Beispiel #1
0
/*
 * ldap_compare - perform an ldap (and X.500) compare operation.  The dn
 * of the entry to compare to and the attribute and value to compare (in
 * attr and value) are supplied.  The msgid of the response is returned.
 *
 * Example:
 *	ldap_compare( ld, "c=us@cn=bob", "userPassword", "secret" )
 */
int
ldap_compare( LDAP *ld, char *dn, char *attr, char *value )
{
	BerElement	*ber;
	struct berval bv;
	int rv;
	
	/* The compare request looks like this:
	 *	CompareRequest ::= SEQUENCE {
	 *		entry	DistinguishedName,
	 *		ava	SEQUENCE {
	 *			type	AttributeType,
	 *			value	AttributeValue
	 *		}
	 *	}
	 * and must be wrapped in an LDAPMessage.
	 */

#ifdef _REENTRANT
        LOCK_LDAP(ld);
#endif
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 128, "ldap_compare\n"), 0, 0, 0 );

	bv.bv_val = value;
	bv.bv_len = strlen(value);
	
	if ((ber = ldap_build_compare_req(ld, dn, attr, &bv, NULL)) == NULLBER) {
#ifdef _REENTRANT
        UNLOCK_LDAP(ld);
#endif
		return (-1);
	}
	
#ifndef NO_CACHE
	if ( ld->ld_cache != NULL ) {
		if ( check_cache( ld, LDAP_REQ_COMPARE, ber ) == 0 ) {
			ber_free( ber, 1 );
			ld->ld_errno = LDAP_SUCCESS;
#ifdef _REENTRANT
			UNLOCK_LDAP(ld);
#endif
			return( ld->ld_msgid );
		}
		add_request_to_cache( ld, LDAP_REQ_COMPARE, ber );
	}
#endif /* NO_CACHE */

	/* send the message */
	rv = send_initial_request( ld, LDAP_REQ_COMPARE, dn, ber );
#ifdef _REENTRANT
        UNLOCK_LDAP(ld);
#endif
	return (rv);
}
Beispiel #2
0
int
ldap_entry2text(
	LDAP			*ld,
	char			*buf,		/* NULL for "use internal" */
	LDAPMessage		*entry,
	struct ldap_disptmpl	*tmpl,
	char			**defattrs,
	char			***defvals,
	writeptype		writeproc,
	void			*writeparm,
	char			*eol,
	int			rdncount,
	unsigned int		opts
)
{
#if defined( SUN ) && defined( _REENTRANT )
    int rv;
    
    LOCK_LDAP(ld);
#endif
    Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 253, "ldap_entry2text\n"), 0, 0, 0 );

#if defined( SUN ) && defined( _REENTRANT )
    rv = do_entry2text( ld, buf, NULL, entry, tmpl, defattrs, defvals,
		writeproc, writeparm, eol, rdncount, opts, NULL );
    UNLOCK_LDAP(ld);
    return( rv );
#else
    return( do_entry2text( ld, buf, NULL, entry, tmpl, defattrs, defvals,
		writeproc, writeparm, eol, rdncount, opts, NULL ));
#endif
}
Beispiel #3
0
int
ldap_vals2text(
	LDAP			*ld,
	char			*buf,		/* NULL for "use internal" */
	char			**vals,
	char			*label,
	int			labelwidth,	/* 0 means use default */
	unsigned int		syntaxid,
	writeptype		writeproc,
	void			*writeparm,
	char			*eol,
	int			rdncount
)
{
#if defined( SUN ) && defined( _REENTRANT )
	int rv;
	
        LOCK_LDAP(ld);
#endif
    Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 257, "ldap_vals2text\n"), 0, 0, 0 );

