int ldap_x_sasl_digest_md5_bind(
LDAP *ld,
char *user_name,
struct berval *cred,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
struct timeval *timeout,
LDAPMessage **result)
{
LDAPMessage *res = NULL;
int msgid;
int rc;
if (ld == NULL || user_name == NULL || cred == NULL ||
result == NULL)
return (LDAP_PARAM_ERROR);
if (ld->ld_version < LDAP_VERSION3)
return (LDAP_PARAM_ERROR);
*result = NULL;
rc = sasl_digest_md5_bind_1(ld, user_name,
serverctrls, clientctrls, &msgid);
if (rc != LDAP_SUCCESS)
return (rc);
rc = ldap_result(ld, msgid, 1, timeout, &res);
if (rc == -1) {
if (res != NULL)
ldap_msgfree(res);
return (ldap_get_lderrno(ld, NULL, NULL));
}
rc = ldap_result2error(ld, res, 0);
if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
*result = res;
return (rc);
}
rc = sasl_digest_md5_bind_2(ld, user_name, cred,
serverctrls, clientctrls, res, &msgid);
ldap_msgfree(res);
res = NULL;
if (rc != LDAP_SUCCESS)
return (rc);
rc = ldap_result(ld, msgid, 1, timeout, &res);
if (rc == -1) {
if (res != NULL)
ldap_msgfree(res);
return (ldap_get_lderrno(ld, NULL, NULL));
}
*result = res;
rc = ldap_result2error(ld, res, 0);
return (rc);
}
/*
* parses the result returned by an ldap query
*/
static err_t
parse_ldap_result(LDAP * ldap, LDAPMessage *result, chunk_t *blob)
{
err_t ugh = NULL;
LDAPMessage * entry = ldap_first_entry(ldap, result);
if (entry != NULL)
{
BerElement *ber = NULL;
char *attr;
attr = ldap_first_attribute(ldap, entry, &ber);
if (attr != NULL)
{
struct berval **values = ldap_get_values_len(ldap, entry, attr);
if (values != NULL)
{
if (values[0] != NULL)
{
blob->len = values[0]->bv_len;
blob->ptr = alloc_bytes(blob->len, "ldap blob");
memcpy(blob->ptr, values[0]->bv_val, blob->len);
if (values[1] != NULL)
{
plog("warning: more than one value was fetched from LDAP URL");
}
}
else
{
ugh = "no values in attribute";
}
ldap_value_free_len(values);
}
else
{
ugh = ldap_err2string(ldap_result2error(ldap, entry, 0));
}
ldap_memfree(attr);
}
else
{
ugh = ldap_err2string(ldap_result2error(ldap, entry, 0));
}
ber_free(ber, 0);
}
else
{
ugh = ldap_err2string(ldap_result2error(ldap, result, 0));
}
return ugh;
}
int
ldap_verify_credentials_s(
LDAP *ld,
struct berval *cookie,
LDAP_CONST char *dn,
LDAP_CONST char *mechanism,
struct berval *cred,
LDAPControl **vcictrls,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *rcode,
char **diagmsg,
struct berval **scookie,
struct berval **scred,
LDAPControl ***vcoctrls)
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_verify_credentials(ld, cookie, dn, mechanism, cred, vcictrls, sctrls, cctrls, &msgid);
if (rc != LDAP_SUCCESS) return rc;
if (ldap_result(ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res) == -1 || !res) {
return ld->ld_errno;
}
rc = ldap_parse_verify_credentials(ld, res, rcode, diagmsg, scookie, scred, vcoctrls);
if (rc != LDAP_SUCCESS) {
ldap_msgfree(res);
return rc;
}
return( ldap_result2error(ld, res, 1));
}
int
ldap_passwd_s(
LDAP *ld,
struct berval *user,
struct berval *oldpw,
struct berval *newpw,
struct berval *newpasswd,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_passwd( ld, user, oldpw, newpw, sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
return ld->ld_errno;
}
rc = ldap_parse_passwd( ld, res, newpasswd );
if( rc != LDAP_SUCCESS ) {
ldap_msgfree( res );
return rc;
}
return( ldap_result2error( ld, res, 1 ) );
}
int
ldap_rename_s(
LDAP *ld,
LDAP_CONST char *dn,
LDAP_CONST char *newrdn,
LDAP_CONST char *newSuperior,
int deleteoldrdn,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_rename( ld, dn, newrdn, newSuperior,
deleteoldrdn, sctrls, cctrls, &msgid );
if( rc != LDAP_SUCCESS ) {
return rc;
}
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &res );
if( rc == -1 || !res ) {
return ld->ld_errno;
}
return ldap_result2error( ld, res, 1 );
}
int
ldap_whoami_s(
LDAP *ld,
struct berval **authzid,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_whoami( ld, sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) return rc;
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
return ld->ld_errno;
}
rc = ldap_parse_whoami( ld, res, authzid );
if( rc != LDAP_SUCCESS ) {
ldap_msgfree( res );
return rc;
}
return( ldap_result2error( ld, res, 1 ) );
}
/*
* ldap_sasl_bind_s - bind to the ldap server using sasl authentication
* The dn, mechanism, and credentials of the entry to which to bind are
* supplied. LDAP_SUCCESS is returned upon success, the ldap error code
* otherwise.
