From 0ee7618ef935e4d4432d24d56463087ac533a53b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Marchal?=
 <fmarchal@users.sourceforge.net>
Date: Mon, 31 Jan 2011 20:17:09 +0000
Subject: [PATCH] Use non-deprecated libldap functions

The previously used LDAP functions are marked as deprecated by
libldap. This new code uses the new functions.

In addition, ldap_initialize set the default domain which is not set
by ldap_init and may improve the communication with ADServer.

The new code layout also properly sets the returned user name if the
ID is not found on the LDAP server. The returned user name is the same
as the ID.
---
 usertab.c | 103 +++++++++++++++++++++++++++++++++---------------------
 1 file changed, 64 insertions(+), 39 deletions(-)

diff --git a/usertab.c b/usertab.c
index 08dfd4e..a0748bb 100644
--- a/usertab.c
+++ b/usertab.c
@@ -133,12 +133,30 @@ static void get_usertab_name(const char *user,char *name,int namelen)
 
 #ifdef HAVE_LDAP_H
 static void init_ldap_usertab(void) {
-	/* Setting LDAP connection and initializing cache */
+	char *ldapuri;
+	LDAPURLDesc url;
+	int rc;
+
 	ldap_handle = NULL;
-	if ((ldap_handle = ldap_init(LDAPHost, LDAPPort)) == NULL) {
-		debuga(_("Unable to connect to LDAP server %s on port %d\n"), LDAPHost, LDAPPort);
+
+	/* Setting LDAP connection and initializing cache */
+	memset(&url,0,sizeof(url));
+	url.lud_scheme = "ldap";
+	url.lud_host = LDAPHost;
+	url.lud_port = LDAPPort;
+	url.lud_scope = LDAP_SCOPE_DEFAULT;
+	ldapuri = ldap_url_desc2str(&url);
+	if (ldapuri==NULL) {
+		debuga(_("Cannot prepare ldap URI for server %s on port %d\n"),LDAPHost,LDAPPort);
+		exit(EXIT_FAILURE);
+	}
+
+	rc = ldap_initialize(&ldap_handle, ldapuri);
+	if (rc != LDAP_SUCCESS) {
+		debuga(_("Unable to connect to LDAP server %s on port %d: %d (%s)\n"), LDAPHost, LDAPPort, rc, ldap_err2string(rc));
 		exit(EXIT_FAILURE);
 	}
+	ldap_memfree(ldapuri);
 
 	int ldap_protocol_version = LDAPProtocolVersion;
 	if (ldap_set_option(ldap_handle, LDAP_OPT_PROTOCOL_VERSION, &ldap_protocol_version) != LDAP_SUCCESS) {
@@ -147,7 +165,6 @@ static void init_ldap_usertab(void) {
 	}
 
 	/* Bind to the LDAP server. */
-	int rc;
 	rc = ldap_simple_bind_s( ldap_handle, LDAPBindDN, LDAPBindPW );
 	if ( rc != LDAP_SUCCESS ) {
 		debuga(_("Cannot bind to LDAP server: %s\n"), ldap_err2string(rc));
@@ -167,56 +184,64 @@ static void get_ldap_name(const char *userlogin,char *mappedname,int namelen)
 	char filtersearch[256], *searched_in_cache;
 	char searchloginname[3*MAX_USER_LEN];
 	char *attr, **vals;
+	const char *ptr;
 	LDAPMessage *result, *e;
 	BerElement *ber;
 	int i;
+	char *attrs[1];
 
-	for (i=0 ; i<sizeof(searchloginname)-1 && *userlogin ; userlogin++) {
-		if (strchr(strictchars,*userlogin)) {
-			// escape character according to rfc2254 section 4
+	searched_in_cache = search_in_cache(userlogin);
+	if (searched_in_cache!=NULL) {
+		strncpy(mappedname, searched_in_cache,namelen-1);
+		mappedname[namelen-1]='\0';
+		return;
+	}
+
+	// escape characters according to rfc2254 section 4
+	for (i=0 , ptr=userlogin ; i<sizeof(searchloginname)-1 && *ptr ; ptr++) {
+		if (strchr(strictchars,*ptr)) {
 			if (i+3>=sizeof(searchloginname)-1) break;
-			i+=sprintf(searchloginname+i,"\\%02X",*userlogin);
+			i+=sprintf(searchloginname+i,"\\%02X",*ptr);
 		} else {
-			searchloginname[i++]=*userlogin;
+			searchloginname[i++]=*ptr;
 		}
 	}
 	searchloginname[i]='\0';
 
-	if (!(searched_in_cache = search_in_cache(searchloginname))) {
-		snprintf(filtersearch, sizeof(filtersearch), LDAPFilterSearch, searchloginname, searchloginname, searchloginname, searchloginname, searchloginname);
+	snprintf(filtersearch, sizeof(filtersearch), LDAPFilterSearch, searchloginname, searchloginname, searchloginname, searchloginname, searchloginname);
 
-		/* Search record(s) in LDAP base */
+	/* Search record(s) in LDAP base */
+	attrs[0]=LDAPTargetAttr;
+	int rc= ldap_search_ext_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, attrs, 0, NULL, NULL, NULL, -1, &result);
+	if (rc != LDAP_SUCCESS) {
+		debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
+		debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch);
+		strncpy(mappedname,userlogin,namelen-1);
+		mappedname[namelen-1]='\0';
+		return;
+	}
 
-		int rc= ldap_search_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, NULL, 0, &result);
-		if ( rc != LDAP_SUCCESS ) {
-			debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
-			debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch);
-			strncpy(mappedname,searchloginname,namelen-1);
-			mappedname[namelen-1]='\0';
-			return;
-		}
+	if (!(e = ldap_first_entry(ldap_handle, result))) {
+		insert_to_cache(userlogin, userlogin);
+		strncpy(mappedname, userlogin,namelen-1);
+		mappedname[namelen-1]='\0';
+		return;
+	}
 
-		if (!(e = ldap_first_entry(ldap_handle, result)))
-			insert_to_cache(searchloginname, searchloginname);
-		else
-			for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) {
-				if (!strcasecmp(attr, LDAPTargetAttr)) {
-					if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) {
-						insert_to_cache(searchloginname, vals[0]);
-						strncpy(mappedname, vals[0],namelen-1);
-						mappedname[namelen-1]='\0';
-						ldap_memfree(vals);
-					}
-					ldap_memfree(attr);
-					break;
-				}
-				ldap_memfree(attr);
+	for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) {
+		if (!strcasecmp(attr, LDAPTargetAttr)) {
+			if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) {
+				insert_to_cache(userlogin, vals[0]);
+				strncpy(mappedname, vals[0],namelen-1);
+				mappedname[namelen-1]='\0';
+				ldap_memfree(vals);
 			}
-		ldap_msgfree(result);
-	} else {
-		strncpy(mappedname, searched_in_cache,namelen-1);
-		mappedname[namelen-1]='\0';
+			ldap_memfree(attr);
+			break;
+		}
+		ldap_memfree(attr);
 	}
+	ldap_msgfree(result);
 }
 #endif //HAVE_LDAP_H
 
-- 
2.47.2