From fdc4c324c4df38e04c858a2f8c2081c872c50ba5 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 5 Nov 2017 18:50:25 -0500
Subject: [mod_authn_ldap] replace use of deprecated funcs

[mod_authn_ldap,mod_vhostdb_ldap]
replace use of deprecated funcs
remove -DLDAP_DEPRECATED
---
 SConstruct             |  1 -
 configure.ac           |  3 +--
 src/CMakeLists.txt     |  1 -
 src/config.h.cmake     |  1 -
 src/meson.build        |  4 +---
 src/mod_authn_ldap.c   | 50 ++++++++++++++++++++++++++++++++++++++------------
 src/mod_vhostdb_ldap.c | 49 ++++++++++++++++++++++++++++++++++++++-----------
 7 files changed, 78 insertions(+), 31 deletions(-)

diff --git a/SConstruct b/SConstruct
index dfb2e496..693fb008 100644
--- a/SConstruct
+++ b/SConstruct
@@ -531,7 +531,6 @@ if 1:
 			fail("Couldn't find lber")
 		autoconf.env.Append(
 			CPPFLAGS = [
-				'-DLDAP_DEPRECATED=1',
 				'-DHAVE_LDAP_H', '-DHAVE_LIBLDAP',
 				'-DHAVE_LBER_H', '-DHAVE_LIBLBER',
 			],
diff --git a/configure.ac b/configure.ac
index de4ce8e5..1f616d13 100644
--- a/configure.ac
+++ b/configure.ac
@@ -362,13 +362,12 @@ AC_ARG_WITH([ldap],
 AC_MSG_RESULT([$WITH_LDAP])
 
 if test "$WITH_LDAP" != no; then
-  AC_CHECK_LIB([ldap], [ldap_bind],
+  AC_CHECK_LIB([ldap], [ldap_sasl_bind_s],
     [AC_CHECK_HEADERS([ldap.h],
       [
         LDAP_LIB=-lldap
         AC_DEFINE([HAVE_LIBLDAP], [1], [libldap])
         AC_DEFINE([HAVE_LDAP_H], [1])
-        AC_DEFINE([LDAP_DEPRECATED], [1], [Using deprecated ldap api])
       ],
       [AC_MSG_ERROR([ldap headers not found, install them or build without --with-ldap])]
     )],
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index a8b327a5..c36de51e 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -451,7 +451,6 @@ if(WITH_LDAP)
 	check_library_exists(ldap ldap_bind "" HAVE_LIBLDAP)
 	check_include_files(lber.h HAVE_LBER_H)
 	check_library_exists(lber ber_printf "" HAVE_LIBLBER)
-	set(LDAP_DEPRECATED 1) # Using deprecated ldap api
 else()
 	unset(HAVE_LDAP_H)
 	unset(HAVE_LIBLDAP)
diff --git a/src/config.h.cmake b/src/config.h.cmake
index bd3da228..4afc0103 100644
--- a/src/config.h.cmake
+++ b/src/config.h.cmake
@@ -64,7 +64,6 @@
 #cmakedefine  HAVE_LIBLDAP
 #cmakedefine  HAVE_LBER_H
 #cmakedefine  HAVE_LIBLBER
-#cmakedefine  LDAP_DEPRECATED 1
 
 /* XML */
 #cmakedefine  HAVE_LIBXML_H
diff --git a/src/meson.build b/src/meson.build
index e10faece..8e084edc 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -297,11 +297,10 @@ libldap = []
 liblber = []
 if get_option('with_ldap')
 	libldap = [ compiler.find_library('ldap') ]
-	if not(compiler.has_function('ldap_bind',
+	if not(compiler.has_function('ldap_sasl_bind_s',
 		args: defs,
 		dependencies: libldap,
 		prefix: '''
-			#define LDAP_DEPRECATED 1
 			#include <ldap.h>
 		'''
 	))
@@ -315,7 +314,6 @@ if get_option('with_ldap')
 	endif
 	conf_data.set('HAVE_LBER_H', true)
 	conf_data.set('HAVE_LIBLBER', true)
-	conf_data.set('LDAP_DEPRECATED', 1, comment: 'Using deprecated ldap api')
 endif
 
 libev = []
diff --git a/src/mod_authn_ldap.c b/src/mod_authn_ldap.c
index d8be4f5f..c2e793d1 100644
--- a/src/mod_authn_ldap.c
+++ b/src/mod_authn_ldap.c
@@ -1,6 +1,5 @@
 #include "first.h"
 
