summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2017-11-05 18:50:25 -0500
committerGlenn Strauss <gstrauss@gluelogic.com>2017-11-05 18:50:25 -0500
commitfdc4c324c4df38e04c858a2f8c2081c872c50ba5 (patch)
treefbfb0ebd26a0431c131a000358bf08096b4b94dc
parent5a5ce3dc75286d5e3aa105c11d66f0063c48fe51 (diff)
downloadlighttpd1.4-fdc4c324c4df38e04c858a2f8c2081c872c50ba5.tar.gz
lighttpd1.4-fdc4c324c4df38e04c858a2f8c2081c872c50ba5.zip
[mod_authn_ldap] replace use of deprecated funcs
[mod_authn_ldap,mod_vhostdb_ldap] replace use of deprecated funcs remove -DLDAP_DEPRECATED
-rw-r--r--SConstruct1
-rw-r--r--configure.ac3
-rw-r--r--src/CMakeLists.txt1
-rw-r--r--src/config.h.cmake1
-rw-r--r--src/meson.build4
-rw-r--r--src/mod_authn_ldap.c50
-rw-r--r--src/mod_vhostdb_ldap.c49
7 files changed, 78 insertions, 31 deletions
diff --git a/SConstruct b/SConstruct
index dfb2e496..693fb008 100644
--- a/SConstruct
+++ b/SConstruct
@@ -531,7 +531,6 @@ if 1:
fail("Couldn't find lber")
autoconf.env.Append(
CPPFLAGS = [
- '-DLDAP_DEPRECATED=1',
'-DHAVE_LDAP_H', '-DHAVE_LIBLDAP',
'-DHAVE_LBER_H', '-DHAVE_LIBLBER',
],
diff --git a/configure.ac b/configure.ac
index de4ce8e5..1f616d13 100644
--- a/configure.ac
+++ b/configure.ac
@@ -362,13 +362,12 @@ AC_ARG_WITH([ldap],
AC_MSG_RESULT([$WITH_LDAP])
if test "$WITH_LDAP" != no; then
- AC_CHECK_LIB([ldap], [ldap_bind],
+ AC_CHECK_LIB([ldap], [ldap_sasl_bind_s],
[AC_CHECK_HEADERS([ldap.h],
[
LDAP_LIB=-lldap
AC_DEFINE([HAVE_LIBLDAP], [1], [libldap])
AC_DEFINE([HAVE_LDAP_H], [1])
- AC_DEFINE([LDAP_DEPRECATED], [1], [Using deprecated ldap api])
],
[AC_MSG_ERROR([ldap headers not found, install them or build without --with-ldap])]
)],
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index a8b327a5..c36de51e 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -451,7 +451,6 @@ if(WITH_LDAP)
check_library_exists(ldap ldap_bind "" HAVE_LIBLDAP)
check_include_files(lber.h HAVE_LBER_H)
check_library_exists(lber ber_printf "" HAVE_LIBLBER)
- set(LDAP_DEPRECATED 1) # Using deprecated ldap api
else()
unset(HAVE_LDAP_H)
unset(HAVE_LIBLDAP)
diff --git a/src/config.h.cmake b/src/config.h.cmake
index bd3da228..4afc0103 100644
--- a/src/config.h.cmake
+++ b/src/config.h.cmake
@@ -64,7 +64,6 @@
#cmakedefine HAVE_LIBLDAP
#cmakedefine HAVE_LBER_H
#cmakedefine HAVE_LIBLBER
-#cmakedefine LDAP_DEPRECATED 1
/* XML */
#cmakedefine HAVE_LIBXML_H
diff --git a/src/meson.build b/src/meson.build
index e10faece..8e084edc 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -297,11 +297,10 @@ libldap = []
liblber = []
if get_option('with_ldap')
libldap = [ compiler.find_library('ldap') ]
- if not(compiler.has_function('ldap_bind',
+ if not(compiler.has_function('ldap_sasl_bind_s',
args: defs,
dependencies: libldap,
prefix: '''
- #define LDAP_DEPRECATED 1
#include <ldap.h>
'''
))
@@ -315,7 +314,6 @@ if get_option('with_ldap')
endif
conf_data.set('HAVE_LBER_H', true)
conf_data.set('HAVE_LIBLBER', true)
- conf_data.set('LDAP_DEPRECATED', 1, comment: 'Using deprecated ldap api')
endif
libev = []
diff --git a/src/mod_authn_ldap.c b/src/mod_authn_ldap.c
index d8be4f5f..c2e793d1 100644
--- a/src/mod_authn_ldap.c
+++ b/src/mod_authn_ldap.c
@@ -1,6 +1,5 @@
#include "first.h"
-#define USE_LDAP
#include <ldap.h>
#include "server.h"
@@ -83,6 +82,39 @@ FREE_FUNC(mod_authn_ldap_free) {
return HANDLER_GO_ON;
}
+/*(copied from mod_vhostdb_ldap.c)*/
+static void mod_authn_add_scheme (server *srv, buffer *host)
+{
+ if (!buffer_string_is_empty(host)) {
+ /* reformat hostname(s) as LDAP URIs (scheme://host:port) */
+ static const char *schemes[] = {
+ "ldap://", "ldaps://", "ldapi://", "cldap://"
+ };
+ char *b, *e = host->ptr;
+ buffer_string_set_length(srv->tmp_buf, 0);
+ while (*(b = e)) {
+ unsigned int j;
+ while (*b==' '||*b=='\t'||*b=='\r'||*b=='\n'||*b==',') ++b;
+ if (*b == '\0') break;
+ e = b;
+ while (*e!=' '&&*e!='\t'&&*e!='\r'&&*e!='\n'&&*e!=','&&*e!='\0')
+ ++e;
+ if (!buffer_string_is_empty(srv->tmp_buf))
+ buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(","));
+ for (j = 0; j < sizeof(schemes)/sizeof(char *); ++j) {
+ if (0 == strncasecmp(b, schemes[j], strlen(schemes[j]))) {
+ break;
+ }
+ }
+ if (j == sizeof(schemes)/sizeof(char *))
+ buffer_append_string_len(srv->tmp_buf,
+ CONST_STR_LEN("ldap://"));
+ buffer_append_string_len(srv->tmp_buf, b, (size_t)(e - b));
