int ldap_turn_s( LDAP *ld, int mutual, LDAP_CONST char* identifier, LDAPControl **sctrls, LDAPControl **cctrls ) { #ifdef LDAP_EXOP_X_TURN BerElement *turnvalber = NULL; struct berval *turnvalp = NULL; int rc; turnvalber = ber_alloc_t( LBER_USE_DER ); if( mutual ) { ber_printf( turnvalber, "{bs}", 0xFF, identifier ); } else { ber_printf( turnvalber, "{s}", identifier ); } ber_flatten( turnvalber, &turnvalp ); rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_TURN, turnvalp, sctrls, cctrls, NULL, NULL ); ber_free( turnvalber, 1 ); return rc; #else return LDAP_CONTROL_NOT_FOUND; #endif }
int ldap_txn_start_s( LDAP *ld, LDAPControl **sctrls, LDAPControl **cctrls, struct berval **txnid ) { assert( txnid != NULL ); return ldap_extended_operation_s( ld, LDAP_EXOP_X_TXN_START, NULL, sctrls, cctrls, NULL, txnid ); }
/*********************************************************************** * ldap_extended_operation_sW (WLDAP32.@) * * Perform an extended operation (synchronous mode). * * PARAMS * ld [I] Pointer to an LDAP context. * oid [I] OID of the extended operation. * data [I] Data needed by the operation. * serverctrls [I] Array of LDAP server controls. * clientctrls [I] Array of LDAP client controls. * retoid [O] OID of the server response message. * retdata [O] Data returned by the server. * * RETURNS * Success: LDAP_SUCCESS * Failure: An LDAP error code. * * NOTES * The data parameter should be set to NULL if the operation * requires no data. The serverctrls, clientctrls, retoid and * and retdata parameters are also optional. Set to NULL if not * used. Free retoid and retdata after use with ldap_memfree. */ ULONG CDECL ldap_extended_operation_sW( WLDAP32_LDAP *ld, PWCHAR oid, struct WLDAP32_berval *data, PLDAPControlW *serverctrls, PLDAPControlW *clientctrls, PWCHAR *retoid, struct WLDAP32_berval **retdata ) { ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED; #ifdef HAVE_LDAP char *oidU = NULL, *retoidU = NULL; LDAPControl **serverctrlsU = NULL, **clientctrlsU = NULL; ret = WLDAP32_LDAP_NO_MEMORY; TRACE( "(%p, %s, %p, %p, %p, %p, %p)\n", ld, debugstr_w(oid), data, serverctrls, clientctrls, retoid, retdata ); if (!ld) return WLDAP32_LDAP_PARAM_ERROR; if (oid) { oidU = strWtoU( oid ); if (!oidU) goto exit; } if (serverctrls) { serverctrlsU = controlarrayWtoU( serverctrls ); if (!serverctrlsU) goto exit; } if (clientctrls) { clientctrlsU = controlarrayWtoU( clientctrls ); if (!clientctrlsU) goto exit; } ret = map_error( ldap_extended_operation_s( ld, oid ? oidU : "", (struct berval *)data, serverctrlsU, clientctrlsU, &retoidU, (struct berval **)retdata )); if (retoid && retoidU) { *retoid = strUtoW( retoidU ); if (!*retoid) ret = WLDAP32_LDAP_NO_MEMORY; ldap_memfree( retoidU ); } exit: strfreeU( oidU ); controlarrayfreeU( serverctrlsU ); controlarrayfreeU( clientctrlsU ); #endif return ret; }
int ldap_cancel_s( LDAP *ld, int cancelid, LDAPControl **sctrls, LDAPControl **cctrls ) { BerElement *cancelidber = NULL; struct berval *cancelidvalp = NULL; int rc; cancelidber = ber_alloc_t( LBER_USE_DER ); ber_printf( cancelidber, "{i}", cancelid ); ber_flatten( cancelidber, &cancelidvalp ); rc = ldap_extended_operation_s( ld, LDAP_EXOP_CANCEL, cancelidvalp, sctrls, cctrls, NULL, NULL ); ber_free( cancelidber, 1 ); return rc; }
int ldap_start_tls_s ( LDAP *ld, LDAPControl **serverctrls, LDAPControl **clientctrls ) { #ifndef HAVE_TLS return LDAP_NOT_SUPPORTED; #else int rc; char *rspoid = NULL; struct berval *rspdata = NULL; /* XXYYZ: this initiates operation only on default connection! */ if ( ldap_tls_inplace( ld ) ) { return LDAP_LOCAL_ERROR; } rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS, NULL, serverctrls, clientctrls, &rspoid, &rspdata ); if ( rspoid != NULL ) { LDAP_FREE(rspoid); } if ( rspdata != NULL ) { ber_bvfree( rspdata ); } if ( rc == LDAP_SUCCESS ) { rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL ); } return rc; #endif }
