/* dump a record from LDAP on stdout used for debugging */ void ads_dump(ADS_STRUCT *ads, LDAPMessage *res) { char *field; LDAPMessage *msg; BerElement *b; char *this_dn; for (msg = ldap_first_entry(ads->ld, res); msg; msg = ldap_next_entry(ads->ld, msg)) { this_dn = ldap_get_dn(ads->ld, res); if (this_dn) { printf("Dumping: %s\n", this_dn); } ldap_memfree(this_dn); for (field = ldap_first_attribute(ads->ld, msg, &b); field; field = ldap_next_attribute(ads->ld, msg, b)) { char **values, **p; values = ldap_get_values(ads->ld, msg, field); for (p = values; *p; p++) { printf("%s: %s\n", field, *p); } ldap_value_free(values); ldap_memfree(field); } ber_free(b, 1); printf("\n"); } }
static void dump_ldap_entry (LDAP *ld, LDAPMessage *res) { BerElement *pos; gchar **values; gchar **v; char *t; t = ldap_get_dn (ld, res); g_debug ("dn: %s\n", t); ldap_memfree (t); for (t = ldap_first_attribute (ld, res, &pos); t; t = ldap_next_attribute (ld, res, pos)) { values = get_ldap_values (ld, res, t); for (v = values; *v; v++) g_debug ("%s: %s\n", t, *v); g_strfreev (values); ldap_memfree (t); } ber_free (pos, 0); }
VALUE rb_ldap_entry_new (LDAP * ldap, LDAPMessage * msg) { VALUE val; RB_LDAPENTRY_DATA *edata; char *c_dn; val = Data_Make_Struct (rb_cLDAP_Entry, RB_LDAPENTRY_DATA, rb_ldap_entry_mark, rb_ldap_entry_free, edata); edata->ldap = ldap; edata->msg = msg; /* get dn */ c_dn = ldap_get_dn(ldap, msg); if (c_dn) { edata->dn = rb_tainted_str_new2(c_dn); ldap_memfree(c_dn); } else { edata->dn = Qnil; } /* get attributes */ edata->attr = rb_ldap_entry_load_attr(ldap, msg); return val; }
// readonly attribute wstring dn; NS_IMETHODIMP nsLDAPMessage::GetDn(nsACString& aDn) { char *rawDn = ldap_get_dn(mConnectionHandle, mMsgHandle); if (!rawDn) { PRInt32 lderrno = ldap_get_lderrno(mConnectionHandle, 0, 0); switch (lderrno) { case LDAP_DECODING_ERROR: NS_WARNING("nsLDAPMessage::GetDn(): ldap decoding error"); return NS_ERROR_LDAP_DECODING_ERROR; case LDAP_PARAM_ERROR: default: NS_ERROR("nsLDAPMessage::GetDn(): internal error"); return NS_ERROR_UNEXPECTED; } } PR_LOG(gLDAPLogModule, PR_LOG_DEBUG, ("nsLDAPMessage::GetDn(): dn = '%s'", rawDn)); aDn.Assign(rawDn); ldap_memfree(rawDn); return NS_OK; }
int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, char **_dn) { char *str; int lerrno; int ret; lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret))); } str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); DEBUG(1, ("ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno))); return EIO; } *_dn = talloc_strdup(memctx, str); ldap_memfree(str); if (!*_dn) return ENOMEM; return EOK; }
static void ldap_dump(LDAP *ld,LDAPMessage *res) { LDAPMessage *e; for (e = ldap_first_entry(ld, res); e; e = ldap_next_entry(ld, e)) { BerElement *b; char *attr; char *dn = ldap_get_dn(ld, res); if (dn) printf("dn: %s\n", dn); ldap_memfree(dn); for (attr = ldap_first_attribute(ld, e, &b); attr; attr = ldap_next_attribute(ld, e, b)) { char **values, **p; values = ldap_get_values(ld, e, attr); for (p = values; *p; p++) { printf("%s: %s\n", attr, *p); } ldap_value_free(values); ldap_memfree(attr); } ber_free(b, 1); printf("\n"); } }
