X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Finit.c;h=cf49633cb9045f32e0cd673352fb92b4d7a5c140;hb=e1b73eda9373ea3bddd532727a2987363dc3c108;hp=0373d3226039eafe49ed78094472442209bafb0c;hpb=ed9969b1c4b99d7b742c6d88101bd95f72f205e4;p=openldap diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c index 0373d32260..cf49633cb9 100644 --- a/libraries/libldap/init.c +++ b/libraries/libldap/init.c @@ -1,6 +1,6 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ #include "portable.h" @@ -13,22 +13,23 @@ #include #include +#include + #include "ldap-int.h" #include "ldap_defaults.h" struct ldapoptions ldap_int_global_options = { LDAP_UNINITIALIZED, LDAP_DEBUG_NONE }; -#undef gopts -#define gopts ldap_int_global_options - #define ATTR_NONE 0 #define ATTR_BOOL 1 #define ATTR_INT 2 #define ATTR_KV 3 #define ATTR_STRING 4 -#define ATTR_TLS 5 -#define ATTR_URIS 6 +#define ATTR_URIS 5 + +#define ATTR_SASL 6 +#define ATTR_TLS 7 struct ol_keyvalue { const char * key; @@ -60,21 +61,35 @@ static const struct ol_attribute { offsetof(struct ldapoptions, ldo_defbinddn)}, {0, ATTR_STRING, "BASE", NULL, offsetof(struct ldapoptions, ldo_defbase)}, - {0, ATTR_INT, "PORT", NULL, + {0, ATTR_INT, "PORT", NULL, /* deprecated */ offsetof(struct ldapoptions, ldo_defport)}, - /* **** keep this around for backward compatibility */ - {0, ATTR_URIS, "HOST", NULL, 1}, - /* **** */ - {0, ATTR_URIS, "URI", NULL, 0}, + {0, ATTR_URIS, "HOST", NULL, 1}, /* deprecated */ + {0, ATTR_URIS, "URI", NULL, 0}, /* replaces HOST/URI */ {0, ATTR_BOOL, "REFERRALS", NULL, LDAP_BOOL_REFERRALS}, {0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART}, - {0, ATTR_BOOL, "DNS", NULL, LDAP_BOOL_DNS}, + +#ifdef HAVE_CYRUS_SASL + {1, ATTR_STRING, "SASL_MECH", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_mech)}, + {1, ATTR_STRING, "SASL_REALM", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_realm)}, + {1, ATTR_STRING, "SASL_AUTHCID", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_authcid)}, + {1, ATTR_STRING, "SASL_AUTHZID", NULL, + offsetof(struct ldapoptions, ldo_def_sasl_authzid)}, + {0, ATTR_SASL, "SASL_SECPROPS", NULL, LDAP_OPT_X_SASL_SECPROPS}, +#endif + +#ifdef HAVE_TLS {0, ATTR_TLS, "TLS", NULL, LDAP_OPT_X_TLS}, - {0, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE}, - {0, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE}, + {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE}, + {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE}, {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE}, {0, ATTR_TLS, "TLS_CACERTDIR",NULL, LDAP_OPT_X_TLS_CACERTDIR}, {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT}, + {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE}, +#endif + {0, ATTR_NONE, NULL, NULL, 0} }; @@ -89,18 +104,27 @@ static void openldap_ldap_init_w_conf( int i; char *cmd, *opt; char *start, *end; + struct ldapoptions *gopts; + + if ((gopts = LDAP_INT_GLOBAL_OPT()) == NULL) { + return; /* Could not allocate mem for global options */ + } if (file == NULL) { /* no file name */ return; } + Debug(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file, 0, 0); + fp = fopen(file, "r"); if(fp == NULL) { /* could not open file */ return; } + Debug(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file, 0, 0); + while((start = fgets(linebuf, sizeof(linebuf), fp)) != NULL) { /* skip lines starting with '#' */ if(*start == '#') continue; @@ -140,7 +164,7 @@ static void openldap_ldap_init_w_conf( for(i=0; attrs[i].type != ATTR_NONE; i++) { void *p; - if( !userconf && !attrs[i].useronly ) { + if( !userconf && attrs[i].useronly ) { continue; } @@ -154,16 +178,16 @@ static void openldap_ldap_init_w_conf( || (strcasecmp(opt, "yes") == 0) || (strcasecmp(opt, "true") == 0)) { - LDAP_BOOL_SET(&gopts, attrs[i].offset); + LDAP_BOOL_SET(gopts, attrs[i].offset); } else { - LDAP_BOOL_CLR(&gopts, attrs[i].offset); + LDAP_BOOL_CLR(gopts, attrs[i].offset); } break; case ATTR_INT: - p = &((char *) &gopts)[attrs[i].offset]; + p = &((char *) gopts)[attrs[i].offset]; * (int*) p = atoi(opt); break; @@ -175,7 +199,7 @@ static void openldap_ldap_init_w_conf( kv++) { if(strcasecmp(opt, kv->key) == 0) { - p = &((char *) &gopts)[attrs[i].offset]; + p = &((char *) gopts)[attrs[i].offset]; * (int*) p = kv->value; break; } @@ -183,15 +207,10 @@ static void openldap_ldap_init_w_conf( } break; case ATTR_STRING: - p = &((char *) &gopts)[attrs[i].offset]; + p = &((char *) gopts)[attrs[i].offset]; if (* (char**) p != NULL) LDAP_FREE(* (char**) p); * (char**) p = LDAP_STRDUP(opt); break; - case ATTR_TLS: -#ifdef HAVE_TLS - ldap_pvt_tls_config( &gopts, attrs[i].offset, opt ); -#endif - break; case ATTR_URIS: if (attrs[i].offset == 0) { ldap_set_option( NULL, LDAP_OPT_URI, opt ); @@ -199,7 +218,19 @@ static void openldap_ldap_init_w_conf( ldap_set_option( NULL, LDAP_OPT_HOST_NAME, opt ); } break; + case ATTR_SASL: +#ifdef HAVE_CYRUS_SASL + ldap_int_sasl_config( gopts, attrs[i].offset, opt ); +#endif + break; + case ATTR_TLS: +#ifdef HAVE_TLS + ldap_int_tls_config( gopts, attrs[i].offset, opt ); +#endif + break; } + + break; } } @@ -214,7 +245,7 @@ static void openldap_ldap_init_w_sysconf(const char *file) static void openldap_ldap_init_w_userconf(const char *file) { char *home; - char *path; + char *path = NULL; if (file == NULL) { /* no file name */ @@ -224,9 +255,12 @@ static void openldap_ldap_init_w_userconf(const char *file) home = getenv("HOME"); if (home != NULL) { + Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n", + home, 0, 0); path = LDAP_MALLOC(strlen(home) + strlen(file) + 3); } else { - path = LDAP_MALLOC(strlen(file) + 3); + Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n", + 0, 0, 0); } if(home != NULL && path != NULL) { @@ -249,7 +283,9 @@ static void openldap_ldap_init_w_userconf(const char *file) openldap_ldap_init_w_conf(file, 1); } -static void openldap_ldap_init_w_env(const char *prefix) +static void openldap_ldap_init_w_env( + struct ldapoptions *gopts, + const char *prefix) { char buf[MAX_LDAP_ATTR_LEN+MAX_LDAP_ENV_PREFIX_LEN]; int len; @@ -279,15 +315,15 @@ static void openldap_ldap_init_w_env(const char *prefix) || (strcasecmp(value, "yes") == 0) || (strcasecmp(value, "true") == 0)) { - LDAP_BOOL_SET(&gopts, attrs[i].offset); + LDAP_BOOL_SET(gopts, attrs[i].offset); } else { - LDAP_BOOL_CLR(&gopts, attrs[i].offset); + LDAP_BOOL_CLR(gopts, attrs[i].offset); } break; case ATTR_INT: - p = &((char *) &gopts)[attrs[i].offset]; + p = &((char *) gopts)[attrs[i].offset]; * (int*) p = atoi(value); break; @@ -299,7 +335,7 @@ static void openldap_ldap_init_w_env(const char *prefix) kv++) { if(strcasecmp(value, kv->key) == 0) { - p = &((char *) &gopts)[attrs[i].offset]; + p = &((char *) gopts)[attrs[i].offset]; * (int*) p = kv->value; break; } @@ -307,7 +343,7 @@ static void openldap_ldap_init_w_env(const char *prefix) } break; case ATTR_STRING: - p = &((char *) &gopts)[attrs[i].offset]; + p = &((char *) gopts)[attrs[i].offset]; if (* (char**) p != NULL) LDAP_FREE(* (char**) p); if (*value == '\0') { * (char**) p = NULL; @@ -315,11 +351,6 @@ static void openldap_ldap_init_w_env(const char *prefix) * (char**) p = LDAP_STRDUP(value); } break; - case ATTR_TLS: -#ifdef HAVE_TLS - ldap_pvt_tls_config( &gopts, attrs[i].offset, value ); -#endif - break; case ATTR_URIS: if (attrs[i].offset == 0) { ldap_set_option( NULL, LDAP_OPT_URI, value ); @@ -327,58 +358,115 @@ static void openldap_ldap_init_w_env(const char *prefix) ldap_set_option( NULL, LDAP_OPT_HOST_NAME, value ); } break; + case ATTR_SASL: +#ifdef HAVE_CYRUS_SASL + ldap_int_sasl_config( gopts, attrs[i].offset, value ); +#endif + break; + case ATTR_TLS: +#ifdef HAVE_TLS + ldap_int_tls_config( gopts, attrs[i].offset, value ); +#endif + break; } } } -void ldap_int_initialize( void ) +/* + * Initialize the global options structure with default values. + */ +void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl ) { - if ( gopts.ldo_valid == LDAP_INITIALIZED ) { - return; - } + if (dbglvl) + gopts->ldo_debug = *dbglvl; + else + gopts->ldo_debug = 0; - ldap_int_utils_init(); + gopts->ldo_version = LDAP_VERSION2; + gopts->ldo_deref = LDAP_DEREF_NEVER; + gopts->ldo_timelimit = LDAP_NO_LIMIT; + gopts->ldo_sizelimit = LDAP_NO_LIMIT; -#ifdef HAVE_TLS - ldap_pvt_tls_init(); -#endif + gopts->ldo_tm_api = (struct timeval *)NULL; + gopts->ldo_tm_net = (struct timeval *)NULL; -#ifdef HAVE_CYRUS_SASL - ldap_pvt_sasl_init(); -#endif + /* ldo_defludp is leaked, we should have an at_exit() handler + * to free this and whatever else needs to cleaned up. + */ + ldap_url_parselist(&gopts->ldo_defludp, "ldap://localhost/"); + gopts->ldo_defport = LDAP_PORT; - if ( ldap_int_tblsize == 0 ) - ldap_int_ip_init(); + gopts->ldo_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT; + gopts->ldo_rebindproc = NULL; - gopts.ldo_debug = 0; + LDAP_BOOL_ZERO(gopts); - gopts.ldo_version = LDAP_VERSION2; - gopts.ldo_deref = LDAP_DEREF_NEVER; - gopts.ldo_timelimit = LDAP_NO_LIMIT; - gopts.ldo_sizelimit = LDAP_NO_LIMIT; + LDAP_BOOL_SET(gopts, LDAP_BOOL_REFERRALS); - gopts.ldo_tm_api = (struct timeval *)NULL; - gopts.ldo_tm_net = (struct timeval *)NULL; +#ifdef HAVE_CYRUS_SASL + gopts->ldo_def_sasl_mech = NULL; + gopts->ldo_def_sasl_realm = NULL; + gopts->ldo_def_sasl_authcid = NULL; + gopts->ldo_def_sasl_authzid = NULL; - ldap_url_parselist(&gopts.ldo_defludp, "ldap://localhost/"); - gopts.ldo_defport = LDAP_PORT; + memset( &gopts->ldo_sasl_secprops, '\0', sizeof(gopts->ldo_sasl_secprops) ); - gopts.ldo_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT; + gopts->ldo_sasl_secprops.max_ssf = INT_MAX; + gopts->ldo_sasl_secprops.maxbufsize = 65536; + gopts->ldo_sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS; +#endif - LDAP_BOOL_ZERO(&gopts); +#ifdef HAVE_TLS + gopts->ldo_tls_ctx = NULL; +#endif - LDAP_BOOL_SET(&gopts, LDAP_BOOL_REFERRALS); + gopts->ldo_valid = LDAP_INITIALIZED; -#ifdef HAVE_TLS - gopts.ldo_tls_ctx = NULL; + return; +} + +#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \ + || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) +char * ldap_int_hostname = NULL; #endif - gopts.ldo_valid = LDAP_INITIALIZED; +void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl ) +{ + if ( gopts->ldo_valid == LDAP_INITIALIZED ) { + return; + } + +#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) \ + || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) + ldap_int_hostname = ldap_pvt_get_fqdn( ldap_int_hostname ); +#endif + + ldap_int_utils_init(); + + if ( ldap_int_tblsize == 0 ) + ldap_int_ip_init(); + + ldap_int_initialize_global_options(gopts, NULL); if( getenv("LDAPNOINIT") != NULL ) { return; } +#ifdef HAVE_CYRUS_SASL + { + /* set authentication identity to current user name */ + char *user = getenv("USER"); + + if( user == NULL ) user = getenv("USERNAME"); + if( user == NULL ) user = getenv("LOGNAME"); + + if( user != NULL ) { + /* this value is leaked, need at_exit() handler */ + gopts->ldo_def_sasl_authcid = LDAP_STRDUP( user ); + } + } +#endif + openldap_ldap_init_w_sysconf(LDAP_CONF_FILE); openldap_ldap_init_w_userconf(LDAP_USERRC_FILE); @@ -386,17 +474,29 @@ void ldap_int_initialize( void ) char *altfile = getenv(LDAP_ENV_PREFIX "CONF"); if( altfile != NULL ) { + Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", + LDAP_ENV_PREFIX "CONF", altfile, 0); openldap_ldap_init_w_sysconf( altfile ); } + else + Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", + LDAP_ENV_PREFIX "CONF", 0, 0); } { char *altfile = getenv(LDAP_ENV_PREFIX "RC"); if( altfile != NULL ) { + Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", + LDAP_ENV_PREFIX "RC", altfile, 0); openldap_ldap_init_w_userconf( altfile ); } + else + Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", + LDAP_ENV_PREFIX "RC", 0, 0); } - openldap_ldap_init_w_env(NULL); + openldap_ldap_init_w_env(gopts, NULL); + + ldap_int_sasl_init(); }