2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2006 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
19 #include <ac/stdlib.h>
21 #include <ac/socket.h>
22 #include <ac/string.h>
31 #include "ldap_defaults.h"
34 struct ldapoptions ldap_int_global_options =
35 { LDAP_UNINITIALIZED, LDAP_DEBUG_NONE };
48 #define ATTR_OPT_INT 9
55 static const struct ol_keyvalue deref_kv[] = {
56 {"never", LDAP_DEREF_NEVER},
57 {"searching", LDAP_DEREF_SEARCHING},
58 {"finding", LDAP_DEREF_FINDING},
59 {"always", LDAP_DEREF_ALWAYS},
63 static const struct ol_attribute {
70 {0, ATTR_OPT_TV, "TIMEOUT", NULL, LDAP_OPT_TIMEOUT},
71 {0, ATTR_OPT_TV, "NETWORK_TIMEOUT", NULL, LDAP_OPT_NETWORK_TIMEOUT},
72 {0, ATTR_OPT_INT, "VERSION", NULL, LDAP_OPT_PROTOCOL_VERSION},
73 {0, ATTR_KV, "DEREF", deref_kv, /* or &deref_kv[0] */
74 offsetof(struct ldapoptions, ldo_deref)},
75 {0, ATTR_INT, "SIZELIMIT", NULL,
76 offsetof(struct ldapoptions, ldo_sizelimit)},
77 {0, ATTR_INT, "TIMELIMIT", NULL,
78 offsetof(struct ldapoptions, ldo_timelimit)},
79 {1, ATTR_STRING, "BINDDN", NULL,
80 offsetof(struct ldapoptions, ldo_defbinddn)},
81 {0, ATTR_STRING, "BASE", NULL,
82 offsetof(struct ldapoptions, ldo_defbase)},
83 {0, ATTR_INT, "PORT", NULL, /* deprecated */
84 offsetof(struct ldapoptions, ldo_defport)},
85 {0, ATTR_OPTION, "HOST", NULL, LDAP_OPT_HOST_NAME}, /* deprecated */
86 {0, ATTR_OPTION, "URI", NULL, LDAP_OPT_URI}, /* replaces HOST/PORT */
87 {0, ATTR_BOOL, "REFERRALS", NULL, LDAP_BOOL_REFERRALS},
88 {0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART},
90 #ifdef HAVE_CYRUS_SASL
91 {0, ATTR_STRING, "SASL_MECH", NULL,
92 offsetof(struct ldapoptions, ldo_def_sasl_mech)},
93 {0, ATTR_STRING, "SASL_REALM", NULL,
94 offsetof(struct ldapoptions, ldo_def_sasl_realm)},
95 {1, ATTR_STRING, "SASL_AUTHCID", NULL,
96 offsetof(struct ldapoptions, ldo_def_sasl_authcid)},
97 {1, ATTR_STRING, "SASL_AUTHZID", NULL,
98 offsetof(struct ldapoptions, ldo_def_sasl_authzid)},
99 {0, ATTR_SASL, "SASL_SECPROPS", NULL, LDAP_OPT_X_SASL_SECPROPS},
103 {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE},
104 {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE},
105 {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE},
106 {0, ATTR_TLS, "TLS_CACERTDIR", NULL, LDAP_OPT_X_TLS_CACERTDIR},
107 {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT},
108 {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE},
109 {0, ATTR_TLS, "TLS_CIPHER_SUITE", NULL, LDAP_OPT_X_TLS_CIPHER_SUITE},
111 #ifdef HAVE_OPENSSL_CRL
112 {0, ATTR_TLS, "TLS_CRLCHECK", NULL, LDAP_OPT_X_TLS_CRLCHECK},
117 {0, ATTR_NONE, NULL, NULL, 0}
120 #define MAX_LDAP_ATTR_LEN sizeof("TLS_CIPHER_SUITE")
121 #define MAX_LDAP_ENV_PREFIX_LEN 8
