oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

some pretty much untested changes from Luke Howard

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10616 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2001-08-31 18:19:49 +00:00
parent c82a5daac6
commit 452e98c132
1 changed files with 120 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
lib/hdb/hdb-ldap.c
View File

@@ -335,6 +335,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
if (ent->kvno != orig.kvno) { if (ent->kvno != orig.kvno) {
rc = asprintf(&tmp, "%d", ent->kvno); rc = asprintf(&tmp, "%d", ent->kvno);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -390,6 +391,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|| (*(ent->max_life) != *(orig.max_life))) { || (*(ent->max_life) != *(orig.max_life))) {
rc = asprintf(&tmp, "%d", *(ent->max_life)); rc = asprintf(&tmp, "%d", *(ent->max_life));
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -406,6 +408,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|| (*(ent->max_renew) != *(orig.max_renew))) { || (*(ent->max_renew) != *(orig.max_renew))) {
rc = asprintf(&tmp, "%d", *(ent->max_renew)); rc = asprintf(&tmp, "%d", *(ent->max_renew));
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -426,6 +429,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
if (memcmp(&oflags, &nflags, sizeof(HDBFlags))) { if (memcmp(&oflags, &nflags, sizeof(HDBFlags))) {
rc = asprintf(&tmp, "%lu", nflags); rc = asprintf(&tmp, "%lu", nflags);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -457,6 +461,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
len = length_Key(&new); len = length_Key(&new);
buf = malloc(len); buf = malloc(len);
if (buf == NULL) { if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
free_Key(&new); free_Key(&new);
goto out; goto out;
@@ -487,6 +492,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
for (i = 0; i < ent->etypes->len; i++) { for (i = 0; i < ent->etypes->len; i++) {
rc = asprintf(&tmp, "%d", ent->etypes->val[i]); rc = asprintf(&tmp, "%d", ent->etypes->val[i]);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -524,17 +530,22 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
krb5_principal * principal) krb5_principal * principal)
{ {
krb5_error_code ret; krb5_error_code ret;
int rc; int rc, limit = 1;
char **values; char **values;
LDAPMessage *res = NULL, *e; LDAPMessage *res = NULL, *e;
rc = 1; rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
(void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, &rc); if (rc != LDAP_SUCCESS) {
rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_BASE, krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
ret = HDB_ERR_BADVERSION;
goto out;
}
rc = ldap_search_s((LDAP *) db->db, dn, LDAP_SCOPE_BASE,
"(objectclass=krb5Principal)", krb5principal_attrs, "(objectclass=krb5Principal)", krb5principal_attrs,
0, &res); 0, &res);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_search_s: %s", ldap_err2string(rc));
ret = HDB_ERR_NOENTRY; ret = HDB_ERR_NOENTRY;
goto out; goto out;
} }
@@ -566,7 +577,7 @@ LDAP__lookup_princ(krb5_context context, HDB * db, const char *princname,
LDAPMessage ** msg) LDAPMessage ** msg)
{ {
krb5_error_code ret; krb5_error_code ret;
int rc; int rc, limit = 1;
char *filter = NULL; char *filter = NULL;
(void) LDAP__connect(context, db); (void) LDAP__connect(context, db);
@@ -576,16 +587,22 @@ LDAP__lookup_princ(krb5_context context, HDB * db, const char *princname,
"(&(objectclass=krb5KDCEntry)(krb5PrincipalName=%s))", "(&(objectclass=krb5KDCEntry)(krb5PrincipalName=%s))",
princname); princname);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
rc = 1; rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
(void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (void *) &rc); if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
ret = HDB_ERR_BADVERSION;
goto out;
}
rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter, rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter,
krb5kdcentry_attrs, 0, msg); krb5kdcentry_attrs, 0, msg);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_search_s: %s", ldap_err2string(rc));
