[Openvas-commits] r7949 - in trunk/openvas-libraries: . misc

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Jun 7 12:17:08 CEST 2010 

Author: felix
Date: 2010-06-07 12:17:07 +0200 (Mon, 07 Jun 2010)
New Revision: 7949

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/misc/ads_auth.c
   trunk/openvas-libraries/misc/ldap_auth.c
Log:
Adressed openldap deprecation warnings, resolving respective todos.
Resolved code duplicates.

* misc/ads_auth.c (ads_auth_bind): Use ldap_sasl_bind instead of
deprecated ldap_simple_bind.
(ads_authenticate): Use ads_auth_bind instead of binding with duplicate
code.

* misc/ldap_auth.c (ldap_auth_bind): Use ldap_sasl_bind instead of
deprecated ldap_simple_bind.
(ldap_authenticate): Use ldap_auth_bind instead of binding with
duplicate code.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2010-06-07 09:33:09 UTC (rev 7948)
+++ trunk/openvas-libraries/ChangeLog	2010-06-07 10:17:07 UTC (rev 7949)
@@ -1,3 +1,18 @@
+2010-06-07  Felix Wolfsteller <felix.wolfsteller at greenbone.net>
+
+	Adressed openldap deprecation warnings, resolving respective todos.
+	Resolved code duplicates.
+
+	* misc/ads_auth.c (ads_auth_bind): Use ldap_sasl_bind instead of
+	deprecated ldap_simple_bind.
+	(ads_authenticate): Use ads_auth_bind instead of binding with duplicate
+	code.
+
+	* misc/ldap_auth.c (ldap_auth_bind): Use ldap_sasl_bind instead of
+	deprecated ldap_simple_bind.
+	(ldap_authenticate): Use ldap_auth_bind instead of binding with
+	duplicate code.
+
 2010-06-03  Felix Wolfsteller <felix.wolfsteller at greenbone.net>
 
 	* base/openvas_string.c (openvas_string_flatten_string_list): Do not

Modified: trunk/openvas-libraries/misc/ads_auth.c
===================================================================
--- trunk/openvas-libraries/misc/ads_auth.c	2010-06-07 09:33:09 UTC (rev 7948)
+++ trunk/openvas-libraries/misc/ads_auth.c	2010-06-07 10:17:07 UTC (rev 7949)
@@ -257,6 +257,7 @@
   int res         = 0;
   gchar* ldapuri  = NULL;
   gchar* authdn   = NULL;
+  struct berval credential;
 
   if (host == NULL || username == NULL || password == NULL || domain == NULL)
     return NULL;
@@ -304,8 +305,12 @@
 
   authdn = g_strconcat (username, "@", domain, NULL);
 
-  /** @todo deprecated, use ldap_sasl_bind_s */
-  ldap_return = ldap_simple_bind_s (ldap, authdn, password);
+  credential.bv_val = password;
+  credential.bv_len = strlen (password);
+
+  ldap_return = ldap_sasl_bind_s (ldap, authdn, LDAP_SASL_SIMPLE, &credential,
+                                  NULL, NULL, NULL);
+
   if (ldap_return != LDAP_SUCCESS)
     {
       g_warning ("ADS/LDAP authentication failure.");
@@ -530,54 +535,14 @@
     return -1;
 
   LDAP *ldap;
-  int res = 0;
   gchar *authdn = NULL;
-  int ldap_return = 0;
-  int ldapv3 = 3;
-  gchar* ldapuri = g_strconcat ("ldap://", info->ldap_host, NULL);
 
-  res = ldap_initialize (&ldap, ldapuri);
-  g_free (ldapuri);
+  ldap = ads_auth_bind (info->ldap_host, ads_info->domain, username,
+                        password, (info->allow_plaintext == FALSE) ? TRUE : FALSE);
 
-  if (ldap == NULL || res != LDAP_SUCCESS)
-    {
-      g_warning ("Could not open ADS/LDAP connection for authentication.");
-      return -1;
-    }
+  if (ldap == NULL)
+    return -1;
 
