/*
* authldap_connect()
*
* initializes the connection for authentication.
*
* returns 0 on success, -1 on failure
*/
static int authldap_connect(void)
{
int version = 0;
LDAP *_ldap_conn = NULL;
int ret;
if (! g_thread_supported()) g_thread_init(NULL);
g_once(&ldap_conn_once, authldap_once, NULL);
switch (_ldap_cfg.version_int) {
case 3:
version = LDAP_VERSION3;
if (strlen(_ldap_cfg.uri)) {
TRACE(TRACE_DEBUG, "connecting to ldap server on [%s] version [%d]", _ldap_cfg.uri, _ldap_cfg.version_int);
if ((ret = ldap_initialize(&_ldap_conn, _ldap_cfg.uri) != LDAP_SUCCESS))
TRACE(TRACE_WARNING, "ldap_initialize() failed %d", ret);
} else {
char *uri = g_strdup_printf("ldap://%s:%d", _ldap_cfg.hostname, _ldap_cfg.port_int);
TRACE(TRACE_DEBUG, "connecting to ldap server on [%s] version [%d]", uri, _ldap_cfg.version_int);
if ((ret = ldap_initialize(&_ldap_conn, uri)) != LDAP_SUCCESS)
TRACE(TRACE_EMERG, "ldap_initialize() failed [%d]", ret);
g_free(uri);
}
break;
case 2:
version = LDAP_VERSION2; /* fall through... */
default:
if (!version) {
TRACE(TRACE_WARNING, "Unsupported LDAP version [%d] requested."
" Default to LDAP version 3.", _ldap_cfg.version_int);
version = LDAP_VERSION3;
}
TRACE(TRACE_DEBUG, "connecting to ldap server on [%s] : [%d] version [%d]",
_ldap_cfg.hostname, _ldap_cfg.port_int, _ldap_cfg.version_int);
_ldap_conn = ldap_init(_ldap_cfg.hostname, _ldap_cfg.port_int);
break;
}
ldap_set_option(_ldap_conn, LDAP_OPT_PROTOCOL_VERSION, &version);
/* Turn off referrals */
if (strncasecmp(_ldap_cfg.referrals, "no", 2) == 0)
ldap_set_option(_ldap_conn, LDAP_OPT_REFERRALS, 0);
g_static_private_set(&ldap_conn_key, _ldap_conn, (GDestroyNotify)authldap_free);
return auth_ldap_bind();
}
/** connect to the ldap host */
static int _ldapfull_connect(moddata_t data)
{
int ldapversion = LDAP_VERSION3;
int rc;
if(data->ld != NULL)
ldap_unbind_s(data->ld);
data->binded=0;
rc = ldap_initialize(&(data->ld), data->uri);
if( rc != LDAP_SUCCESS )
{
log_write(data->ar->c2s->log, LOG_ERR, "ldap: ldap_initialize failed, uri=%s (%d): %s", data->uri, rc, ldap_err2string(rc));
return 1;
}
if (ldap_set_option(data->ld, LDAP_OPT_PROTOCOL_VERSION, &ldapversion) != LDAP_SUCCESS)
{
log_write(data->ar->c2s->log, LOG_ERR, "ldap: couldn't set v3 protocol");
return 1;
}
if (ldap_set_option(data->ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON) != LDAP_SUCCESS) {
log_write(data->ar->c2s->log, LOG_ERR, "ldap: couldn't set LDAP_OPT_REFERRALS");
}
log_debug(ZONE, "connected to ldap server");
return 0;
}
/**
* @name init_mysql
* @description Starts and returns a connected MySQL instance
* return MYSQL *mysql
*/
LDAP * init_ldap(void) {
LDAP *ldap;
int err;
int v3 = LDAP_VERSION3;
/* initialize */
if((ldap_initialize(&ldap, cfg.ldap_uri) != LDAP_SUCCESS)) {
perror("ldap_init error");
free(ldap);
exit(-1);
}
ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &v3);
/* connect */
if(err = ldap_simple_bind_s(ldap, cfg.ldap_bind_dn, cfg.ldap_bind_pw) != LDAP_SUCCESS){
printf("%s\n", ldap_err2string(err));
/* freed memory */
free(ldap);
exit(-1);
}
return ldap;
}
void Ldaplogin::ldapBind(std::string user, std::string password)
{
ldap_initialize(&ld, this->ldap_host.c_str());
if (ld == NULL) /*LDAP-Initialisierung*/
{
std::cout << "ldap_init failed" << std::endl;
exit(1);
}
struct berval *servercredp;
struct berval cred;
cred.bv_val = const_cast<char*>(password.c_str()); // my password
cred.bv_len = strlen(cred.bv_val) * sizeof(char);
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
int rc = ldap_sasl_bind_s(ld, user.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, &servercredp);