/* returns the number of matches found */ static GList * __auth_get_every_match(const char *q, const char **retfields) { LDAPMessage *ldap_msg; LDAPMessage *ldap_res; char **ldap_vals = NULL, *dn; int j = 0, k = 0, m = 0, err; GList *attlist,*fldlist,*entlist; LDAP *_ldap_conn = ldap_con_get(); attlist = fldlist = entlist = NULL; if (! (ldap_res = authldap_search(q))) return NULL; if ((j = ldap_count_entries(_ldap_conn, ldap_res)) < 1) { TRACE(TRACE_DEBUG, "nothing found"); if (ldap_res) ldap_msgfree(ldap_res); return NULL; } /* do the first entry here */ if ((ldap_msg = ldap_first_entry(_ldap_conn, ldap_res)) == NULL) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_first_entry failed: [%s]", ldap_err2string(err)); if (ldap_res) ldap_msgfree(ldap_res); return NULL; } while (ldap_msg) { dn = ldap_get_dn(_ldap_conn, ldap_msg); TRACE(TRACE_DEBUG,"scan results for DN: [%s]", dn); for (k = 0; retfields[k] != NULL; k++) { TRACE(TRACE_DEBUG,"ldap_get_values [%s]", retfields[k]); if ((ldap_vals = ldap_get_values(_ldap_conn, ldap_msg, retfields[k]))) { m = 0; while (ldap_vals[m]) { TRACE(TRACE_DEBUG,"got value [%s]", ldap_vals[m]); attlist = g_list_append(attlist,g_strdup(ldap_vals[m])); m++; } } fldlist = g_list_append(fldlist, attlist); attlist = NULL; ldap_value_free(ldap_vals); } entlist = g_list_append(entlist, fldlist); fldlist = NULL; ldap_memfree(dn); ldap_msg = ldap_next_entry(_ldap_conn, ldap_msg); } if (ldap_res) ldap_msgfree(ldap_res); if (ldap_msg) ldap_msgfree(ldap_msg); return entlist; }
int login::proof() { /* setup LDAP connection */ if((ld=ldap_init(LDAP_HOST, LDAP_PORT)) == NULL) { perror("ldap_init failed"); return EXIT_FAILURE; } printf("\nconnected to LDAP server %s on port %d\n",LDAP_HOST,LDAP_PORT); /* non-anonymous bind from home */ rc = ldap_simple_bind_s(ld,BIND_USER,BIND_PW); if(rc != LDAP_SUCCESS) { fprintf(stderr,"\nLDAP error: %s\n",ldap_err2string(rc)); return EXIT_FAILURE; } else { printf("\npretended anonymous bind successful\n"); } /* perform LDAP search */ rc = ldap_search_s(ld, SEARCHBASE, SCOPE, filter_c, attribs, 0, &result); if(rc != LDAP_SUCCESS) { fprintf(stderr,"\nLDAP search error: %s\n",ldap_err2string(rc)); return EXIT_FAILURE; }else{ printf("\nTotal results: %d\n", ldap_count_entries(ld, result)); if(ldap_count_entries(ld,result) < 1) { fprintf(stderr,"\nUser nicht gefunden!\n"); return EXIT_FAILURE; } } e = ldap_first_entry(ld, result); found = ldap_get_dn(ld,e); printf("\nDN: %s\n",found); /* User anmelden */ rc = ldap_simple_bind_s(ld,found,passwd_c); if(rc != LDAP_SUCCESS) { fprintf(stderr,"\nLDAP error: %s\n",ldap_err2string(rc)); return EXIT_FAILURE; } else { printf("\nbind successful\n"); } /* free memory used for result */ ldap_msgfree(result); free(attribs[0]); free(attribs[1]); printf("\nLDAP login succeeded\n"); ldap_unbind(ld); return EXIT_SUCCESS; }
