1 /* $OpenLDAP: pkg/ldap/libraries/libldap/init.c,v 1.102.2.5 2008/02/11 23:26:41 kurt Exp $ */ 2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 3 * 4 * Copyright 1998-2008 The OpenLDAP Foundation. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted only as authorized by the OpenLDAP 9 * Public License. 10 * 11 * A copy of this license is available in the file LICENSE in the 12 * top-level directory of the distribution or, alternatively, at 13 * <http://www.OpenLDAP.org/license.html>. 14 */ 15 16 #include "portable.h" 17 18 #include <stdio.h> 19 #include <ac/stdlib.h> 20 21 #include <ac/socket.h> 22 #include <ac/string.h> 23 #include <ac/ctype.h> 24 #include <ac/time.h> 25 26 #ifdef HAVE_LIMITS_H 27 #include <limits.h> 28 #endif 29 30 #include "ldap-int.h" 31 #include "ldap_defaults.h" 32 #include "lutil.h" 33 34 struct ldapoptions ldap_int_global_options = 35 { LDAP_UNINITIALIZED, LDAP_DEBUG_NONE }; 36 37 #define ATTR_NONE 0 38 #define ATTR_BOOL 1 39 #define ATTR_INT 2 40 #define ATTR_KV 3 41 #define ATTR_STRING 4 42 #define ATTR_OPTION 5 43 44 #define ATTR_SASL 6 45 #define ATTR_TLS 7 46 47 #define ATTR_OPT_TV 8 48 #define ATTR_OPT_INT 9 49 50 struct ol_keyvalue { 51 const char * key; 52 int value; 53 }; 54 55 static const struct ol_keyvalue deref_kv[] = { 56 {"never", LDAP_DEREF_NEVER}, 57 {"searching", LDAP_DEREF_SEARCHING}, 58 {"finding", LDAP_DEREF_FINDING}, 59 {"always", LDAP_DEREF_ALWAYS}, 60 {NULL, 0} 61 }; 62 63 static const struct ol_attribute { 64 int useronly; 65 int type; 66 const char * name; 67 const void * data; 68 size_t offset; 69 } attrs[] = { 70 {0, ATTR_OPT_TV, "TIMEOUT", NULL, LDAP_OPT_TIMEOUT}, 71 {0, ATTR_OPT_TV, "NETWORK_TIMEOUT", NULL, LDAP_OPT_NETWORK_TIMEOUT}, 72 {0, ATTR_OPT_INT, "VERSION", NULL, LDAP_OPT_PROTOCOL_VERSION}, 73 {0, ATTR_KV, "DEREF", deref_kv, /* or &deref_kv[0] */ 74 offsetof(struct ldapoptions, ldo_deref)}, 75 {0, ATTR_INT, "SIZELIMIT", NULL, 76 offsetof(struct ldapoptions, ldo_sizelimit)}, 77 {0, ATTR_INT, "TIMELIMIT", NULL, 78 offsetof(struct ldapoptions, ldo_timelimit)}, 79 {1, ATTR_STRING, "BINDDN", NULL, 80 offsetof(struct ldapoptions, ldo_defbinddn)}, 81 {0, ATTR_STRING, "BASE", NULL, 82 offsetof(struct ldapoptions, ldo_defbase)}, 83 {0, ATTR_INT, "PORT", NULL, /* deprecated */ 84 offsetof(struct ldapoptions, ldo_defport)}, 85 {0, ATTR_OPTION, "HOST", NULL, LDAP_OPT_HOST_NAME}, /* deprecated */ 86 {0, ATTR_OPTION, "URI", NULL, LDAP_OPT_URI}, /* replaces HOST/PORT */ 87 {0, ATTR_BOOL, "REFERRALS", NULL, LDAP_BOOL_REFERRALS}, 88 #if 0 89 /* This should only be allowed via ldap_set_option(3) */ 90 {0, ATTR_BOOL, "RESTART", NULL, LDAP_BOOL_RESTART}, 91 #endif 92 93 #ifdef HAVE_CYRUS_SASL 94 {0, ATTR_STRING, "SASL_MECH", NULL, 95 offsetof(struct ldapoptions, ldo_def_sasl_mech)}, 