if (rc != LDAP_SUCCESS)
{
std::cout << "LDAP error:" << ldap_err2string(rc) << std::endl;
exit(1);
}
else
{
std::cout << "LDAP connected" << std::endl;
}
}
void Connect()
{
std::string server = config->getString("server");
int i = ldap_initialize(&this->con, server.c_str());
if (i != LDAP_SUCCESS)
throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + ldap_err2string(i));
const int version = LDAP_VERSION3;
i = ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version);
if (i != LDAP_OPT_SUCCESS)
{
ldap_unbind_ext(this->con, NULL, NULL);
this->con = NULL;
throw LDAPException("Unable to set protocol version for " + this->name + ": " + ldap_err2string(i));
}
const struct timeval tv = { 0, 0 };
i = ldap_set_option(this->con, LDAP_OPT_NETWORK_TIMEOUT, &tv);
if (i != LDAP_OPT_SUCCESS)
{
ldap_unbind_ext(this->con, NULL, NULL);
this->con = NULL;
throw LDAPException("Unable to set timeout for " + this->name + ": " + ldap_err2string(i));
}
}
/// connects and binds to LDAP server
/// @param[in] cnf reference to common configuration struct
LDAP * ldaputils_initialize(LdapUtilsConfig * cnf)
{
int err;
LDAP * ld;
char uribuff[256];
BerValue cred;
BerValue * servercredp;
const char * mechanism;
const char * uri;
if (cnf->debug)
if ((LDAP_OPT_SUCCESS != ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, (void *)&cnf->debug)))
fprintf(stderr, _("%s: could not set LDAP_OPT_DEBUG_LEVEL\n"), PROGRAM_NAME);
uri = cnf->uri;
if ( (!(uri)) && ((cnf->host)) )
{
if (cnf->port)
snprintf(uribuff, 256, "ldap://%s:%i", cnf->host, cnf->port);
else
snprintf(uribuff, 256, "ldap://%s", cnf->host);
uri = uribuff;
};
ld = NULL;
if (ldap_initialize(&ld, uri))
{
fprintf(stderr, "%s: ldaputils_initialize(): %s\n", PROGRAM_NAME, strerror(errno));
return(NULL);
};
cnf->version = 3;
if (cnf->version)
if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &cnf->version)))
fprintf(stderr, _("%s: could not set LDAP_OPT_PROTOCOL_VERSION\n"), PROGRAM_NAME);
if (cnf->referrals)
if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_REFERRALS, &cnf->sizelimit)))
fprintf(stderr, _("%s: could not set LDAP_OPT_REFERRALS\n"), PROGRAM_NAME);
if (cnf->sizelimit)
if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &cnf->sizelimit)))
fprintf(stderr, _("%s: could not set LDAP_OPT_SIZELIMIT\n"), PROGRAM_NAME);
if (cnf->timelimit)
if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &cnf->timelimit)))
fprintf(stderr, _("%s: could not set LDAP_OPT_TIMELIMIT\n"), PROGRAM_NAME);
//mechanism = (const char *)LDAP_AUTH_SIMPLE;
mechanism = (const char *)LDAP_SASL_SIMPLE;
cred.bv_val = cnf->bindpw;
cred.bv_len = (size_t) strlen(cnf->bindpw);
servercredp = NULL;
if ((err = ldap_sasl_bind_s(ld, cnf->binddn, mechanism, &cred, NULL, NULL, &servercredp)) != LDAP_SUCCESS)
{
fprintf(stderr, "%s: ldap_sasl_bind_s(): %s\n", PROGRAM_NAME, ldap_err2string(err));
ldap_unbind_ext_s(ld, NULL, NULL);
return(NULL);
};
return(ld);
}
static LDAP *ldap_init_and_bind (const char *host,
const char *user_dn,
const char *password)
{
LDAP *ld;
int res;
int desired_version = LDAP_VERSION3;
res = ldap_initialize (&ld, host);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_initialize failed: %s.\n", ldap_err2string(res));
return NULL;
}
/* set the LDAP version to be 3 */
res = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version);
if (res != LDAP_OPT_SUCCESS) {
ccnet_warning ("ldap_set_option failed: %s.\n", ldap_err2string(res));
return NULL;
}
if (user_dn) {
res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE);
if (res != LDAP_SUCCESS ) {
ccnet_warning ("ldap_bind failed: %s.\n", ldap_err2string(res));