static VALUE ldapmessage2obj(LDAP *ld, LDAPMessage *msg) { VALUE obj; char *dn, *attr; BerElement *ber; BerValue **values; BerValue *value; VALUE rdn, attrs, ary, str; int length, i; obj = rb_class_new_instance(0, NULL, cLDAP_Message); // Set the DN dn = ldap_get_dn(ld, msg); rdn = rb_str_new2(dn); ldap_memfree(dn); rb_iv_set(obj, "@dn", rdn); // Set the attributes attrs = rb_hash_new(); attr = ldap_first_attribute(ld, msg, &ber); do { values = ldap_get_values_len(ld, msg, attr); if (values == NULL) { rldap_raise(rldap_errno_c(obj)); } ary = rb_ary_new(); length = ldap_count_values_len(values); for (i=0; i<length; i++) { value = values[i]; if (value->bv_len == 4 && strncmp(value->bv_val, "TRUE", value->bv_len) == 0) rb_ary_push(ary, Qtrue); else if (value->bv_len == 5 && strncmp(value->bv_val, "FALSE", value->bv_len) == 0) rb_ary_push(ary, Qfalse); else { str = rb_str_new(value->bv_val, value->bv_len); rb_ary_push(ary, str); } } rb_hash_aset(attrs, rb_str_new2(attr), ary); ldap_value_free_len(values); ldap_memfree(attr); } while (attr = ldap_next_attribute(ld, msg, ber)); ber_free(ber, 0); rb_iv_set(obj, "@attrs", attrs); return obj; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMessage *result, *e; BerElement *ber; char *a, *dn; char **vals; int i; /* get a handle to an LDAP connection */ if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) { perror( "ldap_init" ); return( 1 ); } /* authenticate to the directory as nobody */ if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); ldap_unbind( ld ); return( 1 ); } /* search for all entries with surname of Jensen */ if ( ldap_search_s( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE, MY_FILTER, NULL, 0, &result ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_search_s" ); if ( result == NULL ) { ldap_unbind( ld ); return( 1 ); } } /* for each entry print out name + all attrs and values */ for ( e = ldap_first_entry( ld, result ); e != NULL; e = ldap_next_entry( ld, e ) ) { if ( (dn = ldap_get_dn( ld, e )) != NULL ) { printf( "dn: %s\n", dn ); ldap_memfree( dn ); } for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL; a = ldap_next_attribute( ld, e, ber ) ) { if ((vals = ldap_get_values( ld, e, a)) != NULL ) { for ( i = 0; vals[i] != NULL; i++ ) { printf( "%s: %s\n", a, vals[i] ); } ldap_value_free( vals ); } ldap_memfree( a ); } if ( ber != NULL ) { ber_free( ber, 0 ); } printf( "\n" ); } ldap_msgfree( result ); ldap_unbind( ld ); return( 0 ); }
int ldap_sort_entries( LDAP *ld, LDAPMessage **chain, char *attr, /* NULL => sort by DN */ int (*cmp)(const void *a, const void *b) ) { int i, count; struct entrything *et; LDAPMessage *e, *last; LDAPMessage **ep; count = ldap_count_entries( ld, *chain ); if ( (et = (struct entrything *) malloc( count * sizeof(struct entrything) )) == NULL ) { ld->ld_errno = LDAP_NO_MEMORY; return( -1 ); } e = *chain; for ( i = 0; i < count; i++ ) { et[i].et_msg = e; if ( attr == NULL ) { char *dn; dn = ldap_get_dn( ld, e ); et[i].et_vals = ldap_explode_dn( dn, 1 ); free( dn ); } else { et[i].et_vals = ldap_get_values( ld, e, attr ); } e = e->lm_chain; } last = e; et_cmp_fn = cmp; qsort( et, count, sizeof(struct entrything), (void *) et_cmp ); ep = chain; for ( i = 0; i < count; i++ ) { *ep = et[i].et_msg; ep = &(*ep)->lm_chain; ldap_value_free( et[i].et_vals ); } *ep = last; free( (char *) et ); return( 0 ); }