96 {0, ATTR_STRING, "SASL_REALM", NULL, 97 offsetof(struct ldapoptions, ldo_def_sasl_realm)}, 98 {1, ATTR_STRING, "SASL_AUTHCID", NULL, 99 offsetof(struct ldapoptions, ldo_def_sasl_authcid)}, 100 {1, ATTR_STRING, "SASL_AUTHZID", NULL, 101 offsetof(struct ldapoptions, ldo_def_sasl_authzid)}, 102 {0, ATTR_SASL, "SASL_SECPROPS", NULL, LDAP_OPT_X_SASL_SECPROPS}, 103 #endif 104 105 #ifdef HAVE_TLS 106 {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE}, 107 {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE}, 108 {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE}, 109 {0, ATTR_TLS, "TLS_CACERTDIR", NULL, LDAP_OPT_X_TLS_CACERTDIR}, 110 {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT}, 111 {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE}, 112 {0, ATTR_TLS, "TLS_CIPHER_SUITE", NULL, LDAP_OPT_X_TLS_CIPHER_SUITE}, 113 114 #ifdef HAVE_OPENSSL_CRL 115 {0, ATTR_TLS, "TLS_CRLCHECK", NULL, LDAP_OPT_X_TLS_CRLCHECK}, 116 #endif 117 #ifdef HAVE_GNUTLS 118 {0, ATTR_TLS, "TLS_CRL", NULL, LDAP_OPT_X_TLS_CRLFILE}, 119 #endif 120 121 #endif 122 123 {0, ATTR_NONE, NULL, NULL, 0} 124 }; 125 126 #define MAX_LDAP_ATTR_LEN sizeof("TLS_CIPHER_SUITE") 127 #define MAX_LDAP_ENV_PREFIX_LEN 8 128 129 static void openldap_ldap_init_w_conf( 130 const char *file, int userconf ) 131 { 132 char linebuf[ AC_LINE_MAX ]; 133 FILE *fp; 134 int i; 135 char *cmd, *opt; 136 char *start, *end; 137 struct ldapoptions *gopts; 138 139 if ((gopts = LDAP_INT_GLOBAL_OPT()) == NULL) { 140 return; /* Could not allocate mem for global options */ 141 } 142 143 if (file == NULL) { 144 /* no file name */ 145 return; 146 } 147 148 Debug(LDAP_DEBUG_TRACE, "ldap_init: trying %s\n", file, 0, 0); 149 150 fp = fopen(file, "r"); 151 if(fp == NULL) { 152 /* could not open file */ 153 return; 154 } 155 156 Debug(LDAP_DEBUG_TRACE, "ldap_init: using %s\n", file, 0, 0); 157 158 while((start = fgets(linebuf, sizeof(linebuf), fp)) != NULL) { 159 /* skip lines starting with '#' */ 160 if(*start == '#') continue; 161 162 /* trim leading white space */ 163 while((*start != '\0') && isspace((unsigned char) *start)) 164 start++; 165 166 /* anything left? */ 167 if(*start == '\0') continue; 168 169 /* trim trailing white space */ 170 end = &start[strlen(start)-1]; 171 while(isspace((unsigned char)*end)) end--; 172 end[1] = '\0'; 173 174 /* anything left? */ 175 if(*start == '\0') continue; 176 177 178 /* parse the command */ 179 cmd=start; 180 while((*start != '\0') && !isspace((unsigned char)*start)) { 181 start++; 182 } 183 if(*start == '\0') { 184 /* command has no argument */ 185 continue; 186 } 187 188 *start++ = '\0'; 189 190 /* we must have some whitespace to skip */ 191 while(isspace((unsigned char)*start)) start++; 192 opt = start; 193 194 for(i=0; attrs[i].type != ATTR_NONE; i++) { 195 void *p; 196 197 if( !userconf && attrs[i].useronly ) { 198 continue; 199 } 200 201 if(strcasecmp(cmd, attrs[i].name) != 0) { 202 continue; 203 } 204 205 switch(attrs[i].type) { 206 case ATTR_BOOL: 207 if((strcasecmp(opt, "on") == 0) 208 || (strcasecmp(opt, "yes") == 0) 209 || (strcasecmp(opt, "true") == 0)) 210 { 211 LDAP_BOOL_SET(gopts, attrs[i].offset); 212 213 } else { 214 LDAP_BOOL_CLR(gopts, attrs[i].offset); 215 } 216 217 break; 218 219 case ATTR_INT: { 220 char *next; 221 long l; 222 p = &((char *) gopts)[attrs[i].offset]; 223 l = strtol( opt, &next, 10 ); 224 if ( next != opt && next[ 0 ] == '\0' ) { 225 * (int*) p = l; 226 } 227 } break; 228 229 case ATTR_KV: { 230 const struct ol_keyvalue *kv; 231 232 for(kv = attrs[i].data; 233 kv->key != NULL; 234 kv++) { 235 236 if(strcasecmp(opt, kv->key) == 0) { 237 p = &((char *) gopts)[attrs[i].offset]; 238 * (int*) p = kv->value; 239 break; 240 } 241 } 242 } break; 243 244 case ATTR_STRING: 245 p = &((char *) gopts)[attrs[i].offset]; 246 if (* (char**) p != NULL) LDAP_FREE(* (char**) p); 247 * (char**) p = LDAP_STRDUP(opt); 248 break; 249 case ATTR_OPTION: 250 ldap_set_option( NULL, attrs[i].offset, opt ); 251 break; 252 case ATTR_SASL: 253 #ifdef HAVE_CYRUS_SASL 254 ldap_int_sasl_config( gopts, attrs[i].offset, opt ); 255 #endif 256 break; 257 case ATTR_TLS: 258 #ifdef HAVE_TLS 259 ldap_int_tls_config( NULL, attrs[i].offset, opt ); 260 #endif 261 break; 262 case ATTR_OPT_TV: { 263 struct timeval tv; 264 char *next; 265 tv.tv_usec = 0; 266 tv.tv_sec = strtol( opt, &next, 10 ); 267 if ( next != opt && next[ 0 ] == '\0' && tv.tv_sec > 0 ) { 268 (void)ldap_set_option( NULL, attrs[i].offset, (const void *)&tv ); 269 } 270 } break; 271 case ATTR_OPT_INT: { 272 long l; 273 char *next; 274 l = strtol( opt, &next, 10 ); 275 if ( next != opt && next[ 0 ] == '\0' && l > 0 && (long)((int)l) == l ) { 276 int v = (int)l; 277 (void)ldap_set_option( NULL, attrs[i].offset, (const void *)&v ); 278 } 279 } break; 280 } 281 282 break; 283 } 284 } 285 286 fclose(fp); 287 } 288 289 static void openldap_ldap_init_w_sysconf(const char *file) 290 { 291 openldap_ldap_init_w_conf( file, 0 ); 292 } 293 294 static void openldap_ldap_init_w_userconf(const char *file) 295 { 296 char *home; 297 char *path = NULL; 298 299 if (file == NULL) { 300 /* no file name */ 301 return; 302 } 303 304 home = getenv("HOME"); 305 306 if (home != NULL) { 307 Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is %s\n", 308 home, 0, 0); 309 path = LDAP_MALLOC(strlen(home) + strlen(file) + sizeof( LDAP_DIRSEP ".")); 310 } else { 311 Debug(LDAP_DEBUG_TRACE, "ldap_init: HOME env is NULL\n", 312 0, 0, 0); 313 } 314 315 if(home != NULL && path != NULL) { 316 /* we assume UNIX path syntax is used... */ 317 318 /* try ~/file */ 319 sprintf(path, "%s" LDAP_DIRSEP "%s", home, file); 320 openldap_ldap_init_w_conf(path, 1); 321 322 /* try ~/.file */ 323 sprintf(path, "%s" LDAP_DIRSEP ".