/* * ldap_extended_operation_s - perform an arbitrary ldapv3 extended operation. * the oid and data of the extended operation are supplied. LDAP_SUCCESS * is returned upon success, the ldap error code otherwise. * * Example: * struct berval exdata, exretval; * char *exoid; * int rc; * ... fill in oid and data ... * rc = ldap_extended_operation_s( ld, exoid, &exdata, &exretval ); */ int LDAP_CALL ldap_extended_operation_s( LDAP *ld, const char *requestoid, const struct berval *requestdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap ) { int err, msgid; LDAPMessage *result; if (( err = ldap_extended_operation( ld, requestoid, requestdata, serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) { return( err ); } if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result ) == -1 ) { return( LDAP_GET_LDERRNO( ld, NULL, NULL ) ); } if (( err = ldap_parse_extended_result( ld, result, retoidp, retdatap, 0 )) != LDAP_SUCCESS ) { ldap_msgfree( result ); return( err ); } return( ldap_result2error( ld, result, 1 ) ); }
int ldap_parse_whoami( LDAP *ld, LDAPMessage *res, struct berval **authzid ) { int rc; char *retoid = NULL; assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( res != NULL ); assert( authzid != NULL ); *authzid = NULL; rc = ldap_parse_extended_result( ld, res, &retoid, authzid, 0 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_whoami" ); return rc; } ber_memfree( retoid ); return rc; }
int ldap_parse_refresh( LDAP *ld, LDAPMessage *res, ber_int_t *newttl ) { int rc; struct berval *retdata = NULL; ber_tag_t tag; BerElement *ber; assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( res != NULL ); assert( newttl != NULL ); *newttl = 0; rc = ldap_parse_extended_result( ld, res, NULL, &retdata, 0 ); if ( rc != LDAP_SUCCESS ) { return rc; } if ( ld->ld_errno != LDAP_SUCCESS ) { return ld->ld_errno; } if ( retdata == NULL ) { rc = ld->ld_errno = LDAP_DECODING_ERROR; return rc; } ber = ber_init( retdata ); if ( ber == NULL ) { rc = ld->ld_errno = LDAP_NO_MEMORY; goto done; } /* check the tag */ tag = ber_scanf( ber, "{i}", newttl ); ber_free( ber, 1 ); if ( tag != LDAP_TAG_EXOP_REFRESH_RES_TTL ) { *newttl = 0; rc = ld->ld_errno = LDAP_DECODING_ERROR; } done: ; if ( retdata ) { ber_bvfree( retdata ); } return rc; }
static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid, struct berval *control, LDAPControl ***srvctrl) { struct berval *retdata = NULL; LDAPMessage *res = NULL; char *retoid = NULL; struct timeval tv; char *err = NULL; int msgid; int ret, rc; ret = ldap_extended_operation(ld, reqoid, control, NULL, NULL, &msgid); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Operation failed: %s\n"), ldap_err2string(ret)); return ret; } /* wait max 100 secs for the answer */ tv.tv_sec = 100; tv.tv_usec = 0; ret = ldap_result(ld, msgid, 1, &tv, &res); if (ret == -1) { fprintf(stderr, _("Failed to get result: %s\n"), ldap_err2string(ret)); goto done; } else if (res == NULL) { fprintf(stderr, _("Timeout exceeded.")); goto done; } ret = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Failed to parse extended result: %s\n"), ldap_err2string(ret)); goto done; } ret = ldap_parse_result(ld, res, &rc, NULL, &err, NULL, srvctrl, 0); if (ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) { fprintf(stderr, _("Failed to parse result: %s\n"), err ? err : ldap_err2string(ret)); if (ret == LDAP_SUCCESS) ret = rc; goto done; } done: if (err) ldap_memfree(err); if (res) ldap_msgfree(res); return ret; }
int ldap_extended_operation_s( LDAP *ld, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **sctrls, LDAPControl **cctrls, char **retoidp, struct berval **retdatap ) { int rc; int msgid; LDAPMessage *res; #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ENTRY, "ldap_extended_operation_s\n", 0,0,0 ); #else Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 ); #endif assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( reqoid != NULL || *reqoid == '\0' ); assert( retoidp != NULL || retdatap != NULL ); rc = ldap_extended_operation( ld, reqoid, reqdata, sctrls, cctrls, &msgid ); if ( rc != LDAP_SUCCESS ) { return( rc ); } if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) { return( ld->ld_errno ); } if ( retoidp != NULL ) *retoidp = NULL; if ( retdatap != NULL ) *retdatap = NULL; rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 ); if( rc != LDAP_SUCCESS ) { ldap_msgfree( res ); return rc; } return( ldap_result2error( ld, res, 1 ) ); }
