Do not use LDAP_DEPRECATED in plugins

Remove the LDAP_DEPRECATED constant and do not use functions that are
marked as deprecated in recent OpenLDAP releases. Also always define
WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that
depend on that constant.

https://fedorahosted.org/freeipa/ticket/576
This commit is contained in:
Jakub Hrozek 2011-01-03 16:16:57 +01:00 committed by Simo Sorce
parent 21bf175e0c
commit 8a9fdbfb03
8 changed files with 106 additions and 29 deletions

View File

@ -199,9 +199,11 @@ AC_ARG_WITH([openldap],
if test "x$with_openldap" == xyes; then
LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR4 $NSS3 -DUSE_OPENLDAP"
LDAP_LIBS="${OPENLDAP_LIBS}"
AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries])
else
LDAP_CFLAGS="${MOZLDAP_CFLAGS}"
LDAP_LIBS="${MOZLDAP_LIBS}"
AC_DEFINE_UNQUOTED(WITH_MOZLDAP, 1, [Use Mozilla LDAP libraries])
fi
AC_SUBST(LDAP_CFLAGS)
AC_SUBST(LDAP_LIBS)

View File

@ -42,7 +42,6 @@
#ifdef WITH_MOZLDAP
#include <mozldap/ldap.h>
#else
#define LDAP_DEPRECATED 1
#include <ldap.h>
#endif
#include <sasl/sasl.h>
@ -331,6 +330,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
struct berval *control = NULL;
struct berval newpw;
char hostname[1024];
char *uri;
struct berval **ncvals;
char *ldap_base = NULL;
char *filter;
@ -386,11 +386,19 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
goto done;
}
ret = asprintf(&uri, "ldap://%s:389", hostname);
if (ret == -1) {
syslog(LOG_ERR, "Out of memory!");
goto done;
}
/* connect to ldap server */
/* TODO: support referrals ? */
ld = ldap_init(hostname, 389);
if(ld == NULL) {
syslog(LOG_ERR, "Unable to connect to ldap server");
ret = ldap_initialize(&ld, uri);
free(uri);
if(ret != LDAP_SUCCESS) {
syslog(LOG_ERR, "Unable to connect to ldap server: %s",
ldap_err2string(ret));
goto done;
}
@ -414,7 +422,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e
/* find base dn */
/* TODO: address the case where we have multiple naming contexts */
tv.tv_sec = 10;
tv.tv_usec = 0;
tv.tv_usec = 0;
ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE,
"objectclass=*", root_attrs, 0,

View File

@ -49,8 +49,6 @@
#include <unistd.h>
#include <stdbool.h>
#define LDAP_DEPRECATED 1
#include <prio.h>
#include <ssl.h>
#include <dirsrv/slapi-plugin.h>

View File

@ -373,6 +373,40 @@ static void pwd_values_free(Slapi_ValueSet** results,
slapi_vattr_values_free(results, actual_type_name, buffer_flags);
}
static int ipapwd_rdn_count(const char *dn)
{
int rdnc = 0;
#ifdef WITH_MOZLDAP
char **edn;
edn = ldap_explode_dn(dn, 0);
if (!edn) {
LOG_TRACE("ldap_explode_dn(dn) failed ?!");
return -1;
}
for (rdnc = 0; edn != NULL && edn[rdnc]; rdnc++) /* count */ ;
ldap_value_free(edn);
#else
/* both ldap_explode_dn and ldap_value_free are deprecated
* in OpenLDAP */
LDAPDN ldn;
int ret;
ret = ldap_str2dn(dn, &ldn, LDAP_DN_FORMAT_LDAPV3);
if (ret != LDAP_SUCCESS) {
LOG_TRACE("ldap_str2dn(dn) failed ?!");
return -1;
}
for (rdnc = 0; ldn != NULL && ldn[rdnc]; rdnc++) /* count */ ;
ldap_dnfree(ldn);
#endif
return rdnc;
}
static int ipapwd_getPolicy(const char *dn,
Slapi_Entry *target, Slapi_Entry **e)
{
@ -386,7 +420,6 @@ static int ipapwd_getPolicy(const char *dn,
"krbPwdHistoryLength", NULL};
Slapi_Entry **es = NULL;
Slapi_Entry *pe = NULL;
char **edn;
int ret, res, dist, rdnc, scope, i;
Slapi_DN *sdn = NULL;
int buffer_flags=0;
@ -465,14 +498,12 @@ static int ipapwd_getPolicy(const char *dn,
}
/* count number of RDNs in DN */
edn = ldap_explode_dn(dn, 0);
if (!edn) {
LOG_TRACE("ldap_explode_dn(dn) failed ?!");
rdnc = ipapwd_rdn_count(dn);
if (rdnc == -1) {
LOG_TRACE("ipapwd_rdn_count(dn) failed");
ret = -1;
goto done;
}
for (rdnc = 0; edn[rdnc]; rdnc++) /* count */ ;
ldap_value_free(edn);
pe = NULL;
dist = -1;
@ -490,15 +521,12 @@ static int ipapwd_getPolicy(const char *dn,
}
if (slapi_sdn_issuffix(sdn, esdn)) {
const char *dn1;
char **e1;
int c1;
dn1 = slapi_sdn_get_dn(esdn);
if (!dn1) continue;
e1 = ldap_explode_dn(dn1, 0);
if (!e1) continue;
for (c1 = 0; e1[c1]; c1++) /* count */ ;
ldap_value_free(e1);
c1 = ipapwd_rdn_count(dn1);
if (c1 == -1) continue;
if ((dist == -1) ||
((rdnc - c1) < dist)) {
dist = rdnc - c1;