ldap_unbind_s (ld);
return NULL;
}
}
return ld;
}
static krb5_error_code
initialize_server(krb5_ldap_context *ldap_context, krb5_ldap_server_info *info)
{
krb5_ldap_server_handle *server;
krb5_error_code ret;
int st;
server = calloc(1, sizeof(krb5_ldap_server_handle));
if (server == NULL)
return ENOMEM;
server->server_info = info;
st = ldap_initialize(&server->ldap_handle, info->server_name);
if (st) {
free(server);
k5_setmsg(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
_("Cannot create LDAP handle for '%s': %s"),
info->server_name, ldap_err2string(st));
return KRB5_KDB_ACCESS_ERROR;
}
ret = authenticate(ldap_context, server);
if (ret) {
info->server_status = OFF;
time(&info->downtime);
free(server);
return ret;
}
server->next = info->ldap_server_handles;
info->ldap_server_handles = server;
info->num_conns++;
info->server_status = ON;
return 0;
}
static int ipa_ldap_init(LDAP **ld, const char *ldap_uri)
{
int rc = 0;
rc = ldap_initialize(ld, ldap_uri);
return rc;
}
int tsps_ldap_initialize(void)
{
int res;
int val;
struct berval passwd;
res = ldap_initialize(&ldp, server.ldap_uri);
if (res != LDAP_SUCCESS) {
fprintf(stderr, "LDAP initialization error: %s\n",
ldap_err2string(res));
return -1;
}
val = LDAP_VERSION3;
res = ldap_set_option(ldp, LDAP_OPT_PROTOCOL_VERSION, &val);
if (res != LDAP_SUCCESS) {
fprintf(stderr, "LDAP set_option error: %s\n",
ldap_err2string(res));
return -1;
}
/*
* do an anoymous bind
*/
memset(&passwd, 0, sizeof(passwd));
res = ldap_sasl_bind_s(ldp, NULL, LDAP_SASL_SIMPLE, &passwd,
NULL, NULL, NULL);
if (res != LDAP_SUCCESS) {
fprintf(stderr, "LDAP anonymous bind error: %s\n",
ldap_err2string(res));
return -1;
}
return 0;
}
static LDAP *pw_ldap_connect(const char *dn, const char *password)
{
LDAP *ld;
# ifdef LDAP_OPT_PROTOCOL_VERSION
int version = ldap_version;
# endif
if (ldap_uri == NULL) {
return NULL;
}
if (ldap_initialize(&ld, ldap_uri) != LDAP_SUCCESS) {
return NULL;
}
# ifdef LDAP_OPT_PROTOCOL_VERSION
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) !=
LDAP_SUCCESS) {
return NULL;
}
# endif
if (use_tls > 0 && ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
return NULL;
}
if (ldap_bind_s(ld, dn, password, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) {
return NULL;
}
return ld;
}
static int
init_ldap_connection(LD_session *session) {
/* Init LDAP */
#ifdef LDAP_API_FEATURE_X_OPENLDAP
if (ldap_authorization_host != NULL && strchr(ldap_authorization_host, '/'))
{
if(ldap_initialize(&session->sess, ldap_authorization_host)!=LDAP_SUCCESS)
{
ldap_log(LOG_ERR, "Ldap connection initialize return fail status");
return RETURN_FALSE;
}
} else {
#if LDAP_API_VERSION>3000
ldap_log(LOG_ERR, "Ldap connection initialize return fail status");
return RETURN_FALSE;
#else
session->sess = ldap_init(ldap_authorization_host, &ldap_authorization_port);
#endif
}
#else
session->sess = ldap_open(ldap_authorization_host, ldap_authorization_port);
#endif
if (session->sess == NULL)
{
ldap_log(LOG_ERR, "Final check: Ldap connection initialize return fail status");
return RETURN_FALSE;
}
return RETURN_TRUE;
}
static
DWORD
KtLdapBind(
LDAP **ppLd,
PCSTR pszDc
)
{
const int version = LDAP_VERSION3;
DWORD dwError = ERROR_SUCCESS;
int lderr = 0;
PSTR pszUrl = NULL;
LDAP *pLd = NULL;
dwError = LwAllocateStringPrintf(&pszUrl,
"ldap://%s",
pszDc);
BAIL_ON_LSA_ERROR(dwError);
lderr = ldap_initialize(&pLd,
pszUrl);
BAIL_ON_LDAP_ERROR(lderr);
lderr = ldap_set_option(pLd,
LDAP_OPT_PROTOCOL_VERSION,
&version);
BAIL_ON_LDAP_ERROR(lderr);
lderr = ldap_set_option(pLd,
LDAP_OPT_REFERRALS,
LDAP_OPT_OFF);
BAIL_ON_LDAP_ERROR(lderr);