*
* Example:
* struct berval creds;
* ... fill in creds with credentials ...
* ldap_sasl_bind_s( ld, "cn=manager, o=university of michigan, c=us",
* "mechanismname", &creds )
*/
int
LDAP_CALL
ldap_sasl_bind_s(
LDAP *ld,
const char *dn,
const char *mechanism,
const struct berval *cred,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
struct berval **servercredp
)
{
int err, msgid;
LDAPMessage *result;
LDAPDebug( LDAP_DEBUG_TRACE, "ldap_sasl_bind_s\n", 0, 0, 0 );
if ( ( err = ldap_sasl_bind( ld, dn, mechanism, cred, serverctrls,
clientctrls, &msgid )) != LDAP_SUCCESS )
return( err );
if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 )
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
if (( err = ldap_parse_sasl_bind_result( ld, result, servercredp, 0 ))
!= LDAP_SUCCESS ) {
ldap_msgfree( result );
return( err );
}
return( ldap_result2error( ld, result, 1 ) );
}
int
ldap_refresh_s(
LDAP *ld,
struct berval *dn,
ber_int_t ttl,
ber_int_t *newttl,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_refresh( ld, dn, ttl, sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) return rc;
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *)NULL, &res );
if( rc == -1 || !res ) return ld->ld_errno;
rc = ldap_parse_refresh( ld, res, newttl );
if( rc != LDAP_SUCCESS ) {
ldap_msgfree( res );
return rc;
}
return ldap_result2error( ld, res, 1 );
}
static int
nsldapi_search_s(
LDAP *ld,
const char *base,
int scope,
const char *filter,
char **attrs,
int attrsonly,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
struct timeval *localtimeoutp,
int timelimit, /* -1 means use ld->ld_timelimit */
int sizelimit, /* -1 means use ld->ld_sizelimit */
LDAPMessage **res
)
{
int err, msgid;
/*
* It is an error to pass in a zero'd timeval.
*/
if ( localtimeoutp != NULL && localtimeoutp->tv_sec == 0 &&
localtimeoutp->tv_usec == 0 ) {
if ( ld != NULL ) {
LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
}
if ( res != NULL ) {
*res = NULL;
}
return( LDAP_PARAM_ERROR );
}
if (( err = nsldapi_search( ld, base, scope, filter, attrs, attrsonly,
serverctrls, clientctrls, timelimit, sizelimit, &msgid ))
!= LDAP_SUCCESS ) {
if ( res != NULL ) {
*res = NULL;
}
return( err );
}
if ( ldap_result( ld, msgid, 1, localtimeoutp, res ) == -1 ) {
/*
* Error. ldap_result() sets *res to NULL for us.
*/
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
if ( LDAP_GET_LDERRNO( ld, NULL, NULL ) == LDAP_TIMEOUT ) {
(void) ldap_abandon( ld, msgid );
err = LDAP_TIMEOUT;
LDAP_SET_LDERRNO( ld, err, NULL, NULL );
if ( res != NULL ) {
*res = NULL;
}
return( err );
}
return( ldap_result2error( ld, *res, 0 ) );
}
/*
* ldap_extended_operation_s - perform an arbitrary ldapv3 extended operation.
