/* $OpenLDAP$ */
-/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
*/
+
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
+#ifdef HAVE_GETEUID
+#include <ac/unistd.h>
+#endif
+
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/ctype.h>
#include <ac/time.h>
+#ifdef HAVE_LIMITS_H
#include <limits.h>
+#endif
#include "ldap-int.h"
#include "ldap_defaults.h"
+#include "lutil.h"
struct ldapoptions ldap_int_global_options =
{ LDAP_UNINITIALIZED, LDAP_DEBUG_NONE };
#define ATTR_SASL 6
#define ATTR_TLS 7
+#define ATTR_OPT_TV 8
+#define ATTR_OPT_INT 9
+
+#define ATTR_GSSAPI 10
+
struct ol_keyvalue {
const char * key;
int value;
const void * data;
size_t offset;
} attrs[] = {
+ {0, ATTR_OPT_TV, "TIMEOUT", NULL, LDAP_OPT_TIMEOUT},
+ {0, ATTR_OPT_TV, "NETWORK_TIMEOUT", NULL, LDAP_OPT_NETWORK_TIMEOUT},
+ {0, ATTR_OPT_INT, "VERSION", NULL, LDAP_OPT_PROTOCOL_VERSION},
{0, ATTR_KV, "DEREF", deref_kv, /* or &deref_kv[0] */
offsetof(struct ldapoptions, ldo_deref)},
{0, ATTR_INT, "SIZELIMIT", NULL,
{0, ATTR_OPTION, "HOST", NULL, LDAP_OPT_HOST_NAME}, /* deprecated */
{0, ATTR_OPTION, "URI", NULL, LDAP_OPT_URI}, /* replaces HOST/PORT */
{0, ATTR_BOOL, "REFERRALS", NULL, LDAP_BOOL_REFERRALS},
+#if 0
+ /* This should only be allowed via ldap_set_option(3) */
{0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART},
+#endif
#ifdef HAVE_CYRUS_SASL
- {1, ATTR_STRING, "SASL_MECH", NULL,
+ {0, ATTR_STRING, "SASL_MECH", NULL,
offsetof(struct ldapoptions, ldo_def_sasl_mech)},
- {1, ATTR_STRING, "SASL_REALM", NULL,
+ {0, ATTR_STRING, "SASL_REALM", NULL,
offsetof(struct ldapoptions, ldo_def_sasl_realm)},
{1, ATTR_STRING, "SASL_AUTHCID", NULL,
offsetof(struct ldapoptions, ldo_def_sasl_authcid)},
{1, ATTR_STRING, "SASL_AUTHZID", NULL,
offsetof(struct ldapoptions, ldo_def_sasl_authzid)},
{0, ATTR_SASL, "SASL_SECPROPS", NULL, LDAP_OPT_X_SASL_SECPROPS},
+ {0, ATTR_BOOL, "SASL_NOCANON", NULL, LDAP_BOOL_SASL_NOCANON},
+#endif
+
+#ifdef HAVE_GSSAPI
+ {0, ATTR_GSSAPI,"GSSAPI_SIGN", NULL, LDAP_OPT_SIGN},
+ {0, ATTR_GSSAPI,"GSSAPI_ENCRYPT", NULL, LDAP_OPT_ENCRYPT},
+ {0, ATTR_GSSAPI,"GSSAPI_ALLOW_REMOTE_PRINCIPAL",NULL, LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL},
#endif
#ifdef HAVE_TLS
- {0, ATTR_TLS, "TLS", NULL, LDAP_OPT_X_TLS},
- {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE},
- {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE},
- {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE},
- {0, ATTR_TLS, "TLS_CACERTDIR",NULL, LDAP_OPT_X_TLS_CACERTDIR},
- {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT},
- {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE},
+ {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE},
+ {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE},
+ {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE},
+ {0, ATTR_TLS, "TLS_CACERTDIR", NULL, LDAP_OPT_X_TLS_CACERTDIR},
+ {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT},
+ {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE},
+ {0, ATTR_TLS, "TLS_CIPHER_SUITE", NULL, LDAP_OPT_X_TLS_CIPHER_SUITE},
+ {0, ATTR_TLS, "TLS_PROTOCOL_MIN", NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN},
+
+#ifdef HAVE_OPENSSL_CRL
+ {0, ATTR_TLS, "TLS_CRLCHECK", NULL, LDAP_OPT_X_TLS_CRLCHECK},
+#endif
+#ifdef HAVE_GNUTLS
+ {0, ATTR_TLS, "TLS_CRLFILE", NULL, LDAP_OPT_X_TLS_CRLFILE},
+#endif
+
#endif
{0, ATTR_NONE, NULL, NULL, 0}
};
-#define MAX_LDAP_ATTR_LEN sizeof("TLS_CACERTDIR")