123 static void openldap_ldap_init_w_conf(
124 const char *file, int userconf )
126 char linebuf[ AC_LINE_MAX ];
131 struct ldapoptions *gopts;
133 if ((gopts = LDAP_INT_GLOBAL_OPT()) == NULL) {
134 return; /* Could not allocate mem for global options */
142 Debug(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file, 0, 0);
144 fp = fopen(file, "r");
146 /* could not open file */
150 Debug(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file, 0, 0);
152 while((start = fgets(linebuf, sizeof(linebuf), fp)) != NULL) {
153 /* skip lines starting with '#' */
154 if(*start == '#') continue;
156 /* trim leading white space */
157 while((*start != '\0') && isspace((unsigned char) *start))
161 if(*start == '\0') continue;
163 /* trim trailing white space */
164 end = &start[strlen(start)-1];
165 while(isspace((unsigned char)*end)) end--;
169 if(*start == '\0') continue;
172 /* parse the command */
174 while((*start != '\0') && !isspace((unsigned char)*start)) {
178 /* command has no argument */
184 /* we must have some whitespace to skip */
185 while(isspace((unsigned char)*start)) start++;
188 for(i=0; attrs[i].type != ATTR_NONE; i++) {
191 if( !userconf && attrs[i].useronly ) {
195 if(strcasecmp(cmd, attrs[i].name) != 0) {
199 switch(attrs[i].type) {
201 if((strcasecmp(opt, "on") == 0)
202 || (strcasecmp(opt, "yes") == 0)
203 || (strcasecmp(opt, "true") == 0))
205 LDAP_BOOL_SET(gopts, attrs[i].offset);
208 LDAP_BOOL_CLR(gopts, attrs[i].offset);
214 p = &((char *) gopts)[attrs[i].offset];
215 (void)lutil_atoi( (int*) p, opt );
219 const struct ol_keyvalue *kv;
221 for(kv = attrs[i].data;
225 if(strcasecmp(opt, kv->key) == 0) {
226 p = &((char *) gopts)[attrs[i].offset];
227 * (int*) p = kv->value;
234 p = &((char *) gopts)[attrs[i].offset];
235 if (* (char**) p != NULL) LDAP_FREE(* (char**) p);
236 * (char**) p = LDAP_STRDUP(opt);
239 ldap_set_option( NULL, attrs[i].offset, opt );
242 #ifdef HAVE_CYRUS_SASL
243 ldap_int_sasl_config( gopts, attrs[i].offset, opt );
248 ldap_int_tls_config( NULL, attrs[i].offset, opt );
255 (void)lutil_atol( &tv.tv_sec, opt );
256 if ( tv.tv_sec > 0 ) {
257 (void)ldap_set_option( NULL, attrs[i].offset, (const void *)&tv);
262 (void)lutil_atoi( &v, opt );
264 (void)ldap_set_option( NULL, attrs[i].offset, (const void *)&v);
276 static void openldap_ldap_init_w_sysconf(const char *file)
278 openldap_ldap_init_w_conf( file, 0 );
281 static void openldap_ldap_init_w_userconf(const char *file)
291 home = getenv("HOME");
294 Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n",
296 path = LDAP_MALLOC(strlen(home) + strlen(file) + sizeof( LDAP_DIRSEP "."));
298 Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n",
