|
428
|
1 /* LDAP client interface for XEmacs.
|
|
|
2 Copyright (C) 1998 Free Software Foundation, Inc.
|
|
2367
|
3 Copyright (C) 2004 Ben Wing.
|
|
|
4
|
|
428
|
5
|
|
|
6 This file is part of XEmacs.
|
|
|
7
|
|
|
8 XEmacs is free software; you can redistribute it and/or modify it
|
|
|
9 under the terms of the GNU General Public License as published by the
|
|
|
10 Free Software Foundation; either version 2, or (at your option) any
|
|
|
11 later version.
|
|
|
12
|
|
|
13 XEmacs is distributed in the hope that it will be useful, but WITHOUT
|
|
|
14 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
15 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
16 for more details.
|
|
|
17
|
|
|
18 You should have received a copy of the GNU General Public License
|
|
|
19 along with XEmacs; see the file COPYING. If not, write to
|
|
|
20 the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
|
21 Boston, MA 02111-1307, USA. */
|
|
|
22
|
|
|
23 /* Synched up with: Not in FSF. */
|
|
|
24
|
|
996
|
25 /* Author: Oscar Figueiredo with lots of support from Hrvoje Niksic */
|
|
428
|
26
|
|
|
27 /* This file provides lisp primitives for access to an LDAP library
|
|
|
28 conforming to the API defined in RFC 1823.
|
|
|
29 It has been tested with:
|
|
|
30 - UMich LDAP 3.3 (http://www.umich.edu/~dirsvcs/ldap/)
|
|
996
|
31 - OpenLDAP 1.2 (http://www.openldap.org/)
|
|
|
32 - Netscape's LDAP SDK (http://developer.netscape.com/) */
|
|
|
33
|
|
428
|
34
|
|
996
|
35 #include <config.h>
|
|
|
36 #include "lisp.h"
|
|
|
37 #include "opaque.h"
|
|
|
38 #include "sysdep.h"
|
|
|
39 #include "buffer.h"
|
|
|
40 #include "process.h" /* for report_process_error */
|
|
1632
|
41 #ifdef HAVE_SHLIB
|
|
|
42 # include "emodules.h"
|
|
|
43 #endif
|
|
428
|
44
|
|
996
|
45 #include <errno.h>
|
|
428
|
46
|
|
|
47 #include "eldap.h"
|
|
996
|
48
|
|
|
49 static Fixnum ldap_default_port;
|
|
|
50 static Lisp_Object Vldap_default_base;
|
|
|
51
|
|
|
52 static Lisp_Object Qeldap;
|
|
428
|
53
|
|
996
|
54 /* Needed by the lrecord definition */
|
|
|
55 Lisp_Object Qldapp;
|
|
428
|
56
|
|
996
|
57 /* ldap-open plist keywords */
|
|
|
58 static Lisp_Object Qport, Qauth, Qbinddn, Qpasswd, Qderef, Qtimelimit, Qsizelimit;
|
|
428
|
59 /* Search scope limits */
|
|
|
60 static Lisp_Object Qbase, Qonelevel, Qsubtree;
|
|
|
61 /* Authentication methods */
|
|
996
|
62 static Lisp_Object Qkrbv41, Qkrbv42;
|
|
428
|
63 /* Deref policy */
|
|
|
64 static Lisp_Object Qnever, Qalways, Qfind;
|
|
996
|
65 /* Modification types (Qdelete is defined in general.c) */
|
|
|
66 static Lisp_Object Qadd, Qreplace;
|
|
428
|
67
|
|
996
|
68 �
|
|
|
69 /************************************************************************/
|
|
|
70 /* Utility Functions */
|
|
|
71 /************************************************************************/
|
|
|
72
|
|
2268
|
73 static DECLARE_DOESNT_RETURN (signal_ldap_error (LDAP *, LDAPMessage *, int));
|
|
|
74
|
|
|
75 static DOESNT_RETURN
|
|
2286
|
76 signal_ldap_error (LDAP *ld,
|
|
|
77 #if defined HAVE_LDAP_PARSE_RESULT || defined HAVE_LDAP_RESULT2ERROR
|
|
|
78 LDAPMessage *res,
|
|
|
79 #else
|
|
|
80 LDAPMessage *UNUSED (res),
|
|
|
81 #endif
|
|
|
82 int ldap_err)
|
|
996
|
83 {
|
|
|
84 if (ldap_err <= 0)
|
|
|
85 {
|
|
|
86 #if defined HAVE_LDAP_PARSE_RESULT
|
|
|
87 int err;
|
|
|
88 ldap_err = ldap_parse_result (ld, res,
|
|
|
89 &err,
|
|
|
90 NULL, NULL, NULL, NULL, 0);
|
|
|
91 if (ldap_err == LDAP_SUCCESS)
|
|
|
92 ldap_err = err;
|
|
|
93 #elif defined HAVE_LDAP_GET_LDERRNO
|
|
|
94 ldap_err = ldap_get_lderrno (ld, NULL, NULL);
|
|
|
95 #elif defined HAVE_LDAP_RESULT2ERROR
|
|
|
96 ldap_err = ldap_result2error (ld, res, 0);
|
|
|
97 #else
|
|
|
98 ldap_err = ld->ld_errno;
|
|
|
99 #endif
|
|
|
100 }
|
|
|
101 invalid_operation ("LDAP error",
|
|
2367
|
102 build_ext_string (ldap_err2string (ldap_err), Qnative));
|
|
996
|
103 }
|
|
|
104
|
|
|
105 �
|
|
|
106 /************************************************************************/
|
|
|
107 /* ldap lrecord basic functions */
|
|
|
108 /************************************************************************/
|
|
|