/** Attempt to retrieve the universal password from Novell eDirectory * * @param[in] ld LDAP handle. * @param[in] dn of user we want to retrieve the password for. * @param[out] password Where to write the retrieved password. * @param[out] passlen Length of data written to the password buffer. * @return 0 on success and < 0 on failure. */ int nmasldap_get_password(LDAP *ld, char const *dn, char *password, size_t *passlen) { int err = 0; struct berval *request_bv = NULL; char *reply_oid = NULL; struct berval *reply_bv = NULL; int server_version; size_t bufsize; char buffer[256]; /* Validate parameters. */ if (!dn || !*dn || !passlen || !ld) { return NMAS_E_INVALID_PARAMETER; } err = ber_encode_request_data(dn, &request_bv); if (err) goto finish; /* Call the ldap_extended_operation (synchronously) */ err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, request_bv, NULL, NULL, &reply_oid, &reply_bv); if (err) goto finish; /* Make sure there is a return OID */ if (!reply_oid) { err = NMAS_E_NOT_SUPPORTED; goto finish; } /* Is this what we were expecting to get back. */ if (strcmp(reply_oid, NMASLDAP_GET_PASSWORD_RESPONSE) != 0) { err = NMAS_E_NOT_SUPPORTED; goto finish; } /* Do we have a good returned berval? */ if (!reply_bv) { /* * No; returned berval means we experienced a rather * drastic error. Return operations error. */ err = NMAS_E_SYSTEM_RESOURCES; goto finish; } bufsize = sizeof(buffer); err = ber_decode_login_data(reply_bv, &server_version, buffer, &bufsize); if (err) goto finish; if (server_version != NMAS_LDAP_EXT_VERSION) { err = NMAS_E_INVALID_VERSION; goto finish; } if (bufsize > *passlen) { err = NMAS_E_BUFFER_OVERFLOW; goto finish; } memcpy(password, buffer, bufsize); password[bufsize] = '\0'; *passlen = bufsize; finish: if (reply_bv) { ber_bvfree(reply_bv); } /* Free the return OID string if one was returned. */ if (reply_oid) { ldap_memfree(reply_oid); } /* Free memory allocated while building the request ber and berval. */ if (request_bv) { ber_bvfree(request_bv); } return err; }
int ldap_txn_end_s( LDAP *ld, int commit, struct berval *txnid, LDAPControl **sctrls, LDAPControl **cctrls, int *retidp ) { int rc; BerElement *txnber = NULL; struct berval *txnval = NULL; struct berval *retdata = NULL; if ( retidp != NULL ) *retidp = -1; txnber = ber_alloc_t( LBER_USE_DER ); if( commit ) { ber_printf( txnber, "{ON}", txnid ); } else { ber_printf( txnber, "{bON}", commit, txnid ); } ber_flatten( txnber, &txnval ); rc = ldap_extended_operation_s( ld, LDAP_EXOP_X_TXN_END, txnval, sctrls, cctrls, NULL, &retdata ); ber_free( txnber, 1 ); /* parse retdata */ if( retdata != NULL ) { BerElement *ber; ber_tag_t tag; ber_int_t retid; if( retidp == NULL ) goto done; ber = ber_init( retdata ); if( ber == NULL ) { rc = ld->ld_errno = LDAP_NO_MEMORY; goto done; } tag = ber_scanf( ber, "i", &retid ); ber_free( ber, 1 ); if ( tag != LBER_INTEGER ) { rc = ld->ld_errno = LDAP_DECODING_ERROR; goto done; } *retidp = (int) retid; done: ber_bvfree( retdata ); } return rc; }
