security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: Remove cruft from dirmngr_ldap

Browse source 
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff.  Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--

Note that the ldap_sslinit stuff for Windows has not been tested.

This patch removes the whole wrapper-but-linked business because we do
not need it anymore.  WindowsCE for which we used it is pretty dead.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-11-11 20:49:04 +01:00
parent dd18be979e
commit 4c295646ba
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
6 changed files with 58 additions and 708 deletions
Download patch file Download diff file Expand all files Collapse all files

128
dirmngr/dirmngr_ldap.c
View file

@ -31,9 +31,6 @@
#include <errno.h>
#include <sys/time.h>
#include <unistd.h>
#ifndef USE_LDAPWRAPPER
# include <npth.h>
#endif
#ifdef HAVE_W32_SYSTEM
# include <winsock2.h>
@ -59,43 +56,12 @@
#include "../common/util.h"
#include "../common/init.h"
/* With the ldap wrapper, there is no need for the npth_unprotect and leave
functions; thus we redefine them to nops. If we are not using the
ldap wrapper process we need to include the prototype for our
module's main function. */
#ifdef USE_LDAPWRAPPER
/* There is no need for the npth_unprotect and leave functions here;
* thus we redefine them to nops. We keep them in the code just for
* the case we ever want to reuse parts of the code in npth programs. */
static void npth_unprotect (void) { }
static void npth_protect (void) { }
#else
# include "./ldap-wrapper.h"
#endif
#ifdef HAVE_W32CE_SYSTEM
# include "w32-ldap-help.h"
# define my_ldap_init(a,b) \
_dirmngr_ldap_init ((a), (b))
# define my_ldap_simple_bind_s(a,b,c) \
_dirmngr_ldap_simple_bind_s ((a),(b),(c))
# define my_ldap_search_st(a,b,c,d,e,f,g,h) \
_dirmngr_ldap_search_st ((a), (b), (c), (d), (e), (f), (g), (h))
# define my_ldap_first_attribute(a,b,c) \
_dirmngr_ldap_first_attribute ((a),(b),(c))
# define my_ldap_next_attribute(a,b,c) \
_dirmngr_ldap_next_attribute ((a),(b),(c))
# define my_ldap_get_values_len(a,b,c) \
_dirmngr_ldap_get_values_len ((a),(b),(c))
# define my_ldap_free_attr(a) \
xfree ((a))
#else
# define my_ldap_init(a,b) ldap_init ((a), (b))
# define my_ldap_simple_bind_s(a,b,c) ldap_simple_bind_s ((a), (b), (c))
# define my_ldap_search_st(a,b,c,d,e,f,g,h) \
ldap_search_st ((a), (b), (c), (d), (e), (f), (g), (h))
# define my_ldap_first_attribute(a,b,c) ldap_first_attribute ((a),(b),(c))
# define my_ldap_next_attribute(a,b,c) ldap_next_attribute ((a),(b),(c))
# define my_ldap_get_values_len(a,b,c) ldap_get_values_len ((a),(b),(c))
# define my_ldap_free_attr(a) ldap_memfree ((a))
#endif
#ifdef HAVE_W32_SYSTEM
typedef LDAP_TIMEVAL my_ldap_timeval_t;
@ -192,7 +158,6 @@ static int process_url (my_opt_t myopt, const char *url);
/* Function called by argparse.c to display information. */
#ifdef USE_LDAPWRAPPER
static const char *
my_strusage (int level)
{
@ -220,19 +185,11 @@ my_strusage (int level)
}
return p;
}
#endif /*!USE_LDAPWRAPPER*/
int
#ifdef USE_LDAPWRAPPER
main (int argc, char **argv)
#else
ldap_wrapper_main (char **argv, estream_t outstream)
#endif
{
#ifndef USE_LDAPWRAPPER
int argc;
#endif
ARGPARSE_ARGS pargs;
int any_err = 0;
char *p;
@ -245,7 +202,6 @@ ldap_wrapper_main (char **argv, estream_t outstream)
early_system_init ();
#ifdef USE_LDAPWRAPPER
set_strusage (my_strusage);
log_set_prefix ("dirmngr_ldap", GPGRT_LOG_WITH_PREFIX);
@ -256,11 +212,6 @@ ldap_wrapper_main (char **argv, estream_t outstream)
es_set_binary (es_stdout);
myopt->outstream = es_stdout;
#else /*!USE_LDAPWRAPPER*/
myopt->outstream = outstream;
for (argc=0; argv[argc]; argc++)
;
#endif /*!USE_LDAPWRAPPER*/
/* LDAP defaults */
myopt->timeout.tv_sec = DEFAULT_LDAP_TIMEOUT;
@ -305,11 +256,7 @@ ldap_wrapper_main (char **argv, estream_t outstream)
break;
default :
#ifdef USE_LDAPWRAPPER
pargs.err = ARGPARSE_PRINT_ERROR;
#else
pargs.err = ARGPARSE_PRINT_WARNING; /* No exit() please. */
#endif
break;
}
}
@ -339,17 +286,11 @@ ldap_wrapper_main (char **argv, estream_t outstream)
if (myopt->port < 0 || myopt->port > 65535)
log_error (_("invalid port number %d\n"), myopt->port);
#ifdef USE_LDAPWRAPPER
if (log_get_errorcount (0))
exit (2);
if (argc < 1)
usage (1);
#else
/* All passed arguments should be fine in this case. */
log_assert (argc);
#endif
#ifdef USE_LDAPWRAPPER
if (myopt->alarm_timeout)
{
#ifndef HAVE_W32_SYSTEM
@ -366,7 +307,6 @@ ldap_wrapper_main (char **argv, estream_t outstream)
log_fatal ("unable to register timeout handler\n");
#endif
}
#endif /*USE_LDAPWRAPPER*/
for (; argc; argc--, argv++)
if (process_url (myopt, *argv))
