This is an automated email from the git hooks/post-receive script. firstyear pushed a commit to branch master in repository 389-ds-base. commit c15baaf473099bc6fe9745a10f4499aea8c045a4 Author: William Brown <firstyear(a)redhat.com&gt; Date: Fri May 5 11:21:03 2017 +1000 Ticket 48985 - Add schema for nested groups to work out of box. Bug Description: Previously, nestedGroups didn't work on pure ds because you needed to add inetUser to a group. As well, the auto objectClass didn't work as it would be NULL by default. Fix Description: Add schema and update defaults for memberof to work out of the box with no alterations. Make it the default add objectClass, and because of it's simple nature, it can apply to groups and users. https://pagure.io/389-ds-base/issue/48985 Author: wibrown Review by: mreynolds (Thanks!) --- dirsrvtests/tests/suites/plugins/memberof_test.py | 51 +++++++++++++++++++---- ldap/admin/src/scripts/fixup-memberof.pl.in | 2 +- ldap/schema/30ns-common.ldif | 2 + ldap/servers/plugins/memberof/memberof.c | 2 +- ldap/servers/plugins/memberof/memberof.h | 1 + ldap/servers/plugins/memberof/memberof_config.c | 15 ++++++- 6 files changed, 60 insertions(+), 13 deletions(-) diff --git a/dirsrvtests/tests/suites/plugins/memberof_test.py b/dirsrvtests/tests/suites/plugins/memberof_test.py index 5880964..f4bf225 100644 --- a/dirsrvtests/tests/suites/plugins/memberof_test.py +++ b/dirsrvtests/tests/suites/plugins/memberof_test.py @@ -128,16 +128,12 @@ def text_memberof_683241_01(topology_st): [(ldap.MOD_REPLACE, PLUGIN_TYPE, 'betxnpostoperation')]) - topology_st.standalone.restart(timeout=10) + topology_st.standalone.restart() ent = topology_st.standalone.getEntry(MEMBEROF_PLUGIN_DN, ldap.SCOPE_BASE, "(objectclass=*)", [PLUGIN_TYPE]) assert ent.hasAttr(PLUGIN_TYPE) assert ent.getValue(PLUGIN_TYPE) == 'betxnpostoperation' -def test_memberof_setloging(topology_st): - topology_st.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', str(65536))]) - - def test_memberof_MultiGrpAttr_001(topology_st): """ Checking multiple grouping attributes supported @@ -156,7 +152,7 @@ def test_memberof_MultiGrpAttr_003(topology_st): """ log.info("Enable MemberOf plugin") topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF) - topology_st.standalone.restart(timeout=10) + topology_st.standalone.restart() ent = topology_st.standalone.getEntry(MEMBEROF_PLUGIN_DN, ldap.SCOPE_BASE, "(objectclass=*)", [PLUGIN_ENABLED]) assert ent.hasAttr(PLUGIN_ENABLED) assert ent.getValue(PLUGIN_ENABLED).lower() == 'on' @@ -294,7 +290,7 @@ def test_memberof_MultiGrpAttr_008(topology_st): [(ldap.MOD_DELETE, PLUGIN_MEMBEROF_GRP_ATTR, ['uniqueMember'])]) - topology_st.standalone.restart(timeout=10) + topology_st.standalone.restart() log.info("Assert that this change of configuration did change the already set values") # assert enh1 is member of grp1 and is NOT member of grp2 @@ -306,7 +302,7 @@ def test_memberof_MultiGrpAttr_008(topology_st): assert _check_memberof(topology_st, member=memofenh2, group=memofegrp2) _set_memberofgroupattr_add(topology_st, 'uniqueMember') - topology_st.standalone.restart(timeout=10) + topology_st.standalone.restart() def test_memberof_MultiGrpAttr_009(topology_st): @@ -2420,7 +2416,43 @@ def test_memberof_auto_add_oc(topology_st): # Enable the plugin topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF) - # First test invalid value (config validation) + # Test that the default add OC works. + + try: + topology_st.standalone.add_s(Entry((USER1_DN, + {'objectclass': 'top', + 'objectclass': 'person', + 'objectclass': 'organizationalPerson', + 'objectclass': 'inetorgperson', + 'sn': 'last', + 'cn': 'full', + 'givenname': 'user1', + 'uid': 'user1' + }))) + except ldap.LDAPError as e: + log.fatal('Failed to add user1 entry, error: ' + e.message['desc']) + assert False + + # Add a group(that already includes one user + try: + topology_st.standalone.add_s(Entry((GROUP_DN, + {'objectclass': 'top', + 'objectclass': 'groupOfNames', + 'cn': 'group', + 'member': USER1_DN + }))) + except ldap.LDAPError as e: + log.fatal('Failed to add group entry, error: ' + e.message['desc']) + assert False + + # Assert memberOf on user1 + _check_memberof(topology_st, USER1_DN, GROUP_DN) + + # Reset for the next test .... + topology_st.standalone.delete_s(USER1_DN) + topology_st.standalone.delete_s(GROUP_DN) + + # Test invalid value (config validation) topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF) try: topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN, @@ -2435,6 +2467,7 @@ def test_memberof_auto_add_oc(topology_st): ldap.error('Unexpected error adding invalid objectclass - error: ' + e.message['desc']) assert False + # Add valid objectclass topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF) try: diff --git a/ldap/admin/src/scripts/fixup-memberof.pl.in b/ldap/admin/src/scripts/fixup-memberof.pl.in index fc00c2f..167ed7f 100644 --- a/ldap/admin/src/scripts/fixup-memberof.pl.in +++ b/ldap/admin/src/scripts/fixup-memberof.pl.in @@ -32,7 +32,7 @@ sub usage { print(STDERR " -j filename - Read Directory Manager's password from file\n"); print(STDERR " -b baseDN - Base DN that contains entries to fix up.\n"); print(STDERR " -f filter - Filter for entries to fix up\n"); - print(STDERR " If omitted, all entries with objectclass inetuser/inetadmin under the\n"); + print(STDERR " If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the\n"); print(STDERR " specified base will have their memberOf attribute regenerated.