* the oid and data of the extended operation are supplied. LDAP_SUCCESS
* is returned upon success, the ldap error code otherwise.
*
* Example:
* struct berval exdata, exretval;
* char *exoid;
* int rc;
* ... fill in oid and data ...
* rc = ldap_extended_operation_s( ld, exoid, &exdata, &exretval );
*/
int
LDAP_CALL
ldap_extended_operation_s(
LDAP *ld,
const char *requestoid,
const struct berval *requestdata,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
char **retoidp,
struct berval **retdatap
)
{
int err, msgid;
LDAPMessage *result;
if (( err = ldap_extended_operation( ld, requestoid, requestdata,
serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) {
return( err );
}
if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result )
== -1 ) {
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
if (( err = ldap_parse_extended_result( ld, result, retoidp, retdatap,
0 )) != LDAP_SUCCESS ) {
ldap_msgfree( result );
return( err );
}
return( ldap_result2error( ld, result, 1 ) );
}
int
ldap_search_st(
LDAP *ld, LDAP_CONST char *base, int scope,
LDAP_CONST char *filter, char **attrs,
int attrsonly, struct timeval *timeout, LDAPMessage **res )
{
int msgid;
*res = NULL;
if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
== -1 )
return( ld->ld_errno );
if ( ldap_result( ld, msgid, LDAP_MSG_ALL, timeout, res ) == -1 || !*res )
return( ld->ld_errno );
if ( ld->ld_errno == LDAP_TIMEOUT ) {
(void) ldap_abandon( ld, msgid );
ld->ld_errno = LDAP_TIMEOUT;
return( ld->ld_errno );
}
return( ldap_result2error( ld, *res, 0 ) );
}
// Fetch all attributes of an entry, and display them in a dialog
void LdapView::showProperties( LDAP *ld, char *dn )
{
PropDlg dlg;
if ( ldap_search( ld, dn, LDAP_SCOPE_BASE, "objectclass=*",
NULL, FALSE ) == -1 )
{
AfxMessageBox( "Failed to start asynchronous search" );
return;
}
LDAPMessage *res;
int rc;
// Process results as they come in
while ( (rc = ldap_result( ld, LDAP_RES_ANY, 0, NULL, &res ))
== LDAP_RES_SEARCH_ENTRY )
{
LDAPMessage *e = ldap_first_entry( ld, res );
BerElement *ber;
// Loop over attributes in this entry
for ( char *a = ldap_first_attribute( ld, e, &ber ); a != NULL;
a = ldap_next_attribute( ld, e, ber ) )
{
struct berval **bvals;
if ( (bvals = ldap_get_values_len( ld, e, a )) != NULL )
{
dlg.AddLine( a );
// Loop over values for this attribute
for ( int i = 0; bvals[i] != NULL; i++ )
{
CString val;
val.Format( " %s", bvals[ i ]->bv_val );
dlg.AddLine( val );
}
ber_bvecfree( bvals );
}
}
if ( ber != NULL )
ber_free( ber, 0 );
ldap_msgfree( res );
}
if ( rc == -1 )
{
AfxMessageBox( "Error on ldap_result" );
return;
}
else if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS )
{
char *errString = ldap_err2string( rc );
AfxMessageBox( errString );
}
ldap_msgfree( res );
// Set the title of the dialog to the distinguished name, and display it
dlg.SetTitle( dn );
dlg.DoModal();
}
static void
print_ldap_result( LDAP *ld, LDAPMessage *lm, const char *s )
{
ldap_result2error( ld, lm, 1 );
ldap_perror( ld, s );
/*
if ( ld->ld_error != NULL && *ld->ld_error != '\0' )
fprintf( stderr, "Additional info: %s\n", ld->ld_error );
if ( LDAP_NAME_ERROR( ld->ld_errno ) && ld->ld_matched != NULL )
fprintf( stderr, "Matched DN: %s\n", ld->ld_matched );
*/
}
int
ldap_add_s( LDAP *ld, char *dn, LDAPMod **attrs )
{
int msgid;
LDAPMessage *res;
if ( (msgid = ldap_add( ld, dn, attrs )) == -1 )
return( ld->ld_errno );
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
}
int
ldap_compare_s( LDAP *ld, char *dn, char *attr, char *value )
{
int msgid;
LDAPMessage *res;
if ( (msgid = ldap_compare( ld, dn, attr, value )) == -1 )
return( ld->ld_errno );