302 if(home != NULL && path != NULL) {
303 /* we assume UNIX path syntax is used... */
306 sprintf(path, "%s" LDAP_DIRSEP "%s", home, file);
307 openldap_ldap_init_w_conf(path, 1);
310 sprintf(path, "%s" LDAP_DIRSEP ".%s", home, file);
311 openldap_ldap_init_w_conf(path, 1);
319 openldap_ldap_init_w_conf(file, 1);
322 static void openldap_ldap_init_w_env(
323 struct ldapoptions *gopts,
326 char buf[MAX_LDAP_ATTR_LEN+MAX_LDAP_ENV_PREFIX_LEN];
332 if (prefix == NULL) {
333 prefix = LDAP_ENV_PREFIX;
336 strncpy(buf, prefix, MAX_LDAP_ENV_PREFIX_LEN);
337 buf[MAX_LDAP_ENV_PREFIX_LEN] = '\0';
340 for(i=0; attrs[i].type != ATTR_NONE; i++) {
341 strcpy(&buf[len], attrs[i].name);
348 switch(attrs[i].type) {
350 if((strcasecmp(value, "on") == 0)
351 || (strcasecmp(value, "yes") == 0)
352 || (strcasecmp(value, "true") == 0))
354 LDAP_BOOL_SET(gopts, attrs[i].offset);
357 LDAP_BOOL_CLR(gopts, attrs[i].offset);
362 p = &((char *) gopts)[attrs[i].offset];
363 * (int*) p = atoi(value);
367 const struct ol_keyvalue *kv;
369 for(kv = attrs[i].data;
373 if(strcasecmp(value, kv->key) == 0) {
374 p = &((char *) gopts)[attrs[i].offset];
375 * (int*) p = kv->value;
382 p = &((char *) gopts)[attrs[i].offset];
383 if (* (char**) p != NULL) LDAP_FREE(* (char**) p);
384 if (*value == '\0') {
387 * (char**) p = LDAP_STRDUP(value);
391 ldap_set_option( NULL, attrs[i].offset, value );
394 #ifdef HAVE_CYRUS_SASL
395 ldap_int_sasl_config( gopts, attrs[i].offset, value );
400 ldap_int_tls_config( NULL, attrs[i].offset, value );
407 #if defined(__GNUC__)
408 /* Declare this function as a destructor so that it will automatically be
409 * invoked either at program exit (if libldap is a static library) or
410 * at unload time (if libldap is a dynamic library).
412 * Sorry, don't know how to handle this for non-GCC environments.
414 static void ldap_int_destroy_global_options(void)
415 __attribute__ ((destructor));
419 ldap_int_destroy_global_options(void)
421 struct ldapoptions *gopts = LDAP_INT_GLOBAL_OPT();
426 gopts->ldo_valid = LDAP_UNINITIALIZED;
428 if ( gopts->ldo_defludp ) {
429 ldap_free_urllist( gopts->ldo_defludp );
430 gopts->ldo_defludp = NULL;
432 #if defined(HAVE_WINSOCK) || defined(HAVE_WINSOCK2)
436 #if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
437 || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
438 if ( ldap_int_hostname ) {
439 LDAP_FREE( ldap_int_hostname );
440 ldap_int_hostname = NULL;
443 #ifdef HAVE_CYRUS_SASL
444 if ( gopts->ldo_def_sasl_authcid ) {
445 LDAP_FREE( gopts->ldo_def_sasl_authcid );
446 gopts->ldo_def_sasl_authcid = NULL;
450 ldap_int_tls_destroy( gopts );
455 * Initialize the global options structure with default values.