109
|
|
|
110 static Lisp_Object
|
|
|
111 make_ldap (Lisp_LDAP *ldap)
|
|
|
112 {
|
|
|
113 return wrap_ldap (ldap);
|
|
|
114 }
|
|
|
115
|
|
1220
|
116 static const struct memory_description ldap_description [] = {
|
|
996
|
117 { XD_LISP_OBJECT, offsetof (struct Lisp_LDAP, host) },
|
|
|
118 { XD_END }
|
|
|
119 };
|
|
|
120
|
|
|
121 static Lisp_Object
|
|
|
122 mark_ldap (Lisp_Object obj)
|
|
|
123 {
|
|
|
124 return XLDAP (obj)->host;
|
|
|
125 }
|
|
|
126
|
|
|
127 static void
|
|
2286
|
128 print_ldap (Lisp_Object obj, Lisp_Object printcharfun, int UNUSED (escapeflag))
|
|
996
|
129 {
|
|
|
130 Lisp_LDAP *ldap = XLDAP (obj);
|
|
|
131
|
|
|
132 if (print_readably)
|
|
|
133 printing_unreadable_object ("#<ldap %s>", XSTRING_DATA (ldap->host));
|
|
|
134
|
|
|
135 write_fmt_string_lisp (printcharfun, "#<ldap %S", 1, ldap->host);
|
|
|
136 if (!ldap->ld)
|
|
|
137 write_c_string (printcharfun,"(dead) ");
|
|
|
138 write_fmt_string (printcharfun, " 0x%lx>", (long)ldap);
|
|
|
139 }
|
|
|
140
|
|
|
141 static Lisp_LDAP *
|
|
|
142 allocate_ldap (void)
|
|
|
143 {
|
|
2720
|
144 #ifdef MC_ALLOC
|
|
|
145 Lisp_LDAP *ldap = alloc_lrecord_type (Lisp_LDAP, &lrecord_ldap);
|
|
|
146 #else /* not MC_ALLOC */
|
|
996
|
147 Lisp_LDAP *ldap = alloc_lcrecord_type (Lisp_LDAP, &lrecord_ldap);
|
|
2720
|
148 #endif /* not MC_ALLOC */
|
|
996
|
149
|
|
|
150 ldap->ld = NULL;
|
|
|
151 ldap->host = Qnil;
|
|
|
152 return ldap;
|
|
|
153 }
|
|
|
154
|
|
|
155 static void
|
|
|
156 finalize_ldap (void *header, int for_disksave)
|
|
|
157 {
|
|
|
158 Lisp_LDAP *ldap = (Lisp_LDAP *) header;
|
|
|
159
|
|
|
160 if (for_disksave)
|
|
|
161 invalid_operation ("Can't dump an emacs containing LDAP objects",
|
|
|
162 make_ldap (ldap));
|
|
|
163
|
|
|
164 if (ldap->ld)
|
|
|
165 ldap_unbind (ldap->ld);
|
|
|
166 ldap->ld = NULL;
|
|
|
167 }
|
|
|
168
|
|
1220
|
169 DEFINE_LRECORD_IMPLEMENTATION ("ldap", ldap, 0,
|
|
996
|
170 mark_ldap, print_ldap, finalize_ldap,
|
|
|
171 NULL, NULL, ldap_description, Lisp_LDAP);
|
|
|
172
|
|
|
173 �
|
|
|
174 /************************************************************************/
|
|
|
175 /* Basic ldap accessors */
|
|
|
176 /************************************************************************/
|
|
|
177
|
|
|
178 /* ###autoload */
|
|
|
179 DEFUN ("ldapp", Fldapp, 1, 1, 0, /*
|
|
|
180 Return t if OBJECT is a LDAP connection.
|
|
|
181 */
|
|
|
182 (object))
|
|
|
183 {
|
|
|
184 return LDAPP (object) ? Qt : Qnil;
|
|
|
185 }
|
|
|
186
|
|
|
187 DEFUN ("ldap-host", Fldap_host, 1, 1, 0, /*
|
|
|
188 Return the server host of the connection LDAP, as a string.
|
|
|
189 */
|
|
|
190 (ldap))
|
|
|
191 {
|
|
|
192 CHECK_LDAP (ldap);
|
|
|
193 return (XLDAP (ldap))->host;
|
|
|
194 }
|
|
|
195
|
|
|
196 DEFUN ("ldap-live-p", Fldap_live_p, 1, 1, 0, /*
|
|
|
197 Return t if LDAP is an active LDAP connection.
|
|
|
198 */
|
|
|
199 (ldap))
|
|
|
200 {
|
|
|
201 CHECK_LDAP (ldap);
|
|
|
202 return (XLDAP (ldap))->ld ? Qt : Qnil;
|
|
|
203 }
|
|
|
204 �
|
|
|
205 /************************************************************************/
|
|
|
206 /* Opening/Closing a LDAP connection */
|
|
|
207 /************************************************************************/
|
|
|
208
|
|
|
209
|
|
|
210 /* ###autoload */
|
|
|
211 DEFUN ("ldap-open", Fldap_open, 1, 2, 0, /*
|
|
|
212 Open a LDAP connection to HOST.
|
|
|
213 PLIST is a plist containing additional parameters for the connection.
|
|
428
|
214 Valid keys in that list are:
|
|
996
|
215 `port' the TCP port to use for the connection if different from
|
|
|
216 `ldap-default-port'.
|
|
428
|
217 `auth' is the authentication method to use, possible values depend on
|
|
|
218 the LDAP library XEmacs was compiled with: `simple', `krbv41' and `krbv42'.
|
|
|
219 `binddn' is the distinguished name of the user to bind as (in RFC 1779 syntax).
|
|
|
220 `passwd' is the password to use for simple authentication.
|
|
|
221 `deref' is one of the symbols `never', `always', `search' or `find'.
|
|
|
222 `timelimit' is the timeout limit for the connection in seconds.
|
|
|
223 `sizelimit' is the maximum number of matches to return.