/* ----------------------------------------------------------------------- * nmasldap_get_password() * ============================== * * Description: * This API attempts to get the universal password * * ------------------------------------------------------------------------ */ int nmasldap_get_password( LDAP *ld, char *objectDN, size_t *pwdSize, // in bytes char *pwd ) { int err = 0; struct berval *requestBV = NULL; char *replyOID = NULL; struct berval *replyBV = NULL; int serverVersion; char *pwdBuf; size_t pwdBufLen, bufferLen; #ifdef NOT_N_PLAT_NLM int currentThreadGroupID; #endif /* Validate char parameters. */ if(objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL) { return NMAS_E_INVALID_PARAMETER; } bufferLen = pwdBufLen = *pwdSize; pwdBuf = (char *)malloc(pwdBufLen+2); if(pwdBuf == NULL) { return NMAS_E_INSUFFICIENT_MEMORY; } #ifdef NOT_N_PLAT_NLM currentThreadGroupID = SetThreadGroupID(nmasLDAPThreadGroupID); #endif err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL); if(err) { goto Cleanup; } /* Call the ldap_extended_operation (synchronously) */ if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV))) { goto Cleanup; } /* Make sure there is a return OID */ if(!replyOID) { err = NMAS_E_NOT_SUPPORTED; goto Cleanup; } /* Is this what we were expecting to get back. */ if(strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE)) { err = NMAS_E_NOT_SUPPORTED; goto Cleanup; } /* Do we have a good returned berval? */ if(!replyBV) { /* * No; returned berval means we experienced a rather drastic error. * Return operations error. */ err = NMAS_E_SYSTEM_RESOURCES; goto Cleanup; } err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf); if(serverVersion != NMAS_LDAP_EXT_VERSION) { err = NMAS_E_INVALID_VERSION; goto Cleanup; } if (!err && pwdBufLen != 0) { if (*pwdSize >= pwdBufLen+1 && pwd != NULL) { memcpy(pwd, pwdBuf, pwdBufLen); pwd[pwdBufLen] = 0; /* add null termination */ } *pwdSize = pwdBufLen; /* does not include null termination */ } Cleanup: if(replyBV) { ber_bvfree(replyBV); } /* Free the return OID string if one was returned. */ if(replyOID) { ldap_memfree(replyOID); } /* Free memory allocated while building the request ber and berval. */ if(requestBV) { ber_bvfree(requestBV); } if (pwdBuf != NULL) { memset(pwdBuf, 0, bufferLen); free(pwdBuf); } #ifdef NOT_N_PLAT_NLM SetThreadGroupID(currentThreadGroupID); #endif /* Return the appropriate error/success code. */ return err; } /* end of nmasldap_get_password */
static int process( void *arg ) { char *rbuf, *saved_rbuf, *start, *p, *q; FILE *rfp = NULL; int rc, use_ldif, deref; LDAPControl *ldctrl; #ifdef SOLARIS_LDAP_CMD LDAP *ld; #endif /* SOLARIS_LDAP_CMD */ ld = ldaptool_ldap_init( 0 ); if ( !ldaptool_not ) { deref = LDAP_DEREF_NEVER; /* this seems prudent */ ldap_set_option( ld, LDAP_OPT_DEREF, &deref ); } ldaptool_bind( ld ); if (( ldctrl = ldaptool_create_manage_dsait_control()) != NULL ) { ldaptool_add_control_to_array( ldctrl, ldaptool_request_ctrls); } if ((ldctrl = ldaptool_create_proxyauth_control(ld)) !=NULL) { ldaptool_add_control_to_array( ldctrl, ldaptool_request_ctrls); } rc = 0; /* turn on bulk import?*/ if (bulkimport_suffix) { struct berval bv, *retdata; char *retoid; bv.bv_val = bulkimport_suffix; bv.bv_len = strlen(bulkimport_suffix); if ((rc = ldap_extended_operation_s(ld, BULKIMPORT_START_OID, &bv, NULL, NULL, &retoid, &retdata)) != 0) { fprintf(stderr, gettext("Error: unable to service " "extended operation request\n\t'%s' for " "bulk import\n\t(error:%d:'%s')\n"), BULKIMPORT_START_OID, rc, ldap_err2string(rc)); return (rc); } if (retoid) ldap_memfree(retoid); if (retdata) ber_bvfree(retdata); } while (( rc == 0 || contoper ) && ( rbuf = read_one_record( ldaptool_fp )) != NULL ) { /* * we assume record is ldif/slapd.replog if the first line * has a colon that appears to the left of any equal signs, OR * if the first line consists entirely of digits (an entry id) */ use_ldif = ( p = strchr( rbuf, ':' )) != NULL && ( q = strchr( rbuf, '\n' )) != NULL && p < q && (( q = strchr( rbuf, '=' )) == NULL || p < q ); start = rbuf; saved_rbuf = strdup( rbuf ); if ( !use_ldif && ( q = strchr( rbuf, '\n' )) != NULL ) { for ( p = rbuf; p < q; ++p ) { if ( !isdigit( *p )) { break; } } if ( p >= q ) { use_ldif = 1; start = q + 1; } } #ifdef SOLARIS_LDAP_CMD if ( use_ldif ) { rc = process_ldif_rec( ld, start ); } else { rc = process_ldapmod_rec( ld, start ); } #else if ( use_ldif ) { rc = process_ldif_rec( start ); } else { rc = process_ldapmod_rec( start ); } #endif /* SOLARIS_LDAP_CMD */ if ( rc != LDAP_SUCCESS && rejfile != NULL ) { /* Write this record to the reject file */ int newfile = 0; struct stat stbuf; if ( stat( rejfile, &stbuf ) < 0 ) { if ( errno == ENOENT ) { newfile = 1; } } if (( rfp = ldaptool_open_file( rejfile, "a" )) == NULL ) { fprintf( stderr, gettext("Cannot open error file \"%s\" - " "erroneous entries will not be saved\n"), rejfile ); rejfile = NULL; } else { if ( newfile == 0 ) { fputs( "\n", rfp ); } fprintf( rfp, gettext("# Error: %s\n"), ldap_err2string( rc )); fputs( saved_rbuf, rfp ); fclose( rfp ); rfp = NULL; } } free( rbuf ); free( saved_rbuf ); } ldaptool_reset_control_array( ldaptool_request_ctrls ); /* turn off bulk import?*/ if (bulkimport_suffix) { struct berval bv, *retdata; char *retoid; bv.bv_val = ""; bv.bv_len = 0; if ((rc = ldap_extended_operation_s(ld, BULKIMPORT_STOP_OID, &bv, NULL, NULL, &retoid, &retdata)) != 0) { fprintf(stderr, gettext("Error: unable to service " "extended operation request\n\t '%s' for " "bulk import\n\t(rc:%d:'%s')\n"), BULKIMPORT_STOP_OID, rc, ldap_err2string(rc)); return (rc); } if (retoid) ldap_memfree(retoid); if (retdata) ber_bvfree(retdata); } #ifdef SOLARIS_LDAP_CMD mutex_lock(&read_mutex); #endif ldaptool_cleanup( ld ); #ifdef SOLARIS_LDAP_CMD mutex_unlock(&read_mutex); #endif return( rc ); }
/* If we only have a bindpw then try to join in a bit of a degraded mode. * This is going to duplicate some of the server-side code to determine * the state of the entry. */ static int join_ldap(const char *ipaserver, char *hostname, char ** binddn, const char *bindpw, const char *basedn, const char **princ, const char **subject, int quiet) { LDAP *ld; char *filter = NULL; int rval = 0; char *oidresult = NULL; struct berval valrequest; struct berval *valresult = NULL; int rc, ret; char *ldap_base = NULL; char *search_base = NULL; *binddn = NULL; *princ = NULL; *subject = NULL; if (NULL != basedn) { ldap_base = strdup(basedn); if (!ldap_base) { if (!quiet) fprintf(stderr, _("Out of memory!\n")); rval = 3; goto done; } } else { if (get_root_dn(ipaserver, &ldap_base) != 0) { if (!quiet) fprintf(stderr, _("Unable to determine root DN of %s\n"), ipaserver); rval = 14; goto done; } } ret = asprintf(binddn, "fqdn=%s,cn=computers,cn=accounts,%s", hostname, ldap_base); if (ret == -1) { if (!quiet) fprintf(stderr, _("Out of memory!\n")); rval = 3; goto done; } ld = connect_ldap(ipaserver, *binddn, bindpw); if (!ld) { if (!quiet) fprintf(stderr, _("Incorrect password.\n")); rval = 15; goto done; } if (get_subject(ld, ldap_base, subject, quiet) != 0) { if (!quiet) fprintf(stderr, _("Unable to determine certificate subject of %s\n"), ipaserver); /* Not a critical failure */ } valrequest.bv_val = (char *)hostname; valrequest.bv_len = strlen(hostname); if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) { char *s = NULL; #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &s); #else ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &s); #endif if (!quiet) fprintf(stderr, _("Enrollment failed. %s\n"), s); if (debug) { fprintf(stderr, "ldap_extended_operation_s failed: %s", ldap_err2string(rc)); } rval = 13; goto ldap_done; } /* Get the value from the result returned by the server. */ *princ = strdup(valresult->bv_val); ldap_done: free(filter); free(search_base); free(ldap_base); if (ld != NULL) { ldap_unbind_ext(ld, NULL, NULL); } done: if (valresult) ber_bvfree(valresult); if (oidresult) free(oidresult); return rval; }