From 8a9fdbfb039bf1894cf3b301c8a0f84261ec8c1c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Jan 07 2011 10:00:44 +0000 Subject: Do not use LDAP_DEPRECATED in plugins Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576 --- diff --git a/daemons/configure.ac b/daemons/configure.ac index 221a63a..370c5d6 100644 --- a/daemons/configure.ac +++ b/daemons/configure.ac @@ -199,9 +199,11 @@ AC_ARG_WITH([openldap], if test "x$with_openldap" == xyes; then LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR4 $NSS3 -DUSE_OPENLDAP" LDAP_LIBS="${OPENLDAP_LIBS}" + AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries]) else LDAP_CFLAGS="${MOZLDAP_CFLAGS}" LDAP_LIBS="${MOZLDAP_LIBS}" + AC_DEFINE_UNQUOTED(WITH_MOZLDAP, 1, [Use Mozilla LDAP libraries]) fi AC_SUBST(LDAP_CFLAGS) AC_SUBST(LDAP_LIBS) diff --git a/daemons/ipa-kpasswd/ipa_kpasswd.c b/daemons/ipa-kpasswd/ipa_kpasswd.c index 9b4c2dd..a506cec 100644 --- a/daemons/ipa-kpasswd/ipa_kpasswd.c +++ b/daemons/ipa-kpasswd/ipa_kpasswd.c @@ -42,7 +42,6 @@ #ifdef WITH_MOZLDAP #include #else -#define LDAP_DEPRECATED 1 #include #endif #include @@ -331,6 +330,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e struct berval *control = NULL; struct berval newpw; char hostname[1024]; + char *uri; struct berval **ncvals; char *ldap_base = NULL; char *filter; @@ -386,11 +386,19 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e goto done; } + ret = asprintf(&uri, "ldap://%s:389", hostname); + if (ret == -1) { + syslog(LOG_ERR, "Out of memory!"); + goto done; + } + /* connect to ldap server */ /* TODO: support referrals ? */ - ld = ldap_init(hostname, 389); - if(ld == NULL) { - syslog(LOG_ERR, "Unable to connect to ldap server"); + ret = ldap_initialize(&ld, uri); + free(uri); + if(ret != LDAP_SUCCESS) { + syslog(LOG_ERR, "Unable to connect to ldap server: %s", + ldap_err2string(ret)); goto done; } @@ -414,7 +422,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e /* find base dn */ /* TODO: address the case where we have multiple naming contexts */ tv.tv_sec = 10; - tv.tv_usec = 0; + tv.tv_usec = 0; ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, "objectclass=*", root_attrs, 0, diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index 4f8764f..aaaeeb7 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -49,8 +49,6 @@ #include #include -#define LDAP_DEPRECATED 1 - #include #include #include diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index cf6b3fc..2bc36c0 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -373,6 +373,40 @@ static void pwd_values_free(Slapi_ValueSet** results, slapi_vattr_values_free(results, actual_type_name, buffer_flags); } +static int ipapwd_rdn_count(const char *dn) +{ + int rdnc = 0; + +#ifdef WITH_MOZLDAP + char **edn; + + edn = ldap_explode_dn(dn, 0); + if (!edn) { + LOG_TRACE("ldap_explode_dn(dn) failed ?!"); + return -1; + } + + for (rdnc = 0; edn != NULL && edn[rdnc]; rdnc++) /* count */ ; + ldap_value_free(edn); +#else + /* both ldap_explode_dn and ldap_value_free are deprecated + * in OpenLDAP */ + LDAPDN ldn; + int ret; + + ret = ldap_str2dn(dn, &ldn, LDAP_DN_FORMAT_LDAPV3); + if (ret != LDAP_SUCCESS) { + LOG_TRACE("ldap_str2dn(dn) failed ?!"); + return -1; + } + + for (rdnc = 0; ldn != NULL && ldn[rdnc]; rdnc++) /* count */ ; + ldap_dnfree(ldn); +#endif + + return rdnc; +} + static int ipapwd_getPolicy(const char *dn, Slapi_Entry *target, Slapi_Entry **e) { @@ -386,7 +420,6 @@ static int ipapwd_getPolicy(const char *dn, "krbPwdHistoryLength", NULL}; Slapi_Entry **es = NULL; Slapi_Entry *pe = NULL; - char **edn; int ret, res, dist, rdnc, scope, i; Slapi_DN *sdn = NULL; int buffer_flags=0; @@ -465,14 +498,12 @@ static int ipapwd_getPolicy(const char *dn, } /* count number of RDNs in DN */ - edn = ldap_explode_dn(dn, 0); - if (!edn) { - LOG_TRACE("ldap_explode_dn(dn) failed ?!"); + rdnc = ipapwd_rdn_count(dn); + if (rdnc == -1) { + LOG_TRACE("ipapwd_rdn_count(dn) failed"); ret = -1; goto done; } - for (rdnc = 0; edn[rdnc]; rdnc++) /* count */ ; - ldap_value_free(edn); pe = NULL; dist = -1; @@ -490,15 +521,12 @@ static int ipapwd_getPolicy(const char *dn, } if (slapi_sdn_issuffix(sdn, esdn)) { const char *dn1; - char **e1; int c1; dn1 = slapi_sdn_get_dn(esdn); if (!dn1) continue; - e1 = ldap_explode_dn(dn1, 0); - if (!e1) continue; - for (c1 = 0; e1[c1]; c1++) /* count */ ; - ldap_value_free(e1); + c1 = ipapwd_rdn_count(dn1); + if (c1 == -1) continue; if ((dist == -1) || ((rdnc - c1) < dist)) { dist = rdnc - c1; diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c index 10aa188..bfad0cf 100644 --- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c +++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c @@ -41,8 +41,6 @@ # include #endif -#define LDAP_DEPRECATED 1 - /* * Windows Synchronization Plug-in for IPA * This plugin allows IPA to intercept operations sent from @@ -375,7 +373,6 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry, char **new_dn_string, const Slapi_DN *ds_suffix, const Slapi_DN *ad_suffix) { - char **rdns = NULL; PRBool flatten = PR_TRUE; IPA_WinSync_Config *ipaconfig = ipa_winsync_get_config(); @@ -390,6 +387,9 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry, return; } +#ifdef WITH_MOZLDAP + char **rdns = NULL; + rdns = ldap_explode_dn(*new_dn_string, 0); if (!rdns || !rdns[0]) { ldap_value_free(rdns); @@ -399,6 +399,24 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry, slapi_ch_free_string(new_dn_string); *new_dn_string = slapi_ch_smprintf("%s,%s", rdns[0], slapi_sdn_get_dn(ds_suffix)); ldap_value_free(rdns); +#else + /* both ldap_explode_dn and ldap_value_free are deprecated + * in OpenLDAP */ + LDAPDN ldn; + int ret; + char *rdn; + + ret = ldap_str2dn(*new_dn_string, &ldn, LDAP_DN_FORMAT_LDAPV3); + if (ret != LDAP_SUCCESS) { + LOG_TRACE("ldap_str2dn(dn) failed ?!"); + return; + } + + ldap_rdn2str(ldn[0], &rdn, LDAP_DN_FORMAT_UFN); + *new_dn_string = slapi_ch_smprintf("%s,%s", rdn, slapi_sdn_get_dn(ds_suffix)); + ldap_dnfree(ldn); + ldap_memfree(rdn); +#endif LOG("<-- ipa_winsync_get_new_ds_user_dn_cb -- new dn [%s] -- end\n", *new_dn_string); diff --git a/ipa-client/ipa-client-common.h b/ipa-client/ipa-client-common.h index 863b805..b738fb4 100644 --- a/ipa-client/ipa-client-common.h +++ b/ipa-client/ipa-client-common.h @@ -23,6 +23,10 @@ #include #define _(STRING) gettext(STRING) +#ifndef discard_const +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) +#endif + int init_gettext(void); #endif /* __IPA_CLIENT_COMMON_H */ diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c index 96747a8..8f108de 100644 --- a/ipa-client/ipa-getkeytab.c +++ b/ipa-client/ipa-getkeytab.c @@ -57,10 +57,6 @@ #define KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1" #define KEYTAB_RET_OID "2.16.840.1.113730.3.8.3.2" -#ifndef discard_const -#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) -#endif - struct krb_key_salt { krb5_enctype enctype; krb5_int32 salttype; diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index 5c3d140..ff0fed9 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -18,7 +18,6 @@ */ #define _GNU_SOURCE -#define LDAP_DEPRECATED 1 #include #include @@ -178,6 +177,9 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) { int version = LDAP_VERSION3; int ret; int ldapdebug = 0; + char *uri; + struct berval bindpw_bv; + if (debug) { ldapdebug=2; ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldapdebug); @@ -186,7 +188,20 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) { if (ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, CAFILE) != LDAP_OPT_SUCCESS) goto fail; - ld = (LDAP *)ldap_init(hostname, 636); + ret = asprintf(&uri, "ldaps://%s:636", hostname); + if (ret == -1) { + fprintf(stderr, _("Out of memory!")); + goto fail; + } + + ret = ldap_initialize(&ld, uri); + free(uri); + if(ret != LDAP_SUCCESS) { + fprintf(stderr, _("Unable to initialize connection to ldap server: %s"), + ldap_err2string(ret)); + goto fail; + } + if (ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl) != LDAP_OPT_SUCCESS) { fprintf(stderr, _("Unable to enable SSL in LDAP\n")); goto fail; @@ -198,7 +213,12 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) { goto fail; } - ret = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE); + bindpw_bv.bv_val = discard_const(bindpw); + bindpw_bv.bv_len = strlen(bindpw); + + ret = ldap_sasl_bind_s(ld, binddn, LDAP_SASL_SIMPLE, &bindpw_bv, + NULL, NULL, NULL); + if (ret != LDAP_SUCCESS) { int err; @@ -446,7 +466,10 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) { if (!quiet) fprintf(stderr, _("principal not found in host entry\n")); - if (debug) ldap_perror(ld, "ldap_extended_operation_s"); + if (debug) { + fprintf(stderr, "ldap_extended_operation_s failed: %s", + ldap_err2string(rc)); + } rval = 18; goto ldap_done; }