int ldap_parse_passwd( LDAP *ld, LDAPMessage *res, struct berval *newpasswd ) { int rc; struct berval *retdata = NULL; assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( res != NULL ); assert( newpasswd != NULL ); newpasswd->bv_val = NULL; newpasswd->bv_len = 0; rc = ldap_parse_extended_result( ld, res, NULL, &retdata, 0 ); if ( rc != LDAP_SUCCESS ) { return rc; } if ( retdata != NULL ) { ber_tag_t tag; BerElement *ber = ber_init( retdata ); if ( ber == NULL ) { rc = ld->ld_errno = LDAP_NO_MEMORY; goto done; } /* we should check the tag */ tag = ber_scanf( ber, "{o}", newpasswd ); ber_free( ber, 1 ); if ( tag == LBER_ERROR ) { rc = ld->ld_errno = LDAP_DECODING_ERROR; } } done:; ber_bvfree( retdata ); return rc; }
int ldap_extended_operation_s( LDAP *ld, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **sctrls, LDAPControl **cctrls, char **retoidp, struct berval **retdatap ) { int rc; int msgid; LDAPMessage *res; Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( reqoid != NULL && *reqoid != '\0' ); rc = ldap_extended_operation( ld, reqoid, reqdata, sctrls, cctrls, &msgid ); if ( rc != LDAP_SUCCESS ) { return( rc ); } if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) { return( ld->ld_errno ); } if ( retoidp != NULL ) *retoidp = NULL; if ( retdatap != NULL ) *retdatap = NULL; rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 ); if( rc != LDAP_SUCCESS ) { ldap_msgfree( res ); return rc; } return( ldap_result2error( ld, res, 1 ) ); }
ULONG CDECL ldap_parse_extended_resultW( WLDAP32_LDAP *ld, WLDAP32_LDAPMessage *result, PWCHAR *oid, struct WLDAP32_berval **data, BOOLEAN free ) { ULONG ret = LDAP_NOT_SUPPORTED; #ifdef HAVE_LDAP char *oidU = NULL; TRACE( "(%p, %p, %p, %p, 0x%02x)\n", ld, result, oid, data, free ); if (!ld) return WLDAP32_LDAP_PARAM_ERROR; if (!result) return WLDAP32_LDAP_NO_RESULTS_RETURNED; ret = ldap_parse_extended_result( ld, result, &oidU, (struct berval **)data, free ); if (oid) { *oid = strUtoW( oidU ); if (!*oid) ret = WLDAP32_LDAP_NO_MEMORY; ldap_memfree( oidU ); } #endif return ret; }
static int ldap_back_exop_generic( Operation *op, SlapReply *rs, ldapconn_t **lcp ) { ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private; ldapconn_t *lc = *lcp; LDAPMessage *res; ber_int_t msgid; int rc; int do_retry = 1; char *text = NULL; Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n", op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 ); assert( lc != NULL ); assert( rs->sr_ctrls == NULL ); retry: rc = ldap_extended_operation( lc->lc_ld, op->ore_reqoid.bv_val, op->ore_reqdata, op->o_ctrls, NULL, &msgid ); if ( rc == LDAP_SUCCESS ) { /* TODO: set timeout? */ /* by now, make sure no timeout is used (ITS#6282) */ struct timeval tv = { -1, 0 }; if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) { ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc ); rs->sr_err = rc; } else { /* only touch when activity actually took place... */ if ( li->li_idle_timeout ) { lc->lc_time = op->o_time; } /* sigh. parse twice, because parse_passwd * doesn't give us the err / match / msg info. */ rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err, (char **)&rs->sr_matched, &text, NULL, &rs->sr_ctrls, 0 ); if ( rc == LDAP_SUCCESS ) { if ( rs->sr_err == LDAP_SUCCESS ) { rc = ldap_parse_extended_result( lc->lc_ld, res, (char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 ); if ( rc == LDAP_SUCCESS ) { rs->sr_type = REP_EXTENDED; } } else { rc = rs->sr_err; } } ldap_msgfree( res ); } } if ( rc != LDAP_SUCCESS ) { rs->sr_err = slap_map_api2result( rs ); if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) { do_retry = 0; if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) { goto retry; } } if ( LDAP_BACK_QUARANTINE( li ) ) { ldap_back_quarantine( op, rs ); } if ( text ) rs->sr_text = text; send_ldap_extended( op, rs ); /* otherwise frontend resends result */ rc = rs->sr_err = SLAPD_ABANDON; } else if ( LDAP_BACK_QUARANTINE( li ) ) { ldap_back_quarantine( op, rs ); } ldap_pvt_thread_mutex_lock( &li->li_counter_mutex ); ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_EXTENDED ], 1 ); ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex ); /* these have to be freed anyway... */ if ( rs->sr_matched ) { free( (char *)rs->sr_matched ); rs->sr_matched = NULL; } if ( rs->sr_ctrls ) { ldap_controls_free( rs->sr_ctrls ); rs->sr_ctrls = NULL; } if ( text ) { free( text ); rs->sr_text = NULL; } /* in case, cleanup handler */ if ( lc == NULL ) { *lcp = NULL; } return rc; }
int ldap_parse_verify_credentials( LDAP *ld, LDAPMessage *res, int * code, char ** diagmsg, struct berval **cookie, struct berval **screds, LDAPControl ***ctrls) { int rc; char *retoid = NULL; struct berval *retdata = NULL; assert(ld != NULL); assert(LDAP_VALID(ld)); assert(res != NULL); assert(code != NULL); assert(diagmsg != NULL); rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0); if( rc != LDAP_SUCCESS ) { ldap_perror(ld, "ldap_parse_verify_credentials"); return rc; } if (retdata) { ber_tag_t tag; ber_len_t len; ber_int_t i; BerElement * ber = ber_init(retdata); struct berval diagmsg_bv = BER_BVNULL; if (!ber) { rc = ld->ld_errno = LDAP_NO_MEMORY; goto done; } ber_scanf(ber, "{im" /*"}"*/, &i, &diagmsg_bv); if ( diagmsg != NULL ) { *diagmsg = LDAP_MALLOC( diagmsg_bv.bv_len + 1 ); AC_MEMCPY( *diagmsg, diagmsg_bv.bv_val, diagmsg_bv.bv_len ); (*diagmsg)[diagmsg_bv.bv_len] = '\0'; } *code = i; tag = ber_peek_tag(ber, &len); if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) { ber_scanf(ber, "O", cookie); tag = ber_peek_tag(ber, &len); } if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) { ber_scanf(ber, "O", screds); tag = ber_peek_tag(ber, &len); } if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) { int nctrls = 0; char * opaque; *ctrls = LDAP_MALLOC(1 * sizeof(LDAPControl *)); if (!*ctrls) { rc = LDAP_NO_MEMORY; goto done; } *ctrls[nctrls] = NULL; for(tag = ber_first_element(ber, &len, &opaque); tag != LBER_ERROR; tag = ber_next_element(ber, &len, opaque)) { LDAPControl *tctrl; LDAPControl **tctrls; tctrl = LDAP_CALLOC(1, sizeof(LDAPControl)); /* allocate pointer space for current controls (nctrls) * + this control + extra NULL */ tctrls = !tctrl ? NULL : LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *)); if (!tctrls) { /* allocation failure */ if (tctrl) LDAP_FREE(tctrl); ldap_controls_free(*ctrls); *ctrls = NULL; rc = LDAP_NO_MEMORY; goto done; } tctrls[nctrls++] = tctrl; tctrls[nctrls] = NULL; tag = ber_scanf(ber, "{a" /*"}"*/, &tctrl->ldctl_oid); if (tag == LBER_ERROR) { *ctrls = NULL; ldap_controls_free(tctrls); rc = LDAP_DECODING_ERROR; goto done; } tag = ber_peek_tag(ber, &len); if (tag == LBER_BOOLEAN) { ber_int_t crit; tag = ber_scanf(ber, "b", &crit); tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0; tag = ber_peek_tag(ber, &len); } if (tag == LBER_OCTETSTRING) { tag = ber_scanf( ber, "o", &tctrl->ldctl_value ); } else { BER_BVZERO( &tctrl->ldctl_value ); } *ctrls = tctrls; } } ber_free(ber, 1); } done: ber_bvfree(retdata); ber_memfree(retoid); return rc; }