|
|
|
224 */
|
|
996
|
225 (host, plist))
|
|
428
|
226 {
|
|
996
|
227 /* This function can GC */
|
|
|
228 Lisp_LDAP *ldap;
|
|
428
|
229 LDAP *ld;
|
|
996
|
230 int ldap_port = 0;
|
|
428
|
231 int ldap_auth = LDAP_AUTH_SIMPLE;
|
|
2367
|
232 Extbyte *ldap_binddn = NULL;
|
|
|
233 Extbyte *ldap_password = NULL;
|
|
428
|
234 int ldap_deref = LDAP_DEREF_NEVER;
|
|
|
235 int ldap_timelimit = 0;
|
|
|
236 int ldap_sizelimit = 0;
|
|
996
|
237 int err;
|
|
428
|
238
|
|
996
|
239 CHECK_STRING (host);
|
|
428
|
240
|
|
996
|
241 {
|
|
|
242 EXTERNAL_PROPERTY_LIST_LOOP_3 (keyword, value, plist)
|
|
|
243 {
|
|
|
244 /* TCP Port */
|
|
|
245 if (EQ (keyword, Qport))
|
|
|
246 {
|
|
|
247 CHECK_INT (value);
|
|
|
248 ldap_port = XINT (value);
|
|
|
249 }
|
|
|
250 /* Authentication method */
|
|
|
251 if (EQ (keyword, Qauth))
|
|
|
252 {
|
|
|
253 if (EQ (value, Qsimple))
|
|
|
254 ldap_auth = LDAP_AUTH_SIMPLE;
|
|
428
|
255 #ifdef LDAP_AUTH_KRBV41
|
|
996
|
256 else if (EQ (value, Qkrbv41))
|
|
|
257 ldap_auth = LDAP_AUTH_KRBV41;
|
|
428
|
258 #endif
|
|
|
259 #ifdef LDAP_AUTH_KRBV42
|
|
996
|
260 else if (EQ (value, Qkrbv42))
|
|
|
261 ldap_auth = LDAP_AUTH_KRBV42;
|
|
428
|
262 #endif
|
|
996
|
263 else
|
|
|
264 invalid_constant ("Invalid authentication method", value);
|
|
|
265 }
|
|
|
266 /* Bind DN */
|
|
|
267 else if (EQ (keyword, Qbinddn))
|
|
|
268 {
|
|
|
269 CHECK_STRING (value);
|
|
|
270 LISP_STRING_TO_EXTERNAL (value, ldap_binddn, Qnative);
|
|
|
271 }
|
|
|
272 /* Password */
|
|
|
273 else if (EQ (keyword, Qpasswd))
|
|
|
274 {
|
|
|
275 CHECK_STRING (value);
|
|
2272
|
276 LISP_STRING_TO_EXTERNAL (value, ldap_password, Qnative);
|
|
996
|
277 }
|
|
|
278 /* Deref */
|
|
|
279 else if (EQ (keyword, Qderef))
|
|
|
280 {
|
|
|
281 if (EQ (value, Qnever))
|
|
|
282 ldap_deref = LDAP_DEREF_NEVER;
|
|
|
283 else if (EQ (value, Qsearch))
|
|
|
284 ldap_deref = LDAP_DEREF_SEARCHING;
|
|
|
285 else if (EQ (value, Qfind))
|
|
|
286 ldap_deref = LDAP_DEREF_FINDING;
|
|
|
287 else if (EQ (value, Qalways))
|
|
|
288 ldap_deref = LDAP_DEREF_ALWAYS;
|
|
|
289 else
|
|
|
290 invalid_constant ("Invalid deref value", value);
|
|
|
291 }
|
|
|
292 /* Timelimit */
|
|
|
293 else if (EQ (keyword, Qtimelimit))
|
|
|
294 {
|
|
|
295 CHECK_INT (value);
|
|
|
296 ldap_timelimit = XINT (value);
|
|
|
297 }
|
|
|
298 /* Sizelimit */
|
|
|
299 else if (EQ (keyword, Qsizelimit))
|
|
|
300 {
|
|
|
301 CHECK_INT (value);
|
|
|
302 ldap_sizelimit = XINT (value);
|
|
|
303 }
|
|
|
304 }
|
|
|
305 }
|
|
|
306
|
|
|
307 if (ldap_port == 0)
|
|
|
308 {
|
|
|
309 ldap_port = ldap_default_port;
|
|
428
|
310 }
|
|
|
311
|
|
996
|
312 /* Connect to the server and bind */
|
|
|
313 slow_down_interrupts ();
|
|
2367
|
314 ld = ldap_open (NEW_LISP_STRING_TO_EXTERNAL (host, Qnative), ldap_port);
|
|
996
|
315 speed_up_interrupts ();
|
|
428
|
316
|
|
996
|
317 if (ld == NULL )
|
|
|
318 report_process_error ("Failed connecting to host", host);
|
|
428
|
319
|
|
996
|
320 #ifdef HAVE_LDAP_SET_OPTION
|
|
|
321 if ((err = ldap_set_option (ld, LDAP_OPT_DEREF,
|
|
|
322 (void *)&ldap_deref)) != LDAP_SUCCESS)
|
|
|
323 signal_ldap_error (ld, NULL, err);
|
|
|
324 if ((err = ldap_set_option (ld, LDAP_OPT_TIMELIMIT,
|
|
|
325 (void *)&ldap_timelimit)) != LDAP_SUCCESS)
|
|
|
326 signal_ldap_error (ld, NULL, err);
|
|
|
327 if ((err = ldap_set_option (ld, LDAP_OPT_SIZELIMIT,
|
|
|
328 (void *)&ldap_sizelimit)) != LDAP_SUCCESS)
|
|
|
329 signal_ldap_error (ld, NULL, err);
|
|
|
330 if ((err = ldap_set_option (ld, LDAP_OPT_REFERRALS,
|
|
|
331 LDAP_OPT_ON)) != LDAP_SUCCESS)
|
|
|
332 signal_ldap_error (ld, NULL, err);
|
|
|
333 if ((err = ldap_set_option (ld, LDAP_OPT_RESTART,
|
|
|
334 LDAP_OPT_ON)) != LDAP_SUCCESS)
|
|
|
335 signal_ldap_error (ld, NULL, err);
|
|
|
336 #else /* not HAVE_LDAP_SET_OPTION */
|
|
428
|
337 ld->ld_deref = ldap_deref;
|
|
|
338 ld->ld_timelimit = ldap_timelimit;
|
|
|
339 ld->ld_sizelimit = ldap_sizelimit;
|
|
|
340 #ifdef LDAP_REFERRALS
|
|
|
341 ld->ld_options = LDAP_OPT_REFERRALS;
|
|
996
|
342 #else /* not LDAP_REFERRALS */
|
|
428
|
343 ld->ld_options = 0;
|
|
996
|
344 #endif /* not LDAP_REFERRALS */
|
|
|
345 /* XEmacs uses interrupts (SIGIO,SIGALRM), LDAP calls need to ignore them */
|
|
|
346 ld->ld_options |= LDAP_OPT_RESTART;
|
|
|
347 #endif /* not HAVE_LDAP_SET_OPTION */
|
|
|
348
|
|
2272
|
349 err = ldap_bind_s (ld, ldap_binddn, ldap_password, ldap_auth);
|
|
996
|
350 if (err != LDAP_SUCCESS)
|
|
|
351 {
|
|
|
352 signal_error (Qprocess_error, "Failed binding to the server",
|
|
2367
|
353 build_ext_string (ldap_err2string (err), Qnative));
|
|
996
|
354 }
|
|
|
355
|
|
|
356 ldap = allocate_ldap ();
|
|
|
357 ldap->ld = ld;
|
|
|
358 ldap->host = host;
|
|
|
359
|
|
|
360 return make_ldap (ldap);