457 void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl )
460 gopts->ldo_debug = *dbglvl;
462 gopts->ldo_debug = 0;
464 gopts->ldo_version = LDAP_VERSION2;
465 gopts->ldo_deref = LDAP_DEREF_NEVER;
466 gopts->ldo_timelimit = LDAP_NO_LIMIT;
467 gopts->ldo_sizelimit = LDAP_NO_LIMIT;
469 gopts->ldo_tm_api = (struct timeval *)NULL;
470 gopts->ldo_tm_net = (struct timeval *)NULL;
472 /* ldo_defludp will be freed by the termination handler
474 ldap_url_parselist(&gopts->ldo_defludp, "ldap://localhost/");
475 gopts->ldo_defport = LDAP_PORT;
476 #if !defined(__GNUC__) && !defined(PIC)
477 /* Do this only for a static library, and only if we can't
478 * arrange for it to be executed as a library destructor
480 atexit(ldap_int_destroy_global_options);
483 gopts->ldo_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT;
484 gopts->ldo_rebind_proc = NULL;
485 gopts->ldo_rebind_params = NULL;
487 LDAP_BOOL_ZERO(gopts);
489 LDAP_BOOL_SET(gopts, LDAP_BOOL_REFERRALS);
491 #ifdef LDAP_CONNECTIONLESS
492 gopts->ldo_peer = NULL;
493 gopts->ldo_cldapdn = NULL;
494 gopts->ldo_is_udp = 0;
497 #ifdef HAVE_CYRUS_SASL
498 gopts->ldo_def_sasl_mech = NULL;
499 gopts->ldo_def_sasl_realm = NULL;
500 gopts->ldo_def_sasl_authcid = NULL;
501 gopts->ldo_def_sasl_authzid = NULL;
503 memset( &gopts->ldo_sasl_secprops,
504 '\0', sizeof(gopts->ldo_sasl_secprops) );
506 gopts->ldo_sasl_secprops.max_ssf = INT_MAX;
507 gopts->ldo_sasl_secprops.maxbufsize = SASL_MAX_BUFF_SIZE;
508 gopts->ldo_sasl_secprops.security_flags =
509 SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
513 gopts->ldo_tls_connect_cb = NULL;
514 gopts->ldo_tls_connect_arg = NULL;
517 gopts->ldo_valid = LDAP_INITIALIZED;
521 #if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
522 || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
523 char * ldap_int_hostname = NULL;
526 void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
528 if ( gopts->ldo_valid == LDAP_INITIALIZED ) {
532 ldap_int_error_init();
534 ldap_int_utils_init();
537 { WORD wVersionRequested;
540 wVersionRequested = MAKEWORD( 2, 0 );
541 if ( WSAStartup( wVersionRequested, &wsaData ) != 0 ) {
542 /* Tell the user that we couldn't find a usable */
547 /* Confirm that the WinSock DLL supports 2.0.*/
548 /* Note that if the DLL supports versions greater */
549 /* than 2.0 in addition to 2.0, it will still return */
550 /* 2.0 in wVersion since that is the version we */
553 if ( LOBYTE( wsaData.wVersion ) != 2 ||
554 HIBYTE( wsaData.wVersion ) != 0 )
556 /* Tell the user that we couldn't find a usable */
561 } /* The WinSock DLL is acceptable. Proceed. */
564 if ( WSAStartup( 0x0101, &wsaData ) != 0 ) {
570 #if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
571 || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
573 char *name = ldap_int_hostname;
575 ldap_int_hostname = ldap_pvt_get_fqdn( name );
577 if ( name != NULL && name != ldap_int_hostname ) {
584 if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();
587 ldap_int_initialize_global_options(gopts, NULL);
589 if( getenv("LDAPNOINIT") != NULL ) {
593 #ifdef HAVE_CYRUS_SASL
595 /* set authentication identity to current user name */
596 char *user = getenv("USER");
598 if( user == NULL ) user = getenv("USERNAME");
599 if( user == NULL ) user = getenv("LOGNAME");
602 gopts->ldo_def_sasl_authcid = LDAP_STRDUP( user );
607 openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
608 openldap_ldap_init_w_userconf(LDAP_USERRC_FILE);
611 char *altfile = getenv(LDAP_ENV_PREFIX "CONF");
613 if( altfile != NULL ) {
614 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
615 LDAP_ENV_PREFIX "CONF", altfile, 0);
616 openldap_ldap_init_w_sysconf( altfile );
619 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
620 LDAP_ENV_PREFIX "CONF", 0, 0);
624 char *altfile = getenv(LDAP_ENV_PREFIX "RC");
626 if( altfile != NULL ) {
627 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n",
628 LDAP_ENV_PREFIX "RC", altfile, 0);
629 openldap_ldap_init_w_userconf( altfile );
632 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n",
633 LDAP_ENV_PREFIX "RC", 0, 0);
636 openldap_ldap_init_w_env(gopts, NULL);