dwError = LwLdapBindDirectorySasl(pLd, pszDc, FALSE);
BAIL_ON_LSA_ERROR(dwError);
*ppLd = pLd;
cleanup:
LW_SAFE_FREE_MEMORY(pszUrl);
if (dwError == ERROR_SUCCESS &&
lderr != LDAP_SUCCESS)
{
dwError = LwMapLdapErrorToLwError(lderr);
}
return dwError;
error:
if (pLd)
{
ldap_memfree(pLd);
}
*ppLd = NULL;
goto cleanup;
}
DWORD
VmCASASLSRPBind(
LDAP** ppLd,
PCSTR pszURI,
PCSTR pszUPN,
PCSTR pszPass
)
{
DWORD dwError = 0;
PSTR pszLowerCaseUPN = NULL;
LDAP* pLd = NULL;
const int ldapVer = LDAP_VERSION3;
VMCA_SASL_INTERACTIVE_DEFAULT srpDefault = {0};
if ( ppLd == NULL || pszURI == NULL || pszUPN == NULL || pszPass == NULL )
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_ERROR(dwError);
}
dwError = VMCAStringToLower( (PSTR)pszUPN, &pszLowerCaseUPN );
BAIL_ON_ERROR(dwError);
srpDefault.pszAuthName = pszLowerCaseUPN;
srpDefault.pszPass = pszPass;
dwError = ldap_initialize( &pLd, pszURI);
BAIL_ON_ERROR(dwError);
dwError = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer);
BAIL_ON_ERROR(dwError);
dwError = ldap_sasl_interactive_bind_s( pLd,
NULL,
"SRP",
NULL,
NULL,
LDAP_SASL_QUIET,
_VMCASASLSRPInteraction,
&srpDefault);
BAIL_ON_ERROR(dwError);
*ppLd = pLd;
cleanup:
VMCA_SAFE_FREE_STRINGA(pszLowerCaseUPN);
return dwError;
error:
if ( pLd )
{
ldap_unbind_ext_s( pLd, NULL, NULL);
}
goto cleanup;
}
static void
once_resolved_start_connect (SeahorseLDAPSource *self,
GSimpleAsyncResult *res,
const gchar *address)
{
source_connect_closure *closure = g_simple_async_result_get_op_res_gpointer (res);
gchar *server = NULL;
GError *error = NULL;
gint port = LDAP_PORT;
struct berval cred;
int ldap_op;
gchar *url;
gchar *text;
int rc;
/* Now that we've resolved our address, connect via IP */
g_object_get (self, "key-server", &server, NULL);
g_return_if_fail (server && server[0]);
if ((text = strchr (server, ':')) != NULL) {
*text = 0;
text++;
port = atoi (text);
if (port <= 0 || port >= G_MAXUINT16) {
g_warning ("invalid port number: %s (using default)", text);
port = LDAP_PORT;
}
}
url = g_strdup_printf ("ldap://%s:%u", address, port);
rc = ldap_initialize (&closure->ldap, url);
g_free (url);
if (seahorse_ldap_source_propagate_error (self, rc, &error)) {
g_simple_async_result_take_error (res, error);
g_simple_async_result_complete_in_idle (res);
/* Start the bind operation */
} else {
cred.bv_val = "";
cred.bv_len = 0;
rc = ldap_sasl_bind (closure->ldap, NULL, LDAP_SASL_SIMPLE, &cred,
NULL, NULL, &ldap_op);
if (seahorse_ldap_source_propagate_error (self, rc, &error)) {
g_simple_async_result_take_error (res, error);
g_simple_async_result_complete_in_idle (res);
} else {
GSource *gsource = seahorse_ldap_gsource_new (closure->ldap, ldap_op,
closure->cancellable);
g_source_set_callback (gsource, (GSourceFunc)on_connect_bind_completed,
g_object_ref (res), g_object_unref);
g_source_attach (gsource, g_main_context_default ());
g_source_unref (gsource);
}
}
}
static
int ldap_connection_setup(struct ldap_connection *conn, const char **error_r)
{
int ret, opt;
ret = ldap_initialize(&(conn->conn), conn->set.uri);
if (ret != LDAP_SUCCESS) {
*error_r = t_strdup_printf("ldap_initialize(uri=%s) failed: %s",
conn->set.uri, ldap_err2string(ret));
return -1;
}
if (conn->ssl_set.verify_remote_cert) {
opt = LDAP_OPT_X_TLS_HARD;
} else {
opt = LDAP_OPT_X_TLS_ALLOW;
}
ldap_set_option(conn->conn, LDAP_OPT_X_TLS, &opt);
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);
#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
/* refuse to connect to SSLv2 as it's completely insecure */
opt = LDAP_OPT_X_TLS_PROTOCOL_SSL3;
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_PROTOCOL_MIN, &opt);
#endif
