-
-#ifdef USE_LDAP_SSL
-/* removed for new ns security integration
-#include <sec.h>
-#include <key.h>
-#include "cert.h"
-*/
-#include <ssl.h>
-#include "ldap_ssl.h"
-#endif
-
-#include "ldaputili.h"
-
-#define LDAPDB_PREFIX_WITH_SLASHES "ldapdb://"
-#define LDAPDB_PREFIX_WITH_SLASHES_LEN 9
-
-uintn tsdindex;
-
-static void ldb_crit_init (LDAPDatabase_t *ldb)
-{
- ldb->crit = PR_NewMonitor();
-}
-
-static void ldb_crit_enter (LDAPDatabase_t *ldb)
-{
- PR_EnterMonitor(ldb->crit);
-}
-
-static void ldb_crit_exit (LDAPDatabase_t *ldb)
-{
- PR_ExitMonitor(ldb->crit);
-}
-
-struct ldap_error {
- int le_errno;
- char *le_matched;
- char *le_errmsg;
-};
-
-
-static void set_ld_error( int err, char *matched, char *errmsg, void *dummy )
-{
- struct ldap_error *le;
-
- if (!(le = (struct ldap_error *) PR_GetThreadPrivate(tsdindex))) {
- le = (struct ldap_error *) malloc(sizeof(struct ldap_error));
- memset((void *)le, 0, sizeof(struct ldap_error));
- PR_SetThreadPrivate(tsdindex, (void *)le);
- }
- le->le_errno = err;
- if ( le->le_matched != NULL ) {
- ldap_memfree( le->le_matched );
- }
- le->le_matched = matched;
- if ( le->le_errmsg != NULL ) {
- ldap_memfree( le->le_errmsg );
- }
- le->le_errmsg = errmsg;
-}
-
-static int get_ld_error( char **matched, char **errmsg, void *dummy )
-{
- struct ldap_error *le;
-
- le = (struct ldap_error *) PR_GetThreadPrivate( tsdindex);
- if ( matched != NULL ) {
- *matched = le->le_matched;
- }
- if ( errmsg != NULL ) {
- *errmsg = le->le_errmsg;
- }
- return( le->le_errno );
-}
-
-static void set_errno( int err )
-{
- PR_SetError( err, 0);
-}
-
-static int get_errno( void )
-{
- return( PR_GetError() );
-}
-
-#ifdef LDAP_OPT_DNS_FN_PTRS /* not supported in older LDAP SDKs */
-static LDAPHostEnt *
-ldapu_copyPRHostEnt2LDAPHostEnt( LDAPHostEnt *ldhp, PRHostEnt *prhp )
-{
- ldhp->ldaphe_name = prhp->h_name;
- ldhp->ldaphe_aliases = prhp->h_aliases;
- ldhp->ldaphe_addrtype = prhp->h_addrtype;
- ldhp->ldaphe_length = prhp->h_length;
- ldhp->ldaphe_addr_list = prhp->h_addr_list;
- return( ldhp );
-}
-
-static LDAPHostEnt *
-ldapu_gethostbyname( const char *name, LDAPHostEnt *result,
- char *buffer, int buflen, int *statusp, void *extradata )
-{
- PRHostEnt prhent;
-
- if( !statusp || ( *statusp = (int)PR_GetHostByName( name, buffer,
- buflen, &prhent )) == PR_FAILURE ) {
- return( NULL );
- }
-
- return( ldapu_copyPRHostEnt2LDAPHostEnt( result, &prhent ));
-}
-
-static LDAPHostEnt *
-ldapu_gethostbyaddr( const char *addr, int length, int type,
- LDAPHostEnt *result, char *buffer, int buflen, int *statusp,
- void *extradata )
-{
- /* old code did this which was clearly wrong:
- return( (LDAPHostEnt *)PR_GetError() );
- which leads me to believe this is not used */
- return( NULL );
-}
-#endif /* LDAP_OPT_DNS_FN_PTRS */
-
-
-static void unescape_ldap_basedn (char *str)
-{
- if (strchr(str, '%')) {
- register int x = 0, y = 0;
- int l = strlen(str);
- char digit;
-
- while(x < l) {
- if((str[x] == '%') && (x < (l - 2))) {
- ++x;
- digit = (str[x] >= 'A' ?
