int ldap_x_sasl_digest_md5_bind( LDAP *ld, char *user_name, struct berval *cred, LDAPControl **serverctrls, LDAPControl **clientctrls, struct timeval *timeout, LDAPMessage **result) { LDAPMessage *res = NULL; int msgid; int rc; if (ld == NULL || user_name == NULL || cred == NULL || result == NULL) return (LDAP_PARAM_ERROR); if (ld->ld_version < LDAP_VERSION3) return (LDAP_PARAM_ERROR); *result = NULL; rc = sasl_digest_md5_bind_1(ld, user_name, serverctrls, clientctrls, &msgid); if (rc != LDAP_SUCCESS) return (rc); rc = ldap_result(ld, msgid, 1, timeout, &res); if (rc == -1) { if (res != NULL) ldap_msgfree(res); return (ldap_get_lderrno(ld, NULL, NULL)); } rc = ldap_result2error(ld, res, 0); if (rc != LDAP_SASL_BIND_IN_PROGRESS) { *result = res; return (rc); } rc = sasl_digest_md5_bind_2(ld, user_name, cred, serverctrls, clientctrls, res, &msgid); ldap_msgfree(res); res = NULL; if (rc != LDAP_SUCCESS) return (rc); rc = ldap_result(ld, msgid, 1, timeout, &res); if (rc == -1) { if (res != NULL) ldap_msgfree(res); return (ldap_get_lderrno(ld, NULL, NULL)); } *result = res; rc = ldap_result2error(ld, res, 0); return (rc); }
/* * parses the result returned by an ldap query */ static err_t parse_ldap_result(LDAP * ldap, LDAPMessage *result, chunk_t *blob) { err_t ugh = NULL; LDAPMessage * entry = ldap_first_entry(ldap, result); if (entry != NULL) { BerElement *ber = NULL; char *attr; attr = ldap_first_attribute(ldap, entry, &ber); if (attr != NULL) { struct berval **values = ldap_get_values_len(ldap, entry, attr); if (values != NULL) { if (values[0] != NULL) { blob->len = values[0]->bv_len; blob->ptr = alloc_bytes(blob->len, "ldap blob"); memcpy(blob->ptr, values[0]->bv_val, blob->len); if (values[1] != NULL) { plog("warning: more than one value was fetched from LDAP URL"); } } else { ugh = "no values in attribute"; } ldap_value_free_len(values); } else { ugh = ldap_err2string(ldap_result2error(ldap, entry, 0)); } ldap_memfree(attr); } else { ugh = ldap_err2string(ldap_result2error(ldap, entry, 0)); } ber_free(ber, 0); } else { ugh = ldap_err2string(ldap_result2error(ldap, result, 0)); } return ugh; }
int ldap_verify_credentials_s( LDAP *ld, struct berval *cookie, LDAP_CONST char *dn, LDAP_CONST char *mechanism, struct berval *cred, LDAPControl **vcictrls, LDAPControl **sctrls, LDAPControl **cctrls, int *rcode, char **diagmsg, struct berval **scookie, struct berval **scred, LDAPControl ***vcoctrls) { int rc; int msgid; LDAPMessage *res; rc = ldap_verify_credentials(ld, cookie, dn, mechanism, cred, vcictrls, sctrls, cctrls, &msgid); if (rc != LDAP_SUCCESS) return rc; if (ldap_result(ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res) == -1 || !res) { return ld->ld_errno; } rc = ldap_parse_verify_credentials(ld, res, rcode, diagmsg, scookie, scred, vcoctrls); if (rc != LDAP_SUCCESS) { ldap_msgfree(res); return rc; } return( ldap_result2error(ld, res, 1)); }
int ldap_passwd_s( LDAP *ld, struct berval *user, struct berval *oldpw, struct berval *newpw, struct berval *newpasswd, LDAPControl **sctrls, LDAPControl **cctrls ) { int rc; int msgid; LDAPMessage *res; rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid ); if ( rc != LDAP_SUCCESS ) { return rc; } if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) { return ld->ld_errno; } rc = ldap_parse_passwd( ld, res, newpasswd ); if( rc != LDAP_SUCCESS ) { ldap_msgfree( res ); return rc; } return( ldap_result2error( ld, res, 1 ) ); }
int ldap_rename_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *newrdn, LDAP_CONST char *newSuperior, int deleteoldrdn, LDAPControl **sctrls, LDAPControl **cctrls ) { int rc; int msgid; LDAPMessage *res; rc = ldap_rename( ld, dn, newrdn, newSuperior, deleteoldrdn, sctrls, cctrls, &msgid ); if( rc != LDAP_SUCCESS ) { return rc; } rc = ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &res ); if( rc == -1 || !res ) { return ld->ld_errno; } return ldap_result2error( ld, res, 1 ); }
