int
ldap_initialize( LDAP **ldp, LDAP_CONST char *url )
{
int rc;
LDAP *ld;
*ldp = NULL;
rc = ldap_create(&ld);
if ( rc != LDAP_SUCCESS )
return rc;
if (url != NULL) {
rc = ldap_set_option(ld, LDAP_OPT_URI, url);
if ( rc != LDAP_SUCCESS ) {
ldap_ld_free(ld, 1, NULL, NULL);
return rc;
}
#ifdef LDAP_CONNECTIONLESS
if (ldap_is_ldapc_url(url))
LDAP_IS_UDP(ld) = 1;
#endif
}
*ldp = ld;
return LDAP_SUCCESS;
}
int
ldap_open_internal_connection( LDAP **ldp, ber_socket_t *fdp )
{
int rc;
LDAPConn *c;
LDAPRequest *lr;
LDAP *ld;
rc = ldap_create( &ld );
if( rc != LDAP_SUCCESS ) {
*ldp = NULL;
return( rc );
}
/* Make it appear that a search request, msgid 0, was sent */
lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ));
if( lr == NULL ) {
ldap_unbind_ext( ld, NULL, NULL );
*ldp = NULL;
return( LDAP_NO_MEMORY );
}
memset(lr, 0, sizeof( LDAPRequest ));
lr->lr_msgid = 0;
lr->lr_status = LDAP_REQST_INPROGRESS;
lr->lr_res_errno = LDAP_SUCCESS;
/* no mutex lock needed, we just created this ld here */
ld->ld_requests = lr;
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
/* Attach the passed socket as the *LDAP's connection */
c = ldap_new_connection( ld, NULL, 1, 0, NULL, 0, 0 );
if( c == NULL ) {
ldap_unbind_ext( ld, NULL, NULL );
*ldp = NULL;
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return( LDAP_NO_MEMORY );
}
ber_sockbuf_ctrl( c->lconn_sb, LBER_SB_OPT_SET_FD, fdp );
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"int_" );
#endif
ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_tcp,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
ld->ld_defconn = c;
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
/* Add the connection to the *LDAP's select pool */
ldap_mark_select_read( ld, c->lconn_sb );
ldap_mark_select_write( ld, c->lconn_sb );
/* Make this connection an LDAP V3 protocol connection */
rc = LDAP_VERSION3;
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &rc );
*ldp = ld;
++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
return( LDAP_SUCCESS );
}
/*
* \brief Load the cokebank database
*/
int Bank_Initialise(const char *Argument)
{
#if USE_LDAP
int rv;
#endif
// Open Cokebank
gBank_File = fopen(Argument, "rb+");
if( !gBank_File ) gBank_File = fopen(Argument, "wb+");
if( !gBank_File ) {
perror("Opening coke bank");
return -1;
}
Bank_int_ReadDatabase();
// Open log file
// TODO: Do I need this?
gBank_LogFile = fopen("cokebank.log", "a");
if( !gBank_LogFile ) gBank_LogFile = stdout;
#if USE_LDAP
// Connect to LDAP
rv = ldap_create(&gpLDAP);
if(rv) {
fprintf(stderr, "ldap_create: %s\n", ldap_err2string(rv));
return 1;
}
rv = ldap_initialize(&gpLDAP, gsLDAPPath);
if(rv) {
fprintf(stderr, "ldap_initialize: %s\n", ldap_err2string(rv));
return 1;
}
{ int ver = LDAP_VERSION3; ldap_set_option(gpLDAP, LDAP_OPT_PROTOCOL_VERSION, &ver); }
# if 0
rv = ldap_start_tls_s(gpLDAP, NULL, NULL);
if(rv) {
fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv));
return 1;
}
# endif
{
struct berval cred;
struct berval *servcred;
cred.bv_val = "secret";
cred.bv_len = 6;
rv = ldap_sasl_bind_s(gpLDAP, "cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au",
"", &cred, NULL, NULL, &servcred);
if(rv) {
fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv));
return 1;
}
}
#endif
return 0;
}
/*
* ldap_init - initialize the LDAP library. A magic cookie to be used for
* future communication is returned on success, NULL on failure.
