コード例 #1
0
ファイル: ns_wrapper.c プロジェクト: andreiw/polaris
/* ARGSUSED */
int _ns_ldap_compare_s(char *service, int flags,
	char *dn, char *attr, char *value)
{
	LDAP *ld = __s_api_getLDAPconn(flags);

	return (ldap_compare_s(ld, dn, attr, value));
}
コード例 #2
0
ファイル: ldapupdate.c プロジェクト: twolife/claws
/**
 * Make a compare for every new value we want to store in the
 * directory with the current values. Great tool for debugging
 * against invalid syntax in attributes
 *
 * \param ld AddressBook resource
 * \param dn dn for the entry
 * \param cnt Number of attributes to compare
 * \param  mods LDAPMod structure
 */
void ldapsvr_compare_attr(LDAP *ld, gchar *dn, gint cnt, LDAPMod *mods[]) {
	int i, rc;

#ifdef OPEN_LDAP_API_AT_LEAST_3000

	struct berval val;

#endif

	cm_return_if_fail(ld != NULL || dn != NULL || cnt >= 0 || mods != NULL);
	for (i = 0; i < cnt; i++) {
		gchar *value = g_strdup(mods[i]->mod_vals.modv_strvals[0]);
		if (!value || strcmp(value, "") == 0)
			value = g_strdup("thisisonlyadummy");

#ifdef OPEN_LDAP_API_AT_LEAST_3000

		val.bv_val = value;
		val.bv_len = strlen(value);

		rc = ldap_compare_ext_s(ld, dn, mods[i]->mod_type, &val, NULL, NULL);

#else

		/* This is deprecated as of OpenLDAP-2.3.0 */
		rc = ldap_compare_s(ld, dn, mods[i]->mod_type, value);

#endif

		g_printerr("ldap_compare for (%s:%s)\" failed[0x%x]: %s\n",
        	mods[i]->mod_type, value, rc, ldaputil_get_error(ld));
		g_free(value);
	}
}
コード例 #3
0
ファイル: ldapupdate.c プロジェクト: twolife/claws
/**
 * Deside which kind of operation is required to handle
 * updating the specified attribute
 *
 * \param ld AddressBook resource
 * \param server Reference to server
 * \param dn dn for the entry
 * \param attr Attribute
 * \param value New value
 * \return int, return will be LDAP_MOD_ADD, LDAP_MOD_REPLACE, or LDAP_MOD_DELETE
 */
int ldapsvr_deside_operation(LDAP *ld, LdapServer *server, char *dn, char *attr, char *value) {
	int rc;
	gboolean dummy = FALSE;

#ifdef OPEN_LDAP_API_AT_LEAST_3000

	struct berval val;

#endif

	cm_return_val_if_fail(ld != NULL || server != NULL || dn != NULL || attr != NULL, -1);
	if (value == NULL)
		return -1;
	/* value containing empty string cause invalid syntax. A bug in
	 * the LDAP library? Therefore we add a dummy value
	 */
	if (strcmp(value,"") == 0) {
		value = g_strdup("thisisonlyadummy");
		dummy = TRUE;
	}

#ifdef OPEN_LDAP_API_AT_LEAST_3000

	val.bv_val = value;
	val.bv_len = strlen(value);

	rc = ldap_compare_ext_s(ld, dn, attr, &val, NULL, NULL);

#else

	/* This is deprecated as of OpenLDAP-2.3.0 */
	rc = ldap_compare_s(ld, dn, attr, value);

#endif

	debug_print("ldap_compare for (%s:%s)\" error_code[0x%x]: %s\n",
       	attr, value, rc, ldaputil_get_error(ld));
	switch (rc) {
		case LDAP_COMPARE_FALSE: 
			if (dummy)
				return LDAP_MOD_DELETE;
			else
				return LDAP_MOD_REPLACE;
		case LDAP_COMPARE_TRUE: return -1;
		case LDAP_NO_SUCH_ATTRIBUTE: return LDAP_MOD_ADD;
		/* LDAP_INAPPROPRIATE_MATCHING needs extensive testing because I
		 * am not aware off the condition causing this return value!
		 */
		case LDAP_INAPPROPRIATE_MATCHING:
			if (dummy)
				value = NULL;
			return ldapsvr_compare_manual_attr(ld, server, dn, attr, value);
		case LDAP_UNDEFINED_TYPE: return -2;
		case LDAP_INVALID_SYNTAX: return -2;
		default: return -2;
	}
}
コード例 #4
0
/* Check the userid & password.
 * Return 0 on success, 1 on failure
 */
static int
checkLDAP(LDAP * persistent_ld, const char *userid, const char *password, const char *ldapServer, int port)
{
    char dn[1024];
    int ret = 0;
    LDAP *bind_ld = NULL;