int main( int argc, char *argv[] ) { int rc; LDAP *ld = NULL; char *matcheddn = NULL, *text = NULL, **refs = NULL; LDAPControl **ctrls = NULL; int id, code; LDAPMessage *res = NULL; tool_init( TOOL_EXOP ); prog = lutil_progname( "ldapexop", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if ( argc - optind < 1 ) { usage(); } ld = tool_conn_setup( 0, 0 ); tool_bind( ld ); argv += optind; argc -= optind; if ( strcasecmp( argv[ 0 ], "whoami" ) == 0 ) { tool_server_controls( ld, NULL, 0 ); rc = ldap_whoami( ld, NULL, NULL, &id ); if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) { int cancelid; switch ( argc ) { case 2: if ( lutil_atoi( &cancelid, argv[ 1 ] ) != 0 || cancelid < 0 ) { fprintf( stderr, "invalid cancelid=%s\n\n", argv[ 1 ] ); usage(); } break; default: fprintf( stderr, "need cancelid\n\n" ); usage(); } rc = ldap_cancel( ld, cancelid, NULL, NULL, &id ); if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_cancel", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } } else if ( strcasecmp( argv[ 0 ], "passwd" ) == 0 ) { fprintf( stderr, "use ldappasswd(1) instead.\n\n" ); usage(); /* TODO? */ } else if ( strcasecmp( argv[ 0 ], "refresh" ) == 0 ) { int ttl = 3600; struct berval dn; switch ( argc ) { case 3: ttl = atoi( argv[ 2 ] ); case 2: dn.bv_val = argv[ 1 ]; dn.bv_len = strlen( dn.bv_val ); break; default: fprintf( stderr, _("need DN [ttl]\n\n") ); usage(); } tool_server_controls( ld, NULL, 0 ); rc = ldap_refresh( ld, &dn, ttl, NULL, NULL, &id ); if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } } else { char *p; if ( argc != 1 ) { usage(); } p = strchr( argv[ 0 ], ':' ); if ( p == argv[ 0 ] ) { usage(); } if ( p != NULL ) *p++ = '\0'; if ( tool_is_oid( argv[ 0 ] ) ) { struct berval reqdata; struct berval type; struct berval value; int freeval; if ( p != NULL ) { p[ -1 ] = ':'; ldif_parse_line2( argv[ 0 ], &type, &value, &freeval ); p[ -1 ] = '\0'; if ( freeval ) { reqdata = value; } else { ber_dupbv( &reqdata, &value ); } } tool_server_controls( ld, NULL, 0 ); rc = ldap_extended_operation( ld, argv[ 0 ], p ? &reqdata : NULL, NULL, NULL, &id ); if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } } else { fprintf( stderr, "unknown exop \"%s\"\n\n", argv[ 0 ] ); usage(); } } for ( ; ; ) { struct timeval tv; if ( tool_check_abandon( ld, id ) ) { tool_exit( ld, LDAP_CANCELLED ); } tv.tv_sec = 0; tv.tv_usec = 100000; rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); if ( rc < 0 ) { tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } if ( rc != 0 ) { break; } } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 0 ); if ( rc == LDAP_SUCCESS ) { rc = code; } if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs ); rc = EXIT_FAILURE; goto skip; } if ( strcasecmp( argv[ 0 ], "whoami" ) == 0 ) { char *retoid = NULL; struct berval *retdata = NULL; rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 ); if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } if ( retdata != NULL ) { if ( retdata->bv_len == 0 ) { printf(_("anonymous\n") ); } else { printf("%s\n", retdata->bv_val ); } } ber_memfree( retoid ); ber_bvfree( retdata ); } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) { /* no extended response; returns specific errors */ assert( 0 ); } else if ( strcasecmp( argv[ 0 ], "passwd" ) == 0 ) { /* TODO */ } else if ( strcasecmp( argv[ 0 ], "refresh" ) == 0 ) { int newttl; rc = ldap_parse_refresh( ld, res, &newttl ); if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_refresh", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } printf( "newttl=%d\n", newttl ); } else if ( tool_is_oid( argv[ 0 ] ) ) { char *retoid = NULL; struct berval *retdata = NULL; if( ldif < 2 ) { printf(_("# extended operation response\n")); } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 ); if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } if ( ldif < 2 && retoid != NULL ) { tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE, "oid", retoid, strlen(retoid) ); } ber_memfree( retoid ); if( retdata != NULL ) { if ( ldif < 2 ) { tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY, "data", retdata->bv_val, retdata->bv_len ); } ber_bvfree( retdata ); } } if( verbose || code != LDAP_SUCCESS || ( matcheddn && *matcheddn ) || ( text && *text ) || refs ) { printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); if( text && *text ) { printf( _("Additional info: %s\n"), text ); } if( matcheddn && *matcheddn ) { printf( _("Matched DN: %s\n"), matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf(_("Referral: %s\n"), refs[i] ); } } } if (ctrls) { tool_print_ctrls( ld, ctrls ); ldap_controls_free( ctrls ); } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); skip: /* disconnect from server */ if ( res ) ldap_msgfree( res ); tool_exit( ld, code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE ); }