opt = conn->set.timeout_secs;
/* default timeout */
ldap_set_option(conn->conn, LDAP_OPT_TIMEOUT, &opt);
ldap_set_option(conn->conn, LDAP_OPT_NETWORK_TIMEOUT, &opt);
/* timelimit */
ldap_set_option(conn->conn, LDAP_OPT_TIMELIMIT, &opt);
if (conn->ssl_set.ca_file != NULL)
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CACERTFILE, conn->ssl_set.ca_file);
if (conn->ssl_set.ca_dir != NULL)
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CACERTDIR, conn->ssl_set.ca_dir);
if (conn->ssl_set.cert != NULL)
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CERTFILE, conn->ssl_set.cert);
if (conn->ssl_set.key != NULL)
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_KEYFILE, conn->ssl_set.key);
opt = conn->set.debug;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &opt);
opt = LDAP_VERSION3;
ldap_set_option(conn->conn, LDAP_OPT_PROTOCOL_VERSION, &opt);
ldap_set_option(conn->conn, LDAP_OPT_REFERRALS, 0);
#ifdef LDAP_OPT_X_TLS_NEWCTX
opt = 0;
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_NEWCTX, &opt);
#endif
return 0;
}
DWORD
VmDirSASLGSSAPIBind(
LDAP** ppLd,
PCSTR pszURI
)
{
DWORD dwError = 0;
int retVal = 0;
LDAP* pLd = NULL;
const int ldapVer = LDAP_VERSION3;
if ( ppLd == NULL || pszURI == NULL )
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
retVal = ldap_initialize( &pLd, pszURI);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
retVal = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
retVal = ldap_sasl_interactive_bind_s( pLd,
NULL,
"GSSAPI",
NULL,
NULL,
LDAP_SASL_QUIET,
_VmDirSASLGSSAPIInteraction,
NULL);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
*ppLd = pLd;
cleanup:
return dwError;
ldaperror:
VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%d)(%s)",
retVal, ldap_err2string(retVal) );
dwError = VmDirMapLdapError(retVal);
error:
if (retVal == 0)
{
VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%u)", dwError);
}
if ( pLd )
{
ldap_unbind_ext_s( pLd, NULL, NULL);
}
goto cleanup;
}
struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const char *uri,
struct sockaddr_storage *addr,
int addr_len, int timeout)
{
int ret = EOK;
struct tevent_req *req;
struct sss_ldap_init_state *state;
req = tevent_req_create(mem_ctx, &state, struct sss_ldap_init_state);
if (req == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
return NULL;
}
talloc_set_destructor((TALLOC_CTX *)state, sss_ldap_init_state_destructor);
state->ldap = NULL;
state->sd = -1;
state->uri = uri;
#ifdef HAVE_LDAP_INIT_FD
struct tevent_req *subreq;
subreq = sssd_async_socket_init_send(state, ev, addr, addr_len, timeout);
if (subreq == NULL) {
ret = ENOMEM;
DEBUG(SSSDBG_CRIT_FAILURE, "sssd_async_socket_init_send failed.\n");
goto fail;
}
tevent_req_set_callback(subreq, sss_ldap_init_sys_connect_done, req);
return req;
fail:
tevent_req_error(req, ret);
#else
DEBUG(SSSDBG_MINOR_FAILURE, "ldap_init_fd not available, "
"will use ldap_initialize with uri [%s].\n", uri);
ret = ldap_initialize(&state->ldap, uri);
if (ret == LDAP_SUCCESS) {
tevent_req_done(req);
} else {
DEBUG(SSSDBG_CRIT_FAILURE,
"ldap_initialize failed [%s].\n", sss_ldap_err2string(ret));
if (ret == LDAP_SERVER_DOWN) {
tevent_req_error(req, ETIMEDOUT);
} else {
tevent_req_error(req, EIO);
}
}
#endif
tevent_req_post(req, ev);
return req;
}
/*
* \brief Load the cokebank database
*/
int Bank_Initialise(const char *Argument)
{
#if USE_LDAP
int rv;
#endif
// Open Cokebank
gBank_File = fopen(Argument, "rb+");
if( !gBank_File ) gBank_File = fopen(Argument, "wb+");
if( !gBank_File ) {
perror("Opening coke bank");
return -1;
}
Bank_int_ReadDatabase();
// Open log file
// TODO: Do I need this?