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
}
int
ldap_modrdn_s( LDAP *ld, char *dn, char *newrdn, int deleteoldrdn )
{
int msgid;
LDAPMessage *res;
if ( (msgid = ldap_modrdn( ld, dn, newrdn, deleteoldrdn )) == -1 )
return( ld->ld_errno );
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
}
int
ldap_search_s( LDAP *ld, char *base, int scope, char *filter, char **attrs,
int attrsonly, LDAPMessage **res )
{
int msgid;
if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
== -1 )
return( ld->ld_errno );
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
return( ld->ld_errno );
return( ldap_result2error( ld, *res, 0 ) );
}
int
ldap_extended_operation_s(
LDAP *ld,
LDAP_CONST char *reqoid,
struct berval *reqdata,
LDAPControl **sctrls,
LDAPControl **cctrls,
char **retoidp,
struct berval **retdatap )
{
int rc;
int msgid;
LDAPMessage *res;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ENTRY, "ldap_extended_operation_s\n", 0,0,0 );
#else
Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );
#endif
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( reqoid != NULL || *reqoid == '\0' );
assert( retoidp != NULL || retdatap != NULL );
rc = ldap_extended_operation( ld, reqoid, reqdata,
sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) {
return( rc );
}
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
return( ld->ld_errno );
}
if ( retoidp != NULL ) *retoidp = NULL;
if ( retdatap != NULL ) *retdatap = NULL;
rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_msgfree( res );
return rc;
}
return( ldap_result2error( ld, res, 1 ) );
}
static int
nsldapi_sasl_bind_s(
LDAP *ld,
const char *dn,
const char *mechanism,
const struct berval *cred,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
struct berval **servercredp,
LDAPControl ***responsectrls
)
{
int err, msgid;
LDAPMessage *result;
LDAPDebug( LDAP_DEBUG_TRACE, "nsldapi_sasl_bind_s\n", 0, 0, 0 );
if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
return( LDAP_PARAM_ERROR );
}
if ( NSLDAPI_LDAP_VERSION( ld ) < LDAP_VERSION3 ) {
LDAP_SET_LDERRNO( ld, LDAP_NOT_SUPPORTED, NULL, NULL );
return( LDAP_NOT_SUPPORTED );
}
if ( ( err = ldap_sasl_bind( ld, dn, mechanism, cred, serverctrls,
clientctrls, &msgid )) != LDAP_SUCCESS )
return( err );
if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 )
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
/* Get the controls sent by the server if requested */
if ( responsectrls ) {
if ( ( err = ldap_parse_result( ld, result, &err, NULL, NULL,
NULL, responsectrls, 0 )) != LDAP_SUCCESS )
return( err );
}
err = ldap_parse_sasl_bind_result( ld, result, servercredp, 0 );
if (err != LDAP_SUCCESS && err != LDAP_SASL_BIND_IN_PROGRESS) {
ldap_msgfree( result );
return( err );
}
return( ldap_result2error( ld, result, 1 ) );
}
static int
sasl_digest_md5_bind_2(
LDAP *ld,
char *user_name,
struct berval *cred,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
LDAPMessage *result,
int *msgidp)
{
struct berval *challenge = NULL;
struct berval resp;
int errnum;
char *digest = NULL;
int err;
if (ld == NULL || user_name == NULL || cred == NULL ||
cred->bv_val == NULL || result == NULL || msgidp == NULL)
return (LDAP_PARAM_ERROR);
if (ld->ld_version < LDAP_VERSION3)
return (LDAP_PARAM_ERROR);
err = ldap_result2error(ld, result, 0);
if (err != LDAP_SASL_BIND_IN_PROGRESS)
return (err);
if ((err = ldap_parse_sasl_bind_result(ld, result, &challenge, 0))
!= LDAP_SUCCESS)
return (err);
if (challenge == NULL)
return (LDAP_NO_MEMORY);
err = ldap_digest_md5_encode(challenge->bv_val,
user_name, cred->bv_val, &digest);
ber_bvfree(challenge);
if (err == LDAP_SUCCESS) {
resp.bv_val = digest;
resp.bv_len = strlen(digest);