- ((str[x] & 0xdf) - 'A')+10 : (str[x] - '0'));
- digit *= 16;
-
- ++x;
- digit += (str[x] >= 'A' ?
- ((str[x] & 0xdf) - 'A')+10 : (str[x] - '0'));
-
- str[y] = digit;
- }
- else {
- str[y] = str[x];
- }
- x++;
- y++;
- }
- str[y] = '\0';
- }
-}
-
-/*
- * extract_path_and_basedn:
- * Description:
- * Parses the ldapdb url and returns pathname to the lcache.conf file
- * and basedn. The caller must free the memory allocated for the
- * returned path and the basedn.
- * Arguments:
- * url URL (must begin with ldapdb://)
- * path Pathname to the lcache.conf file
- * basedn basedn for the ldapdb.
- * Return Values: (same as ldap_find)
- * LDAPU_SUCCESS if the URL is parsed successfully
- * <rv> if error, one of the LDAPU_ errors.
- */
-static int extract_path_and_basedn(const char *url_in, char **path_out,
- char **basedn_out)
-{
- char *url = strdup(url_in);
- char *basedn;
- char *path;
-
- *path_out = 0;
- *basedn_out = 0;
-
- if (!url) return LDAPU_ERR_OUT_OF_MEMORY;
-
- if (strncmp(url, LDAPDB_URL_PREFIX, LDAPDB_URL_PREFIX_LEN)) {
- free(url);
- return LDAPU_ERR_URL_INVALID_PREFIX;
- }
-
- path = url + LDAPDB_URL_PREFIX_LEN;
-
- if (strncmp(path, "//", 2)) {
- free(url);
- return LDAPU_ERR_URL_INVALID_PREFIX;
- }
-
- path += 2;
-
- /* Find base DN -- empty string is OK */
- if ((basedn = strrchr(path, '/')) == NULL) {
- free(url);
- return LDAPU_ERR_URL_NO_BASEDN;
- }
-
- *basedn++ = '\0'; /* terminate the path */
- unescape_ldap_basedn(basedn);
- *basedn_out = strdup(basedn);
- *path_out = strdup(path);
- free(url);
- return (*basedn_out && *path_out) ? LDAPU_SUCCESS : LDAPU_ERR_OUT_OF_MEMORY;
-}
-
-NSAPI_PUBLIC int ldapu_ldapdb_url_parse (const char *url,
- LDAPDatabase_t **ldb_out)
-{
- char *path = 0;
- char *basedn = 0;
- LDAPDatabase_t *ldb = 0;
- int rv;
-
- rv = extract_path_and_basedn(url, &path, &basedn);
-
- if (rv != LDAPU_SUCCESS) {
- if (path) free(path);
- if (basedn) free(basedn);
- return rv;
- }
-
- ldb = (LDAPDatabase_t *)malloc(sizeof(LDAPDatabase_t));
-
- if (!ldb) {
- if (path) free(path);
- if (basedn) free(basedn);
- return LDAPU_ERR_OUT_OF_MEMORY;
- }
-
- memset((void *)ldb, 0, sizeof(LDAPDatabase_t));
- ldb->basedn = basedn; /* extract_path_and_basedn has allocated */
- ldb->host = path; /* memory for us -- don't make a copy */
- ldb_crit_init(ldb);
- *ldb_out = ldb;
-
- return LDAPU_SUCCESS;
-}
-
-
-/*
- * ldapu_url_parse:
- * Description:
- * Parses the ldapdb or ldap url and returns a LDAPDatabase_t struct
- * Arguments:
- * url URL (must begin with ldapdb://)
- * binddn DN to use to bind to ldap server.
- * bindpw Password to use to bind to ldap server.
- * ldb a LDAPDatabase_t struct filled from parsing
- * the url.
- * Return Values: (same as ldap_find)
- * LDAPU_SUCCESS if the URL is parsed successfully
- * <rv> if error, one of the LDAPU_ errors.
