summaryrefslogtreecommitdiff
path: root/daemon/ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemon/ldap.c')
-rw-r--r--daemon/ldap.c74
1 files changed, 62 insertions, 12 deletions
diff --git a/daemon/ldap.c b/daemon/ldap.c
index 59af797..3ed7199 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -123,6 +123,8 @@ static void free_hash_object(void* arg, void* val)
static int report_ldap(const char* msg, int code, ha_response_t* resp)
{
+ ASSERT(code != LDAP_SUCCESS);
+
if(!msg)
msg = "ldap error";
@@ -145,6 +147,8 @@ static digest_record_t* get_cached_digest(ldap_context_t* ctx, unsigned char* no
{
digest_record_t* rec;
+ ASSERT(ctx && nonce);
+
if(ctx->cache_max == 0)
return NULL;
@@ -166,6 +170,8 @@ static int have_cached_basic(ldap_context_t* ctx, unsigned char* key)
{
int ret = 0;
+ ASSERT(ctx && key);
+
ha_lock(NULL);
ret = (hash_get(ctx->cache, key) == BASIC_ESTABLISHED);
@@ -179,6 +185,8 @@ static int save_cached_digest(ldap_context_t* ctx, digest_record_t* rec)
{
int r;
+ ASSERT(ctx && rec);
+
if(ctx->cache_max == 0)
return HA_FALSE;
@@ -204,6 +212,8 @@ static int add_cached_basic(ldap_context_t* ctx, unsigned char* key)
{
int r;
+ ASSERT(ctx && key);
+
if(ctx->cache_max == 0)
return HA_FALSE;
@@ -230,6 +240,8 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf,
{
const char* t;
+ ASSERT(ctx && buf && user && str);
+
/* This starts a new block to join */
ha_bufcpy(buf, "");
@@ -274,6 +286,8 @@ static const char* make_password_md5(ha_buffer_t* buf, const char* clearpw)
md5_ctx_t md5;
unsigned char digest[MD5_LEN];
+ ASSERT(buf && clearpw);
+
md5_init(&md5);
md5_update(&md5, clearpw, strlen(clearpw));
md5_final(digest, &md5);
@@ -286,6 +300,8 @@ static const char* make_password_sha(ha_buffer_t* buf, const char* clearpw)
sha1_ctx_t sha;
unsigned char digest[SHA1_LEN];
+ ASSERT(buf && clearpw);
+
sha1_init(&sha);
sha1_update(&sha, clearpw, strlen(clearpw));
sha1_final(digest, &sha);
@@ -335,6 +351,8 @@ static int parse_ldap_password(const char** password)
static const char* find_cleartext_password(ha_buffer_t* buf, const char** pws)
{
+ ASSERT(buf);
+
for(; pws && *pws; pws++)
{
const char* pw = *pws;
@@ -348,6 +366,8 @@ static const char* find_cleartext_password(ha_buffer_t* buf, const char** pws)
static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha1)
{
+ ASSERT(buf && bv && ha1);
+
/* Raw binary */
if(bv->bv_len == MD5_LEN)
{
@@ -466,6 +486,8 @@ static int validate_ldap_ha1(ldap_context_t* ctx, LDAP* ld, LDAPMessage* entry,
int r, first = 1;
int res = HA_FALSE;
+ ASSERT(ctx && ld && entry && buf && user && clearpw);
+
if(!ctx->ha1_attr)
return HA_FALSE;
@@ -511,6 +533,8 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx)
LDAP* ld;
int i, r;
+ ASSERT(ctx);
+
for(i = 0; i < ctx->ldap_max; i++)
{
/* An open connection in the pool */
@@ -556,6 +580,8 @@ static void save_ldap_connection(ldap_context_t* ctx, LDAP* ld)
{
int i, e;
+ ASSERT(ctx);
+
if(!ld)
return;
@@ -600,6 +626,8 @@ static int retrieve_user_entry(ldap_context_t* ctx, ha_buffer_t* buf, LDAP* ld,
const char* attrs[3];
