X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslurpd%2Fldap_op.c;h=dc06b2d310e215eb600257e9e56855cbd35e418c;hb=a6e232e7c1c6815b214e5f920459cd63ceeb54e7;hp=9662554cdbcd5b5fa623dd748c9316f0c5a55efe;hpb=4a5498351e32070d150c49ac0dcd33ff510fc2fa;p=openldap
diff --git a/servers/slurpd/ldap_op.c b/servers/slurpd/ldap_op.c
index 9662554cdb..dc06b2d310 100644
--- a/servers/slurpd/ldap_op.c
+++ b/servers/slurpd/ldap_op.c
@@ -1,6 +1,19 @@
/* $OpenLDAP$ */
-/*
- * Copyright (c) 1996 Regents of the University of Michigan.
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Portions Copyright 2003 Mark Benson.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
@@ -10,6 +23,12 @@
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
*/
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP). Additional significant contributors
+ * include:
+ * Mark Benson
+ */
/*
* ldap_op.c - routines to perform LDAP operations
@@ -27,21 +46,24 @@
#include
#include
+#define LDAP_DEPRECATED 1
#include
#include "lutil_ldap.h"
#include "slurp.h"
/* Forward references */
static struct berval **make_singlevalued_berval LDAP_P(( char *, int ));
-static int op_ldap_add LDAP_P(( Ri *, Re *, char ** ));
-static int op_ldap_modify LDAP_P(( Ri *, Re *, char ** ));
-static int op_ldap_delete LDAP_P(( Ri *, Re *, char ** ));
-static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char ** ));
+static int op_ldap_add LDAP_P(( Ri *, Re *, char **, int * ));
+static int op_ldap_modify LDAP_P(( Ri *, Re *, char **, int * ));
+static int op_ldap_delete LDAP_P(( Ri *, Re *, char **, int * ));
+static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char **, int * ));
static LDAPMod *alloc_ldapmod LDAP_P(( void ));
static void free_ldapmod LDAP_P(( LDAPMod * ));
static void free_ldmarr LDAP_P(( LDAPMod ** ));
static int getmodtype LDAP_P(( char * ));
+#ifdef SLAPD_UNUSED
static void dump_ldm_array LDAP_P(( LDAPMod ** ));
+#endif
static int do_bind LDAP_P(( Ri *, int * ));
static int do_unbind LDAP_P(( Ri * ));
@@ -49,7 +71,7 @@ static int do_unbind LDAP_P(( Ri * ));
/*
* Determine the type of ldap operation being performed and call the
* appropriate routine.
- * - If successful, returns ERR_DO_LDAP_OK
+ * - If successful, returns DO_LDAP_OK
* - If a retryable error occurs, ERR_DO_LDAP_RETRYABLE is returned.
* The caller should wait a while and retry the operation.
* - If a fatal error occurs, ERR_DO_LDAP_FATAL is returned. The caller
@@ -58,91 +80,97 @@ static int do_unbind LDAP_P(( Ri * ));
*/
int
do_ldap(
- Ri *ri,
- Re *re,
- char **errmsg
+ Ri *ri,
+ Re *re,
+ char **errmsg,
+ int *errfree
)
{
- int rc = 0;
- int lderr = LDAP_SUCCESS;
- int retry = 2;
-
- *errmsg = NULL;
-
- while ( retry > 0 ) {
- if ( ri->ri_ldp == NULL ) {
- rc = do_bind( ri, &lderr );
+ int retry = 2;
+ *errmsg = NULL;
+ *errfree = 0;
+
+ do {
+ int lderr;
+ if ( ri->ri_ldp == NULL ) {
+ lderr = do_bind( ri, &lderr );
+
+ if ( lderr != BIND_OK ) {
+ return DO_LDAP_ERR_RETRYABLE;
+ }
+ }
- if ( rc != BIND_OK ) {
- return DO_LDAP_ERR_RETRYABLE;
- }
- }
+ switch ( re->re_changetype ) {
+ case T_ADDCT:
+ lderr = op_ldap_add( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_add_s failed adding DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ case T_MODIFYCT:
+ lderr = op_ldap_modify( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_modify_s failed modifying DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ case T_DELETECT:
+ lderr = op_ldap_delete( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_delete_s failed deleting DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ case T_MODRDNCT:
+ lderr = op_ldap_modrdn( ri, re, errmsg, errfree );
+ if ( lderr != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_modrdn_s failed modifying DN \"%s\": %s\n",
+ re->re_dn, *errmsg && (*errmsg)[0] ?