+#define MAX_LDAP_ATTR_LEN sizeof("GSSAPI_ALLOW_REMOTE_PRINCIPAL")
#define MAX_LDAP_ENV_PREFIX_LEN 8
static void openldap_ldap_init_w_conf(
const char *file, int userconf )
{
- char linebuf[128];
+ char linebuf[ AC_LINE_MAX ];
FILE *fp;
int i;
char *cmd, *opt;
break;
- case ATTR_INT:
+ case ATTR_INT: {
+ char *next;
+ long l;
p = &((char *) gopts)[attrs[i].offset];
- * (int*) p = atoi(opt);
- break;
+ l = strtol( opt, &next, 10 );
+ if ( next != opt && next[ 0 ] == '\0' ) {
+ * (int*) p = l;
+ }
+ } break;
case ATTR_KV: {
const struct ol_keyvalue *kv;
case ATTR_SASL:
#ifdef HAVE_CYRUS_SASL
ldap_int_sasl_config( gopts, attrs[i].offset, opt );
+#endif
+ break;
+ case ATTR_GSSAPI:
+#ifdef HAVE_GSSAPI
+ ldap_int_gssapi_config( gopts, attrs[i].offset, opt );
#endif
break;
case ATTR_TLS:
#ifdef HAVE_TLS
- ldap_int_tls_config( gopts, attrs[i].offset, opt );
+ ldap_int_tls_config( NULL, attrs[i].offset, opt );
#endif
break;
+ case ATTR_OPT_TV: {
+ struct timeval tv;
+ char *next;
+ tv.tv_usec = 0;
+ tv.tv_sec = strtol( opt, &next, 10 );
+ if ( next != opt && next[ 0 ] == '\0' && tv.tv_sec > 0 ) {
+ (void)ldap_set_option( NULL, attrs[i].offset, (const void *)&tv );
+ }
+ } break;
+ case ATTR_OPT_INT: {
+ long l;
+ char *next;
+ l = strtol( opt, &next, 10 );
+ if ( next != opt && next[ 0 ] == '\0' && l > 0 && (long)((int)l) == l ) {
+ int v = (int)l;
+ (void)ldap_set_option( NULL, attrs[i].offset, (const void *)&v );
+ }
+ } break;
}
break;
if (home != NULL) {
Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n",
home, 0, 0);
- path = LDAP_MALLOC(strlen(home) + strlen(file) + 3);
+ path = LDAP_MALLOC(strlen(home) + strlen(file) + sizeof( LDAP_DIRSEP "."));
} else {
Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n",
0, 0, 0);
/* we assume UNIX path syntax is used... */
/* try ~/file */
- sprintf(path, "%s/%s", home, file);
+ sprintf(path, "%s" LDAP_DIRSEP "%s", home, file);
openldap_ldap_init_w_conf(path, 1);
/* try ~/.file */
- sprintf(path, "%s/.%s", home, file);
+ sprintf(path, "%s" LDAP_DIRSEP ".%s", home, file);
openldap_ldap_init_w_conf(path, 1);
}
break;
case ATTR_TLS:
#ifdef HAVE_TLS
- ldap_int_tls_config( gopts, attrs[i].offset, value );
+ ldap_int_tls_config( NULL, attrs[i].offset, value );
#endif
break;
}
}
}
+#if defined(__GNUC__)
+/* Declare this function as a destructor so that it will automatically be
+ * invoked either at program exit (if libldap is a static library) or
+ * at unload time (if libldap is a dynamic library).
+ *
+ * Sorry, don't know how to handle this for non-GCC environments.
+ */
+static void ldap_int_destroy_global_options(void)
+ __attribute__ ((destructor));
+#endif
+
+static void
+ldap_int_destroy_global_options(void)
+{
+ struct ldapoptions *gopts = LDAP_INT_GLOBAL_OPT();
+
+ if ( gopts == NULL )
+ return;
+
+ gopts->ldo_valid = LDAP_UNINITIALIZED;
+
+ if ( gopts->ldo_defludp ) {
+ ldap_free_urllist( gopts->ldo_defludp );
+ gopts->ldo_defludp = NULL;
+ }
+#if defined(HAVE_WINSOCK) || defined(HAVE_WINSOCK2)
+ WSACleanup( );
+#endif
+
+#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+ if ( ldap_int_hostname ) {
+ LDAP_FREE( ldap_int_hostname );
+ ldap_int_hostname = NULL;
+ }
+#endif
+#ifdef HAVE_CYRUS_SASL
+ if ( gopts->ldo_def_sasl_authcid ) {
+ LDAP_FREE( gopts->ldo_def_sasl_authcid );
+ gopts->ldo_def_sasl_authcid = NULL;
+ }
+#endif
+#ifdef HAVE_TLS
+ ldap_int_tls_destroy( gopts );
+#endif
+}
+
/*
* Initialize the global options structure with default values.