|
|
|
361 }
|
|
|
362
|
|
|
363
|
|
|
364
|
|
|
365 DEFUN ("ldap-close", Fldap_close, 1, 1, 0, /*
|
|
|
366 Close an LDAP connection.
|
|
|
367 */
|
|
|
368 (ldap))
|
|
|
369 {
|
|
|
370 Lisp_LDAP *lldap;
|
|
|
371 CHECK_LIVE_LDAP (ldap);
|
|
|
372 lldap = XLDAP (ldap);
|
|
|
373 ldap_unbind (lldap->ld);
|
|
|
374 lldap->ld = NULL;
|
|
|
375 return Qnil;
|
|
|
376 }
|
|
|
377
|
|
|
378
|
|
|
379 �
|
|
|
380 /************************************************************************/
|
|
|
381 /* Working on a LDAP connection */
|
|
|
382 /************************************************************************/
|
|
|
383 struct ldap_unwind_struct
|
|
|
384 {
|
|
|
385 LDAPMessage *res;
|
|
|
386 struct berval **vals;
|
|
|
387 };
|
|
|
388
|
|
|
389 static Lisp_Object
|
|
|
390 ldap_search_unwind (Lisp_Object unwind_obj)
|
|
|
391 {
|
|
|
392 struct ldap_unwind_struct *unwind =
|
|
|
393 (struct ldap_unwind_struct *) get_opaque_ptr (unwind_obj);
|
|
|
394 if (unwind->res)
|
|
|
395 ldap_msgfree (unwind->res);
|
|
|
396 if (unwind->vals)
|
|
|
397 ldap_value_free_len (unwind->vals);
|
|
|
398 return Qnil;
|
|
|
399 }
|
|
|
400
|
|
|
401 /* The following function is called `ldap-search-basic' instead of */
|
|
|
402 /* plain `ldap-search' to maintain compatibility with the XEmacs 21.1 */
|
|
|
403 /* API where `ldap-search' was the name of the high-level search */
|
|
|
404 /* function */
|
|
428
|
405
|
|
996
|
406 DEFUN ("ldap-search-basic", Fldap_search_basic, 2, 8, 0, /*
|
|
|
407 Perform a search on an open LDAP connection.
|
|
|
408 LDAP is an LDAP connection object created with `ldap-open'.
|
|
|
409 FILTER is a filter string for the search as described in RFC 1558.
|
|
|
410 BASE is the distinguished name at which to start the search.
|
|
|
411 SCOPE is one of the symbols `base', `onelevel' or `subtree' indicating
|
|
|
412 the scope of the search.
|
|
|
413 ATTRS is a list of strings indicating which attributes to retrieve
|
|
|
414 for each matching entry. If nil return all available attributes.
|
|
|
415 If ATTRSONLY is non-nil then only the attributes are retrieved, not
|
|
|
416 the associated values.
|
|
|
417 If WITHDN is non-nil each entry in the result will be prepended with
|
|
|
418 its distinguished name DN.
|
|
|
419 If VERBOSE is non-nil progress messages will be echoed.
|
|
|
420 The function returns a list of matching entries. Each entry is itself
|
|
|
421 an alist of attribute/value pairs optionally preceded by the DN of the
|
|
|
422 entry according to the value of WITHDN.