\n"); print(STDERR " -P protocol - STARTTLS, LDAPS, LDAPI, LDAP (default: uses most secure protocol available)\n"); print(STDERR " -h - Display usage\n"); diff --git a/ldap/schema/30ns-common.ldif b/ldap/schema/30ns-common.ldif index ebe540a..b095909 100644 --- a/ldap/schema/30ns-common.ldif +++ b/ldap/schema/30ns-common.ldif @@ -63,3 +63,5 @@ objectClasses: ( nsTaskGroup-oid NAME 'nsTaskGroup' DESC 'Netscape defined objec objectClasses: ( nsAdminObject-oid NAME 'nsAdminObject' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsJarFilename $ nsClassName ) X-ORIGIN 'Netscape' ) objectClasses: ( nsConfig-oid NAME 'nsConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( description $ nsServerPort $ nsServerAddress $ nsSuiteSpotUser $ nsErrorLog $ nsPidLog $ nsAccessLog $ nsDefaultAcceptLanguage $ nsServerSecurity ) X-ORIGIN 'Netscape' ) objectClasses: ( nsDirectoryInfo-oid NAME 'nsDirectoryInfo' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsBindDN $ nsBindPassword $ nsDirectoryURL $ nsDirectoryFailoverList $ nsDirectoryInfoRef ) X-ORIGIN 'Netscape' ) +objectClasses: ( 2.16.840.1.113730.3.2.329 NAME 'nsMemberOf' DESC 'Allow memberOf assignment on groups for nesting and users' SUP top AUXILIARY MAY ( memberOf ) X-ORIGIN '389 Directory Server Project' ) + diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c index 8d36b80..b37f1a1 100644 --- a/ldap/servers/plugins/memberof/memberof.c +++ b/ldap/servers/plugins/memberof/memberof.c @@ -3140,7 +3140,7 @@ int memberof_task_add(Slapi_PBlock *pb, goto out; } - if ((filter = fetch_attr(e, "filter", "(|(objectclass=inetuser)(objectclass=inetadmin))")) == NULL) + if ((filter = fetch_attr(e, "filter", "(|(objectclass=inetuser)(objectclass=inetadmin)(objectclass=nsmemberof))")) == NULL) { *returncode = LDAP_OBJECT_CLASS_VIOLATION; rv = SLAPI_DSE_CALLBACK_ERROR; diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h index 9a3a6a2..723c32e 100644 --- a/ldap/servers/plugins/memberof/memberof.h +++ b/ldap/servers/plugins/memberof/memberof.h @@ -42,6 +42,7 @@ #define MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE "memberOfEntryScopeExcludeSubtree" #define MEMBEROF_SKIP_NESTED_ATTR "memberOfSkipNested" #define MEMBEROF_AUTO_ADD_OC "memberOfAutoAddOC" +#define NSMEMBEROF "nsMemberOf" #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12" #define NAME_OPT_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34" diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c index 522bfb7..c1bba2f 100644 --- a/ldap/servers/plugins/memberof/memberof_config.c +++ b/ldap/servers/plugins/memberof/memberof_config.c @@ -285,13 +285,19 @@ memberof_validate_config (Slapi_PBlock *pb, } } - if ((auto_add_oc = slapi_entry_attr_get_charptr(e, MEMBEROF_AUTO_ADD_OC))){ + /* Setup a default auto add OC */ + auto_add_oc = slapi_entry_attr_get_charptr(e, MEMBEROF_AUTO_ADD_OC); + if (auto_add_oc == NULL) { + auto_add_oc = slapi_ch_strdup(NSMEMBEROF); + } + + if (auto_add_oc != NULL) { char *sup = NULL; /* Check if the objectclass exists by looking for its superior oc */ if((sup = slapi_schema_get_superior_name(auto_add_oc)) == NULL){ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, - "The %s configuration attribute must be set to " + "The %s configuration attribute must be set " "to an existing objectclass (unknown: %s)", MEMBEROF_AUTO_ADD_OC, auto_add_oc); *returncode = LDAP_UNWILLING_TO_PERFORM; @@ -515,6 +521,10 @@ memberof_apply_config (Slapi_PBlock *pb __attribute__((unused)), skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR); auto_add_oc = slapi_entry_attr_get_charptr(e, MEMBEROF_AUTO_ADD_OC); + if (auto_add_oc == NULL) { + auto_add_oc = slapi_ch_strdup(NSMEMBEROF); + } + /* * We want to be sure we don't change the config in the middle of * a memberOf operation, so we obtain an exclusive lock here @@ -638,6 +648,7 @@ memberof_apply_config (Slapi_PBlock *pb __attribute__((unused)), theConfig.allBackends = 0; } + slapi_ch_free_string(&(theConfig.auto_add_oc)); theConfig.auto_add_oc = auto_add_oc; /* -- To stop receiving notification emails like this one, please contact the administrator of this repository.

This is an automated email from the git hooks/post-receive script. firstyear pushed a commit to branch master in repository 389-ds-base. commit 620d0375d803a5472279e14e86bc6f604bb51f57 Author: William Brown <firstyear(a)redhat.com&gt; Date: Fri May 5 15:24:35 2017 +1000 Ticket 49053 - Enable flto for DS Bug Description: Link Time Optimisation allows GCC to perform broader and more substantial improvements to our code. This is described https://gcc.gnu.org/onlinedocs/gccint/LTO-Overview.html Fix Description: To enable LTO, there were a number of errors exposed on libldaputil related to the use of a callback struct. However, because of the current definition of INTLDAPU, this meant that the macros and ldap access vector were never accessed. This cleans up the struct and remove the macros, which resolves the issue with LTO building. https://gcc.gnu.org/onlinedocs/gccint/LTO-Overview.html Author: wibrown Review by: mreynolds (Thanks!) --- Makefile.am | 16 +- include/ldaputil/certmap.h | 168 +++++++++++- include/ldaputil/errors.h | 27 +- include/ldaputil/extcmap.h | 627 --------------------------------------------- ldap/servers/slapd/auth.c | 3 +- lib/ldaputil/init.c | 58 ----- 6 files changed, 178 insertions(+), 721 deletions(-) diff --git a/Makefile.am b/Makefile.am index 4c84516..670ce10 100644 --- a/Makefile.am +++ b/Makefile.am @@ -283,7 +283,7 @@ sbin_PROGRAMS = ns-slapd ldap-agent-bin bin_PROGRAMS = dbscan-bin dsktune-bin infadd-bin ldclt-bin \ ldif-bin migratecred-bin mmldif-bin pwdhash-bin rsearch-bin -server_LTLIBRARIES = libsds.la libnunc-stans.la libslapd.la libns-dshttpd.la +server_LTLIBRARIES = libsds.la libnunc-stans.la libldaputil.la libslapd.la libns-dshttpd.la # this is how to add optional plugins if enable_pam_passthru @@ -335,7 +335,7 @@ nodist_property_DATA = ns-slapd.properties noinst_PROGRAMS = makstrdb -noinst_LIBRARIES = libavl.a libldaputil.a +noinst_LIBRARIES = libavl.a dist_noinst_HEADERS = \ include/i18n.h \ @@ -356,7 +356,6 @@ dist_noinst_HEADERS = \ include/ldaputil/dbconf.h \ include/ldaputil/encode.h \ include/ldaputil/errors.h \ - include/ldaputil/extcmap.h \ include/ldaputil/init.h \ include/ldaputil/ldapauth.h \ include/ldaputil/ldaputil.h \ @@ -995,7 +994,7 @@ libavl_a_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) #------------------------ # libldaputil #------------------------ -libldaputil_a_SOURCES = lib/ldaputil/cert.c \ +libldaputil_la_SOURCES = lib/ldaputil/cert.c \ lib/ldaputil/certmap.c \ lib/ldaputil/dbconf.c \ lib/ldaputil/encode.c \ @@ -1004,7 +1003,7 @@ libldaputil_a_SOURCES = lib/ldaputil/cert.c \ lib/ldaputil/ldapauth.c \ lib/ldaputil/vtable.c -libldaputil_a_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(DSINTERNAL_CPPFLAGS) -I$(srcdir)/lib/ldaputil +libldaputil_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(DSINTERNAL_CPPFLAGS) -I$(srcdir)/lib/ldaputil #//////////////////////////////////////////////////////////////// @@ -1117,11 +1116,10 @@ libns_dshttpd_la_SOURCES = lib/libaccess/access_plhash.cpp \ lib/base/util.cpp \ lib/libsi18n/getstrprop.c \ lib/libsi18n/reshash.c \ - lib/libsi18n/txtfile.c \ - $(libldaputil_a_SOURCES) + lib/libsi18n/txtfile.c libns_dshttpd_la_CPPFLAGS = -I$(srcdir)/include/base $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) -I$(srcdir)/lib/ldaputil -libns_dshttpd_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) +libns_dshttpd_la_LIBADD = libslapd.la libldaputil.la $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) # Mark that this is a per version library. libns_dshttpd_la_LDFLAGS = -release @PACKAGE_VERSION@ @@ -1955,7 +1953,7 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \ $(GETSOCKETPEER) ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(SASL_INCLUDES) $(SVRCORE_INCLUDES) -ns_slapd_LDADD = libnunc-stans.la libslapd.la libldaputil.a $(LDAPSDK_LINK) $(NSS_LINK) $(LIBADD_DL) \ +ns_slapd_LDADD = libnunc-stans.la libslapd.la libldaputil.la $(LDAPSDK_LINK) $(NSS_LINK) $(LIBADD_DL) \ $(NSPR_LINK) $(SASL_LINK) $(SVRCORE_LINK) $(LIBNSL) $(LIBSOCKET) $(THREADLIB) $(SYSTEMD_LINK) $(EVENT_LINK) ns_slapd_DEPENDENCIES = libslapd.la libnunc-stans.la # We need to link ns-slapd with the C++ compiler on HP-UX since we load diff --git a/include/ldaputil/certmap.h b/include/ldaputil/certmap.h index ca66469..8ea099e 100644 --- a/include/ldaputil/certmap.h +++ b/include/ldaputil/certmap.h @@ -11,14 +11,169 @@ # include <config.h> #endif -#ifndef _LDAPU_CERTMAP_H -#define _LDAPU_CERTMAP_H +#pragma once -#ifndef INTLDAPU -#define INTLDAPU -#endif /* INTLDAPU */ +/* What was extcmap.h begins ... */ -#include "extcmap.h" +#include <ldap.h> + +#ifndef NSAPI_PUBLIC +#define NSAPI_PUBLIC +#endif + + +#define LDAPU_ATTR_INITFN "InitFn" +#define LDAPU_ATTR_LIBRARY "library" +#define LDAPU_ATTR_DNCOMPS "DNComps" +#define LDAPU_ATTR_FILTERCOMPS "FilterComps" +#define LDAPU_ATTR_VERIFYCERT "VerifyCert" +#define LDAPU_ATTR_CERTMAP_LDAP_ATTR "CmapLdapAttr" + + +/* + * CertMapFn_t - + * This is a typedef for cert mapping function. The mapping function is + * called by the function ldapu_cert_to_ldap_entry. + * Parameters: + * cert - cert to be mapped. You can pass this to + * functions ldapu_get_cert_XYZ. + * ld - Handle to the connection to the directory server. + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * ldapdn - The mapping function should allocate memory for ldapdn + * using malloc and set this variable using the 'cert' and + * 'certmap_info'. This DN will be used for ldap lookup. + * filter - The mapping function should allocate memory for filter + * using malloc and set this variable using the 'cert' and + * 'certmap_info'. This will be used as ldap filter for ldap + * lookup of the ldapdn. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion (cert is mapped) + * return LDAPU_FAILED there is no unexpected error but cert could not + * mapped (probably because ldap entry doesn't exist). + * otherwise return LDAPU_CERT_MAP_FUNCTION_FAILED. + */ +typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info, + char **ldapdn, char **filter); + + +/* + * CertSearchFn_t - + * This is a typedef for cert search function. The search function is + * called by the function ldapu_cert_to_ldap_entry after calling the mapping + * function. The candidate 'dn' and 'filter' returned by the mapping + * function is passed to this function. + * The default search function works as follows: + * 1. If the 'filter' is NULL, default it to 'objectclass=*'. + * 2. If the 'dn' is non-NULL, do a base level search with the 'dn' and + * 'filter'. If it succeeds, we are done. If there is no serious + * error (LDAP_NO_SUCH_OBJECT is not serious error yet), continue. + * 3. If the 'dn' is NULL, default it to 'basedn'. + * 4. Perform a 'subtree' search in LDAP for the 'dn' and the 'filter'. + * 5. Return the results of the last search. + * Parameters: + * cert - cert to be mapped. You can pass this to + * functions ldapu_get_cert_XYZ. + * ld - Handle to the connection to the directory server. + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * suffix - If the ldapdn is empty then use this DN to begin the + * search. This is the DN of the root object in LDAP + * Directory. + * ldapdn - candidate 'dn' returned by the mapping function. + * filter - returned by the mapping function. + * attrs - list of attributes to return from the search. If this is + * NULL, all attributes are returned. + * res - result of the search which is passed to the verify + * function. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * return LDAPU_FAILED there is no unexpected error but entries matching the + * 'dn' and 'filter' doesn't exist. + * otherwise return LDAPU_CERT_SEARCH_FUNCTION_FAILED. + */ +typedef int (*CertSearchFn_t)(void *cert, LDAP *ld, void *certmap_info, + const char *suffix, const char *ldapdn, + const char *filter, const char **attrs, + LDAPMessage ***res); + + +/* + * CertVerifyFn_t - + * This is a typedef for cert verify function. The verify function is + * called by the function ldapu_cert_to_ldap_entry after the cert is + * successfully mapped to ldapdn and filter, and an entry matching that + * exists in the directory server. The verify fn may get called for + * multiple matched entries. This function must go through all the entries + * and check which one is appropriate. The pointer to that entry must be + * passed back in the 'LDAPMessage **entry' parameter. + * Parameters: + * cert - Original cert to be mapped. You can pass this to + * functions ldapu_get_cert_XYZ. + * ld - Handle to the connection to the directory server. + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * res - cert is first mapped to ldapdn and filter. 