- */
-NSAPI_PUBLIC int ldapu_url_parse (const char *url, const char *binddn,
- const char *bindpw,
- LDAPDatabase_t **ldb_out)
-{
- LDAPDatabase_t *ldb;
- LDAPURLDesc *ludp = 0;
- int rv;
-
- *ldb_out = 0;
-
- if (!strncmp(url, LDAPDB_PREFIX_WITH_SLASHES,
- LDAPDB_PREFIX_WITH_SLASHES_LEN))
- {
- return ldapu_ldapdb_url_parse(url, ldb_out);
- }
-
- /* call ldapsdk's parse function */
- rv = ldap_url_parse((char *)url, &ludp);
-
- if (rv != LDAP_SUCCESS) {
- if (ludp) ldap_free_urldesc(ludp);
- return LDAPU_ERR_URL_PARSE_FAILED;
- }
-
- ldb = (LDAPDatabase_t *)malloc(sizeof(LDAPDatabase_t));
-
- if (!ldb) {
- ldap_free_urldesc(ludp);
- return LDAPU_ERR_OUT_OF_MEMORY;
- }
-
- memset((void *)ldb, 0, sizeof(LDAPDatabase_t));
- ldb->host = ludp->lud_host ? strdup(ludp->lud_host) : 0;
- ldb->use_ssl = ludp->lud_options & LDAP_URL_OPT_SECURE;
- ldb->port = ludp->lud_port ? ludp->lud_port : ldb->use_ssl ? 636 : 389;
- ldb->basedn = ludp->lud_dn ? strdup(ludp->lud_dn) : 0;
- ldb_crit_init(ldb);
- ldap_free_urldesc(ludp);
-
- if (binddn) ldb->binddn = strdup(binddn);
-
- if (bindpw) ldb->bindpw = strdup(bindpw);
-
- /* success */
- *ldb_out = ldb;
-
- return LDAPU_SUCCESS;
-}
-
-NSAPI_PUBLIC void ldapu_free_LDAPDatabase_t (LDAPDatabase_t *ldb)
-{
- if (ldb->host) free(ldb->host);
- if (ldb->basedn) free(ldb->basedn);
- if (ldb->filter) free(ldb->filter);
- if (ldb->binddn) free(ldb->binddn);
- if (ldb->bindpw) free(ldb->bindpw);
- if (ldb->ld) ldapu_unbind(ldb->ld);
- memset((void *)ldb, 0, sizeof(LDAPDatabase_t));
- free(ldb);
-}
-
-NSAPI_PUBLIC LDAPDatabase_t *ldapu_copy_LDAPDatabase_t (const LDAPDatabase_t *ldb)
-{
- LDAPDatabase_t *nldb = (LDAPDatabase_t *)malloc(sizeof(LDAPDatabase_t));
-
- if (!nldb) return 0;
-
- memset((void *)nldb, 0, sizeof(LDAPDatabase_t));
- nldb->use_ssl = ldb->use_ssl;
- if (ldb->host) nldb->host = strdup(ldb->host);
- nldb->port = ldb->port;
- if (ldb->basedn) nldb->basedn = strdup(ldb->basedn);
- nldb->scope = ldb->scope;
- if (ldb->filter) nldb->filter = strdup(ldb->filter);
- nldb->ld = 0;
- if (ldb->binddn) nldb->binddn = strdup(ldb->binddn);
- if (ldb->bindpw) nldb->bindpw = strdup(ldb->bindpw);
- nldb->bound = 0;
- ldb_crit_init(nldb);
-
- return nldb;
-}
-
-NSAPI_PUBLIC int ldapu_is_local_db (const LDAPDatabase_t *ldb)
-{
- return ldb->port ? 0 : 1;
-}
-
-static int LDAP_CALL LDAP_CALLBACK
-ldapu_rebind_proc (LDAP *ld, char **whop, char **passwdp,
- int *authmethodp, int freeit, void *arg)
-{
- if (freeit == 0) {
