diff -Naur openca-ocspd-1.7.0.orig/src/hash-db.c openca-ocspd-1.7.0.new/src/hash-db.c
--- openca-ocspd-1.7.0.orig/src/hash-db.c 2013-02-20 14:08:37.959103608 +0100
+++ openca-ocspd-1.7.0.new/src/hash-db.c 2013-02-20 16:36:05.511726770 +0100
@@ -127,6 +127,8 @@
LDAP *ld = NULL;
int protocol = -1;
int ret = 0;
+ char * cp = NULL;
+ struct berval bv;
(void) signal( SIGPIPE, SIG_IGN );
@@ -144,11 +146,23 @@
if(ocspd_conf->verbose)
syslog( LOG_INFO, "INFO::Connecting to LDAP (%s)", url->addr );
- if (( ld = ldap_init( url->addr, url->port )) == NULL ) {
- syslog( LOG_ERR, "ERROR::ldap_init failure!");
+ cp = malloc(strlen(url->addr) + 14);
+
+ if (!cp) {
+ syslog( LOG_ERR, "ERROR::No memory for LDAP url");
+ return NULL;
+ }
+
+ sprintf(cp, "ldap://%s:%d", url->addr, url->port);
+
+ if (ldap_initialize(&ld, cp) != LDAP_SUCCESS) {
+ free(cp);
+ syslog( LOG_ERR, "ERROR::ldap_initialize failure!");
return NULL;
}
+ free(cp);
+
if(ocspd_conf->verbose)
syslog( LOG_INFO, "INFO::Connection established (%s)",
url->addr );
@@ -159,13 +173,16 @@
!= LDAP_OPT_SUCCESS ) {
syslog( LOG_ERR, "ERROR::Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
protocol );
- ldap_unbind(ld);
+ ldap_unbind_ext(ld, NULL, NULL);
return(NULL);
}
- if ( (ret = ldap_bind_s( ld, url->usr, url->pwd, LDAP_AUTH_SIMPLE ))
- != LDAP_SUCCESS ) {
- syslog( LOG_ERR, "ERROR::ldap_bind_s failure (%s:%d) [%d]",
+ bv.bv_len = strlen(url->pwd);
+ bv.bv_val = url->pwd;
+
+ if ((ret = ldap_sasl_bind_s(ld, url->usr, LDAP_SASL_SIMPLE, &bv,
+ NULL, NULL, NULL)) != LDAP_SUCCESS) {
+ syslog( LOG_ERR, "ERROR::ldap_sasl_bind_s failure (%s:%d) [%d]",
url->addr, url->port, ret );
return NULL;
}
@@ -199,9 +216,8 @@
}
/* We search for the exact match, so LDAP_SCOPE_BASE is used here */
- if (( rc = ldap_search_s( ld, url->dn, LDAP_SCOPE_BASE,
- filter, attrs, 0, &res )) != LDAP_SUCCESS ) {
-
+ if ((rc = ldap_search_ext_s(ld, url->dn, LDAP_SCOPE_BASE, filter,
+ attrs, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &res)) != LDAP_SUCCESS) {
if ( rc != LDAP_NO_SUCH_OBJECT ) {
syslog( LOG_ERR,
"LDAP: [%s] object not found", url->dn );
@@ -282,7 +298,7 @@
end:
if(res) ldap_msgfree( res );
- if(ld) ldap_unbind( ld );
+ if(ld) ldap_unbind_ext(ld, NULL, NULL);
if( ocspd_conf->verbose )
syslog( LOG_INFO, "INFO::LDAP::Successfully unbinded");
@@ -300,6 +316,7 @@
struct berval **vals = NULL;
LDAPMessage *res = NULL;
BIO *membio = NULL;
+ struct berval bv;
X509_CRL *crl = NULL;
@@ -307,11 +324,14 @@
return NULL;
}
- if ( (ret = ldap_bind_s( ld, url->usr, url->pwd, LDAP_AUTH_SIMPLE ))
- != LDAP_SUCCESS ) {
- syslog( LOG_ERR, "LDAP: ldap_bind_s failure (%s:%d) [%d]",
+ bv.bv_len = strlen(url->pwd);
+ bv.bv_val = url->pwd;
+
+ if ((ret = ldap_sasl_bind_s(ld, url->usr, LDAP_SASL_SIMPLE, &bv,
+ NULL, NULL, NULL)) != LDAP_SUCCESS) {
+ syslog( LOG_ERR, "LDAP: ldap_sasl_bind_s failure (%s:%d) [%d]",
url->addr, url->port, ret );
- // ldap_perror( ld, "ldap_bind" );
+ // ldap_perror( ld, "ldap_sasl_bind_s" );
return NULL;
}
@@ -319,9 +339,8 @@
syslog( LOG_INFO, "INFO::LDAP::Successfully binded (%s)", url->dn);
/* We search for the exact match, so LDAP_SCOPE_BASE is used here */
- if (( rc = ldap_search_s( ld, url->dn, LDAP_SCOPE_BASE,
- filter, attrs, 0, &res )) != LDAP_SUCCESS ) {
-
+ if ((rc = ldap_search_ext_s(ld, url->dn, LDAP_SCOPE_BASE, filter,
+ attrs, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &res)) != LDAP_SUCCESS) {
if ( rc != LDAP_NO_SUCH_OBJECT )
syslog( LOG_ERR, "ERROR::LDAP::[%s] NOT found",
url->dn );
@@ -372,7 +391,7 @@
end:
if(res) ldap_msgfree( res );
- if(ld) ldap_unbind( ld );
+ if(ld) ldap_unbind_ext(ld, NULL, NULL);
if( ocspd_conf->verbose )
syslog( LOG_INFO, "INFO::LDAP::Successfully unbinded" );