int main( int argc, char *argv[] ) { int rc; char *user = NULL; LDAP *ld = NULL; struct berval bv = {0, NULL}; BerElement *ber = NULL; int id, code = LDAP_OTHER; LDAPMessage *res; char *matcheddn = NULL, *text = NULL, **refs = NULL; char *retoid = NULL; struct berval *retdata = NULL; prog = lutil_progname( "ldappasswd", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if( argc - optind > 1 ) { usage(); } else if ( argc - optind == 1 ) { user = strdup( argv[optind] ); } else { user = NULL; } if( oldpwfile ) { rc = lutil_get_filed_password( prog, &oldpw ); if( rc ) return EXIT_FAILURE; } if( want_oldpw && oldpw.bv_val == NULL ) { /* prompt for old password */ char *ckoldpw; oldpw.bv_val = strdup(getpassphrase("Old password: "******"Re-enter old password: "******"passwords do not match\n" ); return EXIT_FAILURE; } oldpw.bv_len = strlen( oldpw.bv_val ); } if( newpwfile ) { rc = lutil_get_filed_password( prog, &newpw ); if( rc ) return EXIT_FAILURE; } if( want_newpw && newpw.bv_val == NULL ) { /* prompt for new password */ char *cknewpw; newpw.bv_val = strdup(getpassphrase("New password: "******"Re-enter new password: "******"passwords do not match\n" ); return EXIT_FAILURE; } newpw.bv_len = strlen( newpw.bv_val ); } if( want_bindpw && passwd.bv_val == NULL ) { /* handle bind password */ if ( pw_file ) { rc = lutil_get_filed_password( pw_file, &passwd ); if( rc ) return EXIT_FAILURE; } else { passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"ber_alloc_t" ); ldap_unbind( ld ); return EXIT_FAILURE; } ber_printf( ber, "{" /*}*/ ); if( user != NULL ) { ber_printf( ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); free(user); } if( oldpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw ); free(oldpw.bv_val); } if( newpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw ); free(newpw.bv_val); } ber_printf( ber, /*{*/ "N}" ); rc = ber_flatten2( ber, &bv, 0 ); if( rc < 0 ) { perror( "ber_flatten2" ); ldap_unbind( ld ); return EXIT_FAILURE; } } if ( not ) { rc = LDAP_SUCCESS; goto skip; } rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, NULL, NULL, &id ); ber_free( ber, 1 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_extended_operation" ); ldap_unbind( ld ); return EXIT_FAILURE; } rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res ); if ( rc < 0 ) { ldap_perror( ld, "ldappasswd: ldap_result" ); return rc; } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); return rc; } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); return rc; } if( retdata != NULL ) { ber_tag_t tag; char *s; ber = ber_init( retdata ); if( ber == NULL ) { perror( "ber_init" ); ldap_unbind( ld ); return EXIT_FAILURE; } /* we should check the tag */ tag = ber_scanf( ber, "{a}", &s); if( tag == LBER_ERROR ) { perror( "ber_scanf" ); } else { printf("New password: %s\n", s); free( s ); } ber_free( ber, 1 ); } if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) { printf( "Result: %s (%d)\n", ldap_err2string( code ), code ); if( text && *text ) { printf( "Additional info: %s\n", text ); } if( matcheddn && *matcheddn ) { printf( "Matched DN: %s\n", matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf("Referral: %s\n", refs[i] ); } } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); ber_memfree( retoid ); ber_bvfree( retdata ); skip: /* disconnect from server */ ldap_unbind (ld); return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; }
