provide replacement functions for ldap_initialize() and ldap_passwd_s() and centralise LDAP compatibility hacks into ldap_compat.h

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1007 ef36b2f9-881f-0410-afb5-c4e39611909c

8 files changed, 241 insertions, 60 deletions

diff --git a/compat/Makefile.am b/compat/Makefile.am
index 601b65b..7ab8cc8 100644
--- a/compat/Makefile.am
+++ b/compat/Makefile.am
@@ -1,6 +1,6 @@
 # Makefile.am - use automake to generate Makefile.in
 #
-# Copyright (C) 2008 Arthur de Jong
+# Copyright (C) 2008, 2009 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -24,8 +24,8 @@ AM_CFLAGS = -fPIC
 
 EXTRA_DIST = getopt_long.c getopt_long.h \
              daemon.c daemon.h \
-             pagectrl.c pagectrl.h \
-             ether.c ether.h
+             ether.c ether.h \
+             ldap_compat.h pagectrl.c ldap_passwd_s.c ldap_initialize.c
 
 libcompat_a_SOURCES = getpeercred.c getpeercred.h
 libcompat_a_LIBADD = @LIBOBJS@
diff --git a/compat/ldap_compat.h b/compat/ldap_compat.h
new file mode 100644
index 0000000..19d9e07
--- /dev/null
+++ b/compat/ldap_compat.h
@@ -0,0 +1,61 @@
+/*
+   ldap_compat.h - provide a replacement definitions for some ldap functions
+
+   Copyright (C) 2009 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#ifndef _COMPAT_LDAP_COMPAT_H
+#define _COMPAT_LDAP_COMPAT_H 1
+
+#include <lber.h>
+#include <ldap.h>
+
+/* compatibility macros */
+#ifndef LDAP_CONST
+#define LDAP_CONST const
+#endif /* not LDAP_CONST */
+#ifndef LDAP_MSG_ONE
+#define LDAP_MSG_ONE 0x00
+#endif /* not LDAP_MSG_ONE */
+
+#ifndef HAVE_LDAP_INITIALIZE
+/* provide a wrapper around ldap_init() if the system doesn't have
+   ldap_initialize() */
+int ldap_initialize(LDAP **ldp,const char *url);
+#endif /* not HAVE_LDAP_INITIALIZE */
+
+#ifndef HAVE_LDAP_CREATE_PAGE_CONTROL
+int ldap_create_page_control(LDAP *ld,unsigned long pagesize,
+                             struct berval *cookiep,int iscritical,
+                             LDAPControl **ctrlp);
+#endif /* not HAVE_LDAP_CREATE_PAGE_CONTROL */
+
+#ifndef HAVE_LDAP_PARSE_PAGE_CONTROL
+int ldap_parse_page_control(LDAP *ld,LDAPControl **ctrls,
+                            unsigned long *list_countp,
+                            struct berval **cookiep);
+#endif /* not HAVE_LDAP_PARSE_PAGE_CONTROL */
+
+#ifndef HAVE_LDAP_PASSWD_S
+int ldap_passwd_s(LDAP *ld,struct berval *user,struct berval *oldpw,
+                  struct berval *newpw,struct berval *newpasswd,
+                  LDAPControl **sctrls,LDAPControl **cctrls);
+#endif /* not HAVE_LDAP_PASSWD_S */
+
+
+#endif /* _COMPAT_LDAP_COMPAT_H */
diff --git a/compat/ldap_initialize.c b/compat/ldap_initialize.c
new file mode 100644
index 0000000..d397784
--- /dev/null
+++ b/compat/ldap_initialize.c
@@ -0,0 +1,64 @@
+/*
+   ldap_initialize.c - replacement function for ldap_initialize()
+
+   Copyright (C) 2009 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#include "config.h"
+
+/* also include deprecated LDAP functions for now */
+#define LDAP_DEPRECATED 1
+
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include <lber.h>
+#include <ldap.h>
+
+#include "compat/ldap_compat.h"
+#include "nslcd/log.h"
+
+
+/* provide a wrapper around ldap_init() if the system doesn't have
+   ldap_initialize() */
+int ldap_initialize(LDAP **ldp,const char *url)
+{
+  char host[80];
+  /* check schema part */
+  if (strncasecmp(url,"ldap://",7)==0)
+  {
+    strncpy(host,url+7,sizeof(host));
+    host[sizeof(host)-1]='\0';
