mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Do not use LDAP_DEPRECATED in plugins
Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576
This commit is contained in:
parent
21bf175e0c
commit
8a9fdbfb03
@ -199,9 +199,11 @@ AC_ARG_WITH([openldap],
|
||||
if test "x$with_openldap" == xyes; then
|
||||
LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR4 $NSS3 -DUSE_OPENLDAP"
|
||||
LDAP_LIBS="${OPENLDAP_LIBS}"
|
||||
AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries])
|
||||
else
|
||||
LDAP_CFLAGS="${MOZLDAP_CFLAGS}"
|
||||
LDAP_LIBS="${MOZLDAP_LIBS}"
|
||||
AC_DEFINE_UNQUOTED(WITH_MOZLDAP, 1, [Use Mozilla LDAP libraries])
|
||||
fi
|
||||
AC_SUBST(LDAP_CFLAGS)
|
||||
AC_SUBST(LDAP_LIBS)
|
||||
|
@ -42,7 +42,6 @@
|
||||
#ifdef WITH_MOZLDAP
|
||||
#include <mozldap/ldap.h>
|
||||
#else
|
||||
#define LDAP_DEPRECATED 1
|
||||
#include <ldap.h>
|
||||
#endif
|
||||
#include <sasl/sasl.h>
|
||||
@ -331,6 +330,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
|
||||
struct berval *control = NULL;
|
||||
struct berval newpw;
|
||||
char hostname[1024];
|
||||
char *uri;
|
||||
struct berval **ncvals;
|
||||
char *ldap_base = NULL;
|
||||
char *filter;
|
||||
@ -386,11 +386,19 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
|
||||
goto done;
|
||||
}
|
||||
|
||||
ret = asprintf(&uri, "ldap://%s:389", hostname);
|
||||
if (ret == -1) {
|
||||
syslog(LOG_ERR, "Out of memory!");
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* connect to ldap server */
|
||||
/* TODO: support referrals ? */
|
||||
ld = ldap_init(hostname, 389);
|
||||
if(ld == NULL) {
|
||||
syslog(LOG_ERR, "Unable to connect to ldap server");
|
||||
ret = ldap_initialize(&ld, uri);
|
||||
free(uri);
|
||||
if(ret != LDAP_SUCCESS) {
|
||||
syslog(LOG_ERR, "Unable to connect to ldap server: %s",
|
||||
ldap_err2string(ret));
|
||||
goto done;
|
||||
}
|
||||
|
||||
@ -414,7 +422,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
|
||||
/* find base dn */
|
||||
/* TODO: address the case where we have multiple naming contexts */
|
||||
tv.tv_sec = 10;
|
||||
tv.tv_usec = 0;
|
||||
tv.tv_usec = 0;
|
||||
|
||||
ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE,
|
||||
"objectclass=*", root_attrs, 0,
|
||||
|
@ -49,8 +49,6 @@
|
||||
#include <unistd.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#define LDAP_DEPRECATED 1
|
||||
|
||||
#include <prio.h>
|
||||
#include <ssl.h>
|
||||
#include <dirsrv/slapi-plugin.h>
|
||||
|
@ -373,6 +373,40 @@ static void pwd_values_free(Slapi_ValueSet** results,
|
||||
slapi_vattr_values_free(results, actual_type_name, buffer_flags);
|
||||
}
|
||||
|
||||
static int ipapwd_rdn_count(const char *dn)
|
||||
{
|
||||
int rdnc = 0;
|
||||
|
||||
#ifdef WITH_MOZLDAP
|
||||
char **edn;
|
||||
|
||||
edn = ldap_explode_dn(dn, 0);
|
||||
if (!edn) {
|
||||
LOG_TRACE("ldap_explode_dn(dn) failed ?!");
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (rdnc = 0; edn != NULL && edn[rdnc]; rdnc++) /* count */ ;
|
||||
ldap_value_free(edn);
|
||||
#else
|
||||
/* both ldap_explode_dn and ldap_value_free are deprecated
|
||||
* in OpenLDAP */
|
||||
LDAPDN ldn;
|
||||
