- Changed 'goto finally' to RETURN(xx)

- Added MYSQL support and tested it.

1 files changed, 25 insertions, 40 deletions

diff --git a/daemon/ldap.c b/daemon/ldap.c
index 1df7651..e3f6a5f 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -296,7 +296,7 @@ static int validate_ldap_password(const ha_request_t* rq, ldap_context_t* ctx, L
     const char* p;
     int type;
     int res = HA_FALSE;
-    int unknown = 0;
+    int foundany = 0;
 
     ASSERT(entry && ld && ctx && clearpw && rq);
 
@@ -310,6 +310,11 @@ static int validate_ldap_password(const ha_request_t* rq, ldap_context_t* ctx, L
             pw = *t;
             type = parse_ldap_password(&pw);
 
+            if(type != LDAP_PW_UNKNOWN)
+                foundany = 1;
+            else
+                continue;
+
             switch(type)
             {
             case LDAP_PW_CLEAR:
@@ -323,7 +328,7 @@ static int validate_ldap_password(const ha_request_t* rq, ldap_context_t* ctx, L
             case LDAP_PW_CRYPT:
                 /* Not sure if crypt is thread safe */
                 ha_lock(NULL);
-                    p = crypt(clearpw, pw);
+                    p = (const char*)crypt(clearpw, pw);
                 ha_unlock(NULL);
                 break;
 
@@ -331,10 +336,6 @@ static int validate_ldap_password(const ha_request_t* rq, ldap_context_t* ctx, L
                 p = make_password_sha(rq->buf, clearpw);
                 break;
 
-            case LDAP_PW_UNKNOWN:
-                unknown = 1;
-                continue;
-
             default:
                 /* Not reached */
                 ASSERT(0);
@@ -357,7 +358,7 @@ static int validate_ldap_password(const ha_request_t* rq, ldap_context_t* ctx, L
         ldap_value_free(pws);
     }
 
-    if(res == HA_FALSE && unknown)
+    if(res == HA_FALSE && !foundany)
         ha_messagex(rq, LOG_ERR, "server does not contain any compatible passwords for user: %s", user);
 
     return res;
@@ -596,7 +597,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
     LDAPMessage* results = NULL;    /* freed in finally */
     LDAPMessage* entry = NULL;      /* no need to free */
     struct berval** ha1s = NULL;    /* freed manually */
-    const char** pws;
+    const char** pws = NULL;        /* freed in finally */
     int ret = HA_FALSE;
     const char* dn = NULL;
     int r;
@@ -606,10 +607,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
 
     ld = get_ldap_connection(rq, ctx);
     if(!ld)
-    {
-        ret = HA_FAILED;
-        goto finally;
-    }
+        RETURN(HA_FAILED);
 
     /*
      * Discover the DN of the user. If there's a DN map string
@@ -621,10 +619,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
         /* The map can have %u and %r to denote user and realm */
         dn = bd_substitute(rq, user, ctx->dnmap);
         if(!dn)
-        {
-            ret = HA_FAILED;
-            goto finally;
-        }
+            RETURN(HA_CRITERROR);
 
         ha_messagex(rq, LOG_INFO, "mapped %s to %s", user, dn);
     }
@@ -632,10 +627,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
     /* Okay now we contact the LDAP server. */
     r = retrieve_user_entry(rq, ctx, ld, user, &dn, &entry, &results);
     if(r != HA_OK)
-    {
-        ret = r;
-        goto finally;
-    }
+        RETURN(r);
 
     /* Figure out the users ha1 */
     if(ctx->ha1_attr)
@@ -662,11 +654,11 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
                 ret = digest_complete_check(dg, rq->buf);
 
                 if(ret != HA_FALSE)
-                    goto finally;
+                    RETURN(ret);
             }
 
             else if(r < 0)
-                goto finally;
+                RETURN(r);
 
             ha1s++;
         }
@@ -691,7 +683,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
             ret = digest_complete_check(dg, rq->buf);
 
             if(ret != HA_FALSE)
-                goto finally;
+                RETURN(ret);
         }
     }
 
@@ -730,10 +722,7 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo
 
     ld = get_ldap_connection(rq, ctx);
     if(!ld)
-    {
-        ret = HA_FAILED;
-        goto finally;
-    }
+        RETURN(HA_FAILED);
 
 
     /*
@@ -746,10 +735,7 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo
         /* The map can have %u and %r to denote user and realm */
         dn = bd_substitute(rq, user, ctx->dnmap);
         if(!dn)
-        {
-            ret = HA_CRITERROR;
-            goto finally;
-        }
+            RETURN(HA_CRITERROR);
 
         ha_messagex(rq, LOG_INFO, "mapped %s to %s", user, dn);
     }
@@ -774,10 +760,7 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo
     {
         r = retrieve_user_entry(rq, ctx, ld, user, &dn, &entry, &results);
         if(r != HA_OK)
-        {
-            ret = r;
-            goto finally;
-        }
+            RETURN(r);
     }
 
 
@@ -790,13 +773,15 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo
         if(r != LDAP_SUCCESS)
         {
             if(r == LDAP_INVALID_CREDENTIALS)
-                ha_messagex(rq, LOG_WARNING, "basic authentication (via bind) failed for user: %s",
-                                user);
-
+            {
+                ha_messagex(rq, LOG_WARNING, "basic authentication (via bind) failed for user: %s", user);
+                RETURN(HA_FALSE);
+            }
             else
+            {
                 report_ldap(rq, "couldn't bind to LDAP server", r);
-
-            goto finally;
+                RETURN(HA_FAILED);
+            }
         }
 
         /* It worked! */