+  }
+  else if (strncasecmp(url,"ldaps://",8)==0)
+  {
+    strncpy(host,url+8,sizeof(host));
+    host[sizeof(host)-1]='\0';
+  }
+  else
+  {
+    log_log(LOG_ERR,"ldap_initialize(): schema not supported: %s",url);
+    exit(EXIT_FAILURE);
+  }
+  /* strip trailing slash */
+  if ((strlen(host)>0)&&(host[strlen(host)-1]=='/'))
+    host[strlen(host)-1]='\0';
+  /* call ldap_init() */
+  *ldp=ldap_init(host,LDAP_PORT);
+  return (*ldp==NULL)?LDAP_OPERATIONS_ERROR:LDAP_SUCCESS;
+}
diff --git a/compat/ldap_passwd_s.c b/compat/ldap_passwd_s.c
new file mode 100644
index 0000000..fde8022
--- /dev/null
+++ b/compat/ldap_passwd_s.c
@@ -0,0 +1,105 @@
+/*
+   ldap_passwd_s.c - replacement function for ldap_passwd_s()
+   Parts of this file were based on parts of the pam_ldap library
+   (taken from _update_authtok() in pam_ldap.c).
+
+   Copyright (C) 1998-2004 Luke Howard
+   Copyright (C) 2009 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <lber.h>
+#include <ldap.h>
+
+#include "compat/ldap_compat.h"
+#include "nslcd/log.h"
+
+#ifndef LDAP_EXOP_MODIFY_PASSWD
+#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW
+#else /* not LDAP_EXOP_X_MODIFY_PASSWD */
+#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
+#endif /* not LDAP_EXOP_X_MODIFY_PASSWD */
+#endif /* not LDAP_EXOP_MODIFY_PASSWD */
+
+#ifndef LBER_USE_DER
+#define LBER_USE_DER 1
+#endif /* not LBER_USE_DER */
+
+#ifndef HAVE_BER_MEMFREE
+#define ber_memfree free
+#endif /* not HAVE_BER_MEMFREE */
+
+/* we define this ourselves here because some LDAP header versions don't
+   seem to define this */
+int ldap_extended_operation_s(LDAP *ld,LDAP_CONST char *reqoid,
+    struct berval *reqdata,LDAPControl **serverctrls,LDAPControl **clientctrls,
+    char **retoidp,struct berval **retdatap);
+
+/* Replacement for password modification. user is the DN of the entry to
+   change, oldpw is the old password (may not always be needed?), newpw is
+   the new password to set and newpasswd is sometimes returned (though not
+   by us). */
+int ldap_passwd_s(LDAP *ld,struct berval *user,struct berval *oldpw,
+                  struct berval *newpw,struct berval *newpasswd,
+                  LDAPControl **sctrls,LDAPControl **cctrls)
+{
+#ifndef HAVE_LDAP_EXTENDED_OPERATION_S
+  return LDAP_OPERATIONS_ERROR;
+#else /* HAVE_LDAP_EXTENDED_OPERATION_S */
+  int rc;
+  BerElement *ber;
+  struct berval *bv;
+  char *retoid;
+  struct berval *retdata;
+  /* set up request data */
+  ber=ber_alloc_t(LBER_USE_DER);
+  if (ber==NULL)
+    return LDAP_NO_MEMORY;
+  ber_printf(ber,"{");
+  ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_ID,user);
+  if (oldpw!=NULL)
+    ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,oldpw);
+  ber_printf(ber,"tO",LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,newpw);
+  ber_printf(ber,"N}");
+  rc=ber_flatten(ber,&bv);
+  ber_free(ber,1);
+  if (rc<0)
+    return LDAP_NO_MEMORY;
+  /* perform the operation */
+  rc=ldap_extended_operation_s(ld,LDAP_EXOP_MODIFY_PASSWD,bv,sctrls,cctrls,
+                               &retoid,&retdata);
+  /* free data */
+  ber_bvfree(bv);
+  if (rc==LDAP_SUCCESS)
+  {
+    ber_bvfree(retdata);
+    ber_memfree(retoid);
+  }
+  /* return result code */
+  return rc;
+#endif /* HAVE_LDAP_EXTENDED_OPERATION_S */
+}
diff --git a/compat/pagectrl.c b/compat/pagectrl.c
index 2697843..d846623 100644
--- a/compat/pagectrl.c
+++ b/compat/pagectrl.c
@@ -32,7 +32,7 @@
 #include <lber.h>
 #include <ldap.h>
 