%s", home, file); 324 openldap_ldap_init_w_conf(path, 1); 325 } 326 327 if(path != NULL) { 328 LDAP_FREE(path); 329 } 330 331 /* try file */ 332 openldap_ldap_init_w_conf(file, 1); 333 } 334 335 static void openldap_ldap_init_w_env( 336 struct ldapoptions *gopts, 337 const char *prefix) 338 { 339 char buf[MAX_LDAP_ATTR_LEN+MAX_LDAP_ENV_PREFIX_LEN]; 340 int len; 341 int i; 342 void *p; 343 char *value; 344 345 if (prefix == NULL) { 346 prefix = LDAP_ENV_PREFIX; 347 } 348 349 strncpy(buf, prefix, MAX_LDAP_ENV_PREFIX_LEN); 350 buf[MAX_LDAP_ENV_PREFIX_LEN] = '\0'; 351 len = strlen(buf); 352 353 for(i=0; attrs[i].type != ATTR_NONE; i++) { 354 strcpy(&buf[len], attrs[i].name); 355 value = getenv(buf); 356 357 if(value == NULL) { 358 continue; 359 } 360 361 switch(attrs[i].type) { 362 case ATTR_BOOL: 363 if((strcasecmp(value, "on") == 0) 364 || (strcasecmp(value, "yes") == 0) 365 || (strcasecmp(value, "true") == 0)) 366 { 367 LDAP_BOOL_SET(gopts, attrs[i].offset); 368 369 } else { 370 LDAP_BOOL_CLR(gopts, attrs[i].offset); 371 } 372 break; 373 374 case ATTR_INT: 375 p = &((char *) gopts)[attrs[i].offset]; 376 * (int*) p = atoi(value); 377 break; 378 379 case ATTR_KV: { 380 const struct ol_keyvalue *kv; 381 382 for(kv = attrs[i].data; 383 kv->key != NULL; 384 kv++) { 385 386 if(strcasecmp(value, kv->key) == 0) { 387 p = &((char *) gopts)[attrs[i].offset]; 388 * (int*) p = kv->value; 389 break; 390 } 391 } 392 } break; 393 394 case ATTR_STRING: 395 p = &((char *) gopts)[attrs[i].offset]; 396 if (* (char**) p != NULL) LDAP_FREE(* (char**) p); 397 if (*value == '\0') { 398 * (char**) p = NULL; 399 } else { 400 * (char**) p = LDAP_STRDUP(value); 401 } 402 break; 403 case ATTR_OPTION: 404 ldap_set_option( NULL, attrs[i].offset, value ); 405 break; 406 case ATTR_SASL: 407 #ifdef HAVE_CYRUS_SASL 408 ldap_int_sasl_config( gopts, attrs[i].offset, value ); 409 #endif 410 break; 411 case ATTR_TLS: 412 #ifdef HAVE_TLS 413 ldap_int_tls_config( NULL, attrs[i].offset, value ); 414 #endif 415 break; 416 } 417 } 418 } 419 420 #if defined(__GNUC__) 421 /* Declare this function as a destructor so that it will automatically be 422 * invoked either at program exit (if libldap is a static library) or 423 * at unload time (if libldap is a dynamic library). 424 * 425 * Sorry, don't know how to handle this for non-GCC environments. 