|
|
|
423 */
|
|
|
424 (ldap, filter, base, scope, attrs, attrsonly, withdn, verbose))
|
|
|
425 {
|
|
|
426 /* This function can GC */
|
|
|
427
|
|
|
428 /* Vars for query */
|
|
|
429 LDAP *ld;
|
|
|
430 LDAPMessage *e;
|
|
|
431 BerElement *ptr;
|
|
2367
|
432 Extbyte *a, *dn;
|
|
996
|
433 int i, rc;
|
|
|
434 int matches;
|
|
|
435 struct ldap_unwind_struct unwind;
|
|
|
436
|
|
|
437 int ldap_scope = LDAP_SCOPE_SUBTREE;
|
|
2367
|
438 Extbyte **ldap_attributes = NULL;
|
|
996
|
439
|
|
|
440 int speccount = specpdl_depth ();
|
|
|
441
|
|
|
442 Lisp_Object list = Qnil;
|
|
|
443 Lisp_Object entry = Qnil;
|
|
|
444 Lisp_Object result = Qnil;
|
|
|
445 struct gcpro gcpro1, gcpro2, gcpro3;
|
|
|
446
|
|
|
447 GCPRO3 (list, entry, result);
|
|
|
448
|
|
|
449 unwind.res = NULL;
|
|
|
450 unwind.vals = NULL;
|
|
|
451
|
|
|
452 /* Do all the parameter checking */
|
|
|
453 CHECK_LIVE_LDAP (ldap);
|
|
|
454 ld = XLDAP (ldap)->ld;
|
|
|
455
|
|
|
456 /* Filter */
|
|
|
457 CHECK_STRING (filter);
|
|
|
458
|
|
|
459 /* Search base */
|
|
|
460 if (NILP (base))
|
|
|
461 {
|
|
|
462 base = Vldap_default_base;
|
|
|
463 }
|
|
|
464 if (!NILP (base))
|
|
|
465 {
|
|
|
466 CHECK_STRING (base);
|
|
|
467 }
|
|
|
468
|
|
|
469 /* Search scope */
|
|
|
470 if (!NILP (scope))
|
|
|
471 {
|
|
|
472 if (EQ (scope, Qbase))
|
|
|
473 ldap_scope = LDAP_SCOPE_BASE;
|
|
|
474 else if (EQ (scope, Qonelevel))
|
|
|
475 ldap_scope = LDAP_SCOPE_ONELEVEL;
|
|
|
476 else if (EQ (scope, Qsubtree))
|
|
|
477 ldap_scope = LDAP_SCOPE_SUBTREE;
|
|
|
478 else
|
|
|
479 invalid_constant ("Invalid scope", scope);
|
|
|
480 }
|
|
|
481
|
|
|
482 /* Attributes to search */
|
|
|
483 if (!NILP (attrs))
|
|
|
484 {
|
|
|
485 CHECK_CONS (attrs);
|
|
|
486 ldap_attributes = alloca_array (char *, 1 + XINT (Flength (attrs)));
|
|
|
487
|
|
|
488 i = 0;
|
|
2367
|
489 {
|
|
|
490 EXTERNAL_LIST_LOOP_2 (current, attrs)
|
|
|
491 {
|
|
|
492 CHECK_STRING (current);
|
|
|
493 LISP_STRING_TO_EXTERNAL (current, ldap_attributes[i], Qnative);
|
|
|
494 ++i;
|
|
|
495 }
|
|
|
496 }
|
|
996
|
497 ldap_attributes[i] = NULL;
|
|
|
498 }
|
|
|
499
|
|
|
500 /* Attributes only ? */
|
|
|
501 CHECK_SYMBOL (attrsonly);
|
|
428
|
502
|
|
|
503 /* Perform the search */
|
|
996
|
504 if (ldap_search (ld,
|
|
2367
|
505 NILP (base) ? "" :
|
|
|
506 NEW_LISP_STRING_TO_EXTERNAL (base, Qnative),
|
|
996
|
507 ldap_scope,
|
|
2367
|
508 NILP (filter) ? "" :
|
|
|
509 NEW_LISP_STRING_TO_EXTERNAL (filter, Qnative),
|
|
996
|
510 ldap_attributes,
|
|
|
511 NILP (attrsonly) ? 0 : 1)
|
|
|
512 == -1)
|
|
428
|
513 {
|
|
996
|
514 signal_ldap_error (ld, NULL, 0);
|
|
428
|
515 }
|
|
|
516
|
|
996
|
517 /* Ensure we don't exit without cleaning up */
|
|
|
518 record_unwind_protect (ldap_search_unwind,
|
|
|
519 make_opaque_ptr (&unwind));
|
|
|
520
|
|
428
|
521 /* Build the results list */
|
|
|
522 matches = 0;
|
|
|
523
|
|
996
|
524 rc = ldap_result (ld, LDAP_RES_ANY, 0, NULL, &unwind.res);
|
|
|
525
|
|
|
526 while (rc == LDAP_RES_SEARCH_ENTRY)
|
|
428
|
527 {
|
|
996
|
528 QUIT;
|
|
428
|
529 matches ++;
|
|
996
|
530 e = ldap_first_entry (ld, unwind.res);
|
|
|
531 /* #### This call to message() is pretty fascist, because it
|
|
|
532 destroys the current echo area contents, even when invoked
|
|
|
533 from Lisp. It should use echo_area_message() instead, and
|
|
|
534 restore the old echo area contents later. */
|
|
|
535 if (! NILP (verbose))
|
|
|
536 message ("Parsing ldap results... %d", matches);
|
|
428
|
537 entry = Qnil;
|
|
996
|
538 /* Get the DN if required */
|
|
|
539 if (! NILP (withdn))
|
|
|
540 {
|
|
|
541 dn = ldap_get_dn (ld, e);
|
|
|
542 if (dn == NULL)
|
|
|
543 signal_ldap_error (ld, e, 0);
|
|
|
544 entry = Fcons (build_ext_string (dn, Qnative), Qnil);
|
|
|
545 }
|
|
2367
|
546 for (a = ldap_first_attribute (ld, e, &ptr);
|
|
428
|
547 a != NULL;
|
|
2367
|
548 a = ldap_next_attribute (ld, e, ptr))
|
|
428
|
549 {
|
|
996
|
550 list = Fcons (build_ext_string (a, Qnative), Qnil);
|
|
|
551 unwind.vals = ldap_get_values_len (ld, e, a);
|
|
|
552 if (unwind.vals != NULL)
|
|
428
|
553 {
|
|
996
|
554 for (i = 0; unwind.vals[i] != NULL; i++)
|
|
428
|
555 {
|
|
996
|
556 list = Fcons (make_ext_string ((Extbyte *) unwind.vals[i]->bv_val,
|
|
|
557 unwind.vals[i]->bv_len,
|
|
|
558 Qnative),
|
|
428
|
559 list);
|
|
|
560 }
|
|
|
561 }
|
|
|
562 entry = Fcons (Fnreverse (list),
|
|
|
563 entry);
|
|
996
|
564 ldap_value_free_len (unwind.vals);
|
|
|
565 unwind.vals = NULL;
|
|
428
|
566 }
|
|
|
567 result = Fcons (Fnreverse (entry),
|
|
|
568 result);
|
|
996
|
569 ldap_msgfree (unwind.res);
|
|
|
570 unwind.res = NULL;
|
|
428
|
571
|
|
996
|
572 rc = ldap_result (ld, LDAP_RES_ANY, 0, NULL, &(unwind.res));
|
|
428
|
573 }
|
|
|
574
|
|
996
|
575 #if defined HAVE_LDAP_PARSE_RESULT
|
|
|
576 {
|
|
|
577 int rc2 = ldap_parse_result (ld, unwind.res,
|
|
|
578 &rc,
|
|
|
579 NULL, NULL, NULL, NULL, 0);
|
|
|
580 if (rc2 != LDAP_SUCCESS)
|
|
|
581 rc = rc2;
|
|
|
582 }
|
|
428
|
583 #else
|
|
996
|
584 if (rc == 0)
|
|
|
585 signal_ldap_error (ld, NULL, LDAP_TIMELIMIT_EXCEEDED);
|
|
|
586
|
|
|
587 if (rc == -1)
|
|
|
588 signal_ldap_error (ld, unwind.res, (unwind.res==NULL) ? ld->ld_errno : 0);
|
|
|
589
|
|
|
590 #if defined HAVE_LDAP_RESULT2ERROR
|
|
|
591 rc = ldap_result2error (ld, unwind.res, 0);
|
|
|
592 #endif
|
|
428
|
593 #endif
|
|
996
|
594
|
|
|
595 if (rc != LDAP_SUCCESS)
|
|
|
596 signal_ldap_error (ld, NULL, rc);
|
|
|
597
|
|
|
598 ldap_msgfree (unwind.res);
|
|
|
599 unwind.res = (LDAPMessage *)NULL;
|
|
|
600
|
|
|
601 /* #### See above for calling message(). */
|
|
|
602 if (! NILP (verbose))
|
|
|
603 message ("Parsing ldap results... done");
|
|
|
604
|
|
|
605 unbind_to (speccount);
|
|
|
606 UNGCPRO;
|
|
|
607 return Fnreverse (result);