+ *errmsg : ldap_err2string( lderr ), 0 );
+ }
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_ldap: bad op \"%d\", DN \"%s\"\n",
+ re->re_changetype, re->re_dn, 0 );
+ return DO_LDAP_ERR_FATAL;
+ }
- switch ( re->re_changetype ) {
- case T_ADDCT:
- lderr = op_ldap_add( ri, re, errmsg );
- if ( lderr != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: ldap_add_s failed adding \"%s\": %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
- }
- break;
- case T_MODIFYCT:
- lderr = op_ldap_modify( ri, re, errmsg );
- if ( lderr != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: ldap_modify_s failed modifying \"%s\": %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
- }
- break;
- case T_DELETECT:
- lderr = op_ldap_delete( ri, re, errmsg );
- if ( lderr != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: ldap_delete_s failed deleting \"%s\": %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
- }
- break;
- case T_MODRDNCT:
- lderr = op_ldap_modrdn( ri, re, errmsg );
- if ( lderr != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: ldap_modrdn_s failed modifying %s: %s\n",
- *errmsg ? *errmsg : ldap_err2string( lderr ),
- re->re_dn, 0 );
- }
- break;
- default:
- Debug( LDAP_DEBUG_ANY,
- "Error: do_ldap: bad op \"%d\", dn = \"%s\"\n",
- re->re_changetype, re->re_dn, 0 );
- return DO_LDAP_ERR_FATAL;
- }
+ /*
+ * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
+ * we may have been idle long enough that the remote slapd timed
+ * us out. Rebind and try again.
+ */
+ switch( lderr ) {
+ case LDAP_SUCCESS:
+ return DO_LDAP_OK;
+
+ default:
+ return DO_LDAP_ERR_FATAL;
+
+ case LDAP_SERVER_DOWN: /* server went down */
+ (void) do_unbind( ri );
+ retry--;
+ }
+ } while ( retry > 0 );
- /*
- * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
- * we may have been idle long enough that the remote slapd timed
- * us out. Rebind and try again.
- */
- if ( lderr == LDAP_SUCCESS ) {
- return DO_LDAP_OK;
- } else if ( lderr == LDAP_SERVER_DOWN ) {
- /* The LDAP server may have timed us out - rebind and try again */
- (void) do_unbind( ri );
- retry--;
- } else {
- return DO_LDAP_ERR_FATAL;
- }
- }
- return DO_LDAP_ERR_FATAL;
+ return DO_LDAP_ERR_RETRYABLE;
}
-
/*
* Perform an ldap add operation.
*/
@@ -150,7 +178,8 @@ static int
op_ldap_add(
Ri *ri,
Re *re,
- char **errmsg
+ char **errmsg,
+ int *errfree
)
{
Mi *mi;
@@ -186,7 +215,9 @@ op_ldap_add(
ri->ri_hostname, ri->ri_port, re->re_dn );
rc = ldap_add_s( ri->ri_ldp, re->re_dn, ldmarr );
- ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_RESULT_CODE, &lderr);
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_DIAGNOSTIC_MESSAGE, errmsg);
+ *errfree = 1;
} else {
*errmsg = "No modifications to do";
@@ -208,14 +239,15 @@ static int
op_ldap_modify(
Ri *ri,
Re *re,
- char **errmsg
+ char **errmsg,
+ int *errfree
)
{
Mi *mi;
int state; /* This code is a simple-minded state machine */
int nvals; /* Number of values we're modifying */
int nops; /* Number of LDAPMod structs in ldmarr */
- LDAPMod *ldm, **ldmarr;
+ LDAPMod *ldm = NULL, **ldmarr;
int i, len;
char *type, *value;
int rc = 0;
@@ -273,6 +305,16 @@ op_ldap_modify(
nvals = 0;
nops++;
break;
+ case T_MODOPINCREMENT:
+ state = T_MODOPINCREMENT;
+ ldmarr = ( LDAPMod ** )
+ ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
+ ldmarr[ nops ] = ldm = alloc_ldapmod();
+ ldm->mod_op = LDAP_MOD_INCREMENT | LDAP_MOD_BVALUES;
+ ldm->mod_type = value;
+ nvals = 0;
+ nops++;
+ break;
default:
if ( state == AWAITING_OP ) {
Debug( LDAP_DEBUG_ANY,
@@ -281,6 +323,8 @@ op_ldap_modify(
continue;
}
+ assert( ldm != NULL );
+
/*
* We should have an attribute: value pair here.