*/
gopts->ldo_timelimit = LDAP_NO_LIMIT;
gopts->ldo_sizelimit = LDAP_NO_LIMIT;
- gopts->ldo_tm_api = (struct timeval *)NULL;
- gopts->ldo_tm_net = (struct timeval *)NULL;
+ gopts->ldo_tm_api.tv_sec = -1;
+ gopts->ldo_tm_net.tv_sec = -1;
- /* ldo_defludp is leaked, we should have an at_exit() handler
- * to free this and whatever else needs to cleaned up.
+ /* ldo_defludp will be freed by the termination handler
*/
ldap_url_parselist(&gopts->ldo_defludp, "ldap://localhost/");
gopts->ldo_defport = LDAP_PORT;
+#if !defined(__GNUC__) && !defined(PIC)
+ /* Do this only for a static library, and only if we can't
+ * arrange for it to be executed as a library destructor
+ */
+ atexit(ldap_int_destroy_global_options);
+#endif
gopts->ldo_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT;
gopts->ldo_rebind_proc = NULL;
LDAP_BOOL_SET(gopts, LDAP_BOOL_REFERRALS);
+#ifdef LDAP_CONNECTIONLESS
+ gopts->ldo_peer = NULL;
+ gopts->ldo_cldapdn = NULL;
+ gopts->ldo_is_udp = 0;
+#endif
+
#ifdef HAVE_CYRUS_SASL
gopts->ldo_def_sasl_mech = NULL;
gopts->ldo_def_sasl_realm = NULL;
SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
#endif
+#ifdef HAVE_TLS
+ gopts->ldo_tls_connect_cb = NULL;
+ gopts->ldo_tls_connect_arg = NULL;
+ gopts->ldo_tls_require_cert = LDAP_OPT_X_TLS_DEMAND;
+#endif
+ gopts->ldo_keepalive_probes = 0;
+ gopts->ldo_keepalive_interval = 0;
+ gopts->ldo_keepalive_idle = 0;
+
gopts->ldo_valid = LDAP_INITIALIZED;
return;
}
-#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
- || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
char * ldap_int_hostname = NULL;
#endif
return;
}
-#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \
- || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
- ldap_int_hostname = ldap_pvt_get_fqdn( ldap_int_hostname );
-#endif
+ ldap_int_error_init();
ldap_int_utils_init();
- if ( ldap_int_tblsize == 0 )
- ldap_int_ip_init();
+#ifdef HAVE_WINSOCK2
+{ WORD wVersionRequested;
+ WSADATA wsaData;
+
+ wVersionRequested = MAKEWORD( 2, 0 );
+ if ( WSAStartup( wVersionRequested, &wsaData ) != 0 ) {
+ /* Tell the user that we couldn't find a usable */
+ /* WinSock DLL. */
+ return;
+ }
+
+ /* Confirm that the WinSock DLL supports 2.0.*/
+ /* Note that if the DLL supports versions greater */
+ /* than 2.0 in addition to 2.0, it will still return */
+ /* 2.0 in wVersion since that is the version we */
+ /* requested. */
+
+ if ( LOBYTE( wsaData.wVersion ) != 2 ||
+ HIBYTE( wsaData.wVersion ) != 0 )
+ {
+ /* Tell the user that we couldn't find a usable */
+ /* WinSock DLL. */
+ WSACleanup( );
+ return;
+ }
+} /* The WinSock DLL is acceptable. Proceed. */
+#elif HAVE_WINSOCK
+{ WSADATA wsaData;
+ if ( WSAStartup( 0x0101, &wsaData ) != 0 ) {
+ return;
+ }
+}
+#endif
+
+#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+ {
+ char *name = ldap_int_hostname;
+
+ ldap_int_hostname = ldap_pvt_get_fqdn( name );
+
+ if ( name != NULL && name != ldap_int_hostname ) {
+ LDAP_FREE( name );
+ }
+ }
+#endif
+
+#ifndef HAVE_POLL
+ if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();
+#endif
ldap_int_initialize_global_options(gopts, NULL);
if( user == NULL ) user = getenv("LOGNAME");
if( user != NULL ) {
- /* this value is leaked, need at_exit() handler */
gopts->ldo_def_sasl_authcid = LDAP_STRDUP( user );
}
}
#endif
openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
+
+#ifdef HAVE_GETEUID
+ if ( geteuid() != getuid() )
+ return;
+#endif
+
openldap_ldap_init_w_userconf(LDAP_USERRC_FILE);
{
}
openldap_ldap_init_w_env(gopts, NULL);
-
- ldap_int_sasl_init();
}