/* Remove the user from all groups below the given container */ int ad_group_subtree_remove_user(char *container_dn, char *user_dn) { LDAP *ds; char *filter; int filter_length; char *attrs[]={"1.1", NULL}; LDAPMessage *res; LDAPMessage *entry; int result, num_results; char *group_dn=NULL; ds=ad_login(); if(!ds) return ad_error_code; filter_length=(strlen(user_dn)+255); filter=malloc(filter_length); snprintf(filter, filter_length, "(&(objectclass=group)(member=%s))", user_dn); result=ldap_search_s(ds, container_dn, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &res); if(result!=LDAP_SUCCESS) { snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_search_s for ad_group_subtree_remove_user: %s", ldap_err2string(result)); ad_error_code=AD_LDAP_OPERATION_FAILURE; return ad_error_code; } free(filter); num_results=ldap_count_entries(ds, res); if(num_results==0) { ad_error_code=AD_SUCCESS; return ad_error_code; } entry=ldap_first_entry(ds, res); while(entry!=NULL) { group_dn=ldap_get_dn(ds, entry); if(ad_group_remove_user(group_dn, user_dn)!=AD_SUCCESS) { snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ad_group_subtree_remove_user" "\nwhen removing %s from %s:\n%s", user_dn, group_dn, ad_error_msg); return ad_error_code; } entry=ldap_next_entry(ds, entry); } if(group_dn!=NULL) ldap_memfree(group_dn); ldap_msgfree(res); ad_error_code=AD_SUCCESS; return ad_error_code; }
void BuildReply(int res, LDAPRequest *req) { LDAPResult *ldap_result = req->result = new LDAPResult(); req->result->type = req->type; if (res != LDAP_SUCCESS) { ldap_result->error = ldap_err2string(res); return; } if (req->message == NULL) { return; } /* a search result */ for (LDAPMessage *cur = ldap_first_message(this->con, req->message); cur; cur = ldap_next_message(this->con, cur)) { LDAPAttributes attributes; char *dn = ldap_get_dn(this->con, cur); if (dn != NULL) { attributes["dn"].push_back(dn); ldap_memfree(dn); dn = NULL; } BerElement *ber = NULL; for (char *attr = ldap_first_attribute(this->con, cur, &ber); attr; attr = ldap_next_attribute(this->con, cur, ber)) { berval **vals = ldap_get_values_len(this->con, cur, attr); int count = ldap_count_values_len(vals); std::vector<Anope::string> attrs; for (int j = 0; j < count; ++j) attrs.push_back(vals[j]->bv_val); attributes[attr] = attrs; ldap_value_free_len(vals); ldap_memfree(attr); } if (ber != NULL) ber_free(ber, 0); ldap_result->messages.push_back(attributes); } }
static int ldap_get_fulldn(LD_session *session, char *username, char *userstr, int username_length) { struct berval cred; struct berval *msgidp=NULL; char filter[MAXFILTERSTR], *dn; int rc = 0; char logbuf[MAXLOGBUF]; LDAPMessage *res, *entry; memset(userstr, 0, username_length); cred.bv_val = ldap_authorization_bindpasswd; cred.bv_len = strlen(ldap_authorization_bindpasswd); #if LDAP_API_VERSION > 3000 if((rc = ldap_sasl_bind_s(session->sess, ldap_authorization_binddn, ldap_authorization_type, &cred, NULL, NULL, &msgidp))!