int r;
+ ASSERT(ctx && buf && ld && user && dn && entry && result);
+
if(ctx->filter)
{
/* Filters can also have %u and %r */
@@ -661,6 +689,8 @@ static int complete_digest_ha1(ldap_context_t* ctx, digest_record_t* rec,
const char* dn;
int r;
+ ASSERT(ctx && rec && buf && user && code);
+
ld = get_ldap_connection(ctx);
if(!ld)
{
@@ -890,6 +920,8 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,
unsigned char nonce[DIGEST_NONCE_LEN];
const char* header;
+ ASSERT(ctx && resp && buf);
+
/* Generate an nonce */
digest_makenonce(nonce, g_ldap_secret, NULL);
@@ -919,6 +951,8 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,
int stale = 0;
int r;
+ ASSERT(ctx && header && method && uri && resp && buf);
+
/* We use this below to send a default response */
resp->code = -1;
@@ -1014,8 +1048,6 @@ finally:
}
-
-
/* -------------------------------------------------------------------------------
* Handler Functions
*/
@@ -1024,6 +1056,8 @@ int ldap_config(ha_context_t* context, const char* name, const char* value)
{
ldap_context_t* ctx = (ldap_context_t*)(context->data);
+ ASSERT(name && value && value[0]);
+
if(strcmp(name, "ldapservers") == 0)
{
ctx->servers = value;
@@ -1139,6 +1173,8 @@ int ldap_inithand(ha_context_t* context)
{
ldap_context_t* ctx = (ldap_context_t*)(context->data);
+ ASSERT(ctx);
+
/* Make sure there are some types of authentication we can do */
if(!(context->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST)))
{
@@ -1155,6 +1191,8 @@ int ldap_inithand(ha_context_t* context)
return HA_ERROR;
}
+ ASSERT(!ctx->cache);
+
/* The cache for digest records and basic */
if(!(ctx->cache = hash_create(MD5_LEN, free_hash_object, NULL)))
{
@@ -1162,6 +1200,9 @@ int ldap_inithand(ha_context_t* context)
return HA_ERROR;
}
+ ASSERT(!ctx->pool);
+ ASSERT(ctx->ldap_max > 0);
+
/*
* Our connection pool. It's the size of our maximum
* amount of pending connections as that's the max
@@ -1187,23 +1228,28 @@ void ldap_destroy(ha_context_t* context)
if(!context)
return;
+ /* Note: We don't need to be thread safe here anymore */
ldap_context_t* ctx = (ldap_context_t*)(context->data);
- /* Note: We don't need to be thread safe here anymore */
- hash_free(ctx->cache);
+ ASSERT(data);
- /* Close any connections we have open */
- for(i = 0; i < ctx->ldap_max; i++)
+ if(ctx->cache)
+ hash_free(ctx->cache);
+
+ if(ctx->pool)
{
- if(ctx->pool[i])
- ldap_unbind_s(ctx->pool[i]);
- }
+ /* Close any connections we have open */
+ for(i = 0; i < ctx->ldap_max; i++)
+ {
+ if(ctx->pool[i])
+ ldap_unbind_s(ctx->pool[i]);
+ }
- /* And free the connection pool */
- free(ctx->pool);
+ /* And free the connection pool */
+ free(ctx->pool);
+ }
}
-
int ldap_process(ha_context_t* context, ha_request_t* req,
ha_response_t* resp, ha_buffer_t* buf)
{
@@ -1212,6 +1258,10 @@ int ldap_process(ha_context_t* context, ha_request_t* req,
const char* header = NULL;
int ret;
+ ASSERT(req && resp && buf);
+ ASSERT(req->args[AUTH_ARG_METHOD]);
+ ASSERT(req->args[AUTH_ARG_URI]);
+
ha_lock(NULL);
/* Purge out stale connection stuff. */