int ldap_whoami_s( LDAP *ld, struct berval **authzid, LDAPControl **sctrls, LDAPControl **cctrls ) { int rc; int msgid; LDAPMessage *res; rc = ldap_whoami( ld, sctrls, cctrls, &msgid ); if ( rc != LDAP_SUCCESS ) return rc; if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) { return ld->ld_errno; } rc = ldap_parse_whoami( ld, res, authzid ); if( rc != LDAP_SUCCESS ) { ldap_msgfree( res ); return rc; } return( ldap_result2error( ld, res, 1 ) ); }
/* * ldap_sasl_bind_s - bind to the ldap server using sasl authentication * The dn, mechanism, and credentials of the entry to which to bind are * supplied. LDAP_SUCCESS is returned upon success, the ldap error code * otherwise. * * Example: * struct berval creds; * ... fill in creds with credentials ... * ldap_sasl_bind_s( ld, "cn=manager, o=university of michigan, c=us", * "mechanismname", &creds ) */ int LDAP_CALL ldap_sasl_bind_s( LDAP *ld, const char *dn, const char *mechanism, const struct berval *cred, LDAPControl **serverctrls, LDAPControl **clientctrls, struct berval **servercredp ) { int err, msgid; LDAPMessage *result; LDAPDebug( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n", 0, 0, 0 ); if ( ( err = ldap_sasl_bind( ld, dn, mechanism, cred, serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) return( err ); if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 ) return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); if (( err = ldap_parse_sasl_bind_result( ld, result, servercredp, 0 )) != LDAP_SUCCESS ) { ldap_msgfree( result ); return( err ); } return( ldap_result2error( ld, result, 1 ) ); }
int ldap_refresh_s( LDAP *ld, struct berval *dn, ber_int_t ttl, ber_int_t *newttl, LDAPControl **sctrls, LDAPControl **cctrls ) { int rc; int msgid; LDAPMessage *res; rc = ldap_refresh( ld, dn, ttl, sctrls, cctrls, &msgid ); if ( rc != LDAP_SUCCESS ) return rc; rc = ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *)NULL, &res ); if( rc == -1 || !res ) return ld->ld_errno; rc = ldap_parse_refresh( ld, res, newttl ); if( rc != LDAP_SUCCESS ) { ldap_msgfree( res ); return rc; } return ldap_result2error( ld, res, 1 ); }
static int nsldapi_search_s( LDAP *ld, const char *base, int scope, const char *filter, char **attrs, int attrsonly, LDAPControl **serverctrls, LDAPControl **clientctrls, struct timeval *localtimeoutp, int timelimit, /* -1 means use ld->ld_timelimit */ int sizelimit, /* -1 means use ld->ld_sizelimit */ LDAPMessage **res ) { int err, msgid; /* * It is an error to pass in a zero'd timeval. */ if ( localtimeoutp != NULL && localtimeoutp->tv_sec == 0 && localtimeoutp->tv_usec == 0 ) { if ( ld != NULL ) { LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL ); } if ( res != NULL ) { *res = NULL; } return( LDAP_PARAM_ERROR ); } if (( err = nsldapi_search( ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timelimit, sizelimit, &msgid )) != LDAP_SUCCESS ) { if ( res != NULL ) { *res = NULL; } return( err ); } if ( ldap_result( ld, msgid, 1, localtimeoutp, res ) == -1 ) { /* * Error. ldap_result() sets *res to NULL for us. */ return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); } if ( LDAP_GET_LDERRNO( ld, NULL, NULL ) == LDAP_TIMEOUT ) { (void) ldap_abandon( ld, msgid ); err = LDAP_TIMEOUT; LDAP_SET_LDERRNO( ld, err, NULL, NULL ); if ( res != NULL ) { *res = NULL; } return( err ); } return( ldap_result2error( ld, *res, 0 ) ); }