'res' is the + * result of ldap search using the ldapdn and filter. + * 'ld' and 'res' can be used in the calls to ldapsdk API. + * entry - pointer to the entry from 'res' which is the correct match + * according to the verify function. + * + * Return Values: + * return LDAPU_SUCCESS upon successful completion (cert is verified) + * return LDAPU_FAILED there is no unexpected error but cert could not + * verified (probably because it was revoked). + * otherwise return LDAPU_CERT_VERIFY_FUNCTION_FAILED. + */ +typedef int (*CertVerifyFn_t)(void *cert, LDAP *ld, void *certmap_info, + LDAPMessage *res, LDAPMessage **entry); + + + +/* + * CertmapInitFn_t - + * This is a typedef for user defined init function. An init function can be + * specified in the config file (<ServerRoot>/userdb/certmap.conf) per issuer + * of a certificate. This init function must from the user's library, also + * loaded from the config file using the 'library' property. The init + * function is specified in the config file using the 'InitFn' property. + * When the config file is loaded, any user defined init functions will be + * called with the certmap_info pertaining to the issuer (CA). + * Parameters: + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise return LDAPU_CERT_MAP_INITFN_FAILED. The server startup will be + * aborted if the return value is not LDAPU_SUCCESS. + */ +typedef int (*CertMapInitFn_t)(void *certmap_info, const char *issuerName, + const char *issuerDN, const char *libname); + +/* + * Refer to the description of the function ldapu_get_cert_ava_val + */ +enum { + LDAPU_SUBJECT_DN, + LDAPU_ISSUER_DN +}; + +/* end extcmap */ enum { LDAPU_STR_FILTER_DEFAULT, @@ -127,4 +282,3 @@ NSAPI_PUBLIC int ldaputil_exit(void); } #endif -#endif /* _LDAPU_CERTMAP_H */ diff --git a/include/ldaputil/errors.h b/include/ldaputil/errors.h index 8bbbdc2..2ae343a 100644 --- a/include/ldaputil/errors.h +++ b/include/ldaputil/errors.h @@ -11,8 +11,7 @@ # include <config.h> #endif -#ifndef _LDAPU_ERRORS_H -#define _LDAPU_ERRORS_H +#pragma once #ifndef NSAPI_PUBLIC #define NSAPI_PUBLIC @@ -34,12 +33,13 @@ /* Common error codes */ #define LDAPU_ERR_NOT_IMPLEMENTED -1000 #define LDAPU_ERR_INTERNAL -1001 -/* #define LDAPU_SUCCESS 0 */ /* defined in extcmap.h */ -/* #define LDAPU_FAILED -1 */ /* defined in extcmap.h */ -/* #define LDAPU_CERT_MAP_FUNCTION_FAILED -2 *//* defined in extcmap.h */ -/* #define LDAPU_CERT_VERIFY_FUNCTION_FAILED -3 *//* defined in extcmap.h */ -/* #define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4 *//* defined in extcmap.h */ -/* #define LDAPU_CERT_MAP_INITFN_FAILED -5 *//* defined in extcmap.h */ + +#define LDAPU_SUCCESS 0 +#define LDAPU_FAILED -1 +#define LDAPU_CERT_MAP_FUNCTION_FAILED -2 +#define LDAPU_CERT_SEARCH_FUNCTION_FAILED -3 +#define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4 +#define LDAPU_CERT_MAP_INITFN_FAILED -5 /* Error codes returned by ldapdb.c */ #define LDAPU_ERR_OUT_OF_MEMORY -110 @@ -99,14 +99,3 @@ #define LDAPU_ERR_INVALID_STRING_INDEX -402 #define LDAPU_ERR_MISSING_ATTR_VAL -403 -#ifdef __cplusplus -extern "C" { -#endif - - /* NSAPI_PUBLIC extern char *ldapu_err2string(int err); */ - -#ifdef __cplusplus -} -#endif - -#endif /* LDAPUTIL_LDAPU_H */ diff --git a/include/ldaputil/extcmap.h b/include/ldaputil/extcmap.h deleted file mode 100644 index f5b0227..0000000 --- a/include/ldaputil/extcmap.h +++ /dev/null @@ -1,627 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * - * License: GPL (version 3 or any later version). - * See LICENSE for details. - * END COPYRIGHT BLOCK **/ - -#ifdef HAVE_CONFIG_H -# include <config.h> -#endif - -#ifndef _PUBLIC_CERTMAP_H -#define _PUBLIC_CERTMAP_H - -#include <ldap.h> - -#ifndef NSAPI_PUBLIC -#define NSAPI_PUBLIC -#endif - - -#define LDAPU_ATTR_INITFN "InitFn" -#define LDAPU_ATTR_LIBRARY "library" -#define LDAPU_ATTR_DNCOMPS "DNComps" -#define LDAPU_ATTR_FILTERCOMPS "FilterComps" -#define LDAPU_ATTR_VERIFYCERT "VerifyCert" -#define LDAPU_ATTR_CERTMAP_LDAP_ATTR "CmapLdapAttr" - -/* Error/Success codes */ -#define LDAPU_SUCCESS 0 -#define LDAPU_FAILED -1 -#define LDAPU_CERT_MAP_FUNCTION_FAILED -2 -#define LDAPU_CERT_SEARCH_FUNCTION_FAILED -3 -#define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4 -#define LDAPU_CERT_MAP_INITFN_FAILED -5 - - -/* - * CertMapFn_t - - * This is a typedef for cert mapping function. The mapping function is - * called by the function ldapu_cert_to_ldap_entry. - * Parameters: - * cert - cert to be mapped. You can pass this to - * functions ldapu_get_cert_XYZ. - * ld - Handle to the connection to the directory server. - * certmap_info - This structure contains information about the - * configuration parameters for the cert's issuer (CA). - * This structure can be passed to the function - * ldapu_certmap_info_attrval to get value for a particular - * configuration attribute (or a property). - * ldapdn - The mapping function should allocate memory for ldapdn - * using malloc and set this variable using the 'cert' and - * 'certmap_info'. This DN will be used for ldap lookup. - * filter - The mapping function should allocate memory for filter - * using malloc and set this variable using the 'cert' and - * 'certmap_info'. This will be used as ldap filter for ldap - * lookup of the ldapdn. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion (cert is mapped) - * return LDAPU_FAILED there is no unexpected error but cert could not - * mapped (probably because ldap entry doesn't exist). - * otherwise return LDAPU_CERT_MAP_FUNCTION_FAILED. - */ -typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info, - char **ldapdn, char **filter); - - -/* - * CertSearchFn_t - - * This is a typedef for cert search function. The search function is - * called by the function ldapu_cert_to_ldap_entry after calling the mapping - * function. The candidate 'dn' and 'filter' returned by the mapping - * function is passed to this function. - * The default search function works as follows: - * 1. If the 'filter' is NULL, default it to 'objectclass=*'. - * 2. If the 'dn' is non-NULL, do a base level search with the 'dn' and - * 'filter'. If it succeeds, we are done. If there is no serious - * error (LDAP_NO_SUCH_OBJECT is not serious error yet), continue. - * 3. If the 'dn' is NULL, default it to 'basedn'. - * 4. Perform a 'subtree' search in LDAP for the 'dn' and the 'filter'. - * 5. Return the results of the last search. - * Parameters: - * cert - cert to be mapped. You can pass this to - * functions ldapu_get_cert_XYZ. - * ld - Handle to the connection to the directory server. - * certmap_info - This structure contains information about the - * configuration parameters for the cert's issuer (CA). - * This structure can be passed to the function - * ldapu_certmap_info_attrval to get value for a particular - * configuration attribute (or a property). - * suffix - If the ldapdn is empty then use this DN to begin the - * search. This is the DN of the root object in LDAP - * Directory. - * ldapdn - candidate 'dn' returned by the mapping function. - * filter - returned by the mapping function. - * attrs - list of attributes to return from the search. If this is - * NULL, all attributes are returned. - * res - result of the search which is passed to the verify - * function. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * return LDAPU_FAILED there is no unexpected error but entries matching the - * 'dn' and 'filter' doesn't exist. - * otherwise return LDAPU_CERT_SEARCH_FUNCTION_FAILED. - */ -typedef int (*CertSearchFn_t)(void *cert, LDAP *ld, void *certmap_info, - const char *suffix, const char *ldapdn, - const char *filter, const char **attrs, - LDAPMessage ***res); - - -/* - * CertVerifyFn_t - - * This is a typedef for cert verify function. The verify function is - * called by the function ldapu_cert_to_ldap_entry after the cert is - * successfully mapped to ldapdn and filter, and an entry matching that - * exists in the directory server. The verify fn may get called for - * multiple matched entries. This function must go through all the entries - * and check which one is appropriate. The pointer to that entry must be - * passed back in the 'LDAPMessage **entry' parameter. - * Parameters: - * cert - Original cert to be mapped. You can pass this to - * functions ldapu_get_cert_XYZ. - * ld - Handle to the connection to the directory server. - * certmap_info - This structure contains information about the - * configuration parameters for the cert's issuer (CA). - * This structure can be passed to the function - * ldapu_certmap_info_attrval to get value for a particular - * configuration attribute (or a property). - * res - cert is first mapped to ldapdn and filter. 'res' is the - * result of ldap search using the ldapdn and filter. - * 'ld' and 'res' can be used in the calls to ldapsdk API. - * entry - pointer to the entry from 'res' which is the correct match - * according to the verify function. - * - * Return Values: - * return LDAPU_SUCCESS upon successful completion (cert is verified) - * return LDAPU_FAILED there is no unexpected error but cert could not - * verified (probably because it was revoked). - * otherwise return LDAPU_CERT_VERIFY_FUNCTION_FAILED. - */ -typedef int (*CertVerifyFn_t)(void *cert, LDAP *ld, void *certmap_info, - LDAPMessage *res, LDAPMessage **entry); - - - -/* - * CertmapInitFn_t - - * This is a typedef for user defined init function. An init function can be - * specified in the config file (<ServerRoot>/userdb/certmap.conf) per issuer - * of a certificate. This init function must from the user's library, also - * loaded from the config file using the 'library' property. The init - * function is specified in the config file using the 'InitFn' property. - * When the config file is loaded, any user defined init functions will be - * called with the certmap_info pertaining to the issuer (CA). - * Parameters: - * certmap_info - This structure contains information about the - * configuration parameters for the cert's issuer (CA). - * This structure can be passed to the function - * ldapu_certmap_info_attrval to get value for a particular - * configuration attribute (or a property). - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise return LDAPU_CERT_MAP_INITFN_FAILED. The server startup will be - * aborted if the return value is not LDAPU_SUCCESS. - */ -typedef int (*CertMapInitFn_t)(void *certmap_info, const char *issuerName, - const char *issuerDN, const char *libname); - -/* - * Refer to the description of the function ldapu_get_cert_ava_val - */ -enum { - LDAPU_SUBJECT_DN, - LDAPU_ISSUER_DN -}; - -/* ldapu_cert_to_ldap_entry */ -typedef int (*t_ldapu_cert_to_ldap_entry)(void *cert, LDAP *ld, - const char *suffix, - LDAPMessage **res); - -/* ldapu_set_cert_mapfn */ -typedef int (*t_ldapu_set_cert_mapfn)(const char *issuerDN, - CertMapFn_t mapfn); - -/* ldapu_get_cert_mapfn */ -typedef CertMapFn_t (*t_ldapu_get_cert_mapfn) (const char *issuerDN); - -/* ldapu_set_cert_searchfn */ -typedef int (*t_ldapu_set_cert_searchfn) (const char *issuerDN, - CertSearchFn_t searchfn); - -/* ldapu_get_cert_searchfn */ -typedef CertSearchFn_t (*t_ldapu_get_cert_searchfn) (const char *issuerDN); - -/* ldapu_set_cert_verifyfn */ -typedef int (*t_ldapu_set_cert_verifyfn) (const char *issuerDN, - CertVerifyFn_t verifyFn); - -/* ldapu_get_cert_verifyfn */ -typedef CertVerifyFn_t (*t_ldapu_get_cert_verifyfn) (const char *issuerDN); - -/* ldapu_get_cert_subject_dn */ -typedef int (*t_ldapu_get_cert_subject_dn) (void *cert, char **subjectDN); - -/* ldapu_get_cert_issuer_dn */ -typedef int (*t_ldapu_get_cert_issuer_dn) (void *cert, char **issuerDN); - -/* ldapu_get_cert_ava_val */ -typedef int (*t_ldapu_get_cert_ava_val) (void *cert, int which_dn, - const char *attr, char ***val); - -/* ldapu_free_cert_ava_val */ -typedef int (*t_ldapu_free_cert_ava_val) (char **val); - -/* ldapu_get_cert_der */ -typedef int (*t_ldapu_get_cert_der) (void *cert, unsigned char **derCert, - unsigned int *len); - -/* ldapu_issuer_certinfo */ -typedef int (*t_ldapu_issuer_certinfo) (const char *issuerDN, - void **certmap_info); - -/* ldapu_certmap_info_attrval */ -typedef int (*t_ldapu_certmap_info_attrval) (void *certmap_info, - const char *attr, char **val); - -/* ldapu_err2string */ -typedef char * (*t_ldapu_err2string) (int err); - -/* ldapu_free */ -typedef void (*t_ldapu_free_old) (char *ptr); -typedef void (*t_ldapu_free) (void *ptr); - -/* ldapu_malloc */ -typedef void *(*t_ldapu_malloc) (int size); - -/* ldapu_strdup */ -typedef char *(*t_ldapu_strdup) (const char *ptr); - - -typedef struct LDAPUDispatchVector LDAPUDispatchVector_t; -struct LDAPUDispatchVector { - t_ldapu_cert_to_ldap_entry f_ldapu_cert_to_ldap_entry; - t_ldapu_set_cert_mapfn f_ldapu_set_cert_mapfn; - t_ldapu_get_cert_mapfn f_ldapu_get_cert_mapfn; - t_ldapu_set_cert_searchfn f_ldapu_set_cert_searchfn; - t_ldapu_get_cert_searchfn f_ldapu_get_cert_searchfn; - t_ldapu_set_cert_verifyfn f_ldapu_set_cert_verifyfn; - t_ldapu_get_cert_verifyfn f_ldapu_get_cert_verifyfn; - t_ldapu_get_cert_subject_dn f_ldapu_get_cert_subject_dn; - t_ldapu_get_cert_issuer_dn f_ldapu_get_cert_issuer_dn; - t_ldapu_get_cert_ava_val f_ldapu_get_cert_ava_val; - t_ldapu_free_cert_ava_val f_ldapu_free_cert_ava_val; - t_ldapu_get_cert_der f_ldapu_get_cert_der; - t_ldapu_issuer_certinfo f_ldapu_issuer_certinfo; - t_ldapu_certmap_info_attrval f_ldapu_certmap_info_attrval; - t_ldapu_err2string f_ldapu_err2string; - t_ldapu_free_old f_ldapu_free_old; - t_ldapu_malloc f_ldapu_malloc; - t_ldapu_strdup f_ldapu_strdup; - t_ldapu_free f_ldapu_free; -}; - - -#ifdef INTLDAPU -NSAPI_PUBLIC extern LDAPUDispatchVector_t *__ldapu_table; -#else -typedef int (*CertMapDLLInitFn_t)(LDAPUDispatchVector_t **table); - -NSAPI_PUBLIC extern int CertMapDLLInitFn(LDAPUDispatchVector_t **table); - -extern LDAPUDispatchVector_t *__ldapu_table; - -#define CertmapDLLInit(rv, libname) -#define CertmapDLLInitFnTbl - - -#endif /* INTLDAPU */ - -#ifndef INTLDAPU - -/* - * ldapu_cert_to_ldap_entry - - * This function is called to map a cert to an ldap entry. It extracts the - * cert issuer information from the given cert. The mapping function set for - * the issuer (if any) or the default mapping function is called to map the - * subject DN from the cert to a candidate ldap DN and filter for ldap - * search. If the mapped ldap DN is NULL, the 'basedn' passed into this - * function is used as a starting place for the search. If the mapped filter - * is NULL, "objectclass=*" is used as a filter. A base level search is - * performed to see if the candidate DN exists in the LDAP database matching - * the filter. If there is no match, a scoped search (sub-tree search) is - * performed. If at least one entry matched the mapped DN and filter, the - * result is passed to the appropriate verify function. The verify function - * is called only if 'VerifyCert' parameter has been set for the cert issuer - * in the certmap.conf file. - * If the verify function succeeds, it must return the pointer to the matched - * 'entry'. If at the end, there is only one matching entry, the mapping is - * successful. - * Parameters: - * cert - cert to be mapped. You can pass this to - * functions ldapu_get_cert_XYZ. - * ld - Handle to the connection to the directory server. - * suffix - If the subject dn is mapped to empty LDAP DN then use this - * DN to begin the search. This is the DN of the root object - * in LDAP Directory. - * res - cert is first mapped to ldapdn and filter. 'res' is the - * result of ldap search using the ldapdn and filter. - * 'ld' and 'res' can be used in the calls to ldapsdk API. - * When done with 'res', free it using ldap_msgfree(res) - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_cert_to_ldap_entry (*__ldapu_table->f_ldapu_cert_to_ldap_entry) - -/* - * ldapu_set_cert_mapfn - - * This function can be used to set the cert mapping function for the given - * issuer (CA). If the mapping information doesn't exist for the given - * issuer then a new one will be created and the mapping function will be - * set. When creating the new mapping information, the default mapping - * information is copied. - * Parameters: - * issuerDN - DN of the cert issuer. This mapping function will be used - * for all certs issued by this issuer. If the issuerDN is - * NULL, the given 'mapfn' becomes the default mapping - * function (which is used when no mapping function has been - * set for the cert's issuer). - * mapfn - the mapping function. Look at the desciption of - * CertMapFn_t to find out more about the mapping functions. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_set_cert_mapfn (*__ldapu_table->f_ldapu_set_cert_mapfn) - - -/* - * ldapu_get_cert_mapfn - - * This function can be used to get the cert mapping function for the given - * issuer (CA). This will always return a non-NULL function. - * Parameters: - * issuerDN - DN of the cert issuer for which the mapping function is to - * be retrieved. If this is NULL, default mapping function - * is returned. - * - * Return Value: - * The mapping function set for the issuer is returned. If the issuerDN is - * NULL or if no specific mapping function has been set for the issuer, the - * default mapping function is returned. - */ -#define ldapu_get_cert_mapfn (*__ldapu_table->f_ldapu_get_cert_mapfn) - -/* - * ldapu_set_cert_searchfn - - * This function can be used to set the cert search function for the given - * issuer (CA). - * Parameters: - * issuerDN - DN of the cert issuer. This search function will be used - * for all certs issued by this issuer. If the issuerDN is - * NULL, the given 'searchfn' becomes the default search - * function (which is used when no search function has been - * set for the cert's issuer). - * searchfn - the search function. Look at the desciption of - * CertSearchFn_t to find out more about the search functions. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_set_cert_searchfn (*__ldapu_table->f_ldapu_set_cert_searchfn) - - -/* - * ldapu_get_cert_searchfn - - * This function can be used to get the cert search function for the given - * issuer (CA). This will always return a non-NULL function. - * Parameters: - * issuerDN - DN of the cert issuer for which the search function is to - * be retrieved. If this is NULL, the default search - * function is returned. - * - * Return Value: - * The search function set for the issuer is returned. If the issuerDN is - * NULL or if no specific search function has been set for the issuer, the - * default search function is returned. - */ -#define ldapu_get_cert_searchfn (*__ldapu_table->f_ldapu_get_cert_searchfn) - -/* - * ldapu_set_cert_verifyfn - - * This function can be used to set the cert verify function for the given - * issuer (CA). If the mapping information doesn't exist for the given - * issuer then a new one will be created and the verify function will be - * set. When creating the new mapping information, the default mapping - * information is copied. - * Parameters: - * issuerDN - DN of the cert issuer. This verify function will be used - * for all certs issued by this issuer. If the issuerDN is - * NULL, the given 'verifyFn' becomes the default verify - * function (which is used when no verify function has been - * set for the cert's issuer). - * verifyFn - the verify function. Look at the desciption of - * CertMapFn_t to find out more about the verify functions. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_set_cert_verifyfn (*__ldapu_table->f_ldapu_set_cert_verifyfn) - -/* - * ldapu_get_cert_verifyfn - - * This function can be used to get the cert verify function for the given - * issuer (CA). This function can return NULL when there is no applicable - * verify function. - * Parameters: - * issuerDN - DN of the cert issuer for which the verify function is to - * be retrieved. If this is NULL, default verify function - * is returned. - * - * Return Value: - * The verify function set for the issuer is returned. If the issuerDN is - * NULL or if no specific verify function has been set for the issuer, the - * default verify function is returned. This function can return NULL when - * there is no applicable verify function. - */ -#define ldapu_get_cert_verifyfn (*__ldapu_table->f_ldapu_get_cert_verifyfn) - - -/* - * ldapu_get_cert_subject_dn - - * This function can be used to get the subject DN from the cert. Free the - * subjectDN using 'free' after you are done using it. - * Parameters: - * cert - cert from which the DN is to be extracted. - * subjectDN - subjectDN extracted from the cert. Free it using 'free' - * after it is no longer required. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_get_cert_subject_dn (*__ldapu_table->f_ldapu_get_cert_subject_dn) - - -/* - * ldapu_get_cert_issuer_dn - - * This function can be used to get the issuer DN from the cert. Free the - * issuerDN using 'free' after you are done using it. - * Parameters: - * cert - cert from which the DN is to be extracted. - * issuerDN - issuerDN extracted from the cert. Free it using 'free' - * after it is no longer required. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_get_cert_issuer_dn (*__ldapu_table->f_ldapu_get_cert_issuer_dn) - - -/* - * ldapu_get_cert_ava_val - - * This function can be used to get value of the given attribute from either - * the subject DN or the issuer DN from the cert. - * Parameters: - * cert - cert from which the values are to be extracted. - * which_dn - Should be either LDAPU_ISSUER_DN or LDAPU_SUBJECT_DN. - * attr - Should be one of "CN", "OU", "O", "C", "UID", "MAIL", - * "E", "L", and "ST". - * val - An array of attribute values extracted from the cert. - * There could be multiple values. The last entry in the - * array is NULL. You must free this array of strings after - * you are done with it (using the function - * ldapu_free_cert_ava_val). 'val' is initialized to NULL if - * there is an error. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_get_cert_ava_val (*__ldapu_table->f_ldapu_get_cert_ava_val) - - -/* - * ldapu_free_cert_ava_val - - * This function can be used to free the array returned by the - * ldapu_get_cert_ava_val function. - * Parameters: - * val - An array of attribute values returned by - * ldapu_get_cert_ava_val. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_free_cert_ava_val (*__ldapu_table->f_ldapu_free_cert_ava_val) - - -/* - * ldapu_get_cert_der - - * This function can be used to get the original DER encoded cert for the - * given cert. - * Parameters: - * cert - cert from which the original DER is to be extracted. - * derCert - the original DER encoded cert - * len - length of derCert - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_get_cert_der (*__ldapu_table->f_ldapu_get_cert_der) - - -/* - * ldapu_issuer_certinfo - - * This function can be used to get the handle on the internal structure for - * the given issuer. This handle can be passed to ldapu_certmap_info_attrval - * to get configuration attribute values for the issuer. - * Parameters: - * issuerDN - DN of the issuer for whom the handle on internal structure - * is requested. If issuerDN is NULL, the handle to the - * default configuration information is returned. - * certmap_info - This structure contains information about the - * configuration parameters for the cert's issuer (CA). - * This structure can be passed to the function - * ldapu_certmap_info_attrval to get value