View File

@ -41,8 +41,6 @@
# include <config.h>
#endif
#define LDAP_DEPRECATED 1
/*
* Windows Synchronization Plug-in for IPA
* This plugin allows IPA to intercept operations sent from
@ -375,7 +373,6 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
Slapi_Entry *ad_entry, char **new_dn_string,
const Slapi_DN *ds_suffix, const Slapi_DN *ad_suffix)
{
char **rdns = NULL;
PRBool flatten = PR_TRUE;
IPA_WinSync_Config *ipaconfig = ipa_winsync_get_config();
@ -390,6 +387,9 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
return;
}
#ifdef WITH_MOZLDAP
char **rdns = NULL;
rdns = ldap_explode_dn(*new_dn_string, 0);
if (!rdns || !rdns[0]) {
ldap_value_free(rdns);
@ -399,6 +399,24 @@ ipa_winsync_get_new_ds_user_dn_cb(void *cbdata, const Slapi_Entry *rawentry,
slapi_ch_free_string(new_dn_string);
*new_dn_string = slapi_ch_smprintf("%s,%s", rdns[0], slapi_sdn_get_dn(ds_suffix));
ldap_value_free(rdns);
#else
/* both ldap_explode_dn and ldap_value_free are deprecated
* in OpenLDAP */
LDAPDN ldn;
int ret;
char *rdn;
ret = ldap_str2dn(*new_dn_string, &ldn, LDAP_DN_FORMAT_LDAPV3);
if (ret != LDAP_SUCCESS) {
LOG_TRACE("ldap_str2dn(dn) failed ?!");
return;
}
ldap_rdn2str(ldn[0], &rdn, LDAP_DN_FORMAT_UFN);
*new_dn_string = slapi_ch_smprintf("%s,%s", rdn, slapi_sdn_get_dn(ds_suffix));
ldap_dnfree(ldn);
ldap_memfree(rdn);
#endif
LOG("<-- ipa_winsync_get_new_ds_user_dn_cb -- new dn [%s] -- end\n",
*new_dn_string);

View File

@ -23,6 +23,10 @@
#include <libintl.h>
#define _(STRING) gettext(STRING)
#ifndef discard_const
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
#endif
int init_gettext(void);
#endif /* __IPA_CLIENT_COMMON_H */

View File

@ -57,10 +57,6 @@
#define KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.3.2"
#ifndef discard_const
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
#endif
struct krb_key_salt {
krb5_enctype enctype;
krb5_int32 salttype;

View File

@ -18,7 +18,6 @@
*/
#define _GNU_SOURCE
#define LDAP_DEPRECATED 1
#include <unistd.h>
#include <stdlib.h>
@ -178,6 +177,9 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
int version = LDAP_VERSION3;
int ret;
int ldapdebug = 0;
char *uri;
struct berval bindpw_bv;
if (debug) {
ldapdebug=2;
ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldapdebug);
@ -186,7 +188,20 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
if (ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, CAFILE) != LDAP_OPT_SUCCESS)
goto fail;
ld = (LDAP *)ldap_init(hostname, 636);
ret = asprintf(&uri, "ldaps://%s:636", hostname);
if (ret == -1) {
fprintf(stderr, _("Out of memory!"));
goto fail;
}
ret = ldap_initialize(&ld, uri);
free(uri);
if(ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to initialize connection to ldap server: %s"),
ldap_err2string(ret));
goto fail;
}
if (ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl) != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to enable SSL in LDAP\n"));
goto fail;
@ -198,7 +213,12 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
goto fail;
}
ret = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE);
bindpw_bv.bv_val = discard_const(bindpw);
bindpw_bv.bv_len = strlen(bindpw);
ret = ldap_sasl_bind_s(ld, binddn, LDAP_SASL_SIMPLE, &bindpw_bv,
NULL, NULL, NULL);
if (ret != LDAP_SUCCESS) {
int err;
@ -446,7 +466,10 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) {
if (!quiet)
fprintf(stderr, _("principal not found in host entry\n"));
if (debug) ldap_perror(ld, "ldap_extended_operation_s");
if (debug) {
fprintf(stderr, "ldap_extended_operation_s failed: %s",
ldap_err2string(rc));
}
rval = 18;
goto ldap_done;
}