LDAPDebug(LDAP_DEBUG_TRACE, "SASL reply: %s\n",
digest, 0, 0);
err = ldap_sasl_bind(ld, NULL, LDAP_SASL_DIGEST_MD5,
&resp, serverctrls, clientctrls, msgidp);
free(digest);
}
return (err);
}
int
LDAP_CALL
ldap_url_search_s( LDAP *ld, const char *url, int attrsonly, LDAPMessage **res )
{
int msgid;
if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) {
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
if ( ldap_result( ld, msgid, 1, (struct timeval *)NULL, res ) == -1 ) {
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
return( ldap_result2error( ld, *res, 0 ));
}
/*
* Function: copy_value
* Copy value from a LDAP attribute to $copy
* INPUT:
* $ld: the connection with the LDAP server
* $entry: the entry who contains attributes
* $attribut: this attribut
* $copy: where data can go
* OUTPUT:
* void
*/
static void copy_value(LDAP *ld, LDAPMessage *entry, const char *attribut,
char **copy, const char *username)
{
char ** values;
values=ldap_get_values(ld,entry, (char *)attribut);
if (values==NULL)
{
#ifdef HAVE_LDAP_RESULT2ERROR
int ld_errno = ldap_result2error(ld,entry,0);
if (ld_errno && ld_errno != LDAP_DECODING_ERROR)
/* We didn't ask for this attribute */
ldap_perror(ld,"ldap_get_values");
#else
if (ld->ld_errno != LDAP_DECODING_ERROR)
/* We didn't ask for this attribute */
ldap_perror(ld,"ldap_get_values");
#endif
*copy=NULL;
return;
}
/* We accept only attribute with one value */
else if (ldap_count_values(values)>1)
{
*copy=strdup(values[0]);
syslog(LOG_DAEMON,
"authldaplib: duplicate attribute %s for %s\n",
attribut,
username);
*copy=NULL;
}
/* We accept only attribute with one value */
else if (ldap_count_values(values)!=1)
{
*copy=NULL;
}
else
{
*copy=strdup(values[0]);
}
#if DEBUG_LDAP
syslog(LOG_DAEMON|LOG_CRIT,"copy_value %s: %s\n",attribut,values[0]);
#endif
ldap_value_free(values);
}
int
ldap_pvt_search_s(
LDAP *ld,
LDAP_CONST char *base,
int scope,
LDAP_CONST char *filter,
char **attrs,
int attrsonly,
LDAPControl **sctrls,
LDAPControl **cctrls,
struct timeval *timeout,
int sizelimit,
int deref,
LDAPMessage **res )
{
int rc;
int msgid;
*res = NULL;
rc = ldap_pvt_search( ld, base, scope, filter, attrs, attrsonly,
sctrls, cctrls, timeout, sizelimit, deref, &msgid );
if ( rc != LDAP_SUCCESS ) {
return( rc );
}
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, timeout, res );
if( rc <= 0 ) {
/* error(-1) or timeout(0) */
if ( ld->ld_errno == LDAP_TIMEOUT ) {
/* cleanup request */
(void) ldap_abandon( ld, msgid );
ld->ld_errno = LDAP_TIMEOUT;
}
return( ld->ld_errno );
}
if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_INTERMEDIATE ) {
return( ld->ld_errno );
}
return( ldap_result2error( ld, *res, 0 ) );
}
int
ldap_modify_ext_s( LDAP *ld, LDAP_CONST char *dn,
LDAPMod **mods, LDAPControl **sctrl, LDAPControl **cctrl )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_modify_ext( ld, dn, mods, sctrl, cctrl, &msgid );
if ( rc != LDAP_SUCCESS )
return( rc );
if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
}
static krb5_error_code
krb5_update_server_info(krb5_ldap_server_handle *ldap_server_handle,
krb5_ldap_server_info *server_info)
{
krb5_error_code st=0;
struct timeval ztime={0, 0};
LDAPMessage *result=NULL;
if (ldap_server_handle == NULL || server_info == NULL)
return -1;
while (st == 0) {
st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid,
LDAP_MSG_ALL, &ztime, &result);
switch (st) {
case -1:
server_info->server_status = OFF;
time(&server_info->downtime);
break;
case 0:
continue;
break;
case LDAP_RES_BIND:
if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) {
server_info->server_status = ON;
} else {
/* ?? */ krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