for a particular - * configuration attribute (or a property). - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - * CAUTION: DON'T FREE THE 'certmap_info' STRUCTURE. - */ -#define ldapu_issuer_certinfo (*__ldapu_table->f_ldapu_issuer_certinfo) - - -/* - * ldapu_certmap_info_attrval - - * This function can be used to get values for the given attribute/property - * from the given certmap_info. You can get handle on the certmap_info by - * calling the ldapu_issuer_certinfo function. Free the 'val' using 'free' - * after it is no longer required. - * Parameters: - * certmap_info - This structure contains information about the - * configuration parameters for the cert's issuer (CA). - * attr - name of the attribute/property for which the value is to - * be returned. The attribute can be one of the attributes - * listed above (LDAPU_ATTR_XYZ). User defined attributes - * can also be used. - * val - Value of the 'attr' from the 'certmap_info'. - * - * Return Value: - * return LDAPU_SUCCESS upon successful completion - * otherwise returns an error code that can be passed to ldapu_err2string. - */ -#define ldapu_certmap_info_attrval (*__ldapu_table->f_ldapu_certmap_info_attrval) - - -/* - * ldapu_err2string - - * This function can be used to print any of the ldaputil or LDAP error - * code. - * Parameters: - * err - error code to be converted to printable string. - * - * Return Value: - * Printable representation of the given error code. - */ -#define ldapu_err2string (*__ldapu_table->f_ldapu_err2string) - -/* - * ldapu_free - - * This function should be used to free the memory allocated by - * ldapu_* functions if the ldapu_* function doesn't have a corresponding - * 'free' function. Use this function for free'ing the memory allocated by - * the following functions: - * ldapu_get_cert_subject_dn - * ldapu_get_cert_issuer_dn - * ldapu_get_cert_der - * ldapu_certmap_info_attrval - * To free memory allocated by ldapu_get_cert_ava_val, use - * ldapu_free_cert_ava_val. Do not free the certmap_info pointer returned by - * ldapu_issuer_certinfo. - * Parameters: - * ptr - pointer returned by ldapu_get_cert_* functions. - */ -#define ldapu_free (*__ldapu_table->f_ldapu_free) - -/* - * ldapu_malloc - - * This function is a cover function for the 'malloc' system call. On NT, it - * is best to alloc & free the memory in the same DLL. - * Parameters: - * size - size of the memory to be allocated - * Return Value: - * same as 'malloc' -- pointer to the allocated memory or NULL on failure. - */ -#define ldapu_malloc (*__ldapu_table->f_ldapu_malloc) - -/* - * ldapu_strdup - - * This function is a cover function for the 'strdup' system call. On NT, it - * is best to alloc & free the memory in the same DLL. - * Parameters: - * ptr - Pointer to the string to be copied - * Return Value: - * same as 'strdup' -- pointer to the copied string or NULL on failure. - */ -#define ldapu_strdup (*__ldapu_table->f_ldapu_strdup) - - -#endif /* !INTLDAPU */ - -#endif /* _PUBLIC_CERTMAP_H */ diff --git a/ldap/servers/slapd/auth.c b/ldap/servers/slapd/auth.c index da1b586..eea6630 100644 --- a/ldap/servers/slapd/auth.c +++ b/ldap/servers/slapd/auth.c @@ -13,7 +13,8 @@ #include <stdlib.h> /* getenv */ #include <string.h> /* memcpy */ -#include <ldaputil/ldaputil.h> /* LDAPU_SUCCESS, ldapu_VTable_set */ +#include <ldaputil/errors.h> /* LDAPU_SUCCESS, ldapu_VTable_set */ +#include <ldaputil/ldaputil.h> /* ldapu_VTable_set */ #include <ldaputil/init.h> /* ldaputil_init */ #include <ldaputil/certmap.h> /* ldapu_cert_to_ldap_entry */ #include <sys/param.h> /* MAXPATHLEN */ diff --git a/lib/ldaputil/init.c b/lib/ldaputil/init.c index 43f37f2..a2ef18d 100644 --- a/lib/ldaputil/init.c +++ b/lib/ldaputil/init.c @@ -131,61 +131,3 @@ NSAPI_PUBLIC int ldaputil_init (const char *config_file, return rv; } -static LDAPUDispatchVector_t __ldapu_vector = { - ldapu_cert_to_ldap_entry, - ldapu_set_cert_mapfn, - ldapu_get_cert_mapfn, - ldapu_set_cert_searchfn, - ldapu_get_cert_searchfn, - ldapu_set_cert_verifyfn, - ldapu_get_cert_verifyfn, - ldapu_get_cert_subject_dn, - ldapu_get_cert_issuer_dn, - ldapu_get_cert_ava_val, - ldapu_free_cert_ava_val, - ldapu_get_cert_der, - ldapu_issuer_certinfo, - ldapu_certmap_info_attrval, - ldapu_err2string, - ldapu_free_old, - ldapu_malloc, - ldapu_strdup, - ldapu_free -}; - -LDAPUDispatchVector_t *__ldapu_table = &__ldapu_vector; - -#if 0 -NSAPI_PUBLIC int CertMapDLLInitFn(LDAPUDispatchVector_t **table) -{ - *table = &__ldapu_vector; -} -#endif - -NSAPI_PUBLIC int CertMapDLLInitFn(LDAPUDispatchVector_t **table) -{ - *table = (LDAPUDispatchVector_t *)slapi_ch_malloc(sizeof(LDAPUDispatchVector_t)); - - if (!*table) return LDAPU_ERR_OUT_OF_MEMORY; - - (*table)->f_ldapu_cert_to_ldap_entry = ldapu_cert_to_ldap_entry; - (*table)->f_ldapu_set_cert_mapfn = ldapu_set_cert_mapfn; - (*table)->f_ldapu_get_cert_mapfn = ldapu_get_cert_mapfn; - (*table)->f_ldapu_set_cert_searchfn = ldapu_set_cert_searchfn; - (*table)->f_ldapu_get_cert_searchfn = ldapu_get_cert_searchfn; - (*table)->f_ldapu_set_cert_verifyfn = ldapu_set_cert_verifyfn; - (*table)->f_ldapu_get_cert_verifyfn = ldapu_get_cert_verifyfn; - (*table)->f_ldapu_get_cert_subject_dn = ldapu_get_cert_subject_dn; - (*table)->f_ldapu_get_cert_issuer_dn = ldapu_get_cert_issuer_dn; - (*table)->f_ldapu_get_cert_ava_val = ldapu_get_cert_ava_val; - (*table)->f_ldapu_free_cert_ava_val = ldapu_free_cert_ava_val; - (*table)->f_ldapu_get_cert_der = ldapu_get_cert_der; - (*table)->f_ldapu_issuer_certinfo = ldapu_issuer_certinfo; - (*table)->f_ldapu_certmap_info_attrval = ldapu_certmap_info_attrval; - (*table)->f_ldapu_err2string = ldapu_err2string; - (*table)->f_ldapu_free_old = ldapu_free_old; - (*table)->f_ldapu_malloc = ldapu_malloc; - (*table)->f_ldapu_strdup = ldapu_strdup; - (*table)->f_ldapu_free = ldapu_free; - return LDAPU_SUCCESS; -} -- To stop receiving notification emails like this one, please contact the administrator of this repository.