From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Tue, 30 Jun 2015 14:37:36 +0000 (-0400)
Subject: Fallback to hostnames if we don't have ldap_url_parse, ldap_is_ldap_url, ldap_urldesc... 
X-Git-Tag: release_3_0_9~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70f787169b1e222b85976d07cfe02177cf92f79f;p=thirdparty%2Ffreeradius-server.git

Fallback to hostnames if we don't have ldap_url_parse, ldap_is_ldap_url, ldap_urldesc2str.

Use ldap_url_desc2str to produce the URL we pass to ldap_initialize, this should fix ldapi://
---

diff --git a/src/modules/rlm_ldap/config.h.in b/src/modules/rlm_ldap/config.h.in
index 12fadca2382..e392d4894f9 100644
--- a/src/modules/rlm_ldap/config.h.in
+++ b/src/modules/rlm_ldap/config.h.in
@@ -12,6 +12,9 @@
 /* Define to 1 if you have the `ldap_initialize' function. */
 #undef HAVE_LDAP_INITIALIZE
 
+/* Define to 1 if you have the `ldap_is_ldap_url' function. */
+#undef HAVE_LDAP_IS_LDAP_URL
+
 /* Define to 1 if you have the `ldap_sasl_interactive_bind' function. */
 #undef HAVE_LDAP_SASL_INTERACTIVE_BIND
 
@@ -24,6 +27,12 @@
 /* Define to 1 if you have the `ldap_unbind_ext_s' function. */
 #undef HAVE_LDAP_UNBIND_EXT_S
 
+/* Define to 1 if you have the `ldap_url_desc2str' function. */
+#undef HAVE_LDAP_URL_DESC2STR
+
+/* Define to 1 if you have the `ldap_url_parse' function. */
+#undef HAVE_LDAP_URL_PARSE
+
 /* Number of arguments the rebind procedure takes */
 #undef LDAP_SET_REBIND_PROC_ARGS
 
diff --git a/src/modules/rlm_ldap/configure b/src/modules/rlm_ldap/configure
index 2675abe9646..c8f0e74b6b1 100755
--- a/src/modules/rlm_ldap/configure
+++ b/src/modules/rlm_ldap/configure
@@ -3105,7 +3105,10 @@ smart_prefix=
 			ldap_set_rebind_proc \
 			ldap_create_sort_control \
 			ldap_create_sort_keylist \
-			ldap_free_sort_keylist
+			ldap_free_sort_keylist \
+			ldap_url_parse \
+			ldap_is_ldap_url \
+			ldap_url_desc2str
 
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
diff --git a/src/modules/rlm_ldap/configure.ac b/src/modules/rlm_ldap/configure.ac
index 20215caf899..bce260ba7f6 100644
--- a/src/modules/rlm_ldap/configure.ac
+++ b/src/modules/rlm_ldap/configure.ac
@@ -94,7 +94,10 @@ if test x$with_[]modname != xno; then
 			ldap_set_rebind_proc \
 			ldap_create_sort_control \
 			ldap_create_sort_keylist \
-			ldap_free_sort_keylist
+			ldap_free_sort_keylist \
+			ldap_url_parse \
+			ldap_is_ldap_url \
+			ldap_url_desc2str
 		)
 		AC_CACHE_CHECK(whether ldap_set_rebind_proc takes 3 arguments, ac_cv_ldap_set_rebind_proc, [
 			AC_TRY_COMPILE([
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 7a49eb43eed..1dc7feaf81b 100644
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -852,6 +852,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
 
 		value = cf_pair_value(cp);
 
+#if defined(HAVE_LDAP_URL_PARSE) && defined(HAVE_LDAP_IS_LDAP_URL) && defined(LDAP_URL_DESC2STR)
 		/*
 		 *	Split original server value out into URI, server and port
 		 *	so whatever initialization function we use later will have
@@ -859,65 +860,87 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
 		 */
 		if (ldap_is_ldap_url(value)) {
 			LDAPURLDesc	*ldap_url;
-			int		port = -1;
+			int		default_port = LDAP_PORT;
 
 			if (ldap_url_parse(value, &ldap_url)){
 				cf_log_err_cs(conf, "Parsing LDAP URL \"%s\" failed", value);
+			ldap_url_error:
+				ldap_free_urldesc(ldap_url);
 				return -1;
 			}
 
-#ifndef HAVE_LDAP_INITIALIZE
-			/*
-			 *	No LDAP initialize function.  Can't specify a scheme.
-			 */
-			if (ldap_url->lud_scheme &&
-			    (strcmp(ldap_url->lud_scheme, "ldaps") == 0) ||
-			    (strcmp(ldap_url->lud_scheme, "ldapi") == 0) ||
-			    (strcmp(ldap_url->lud_scheme, "cldap") == 0)) {
-				cf_log_err_cs(conf, "%s is not supported by linked libldap",
-					      ldap_url->lud_scheme);
-				return -1;
+			if (ldap_url->lud_dn) {
+				cf_log_err_cs(conf, "Base DN cannot be specified via server URL");
+				goto ldap_url_error;
 			}
 