ret = HDB_ERR_NOENTRY; ret = HDB_ERR_NOENTRY;
goto out; goto out;
} }
@@ -659,6 +676,11 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->keys.len = ldap_count_values_len(keys); ent->keys.len = ldap_count_values_len(keys);
ent->keys.val = (Key *) calloc(ent->keys.len, sizeof(Key)); ent->keys.val = (Key *) calloc(ent->keys.len, sizeof(Key));
if (ent->keys.val == NULL) {
krb5_set_error_string(context, "calloc: out of memory");
ret = ENOMEM;
goto out;
}
for (i = 0; i < ent->keys.len; i++) { for (i = 0; i < ent->keys.len; i++) {
decode_Key((unsigned char *) keys[i]->bv_val, decode_Key((unsigned char *) keys[i]->bv_val,
(size_t) keys[i]->bv_len, &ent->keys.val[i], &l); (size_t) keys[i]->bv_len, &ent->keys.val[i], &l);
@@ -699,6 +721,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->modified_by = (Event *) malloc(sizeof(Event)); ent->modified_by = (Event *) malloc(sizeof(Event));
if (ent->modified_by == NULL) { if (ent->modified_by == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -719,6 +742,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
if ((ent->valid_start = (KerberosTime *) malloc(sizeof(KerberosTime))) if ((ent->valid_start = (KerberosTime *) malloc(sizeof(KerberosTime)))
== NULL) { == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -732,7 +756,9 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
} }
if ((ent->valid_end = (KerberosTime *) malloc(sizeof(KerberosTime))) == if ((ent->valid_end = (KerberosTime *) malloc(sizeof(KerberosTime))) ==
NULL) {ret = ENOMEM; NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out; goto out;
} }
ret = ret =
@@ -745,7 +771,9 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
} }
if ((ent->pw_end = (KerberosTime *) malloc(sizeof(KerberosTime))) == if ((ent->pw_end = (KerberosTime *) malloc(sizeof(KerberosTime))) ==
NULL) {ret = ENOMEM; NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out; goto out;
} }
ret = ret =
@@ -759,6 +787,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->max_life = (int *) malloc(sizeof(int)); ent->max_life = (int *) malloc(sizeof(int));
if (ent->max_life == NULL) { if (ent->max_life == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -770,6 +799,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->max_renew = (int *) malloc(sizeof(int)); ent->max_renew = (int *) malloc(sizeof(int));
if (ent->max_renew == NULL) { if (ent->max_renew == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -783,6 +813,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
if (values != NULL) { if (values != NULL) {
tmp = strtoul(values[0], (char **) NULL, 10); tmp = strtoul(values[0], (char **) NULL, 10);
if (tmp == ULONG_MAX && errno == ERANGE) { if (tmp == ULONG_MAX && errno == ERANGE) {
krb5_set_error_string(context, "strtoul: could not convert flag");
ret = ERANGE; ret = ERANGE;
goto out; goto out;
} }
@@ -797,6 +828,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->etypes = malloc(sizeof(*(ent->etypes))); ent->etypes = malloc(sizeof(*(ent->etypes)));
if (ent->etypes == NULL) { if (ent->etypes == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -825,10 +857,9 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
static krb5_error_code LDAP_close(krb5_context context, HDB * db) static krb5_error_code LDAP_close(krb5_context context, HDB * db)
{ {
LDAP *ld = (LDAP *) db->db; ldap_unbind_ext((LDAP *) db->db, NULL, NULL);
ldap_unbind(ld);
db->db = NULL; db->db = NULL;
return 0; return 0;
} }
@@ -870,6 +901,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
NULL, NULL, 1); NULL, NULL, 1);
if (parserc != LDAP_SUCCESS if (parserc != LDAP_SUCCESS
&& parserc != LDAP_MORE_RESULTS_TO_RETURN) { && parserc != LDAP_MORE_RESULTS_TO_RETURN) {
krb5_set_error_string(context, "ldap_parse_result: %s", ldap_err2string(parserc));
ldap_abandon((LDAP *) db->db, msgid); ldap_abandon((LDAP *) db->db, msgid);
} }
ret = HDB_ERR_NOENTRY; ret = HDB_ERR_NOENTRY;
@@ -902,12 +934,15 @@ static krb5_error_code
LDAP_firstkey(krb5_context context, HDB * db, unsigned flags, LDAP_firstkey(krb5_context context, HDB * db, unsigned flags,
hdb_entry * entry) hdb_entry * entry)
{ {
int msgid; int msgid, limit = LDAP_NO_LIMIT, rc;