-#define USE_LDAP
 #include <ldap.h>
 
 #include "server.h"
@@ -83,6 +82,39 @@ FREE_FUNC(mod_authn_ldap_free) {
     return HANDLER_GO_ON;
 }
 
+/*(copied from mod_vhostdb_ldap.c)*/
+static void mod_authn_add_scheme (server *srv, buffer *host)
+{
+    if (!buffer_string_is_empty(host)) {
+        /* reformat hostname(s) as LDAP URIs (scheme://host:port) */
+        static const char *schemes[] = {
+          "ldap://", "ldaps://", "ldapi://", "cldap://"
+        };
+        char *b, *e = host->ptr;
+        buffer_string_set_length(srv->tmp_buf, 0);
+        while (*(b = e)) {
+            unsigned int j;
+            while (*b==' '||*b=='\t'||*b=='\r'||*b=='\n'||*b==',') ++b;
+            if (*b == '\0') break;
+            e = b;
+            while (*e!=' '&&*e!='\t'&&*e!='\r'&&*e!='\n'&&*e!=','&&*e!='\0')
+                ++e;
+            if (!buffer_string_is_empty(srv->tmp_buf))
+                buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(","));
+            for (j = 0; j < sizeof(schemes)/sizeof(char *); ++j) {
+                if (0 == strncasecmp(b, schemes[j], strlen(schemes[j]))) {
+                    break;
+                }
+            }
+            if (j == sizeof(schemes)/sizeof(char *))
+                buffer_append_string_len(srv->tmp_buf,
+                                         CONST_STR_LEN("ldap://"));
+            buffer_append_string_len(srv->tmp_buf, b, (size_t)(e - b));
+        }
+        buffer_copy_buffer(host, srv->tmp_buf);
+    }
+}
+
 SETDEFAULTS_FUNC(mod_authn_ldap_set_defaults) {
     plugin_data *p = p_d;
     size_t i;
@@ -144,6 +176,8 @@ config_values_t cv[] = {
                 }
             }
         }
+
+        mod_authn_add_scheme(srv, s->auth_ldap_hostname);
     }
 
     return HANDLER_GO_ON;
@@ -354,10 +388,9 @@ static LDAP * mod_authn_ldap_host_init(server *srv, plugin_config *s) {
 
     if (buffer_string_is_empty(s->auth_ldap_hostname)) return NULL;
 
-    ld = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT);
-    if (NULL == ld) {
-        log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:", "ldap_init():",
-                        strerror(errno));
+    if (LDAP_SUCCESS != ldap_initialize(&ld, s->auth_ldap_hostname->ptr)) {
+        log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:",
+                        "ldap_initialize():", strerror(errno));
         return NULL;
     }
 
@@ -396,7 +429,6 @@ static LDAP * mod_authn_ldap_host_init(server *srv, plugin_config *s) {
 }
 
 static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char *pw) {
-  #if 0
     struct berval creds;
     int ret;
 
@@ -414,12 +446,6 @@ static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char
     if (ret != LDAP_SUCCESS) {
         mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_sasl_bind_s()", ret);
     }
-  #else
-    int ret = ldap_simple_bind_s(ld, dn, pw);
-    if (ret != LDAP_SUCCESS) {
-        mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_simple_bind_s()",ret);
-    }
-  #endif
 
     return ret;
 }
diff --git a/src/mod_vhostdb_ldap.c b/src/mod_vhostdb_ldap.c
index 98f7c072..459d7d60 100644
--- a/src/mod_vhostdb_ldap.c
+++ b/src/mod_vhostdb_ldap.c
@@ -47,6 +47,39 @@ static void mod_vhostdb_dbconf_free (void *vdata)
     free(dbconf);
 }
 