=LDAP_SUCCESS) { snprintf(logbuf, MAXLOGBUF, "!!!Ldap server %s authentificate with method %s failed: %s", ldap_authorization_host, ldap_authorization_type, ldap_err2string(rc)); ldap_log(LOG_DEBUG, logbuf); return RETURN_FALSE; }; #else if((rc = ldap_bind_s(session->sess, ldap_authorization_binddn, ldap_authorization_bindpasswd, LDAP_AUTH_SIMPLE))!=LDAP_SUCCESS) { snprintf(logbuf, MAXLOGBUF, "Ldap server %s authentificate failed: %s", ldap_authorization_host, ldap_err2string(rc)); ldap_log(LOG_DEBUG, logbuf); return RETURN_FALSE; } #endif /* create filter for search */ memset(filter, 0, MAXFILTERSTR); snprintf(filter, MAXLOGBUF, "(uid=%s)", username); if ((rc = ldap_search_ext_s(session->sess, ldap_authorization_basedn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &res)) != LDAP_SUCCESS) { #if LDAP_API_VERSION > 3000 ldap_unbind_ext(session->sess, NULL, NULL); #else ldap_unbind(session->sess); #endif return RETURN_FALSE; } if ((entry = ldap_first_entry(session->sess,res)) == NULL) { return RETURN_FALSE; } else { dn = ldap_get_dn(session->sess, entry); strncpy(userstr, dn, strlen(dn)); }; ldap_msgfree(res); return RETURN_TRUE; }
int _ldap_lookup(void) { char *attrs[] = { NULL }; char *filter, *dn; char **values; LDAP *ld; LDAPMessage *res, *entry; int ret; ld = ldap_init(LDAP_HOST, LDAP_PORT); if (!ld) { fprintf(stderr, "%s: unable to initialise ldap connection\n", prog); return 1; } ret = ldap_simple_bind_s(ld, LDAP_BIND_DN, LDAP_BIND_PASSWD); if (ret) return 1; filter = malloc(sizeof(LDAP_FILTER) + strlen(user) + strlen(host)); sprintf(filter, LDAP_FILTER, user, host); ret = ldap_search_s(ld, LDAP_BASE, LDAP_SCOPE, filter, attrs, 0, &res); if (ret) { fprintf(stderr, "%s: ldap search failed: %s\n", prog, ldap_err2string(ret)); return 1; } entry = ldap_first_entry(ld, res); if (!entry) return 1; dn = ldap_get_dn(ld, res); ldap_msgfree(res); ret = ldap_simple_bind_s(ld, dn, password); if (ret) return 1; ldap_memfree(dn); ldap_unbind(ld); return 0; }
/******************************************************************************* 函数名称 : dot1x_ldap_search_dn_timeout 功能描述 : LDAP_SEARCH_DN状态查询用户DN 输入参数 : user_data --- 定时器参数,sm状态机 输出参数 : 无 返 回 值 : 无 ------------------------------------------------------------ 最近一次修改记录 : 修改作者 : 王群 修改目的 : 新增函数 修改日期 : 2011年6月2日 *******************************************************************************/ void dot1x_ldap_search_dn_timeout(void *user_data) { s8 filter[1024]; s32 retcode; s8 *userdn = NULL; LDAPMessage *res = NULL; LDAPMessage *msg = NULL; struct eapol_state_machine *sm = (struct eapol_state_machine *)user_data; snprintf(filter, sizeof(filter), "(%s=%s)", g_dot1x_var.ldap_conf.ldap_filter, sm->identity); /*执行查询操作*/ retcode = ldap_search_s(sm->ldap_sm->ldap, g_dot1x_var.ldap_conf.ldap_basedn, LDAP_SCOPE_SUBTREE, filter, g_ldap_attrs, 0, &res); (sm->ldap_sm->req_count)++; if (LDAP_SUCCESS == retcode) { msg = ldap_first_entry(sm->ldap_sm->ldap, res); if (NULL == msg) { ldap_msgfree(res); return; } /*获得用户的dn*/ userdn = ldap_get_dn(sm->ldap_sm->ldap, msg); if (NULL == userdn) { ldap_msgfree(res); return; } sm->ldap_sm->userdn = userdn; /*查询成功,进入LDAP_BIND_DN状态*/ dot1x_ldap_bind_dn_entry(sm); } else if (LDAP_TIMEOUT == retcode && sm->ldap_sm->req_count < g_dot1x_var.conf.retransmit_times) { /*重载定时器*/ dloop_register_timeout(0, 0, dot1x_ldap_search_dn_timeout, sm); } else { /*关闭连接*/ ldap_unbind(sm->ldap_sm->ldap); /*查询失败,进入LDAP_FAILURE状态*/ dot1x_ldap_failure_entry(sm); } ldap_msgfree(res); return; }
/* * Returns an LDAP error code. */ static int cmp2( LDAP *ld1, LDAP *ld2, LDAPMessage *e1, int findonly) { LDAPMessage *e2, *res; char *dn, *attrcmp; int found=0, rc; ATTR *a1, *a2; dn = ldap_get_dn( ld1, e1 ); if ( ldaptool_verbose ) { if ( findonly ) { printf( "Checking that %s exists on both servers\n", dn ); } else { printf("Comparing entry %s on both servers\n", dn ); } } if ( ldap_search( ld2, dn, LDAP_SCOPE_BASE, "objectClass=*", NULL, 0 ) == -1 ) { return( ldaptool_print_lderror( ld2, "ldap_search", LDAPTOOL_CHECK4SSL_IF_APPROP )); } /* XXXmcs: this code should be modified to display referrals and references */ while ( (rc = ldap_result( ld2, LDAP_RES_ANY, 0, NULL, &res )) == LDAP_RES_SEARCH_ENTRY ) { e2 = ldap_first_entry( ld1, res ); found = 1; if ( !findonly ) { a1 = get_attrs( ld1, e1 ); a2 = get_attrs( ld2, e2 ); attrcmp = cmp_attrs( a1, a2 ); if ( strcmp( attrcmp, "") != 0 ) { printf("\n%s%s\n", dn, attrcmp); } } ldap_msgfree( res ); } if ( !found ) { notfound( dn, findonly ); differ = 1; } if ( rc == -1 ) { return( ldaptool_print_lderror( ld2, "ldap_result", LDAPTOOL_CHECK4SSL_IF_APPROP )); } ldap_msgfree( res ); ldap_memfree( dn ); return(rc); }
static char *__auth_get_first_match(const char *q, const char **retfields) { LDAPMessage *ldap_msg; LDAPMessage *ldap_res; char *returnid = NULL, *ldap_dn = NULL; char **ldap_vals = NULL; int k = 0, err; LDAP *_ldap_conn = ldap_con_get(); if (! (ldap_res = authldap_search(q))) return NULL; if (ldap_count_entries(_ldap_conn, ldap_res) < 1) { TRACE(TRACE_DEBUG, "none found"); goto endfree; } ldap_msg = ldap_first_entry(_ldap_conn, ldap_res); if (ldap_msg == NULL) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_first_entry failed: %s", ldap_err2string(err)); goto endfree; } for (k = 0; retfields[k] != NULL; k++) { if (0 == strcasecmp(retfields[k], "dn")) { ldap_dn = ldap_get_dn(_ldap_conn, ldap_msg); if (ldap_dn) returnid = g_strdup(ldap_dn); break; } else { ldap_vals = ldap_get_values(_ldap_conn, ldap_msg, retfields[k]); if (ldap_vals) returnid = g_strdup(ldap_vals[0]); break; } } endfree: if (ldap_dn) ldap_memfree(ldap_dn); if (ldap_vals) ldap_value_free(ldap_vals); if (ldap_res) ldap_msgfree(ldap_res); return returnid; }