|
|
|
608 }
|
|
|
609
|
|
|
610 DEFUN ("ldap-add", Fldap_add, 3, 3, 0, /*
|
|
|
611 Add an entry to an LDAP directory.
|
|
|
612 LDAP is an LDAP connection object created with `ldap-open'.
|
|
|
613 DN is the distinguished name of the entry to add.
|
|
|
614 ENTRY is an entry specification, i.e., a list of cons cells
|
|
|
615 containing attribute/value string pairs.
|
|
|
616 */
|
|
|
617 (ldap, dn, entry))
|
|
|
618 {
|
|
|
619 LDAP *ld;
|
|
|
620 LDAPMod *ldap_mods, **ldap_mods_ptrs;
|
|
|
621 struct berval *bervals;
|
|
|
622 int rc;
|
|
|
623 int i, j;
|
|
|
624 Elemcount len;
|
|
|
625
|
|
|
626 Lisp_Object current = Qnil;
|
|
|
627 Lisp_Object values = Qnil;
|
|
2367
|
628 struct gcpro gcpro1;
|
|
996
|
629
|
|
2367
|
630 GCPRO1 (values);
|
|
996
|
631
|
|
|
632 /* Do all the parameter checking */
|
|
|
633 CHECK_LIVE_LDAP (ldap);
|
|
|
634 ld = XLDAP (ldap)->ld;
|
|
|
635
|
|
|
636 /* Check the DN */
|
|
|
637 CHECK_STRING (dn);
|
|
|
638
|
|
|
639 /* Check the entry */
|
|
|
640 CHECK_CONS (entry);
|
|
|
641 if (NILP (entry))
|
|
|
642 invalid_operation ("Cannot add void entry", entry);
|
|
428
|
643
|
|
996
|
644 /* Build the ldap_mods array */
|
|
|
645 len = (Elemcount) XINT (Flength (entry));
|
|
|
646 ldap_mods = alloca_array (LDAPMod, len);
|
|
|
647 ldap_mods_ptrs = alloca_array (LDAPMod *, 1 + len);
|
|
|
648 i = 0;
|
|
2367
|
649
|
|
|
650 {
|
|
|
651 EXTERNAL_LIST_LOOP_2 (current, entry)
|
|
|
652 {
|
|
|
653 CHECK_CONS (current);
|
|
|
654 CHECK_STRING (XCAR (current));
|
|
|
655 ldap_mods_ptrs[i] = &(ldap_mods[i]);
|
|
|
656 LISP_STRING_TO_EXTERNAL (XCAR (current), ldap_mods[i].mod_type,
|
|
|
657 Qnative);
|
|
|
658 ldap_mods[i].mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
|
|
|
659 values = XCDR (current);
|
|
|
660 if (CONSP (values))
|
|
|
661 {
|
|
|
662 len = (Elemcount) XINT (Flength (values));
|
|
|
663 bervals = alloca_array (struct berval, len);
|
|
|
664 ldap_mods[i].mod_vals.modv_bvals =
|
|
|
665 alloca_array (struct berval *, 1 + len);
|
|
|
666 j = 0;
|
|
|
667 {
|
|
|
668 EXTERNAL_LIST_LOOP_2 (cur2, values)
|
|
|
669 {
|
|
|
670 CHECK_STRING (cur2);
|
|
|
671 ldap_mods[i].mod_vals.modv_bvals[j] = &(bervals[j]);
|
|
|
672 TO_EXTERNAL_FORMAT (LISP_STRING, cur2,
|
|
|
673 ALLOCA, (bervals[j].bv_val,
|
|
|
674 bervals[j].bv_len),
|
|
|
675 Qnative);
|
|
|
676 j++;
|
|
|
677 }
|
|
|
678 }
|
|
|
679 ldap_mods[i].mod_vals.modv_bvals[j] = NULL;
|
|
|
680 }
|
|
|
681 else
|
|
|
682 {
|
|
|
683 CHECK_STRING (values);
|
|
|
684 bervals = alloca_array (struct berval, 1);
|
|
|
685 ldap_mods[i].mod_vals.modv_bvals = alloca_array (struct berval *,
|
|
|
686 2);
|
|
|
687 ldap_mods[i].mod_vals.modv_bvals[0] = &(bervals[0]);
|
|
|
688 TO_EXTERNAL_FORMAT (LISP_STRING, values,
|
|
|
689 ALLOCA, (bervals[0].bv_val,
|
|
|
690 bervals[0].bv_len),
|
|
|
691 Qnative);
|
|
|
692 ldap_mods[i].mod_vals.modv_bvals[1] = NULL;
|
|
|
693 }
|
|
|
694 i++;
|
|
|
695 }
|
|
|
696 }
|
|
996
|
697 ldap_mods_ptrs[i] = NULL;
|
|
2367
|
698 rc = ldap_add_s (ld, NEW_LISP_STRING_TO_EXTERNAL (dn, Qnative),
|
|
|
699 ldap_mods_ptrs);
|
|
996
|
700 if (rc != LDAP_SUCCESS)
|
|
|
701 signal_ldap_error (ld, NULL, rc);
|
|
428
|
702
|
|
|
703 UNGCPRO;
|
|
996
|
704 return Qnil;