- LDAPDatabase_t *ldb = (LDAPDatabase_t *)arg;
- *whop = ldb->binddn;
- *passwdp = ldb->bindpw;
- *authmethodp = LDAP_AUTH_SIMPLE;
- }
-
- return LDAP_SUCCESS;
-}
-
-NSAPI_PUBLIC int ldapu_ldap_init(LDAPDatabase_t *ldb)
-{
- LDAP *ld = 0;
-
- ldb_crit_enter(ldb);
-
-#ifdef USE_LDAP_SSL
- /* Note. This assume the security related initialization is done */
- /* The step needed is :
- PR_Init
- RNG_SystemInfoForRNG
- RNG_RNGInit
- CERT_OpenCertDBFilename
- CERT_SetDefaultCertDB
- SECMOD_init
-
- And because ldapssl_init depends on security initialization, it is
- no good for non-ssl init
- */
- if (ldb->use_ssl)
- ld = ldapssl_init(ldb->host, ldb->port, ldb->use_ssl);
- else ldap_init(ldb->host, ldb->port);
-#else
- ld = ldapu_init(ldb->host, ldb->port);
-#endif
-
- if (ld == NULL) {
- DBG_PRINT1("ldapu_ldap_init: Failed to initialize connection");
- ldb_crit_exit(ldb);
- return LDAPU_ERR_LDAP_INIT_FAILED;
- }
-
- {
- struct ldap_thread_fns tfns;
-
- PR_NewThreadPrivateIndex(&tsdindex, NULL);
-
- /* set mutex pointers */
- memset( &tfns, '\0', sizeof(struct ldap_thread_fns) );
- tfns.ltf_mutex_alloc = (void *(*)(void))PR_NewMonitor;
- tfns.ltf_mutex_free = (void (*)(void *))PR_DestroyMonitor;
- tfns.ltf_mutex_lock = (int (*)(void *)) PR_EnterMonitor;
- tfns.ltf_mutex_unlock = (int (*)(void *)) PR_ExitMonitor;
- tfns.ltf_get_errno = get_errno;
- tfns.ltf_set_errno = set_errno;
- tfns.ltf_get_lderrno = get_ld_error;
- tfns.ltf_set_lderrno = set_ld_error;
- /* set ld_errno pointers */
- if ( ldapu_set_option( ld, LDAP_OPT_THREAD_FN_PTRS, (void *) &tfns )
- != 0 ) {
- ldb_crit_exit(ldb);
- return LDAPU_ERR_LDAP_SET_OPTION_FAILED;
- }
- }
-#ifdef LDAP_OPT_DNS_FN_PTRS /* not supported in older LDAP SDKs */
- {
- /* install DNS functions */
- struct ldap_dns_fns dnsfns;
- memset( &dnsfns, '\0', sizeof(struct ldap_dns_fns) );
- dnsfns.lddnsfn_bufsize = PR_NETDB_BUF_SIZE;
- dnsfns.lddnsfn_gethostbyname = ldapu_gethostbyname;
- dnsfns.lddnsfn_gethostbyaddr = ldapu_gethostbyaddr;
- if ( ldapu_set_option( ld, LDAP_OPT_DNS_FN_PTRS, (void *)&dnsfns )
- != 0 ) {
- ldb_crit_exit(ldb);
- return LDAPU_ERR_LDAP_SET_OPTION_FAILED;
- }
- }
-#endif /* LDAP_OPT_DNS_FN_PTRS */
-
- if (ldapu_is_local_db(ldb)) {
- /* No more Local db support, force error! */
- return LDAPU_ERR_LCACHE_INIT_FAILED;
-#if 0
- int optval = 1;
-
- if (lcache_init(ld, ldb->host) != 0) {
- ldb_crit_exit(ldb);
- return LDAPU_ERR_LCACHE_INIT_FAILED;
- }
-
- if (ldap_set_option(ld, LDAP_OPT_CACHE_ENABLE, &optval) != 0) {
- ldb_crit_exit(ldb);