#if defined( SUN ) && defined( _REENTRANT )
    rv = do_vals2text( ld, buf, vals, label, labelwidth, syntaxid,
			  writeproc, writeparm, eol, rdncount, NULL );
    UNLOCK_LDAP(ld);
    return( rv );
#else
    return( do_vals2text( ld, buf, vals, label, labelwidth, syntaxid,
		writeproc, writeparm, eol, rdncount, NULL ));
#endif
}
Beispiel #4
0
int
ldap_entry2html_search(
	LDAP			*ld,
	char			*dn,		/* if NULL, use entry */
	char			*base,		/* if NULL, no search actions */
	LDAPMessage		*entry, 	/* if NULL, use dn */
	struct ldap_disptmpl*	tmpllist,	/* if NULL, load default file */
	char			**defattrs,
	char			***defvals,
	writeptype		writeproc,
	void			*writeparm,
	char			*eol,
	int			rdncount,	/* if 0, display full DN */
	unsigned int		opts,
	char			*urlprefix
)
{
#if defined( SUN ) && defined( _REENTRANT )
	int rv;
	
        LOCK_LDAP(ld);
#endif
    Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 256, "ldap_entry2html_search\n"), 0, 0, 0 );

#if defined( SUN ) && defined( _REENTRANT )
    rv = do_entry2text_search( ld, dn, base, entry, tmpllist, defattrs,
	    defvals, writeproc, writeparm, eol, rdncount, opts, urlprefix );
    UNLOCK_LDAP(ld);
    return( rv );
#else
    return( do_entry2text_search( ld, dn, base, entry, tmpllist, defattrs,
	    defvals, writeproc, writeparm, eol, rdncount, opts, urlprefix ));
#endif
}
Beispiel #5
0
/*
 * ldap_modrdn - initiate an ldap (and X.500) modifyRDN operation. Parameters:
 *
 *	ld		LDAP descriptor
 *	dn		DN of the object to modify
 *	newrdn		RDN to give the object
 *	deleteoldrdn	nonzero means to delete old rdn values from the entry
 *
 * Example:
 *	msgid = ldap_modrdn( ld, dn, newrdn );
 */
int
ldap_modrdn( LDAP *ld, char *dn, char *newrdn, int deleteoldrdn )
{
	BerElement	*ber;
	int rv;

	/*
	 * A modify rdn request looks like this:
	 *	ModifyRDNRequest ::= SEQUENCE {
	 *		entry		DistinguishedName,
	 *		newrdn		RelativeDistinguishedName,
	 *		deleteoldrdn	BOOLEAN
	 *	}
	 */

#ifdef _REENTRANT
        LOCK_LDAP(ld);
#endif
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 193, "ldap_modrdn\n"), 0, 0, 0 );

	/* create a message to send */
	if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
#ifdef _REENTRANT
		UNLOCK_LDAP(ld);
#endif
		return( -1 );
	}

	if ( ber_printf( ber, "{it{ssb}}", ++ld->ld_msgid, LDAP_REQ_MODRDN, dn,
	    newrdn, deleteoldrdn ) == -1 ) {
		ld->ld_errno = LDAP_ENCODING_ERROR;
		ber_free( ber, 1 );
#ifdef _REENTRANT
		UNLOCK_LDAP(ld);
#endif
		return( -1 );
	}

	/* send the message */
	rv = send_initial_request( ld, LDAP_REQ_MODRDN, dn, ber );
#ifdef _REENTRANT
	UNLOCK_LDAP(ld);
#endif
	return ( rv );
}
Beispiel #6
0
int ldap_add_ext(LDAP *ld, char *dn, LDAPMod **attrs, 
				 LDAPControl ** serverctrls, LDAPControl **clientctrls, int *msgidp)
{
	BerElement	*ber;
	int		i, rc;
	int rv;

#ifdef _REENTRANT
	LOCK_LDAP(ld);
#endif	
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 87, "ldap_add\n"), 0, 0, 0 );

	if ((ber = ldap_build_add_req(ld, dn, attrs, serverctrls)) == NULLBER){
		rv = ld->ld_errno;
		if (rv == LDAP_SUCCESS)
			rv = LDAP_OTHER;
#ifdef _REENTRANT
		UNLOCK_LDAP(ld);
#endif	
		return (rv);
	}
	
	/* send the message */
	rv = send_initial_request( ld, LDAP_REQ_ADD, dn, ber );
	if (rv == -1) {
		rv = ld->ld_errno;
		if (rv == LDAP_SUCCESS){
			rv = LDAP_OTHER;
		}
		