|
|
|
705 }
|
|
|
706
|
|
|
707 DEFUN ("ldap-modify", Fldap_modify, 3, 3, 0, /*
|
|
|
708 Add an entry to an LDAP directory.
|
|
|
709 LDAP is an LDAP connection object created with `ldap-open'.
|
|
|
710 DN is the distinguished name of the entry to modify.
|
|
|
711 MODS is a list of modifications to apply.
|
|
|
712 A modification is a list of the form (MOD-OP ATTR VALUE1 VALUE2 ...)
|
|
|
713 MOD-OP and ATTR are mandatory, VALUEs are optional depending on MOD-OP.
|
|
|
714 MOD-OP is the type of modification, one of the symbols `add', `delete'
|
|
|
715 or `replace'. ATTR is the LDAP attribute type to modify.
|
|
|
716 */
|
|
|
717 (ldap, dn, mods))
|
|
|
718 {
|
|
|
719 LDAP *ld;
|
|
|
720 LDAPMod *ldap_mods, **ldap_mods_ptrs;
|
|
|
721 struct berval *bervals;
|
|
|
722 int i, j, rc;
|
|
|
723 Lisp_Object mod_op;
|
|
|
724 Elemcount len;
|
|
|
725
|
|
|
726 Lisp_Object values = Qnil;
|
|
|
727 struct gcpro gcpro1, gcpro2;
|
|
|
728
|
|
|
729 /* Do all the parameter checking */
|
|
|
730 CHECK_LIVE_LDAP (ldap);
|
|
|
731 ld = XLDAP (ldap)->ld;
|
|
|
732
|
|
|
733 /* Check the DN */
|
|
|
734 CHECK_STRING (dn);
|
|
|
735
|
|
|
736 /* Check the entry */
|
|
|
737 CHECK_CONS (mods);
|
|
|
738 if (NILP (mods))
|
|
|
739 return Qnil;
|
|
|
740
|
|
|
741 /* Build the ldap_mods array */
|
|
|
742 len = (Elemcount) XINT (Flength (mods));
|
|
|
743 ldap_mods = alloca_array (LDAPMod, len);
|
|
|
744 ldap_mods_ptrs = alloca_array (LDAPMod *, 1 + len);
|
|
|
745 i = 0;
|
|
|
746
|
|
2367
|
747 GCPRO1 (values);
|
|
|
748 {
|
|
|
749 EXTERNAL_LIST_LOOP_2 (current, mods)
|
|
|
750 {
|
|
|
751 CHECK_CONS (current);
|
|
|
752 CHECK_SYMBOL (XCAR (current));
|
|
|
753 mod_op = XCAR (current);
|
|
|
754 ldap_mods_ptrs[i] = &(ldap_mods[i]);
|
|
|
755 ldap_mods[i].mod_op = LDAP_MOD_BVALUES;
|
|
|
756 if (EQ (mod_op, Qadd))
|
|
|
757 ldap_mods[i].mod_op |= LDAP_MOD_ADD;
|
|
|
758 else if (EQ (mod_op, Qdelete))
|
|
|
759 ldap_mods[i].mod_op |= LDAP_MOD_DELETE;
|
|
|
760 else if (EQ (mod_op, Qreplace))
|
|
|
761 ldap_mods[i].mod_op |= LDAP_MOD_REPLACE;
|
|
|
762 else
|
|
|
763 invalid_constant ("Invalid LDAP modification type", mod_op);
|
|
|
764 current = XCDR (current);
|
|
|
765 CHECK_STRING (XCAR (current));
|
|
|
766 LISP_STRING_TO_EXTERNAL (XCAR (current), ldap_mods[i].mod_type,
|
|
|
767 Qnative);
|
|
|
768 values = XCDR (current);
|
|
|
769 len = (Elemcount) XINT (Flength (values));
|
|
|
770 bervals = alloca_array (struct berval, len);
|
|
|
771 ldap_mods[i].mod_vals.modv_bvals =
|
|
|
772 alloca_array (struct berval *, 1 + len);
|
|
|
773 j = 0;
|
|
2387
|
774 {
|
|
|
775 EXTERNAL_LIST_LOOP_2 (cur2, values)
|
|
|
776 {
|
|
|
777 CHECK_STRING (cur2);
|
|
|
778 ldap_mods[i].mod_vals.modv_bvals[j] = &(bervals[j]);
|
|
|
779 TO_EXTERNAL_FORMAT (LISP_STRING, cur2,
|
|
|
780 ALLOCA, (bervals[j].bv_val,
|
|
|
781 bervals[j].bv_len),
|
|
|
782 Qnative);
|
|
|
783 j++;
|
|
|
784 }
|
|
|
785 ldap_mods[i].mod_vals.modv_bvals[j] = NULL;
|
|
|
786 i++;
|
|
|
787 }
|
|
2367
|
788 }
|
|
|
789 }
|
|
996
|
790 ldap_mods_ptrs[i] = NULL;
|
|
2367
|
791 rc = ldap_modify_s (ld, NEW_LISP_STRING_TO_EXTERNAL (dn, Qnative),
|
|
|
792 ldap_mods_ptrs);
|
|
996
|
793 if (rc != LDAP_SUCCESS)
|
|
|
794 signal_ldap_error (ld, NULL, rc);
|
|
|
795
|
|
|
796 UNGCPRO;
|
|
|
797 return Qnil;