/* * ldap_extended_operation_s - perform an arbitrary ldapv3 extended operation. * the oid and data of the extended operation are supplied. LDAP_SUCCESS * is returned upon success, the ldap error code otherwise. * * Example: * struct berval exdata, exretval; * char *exoid; * int rc; * ... fill in oid and data ... * rc = ldap_extended_operation_s( ld, exoid, &exdata, &exretval ); */ int LDAP_CALL ldap_extended_operation_s( LDAP *ld, const char *requestoid, const struct berval *requestdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap ) { int err, msgid; LDAPMessage *result; if (( err = ldap_extended_operation( ld, requestoid, requestdata, serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) { return( err ); } if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 ) { return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); } if (( err = ldap_parse_extended_result( ld, result, retoidp, retdatap, 0 )) != LDAP_SUCCESS ) { ldap_msgfree( result ); return( err ); } return( ldap_result2error( ld, result, 1 ) ); }
int ldap_search_st( LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter, char **attrs, int attrsonly, struct timeval *timeout, LDAPMessage **res ) { int msgid; *res = NULL; if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly )) == -1 ) return( ld->ld_errno ); if ( ldap_result( ld, msgid, LDAP_MSG_ALL, timeout, res ) == -1 || !*res ) return( ld->ld_errno ); if ( ld->ld_errno == LDAP_TIMEOUT ) { (void) ldap_abandon( ld, msgid ); ld->ld_errno = LDAP_TIMEOUT; return( ld->ld_errno ); } return( ldap_result2error( ld, *res, 0 ) ); }
// Fetch all attributes of an entry, and display them in a dialog void LdapView::showProperties( LDAP *ld, char *dn ) { PropDlg dlg; if ( ldap_search( ld, dn, LDAP_SCOPE_BASE, "objectclass=*", NULL, FALSE ) == -1 ) { AfxMessageBox( "Failed to start asynchronous search" ); return; } LDAPMessage *res; int rc; // Process results as they come in while ( (rc = ldap_result( ld, LDAP_RES_ANY, 0, NULL, &res )) == LDAP_RES_SEARCH_ENTRY ) { LDAPMessage *e = ldap_first_entry( ld, res ); BerElement *ber; // Loop over attributes in this entry for ( char *a = ldap_first_attribute( ld, e, &ber ); a != NULL; a = ldap_next_attribute( ld, e, ber ) ) { struct berval **bvals; if ( (bvals = ldap_get_values_len( ld, e, a )) != NULL ) { dlg.AddLine( a ); // Loop over values for this attribute for ( int i = 0; bvals[i] != NULL; i++ ) { CString val; val.Format( " %s", bvals[ i ]->bv_val ); dlg.AddLine( val ); } ber_bvecfree( bvals ); } } if ( ber != NULL ) ber_free( ber, 0 ); ldap_msgfree( res ); } if ( rc == -1 ) { AfxMessageBox( "Error on ldap_result" ); return; } else if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) { char *errString = ldap_err2string( rc ); AfxMessageBox( errString ); } ldap_msgfree( res ); // Set the title of the dialog to the distinguished name, and display it dlg.SetTitle( dn ); dlg.DoModal(); }
static void print_ldap_result( LDAP *ld, LDAPMessage *lm, const char *s ) { ldap_result2error( ld, lm, 1 ); ldap_perror( ld, s ); /* if ( ld->ld_error != NULL && *ld->ld_error != '\0' ) fprintf( stderr, "Additional info: %s\n", ld->ld_error ); if ( LDAP_NAME_ERROR( ld->ld_errno ) && ld->ld_matched != NULL ) fprintf( stderr, "Matched DN: %s\n", ld->ld_matched ); */ }
int ldap_add_s( LDAP *ld, char *dn, LDAPMod **attrs ) { int msgid; LDAPMessage *res; if ( (msgid = ldap_add( ld, dn, attrs )) == -1 ) return( ld->ld_errno ); if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) return( ld->ld_errno ); return( ldap_result2error( ld, res, 1 ) ); }
int ldap_compare_s( LDAP *ld, char *dn, char *attr, char *value ) { int msgid; LDAPMessage *res; if ( (msgid = ldap_compare( ld, dn, attr, value )) == -1 ) return( ld->ld_errno ); if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) return( ld->ld_errno ); return( ldap_result2error( ld, res, 1 ) ); }