#ifdef  _REENTRANT
		UNLOCK_LDAP(ld);
#endif	
		return (rv);
	}
		
	*msgidp = rv;
#ifdef  _REENTRANT
	UNLOCK_LDAP(ld);
#endif	
	return (LDAP_SUCCESS);
}
Beispiel #7
0
void
cldap_setretryinfo( LDAP *ld, int tries, time_t timeout )
{
#if defined( SUN ) && defined( _REENTRANT )
    LOCK_LDAP(ld);
#endif	
    ld->ld_cldaptries = ( tries <= 0 ) ? DEF_CLDAP_TRIES : tries;
    ld->ld_cldaptimeout = ( timeout <= 0 ) ? DEF_CLDAP_TIMEOUT : timeout;
#if defined( SUN ) && defined( _REENTRANT )
    UNLOCK_LDAP(ld);
#endif
}
Beispiel #8
0
LDAP *
ldap_open(char *host, int port)
{
	LDAP		*ld;
	int err;

	if ((ld = ldap_init(host, port)) == NULL) {
		return (NULL);
	}

	Debug(LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 113,
		"ldap_open (after ldap_init)\n"), 0, 0, 0);

#ifdef _REENTRANT
	LOCK_LDAP(ld);
#endif
	if ((err = open_default_ldap_connection(ld)) != LDAP_SUCCESS) {
#ifdef _REENTRANT
	UNLOCK_LDAP(ld);
#endif
		ldap_ld_free(ld, 0);
		Debug(LDAP_DEBUG_ANY, catgets(slapdcat, 1, 1275,
			"ldap_open failed, %s\n"),
			ldap_err2string(err), 0, 0);
		return (NULL);
	}

	Debug(LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 194,
		"ldap_open successful, ld_host is %s\n"),
		(ld->ld_host == NULL) ? "(null)" : ld->ld_host, 0, 0);
#ifdef _REENTRANT
	UNLOCK_LDAP(ld);
#endif
	return (ld);

}
Beispiel #9
0
/*
 * ldap_add - initiate an ldap (and X.500) add operation.  Parameters:
 *
 *	ld		LDAP descriptor
 *	dn		DN of the entry to add
 *	mods		List of attributes for the entry.  This is a null-
 *			terminated array of pointers to LDAPMod structures.
 *			only the type and values in the structures need be
 *			filled in.
 *
 * Example:
 *	LDAPMod	*attrs[] = { 
 *			{ 0, "cn", { "babs jensen", "babs", 0 } },
 *			{ 0, "sn", { "jensen", 0 } },
 *			{ 0, "objectClass", { "person", 0 } },
 *			0
 *		}
 *	msgid = ldap_add( ld, dn, attrs );
 */
int ldap_add( LDAP *ld, char *dn, LDAPMod **attrs )
{
	BerElement	*ber;
	int rv;

#ifdef _REENTRANT
	LOCK_LDAP(ld);
#endif	
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 87, "ldap_add\n"), 0, 0, 0 );

	if ((ber = ldap_build_add_req(ld, dn, attrs, NULL)) == NULLBER){
#ifdef _REENTRANT
		UNLOCK_LDAP(ld);
#endif	
		return (-1);
	}
	
	/* send the message */
	rv = send_initial_request( ld, LDAP_REQ_ADD, dn, ber );
#ifdef  _REENTRANT
	UNLOCK_LDAP(ld);
#endif	
	return (rv);
}
Beispiel #10
0
int
ldap_entry2html(
	LDAP			*ld,
	char			*buf,		/* NULL for "use internal" */
	LDAPMessage		*entry,
	struct ldap_disptmpl	*tmpl,
	char			**defattrs,
	char			***defvals,
	writeptype		writeproc,
	void			*writeparm,
	char			*eol,
	int			rdncount,
	unsigned int		opts,
	char			*base,
	char			*urlprefix
)
{
#if defined( SUN ) && defined( _REENTRANT )
    int rv;
    