* Construct the mod_bvalues part of the ldapmod struct.
@@ -309,6 +353,8 @@ op_ldap_modify(
Debug( LDAP_DEBUG_ARGS, "replica %s:%d - modify dn \"%s\"\n",
ri->ri_hostname, ri->ri_port, re->re_dn );
rc = ldap_modify_s( ri->ri_ldp, re->re_dn, ldmarr );
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_DIAGNOSTIC_MESSAGE, errmsg);
+ *errfree = 1;
}
free_ldmarr( ldmarr );
return( rc );
@@ -324,7 +370,8 @@ static int
op_ldap_delete(
Ri *ri,
Re *re,
- char **errmsg
+ char **errmsg,
+ int *errfree
)
{
int rc;
@@ -332,6 +379,8 @@ op_ldap_delete(
Debug( LDAP_DEBUG_ARGS, "replica %s:%d - delete dn \"%s\"\n",
ri->ri_hostname, ri->ri_port, re->re_dn );
rc = ldap_delete_s( ri->ri_ldp, re->re_dn );
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_DIAGNOSTIC_MESSAGE, errmsg);
+ *errfree = 1;
return( rc );
}
@@ -352,7 +401,8 @@ static int
op_ldap_modrdn(
Ri *ri,
Re *re,
- char **errmsg
+ char **errmsg,
+ int *errfree
)
{
int rc = 0;
@@ -361,7 +411,7 @@ op_ldap_modrdn(
int lderr = 0;
int state = 0;
int drdnflag = -1;
- char *newrdn;
+ char *newrdn = NULL;
char *newsup = NULL;
if ( re->re_mods == NULL ) {
@@ -418,7 +468,7 @@ op_ldap_modrdn(
return -1;
}
- newrdn = mi[ i ].mi_val;
+ newsup = mi[ i ].mi_val;
state |= GOT_NEWSUP;
} else {
@@ -432,7 +482,7 @@ op_ldap_modrdn(
/*
* Punt if we don't have all the args.
*/
- if ( GOT_ALL_MODDN(state) ) {
+ if ( !GOT_ALL_MODDN(state) ) {
Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
0, 0, 0 );
*errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
@@ -443,10 +493,13 @@ op_ldap_modrdn(
if ( ldap_debug & LDAP_DEBUG_ARGS ) {
char buf[ 256 ];
char *buf2;
- sprintf( buf, "%s:%d", ri->ri_hostname, ri->ri_port );
- buf2 = (char *) ch_malloc( strlen( re->re_dn ) + strlen( mi->mi_val )
- + 10 );
- sprintf( buf2, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
+ int buf2len = strlen( re->re_dn ) + strlen( mi->mi_val ) + 11;
+
+ snprintf( buf, sizeof(buf), "%s:%d", ri->ri_hostname, ri->ri_port );
+
+ buf2 = (char *) ch_malloc( buf2len );
+ snprintf( buf2, buf2len, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
+
Debug( LDAP_DEBUG_ARGS,
"replica %s - modify rdn %s (flag: %d)\n",
buf, buf2, drdnflag );
@@ -454,10 +507,14 @@ op_ldap_modrdn(
}
#endif /* LDAP_DEBUG */
+ assert( newrdn != NULL );
+
/* Do the modrdn */
- rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, mi->mi_val, newsup, drdnflag );
+ rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, newrdn, newsup, drdnflag );
- ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_RESULT_CODE, &lderr);
+ ldap_get_option( ri->ri_ldp, LDAP_OPT_DIAGNOSTIC_MESSAGE, errmsg);
+ *errfree = 1;
return( lderr );
}
@@ -561,6 +618,9 @@ char *type )
if ( !strcmp( type, T_MODOPDELETESTR )) {
return( T_MODOPDELETE );
}
+ if ( !strcmp( type, T_MODOPINCREMENTSTR )) {
+ return( T_MODOPINCREMENT );
+ }
return( T_ERR );
}
@@ -609,8 +669,7 @@ do_bind(
)
{
int ldrc;
- void *defaults;
-
+ int do_tls;
*lderr = 0;
@@ -619,6 +678,9 @@ do_bind(
return( BIND_ERR_BADRI );
}
+ do_tls = ri->ri_tls;
+
+retry:
if ( ri->ri_ldp != NULL ) {
ldrc = ldap_unbind( ri->ri_ldp );
if ( ldrc != LDAP_SUCCESS ) {
@@ -628,7 +690,19 @@ do_bind(
}
ri->ri_ldp = NULL;
}
+
+ if ( ri->ri_uri != NULL ) { /* new URI style */
+ Debug( LDAP_DEBUG_ARGS, "Initializing session to %s\n",
+ ri->ri_uri, 0, 0 );
+
+ ldrc = ldap_initialize( &(ri->ri_ldp), ri->ri_uri);
+ if (ldrc != LDAP_SUCCESS) {
+ Debug( LDAP_DEBUG_ANY, "Error: ldap_initialize(0, %s) failed: %s\n",
+ ri->ri_uri, ldap_err2string(ldrc), 0 );
+ return( BIND_ERR_OPEN );
+ }
+ } else { /* old HOST style */
Debug( LDAP_DEBUG_ARGS, "Initializing session to %s:%d\n",