(void) LDAP__connect(context, db); (void) LDAP__connect(context, db);
msgid = LDAP_NO_LIMIT; rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
(void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, &msgid); if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
return HDB_ERR_BADVERSION;
}
msgid = ldap_search((LDAP *) db->db, db->name, msgid = ldap_search((LDAP *) db->db, db->name,
LDAP_SCOPE_ONELEVEL, "(objectclass=krb5KDCEntry)", LDAP_SCOPE_ONELEVEL, "(objectclass=krb5KDCEntry)",
@@ -934,33 +969,9 @@ LDAP_rename(krb5_context context, HDB * db, const char *new_name)
return HDB_ERR_DB_INUSE; return HDB_ERR_DB_INUSE;
} }
static krb5_boolean LDAP__is_user_namingcontext(const char *ctx,
char *const *subschema)
{
char *const *p;
if (!strcasecmp(ctx, "CN=MONITOR")
|| !strcasecmp(ctx, "CN=CONFIG")) {
return FALSE;
}
if (subschema != NULL) {
for (p = subschema; *p != NULL; p++) {
if (!strcasecmp(ctx, *p)) {
return FALSE;
}
}
}
return TRUE;
}
static krb5_error_code LDAP__connect(krb5_context context, HDB * db) static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
{ {
int rc; int rc, version = LDAP_VERSION3;
krb5_error_code ret;
char *attrs[] = { "namingContexts", "subschemaSubentry", NULL };
LDAPMessage *res = NULL, *e;
if (db->db != NULL) { if (db->db != NULL) {
/* connection has been opened. ping server. */ /* connection has been opened. ping server. */
@@ -982,111 +993,38 @@ static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
rc = ldap_initialize((LDAP **) & db->db, "ldapi:///"); rc = ldap_initialize((LDAP **) & db->db, "ldapi:///");
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_initialize: %s", ldap_err2string(rc));
return HDB_ERR_NOENTRY; return HDB_ERR_NOENTRY;
} }
rc = LDAP_VERSION3; rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_PROTOCOL_VERSION, (const void *)&version);
(void) ldap_set_option((LDAP *) db->db, LDAP_OPT_PROTOCOL_VERSION, &rc);
/* XXX set db->name to the search base */
rc = ldap_search_s((LDAP *) db->db, "", LDAP_SCOPE_BASE,
"(objectclass=*)", attrs, 0, &res);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ret = HDB_ERR_BADVERSION; krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
goto out; ldap_unbind_ext((LDAP *) db->db, NULL, NULL);
db->db = NULL;
return HDB_ERR_BADVERSION;
} }
e = ldap_first_entry((LDAP *) db->db, res); return 0;
if (e == NULL) {
ret = HDB_ERR_NOENTRY;
goto out;
}
if (db->name == NULL) {
char **contexts = NULL, **schema_contexts, **p;
contexts = ldap_get_values((LDAP *) db->db, e, "namingContexts");
if (contexts == NULL) {
ret = HDB_ERR_NOENTRY;
goto out;
}
schema_contexts =
ldap_get_values((LDAP *) db->db, e, "subschemaSubentry");
if (db->name != NULL) {
free(db->name);
db->name = NULL;
}
for (p = contexts; *p != NULL; p++) {
if (LDAP__is_user_namingcontext(*p, schema_contexts)) {
break;
}
}
db->name = strdup(*p);
if (db->name == NULL) {
ldap_value_free(contexts);
ret = ENOMEM;
goto out;
}
ldap_value_free(contexts);
if (schema_contexts != NULL) {
ldap_value_free(schema_contexts);
}
}
ret = 0;
out:
if (res != NULL) {
ldap_msgfree(res);
}
if (ret != 0) {
if (db->db != NULL) {
ldap_unbind((LDAP *) db->db);
db->db = NULL;
}
}
return ret;
} }
static krb5_error_code static krb5_error_code
LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode) LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode)
{ {
krb5_error_code ret;
/* Not the right place for this. */ /* Not the right place for this. */
#ifdef HAVE_SIGACTION #ifdef HAVE_SIGACTION
{ struct sigaction sa;
struct sigaction sa;
sa.sa_flags = 0; sa.sa_flags = 0;
sa.sa_handler = SIG_IGN; sa.sa_handler = SIG_IGN;
sigemptyset(&sa.sa_mask); sigemptyset(&sa.sa_mask);
sigaction(SIGPIPE, &sa, NULL); sigaction(SIGPIPE, &sa, NULL);
}
#else #else
signal(SIGPIPE, SIG_IGN); signal(SIGPIPE, SIG_IGN);
#endif #endif /* HAVE_SIGACTION */
if (db->name != NULL) { return LDAP__connect(context, db);
free(db->name);
db->name = NULL;
}
ret = LDAP__connect(context, db);
if (ret != 0) {
return ret;
}
return ret;
} }
static krb5_error_code static krb5_error_code
@@ -1128,6 +1066,8 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
{ {