int ldap_modrdn_s( LDAP *ld, char *dn, char *newrdn, int deleteoldrdn ) { int msgid; LDAPMessage *res; if ( (msgid = ldap_modrdn( ld, dn, newrdn, deleteoldrdn )) == -1 ) return( ld->ld_errno ); if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) return( ld->ld_errno ); return( ldap_result2error( ld, res, 1 ) ); }
int ldap_search_s( LDAP *ld, char *base, int scope, char *filter, char **attrs, int attrsonly, LDAPMessage **res ) { int msgid; if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly )) == -1 ) return( ld->ld_errno ); if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 ) return( ld->ld_errno ); return( ldap_result2error( ld, *res, 0 ) ); }
int ldap_extended_operation_s( LDAP *ld, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **sctrls, LDAPControl **cctrls, char **retoidp, struct berval **retdatap ) { int rc; int msgid; LDAPMessage *res; #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ENTRY, "ldap_extended_operation_s\n", 0,0,0 ); #else Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 ); #endif assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( reqoid != NULL || *reqoid == '\0' ); assert( retoidp != NULL || retdatap != NULL ); rc = ldap_extended_operation( ld, reqoid, reqdata, sctrls, cctrls, &msgid ); if ( rc != LDAP_SUCCESS ) { return( rc ); } if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) { return( ld->ld_errno ); } if ( retoidp != NULL ) *retoidp = NULL; if ( retdatap != NULL ) *retdatap = NULL; rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 ); if( rc != LDAP_SUCCESS ) { ldap_msgfree( res ); return rc; } return( ldap_result2error( ld, res, 1 ) ); }
static int nsldapi_sasl_bind_s( LDAP *ld, const char *dn, const char *mechanism, const struct berval *cred, LDAPControl **serverctrls, LDAPControl **clientctrls, struct berval **servercredp, LDAPControl ***responsectrls ) { int err, msgid; LDAPMessage *result; LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_sasl_bind_s\n", 0, 0, 0 ); if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { return( LDAP_PARAM_ERROR ); } if ( NSLDAPI_LDAP_VERSION( ld ) < LDAP_VERSION3 ) { LDAP_SET_LDERRNO( ld, LDAP_NOT_SUPPORTED, NULL, NULL ); return( LDAP_NOT_SUPPORTED ); } if ( ( err = ldap_sasl_bind( ld, dn, mechanism, cred, serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) return( err ); if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 ) return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); /* Get the controls sent by the server if requested */ if ( responsectrls ) { if ( ( err = ldap_parse_result( ld, result, &err, NULL, NULL, NULL, responsectrls, 0 )) != LDAP_SUCCESS ) return( err ); } err = ldap_parse_sasl_bind_result( ld, result, servercredp, 0 ); if (err != LDAP_SUCCESS && err != LDAP_SASL_BIND_IN_PROGRESS) { ldap_msgfree( result ); return( err ); } return( ldap_result2error( ld, result, 1 ) ); }
static int sasl_digest_md5_bind_2( LDAP *ld, char *user_name, struct berval *cred, LDAPControl **serverctrls, LDAPControl **clientctrls, LDAPMessage *result, int *msgidp) { struct berval *challenge = NULL; struct berval resp; int errnum; char *digest = NULL; int err; if (ld == NULL || user_name == NULL || cred == NULL || cred->bv_val == NULL || result == NULL || msgidp == NULL) return (LDAP_PARAM_ERROR); if (ld->ld_version < LDAP_VERSION3) return (LDAP_PARAM_ERROR); err = ldap_result2error(ld, result, 0); if (err != LDAP_SASL_BIND_IN_PROGRESS) return (err); if ((err = ldap_parse_sasl_bind_result(ld, result, &challenge, 0)) != LDAP_SUCCESS) return (err); if (challenge == NULL) return (LDAP_NO_MEMORY); err = ldap_digest_md5_encode(challenge->bv_val, user_name, cred->bv_val, &digest); ber_bvfree(challenge); if (err == LDAP_SUCCESS) { resp.bv_val = digest; resp.bv_len = strlen(digest); LDAPDebug(LDAP_DEBUG_TRACE, "SASL reply: %s\n", digest, 0, 0); err = ldap_sasl_bind(ld, NULL, LDAP_SASL_DIGEST_MD5, &resp, serverctrls, clientctrls, msgidp); free(digest); } return (err); }