int ret;
|
||||
|
||||
ret = ldap_str2dn(dn, &ldn, LDAP_DN_FORMAT_LDAPV3);
|
||||
if (ret != LDAP_SUCCESS) {
|
||||
LOG_TRACE("ldap_str2dn(dn) failed ?!");
|
||||
return -1;
|
||||
}
|
||||
|
||||
for (rdnc = 0; ldn != NULL && ldn[rdnc]; rdnc++) /* count */ ;
|
||||
ldap_dnfree(ldn);
|
||||
#endif
|
||||
|
||||
return rdnc;
|
||||
}
|
||||
|
||||
static int ipapwd_getPolicy(const char *dn,
|
||||
Slapi_Entry *target, Slapi_Entry **e)
|
||||
{
|
||||
@ -386,7 +420,6 @@ static int ipapwd_getPolicy(const char *dn,
|
||||
"krbPwdHistoryLength", NULL};
|
||||
Slapi_Entry **es = NULL;
|
||||
Slapi_Entry *pe = NULL;
|
||||
char **edn;
|
||||
int ret, res, dist, rdnc, scope, i;
|
||||
Slapi_DN *sdn = NULL;
|
||||
int buffer_flags=0;
|
||||
@ -465,14 +498,12 @@ static int ipapwd_getPolicy(const char *dn,
|
||||
}
|
||||
|
||||
/* count number of RDNs in DN */
|
||||
edn = ldap_explode_dn(dn, 0);
|
||||
if (!edn) {
|
||||
LOG_TRACE("ldap_explode_dn(dn) failed ?!");
|
||||
rdnc = ipapwd_rdn_count(dn);
|
||||
if (rdnc == -1) {
|
||||
LOG_TRACE("ipapwd_rdn_count(dn) failed");
|
||||
ret = -1;
|
||||
goto done;
|
||||
}
|
||||
for (rdnc = 0; edn[rdnc]; rdnc++) /* count */ ;
|
||||
ldap_value_free(edn);
|
||||
|
||||
pe = NULL;
|
||||
dist = -1;
|
||||
@ -490,15 +521,12 @@ static int ipapwd_getPolicy(const char *dn,
|
||||
}
|
||||
if (slapi_sdn_issuffix(sdn, esdn)) {
|
||||
const char *dn1;
|
||||
char **e1;
|
||||
int c1;
|
||||
|
||||
dn1 = slapi_sdn_get_dn(esdn);
|
||||
if (!dn1) continue;
|
||||
e1 = ldap_explode_dn(dn1, 0);
|
||||
if (!e1) continue;
|
||||
for (c1 = 0; e1[c1]; c1++) /* count */ ;
|
||||
ldap_value_free(e1);
|
||||
c1 = ipapwd_rdn_count(dn1);
|
||||
if (c1 == -1) continue;
|
||||
if ((dist == -1) ||
|
||||
((rdnc - c1) < dist)) {
|
||||
dist = rdnc - c1;
|
||||
|
@ -41,8 +41,6 @@
|
||||
# include <config.h>
|
||||
#endif
|
||||
|
||||
#define LDAP_DEPRECATED 1
|
||||
|
||||
/*
|
||||
* Windows Synchronization Plug-in for IPA
|
||||
* This plugin allows IPA to intercept operations sent from
|
||||
@ -375,7 +373,6 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
|
||||
Slapi_Entry *ad_entry, char **new_dn_string,
|
||||
const Slapi_DN *ds_suffix, const Slapi_DN *ad_suffix)
|
||||
{
|
||||
char **rdns = NULL;
|
||||
PRBool flatten = PR_TRUE;
|
||||
IPA_WinSync_Config *ipaconfig = ipa_winsync_get_config();
|
||||
|
||||
@ -390,6 +387,9 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef WITH_MOZLDAP
|
||||
char **rdns = NULL;
|
||||
|
||||
rdns = ldap_explode_dn(*new_dn_string, 0);
|
||||
if (!rdns || !rdns[0]) {
|
||||
ldap_value_free(rdns);
|
||||
@ -399,6 +399,24 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
|
||||
slapi_ch_free_string(new_dn_string);
|
||||
*new_dn_string = slapi_ch_smprintf("%s,%s", rdns[0], slapi_sdn_get_dn(ds_suffix));
|
||||
ldap_value_free(rdns);
|
||||
#else
|
||||
/* both ldap_explode_dn and ldap_value_free are deprecated
|
||||
* in OpenLDAP */
|
||||
LDAPDN ldn;
|
||||
int ret;
|
||||
char *rdn;
|
||||
|
||||
ret = ldap_str2dn(*new_dn_string, &ldn, LDAP_DN_FORMAT_LDAPV3);
|
||||
if (ret != LDAP_SUCCESS) {
|
||||
LOG_TRACE("ldap_str2dn(dn) failed ?!");