- return LDAPU_ERR_LDAP_SET_OPTION_FAILED;
- }
-
- optval = LDAP_CACHE_LOCALDB;
-
- if (ldap_set_option(ld, LDAP_OPT_CACHE_STRATEGY, &optval) != 0) {
- ldb_crit_exit(ldb);
- return LDAPU_ERR_LDAP_SET_OPTION_FAILED;
- }
-#endif
- }
- else if (ldb->binddn && *ldb->binddn) {
- /* Set the rebind proc */
- /* Rebind proc is used when chasing a referral */
- ldap_set_rebind_proc(ld, ldapu_rebind_proc, (void *)ldb);
- }
-
- ldb->ld = ld;
- ldb_crit_exit(ldb);
-
- return LDAPU_SUCCESS;
-}
-
-NSAPI_PUBLIC int ldapu_ldap_rebind (LDAPDatabase_t *ldb)
-{
- int retry;
- int rv = LDAPU_FAILED;
-
- ldb_crit_enter(ldb);
-
- if (ldb->ld) {
- retry = (ldb->bound != -1 ? 1 : 0); /* avoid recursion */
-
-#ifdef USE_LDAP_SSL
- if (ldb->use_ssl && !CERT_GetDefaultCertDB()) {
- /* default cert database has not been initialized */
- rv = LDAPU_ERR_NO_DEFAULT_CERTDB;
- }
- else
-#endif
- {
- rv = ldap_simple_bind_s(ldb->ld, ldb->binddn, ldb->bindpw);
- }
-
- /* retry once if the LDAP server is down */
- if (rv == LDAP_SERVER_DOWN && retry) {
- ldb->bound = -1; /* to avoid recursion */
- rv = ldapu_ldap_reinit_and_rebind(ldb);
- }
-
- if (rv == LDAPU_SUCCESS) ldb->bound = 1;
- }
-
- ldb_crit_exit(ldb);
-
- return rv;
-}
-
-NSAPI_PUBLIC int ldapu_ldap_init_and_bind (LDAPDatabase_t *ldb)
-{
- int rv = LDAPU_SUCCESS;
-
- ldb_crit_enter(ldb);
-
- if (!ldb->ld) {
- rv = ldapu_ldap_init(ldb);
- /* ldb->bound may be set to -1 to avoid recursion */
- if (ldb->bound == 1) ldb->bound = 0;
- }
-
- /* bind as binddn & bindpw if not bound already */
- if (rv == LDAPU_SUCCESS && ldb->bound != 1) {
- rv = ldapu_ldap_rebind (ldb);
- }
-
- ldb_crit_exit(ldb);
-
- return rv;
-}
-
-NSAPI_PUBLIC int ldapu_ldap_reinit_and_rebind (LDAPDatabase_t *ldb)
-{
- int rv;
-
- ldb_crit_enter(ldb);
-
- if (ldb->ld) {
- ldapu_unbind(ldb->ld);
- ldb->ld = 0;
- }
-
- rv = ldapu_ldap_init_and_bind(ldb);
- ldb_crit_exit(ldb);
- return rv;
-}
-
diff --git a/lib/ldaputil/vtable.c b/lib/ldaputil/vtable.c
index 0ead6c11..18ac0a4d 100644
--- a/lib/ldaputil/vtable.c
+++ b/lib/ldaputil/vtable.c
@@ -42,187 +42,8 @@
#include "ldaputili.h"
#include <ldap.h>
-#ifdef USE_LDAP_SSL
-#include <ldap_ssl.h>
-#endif
-
-#if defined( _WINDOWS ) && ! defined( _WIN32 )
-/* On 16-bit WINDOWS platforms, it's erroneous to call LDAP API functions
- * via a function pointer, since they are not declared LDAP_CALLBACK.
- * So, we define the following functions, which are LDAP_CALLBACK, and
- * simply delegate to their counterparts in the LDAP API.