    LOCK_LDAP(ld);
#endif
    Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 254, "ldap_entry2html\n"), 0, 0, 0 );

    if ( urlprefix == NULL ) {
	urlprefix = DEF_LDAP_URL_PREFIX;
    }

#if defined( SUN ) && defined( _REENTRANT )
    rv = do_entry2text( ld, buf, base, entry, tmpl, defattrs, defvals,
				writeproc, writeparm, eol, rdncount, opts, urlprefix );
    UNLOCK_LDAP(ld);
    return( rv );
#else
    return( do_entry2text( ld, buf, base, entry, tmpl, defattrs, defvals,
		writeproc, writeparm, eol, rdncount, opts, urlprefix ));
#endif
}
Beispiel #11
0
int ldap_compare_ext_s(LDAP *ld, char *dn, char *attr, struct berval *bvalue,
					   LDAPControl ** serverctrls, LDAPControl **clientctrls)
{
	int		msgid, retcode = LDAP_SUCCESS;
	LDAPMessage	*res;

	if ( (retcode = ldap_compare_ext( ld, dn, attr, bvalue, serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS )
		return( retcode );

	if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
		return( ld->ld_errno );

#ifdef _REENTRANT
	LOCK_LDAP(ld);
#endif
	retcode = ldap_parse_result( ld, res,  &ld->ld_errno, &ld->ld_matched, &ld->ld_error,
								 &ld->ld_referrals, &ld->ld_ret_ctrls, 1);
	if (retcode == LDAP_SUCCESS)
		retcode = ld->ld_errno;
#ifdef _REENTRANT
	UNLOCK_LDAP(ld);
#endif
	return (retcode);
}
Beispiel #12
0
static int
cldap_result( LDAP *ld, int msgid, LDAPMessage **res,
	struct cldap_retinfo *crip, char *base )
{
    Sockbuf 		*sb;
    BerElement		ber;
    char		*logdn;
    int			ret, id, fromaddr, i;
    struct timeval	tv;

#if defined( SUN ) && defined( _REENTRANT )
    LOCK_LDAP(ld);
#endif	

    sb = &ld->ld_sb;
    fromaddr = -1;

    if ( crip->cri_try == 0 ) {
	crip->cri_maxtries = ld->ld_cldaptries * sb->sb_naddr;
	crip->cri_timeout = ld->ld_cldaptimeout;
	crip->cri_useaddr = 0;
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 117, "cldap_result tries %1$d timeout %2$d\n"),
		ld->ld_cldaptries, ld->ld_cldaptimeout, 0 );
    }

    if ((tv.tv_sec = crip->cri_timeout / sb->sb_naddr) < 1 ) {
	tv.tv_sec = 1;
    }
    tv.tv_usec = 0;

    Debug( LDAP_DEBUG_TRACE,
	    catgets(slapdcat, 1, 118, "cldap_result waiting up to %d seconds for a response\n"),
	    tv.tv_sec, 0, 0 );
    ber_zero_init( &ber, 0 );
    set_ber_options( ld, &ber );

    if ( cldap_getmsg( ld, &tv, &ber ) == -1 ) {
	ret = ld->ld_errno;
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 119, "cldap_getmsg returned -1 (%d)\n"),
		ret, 0, 0 );
    } else if ( ld->ld_errno == LDAP_TIMEOUT ) {
	Debug( LDAP_DEBUG_TRACE,
	    catgets(slapdcat, 1, 120, "cldap_result timed out\n"), 0, 0, 0 );
	/*
	 * It timed out; is it time to give up?
	 */
	if ( ++crip->cri_try >= crip->cri_maxtries ) {
	    ret = LDAP_TIMEOUT;
	    --crip->cri_try;
	} else {
	    if ( ++crip->cri_useaddr >= sb->sb_naddr ) {
		/*
		 * new round: reset address to first one and
		 * double the timeout
		 */
		crip->cri_useaddr = 0;
		crip->cri_timeout <<= 1;
	    }
	    ret = -1;
	}