int ld_cmd_exec(db_res_t* res, db_cmd_t* cmd) { db_con_t* con; struct ld_res* lres; struct ld_cmd* lcmd; struct ld_con* lcon; char* filter, *err_desc; int ret, err; LDAPMessage *msg, *resmsg; int reconn_cnt; int msgid; char *oid; struct berval *data; struct timeval restimeout; filter = NULL; err_desc = NULL; resmsg = NULL; /* First things first: retrieve connection info from the currently active * connection and also mysql payload from the database command */ con = cmd->ctx->con[db_payload_idx]; lcmd = DB_GET_PAYLOAD(cmd); lcon = DB_GET_PAYLOAD(con); reconn_cnt = ld_reconnect_attempt; if (ld_prepare_ldap_filter(&filter, cmd, &lcmd->filter) < 0) { ERR("ldap: Error while building LDAP search filter\n"); goto error; } DBG("ldap: ldap_search(base:'%s', filter:'%s')\n", lcmd->base, filter); do { if (lcon->flags & LD_CONNECTED) { ldap_set_option(lcon->con, LDAP_OPT_DEREF, ((void *)&lcmd->chase_references)); /* there is alternative method using LDAP_CONTROL_REFERRALS per request but is not well documented */ ldap_set_option(lcon->con, LDAP_OPT_REFERRALS, lcmd->chase_referrals?LDAP_OPT_ON:LDAP_OPT_OFF); ret = ldap_search_ext(lcon->con, lcmd->base, lcmd->scope, filter, lcmd->result, 0, NULL, NULL, lcmd->timelimit.tv_sec ? &lcmd->timelimit : NULL, lcmd->sizelimit, &msgid); if (ret != LDAP_SUCCESS) { ERR("ldap: Error while searching: %s\n", ldap_err2string(ret)); goto error; } /* openldap v2.3 library workaround for unsolicited messages: if only unsolicited messages are available then ldap_result of v2.3 library waits forever */ memset(&restimeout, 0, sizeof(restimeout)); restimeout.tv_sec = 5; ret = ldap_result(lcon->con, LDAP_RES_ANY, LDAP_MSG_ALL, &restimeout, &resmsg); } else { /* force it to reconnect */ ret = -1; } if (ret <= 0) { ERR("ldap: Error in ldap_search: %s\n", ret < 0 ? ldap_err2string(ret) : "timeout"); if (ret == LDAP_SERVER_DOWN) { lcon->flags &= ~LD_CONNECTED; do { if (!reconn_cnt) { ERR("ldap: maximum reconnection attempt reached! giving up\n"); goto error; } reconn_cnt--; err = ld_con_connect(con); } while (err != 0); } else { goto error; } } } while (ret <= 0); /* looking for unsolicited messages */ for (msg = ldap_first_message(lcon->con, resmsg); msg != NULL; msg = ldap_next_message(lcon->con, msg)) { if (ldap_msgtype(msg) == LDAP_RES_EXTENDED) { if (ldap_parse_extended_result(lcon->con, msg, &oid, &data, 0) != LDAP_SUCCESS) { ERR("ldap: Error while parsing extended result\n"); goto error; } if (oid != NULL) { if (strcmp(oid, LDAP_NOTICE_OF_DISCONNECTION) == 0) { WARN("ldap: Notice of Disconnection (OID: %s)\n", oid); } else { WARN("ldap: Unsolicited message received. OID: %s\n", oid); } ldap_memfree(oid); } if (data != NULL) { WARN("ldap: Unsolicited message data: %.*s\n", (int)data->bv_len, data->bv_val); ber_bvfree(data); } } } ret = ldap_parse_result(lcon->con, resmsg, &err, NULL, &err_desc, NULL, NULL, 0); if (ret != LDAP_SUCCESS) { ERR("ldap: Error while reading result status: %s\n", ldap_err2string(ret)); goto error; } if (err != LDAP_SUCCESS) { ERR("ldap: LDAP server reports error: %s\n", ldap_err2string(err)); goto error; } if (res) { lres = DB_GET_PAYLOAD(res); lres->msg = resmsg; } else if (resmsg) { ldap_msgfree(resmsg); } if (filter) pkg_free(filter); if (err_desc) ldap_memfree(err_desc); return 0; error: if (filter) pkg_free(filter); if (resmsg) ldap_msgfree(resmsg); if (err_desc) ldap_memfree(err_desc); return -1; }
static int ldap_connection_connect_parse(struct ldap_connection *conn, struct ldap_op_queue_entry *req, LDAPMessage *message, bool *finished_r) { int ret, result_err; char *retoid, *result_errmsg; int msgtype = ldap_msgtype(message); *finished_r = TRUE; ret = ldap_parse_result(conn->conn, message, &result_err, NULL, &result_errmsg, NULL, NULL, 0); switch(conn->state) { case LDAP_STATE_TLS: if (msgtype != LDAP_RES_EXTENDED) { *finished_r = FALSE; return LDAP_SUCCESS; } if (ret != 0) { ldap_connection_result_failure(conn, req, ret, t_strdup_printf( "ldap_start_tls(uri=%s) failed: %s", conn->set.uri, ldap_err2string(ret))); return ret; } else if (result_err != 0) { if (conn->set.require_ssl) { ldap_connection_result_failure(conn, req, result_err, t_strdup_printf( "ldap_start_tls(uri=%s) failed: %s", conn->set.uri, result_errmsg)); ldap_memfree(result_errmsg); return LDAP_INVALID_CREDENTIALS; /* make sure it disconnects */ } } else { ret = ldap_parse_extended_result(conn->conn, message, &retoid, NULL, 0); /* retoid can be NULL even if ret == 0 */ if (ret == 0) { ret = ldap_install_tls(conn->conn); if (ret != 0) { // if this fails we have to abort ldap_connection_result_failure(conn, req, ret, t_strdup_printf( "ldap_start_tls(uri=%s) failed: %s", conn->set.uri, ldap_err2string(ret))); return LDAP_INVALID_CREDENTIALS; } } if (ret != LDAP_SUCCESS) { if (conn->set.require_ssl) { ldap_connection_result_failure(conn, req, ret, t_strdup_printf( "ldap_start_tls(uri=%s) failed: %s", conn->set.uri, ldap_err2string(ret))); return LDAP_UNAVAILABLE; } } else { if (conn->set.debug > 0) i_debug("Using TLS connection to remote LDAP server"); } ldap_memfree(retoid); } conn->state = LDAP_STATE_AUTH; return ldap_connect_next_message(conn, req, finished_r); case LDAP_STATE_AUTH: if (ret != LDAP_SUCCESS) { ldap_connection_result_failure(conn, req, ret, t_strdup_printf( "ldap_parse_result() failed for connect: %s", ldap_err2string(ret))); return ret; } if (result_err != LDAP_SUCCESS) { const char *error = result_errmsg != NULL ? result_errmsg : ldap_err2string(result_err); ldap_connection_result_failure(conn, req, result_err, t_strdup_printf( "Connect failed: %s", error)); ldap_memfree(result_errmsg); return result_err; } if (msgtype != LDAP_RES_BIND) return 0; ret = ldap_parse_sasl_bind_result(conn->conn, message, &(conn->scred), 0); if (ret != LDAP_SUCCESS) { const char *error = t_strdup_printf( "Cannot bind with server: %s", ldap_err2string(ret)); ldap_connection_result_failure(conn, req, ret, error); return 1; } conn->state = LDAP_STATE_CONNECT; return ldap_connect_next_message(conn, req, finished_r); default: i_unreached(); } return LDAP_SUCCESS; }
int main( int argc, char *argv[] ) { int rc; char *user = NULL; LDAP *ld = NULL; struct berval bv = {0, NULL}; BerElement *ber = NULL; int id, code = LDAP_OTHER; LDAPMessage *res; char *matcheddn = NULL, *text = NULL, **refs = NULL; char *retoid = NULL; struct berval *retdata = NULL; LDAPControl **ctrls = NULL; tool_init( TOOL_PASSWD ); prog = lutil_progname( "ldappasswd", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if( argc - optind > 1 ) { usage(); } else if ( argc - optind == 1 ) { user = strdup( argv[optind] ); } else { user = NULL; } if( oldpwfile ) { rc = lutil_get_filed_password( oldpwfile, &oldpw ); if( rc ) { rc = EXIT_FAILURE; goto done; } } if( want_oldpw && oldpw.bv_val == NULL ) { /* prompt for old password */ char *ckoldpw; oldpw.bv_val = strdup(getpassphrase(_("Old password: "******"Re-enter old password: "******"passwords do not match\n") ); rc = EXIT_FAILURE; goto done; } oldpw.bv_len = strlen( oldpw.bv_val ); } if( newpwfile ) { rc = lutil_get_filed_password( newpwfile, &newpw ); if( rc ) { rc = EXIT_FAILURE; goto done; } } if( want_newpw && newpw.bv_val == NULL ) { /* prompt for new password */ char *cknewpw; newpw.bv_val = strdup(getpassphrase(_("New password: "******"Re-enter new password: "******"passwords do not match\n") ); rc = EXIT_FAILURE; goto done; } newpw.bv_len = strlen( newpw.bv_val ); } ld = tool_conn_setup( 0, 0 ); tool_bind( ld ); if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) { /* build the password modify request data */ ber = ber_alloc_t( LBER_USE_DER ); if( ber == NULL ) { perror( "ber_alloc_t" ); rc = EXIT_FAILURE; goto done; } ber_printf( ber, "{" /*}*/ ); if( user != NULL ) { ber_printf( ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); free(user); } if( oldpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw ); free(oldpw.bv_val); } if( newpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw ); free(newpw.bv_val); } ber_printf( ber, /*{*/ "N}" ); rc = ber_flatten2( ber, &bv, 0 ); if( rc < 0 ) { perror( "ber_flatten2" ); rc = EXIT_FAILURE; goto done; } } if ( dont ) { rc = LDAP_SUCCESS; goto done; } tool_server_controls( ld, NULL, 0); rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, NULL, NULL, &id ); ber_free( ber, 1 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto done; } for ( ; ; ) { struct timeval tv; if ( tool_check_abandon( ld, id ) ) { tool_exit( ld, LDAP_CANCELLED ); } tv.tv_sec = 0; tv.tv_usec = 100000; rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); if ( rc < 0 ) { tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); tool_exit( ld, rc ); } if ( rc != 0 ) { break; } } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 0 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto done; } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto done; } if( retdata != NULL ) { ber_tag_t tag; char *s; ber = ber_init( retdata ); if( ber == NULL ) { perror( "ber_init" ); rc = EXIT_FAILURE; goto done; } /* we should check the tag */ tag = ber_scanf( ber, "{a}", &s); if( tag == LBER_ERROR ) { perror( "ber_scanf" ); } else { printf(_("New password: %s\n"), s); ber_memfree( s ); } ber_free( ber, 1 ); } else if ( code == LDAP_SUCCESS && newpw.bv_val == NULL ) { tool_perror( "ldap_parse_extended_result", LDAP_DECODING_ERROR, " new password expected", NULL, NULL, NULL ); } if( verbose || code != LDAP_SUCCESS || ( matcheddn && *matcheddn ) || ( text && *text ) || refs || ctrls ) { printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); if( text && *text ) { printf( _("Additional info: %s\n"), text ); } if( matcheddn && *matcheddn ) { printf( _("Matched DN: %s\n"), matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf(_("Referral: %s\n"), refs[i] ); } } if( ctrls ) { tool_print_ctrls( ld, ctrls ); ldap_controls_free( ctrls ); } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); ber_memfree( retoid ); ber_bvfree( retdata ); rc = ( code == LDAP_SUCCESS ) ? EXIT_SUCCESS : EXIT_FAILURE; done: /* disconnect from server */ tool_exit( ld, rc ); }
int main( int argc, char *argv[] ) { int rc; LDAP *ld = NULL; char *matcheddn = NULL, *text = NULL, **refs = NULL; char *retoid = NULL; struct berval *retdata = NULL; int id, code = 0; LDAPMessage *res; LDAPControl **ctrls = NULL; tool_init( TOOL_WHOAMI ); prog = lutil_progname( "ldapwhoami", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if( argc - optind > 0 ) { usage(); } if ( pw_file || want_bindpw ) { if ( pw_file ) { rc = lutil_get_filed_password( pw_file, &passwd ); if( rc ) return EXIT_FAILURE; } else { passwd.bv_val = getpassphrase( _("Enter LDAP Password: "******"ldap_whoami", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } for ( ; ; ) { struct timeval tv; if ( tool_check_abandon( ld, id ) ) { return LDAP_CANCELLED; } tv.tv_sec = 0; tv.tv_usec = 100000; rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); if ( rc < 0 ) { tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); return rc; } if ( rc != 0 ) { break; } } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 0 ); if ( rc == LDAP_SUCCESS ) { rc = code; } if ( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs ); rc = EXIT_FAILURE; goto skip; } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } if( retdata != NULL ) { if( retdata->bv_len == 0 ) { printf(_("anonymous\n") ); } else { printf("%s\n", retdata->bv_val ); } } skip: if ( verbose || ( code != LDAP_SUCCESS ) || matcheddn || text || refs || ctrls ) { printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); if( text && *text ) { printf( _("Additional info: %s\n"), text ); } if( matcheddn && *matcheddn ) { printf( _("Matched DN: %s\n"), matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf(_("Referral: %s\n"), refs[i] ); } } if (ctrls) { tool_print_ctrls( ld, ctrls ); ldap_controls_free( ctrls ); } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); ber_memfree( retoid ); ber_bvfree( retdata ); /* disconnect from server */ tool_unbind( ld ); tool_destroy(); return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; }