From: Frédéric Marchal <fmarchal@users.sourceforge.net>
Date: Mon, 31 Jan 2011 20:17:09 +0000 (+0000)
Subject: Use non-deprecated libldap functions
X-Git-Tag: v2.3.2~81
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ee7618ef935e4d4432d24d56463087ac533a53b;p=thirdparty%2Fsarg.git

Use non-deprecated libldap functions

The previously used LDAP functions are marked as deprecated by
libldap. This new code uses the new functions.

In addition, ldap_initialize set the default domain which is not set
by ldap_init and may improve the communication with ADServer.

The new code layout also properly sets the returned user name if the
ID is not found on the LDAP server. The returned user name is the same
as the ID.
---

diff --git a/usertab.c b/usertab.c
index 08dfd4e..a0748bb 100644
--- a/usertab.c
+++ b/usertab.c
@@ -133,12 +133,30 @@ static void get_usertab_name(const char *user,char *name,int namelen)
 
 #ifdef HAVE_LDAP_H
 static void init_ldap_usertab(void) {
-	/* Setting LDAP connection and initializing cache */
+	char *ldapuri;
+	LDAPURLDesc url;
+	int rc;
+
 	ldap_handle = NULL;
-	if ((ldap_handle = ldap_init(LDAPHost, LDAPPort)) == NULL) {
-		debuga(_("Unable to connect to LDAP server %s on port %d\n"), LDAPHost, LDAPPort);
+
+	/* Setting LDAP connection and initializing cache */
+	memset(&url,0,sizeof(url));
+	url.lud_scheme = "ldap";
+	url.lud_host = LDAPHost;
+	url.lud_port = LDAPPort;
+	url.lud_scope = LDAP_SCOPE_DEFAULT;
+	ldapuri = ldap_url_desc2str(&url);
+	if (ldapuri==NULL) {
+		debuga(_("Cannot prepare ldap URI for server %s on port %d\n"),LDAPHost,LDAPPort);
+		exit(EXIT_FAILURE);
+	}
+
+	rc = ldap_initialize(&ldap_handle, ldapuri);
+	if (rc != LDAP_SUCCESS) {
+		debuga(_("Unable to connect to LDAP server %s on port %d: %d (%s)\n"), LDAPHost, LDAPPort, rc, ldap_err2string(rc));
 		exit(EXIT_FAILURE);
 	}
+	ldap_memfree(ldapuri);
 
 	int ldap_protocol_version = LDAPProtocolVersion;
 	if (ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &ldap_protocol_version) != LDAP_SUCCESS) {
@@ -147,7 +165,6 @@ static void init_ldap_usertab(void) {
 	}
 
 	/* Bind to the LDAP server. */
-	int rc;
 	rc = ldap_simple_bind_s( ldap_handle, LDAPBindDN, LDAPBindPW );
 	if ( rc != LDAP_SUCCESS ) {
 		debuga(_("Cannot bind to LDAP server: %s\n"), ldap_err2string(rc));
@@ -167,56 +184,64 @@ static void get_ldap_name(const char *userlogin,char *mappedname,int namelen)
 	char filtersearch[256], *searched_in_cache;
 	char searchloginname[3*MAX_USER_LEN];
 	char *attr, **vals;
+	const char *ptr;
 	LDAPMessage *result, *e;
 	BerElement *ber;
 	int i;
+	char *attrs[1];
 
-	for (i=0 ; i<sizeof(searchloginname)-1 && *userlogin ; userlogin++) {
-		if (strchr(strictchars,*userlogin)) {
-			// escape character according to rfc2254 section 4
+	searched_in_cache = search_in_cache(userlogin);
+	if (searched_in_cache!=NULL) {
+		strncpy(mappedname, searched_in_cache,namelen-1);
+		mappedname[namelen-1]='\0';
+		return;
+	}
+
+	// escape characters according to rfc2254 section 4
+	for (i=0 , ptr=userlogin ; i<sizeof(searchloginname)-1 && *ptr ; ptr++) {
+		if (strchr(strictchars,*ptr)) {
 			if (i+3>=sizeof(searchloginname)-1) break;
-			i+=sprintf(searchloginname+i,"\\%02X",*userlogin);
+			i+=sprintf(searchloginname+i,"\\%02X",*ptr);
 		} else {
-			searchloginname[i++]=*userlogin;
+			searchloginname[i++]=*ptr;
 		}
 	}
 	searchloginname[i]='\0';
 
-	if (!(searched_in_cache = search_in_cache(searchloginname))) {
-		snprintf(filtersearch, sizeof(filtersearch), LDAPFilterSearch, searchloginname, searchloginname, searchloginname, searchloginname, searchloginname);
+	snprintf(filtersearch, sizeof(filtersearch), LDAPFilterSearch, searchloginname, searchloginname, searchloginname, searchloginname, searchloginname);
 
-		/* Search record(s) in LDAP base */
+	/* Search record(s) in LDAP base */
+	attrs[0]=LDAPTargetAttr;
+	int rc= ldap_search_ext_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, attrs, 0, NULL, NULL, NULL, -1, &result);
+	if (rc != LDAP_SUCCESS) {
+		debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
+		debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch);
+		strncpy(mappedname,userlogin,namelen-1);
+		mappedname[namelen-1]='\0';
+		return;
+	}
 
-		int rc= ldap_search_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, NULL, 0, &result);
-		if ( rc != LDAP_SUCCESS ) {
-			debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
-			debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch);
-			strncpy(mappedname,searchloginname,namelen-1);
-			mappedname[namelen-1]='\0';
-			return;
-		}
+	if (!(e = ldap_first_entry(ldap_handle, result))) {
+		insert_to_cache(userlogin, userlogin);
+		strncpy(mappedname, userlogin,namelen-1);
+		mappedname[namelen-1]='\0';
+		return;
+	}
 
-		if (!(e = ldap_first_entry(ldap_handle, result)))
-			insert_to_cache(searchloginname, searchloginname);
-		else
-			for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) {
-				if (!strcasecmp(attr, LDAPTargetAttr)) {
-					if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) {
-						insert_to_cache(searchloginname, vals[0]);
-						strncpy(mappedname, vals[0],namelen-1);
-						mappedname[namelen-1]='\0';
-						ldap_memfree(vals);
-					}
-					ldap_memfree(attr);
-					break;
-				}
-				ldap_memfree(attr);
+	for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) {
+		if (!strcasecmp(attr, LDAPTargetAttr)) {
+			if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) {
+				insert_to_cache(userlogin, vals[0]);
+				strncpy(mappedname, vals[0],namelen-1);
+				mappedname[namelen-1]='\0';
+				ldap_memfree(vals);
 			}
-		ldap_msgfree(result);
-	} else {
-		strncpy(mappedname, searched_in_cache,namelen-1);
-		mappedname[namelen-1]='\0';
+			ldap_memfree(attr);
+			break;
+		}
+		ldap_memfree(attr);
 	}
+	ldap_msgfree(result);
 }
 #endif //HAVE_LDAP_H