- */
-
-#ifdef USE_LDAP_SSL
-static LDAP_CALL LDAP_CALLBACK LDAP*
-ldapuVd_ssl_init( const char *host, int port, int encrypted )
-{
- return ldapssl_init (host, port, encrypted);
-}
-#else
-static LDAP_CALL LDAP_CALLBACK LDAP*
-ldapuVd_init ( const char *host, int port )
-{
- return ldap_init (host, port);
-}
-#endif
-
-static LDAP_CALL LDAP_CALLBACK int
-ldapuVd_set_option( LDAP *ld, int opt, const void *val )
-{
- return ldap_set_option (ld, opt, val);
-}
-
-static LDAP_CALL LDAP_CALLBACK int
-ldapuVd_simple_bind_s( LDAP* ld, const char *username, const char *passwd )
-{
- return ldap_simple_bind_s (ld, username, passwd);
-}
-
-static LDAP_CALL LDAP_CALLBACK int
-ldapuVd_unbind( LDAP *ld )
-{
- return ldap_unbind (ld);
-}
-
-static LDAP_CALL LDAP_CALLBACK int
-ldapuVd_search_s( LDAP* ld, const char* baseDN, int scope, const char* filter,
- char** attrs, int attrsonly, LDAPMessage** result )
-{
- return ldap_search_s (ld, baseDN, scope, filter, attrs, attrsonly, result);
-}
-
-static LDAP_CALL LDAP_CALLBACK int
-ldapuVd_count_entries( LDAP* ld, LDAPMessage* msg )
-{
- return ldap_count_entries (ld, msg);
-}
-
-static LDAP_CALL LDAP_CALLBACK LDAPMessage*
-ldapuVd_first_entry( LDAP* ld, LDAPMessage* msg )
-{
- return ldap_first_entry (ld, msg);
-}
-
-static LDAP_CALL LDAP_CALLBACK LDAPMessage*
-ldapuVd_next_entry( LDAP* ld, LDAPMessage* entry )
-{
- return ldap_next_entry(ld, entry);
-}
-
-static LDAP_CALL LDAP_CALLBACK char*
-ldapuVd_get_dn( LDAP* ld, LDAPMessage* entry )
-{
- return ldap_get_dn (ld, entry);
-}
-
-static LDAP_CALL LDAP_CALLBACK char*
-ldapuVd_first_attribute( LDAP* ld, LDAPMessage* entry, BerElement** iter )
-{
- return ldap_first_attribute (ld, entry, iter);
-}
-
-static LDAP_CALL LDAP_CALLBACK char*
-ldapuVd_next_attribute( LDAP* ld, LDAPMessage* entry, BerElement* iter)
-{
- return ldap_next_attribute (ld, entry, iter);
-}
-
-static LDAP_CALL LDAP_CALLBACK char**
-ldapuVd_get_values( LDAP *ld, LDAPMessage *entry, const char *desc )
-{
- return ldap_get_values (ld, entry, desc);
-}
-
-static LDAP_CALL LDAP_CALLBACK struct berval**
-ldapuVd_get_values_len( LDAP *ld, LDAPMessage *entry, const char *desc )
-{
- return ldap_get_values_len (ld, entry, desc);
-}
-
-#else
-/* On other platforms, an LDAP API function can be called via a pointer. */
-#ifdef USE_LDAP_SSL
-#define ldapuVd_ssl_init ldapssl_init
-#else
-#define ldapuVd_init ldap_init
-#endif
-#define ldapuVd_set_option ldap_set_option
-#define ldapuVd_simple_bind_s ldap_simple_bind_s
-#define ldapuVd_unbind ldap_unbind
-#define ldapuVd_simple_bind_s ldap_simple_bind_s
-#define ldapuVd_unbind ldap_unbind
-#define ldapuVd_search_s ldap_search_s
-#define ldapuVd_count_entries ldap_count_entries
-#define ldapuVd_first_entry ldap_first_entry
-#define ldapuVd_next_entry ldap_next_entry
-#define ldapuVd_get_dn ldap_get_dn
-#define ldapuVd_first_attribute ldap_first_attribute
-#define ldapuVd_next_attribute ldap_next_attribute
-#define ldapuVd_get_values ldap_get_values
-#define ldapuVd_get_values_len ldap_get_values_len