-#include "pagectrl.h"
+#include "compat/ldap_compat.h"
 
 #ifndef LDAP_CONTROL_PAGE_OID
 #define LDAP_CONTROL_PAGE_OID           "1.2.840.113556.1.4.319"
diff --git a/compat/pagectrl.h b/compat/pagectrl.h
deleted file mode 100644
index a62bb10..0000000
--- a/compat/pagectrl.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
-   pagectrl.h - provide a replacement ldap_create_page_control() function.
-   This file was part of the nss_ldap library which has been
-   forked into the nss-pam-ldapd library.
-
-   Copyright (C) 1997-2005 Luke Howard
-
-   This library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   This library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with this library; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-   02110-1301 USA
-*/
-
-#ifndef _LDAP_NSS_LDAP_PAGECTRL_H
-#define _LDAP_NSS_LDAP_PAGECTRL_H
-
-#ifndef HAVE_LDAP_CREATE_PAGE_CONTROL
-int
-ldap_create_page_control( LDAP *ld,
-    unsigned long pagesize,
-    struct berval *cookiep,
-    int iscritical,
-    LDAPControl **ctrlp );
-#endif /* not HAVE_LDAP_CREATE_PAGE_CONTROL */
-
-#ifndef HAVE_LDAP_PARSE_PAGE_CONTROL
-int
-ldap_parse_page_control(
-    LDAP           *ld,
-    LDAPControl    **ctrls,
-    unsigned long  *list_countp,
-    struct berval  **cookiep );
-#endif /* not HAVE_LDAP_PARSE_PAGE_CONTROL */
-
-#endif /* _LDAP_NSS_LDAP_UTIL_H */
diff --git a/configure.ac b/configure.ac
index ca8105e..5c8b11c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -407,8 +407,8 @@ then
   AC_CHECK_FUNCS(ldap_parse_result ldap_memfree ldap_controls_free ldap_control_free)
   AC_CHECK_FUNCS(ldap_explode_dn ldap_explode_rdn ldap_set_option ldap_get_option)
   AC_CHECK_FUNCS(ldap_abandon ldap_simple_bind_s ldap_unbind ldap_set_rebind_proc)
-  AC_CHECK_FUNCS(ldap_initialize ldap_search_ext)
-  AC_CHECK_FUNCS(ldap_create_control)
+  AC_CHECK_FUNCS(ldap_initialize ldap_search_ext ber_memfree)
+  AC_CHECK_FUNCS(ldap_create_control ldap_extended_operation_s)
   AC_CHECK_FUNCS(ldap_domain2hostlist ldap_domain2dn)
   AC_CHECK_FUNCS(ldap_get_values ldap_value_free ldap_get_dn)
   AC_CHECK_FUNCS(ldap_err2string ldap_msgfree ldap_result)
@@ -416,6 +416,10 @@ then
   # replace ldap_create_page_control() and ldap_parse_page_control()
   AC_CHECK_FUNCS(ldap_create_page_control ldap_parse_page_control,,[AC_LIBOBJ(pagectrl)])
 
+  # replace other ldap functions
+  AC_REPLACE_FUNCS(ldap_passwd_s)
+  AC_REPLACE_FUNCS(ldap_initialize)
+
   # check the number of arguments that ldap_set_rebind_proc() uses
   AC_CACHE_CHECK(
       [number of arguments to ldap_set_rebind_proc],
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index ca7328b..ca42241 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -72,20 +72,12 @@
 #include <pthread.h>
 
 #include "myldap.h"
-#include "compat/pagectrl.h"
 #include "common.h"
 #include "log.h"
 #include "cfg.h"
 #include "attmap.h"
 #include "common/set.h"
-
-/* compatibility macros */
-#ifndef LDAP_CONST
-#define LDAP_CONST const
-#endif /* not LDAP_CONST */
-#ifndef LDAP_MSG_ONE
-#define LDAP_MSG_ONE 0x00
-#endif /* not LDAP_MSG_ONE */
+#include "compat/ldap_compat.h"
 
 /* the maximum number of searches per session */
 #define MAX_SEARCHES_IN_SESSION 4