-  /* Fail if server doesnt talk LDAPv3 or StartTLS initialization fails. */
-  ldap_return = ldap_set_option (ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapv3);
-  if (ldap_return != LDAP_SUCCESS)
-    {
-      g_warning ("Could not set ldap protocol version to 3: %s.",
-                 ldap_err2string (ldap_return));
-      return -1;
-    }
-
-  ldap_return = ldap_start_tls_s (ldap, NULL, NULL);
-  if (ldap_return != LDAP_SUCCESS)
-    {
-      g_warning ("Could not init LDAP StartTLS: %s.",
-                 ldap_err2string (ldap_return));
-
-      if (info->allow_plaintext == FALSE)
-        return -1;
-    }
-  else
-    g_debug ("LDAP StartTLS initialized.");
-
-  // Create user at domain authentication string.
-  authdn = g_strconcat (username, "@", ads_info->domain, NULL);
-
-  /** @todo deprecated, use ldap_sasl_bind_s */
-  ldap_return = ldap_simple_bind_s (ldap, authdn, password);
-  if (ldap_return != LDAP_SUCCESS)
-    {
-      g_warning ("ADS/LDAP authentication failure.");
-      g_free (authdn);
-      return 1;
-    }
-
   // Get the "real" DN by searching for samAccountName=user .
   char* dn = ads_query_user_dn (ldap, username, ads_info->domain_dc);
 

Modified: trunk/openvas-libraries/misc/ldap_auth.c
===================================================================
--- trunk/openvas-libraries/misc/ldap_auth.c	2010-06-07 09:33:09 UTC (rev 7948)
+++ trunk/openvas-libraries/misc/ldap_auth.c	2010-06-07 10:17:07 UTC (rev 7949)
@@ -201,6 +201,7 @@
   int ldapv3      = 3;
   int res         = 0;
   gchar* ldapuri  = NULL;
+  struct berval credential;
 
   if (host == NULL || userdn == NULL || password == NULL)
     return NULL;
@@ -246,12 +247,14 @@
   else
     g_debug ("LDAP StartTLS initialized.");
 
+  credential.bv_val = password;
+  credential.bv_len = strlen (password);
 
-  /** @todo deprecated, use ldap_sasl_bind_s or bind with METHOD_SIMPLE */
-  ldap_return = ldap_simple_bind_s (ldap, userdn, password);
+  ldap_return = ldap_sasl_bind_s (ldap, userdn, LDAP_SASL_SIMPLE, &credential,
+                                  NULL, NULL, NULL);
   if (ldap_return != LDAP_SUCCESS)
     {
-      g_warning ("LDAP authentication failure.");
+      g_warning ("LDAP authentication failure: %s", ldap_err2string (ldap_return));
       return NULL;
     }
 
@@ -600,54 +603,18 @@
   LDAP *ldap = NULL;
   gchar *dn = NULL;
   int ldap_return = 0;
-  int ldapv3 = 3;
-  int res = 0;
 
   if (info == NULL || username == NULL || password == NULL || !info->ldap_host)
     return -1;
 
-  gchar* ldapuri = g_strconcat ("ldap://", info->ldap_host, NULL);
-  res = ldap_initialize (&ldap, ldapuri);
-  g_free (ldapuri);
-
-
-  if (ldap == NULL || res != LDAP_SUCCESS)
-    {
-      g_warning ("Could not open LDAP connection for authentication.");
-      return -1;
-    }
-
-  /* Fail if server doesnt talk LDAPv3 or StartTLS initialization fails. */
-  ldap_return = ldap_set_option (ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapv3);
-  if (ldap_return != LDAP_SUCCESS)
-    {
-      g_warning ("Could not set ldap protocol version to 3: %s.",
-                 ldap_err2string (ldap_return));
-      return -1;
-    }
-
-  ldap_return = ldap_start_tls_s (ldap, NULL, NULL);
-  if (ldap_return != LDAP_SUCCESS)
-    {
-      g_warning ("Could not init LDAP StartTLS: %s.",
-                 ldap_err2string (ldap_return));
-
-      if (info->allow_plaintext == FALSE)
-        return -1;
-    }
-  else
-    g_debug ("LDAP StartTLS initialized.");
-
   dn = ldap_auth_info_auth_dn (info, username);
 
-  /** @todo deprecated, use ldap_sasl_bind_s or bind with METHOD_SIMPLE */
-  ldap_return = ldap_simple_bind_s (ldap, dn, password);
-  if (ldap_return != LDAP_SUCCESS)
-    {
-      g_warning ("LDAP authentication failure.");
-      return 1;
-    }
+  ldap = ldap_auth_bind (info->ldap_host, dn, password,
+                         !info->allow_plaintext);
 
+  if (ldap == NULL)
+    return -1;
+
   // Get the role.
   role = ldap_auth_query_role (ldap, info, dn);

More information about the Openvas-commits mailing list