|
|
|
798 }
|
|
|
799
|
|
|
800
|
|
|
801 DEFUN ("ldap-delete", Fldap_delete, 2, 2, 0, /*
|
|
|
802 Delete an entry to an LDAP directory.
|
|
|
803 LDAP is an LDAP connection object created with `ldap-open'.
|
|
|
804 DN is the distinguished name of the entry to delete.
|
|
|
805 */
|
|
|
806 (ldap, dn))
|
|
|
807 {
|
|
|
808 LDAP *ld;
|
|
|
809 int rc;
|
|
|
810
|
|
|
811 /* Check parameters */
|
|
|
812 CHECK_LIVE_LDAP (ldap);
|
|
|
813 ld = XLDAP (ldap)->ld;
|
|
|
814 CHECK_STRING (dn);
|
|
|
815
|
|
2367
|
816 rc = ldap_delete_s (ld, NEW_LISP_STRING_TO_EXTERNAL (dn, Qnative));
|
|
996
|
817 if (rc != LDAP_SUCCESS)
|
|
|
818 signal_ldap_error (ld, NULL, rc);
|
|
|
819
|
|
|
820 return Qnil;
|
|
428
|
821 }
|
|
|
822
|
|
|
823 void
|
|
996
|
824 syms_of_eldap (void)
|
|
428
|
825 {
|
|
996
|
826 INIT_LRECORD_IMPLEMENTATION (ldap);
|
|
428
|
827
|
|
996
|
828 DEFSYMBOL (Qeldap);
|
|
|
829 DEFSYMBOL (Qldapp);
|
|
|
830 DEFSYMBOL (Qport);
|
|
|
831 DEFSYMBOL (Qauth);
|
|
|
832 DEFSYMBOL (Qbinddn);
|
|
|
833 DEFSYMBOL (Qpasswd);
|
|
|
834 DEFSYMBOL (Qderef);
|
|
|
835 DEFSYMBOL (Qtimelimit);
|
|
|
836 DEFSYMBOL (Qsizelimit);
|
|
|
837 DEFSYMBOL (Qbase);
|
|
|
838 DEFSYMBOL (Qonelevel);
|
|
|
839 DEFSYMBOL (Qsubtree);
|
|
|
840 DEFSYMBOL (Qkrbv41);
|
|
|
841 DEFSYMBOL (Qkrbv42);
|
|
|
842 DEFSYMBOL (Qnever);
|
|
|
843 DEFSYMBOL (Qalways);
|
|
|
844 DEFSYMBOL (Qfind);
|
|
|
845 DEFSYMBOL (Qadd);
|
|
|
846 DEFSYMBOL (Qreplace);
|
|
|
847
|
|
|
848 DEFSUBR (Fldapp);
|
|
|
849 DEFSUBR (Fldap_host);
|
|
|
850 DEFSUBR (Fldap_live_p);
|
|
|
851 DEFSUBR (Fldap_open);
|
|
|
852 DEFSUBR (Fldap_close);
|
|
|
853 DEFSUBR (Fldap_search_basic);
|
|
|
854 DEFSUBR (Fldap_add);
|
|
|
855 DEFSUBR (Fldap_modify);
|
|
|
856 DEFSUBR (Fldap_delete);
|
|
428
|
857 }
|
|
|
858
|
|
|
859 void
|
|
996
|
860 vars_of_eldap (void)
|
|
428
|
861 {
|
|
996
|
862
|
|
|
863 Fprovide (Qeldap);
|
|
428
|
864
|
|
996
|
865 ldap_default_port = LDAP_PORT;
|
|
|
866 Vldap_default_base = Qnil;
|
|
|
867
|
|
|
868 DEFVAR_INT ("ldap-default-port", &ldap_default_port /*
|
|
|
869 Default TCP port for LDAP connections.
|
|
|
870 Initialized from the LDAP library. Default value is 389.
|
|
428
|
871 */ );
|
|
|
872
|
|
|
873 DEFVAR_LISP ("ldap-default-base", &Vldap_default_base /*
|
|
|
874 Default base for LDAP searches.
|
|
|
875 This is a string using the syntax of RFC 1779.
|
|
|
876 For instance, "o=ACME, c=US" limits the search to the
|
|
|
877 Acme organization in the United States.
|
|
|
878 */ );
|
|
|
879
|
|
|
880 }
|
|
|
881
|
|
996
|
882 #ifdef HAVE_SHLIB
|
|
1706
|
883 EXTERN_C void unload_eldap (void);
|
|
996
|
884 void
|
|
|
885 unload_eldap (void)
|
|
|
886 {
|
|
|
887 /* Remove defined types */
|
|
|
888 UNDEF_LRECORD_IMPLEMENTATION (ldap);
|
|
|
889
|
|
|
890 /* Remove staticpro'ing of symbols */
|
|
|
891 unstaticpro_nodump (&Qeldap);
|
|
|
892 unstaticpro_nodump (&Qldapp);
|
|
|
893 unstaticpro_nodump (&Qport);
|
|
|
894 unstaticpro_nodump (&Qauth);
|
|
|
895 unstaticpro_nodump (&Qbinddn);
|
|
|
896 unstaticpro_nodump (&Qpasswd);
|
|
|
897 unstaticpro_nodump (&Qderef);
|
|
|
898 unstaticpro_nodump (&Qtimelimit);
|
|
|
899 unstaticpro_nodump (&Qsizelimit);
|
|
|
900 unstaticpro_nodump (&Qbase);
|
|
|
901 unstaticpro_nodump (&Qonelevel);
|
|
|
902 unstaticpro_nodump (&Qsubtree);
|
|
|
903 unstaticpro_nodump (&Qkrbv41);
|
|
|
904 unstaticpro_nodump (&Qkrbv42);
|
|
|
905 unstaticpro_nodump (&Qnever);
|
|
|
906 unstaticpro_nodump (&Qalways);
|
|
|
907 unstaticpro_nodump (&Qfind);
|
|
|
908 unstaticpro_nodump (&Qadd);
|
|
|
909 unstaticpro_nodump (&Qreplace);
|
|
|
910 }
|
|
|
911 #endif /* HAVE_SHLIB */
|