gBank_LogFile = fopen("cokebank.log", "a");
if( !gBank_LogFile ) gBank_LogFile = stdout;
#if USE_LDAP
// Connect to LDAP
rv = ldap_create(&gpLDAP);
if(rv) {
fprintf(stderr, "ldap_create: %s\n", ldap_err2string(rv));
return 1;
}
rv = ldap_initialize(&gpLDAP, gsLDAPPath);
if(rv) {
fprintf(stderr, "ldap_initialize: %s\n", ldap_err2string(rv));
return 1;
}
{ int ver = LDAP_VERSION3; ldap_set_option(gpLDAP, LDAP_OPT_PROTOCOL_VERSION, &ver); }
# if 0
rv = ldap_start_tls_s(gpLDAP, NULL, NULL);
if(rv) {
fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv));
return 1;
}
# endif
{
struct berval cred;
struct berval *servcred;
cred.bv_val = "secret";
cred.bv_len = 6;
rv = ldap_sasl_bind_s(gpLDAP, "cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au",
"", &cred, NULL, NULL, &servcred);
if(rv) {
fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv));
return 1;
}
}
#endif
return 0;
}
static LDAP *ldap_init_and_bind (const char *host,
#ifdef WIN32
gboolean use_ssl,
#endif
const char *user_dn,
const char *password)
{
LDAP *ld;
int res;
int desired_version = LDAP_VERSION3;
#ifndef WIN32
res = ldap_initialize (&ld, host);
if (res != LDAP_SUCCESS) {
ccnet_warning ("ldap_initialize failed: %s.\n", ldap_err2string(res));
return NULL;
}
#else
char *host_copy = g_strdup (host);
if (!use_ssl)
ld = ldap_init (host_copy, LDAP_PORT);
else
ld = ldap_sslinit (host_copy, LDAP_SSL_PORT, 1);
g_free (host_copy);
if (!ld) {
ccnet_warning ("ldap_init failed: %ul.\n", LdapGetLastError());
return NULL;
}
#endif
/* set the LDAP version to be 3 */
res = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version);
if (res != LDAP_OPT_SUCCESS) {
ccnet_warning ("ldap_set_option failed: %s.\n", ldap_err2string(res));
return NULL;
}
if (user_dn) {
#ifndef WIN32
res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE);
#else
char *dn_copy = g_strdup(user_dn);
char *password_copy = g_strdup(password);
res = ldap_bind_s (ld, dn_copy, password_copy, LDAP_AUTH_SIMPLE);
g_free (dn_copy);
g_free (password_copy);
#endif
if (res != LDAP_SUCCESS ) {
ccnet_warning ("ldap_bind failed: %s.\n", ldap_err2string(res));
ldap_unbind_s (ld);
return NULL;
}
}
return ld;
}
struct ldapsearch *l_search_alloc(const char *host,
int port,
const char *userid,
const char *password,
const char *base)
{
char *buf;
struct ldapsearch *p=(struct ldapsearch *)
malloc(sizeof(struct ldapsearch));
if (!p)
return NULL;
if ((p->base=strdup(base)) == NULL)
{
free(p);
return NULL;
}
if ((buf=malloc(strlen(host)+100)) == NULL)
{
free(p->base);
free(p);
return NULL;
}
sprintf(buf, "ldap://%s:%d", host, port);
if (ldap_initialize(&p->handle, buf) != LDAP_SUCCESS)
{
free(buf);
free(p->base);
free(p);
return NULL;
}
free(buf);
if (userid && *userid)
{
struct berval cred;
cred.bv_len=password && *password ? strlen(password):0;
cred.bv_val=password && *password ? (char *)password:NULL;
if (ldap_sasl_bind_s(p->handle, userid, NULL, &cred, NULL,
NULL, NULL))
{
l_search_free(p);
errno=EPERM;
return NULL;
}
}
return p;
}
static int
ldap_initialize_wrapper(LDAP** ldp, char *uri)
{
#ifdef AUTH_LDAP_TEST_API
return (ldap_initialize(ldp, uri));
#else
return ((*ldap_initialize_p)(ldp, uri));
#endif
}
static void
do_conn( char *uri, char *manager, struct berval *passwd,
LDAP **ldp, int nobind, int maxretries, int conn_num )
{
LDAP *ld = NULL;
int version = LDAP_VERSION3;
int i = 0, do_retry = maxretries;
int rc = LDAP_SUCCESS;
char thrstr[BUFSIZ];
retry:;
ldap_initialize( &ld, uri );
if ( ld == NULL ) {
snprintf( thrstr, BUFSIZ, "connection: %d", conn_num );
tester_error( thrstr );
tester_perror( "ldap_initialize", NULL );
exit( EXIT_FAILURE );
}
(void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
(void) ldap_set_option( ld, LDAP_OPT_REFERRALS,
chaserefs ? LDAP_OPT_ON : LDAP_OPT_OFF );
if ( do_retry == maxretries ) {