int LDAP_CALL ldap_url_search_s( LDAP *ld, const char *url, int attrsonly, LDAPMessage **res ) { int msgid; if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) { return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); } if ( ldap_result( ld, msgid, 1, (struct timeval *)NULL, res ) == -1 ) { return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); } return( ldap_result2error( ld, *res, 0 )); }
/* * Function: copy_value * Copy value from a LDAP attribute to $copy * INPUT: * $ld: the connection with the LDAP server * $entry: the entry who contains attributes * $attribut: this attribut * $copy: where data can go * OUTPUT: * void */ static void copy_value(LDAP *ld, LDAPMessage *entry, const char *attribut, char **copy, const char *username) { char ** values; values=ldap_get_values(ld,entry, (char *)attribut); if (values==NULL) { #ifdef HAVE_LDAP_RESULT2ERROR int ld_errno = ldap_result2error(ld,entry,0); if (ld_errno && ld_errno != LDAP_DECODING_ERROR) /* We didn't ask for this attribute */ ldap_perror(ld,"ldap_get_values"); #else if (ld->ld_errno != LDAP_DECODING_ERROR) /* We didn't ask for this attribute */ ldap_perror(ld,"ldap_get_values"); #endif *copy=NULL; return; } /* We accept only attribute with one value */ else if (ldap_count_values(values)>1) { *copy=strdup(values[0]); syslog(LOG_DAEMON, "authldaplib: duplicate attribute %s for %s\n", attribut, username); *copy=NULL; } /* We accept only attribute with one value */ else if (ldap_count_values(values)!=1) { *copy=NULL; } else { *copy=strdup(values[0]); } #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"copy_value %s: %s\n",attribut,values[0]); #endif ldap_value_free(values); }
int ldap_pvt_search_s( LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter, char **attrs, int attrsonly, LDAPControl **sctrls, LDAPControl **cctrls, struct timeval *timeout, int sizelimit, int deref, LDAPMessage **res ) { int rc; int msgid; *res = NULL; rc = ldap_pvt_search( ld, base, scope, filter, attrs, attrsonly, sctrls, cctrls, timeout, sizelimit, deref, &msgid ); if ( rc != LDAP_SUCCESS ) { return( rc ); } rc = ldap_result( ld, msgid, LDAP_MSG_ALL, timeout, res ); if( rc <= 0 ) { /* error(-1) or timeout(0) */ if ( ld->ld_errno == LDAP_TIMEOUT ) { /* cleanup request */ (void) ldap_abandon( ld, msgid ); ld->ld_errno = LDAP_TIMEOUT; } return( ld->ld_errno ); } if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_INTERMEDIATE ) { return( ld->ld_errno ); } return( ldap_result2error( ld, *res, 0 ) ); }
int ldap_modify_ext_s( LDAP *ld, LDAP_CONST char *dn, LDAPMod **mods, LDAPControl **sctrl, LDAPControl **cctrl ) { int rc; int msgid; LDAPMessage *res; rc = ldap_modify_ext( ld, dn, mods, sctrl, cctrl, &msgid ); if ( rc != LDAP_SUCCESS ) return( rc ); if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) return( ld->ld_errno ); return( ldap_result2error( ld, res, 1 ) ); }
static krb5_error_code krb5_update_server_info(krb5_ldap_server_handle *ldap_server_handle, krb5_ldap_server_info *server_info) { krb5_error_code st=0; struct timeval ztime={0, 0}; LDAPMessage *result=NULL; if (ldap_server_handle == NULL || server_info == NULL) return -1; while (st == 0) { st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid, LDAP_MSG_ALL, &ztime, &result); switch (st) { case -1: server_info->server_status = OFF; time(&server_info->downtime); break; case 0: continue; break; case LDAP_RES_BIND: if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) { server_info->server_status = ON; } else { /* ?? */ krb5_set_error_message(0, 0, "%s", ldap_err2string(st)); server_info->server_status = OFF; time(&server_info->downtime); } ldap_msgfree(result); break; default: ldap_msgfree(result); continue; break; } } ldap_server_handle->server_info_update_pending = FALSE; return 0; }
