X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=blobdiff_plain;f=libatalk%2Facl%2Fldap.c;h=062bab72acbb5d487bc9cfec403b4dd21f9808cd;hp=e80a6dd63a741d9a855644c944c9f46533e998a4;hb=e77728d6744e05f006ba14f503f08bb654594390;hpb=2dc4a7b7ba17f4cd3fd33a437f8465cd260fc627

diff --git a/libatalk/acl/ldap.c b/libatalk/acl/ldap.c
index e80a6dd6..062bab72 100644
--- a/libatalk/acl/ldap.c
+++ b/libatalk/acl/ldap.c
@@ -1,5 +1,4 @@
 /*
-  $Id: ldap.c,v 1.7 2010-04-23 11:37:06 franklahm Exp $
   Copyright (c) 2008,2009 Frank Lahm <franklahm@gmail.com>
 
   This program is free software; you can redistribute it and/or modify
@@ -17,11 +16,14 @@
 #include "config.h"
 #endif /* HAVE_CONFIG_H */
 
+#ifdef HAVE_LDAP
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/time.h>
 #include <string.h>
 #include <errno.h>
+#define LDAP_DEPRECATED 1
 #include <ldap.h>
 
 #include <atalk/logger.h>
@@ -47,36 +49,38 @@ int  ldap_userscope;
 char *ldap_groupbase;
 int  ldap_groupscope;
 char *ldap_uuid_attr;
+char *ldap_uuid_string;
 char *ldap_name_attr;
 char *ldap_group_attr;
 char *ldap_uid_attr;
 
 struct ldap_pref ldap_prefs[] = {
-    {&ldap_server,     "ldap_server",      0, 0, -1},
-    {&ldap_auth_method,"ldap_auth_method", 1, 1, -1},
-    {&ldap_auth_dn,    "ldap_auth_dn",     0, 0,  0},
-    {&ldap_auth_pw,    "ldap_auth_pw",     0, 0,  0},
-    {&ldap_userbase,   "ldap_userbase",    0, 0, -1},
-    {&ldap_userscope,  "ldap_userscope",   1 ,1, -1},
-    {&ldap_groupbase,  "ldap_groupbase",   0, 0, -1},
-    {&ldap_groupscope, "ldap_groupscope",  1 ,1, -1},
-    {&ldap_uuid_attr,  "ldap_uuid_attr",   0, 0, -1},
-    {&ldap_name_attr,  "ldap_name_attr",   0, 0, -1},
-    {&ldap_group_attr, "ldap_group_attr",  0, 0, -1},
-    {&ldap_uid_attr,   "ldap_uid_attr",    0, 0,  0},
+    {&ldap_server,     "ldap server",      0, 0, -1},
+    {&ldap_auth_method,"ldap auth method", 1, 1, -1},
+    {&ldap_auth_dn,    "ldap auth dn",     0, 0,  0},
+    {&ldap_auth_pw,    "ldap auth pw",     0, 0,  0},
+    {&ldap_userbase,   "ldap userbase",    0, 0, -1},
+    {&ldap_userscope,  "ldap userscope",   1 ,1, -1},
+    {&ldap_groupbase,  "ldap groupbase",   0, 0, -1},
+    {&ldap_groupscope, "ldap groupscope",  1 ,1, -1},
+    {&ldap_uuid_attr,  "ldap uuid attr",   0, 0, -1},
+    {&ldap_uuid_string,"ldap uuid string", 0, 0,  0},
+    {&ldap_name_attr,  "ldap name attr",   0, 0, -1},
+    {&ldap_group_attr, "ldap group attr",  0, 0, -1},
+    {&ldap_uid_attr,   "ldap uid attr",    0, 0,  0},
     {NULL,             NULL,               0, 0, -1}
 };
 
 struct pref_array prefs_array[] = {
-    {"ldap_auth_method", "none",   LDAP_AUTH_NONE},
-    {"ldap_auth_method", "simple", LDAP_AUTH_SIMPLE},
-    {"ldap_auth_method", "sasl",   LDAP_AUTH_SASL},
-    {"ldap_userscope",   "base",   LDAP_SCOPE_BASE},
-    {"ldap_userscope",   "one",    LDAP_SCOPE_ONELEVEL},
-    {"ldap_userscope",   "sub",    LDAP_SCOPE_SUBTREE},
-    {"ldap_groupscope",  "base",   LDAP_SCOPE_BASE},
-    {"ldap_groupscope",  "one",    LDAP_SCOPE_ONELEVEL},
-    {"ldap_groupscope",  "sub",    LDAP_SCOPE_SUBTREE},
+    {"ldap auth method", "none",   LDAP_AUTH_NONE},
+    {"ldap auth method", "simple", LDAP_AUTH_SIMPLE},
+    {"ldap auth method", "sasl",   LDAP_AUTH_SASL},
+    {"ldap userscope",   "base",   LDAP_SCOPE_BASE},
+    {"ldap userscope",   "one",    LDAP_SCOPE_ONELEVEL},
+    {"ldap userscope",   "sub",    LDAP_SCOPE_SUBTREE},
+    {"ldap groupscope",  "base",   LDAP_SCOPE_BASE},
+    {"ldap groupscope",  "one",    LDAP_SCOPE_ONELEVEL},
+    {"ldap groupscope",  "sub",    LDAP_SCOPE_SUBTREE},
     {NULL,               NULL,     0}
 };
 