    } else {
	/*
	 * Got a response.  It should look like:
	 * { msgid, logdn, { searchresponse...}}
	 */
	logdn = NULL;

	if ( ber_scanf( &ber, "ia", &id, &logdn ) == LBER_ERROR ) {
	    free( ber.ber_buf );	/* gack! */
	    ret = LDAP_DECODING_ERROR;
	    Debug( LDAP_DEBUG_TRACE,
		    catgets(slapdcat, 1, 121, "cldap_result: ber_scanf returned LBER_ERROR (%d)\n"),
		    ret, 0, 0 );
	} else if ( id != msgid ) {
	    free( ber.ber_buf );	/* gack! */
	    Debug( LDAP_DEBUG_TRACE,
		    catgets(slapdcat, 1, 122, "cldap_result: looking for msgid %1$d; got %2$d\n"),
		    msgid, id, 0 );
	    ret = -1;	/* ignore and keep looking */
	} else {
	    /*
	     * got a result: determine which server it came from
	     * decode into ldap message chain
	     */
	    for ( fromaddr = 0; fromaddr < sb->sb_naddr; ++fromaddr ) {
		    if ( memcmp( &((struct sockaddr_in *)
			    sb->sb_addrs[ fromaddr ])->sin_addr,
			    &((struct sockaddr_in *)sb->sb_fromaddr)->sin_addr,
			    sizeof( struct in_addr )) == 0 ) {
			break;
		    }
	    }
	    ret = cldap_parsemsg( ld, msgid, &ber, res, base );
	    free( ber.ber_buf );	/* gack! */
	    Debug( LDAP_DEBUG_TRACE,
		catgets(slapdcat, 1, 123, "cldap_result got result (%d)\n"), ret, 0, 0 );
	}

	if ( logdn != NULL ) {
		free( logdn );
	}
    }
    

    /*
     * If we are giving up (successfully or otherwise) then 
     * abandon any outstanding requests.
     */
    if ( ret != -1 ) {
	i = crip->cri_try;
	if ( i >= sb->sb_naddr ) {
	    i = sb->sb_naddr - 1;
	}

	for ( ; i >= 0; --i ) {
	    if ( i == fromaddr ) {
		continue;
	    }
	    sb->sb_useaddr = sb->sb_addrs[ i ];
	    Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 124, "cldap_result abandoning id %1$d (to %2$s)\n"),
		msgid, inet_ntoa( ((struct sockaddr_in *)
		sb->sb_useaddr)->sin_addr ), 0 );
	    (void) ldap_abandon( ld, msgid );
	}
    }

#if defined( SUN ) && defined( _REENTRANT )
    UNLOCK_LDAP(ld);
#endif
    return( ld->ld_errno = ret );
}
Beispiel #13
0
int
cldap_search_s( LDAP *ld, char *base, int scope, char *filter, char **attrs,
	int attrsonly, LDAPMessage **res, char *logdn )
{
    int				ret, msgid;
    struct cldap_retinfo	cri;

    *res = NULLMSG;

    (void) memset( &cri, 0, sizeof( cri ));

#if defined( SUN ) && defined( _REENTRANT )
    LOCK_LDAP(ld);
#endif	

    if ( logdn != NULL ) {
	ld->ld_cldapdn = logdn;
    } else if ( ld->ld_cldapdn == NULL ) {
	ld->ld_cldapdn = "";
    }

    do {
	if ( cri.cri_try != 0 ) {
		--ld->ld_msgid;	/* use same id as before */
	}
	ld->ld_sb.sb_useaddr = ld->ld_sb.sb_addrs[ cri.cri_useaddr ];

	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 115, "cldap_search_s try %1$d (to %2$s)\n"),
	    cri.cri_try, inet_ntoa( ((struct sockaddr_in *)
	    ld->ld_sb.sb_useaddr)->sin_addr ), 0 );

	    if ( (msgid = ldap_search( ld, base, scope, filter, attrs,
		attrsonly )) == -1 ) {
#if defined( SUN ) && defined( _REENTRANT )
	            UNLOCK_LDAP(ld);
#endif
		    return( ld->ld_errno );
	    }
#ifndef NO_CACHE
#if defined( SUN ) && defined( _REENTRANT )	
	    LOCK_RESPONSE(ld);
#endif
	    if ( ld->ld_cache != NULL && ld->ld_responses != NULL ) {
		Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 116, "cldap_search_s res from cache\n"),
			0, 0, 0 );
		*res = ld->ld_responses;
		ld->ld_responses = ld->ld_responses->lm_next;
#if defined( SUN ) && defined( _REENTRANT )
		UNLOCK_LDAP(ld);
		ret = ldap_result2error( ld, *res, 0 );
		UNLOCK_RESPONSE(ld);
		return( ret );
#else
		return( ldap_result2error( ld, *res, 0 ));
#endif
	    }
#endif /* NO_CACHE */
	    ret = cldap_result( ld, msgid, res, &cri, base );
#if defined( SUN ) && defined( _REENTRANT )	
	    UNLOCK_RESPONSE(ld);
#endif
	} while (ret == -1);