server_info->server_status = OFF;
time(&server_info->downtime);
}
ldap_msgfree(result);
break;
default:
ldap_msgfree(result);
continue;
break;
}
}
ldap_server_handle->server_info_update_pending = FALSE;
return 0;
}
int
ldap_extended_operation_s(
LDAP *ld,
LDAP_CONST char *reqoid,
struct berval *reqdata,
LDAPControl **sctrls,
LDAPControl **cctrls,
char **retoidp,
struct berval **retdatap )
{
int rc;
int msgid;
LDAPMessage *res;
Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( reqoid != NULL && *reqoid != '\0' );
rc = ldap_extended_operation( ld, reqoid, reqdata,
sctrls, cctrls, &msgid );
if ( rc != LDAP_SUCCESS ) {
return( rc );
}
if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
return( ld->ld_errno );
}
if ( retoidp != NULL ) *retoidp = NULL;
if ( retdatap != NULL ) *retdatap = NULL;
rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_msgfree( res );
return rc;
}
return( ldap_result2error( ld, res, 1 ) );
}
int
LDAP_CALL
ldap_modify_ext_s( LDAP *ld, const char *dn, LDAPMod **mods,
LDAPControl **serverctrls, LDAPControl **clientctrls )
{
int msgid, err;
LDAPMessage *res;
if (( err = ldap_modify_ext( ld, dn, mods, serverctrls, clientctrls,
&msgid )) != LDAP_SUCCESS ) {
return( err );
}
if ( ldap_result( ld, msgid, 1, (struct timeval *)NULL, &res ) == -1 ) {
return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
}
return( ldap_result2error( ld, res, 1 ) );
}
static void
ldap_auth_bind_callback(struct ldap_connection *conn,
struct ldap_request *ldap_request, LDAPMessage *res)
{
struct passdb_ldap_request *passdb_ldap_request =
(struct passdb_ldap_request *)ldap_request;
struct auth_request *auth_request = ldap_request->auth_request;
enum passdb_result passdb_result;
const char *str;
int ret;
passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
if (res != NULL) {
ret = ldap_result2error(conn->ld, res, 0);
if (ret == LDAP_SUCCESS)
passdb_result = PASSDB_RESULT_OK;
else if (ret == LDAP_INVALID_CREDENTIALS) {
str = "invalid credentials";
if (auth_request->set->debug_passwords) {
str = t_strconcat(str, " (given password: "******")", NULL);
}
auth_request_log_info(auth_request, AUTH_SUBSYS_DB,
"%s", str);
passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
} else if (ret == LDAP_NO_SUCH_OBJECT) {
passdb_result = PASSDB_RESULT_USER_UNKNOWN;
auth_request_log_unknown_user(auth_request,
AUTH_SUBSYS_DB);
} else {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"ldap_bind() failed: %s",
ldap_err2string(ret));
}
}
passdb_ldap_request->callback.
verify_plain(passdb_result, auth_request);
auth_request_unref(&auth_request);
}
/* synchronous bind to DSA using kerberos */
int
ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn )
{
int msgid;
LDAPMessage *res;
Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2_s\n", 0, 0, 0 );
/* initiate the bind */
if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 )
return( ld->ld_errno );
/* wait for a result */
if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &res )
== -1 ) {
return( ld->ld_errno ); /* ldap_result sets ld_errno */
}
return( ldap_result2error( ld, res, 1 ) );
}
static void signal_ldap_error(LDAP * ld, LDAPMessage * res, int ldap_err)
{
if (ldap_err <= 0) {
#if defined HAVE_LDAP_PARSE_RESULT
int err;
ldap_err = ldap_parse_result(ld, res,
&err, NULL, NULL, NULL, NULL, 0);
if (ldap_err == LDAP_SUCCESS)
ldap_err = err;
#elif defined HAVE_LDAP_GET_LDERRNO
ldap_err = ldap_get_lderrno(ld, NULL, NULL);
#elif defined HAVE_LDAP_RESULT2ERROR
ldap_err = ldap_result2error(ld, res, 0);
#else
ldap_err = ld->ld_errno;
#endif
}
signal_simple_error("LDAP error",
build_string(ldap_err2string(ldap_err)));
}