+/*(copied from mod_authn_ldap.c)*/
+static void mod_vhostdb_dbconf_add_scheme (server *srv, buffer *host)
+{
+    if (!buffer_string_is_empty(host)) {
+        /* reformat hostname(s) as LDAP URIs (scheme://host:port) */
+        static const char *schemes[] = {
+          "ldap://", "ldaps://", "ldapi://", "cldap://"
+        };
+        char *b, *e = host->ptr;
+        buffer_string_set_length(srv->tmp_buf, 0);
+        while (*(b = e)) {
+            unsigned int j;
+            while (*b==' '||*b=='\t'||*b=='\r'||*b=='\n'||*b==',') ++b;
+            if (*b == '\0') break;
+            e = b;
+            while (*e!=' '&&*e!='\t'&&*e!='\r'&&*e!='\n'&&*e!=','&&*e!='\0')
+                ++e;
+            if (!buffer_string_is_empty(srv->tmp_buf))
+                buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN(","));
+            for (j = 0; j < sizeof(schemes)/sizeof(char *); ++j) {
+                if (0 == strncasecmp(b, schemes[j], strlen(schemes[j]))) {
+                    break;
+                }
+            }
+            if (j == sizeof(schemes)/sizeof(char *))
+                buffer_append_string_len(srv->tmp_buf,
+                                         CONST_STR_LEN("ldap://"));
+            buffer_append_string_len(srv->tmp_buf, b, (size_t)(e - b));
+        }
+        buffer_copy_buffer(host, srv->tmp_buf);
+    }
+}
+
 static int mod_vhostdb_dbconf_setup (server *srv, array *opts, void **vdata)
 {
     buffer *filter = NULL;
@@ -62,6 +95,7 @@ static int mod_vhostdb_dbconf_setup (server *srv, array *opts, void **vdata)
             } else if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("attr"))) {
                 if (!buffer_string_is_empty(ds->value)) attr   = ds->value->ptr;
             } else if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("host"))) {
+                mod_vhostdb_dbconf_add_scheme(srv, ds->value);
                 host   = ds->value->ptr;
             } else if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("base-dn"))) {
                 if (!buffer_string_is_empty(ds->value)) basedn = ds->value->ptr;
@@ -206,10 +240,10 @@ static LDAP * mod_authn_ldap_host_init(server *srv, vhostdb_config *s) {
     LDAP *ld;
     int ret;
 
-    ld = ldap_init(s->host, LDAP_PORT);
-    if (NULL == ld) {
-        log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:", "ldap_init():",
-                        strerror(errno));
+    ret = ldap_initialize(&ld, s->host);
+    if (LDAP_SUCCESS != ret) {
+        log_error_write(srv, __FILE__, __LINE__, "sss", "ldap:",
+                        "ldap_initialize():", strerror(errno));
         return NULL;
     }
 
@@ -247,7 +281,6 @@ static LDAP * mod_authn_ldap_host_init(server *srv, vhostdb_config *s) {
 }
 
 static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char *pw) {
-  #if 0
     struct berval creds;
     int ret;
 
@@ -265,12 +298,6 @@ static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char
     if (ret != LDAP_SUCCESS) {
         mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_sasl_bind_s()", ret);
     }
-  #else
-    int ret = ldap_simple_bind_s(ld, dn, pw);
-    if (ret != LDAP_SUCCESS) {
-        mod_authn_ldap_err(srv, __FILE__, __LINE__, "ldap_simple_bind_s()",ret);
-    }
-  #endif
 
     return ret;
 }
-- 
cgit v1.2.1