	return( ret );
}
Beispiel #14
0
/* LDAPv3 API extensions */
int ldap_compare_ext(LDAP *ld, char *dn, char *attr, struct berval *bvalue,
					 LDAPControl ** serverctrls, LDAPControl **clientctrls, int *msgidp)
{
	BerElement	*ber;
	struct berval bv;
	int rv;
	
	/* The compare request looks like this:
	 *	CompareRequest ::= SEQUENCE {
	 *		entry	DistinguishedName,
	 *		ava	SEQUENCE {
	 *			type	AttributeType,
	 *			value	AttributeValue
	 *		}
	 *	}
	 * and must be wrapped in an LDAPMessage.
	 */

#ifdef _REENTRANT
        LOCK_LDAP(ld);
#endif
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 128, "ldap_compare\n"), 0, 0, 0 );

	if ((ber = ldap_build_compare_req(ld, dn, attr, bvalue, NULL)) == NULLBER) {
		rv = ld->ld_errno;
		if (rv == LDAP_SUCCESS)
			rv = LDAP_OTHER;
#ifdef _REENTRANT
        UNLOCK_LDAP(ld);
#endif
		return (rv);
	}
	
#ifndef NO_CACHE
	if ( ld->ld_cache != NULL ) {
		if ( check_cache( ld, LDAP_REQ_COMPARE, ber ) == 0 ) {
			ber_free( ber, 1 );
			ld->ld_errno = LDAP_SUCCESS;
			*msgidp = ld->ld_msgid;
#ifdef _REENTRANT
			UNLOCK_LDAP(ld);
#endif
			return( LDAP_SUCCESS );
		}
		add_request_to_cache( ld, LDAP_REQ_COMPARE, ber );
	}
#endif /* NO_CACHE */

	/* send the message */
	rv = send_initial_request( ld, LDAP_REQ_COMPARE, dn, ber );
	if (rv == -1) {
		rv = ld->ld_errno;
		if (rv == LDAP_SUCCESS){
			rv = LDAP_OTHER;
		}
#ifdef  _REENTRANT
		UNLOCK_LDAP(ld);
#endif	
		return (rv);
	}
	
	*msgidp = rv;
#ifdef _REENTRANT
	UNLOCK_LDAP(ld);
#endif
	return (LDAP_SUCCESS);
}
Beispiel #15
0
/*
 * ldap_kerberos_bind1 - initiate a bind to the ldap server using
 * kerberos authentication.  The dn is supplied.  It is assumed the user
 * already has a valid ticket granting ticket.  The msgid of the
 * request is returned on success (suitable for passing to ldap_result()),
 * -1 is returned if there's trouble.
 *
 * Example:
 *	ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
 */
int
ldap_kerberos_bind1( LDAP *ld, char *dn )
{
	BerElement	*ber;
	char		*cred;
	int		rc, credlen;
	char		*get_kerberosv4_credentials();
#ifdef STR_TRANSLATION
	int		str_translation_on;
#endif /* STR_TRANSLATION */

	/*
	 * The bind request looks like this:
	 *	BindRequest ::= SEQUENCE {
	 *		version		INTEGER,
	 *		name		DistinguishedName,
	 *		authentication	CHOICE {
	 *			krbv42ldap	[1] OCTET STRING
	 *			krbv42dsa	[2] OCTET STRING
	 *		}
	 *	}
	 * all wrapped up in an LDAPMessage sequence.
	 */

#if defined( SUN ) && defined( _REENTRANT )
	int rv;

        LOCK_LDAP(ld);
#endif
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 186, "ldap_kerberos_bind1\n"), 0, 0, 0 );

	if ( dn == NULL )
		dn = "";

	if ( (cred = get_kerberosv4_credentials( ld, dn, "ldapserver",
	    &credlen )) == NULL ) {
#if defined( SUN ) && defined( _REENTRANT )
		UNLOCK_LDAP(ld);
#endif
		return( -1 );	/* ld_errno should already be set */
	}