snprintf( thrstr, BUFSIZ, "do_conn #%d\n", conn_num );
thread_verbose( -1, thrstr );
}
if ( nobind == 0 ) {
rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL );
if ( rc != LDAP_SUCCESS ) {
snprintf( thrstr, BUFSIZ, "connection: %d", conn_num );
tester_error( thrstr );
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
switch ( rc ) {
case LDAP_BUSY:
case LDAP_UNAVAILABLE:
if ( do_retry > 0 ) {
ldap_unbind_ext( ld, NULL, NULL );
ld = NULL;
do_retry--;
if ( delay != 0 ) {
sleep( delay );
}
goto retry;
}
/* fallthru */
default:
break;
}
exit( EXIT_FAILURE );
}
}
*ldp = ld;
}
static krb5_error_code
LDAP__connect(krb5_context context, HDB * db)
{
int rc, version = LDAP_VERSION3;
/*
* Empty credentials to do a SASL bind with LDAP. Note that empty
* different from NULL credentials. If you provide NULL
* credentials instead of empty credentials you will get a SASL
* bind in progress message.
*/
struct berval bv = { 0, "" };
if (HDB2LDAP(db)) {
/* connection has been opened. ping server. */
struct sockaddr_un addr;
socklen_t len = sizeof(addr);
int sd;
if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 &&
getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
/* the other end has died. reopen. */
LDAP_close(context, db);
}
}
if (HDB2LDAP(db) != NULL) /* server is UP */
return 0;
rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, "ldapi:///");
if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_initialize: %s",
ldap_err2string(rc));
return HDB_ERR_NOENTRY;
}
rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION,
(const void *)&version);
if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s",
ldap_err2string(rc));
LDAP_close(context, db);
return HDB_ERR_BADVERSION;
}
rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv,
NULL, NULL, NULL);
if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_sasl_bind_s: %s",
ldap_err2string(rc));
LDAP_close(context, db);
return HDB_ERR_BADVERSION;
}
return 0;
}
bool BindTheDemon(const char * username, const char * passwd)
{
static LDAP * ld = NULL;
static int auth_method = LDAP_AUTH_SIMPLE;
static int version = LDAP_VERSION3;
static char uri[] = "ldaps://ldap.pheme.uwa.edu.au";
char dn[BUFSIZ]; // The "dn" is essentially the username plus a bunch of cruft that for some (presumably good) reason LDAP requires
if (ld == NULL)
{
ldap_initialize(&ld, uri); // This is deprecated.
if (ld == NULL)
{
fprintf(stderr, "ldap_init failed - %s\n", strerror(errno));
return false;
}
printf("ldap_init succeeded\n");
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) // This is also deprecated.
{
fprintf(stderr, "ldap_set_option failed - %s\n", strerror(errno));
return false;
}
printf("ldap_set_option succeeded\n");
}
char * user_type = "Students";
if (username[0] == '0')
user_type = "Staff";
if (sprintf(dn, "cn=%s,ou=%s,ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au", username, user_type) >= BUFSIZ)
{
fprintf(stderr, "LDAP DN string too long!\n");
return false;
}
printf("ldap_bind_s ...\n");
//printf("dn = %s\npasswd = %s\n", dn, passwd);
struct berval creds;
creds.bv_val = (char*)passwd;
if (ldap_simple_bind_s(ld, dn, passwd) != LDAP_SUCCESS) // Yep. Deprecated.
//if (ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE , &creds, NULL, NULL, NULL) != LDAP_SUCCESS) // Doesn't work
{
fprintf(stderr,"ldap_bind_s failed - %s", strerror(errno));
return false;
}
return true;
}
krb5_error_code
krb5_ldap_rebind(krb5_ldap_context *ldap_context,
krb5_ldap_server_handle **ldap_server_handle)
{
krb5_ldap_server_handle *handle = *ldap_server_handle;
ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
|| (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
return LDAP_SUCCESS;
}
/**
* Load the ldap modules, passing in any arguments
* given initially, which are to be used in the
* ldap module.