426 */ 427 static void ldap_int_destroy_global_options(void) 428 __attribute__ ((destructor)); 429 #endif 430 431 static void 432 ldap_int_destroy_global_options(void) 433 { 434 struct ldapoptions *gopts = LDAP_INT_GLOBAL_OPT(); 435 436 if ( gopts == NULL ) 437 return; 438 439 gopts->ldo_valid = LDAP_UNINITIALIZED; 440 441 if ( gopts->ldo_defludp ) { 442 ldap_free_urllist( gopts->ldo_defludp ); 443 gopts->ldo_defludp = NULL; 444 } 445 #if defined(HAVE_WINSOCK) || defined(HAVE_WINSOCK2) 446 WSACleanup( ); 447 #endif 448 449 #if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) 450 if ( ldap_int_hostname ) { 451 LDAP_FREE( ldap_int_hostname ); 452 ldap_int_hostname = NULL; 453 } 454 #endif 455 #ifdef HAVE_CYRUS_SASL 456 if ( gopts->ldo_def_sasl_authcid ) { 457 LDAP_FREE( gopts->ldo_def_sasl_authcid ); 458 gopts->ldo_def_sasl_authcid = NULL; 459 } 460 #endif 461 #ifdef HAVE_TLS 462 ldap_int_tls_destroy( gopts ); 463 #endif 464 } 465 466 /* 467 * Initialize the global options structure with default values. 468 */ 469 void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl ) 470 { 471 if (dbglvl) 472 gopts->ldo_debug = *dbglvl; 473 else 474 gopts->ldo_debug = 0; 475 476 gopts->ldo_version = LDAP_VERSION2; 477 gopts->ldo_deref = LDAP_DEREF_NEVER; 478 gopts->ldo_timelimit = LDAP_NO_LIMIT; 479 gopts->ldo_sizelimit = LDAP_NO_LIMIT; 480 481 gopts->ldo_tm_api.tv_sec = -1; 482 gopts->ldo_tm_net.tv_sec = -1; 483 484 /* ldo_defludp will be freed by the termination handler 485 */ 486 ldap_url_parselist(&gopts->ldo_defludp, "ldap://localhost/"); 487 gopts->ldo_defport = LDAP_PORT; 488 #if !defined(__GNUC__) && !defined(PIC) 489 /* Do this only for a static library, and only if we can't 490 * arrange for it to be executed as a library destructor 491 */ 492 atexit(ldap_int_destroy_global_options); 493 #endif 494 495 gopts->ldo_refhoplimit = LDAP_DEFAULT_REFHOPLIMIT; 496 gopts->ldo_rebind_proc = NULL; 497 gopts->ldo_rebind_params = NULL; 498 499 LDAP_BOOL_ZERO(gopts); 500 501 LDAP_BOOL_SET(gopts, LDAP_BOOL_REFERRALS); 502 503 #ifdef LDAP_CONNECTIONLESS 504 gopts->ldo_peer = NULL; 505 gopts->ldo_cldapdn = NULL; 506 gopts->ldo_is_udp = 0; 507 #endif 508 509 #ifdef HAVE_CYRUS_SASL 510 gopts->ldo_def_sasl_mech = NULL; 511 gopts->ldo_def_sasl_realm = NULL; 512 gopts->ldo_def_sasl_authcid = NULL; 513 gopts->ldo_def_sasl_authzid = NULL; 514 515 memset( &gopts->ldo_sasl_secprops, 516 '\0', sizeof(gopts->ldo_sasl_secprops) ); 517 518 gopts->ldo_sasl_secprops.max_ssf = INT_MAX; 519 gopts->ldo_sasl_secprops.maxbufsize = SASL_MAX_BUFF_SIZE; 520 gopts->ldo_sasl_secprops.security_flags = 521 SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS; 522 #endif 523 524 #ifdef HAVE_TLS 525 gopts->ldo_tls_connect_cb = NULL; 526 gopts->ldo_tls_connect_arg = NULL; 527 gopts->ldo_tls_require_cert = LDAP_OPT_X_TLS_DEMAND; 528 #endif 529 530 gopts->ldo_valid = LDAP_INITIALIZED; 531 return; 532 } 533 534 #if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) 535 char * ldap_int_hostname = NULL; 536 #endif 537 538 