@ -467,10 +407,10 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
}
for (npth_unprotect (), attr = my_ldap_first_attribute (ld, item, &berctx),
for (npth_unprotect (), attr = ldap_first_attribute (ld, item, &berctx),
npth_protect ();
attr;
npth_unprotect (), attr = my_ldap_next_attribute (ld, item, berctx),
npth_unprotect (), attr = ldap_next_attribute (ld, item, berctx),
npth_protect ())
{
struct berval **values;
@ -503,20 +443,20 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
*cp2 = ';';
if (cmpres)
{
my_ldap_free_attr (attr);
ldap_memfree (attr);
continue; /* Not found: Try next attribute. */
}
}
npth_unprotect ();
values = my_ldap_get_values_len (ld, item, attr);
values = ldap_get_values_len (ld, item, attr);
npth_protect ();
if (!values)
{
if (myopt->verbose)
log_info (_("attribute '%s' not found\n"), attr);
my_ldap_free_attr (attr);
ldap_memfree (attr);
continue;
}
@ -546,7 +486,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
log_error (_("error writing to stdout: %s\n"),
strerror (errno));
ldap_value_free_len (values);
my_ldap_free_attr (attr);
ldap_memfree (attr);
ber_free (berctx, 0);
return -1;
}
@ -570,7 +510,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
log_error (_("error writing to stdout: %s\n"),
strerror (errno));
ldap_value_free_len (values);
my_ldap_free_attr (attr);
ldap_memfree (attr);
ber_free (berctx, 0);
return -1;
}
@ -582,7 +522,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
log_error (_("error writing to stdout: %s\n"),
strerror (errno));
ldap_value_free_len (values);
my_ldap_free_attr (attr);
ldap_memfree (attr);
ber_free (berctx, 0);
return -1;
}
@ -592,7 +532,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
break; /* Print only the first value. */
}
ldap_value_free_len (values);
my_ldap_free_attr (attr);
ldap_memfree (attr);
if (want_attr || !myopt->multi)
break; /* We only want to return the first attribute. */
}
@ -617,6 +557,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
char *host, *dn, *filter, *attrs[2], *attr;
int port;
int ret;
int usetls;
host = myopt->host? myopt->host : ludp->lud_host;
port = myopt->port? myopt->port : ludp->lud_port;
@ -678,8 +619,24 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
set_timeout (myopt);
if (myopt->force_tls
|| (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps")))
usetls = (myopt->force_tls
|| (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps")));
#if HAVE_W32_SYSTEM
if (1)
{
npth_unprotect ();
ld = ldap_sslinit (host, port, usetls);
npth_protect ();
if (!ld)
{
ret = LdapGetLastError ();
log_error (_("LDAP init to '%s:%d' failed: %s\n"),
host, port, ldap_err2string (ret));
return -1;
}
}
#else /*!W32*/
if (usetls)
{
char *uri;
@ -690,7 +647,9 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
gpg_strerror (gpg_error_from_syserror ()));
return -1;
}
npth_unprotect ();
ret = ldap_initialize (&ld, uri);
npth_protect ();
if (ret)
{
log_error (_("LDAP init to '%s' failed: %s\n"),
@ -708,7 +667,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
* should really consider the supplied scheme and use only
* ldap_initialize. */
npth_unprotect ();
ld = my_ldap_init (host, port);
ld = ldap_init (host, port);
npth_protect ();
if (!ld)
{
@ -717,10 +676,11 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
return -1;
}
}
#endif /*!W32*/
npth_unprotect ();
/* Fixme: Can we use MYOPT->user or is it shared with other theeads?. */
ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass);
ret = ldap_simple_bind_s (ld, myopt->user, myopt->pass);
npth_protect ();
#ifdef LDAP_VERSION3
if (ret == LDAP_PROTOCOL_ERROR)
@ -731,7 +691,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
log_info ("protocol error; retrying bind with v3 protocol\n");
npth_unprotect ();
ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass);
ret = ldap_simple_bind_s (ld, myopt->user, myopt->pass);
npth_protect ();
}
#endif
@ -745,11 +705,11 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
set_timeout (myopt);
npth_unprotect ();
rc = my_ldap_search_st (ld, dn, ludp->lud_scope, filter,
myopt->multi && !myopt->attr && ludp->lud_attrs?
ludp->lud_attrs:attrs,
0,
&myopt->timeout, &msg);
rc = ldap_search_st (ld, dn, ludp->lud_scope, filter,
myopt->multi && !myopt->attr && ludp->lud_attrs?
ludp->lud_attrs:attrs,
0,
&myopt->timeout, &msg);
npth_protect ();
if (rc == LDAP_SIZELIMIT_EXCEEDED && myopt->multi)
{
@ -761,12 +721,8 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
}
else if (rc)
{
#ifdef HAVE_W32CE_SYSTEM
log_error ("searching '%s' failed: %d\n", url, rc);
#else
log_error (_("searching '%s' failed: %s\n"),
url, ldap_err2string (rc));
#endif
if (rc != LDAP_NO_SUCH_OBJECT)
{
/* FIXME: Need deinit (ld)? */