*/
int
load_ldap_module( arguments *args ) {
syslog(LOG_INFO, "LDAP Module initalizing");
/* Sets the protocol version based on ldap.version */
config_lookup_int(&config, "ldap.version", &version);
switch(version) {
case 1:
ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
syslog(LOG_INFO, "LDAP Protocol Version: 1");
break;
case 2:
ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
syslog(LOG_INFO, "LDAP Protocol Version: 2");
break;
case 3:
ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
syslog(LOG_INFO, "LDAP Protocol Version: 3");
break;
default:
version = 3;
ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
syslog(LOG_INFO, "Invalid value, setting LDAP Protocol\
Version to 3");
break;
}
config_lookup_string(&config, "ldap.uri", &uri);
syslog(LOG_INFO, "LDAP URI: %s\n", uri);
config_lookup_string(&config, "ldap.binddn", &binddn);
syslog(LOG_INFO, "LDAP BINDDN: %s\n", binddn);
config_lookup_string(&config, "ldap.password", &password);
// Removed displaying password
syslog(LOG_INFO, "Initializing LDAP Connection...%s\n",
ldap_err2string(ldap_initialize(&ldap, uri)));
syslog(LOG_INFO, "Binding to URI...%s\n",
ldap_err2string(ldap_simple_bind_s(ldap, binddn, password)));
syslog(LOG_INFO, "Building LDAP query tree...");
head = build_query_tree();
log_query_tree(&head);
timeout.tv_sec = 10;
timeout.tv_usec = 0;
slack_ldap_search("slackwill");
return 0;
}
int
init_ldap(char * host, int port)
{
int status = ldap_initialize(&LDAP_handle,host);
if(status != LDAP_SUCCESS)
{
LOG(PURGER_LOG_ERR,"Error: unable to create LDAP handle.");
return -1;
}
int version = LDAP_VERSION3;
ldap_set_option(LDAP_handle, LDAP_OPT_PROTOCOL_VERSION, (void*)&version);
}
int main(int argc, char *argv[])
{
LDAP *ld;
int rc;
uxds_bind_t sflag;
uxds_authz_t auth;
uxds_data_t mdata;
char *bin = argv[0];
sflag = parse_args(argc, argv, USER, MOD, 6, &auth, &mdata, bin);
#ifdef HAVE_LDAP_SASL_GSSAPI
if ((auth.pkcert) && (argc < 8)) {
#else
if (argc < 6) {
#endif /* HAVE_LDAP_SASL_GSSAPI */
if ((!mdata.exp) || (!mdata.cpw)) {
fprintf(stderr,
"At least ONE attribute must be selected to use lusermod.\n");
fprintf(stderr, "parse_args failed.\n");
exit(EXIT_FAILURE);
}
}
/* initialize LDAP context */
rc = ldap_initialize(&ld, auth.uri);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "Could not create LDAP session handle (%d): %s\n",
rc, ldap_err2string(rc));
exit(EXIT_FAILURE);
}
/* authenticate to directory service */
if (uxds_user_authz(sflag, auth, ld) != 0) {
fprintf(stderr, "uxds_user_authz failed.\n");
exit(EXIT_FAILURE);
}
/* modify operation */
if (uxds_acct_mod(USER, mdata, ld) != 0) {
fprintf(stderr, "uxds_acct_mod USER MODIFY failed.\n");
exit(EXIT_FAILURE);
}
/* unbind from ds - commented out due to weird bug between ldap_unbind_ext_s and openssl */
#if 0
if (uxds_ldap_unbind(ld) != 0) {
fprintf(stderr, "uxds_ldap_unbind failed.\n");
exit(EXIT_FAILURE);
}
#endif
exit(EXIT_SUCCESS);
}
/*
connect to the database
*/
static int lldb_connect(struct ldb_context *ldb,
const char *url,
unsigned int flags,
const char *options[],
struct ldb_module **_module)
{
struct ldb_module *module;
struct lldb_private *lldb;
int version = 3;
int ret;
module = ldb_module_new(ldb, ldb, "ldb_ldap backend", &lldb_ops);
if (!module) return LDB_ERR_OPERATIONS_ERROR;
lldb = talloc_zero(module, struct lldb_private);
if (!lldb) {
ldb_oom(ldb);
goto failed;
}
ldb_module_set_private(module, lldb);
ret = ldap_initialize(&lldb->ldap, url);
if (ret != LDAP_SUCCESS) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_initialize failed for URL '%s' - %s",
url, ldap_err2string(ret));
goto failed;
}
talloc_set_destructor(lldb, lldb_destructor);
ret = ldap_set_option(lldb->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_set_option failed - %s",
ldap_err2string(ret));
goto failed;
}
*_module = module;
ret = lldb_bind(module, options);
if (ret != LDB_SUCCESS) {
goto failed;
}
return LDB_SUCCESS;
failed:
talloc_free(module);
return LDB_ERR_OPERATIONS_ERROR;
}