void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl ) 539 { 540 if ( gopts->ldo_valid == LDAP_INITIALIZED ) { 541 return; 542 } 543 544 ldap_int_error_init(); 545 546 ldap_int_utils_init(); 547 548 #ifdef HAVE_WINSOCK2 549 { WORD wVersionRequested; 550 WSADATA wsaData; 551 552 wVersionRequested = MAKEWORD( 2, 0 ); 553 if ( WSAStartup( wVersionRequested, &wsaData ) != 0 ) { 554 /* Tell the user that we couldn't find a usable */ 555 /* WinSock DLL. */ 556 return; 557 } 558 559 /* Confirm that the WinSock DLL supports 2.0.*/ 560 /* Note that if the DLL supports versions greater */ 561 /* than 2.0 in addition to 2.0, it will still return */ 562 /* 2.0 in wVersion since that is the version we */ 563 /* requested. */ 564 565 if ( LOBYTE( wsaData.wVersion ) != 2 || 566 HIBYTE( wsaData.wVersion ) != 0 ) 567 { 568 /* Tell the user that we couldn't find a usable */ 569 /* WinSock DLL. */ 570 WSACleanup( ); 571 return; 572 } 573 } /* The WinSock DLL is acceptable. Proceed. */ 574 #elif HAVE_WINSOCK 575 { WSADATA wsaData; 576 if ( WSAStartup( 0x0101, &wsaData ) != 0 ) { 577 return; 578 } 579 } 580 #endif 581 582 #if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) 583 { 584 char *name = ldap_int_hostname; 585 586 ldap_int_hostname = ldap_pvt_get_fqdn( name ); 587 588 if ( name != NULL && name != ldap_int_hostname ) { 589 LDAP_FREE( name ); 590 } 591 } 592 #endif 593 594 #ifndef HAVE_POLL 595 if ( ldap_int_tblsize == 0 ) ldap_int_ip_init(); 596 #endif 597 598 ldap_int_initialize_global_options(gopts, NULL); 599 600 if( getenv("LDAPNOINIT") != NULL ) { 601 return; 602 } 603 604 #ifdef HAVE_CYRUS_SASL 605 { 606 /* set authentication identity to current user name */ 607 char *user = getenv("USER"); 608 609 if( user == NULL ) user = getenv("USERNAME"); 610 if( user == NULL ) user = getenv("LOGNAME"); 611 612 if( user != NULL ) { 613 gopts->ldo_def_sasl_authcid = LDAP_STRDUP( user ); 614 } 615 } 616 #endif 617 618 openldap_ldap_init_w_sysconf(LDAP_CONF_FILE); 619 openldap_ldap_init_w_userconf(LDAP_USERRC_FILE); 620 621 { 622 char *altfile = getenv(LDAP_ENV_PREFIX "CONF"); 623 624 if( altfile != NULL ) { 625 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", 626 LDAP_ENV_PREFIX "CONF", altfile, 0); 627 openldap_ldap_init_w_sysconf( altfile ); 628 } 629 else 630 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", 631 LDAP_ENV_PREFIX "CONF", 0, 0); 632 } 633 634 { 635 char *altfile = getenv(LDAP_ENV_PREFIX "RC"); 636 637 if( altfile != NULL ) { 638 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is %s\n", 639 LDAP_ENV_PREFIX "RC", altfile, 0); 640 openldap_ldap_init_w_userconf( altfile ); 641 } 642 else 643 Debug(LDAP_DEBUG_TRACE, "ldap_init: %s env is NULL\n", 644 LDAP_ENV_PREFIX "RC", 0, 0); 645 } 646 647 openldap_ldap_init_w_env(gopts, NULL); 648 } 649