LDAPMod **mods = NULL; LDAPMod **mods = NULL;
krb5_error_code ret; krb5_error_code ret;
const char *errfn;
int rc;
LDAPMessage *msg = NULL, *e = NULL; LDAPMessage *msg = NULL, *e = NULL;
char *dn = NULL, *name = NULL; char *dn = NULL, *name = NULL;
@@ -1142,8 +1082,9 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
} }
ret = hdb_seal_keys(context, db, entry); ret = hdb_seal_keys(context, db, entry);
if (ret) if (ret != 0) {
goto out; goto out;
}
/* turn new entry into LDAPMod array */ /* turn new entry into LDAPMod array */
ret = LDAP_entry2mods(context, db, entry, e, &mods); ret = LDAP_entry2mods(context, db, entry, e, &mods);
@@ -1178,8 +1119,14 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
goto out; goto out;
} }
ret = asprintf(&dn, "cn=%s,%s", name, db->name); if (db->name != NULL) {
ret = asprintf(&dn, "cn=%s,%s", name, db->name);
} else {
/* A bit bogus, but we don't have a search base */
ret = asprintf(&dn, "cn=%s", name, db->name);
}
if (ret < 0) { if (ret < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -1195,15 +1142,18 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
/* write entry into directory */ /* write entry into directory */
if (e == NULL) { if (e == NULL) {
/* didn't exist before */ /* didn't exist before */
ret = ldap_add_s((LDAP *) db->db, dn, mods); rc = ldap_add_s((LDAP *) db->db, dn, mods);
errfn = "ldap_add_s";
} else { } else {
/* already existed, send deltas only */ /* already existed, send deltas only */
ret = ldap_modify_s((LDAP *) db->db, dn, mods); rc = ldap_modify_s((LDAP *) db->db, dn, mods);
errfn = "ldap_modify_s";
} }
if (ret == LDAP_SUCCESS) { if (rc == LDAP_SUCCESS) {
ret = 0; ret = 0;
} else { } else {
krb5_set_error_string(context, "%s: %s", errfn, ldap_err2string(rc));
ret = HDB_ERR_CANT_LOCK_DB; ret = HDB_ERR_CANT_LOCK_DB;
} }
@@ -1234,6 +1184,7 @@ LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry)
krb5_error_code ret; krb5_error_code ret;
LDAPMessage *msg, *e; LDAPMessage *msg, *e;
char *dn = NULL; char *dn = NULL;
int rc, limit = LDAP_NO_LIMIT;
ret = LDAP_principal2message(context, db, entry->principal, &msg); ret = LDAP_principal2message(context, db, entry->principal, &msg);
if (ret != 0) { if (ret != 0) {
@@ -1252,13 +1203,18 @@ LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry)
goto out; goto out;
} }
ret = LDAP_NO_LIMIT; rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
(void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, &ret); if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
ret = HDB_ERR_BADVERSION;
goto out;
}
ret = ldap_delete_s((LDAP *) db->db, dn); rc = ldap_delete_s((LDAP *) db->db, dn);
if (ret == LDAP_SUCCESS) { if (rc == LDAP_SUCCESS) {
ret = 0; ret = 0;
} else { } else {
krb5_set_error_string(context, "ldap_delete_s: %s", ldap_err2string(rc));
ret = HDB_ERR_CANT_LOCK_DB; ret = HDB_ERR_CANT_LOCK_DB;
} }
@@ -1304,22 +1260,44 @@ static krb5_error_code LDAP_destroy(krb5_context context, HDB * db)
krb5_error_code ret; krb5_error_code ret;
ret = hdb_clear_master_key(context, db); ret = hdb_clear_master_key(context, db);
free(db->name); if (db->name != NULL) {
free(db->name);
}
free(db); free(db);
return ret; return ret;
} }
krb5_error_code krb5_error_code
hdb_ldap_create(krb5_context context, HDB ** db, const char *filename) hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
{ {
*db = malloc(sizeof(**db)); *db = malloc(sizeof(**db));
if (*db == NULL) if (*db == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
}
(*db)->db = NULL; (*db)->db = NULL;
/* (*db)->name = strdup(filename); */
(*db)->name = NULL; if (arg == NULL || arg[0] == '\0') {
/*
* if no argument specified in the configuration file
* then use NULL, which tells OpenLDAP to look in
* the ldap.conf file. This doesn't work for
* writing entries because we don't know where to
* put new principals.
*/
(*db)->name = NULL;
} else {
(*db)->name = strdup(arg);
if ((*db)->name == NULL) {
krb5_set_error_string(context, "strdup: out of memory");
free(*db);
*db = NULL;
return ENOMEM;
}
}
(*db)->master_key_set = 0; (*db)->master_key_set = 0;
(*db)->openp = 0; (*db)->openp = 0;
(*db)->open = LDAP_open; (*db)->open = LDAP_open;