-
-#endif
-
-/* Several functions in the standard LDAP API have no LDAP* parameter,
- but all the VTable functions do. Here are some little functions that
- make up the difference, by ignoring their LDAP* parameter:
-*/
-static int LDAP_CALL LDAP_CALLBACK
-ldapuVd_msgfree( LDAP *ld, LDAPMessage *chain )
-{
- return ldap_msgfree (chain);
-}
-
-static void LDAP_CALL LDAP_CALLBACK
-ldapuVd_memfree( LDAP *ld, void *dn )
-{
- ldap_memfree (dn);
-}
-
-static void LDAP_CALL LDAP_CALLBACK
-ldapuVd_ber_free( LDAP *ld, BerElement *ber, int freebuf )
-{
- ldap_ber_free (ber, freebuf);
-}
-
-static void LDAP_CALL LDAP_CALLBACK
-ldapuVd_value_free( LDAP *ld, char **vals )
-{
- ldap_value_free (vals);
-}
-static void LDAP_CALL LDAP_CALLBACK
-ldapuVd_value_free_len( LDAP *ld, struct berval **vals )
-{
- ldap_value_free_len (vals);
-}
-
-static LDAPUVTable_t ldapu_VTable = {
-/* By default, the VTable points to the standard LDAP API. */
-#ifdef USE_LDAP_SSL
- ldapuVd_ssl_init,
-#else
- ldapuVd_init,
-#endif
- ldapuVd_set_option,
- ldapuVd_simple_bind_s,
- ldapuVd_unbind,
- ldapuVd_search_s,
- ldapuVd_count_entries,
- ldapuVd_first_entry,
- ldapuVd_next_entry,
- ldapuVd_msgfree,
- ldapuVd_get_dn,
- ldapuVd_memfree,
- ldapuVd_first_attribute,
- ldapuVd_next_attribute,
- ldapuVd_ber_free,
- ldapuVd_get_values,
- ldapuVd_value_free,
- ldapuVd_get_values_len,
- ldapuVd_value_free_len
-};
+static LDAPUVTable_t ldapu_VTable = {};
/* Replace ldapu_VTable. Subsequently, ldaputil will call the
functions in 'from' (not the LDAP API) to access the directory.
@@ -235,26 +56,6 @@ ldapu_VTable_set (LDAPUVTable_t* from)
}
}
-#ifdef USE_LDAP_SSL
-LDAP*
-ldapu_ssl_init( const char *defhost, int defport, int defsecure )
-{
- if (ldapu_VTable.ldapuV_ssl_init) {
- return ldapu_VTable.ldapuV_ssl_init (defhost, defport, defsecure);
- }
- return NULL;
-}
-#else
-LDAP*
-ldapu_init( const char *defhost, int defport )
-{
- if (ldapu_VTable.ldapuV_init) {
- return ldapu_VTable.ldapuV_init (defhost, defport);
- }
- return NULL;
-}
-#endif
-
int
ldapu_set_option( LDAP *ld, int option, void *optdata )
{
@@ -422,28 +223,6 @@ ldapu_get_values_len( LDAP *ld, LDAPMessage *entry, const char *desc )
{
if (ldapu_VTable.ldapuV_get_values_len) {
return ldapu_VTable.ldapuV_get_values_len (ld, entry, desc);
- } else if (!ldapu_VTable.ldapuV_value_free_len
- && ldapu_VTable.ldapuV_get_values) {
- auto char** vals =
- ldapu_VTable.ldapuV_get_values (ld, entry, desc);
- if (vals) {
- auto struct berval** bvals = (struct berval**)
- ldapu_malloc ((ldap_count_values (vals) + 1)
- * sizeof(struct berval*));
- if (bvals) {
- auto char** val;
- auto struct berval** bval;
- for (val = vals, bval = bvals; *val; ++val, ++bval) {
- auto const size_t len = strlen(*val);
- *bval = (struct berval*) ldapu_malloc (sizeof(struct berval) + len);
- (*bval)->bv_len = len;
- (*bval)->bv_val = ((char*)(*bval)) + sizeof(struct berval);
- memcpy ((*bval)->bv_val, *val, len);
- }
- *bval = NULL;
- return bvals;
- }
- }
}
return NULL;
}