    if (!*password) {
	/* LDAP can't bind with a blank password. Seen as "anonymous"
	 * and always granted access
	 */
	if (debug)
	    fprintf(stderr, "Blank password given\n");
	return 1;
    }
    if (searchfilter) {
	char filter[16384];
	char escaped_login[1024];
	LDAPMessage *res = NULL;
	LDAPMessage *entry;
	char *searchattr[] =
	{(char *)LDAP_NO_ATTRS, NULL};
	char *userdn;
	int rc;
	LDAP *search_ld = persistent_ld;

	if (!search_ld)
	    search_ld = open_ldap_connection(ldapServer, port);

	ldap_escape_value(escaped_login, sizeof(escaped_login), userid);
	if (binddn) {
	    rc = ldap_simple_bind_s(search_ld, binddn, bindpasswd);
	    if (rc != LDAP_SUCCESS) {
		fprintf(stderr, PROGRAM_NAME ": WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
		ret = 1;
		goto search_done;
	    }
	}
	snprintf(filter, sizeof(filter), searchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login);
	if (debug)
	    fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, basedn);
	rc = ldap_search_s(search_ld, basedn, searchscope, filter, searchattr, 1, &res);
	if (rc != LDAP_SUCCESS) {
	    if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
		/* Everything is fine. This is expected when referrals
		 * are disabled.
		 */
		if (debug)
		    fprintf(stderr, "noreferrals && rc == LDAP_PARTIAL_RESULTS\n");
	    } else {
		fprintf(stderr, PROGRAM_NAME ": WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
#if defined(NETSCAPE_SSL)
		if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
		    int sslerr = PORT_GetError();
		    fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
		}
#endif
		ret = 1;
		goto search_done;
	    }
	}
	entry = ldap_first_entry(search_ld, res);
	if (!entry) {
	    if (debug)
		fprintf(stderr, "Ldap search returned nothing\n");
	    ret = 1;
	    goto search_done;
	}
	userdn = ldap_get_dn(search_ld, entry);
	if (!userdn) {
	    fprintf(stderr, PROGRAM_NAME ": ERROR, could not get user DN for '%s'\n", userid);
	    ret = 1;
	    goto search_done;
	}
	snprintf(dn, sizeof(dn), "%s", userdn);
	squid_ldap_memfree(userdn);

	if (ret == 0 && (!binddn || !bind_once || passwdattr)) {
	    /* Reuse the search connection for comparing the user password attribute */
	    bind_ld = search_ld;
	    search_ld = NULL;
	}
      search_done:
	if (res) {
	    ldap_msgfree(res);
	    res = NULL;
	}
	if (search_ld && search_ld != persistent_ld) {
	    ldap_unbind(search_ld);
	    search_ld = NULL;
	}
	if (ret != 0)
	    return ret;
    } else {
	snprintf(dn, sizeof(dn), "%s=%s,%s", userattr, userid, basedn);
    }

    if (debug)
	fprintf(stderr, "attempting to authenticate user '%s'\n", dn);
    if (!bind_ld && !bind_once)
	bind_ld = persistent_ld;
    if (!bind_ld)
	bind_ld = open_ldap_connection(ldapServer, port);
    if (passwdattr) {
	if (ldap_compare_s(bind_ld, dn, passwdattr, password) != LDAP_COMPARE_TRUE) {
	    ret = 1;
	}
    } else if (ldap_simple_bind_s(bind_ld, dn, password) != LDAP_SUCCESS)
	ret = 1;
    if (bind_ld != persistent_ld) {
	ldap_unbind(bind_ld);
	bind_ld = NULL;
    }
    return ret;
}