-#else
-			/*
-			 *	Figure out the port from the URL
-			 */
-			if (ldap_url->lud_scheme) {
-				if (strcmp(ldap_url->lud_scheme, "ldaps") == 0) {
+			if (ldap_url->lud_attrs && ldap_url->lud_attrs[0]) {
+				cf_log_err_cs(conf, "Attribute list cannot be specified via server URL");
+				goto ldap_url_error;
+			}
+
+			if (ldap_url->lud_scope >= 0) {
+				cf_log_err_cs(conf, "Scope cannot be specified via server URL");
+				goto ldap_url_error;
+			}
+
+			/* We allow extensions */
+
+#  ifdef HAVE_LDAP_INITIALIZE
+			{
+				char *url;
+
+				/*
+				 *	Figure out the default port from the URL
+				 */
+				if (ldap_url->lud_scheme && (strcmp(ldap_url->lud_scheme, "ldaps") == 0)) {
 					if (inst->start_tls == true) {
 						cf_log_err_cs(conf, "ldaps:// scheme is not compatible "
 							      "with 'start_tls'");
-						return -1;
+						goto ldap_url_error;
 					}
+					default_port = LDAPS_PORT;
+				}
 
-					port = inst->port ? inst->port : LDAPS_PORT;
-
-				} else if (strcmp(ldap_url->lud_scheme, "ldapi") == 0) {
-					port = 0;
-
-				} else if (strcmp(ldap_url->lud_scheme, "cldap") == 0) {
-					port = inst->port ? inst->port : LDAP_PORT;
-				} /* else don't set the port */
-			}	  /* else don't set the port */
-#endif
-			if (port < 0) port = inst->port ? inst->port : LDAP_PORT;
+				/*
+				 *	Configured port overrides URL port
+				 */
+				if (inst->port) ldap_url->lud_port = inst->port;
 
+				/*
+				 *	If there's no URL port, then set it to the default
+				 *	this is so debugging messages show explicitly
+				 *	the port we're connecting to.
+				 */
+				if (!ldap_url->lud_port) ldap_url->lud_port = default_port;
 
-			if (ldap_url->lud_port > 0) port = ldap_url->lud_port;
+				url = ldap_url_desc2str(ldap_url);
+				if (!url) {
+					cf_log_err_cs(conf, "Failed recombining URL components");
+					goto ldap_url_error;
+				}
+				inst->server = talloc_asprintf_append(inst->server, "%s ", url);
+				LDAP_FREE(url);
+			}
+#  else
+			/*
+			 *	No LDAP initialize function.  Can't specify a scheme.
+			 */
+			if (ldap_url->lud_scheme &&
+			    ((strcmp(ldap_url->lud_scheme, "ldaps") == 0) ||
+			    (strcmp(ldap_url->lud_scheme, "ldapi") == 0) ||
+			    (strcmp(ldap_url->lud_scheme, "cldap") == 0))) {
+				cf_log_err_cs(conf, "%s is not supported by linked libldap",
+					      ldap_url->lud_scheme);
+				return -1;
+			}
 
-#ifdef HAVE_LDAP_INITIALIZE
-			inst->server = talloc_asprintf_append(inst->server, "%s://%s",
-							      ldap_url->lud_scheme ? ldap_url->lud_scheme : "ldap",
-							      ldap_url->lud_host ? ldap_url->lud_host : "");
-			if (port) inst->server = talloc_asprintf_append(inst->server, ":%i", port);
-			inst->server = talloc_strdup_append(inst->server, " ");
-#else
+			default_port = inst->port ? inst->port : LDAP_PORT;
 			inst->server = talloc_asprintf_append(inst->server, "%s",
 							      ldap_url->lud_host ? ldap_url->lud_host : "localhost");
-			if (port) inst->server = talloc_asprintf_append(inst->server, ":%i", port);
+			if (default_port) inst->server = talloc_asprintf_append(inst->server, ":%i", default_port);
 			inst->server = talloc_strdup_append(inst->server, " ");
-#endif
+#  endif
 			/*
 			 *	@todo We could set a few other top level
 			 *	directives using the URL, like base_dn
@@ -927,7 +950,14 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
 		/*
 		 *	We need to construct an LDAP URI
 		 */
-		} else {
+		} else
+#endif	/* HAVE_LDAP_URL_PARSE && HAVE_LDAP_IS_LDAP_URL && LDAP_URL_DESC2STR */
+		/*
+		 *	If it's not an URL, or we don't have the functions necessary
+		 *	to break apart the URL and recombine it, then just treat
+		 *	server as a hostname.
+		 */
+		{
 #ifdef HAVE_LDAP_INITIALIZE
 			char	const *p;
 			char	*q;