@@ -157,7 +161,7 @@ retry:
         } else if (LDAP_AUTH_SIMPLE == ldap_auth_method) {
             if (ldap_bind_s(ld, ldap_auth_dn, ldap_auth_pw, ldap_auth_method) != LDAP_SUCCESS ) {
                 LOG(log_error, logtype_default,
-                    "ldap: ldap_bind failed: ldap_auth_dn: \'%s\', ldap_auth_pw: \'%s\', ldap_auth_method: \'%d\'");
+                    "ldap: ldap_bind failed: ldap_auth_dn: \'%s\', ldap_auth_pw: \'%s\', ldap_auth_method: \'%d\'",
                     ldap_auth_dn, ldap_auth_pw, ldap_auth_method);
                 free(ld);
                 ld = NULL;
@@ -166,18 +170,17 @@ retry:
             ldapconnected = 1;
         }
     }
-    /* ldapconnected and ld are now always 1 and != NULL which is important when dealing w. errors*/
 
     LOG(log_maxdebug, logtype_afpd, "ldap: start search: base: %s, filter: %s, attr: %s",
         searchbase, filter, attributes[0]);
 
     /* start LDAP search */
     ldaperr = ldap_search_st(ld, searchbase, scope, filter, attributes, 0, &timeout, &msg);
-    LOG(log_maxdebug, logtype_default, "ldap: ldap_search_st returned: %s, %u",
-        ldap_err2string(ldaperr), ldaperr);
+    LOG(log_maxdebug, logtype_default, "ldap: ldap_search_st returned: %s",
+        ldap_err2string(ldaperr));
     if (ldaperr != LDAP_SUCCESS) {
-        if (retrycount >= 1)
-            LOG(log_error, logtype_default, "ldap: ldap_search_st failed: %s", ldap_err2string(ldaperr));
+        LOG(log_error, logtype_default, "ldap: ldap_search_st failed: %s, retrycount: %i",
+            ldap_err2string(ldaperr), retrycount);
         ret = -1;
         goto cleanup;
     }
@@ -185,7 +188,7 @@ retry:
     /* parse search result */
     LOG(log_maxdebug, logtype_default, "ldap: got %d entries from ldap search",
         ldap_count_entries(ld, msg));
-    if (ldap_count_entries(ld, msg) != 1) {
+    if ((ret = ldap_count_entries(ld, msg)) != 1) {
         ret = 0;
         goto cleanup;
     }
@@ -248,9 +251,16 @@ cleanup:
  * Interface
  ********************************************************/
 
-/* 
- * returns allocated storage in uuid_string, caller must free it
- * returns 0 on success, -1 on error or not found
+/*! 
+ * Search UUID for name in LDAP
+ *
+ * Caller must free uuid_string when done with it
+ *
+ * @param name        (r) name to search
+ * @param type        (r) type of USER or GROUP
+ * @param uuid_string (w) result as pointer to allocated UUID-string
+ *
+ * @returns 0 on success, -1 on error or not found
  */
 int ldap_getuuidfromname( const char *name, uuidtype_t type, char **uuid_string) {
     int ret;
@@ -259,6 +269,9 @@ int ldap_getuuidfromname( const char *name, uuidtype_t type, char **uuid_string)
     char *attributes[]  = { ldap_uuid_attr, NULL};
     char *ldap_attr;
 
+    if (!ldap_config_valid)
+        return -1;
+
     /* make filter */
     if (type == UUID_GROUP)
         ldap_attr = ldap_group_attr;
@@ -284,13 +297,22 @@ int ldap_getuuidfromname( const char *name, uuidtype_t type, char **uuid_string)
  * LDAP search wrapper
  * returns allocated storage in name, caller must free it
  * returns 0 on success, -1 on error or not found
+ * 
+ * @param uuidstr  (r) uuid to search as ascii string
+ * @param name     (w) return pointer to name as allocated string
+ * @param type     (w) return type: USER or GROUP
+ *
+ * returns 0 on success, -1 on errror
  */
-int ldap_getnamefromuuid( char *uuidstr, char **name, uuidtype_t *type) {
+int ldap_getnamefromuuid( const char *uuidstr, char **name, uuidtype_t *type) {
     int ret;
     int len;
     char filter[256];       /* this should really be enough. we dont want to malloc everything! */
     char *attributes[]  = { NULL, NULL};
 
+    if (!ldap_config_valid)
+        return -1;
+
     /* make filter */
     len = snprintf( filter, 256, "%s=%s", ldap_uuid_attr, uuidstr);
     if (len >= 256 || len == -1) {
@@ -316,3 +338,4 @@ int ldap_getnamefromuuid( char *uuidstr, char **name, uuidtype_t *type) {
 
     return -1;
 }
+#endif  /* HAVE_LDAP */