ri->ri_hostname, ri->ri_port, 0 );
@@ -637,10 +711,11 @@ do_bind(
Debug( LDAP_DEBUG_ANY, "Error: ldap_init(%s, %d) failed: %s\n",
ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
return( BIND_ERR_OPEN );
+ }
}
{ /* set version 3 */
- int err, version = 3;
+ int err, version = LDAP_VERSION3;
err = ldap_set_option(ri->ri_ldp,
LDAP_OPT_PROTOCOL_VERSION, &version);
@@ -674,8 +749,28 @@ do_bind(
}
ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
+ if( do_tls ) {
+ int err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
+
+ if( err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: ldap_start_tls failed: %s (%d)\n",
+ ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
+ ldap_err2string( err ), err );
+
+ if( ri->ri_tls == TLS_CRITICAL ) {
+ *lderr = err;
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_TLS_FAILED;
+ }
+ do_tls = TLS_OFF;
+ goto retry;
+ }
+ }
+
switch ( ri->ri_bind_method ) {
- case AUTH_SIMPLE:
+ case LDAP_AUTH_SIMPLE:
/*
* Bind with a plaintext password.
*/
@@ -694,24 +789,55 @@ do_bind(
}
break;
- case AUTH_SASL:
+ case LDAP_AUTH_SASL:
Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
- ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech );
+ ri->ri_hostname,
+ ri->ri_authcId ? ri->ri_authcId : "-",
+ ri->ri_saslmech );
- defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
- NULL, ri->ri_authcId, NULL, NULL );
- ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
- ri->ri_saslmech, NULL, NULL,
- LDAP_SASL_AUTOMATIC, lutil_sasl_interact, defaults );
- if ( ldrc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
- ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
- *lderr = ldrc;
- ldap_unbind( ri->ri_ldp );
- ri->ri_ldp = NULL;
- return( BIND_ERR_SASL_FAILED );
+#ifdef HAVE_CYRUS_SASL
+ if( ri->ri_secprops != NULL ) {
+ int err = ldap_set_option(ri->ri_ldp,
+ LDAP_OPT_X_SASL_SECPROPS, ri->ri_secprops);
+
+ if( err != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
+ ri->ri_hostname, ri->ri_secprops, NULL );
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_SASL_FAILED;
+ }
+ }
+
+ {
+ void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
+ ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
+
+ ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
+ ri->ri_saslmech, NULL, NULL,
+ LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
+
+ lutil_sasl_freedefs( defaults );
+ if ( ldrc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
+ ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
+ *lderr = ldrc;
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_SASL_FAILED );
+ }
}
break;
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_bind: SASL not supported %s:%d\n",
+ ri->ri_hostname, ri->ri_port, NULL );
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_BAD_ATYPE );
+#endif
+
default:
Debug( LDAP_DEBUG_ANY,
"Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
@@ -731,13 +857,13 @@ do_bind(
c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
c.ldctl_value.bv_val = NULL;
c.ldctl_value.bv_len = 0;
- c.ldctl_iscritical = 1;
+ c.ldctl_iscritical = 0;
err = ldap_set_option(ri->ri_ldp, LDAP_OPT_SERVER_CONTROLS, &ctrls);
if( err != LDAP_OPT_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
+ Debug( LDAP_DEBUG_ANY, "Error: "
+ "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
ri->ri_hostname, NULL, NULL );
ldap_unbind( ri->ri_ldp );
ri->ri_ldp = NULL;
@@ -755,6 +881,7 @@ do_bind(
/*
* For debugging. Print the contents of an ldmarr array.
*/
+#ifdef SLAPD_UNUSED
static void
dump_ldm_array(
LDAPMod **ldmarr
@@ -788,3 +915,4 @@ dump_ldm_array(
}
}
}
+#endif