int ldap_extended_operation_s( LDAP *ld, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **sctrls, LDAPControl **cctrls, char **retoidp, struct berval **retdatap ) { int rc; int msgid; LDAPMessage *res; Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( reqoid != NULL && *reqoid != '\0' ); rc = ldap_extended_operation( ld, reqoid, reqdata, sctrls, cctrls, &msgid ); if ( rc != LDAP_SUCCESS ) { return( rc ); } if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) { return( ld->ld_errno ); } if ( retoidp != NULL ) *retoidp = NULL; if ( retdatap != NULL ) *retdatap = NULL; rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 ); if( rc != LDAP_SUCCESS ) { ldap_msgfree( res ); return rc; } return( ldap_result2error( ld, res, 1 ) ); }
int LDAP_CALL ldap_modify_ext_s( LDAP *ld, const char *dn, LDAPMod **mods, LDAPControl **serverctrls, LDAPControl **clientctrls ) { int msgid, err; LDAPMessage *res; if (( err = ldap_modify_ext( ld, dn, mods, serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) { return( err ); } if ( ldap_result( ld, msgid, 1, (struct timeval *)NULL, &res ) == -1 ) { return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); } return( ldap_result2error( ld, res, 1 ) ); }
static void ldap_auth_bind_callback(struct ldap_connection *conn, struct ldap_request *ldap_request, LDAPMessage *res) { struct passdb_ldap_request *passdb_ldap_request = (struct passdb_ldap_request *)ldap_request; struct auth_request *auth_request = ldap_request->auth_request; enum passdb_result passdb_result; const char *str; int ret; passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; if (res != NULL) { ret = ldap_result2error(conn->ld, res, 0); if (ret == LDAP_SUCCESS) passdb_result = PASSDB_RESULT_OK; else if (ret == LDAP_INVALID_CREDENTIALS) { str = "invalid credentials"; if (auth_request->set->debug_passwords) { str = t_strconcat(str, " (given password: "******")", NULL); } auth_request_log_info(auth_request, AUTH_SUBSYS_DB, "%s", str); passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH; } else if (ret == LDAP_NO_SUCH_OBJECT) { passdb_result = PASSDB_RESULT_USER_UNKNOWN; auth_request_log_unknown_user(auth_request, AUTH_SUBSYS_DB); } else { auth_request_log_error(auth_request, AUTH_SUBSYS_DB, "ldap_bind() failed: %s", ldap_err2string(ret)); } } passdb_ldap_request->callback. verify_plain(passdb_result, auth_request); auth_request_unref(&auth_request); }
/* synchronous bind to DSA using kerberos */ int ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn ) { int msgid; LDAPMessage *res; Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2_s\n", 0, 0, 0 ); /* initiate the bind */ if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 ) return( ld->ld_errno ); /* wait for a result */ if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &res ) == -1 ) { return( ld->ld_errno ); /* ldap_result sets ld_errno */ } return( ldap_result2error( ld, res, 1 ) ); }
static void signal_ldap_error(LDAP * ld, LDAPMessage * res, int ldap_err) { if (ldap_err <= 0) { #if defined HAVE_LDAP_PARSE_RESULT int err; ldap_err = ldap_parse_result(ld, res, &err, NULL, NULL, NULL, NULL, 0); if (ldap_err == LDAP_SUCCESS) ldap_err = err; #elif defined HAVE_LDAP_GET_LDERRNO ldap_err = ldap_get_lderrno(ld, NULL, NULL); #elif defined HAVE_LDAP_RESULT2ERROR ldap_err = ldap_result2error(ld, res, 0); #else ldap_err = ld->ld_errno; #endif } signal_simple_error("LDAP error", build_string(ldap_err2string(ldap_err))); }