* "host" may be a space-separated list of hosts or IP addresses
*
* Example:
* LDAP *ld;
* ld = ldap_init( host, port );
*/
LDAP *
ldap_init( LDAP_CONST char *defhost, int defport )
{
LDAP *ld;
int rc;
rc = ldap_create(&ld);
if ( rc != LDAP_SUCCESS )
return NULL;
if (defport != 0)
ld->ld_options.ldo_defport = defport;
if (defhost != NULL) {
rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, defhost);
if ( rc != LDAP_SUCCESS ) {
ldap_ld_free(ld, 1, NULL, NULL);
return NULL;
}
}
return( ld );
}
int
ldap_init_fd(
ber_socket_t fd,
int proto,
LDAP_CONST char *url,
LDAP **ldp
)
{
int rc;
LDAP *ld;
LDAPConn *conn;
*ldp = NULL;
rc = ldap_create( &ld );
if( rc != LDAP_SUCCESS )
return( rc );
if (url != NULL) {
rc = ldap_set_option(ld, LDAP_OPT_URI, url);
if ( rc != LDAP_SUCCESS ) {
ldap_ld_free(ld, 1, NULL, NULL);
return rc;
}
}
/* Attach the passed socket as the LDAP's connection */
conn = ldap_new_connection( ld, NULL, 1, 0, NULL);
if( conn == NULL ) {
ldap_unbind_ext( ld, NULL, NULL );
return( LDAP_NO_MEMORY );
}
ber_sockbuf_ctrl( conn->lconn_sb, LBER_SB_OPT_SET_FD, &fd );
ld->ld_defconn = conn;
++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
switch( proto ) {
case LDAP_PROTO_TCP:
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" );
#endif
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
break;
#ifdef LDAP_CONNECTIONLESS
case LDAP_PROTO_UDP:
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"udp_" );
#endif
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_udp,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
break;
#endif /* LDAP_CONNECTIONLESS */
case LDAP_PROTO_IPC:
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"ipc_" );
#endif
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_fd,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
break;
case LDAP_PROTO_EXT:
/* caller must supply sockbuf handlers */
break;
default:
ldap_unbind_ext( ld, NULL, NULL );
return LDAP_PARAM_ERROR;
}
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
INT_MAX, (void *)"ldap_" );
#endif
/* Add the connection to the *LDAP's select pool */
ldap_mark_select_read( ld, conn->lconn_sb );
ldap_mark_select_write( ld, conn->lconn_sb );
*ldp = ld;
return LDAP_SUCCESS;
}
static int pam_bindcb(
Operation *op, SlapReply *rs)
{
struct paminfo *pi = op->o_callback->sc_private;
LDAPControl *ctrl = ldap_control_find(LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
rs->sr_ctrls, NULL);
if (ctrl) {
LDAP *ld;
ber_int_t expire, grace;
LDAPPasswordPolicyError error;
ldap_create(&ld);
if (ld) {
int rc = ldap_parse_passwordpolicy_control(ld,ctrl,
&expire,&grace,&error);
if (rc == LDAP_SUCCESS) {
if (expire >= 0) {
char *unit = "seconds";
if (expire > 60) {
expire /= 60;
unit = "minutes";
}
if (expire > 60) {
expire /= 60;
unit = "hours";
}
if (expire > 24) {
expire /= 24;
unit = "days";
}
#if 0 /* Who warns about expiration so far in advance? */
if (expire > 7) {
expire /= 7;
unit = "weeks";
}
if (expire > 4) {
expire /= 4;
unit = "months";
}
if (expire > 12) {
expire /= 12;
unit = "years";
}
#endif
pi->msg.bv_len = sprintf(pi->msg.bv_val,
"\nWARNING: Password expires in %d %s\n", expire, unit);
} else if (grace > 0) {
pi->msg.bv_len = sprintf(pi->msg.bv_val,
"Password expired; %d grace logins remaining",
grace);
pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
} else if (error != PP_noError) {
ber_str2bv(ldap_passwordpolicy_err2txt(error), 0, 0,
&pi->msg);
switch (error) {
case PP_passwordExpired:
/* report this during authz */
rs->sr_err = LDAP_SUCCESS;
/* fallthru */
case PP_changeAfterReset:
pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
}
}
}
ldap_ld_free(ld,0,NULL,NULL);
}
}
return LDAP_SUCCESS;
}