|
||||
return;
|
||||
}
|
||||
|
||||
ldap_rdn2str(ldn[0], &rdn, LDAP_DN_FORMAT_UFN);
|
||||
*new_dn_string = slapi_ch_smprintf("%s,%s", rdn, slapi_sdn_get_dn(ds_suffix));
|
||||
ldap_dnfree(ldn);
|
||||
ldap_memfree(rdn);
|
||||
#endif
|
||||
|
||||
LOG("<-- ipa_winsync_get_new_ds_user_dn_cb -- new dn [%s] -- end\n",
|
||||
*new_dn_string);
|
||||
|
@ -23,6 +23,10 @@
|
||||
#include <libintl.h>
|
||||
#define _(STRING) gettext(STRING)
|
||||
|
||||
#ifndef discard_const
|
||||
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
|
||||
#endif
|
||||
|
||||
int init_gettext(void);
|
||||
|
||||
#endif /* __IPA_CLIENT_COMMON_H */
|
||||
|
@ -57,10 +57,6 @@
|
||||
#define KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
|
||||
#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.3.2"
|
||||
|
||||
#ifndef discard_const
|
||||
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
|
||||
#endif
|
||||
|
||||
struct krb_key_salt {
|
||||
krb5_enctype enctype;
|
||||
krb5_int32 salttype;
|
||||
|
@ -18,7 +18,6 @@
|
||||
*/
|
||||
|
||||
#define _GNU_SOURCE
|
||||
#define LDAP_DEPRECATED 1
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
@ -178,6 +177,9 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
|
||||
int version = LDAP_VERSION3;
|
||||
int ret;
|
||||
int ldapdebug = 0;
|
||||
char *uri;
|
||||
struct berval bindpw_bv;
|
||||
|
||||
if (debug) {
|
||||
ldapdebug=2;
|
||||
ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldapdebug);
|
||||
@ -186,7 +188,20 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
|
||||
if (ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, CAFILE) != LDAP_OPT_SUCCESS)
|
||||
goto fail;
|
||||
|
||||
ld = (LDAP *)ldap_init(hostname, 636);
|
||||
ret = asprintf(&uri, "ldaps://%s:636", hostname);
|
||||
if (ret == -1) {
|
||||
fprintf(stderr, _("Out of memory!"));
|
||||
goto fail;
|
||||
}
|
||||
|
||||
ret = ldap_initialize(&ld, uri);
|
||||
free(uri);
|
||||
if(ret != LDAP_SUCCESS) {
|
||||
fprintf(stderr, _("Unable to initialize connection to ldap server: %s"),
|
||||
ldap_err2string(ret));
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl) != LDAP_OPT_SUCCESS) {
|
||||
fprintf(stderr, _("Unable to enable SSL in LDAP\n"));
|
||||
goto fail;
|
||||
@ -198,7 +213,12 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
ret = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE);
|
||||
bindpw_bv.bv_val = discard_const(bindpw);
|
||||
bindpw_bv.bv_len = strlen(bindpw);
|
||||
|
||||
ret = ldap_sasl_bind_s(ld, binddn, LDAP_SASL_SIMPLE, &bindpw_bv,
|
||||
NULL, NULL, NULL);
|
||||
|
||||
if (ret != LDAP_SUCCESS) {
|
||||
int err;
|
||||
|
||||
@ -446,7 +466,10 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
|
||||
if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) {
|
||||
if (!quiet)
|
||||
fprintf(stderr, _("principal not found in host entry\n"));
|
||||
if (debug) ldap_perror(ld, "ldap_extended_operation_s");
|
||||
if (debug) {
|
||||
fprintf(stderr, "ldap_extended_operation_s failed: %s",
|
||||
ldap_err2string(rc));
|
||||
}
|
||||
rval = 18;
|
||||
goto ldap_done;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user