+ }
+ buffer_copy_buffer(host, srv->tmp_buf);
+ }
+}
+
SETDEFAULTS_FUNC(mod_authn_ldap_set_defaults) {
plugin_data *p = p_d;
size_t i;
@@ -144,6 +176,8 @@ config_values_t cv[] = {
}
}
}
+
+ mod_authn_add_scheme(srv, s->auth_ldap_hostname);
}
return HANDLER_GO_ON;
@@ -354,10 +388,9 @@ static LDAP * mod_authn_ldap_host_init(server *srv, plugin_config *s) {
if (buffer_string_is_empty(s->auth_ldap_hostname)) return NULL;
- ld = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT);
- if (NULL == ld) {
- log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:", "ldap_init():",
- strerror(errno));
+ if (LDAP_SUCCESS != ldap_initialize(&ld, s->auth_ldap_hostname->ptr)) {
+ log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:",
+ "ldap_initialize():", strerror(errno));
return NULL;
}
@@ -396,7 +429,6 @@ static LDAP * mod_authn_ldap_host_init(server *srv, plugin_config *s) {
}
static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char *pw) {
- #if 0
struct berval creds;
int ret;
@@ -414,12 +446,6 @@ static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char
if (ret != LDAP_SUCCESS) {
mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_sasl_bind_s()", ret);
}
- #else
- int ret = ldap_simple_bind_s(ld, dn, pw);
- if (ret != LDAP_SUCCESS) {
- mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_simple_bind_s()",ret);
- }
- #endif
return ret;
}
diff --git a/src/mod_vhostdb_ldap.c b/src/mod_vhostdb_ldap.c
index 98f7c072..459d7d60 100644
--- a/src/mod_vhostdb_ldap.c
+++ b/src/mod_vhostdb_ldap.c
@@ -47,6 +47,39 @@ static void mod_vhostdb_dbconf_free (void *vdata)
free(dbconf);
}
+/*(copied from mod_authn_ldap.c)*/
+static void mod_vhostdb_dbconf_add_scheme (server *srv, buffer *host)
+{
+ if (!buffer_string_is_empty(host)) {
+ /* reformat hostname(s) as LDAP URIs (scheme://host:port) */
+ static const char *schemes[] = {
+ "ldap://", "ldaps://", "ldapi://", "cldap://"
+ };
+ char *b, *e = host->ptr;
+ buffer_string_set_length(srv->tmp_buf, 0);
+ while (*(b = e)) {
+ unsigned int j;
+ while (*b==' '||*b=='\t'||*b=='\r'||*b=='\n'||*b==',') ++b;
+ if (*b == '\0') break;
+ e = b;
+ while (*e!=' '&&*e!='\t'&&*e!='\r'&&*e!='\n'&&*e!=','&&*e!='\0')
+ ++e;
+ if (!buffer_string_is_empty(srv->tmp_buf))
+ buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(","));
+ for (j = 0; j < sizeof(schemes)/sizeof(char *); ++j) {
+ if (0 == strncasecmp(b, schemes[j], strlen(schemes[j]))) {
+ break;
+ }
+ }
+ if (j == sizeof(schemes)/sizeof(char *))
+ buffer_append_string_len(srv->tmp_buf,
+ CONST_STR_LEN("ldap://"));
+ buffer_append_string_len(srv->tmp_buf, b, (size_t)(e - b));
+ }
+ buffer_copy_buffer(host, srv->tmp_buf);
+ }
+}
+
static int mod_vhostdb_dbconf_setup (server *srv, array *opts, void **vdata)
{
buffer *filter = NULL;
@@ -62,6 +95,7 @@ static int mod_vhostdb_dbconf_setup (server *srv, array *opts, void **vdata)
} else if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("attr"))) {
if (!buffer_string_is_empty(ds->value)) attr = ds->value->ptr;
} else if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("host"))) {
+ mod_vhostdb_dbconf_add_scheme(srv, ds->value);
host = ds->value->ptr;
} else if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("base-dn"))) {
if (!buffer_string_is_empty(ds->value)) basedn = ds->value->ptr;
@@ -206,10 +240,10 @@ static LDAP * mod_authn_ldap_host_init(server *srv, vhostdb_config *s) {
LDAP *ld;
int ret;
- ld = ldap_init(s->host, LDAP_PORT);
- if (NULL == ld) {
- log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:", "ldap_init():",
- strerror(errno));
+ ret = ldap_initialize(&ld, s->host);
+ if (LDAP_SUCCESS != ret) {
+ log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:",
+ "ldap_initialize():", strerror(errno));
return NULL;
}
@@ -247,7 +281,6 @@ static LDAP * mod_authn_ldap_host_init(server *srv, vhostdb_config *s) {
}
static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char *pw) {
- #if 0
struct berval creds;
int ret;
@@ -265,12 +298,6 @@ static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char
if (ret != LDAP_SUCCESS) {
mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_sasl_bind_s()", ret);
}
- #else
- int ret = ldap_simple_bind_s(ld, dn, pw);
- if (ret != LDAP_SUCCESS) {
- mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_simple_bind_s()",ret);
- }
- #endif
return ret;
}