	/* create a message to send */
	if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
		free( cred );
#if defined( SUN ) && defined( _REENTRANT )
		UNLOCK_LDAP(ld);
#endif
		return( -1 );
	}

#ifdef STR_TRANSLATION
	if (( str_translation_on = (( ber->ber_options &
	    LBER_TRANSLATE_STRINGS ) != 0 ))) {	/* turn translation off */
		ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
	}
#endif /* STR_TRANSLATION */

	/* fill it in */
	rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
	    ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );

#ifdef STR_TRANSLATION
	if ( str_translation_on ) {	/* restore translation */
		ber->ber_options |= LBER_TRANSLATE_STRINGS;
	}
#endif /* STR_TRANSLATION */

	if ( rc == -1 ) {
		free( cred );
		ber_free( ber, 1 );
		ld->ld_errno = LDAP_ENCODING_ERROR;
#if defined( SUN ) && defined( _REENTRANT )
		UNLOCK_LDAP(ld);
#endif
		return( -1 );
	}

	free( cred );

#ifndef NO_CACHE
	if ( ld->ld_cache != NULL ) {
		ldap_flush_cache( ld );
	}
#endif /* !NO_CACHE */

	/* send the message */
#if defined( SUN ) && defined( _REENTRANT )
	rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
        UNLOCK_LDAP(ld);
	return ( rv );
#else
	return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
#endif
}
Beispiel #16
0
/*
 * ldap_kerberos_bind2 - initiate a bind to the X.500 server using
 * kerberos authentication.  The dn is supplied.  It is assumed the user
 * already has a valid ticket granting ticket.  The msgid of the
 * request is returned on success (suitable for passing to ldap_result()),
 * -1 is returned if there's trouble.
 *
 * Example:
 *	ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
 */
int
ldap_kerberos_bind2( LDAP *ld, char *dn )
{
	BerElement	*ber;
	char		*cred;
	int		rc, credlen;
	char		*get_kerberosv4_credentials();
#ifdef STR_TRANSLATION
	int		str_translation_on;
#endif /* STR_TRANSLATION */

#if defined( SUN ) && defined( _REENTRANT )
	int rv;

        LOCK_LDAP(ld);
#endif
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 188, "ldap_kerberos_bind2\n"), 0, 0, 0 );

	if ( dn == NULL )
		dn = "";

	if ( (cred = get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen ))
	    == NULL ) {
#if defined( SUN ) && defined( _REENTRANT )
		UNLOCK_LDAP(ld);
#endif
		return( -1 );	/* ld_errno should already be set */
	}

	/* create a message to send */
	if ( (ber = alloc_ber_with_options( ld )) == NULLBER ) {
		free( cred );
#if defined( SUN ) && defined( _REENTRANT )
		UNLOCK_LDAP(ld);
#endif
		return( -1 );
	}

#ifdef STR_TRANSLATION
	if (( str_translation_on = (( ber->ber_options &
	    LBER_TRANSLATE_STRINGS ) != 0 ))) {	/* turn translation off */
		ber->ber_options &= ~LBER_TRANSLATE_STRINGS;
	}
#endif /* STR_TRANSLATION */

	/* fill it in */
	rc = ber_printf( ber, "{it{isto}}", ++ld->ld_msgid, LDAP_REQ_BIND,
	    ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );


#ifdef STR_TRANSLATION
	if ( str_translation_on ) {	/* restore translation */
		ber->ber_options |= LBER_TRANSLATE_STRINGS;
	}
#endif /* STR_TRANSLATION */

	free( cred );

	if ( rc == -1 ) {
		ber_free( ber, 1 );
		ld->ld_errno = LDAP_ENCODING_ERROR;
#if defined( SUN ) && defined( _REENTRANT )
		UNLOCK_LDAP(ld);
#endif
		return( -1 );
	}

	/* send the message */
#if defined( SUN ) && defined( _REENTRANT )
	rv = send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
        UNLOCK_LDAP(ld);
	return ( rv );
#endif
	return ( send_initial_request( ld, LDAP_REQ_BIND, dn, ber ));
}