static krb5_error_code LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry) { krb5_error_code ret; LDAPMessage *msg, *e; char *dn = NULL; int rc, limit = LDAP_NO_LIMIT; ret = LDAP_principal2message(context, db, entry->principal, &msg); if (ret) goto out; e = ldap_first_entry(HDB2LDAP(db), msg); if (e == NULL) { ret = HDB_ERR_NOENTRY; goto out; } dn = ldap_get_dn(HDB2LDAP(db), e); if (dn == NULL) { ret = HDB_ERR_NOENTRY; goto out; } rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc)); ret = HDB_ERR_BADVERSION; goto out; } rc = ldap_delete_s(HDB2LDAP(db), dn); if (check_ldap(context, db, rc)) { krb5_set_error_string(context, "ldap_delete_s: %s", ldap_err2string(rc)); ret = HDB_ERR_CANT_LOCK_DB; } else ret = 0; out: if (dn != NULL) free(dn); if (msg != NULL) ldap_msgfree(msg); return ret; }
static void ldap_bind_lookup_dn_callback(struct ldap_connection *conn, struct ldap_request *ldap_request, LDAPMessage *res) { struct passdb_ldap_request *passdb_ldap_request = (struct passdb_ldap_request *)ldap_request; struct auth_request *auth_request = ldap_request->auth_request; struct passdb_ldap_request *brequest; char *dn; if (res != NULL && ldap_msgtype(res) == LDAP_RES_SEARCH_ENTRY) { if (passdb_ldap_request->entries++ > 0) { /* too many replies */ return; } /* first entry */ ldap_query_save_result(conn, auth_request, &passdb_ldap_request->request.search, res); /* save dn */ dn = ldap_get_dn(conn->ld, res); passdb_ldap_request->dn = p_strdup(auth_request->pool, dn); ldap_memfree(dn); } else if (res == NULL || passdb_ldap_request->entries != 1) { /* failure */ ldap_bind_lookup_dn_fail(auth_request, passdb_ldap_request, res); } else if (auth_request->skip_password_check) { /* we've already verified that the password matched - we just wanted to get any extra fields */ passdb_ldap_request->callback. verify_plain(PASSDB_RESULT_OK, auth_request); auth_request_unref(&auth_request); } else { /* create a new bind request */ brequest = p_new(auth_request->pool, struct passdb_ldap_request, 1); brequest->dn = passdb_ldap_request->dn; brequest->callback = passdb_ldap_request->callback; brequest->request.bind.dn = brequest->dn; brequest->request.bind.request.type = LDAP_REQUEST_TYPE_BIND; brequest->request.bind.request.auth_request = auth_request; ldap_auth_bind(conn, &brequest->request.bind); } }
/* find a printer given the name and the hostname Note that results "res" may be allocated on return so that the results can be used. It should be freed using ads_msgfree. */ ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, LDAPMessage **res, const char *printer, const char *servername) { ADS_STATUS status; char *srv_dn, **srv_cn, *s = NULL; const char *attrs[] = {"*", "nTSecurityDescriptor", NULL}; status = ads_find_machine_acct(ads, res, servername); if (!ADS_ERR_OK(status)) { DEBUG(1, ("ads_find_printer_on_server: cannot find host %s in ads\n", servername)); return status; } if (ads_count_replies(ads, *res) != 1) { ads_msgfree(ads, *res); *res = NULL; return ADS_ERROR(LDAP_NO_SUCH_OBJECT); } srv_dn = ldap_get_dn(ads->ldap.ld, *res); if (srv_dn == NULL) { ads_msgfree(ads, *res); *res = NULL; return ADS_ERROR(LDAP_NO_MEMORY); } srv_cn = ldap_explode_dn(srv_dn, 1); if (srv_cn == NULL) { ldap_memfree(srv_dn); ads_msgfree(ads, *res); *res = NULL; return ADS_ERROR(LDAP_INVALID_DN_SYNTAX); } ads_msgfree(ads, *res); *res = NULL; if (asprintf(&s, "(cn=%s-%s)", srv_cn[0], printer) == -1) { ldap_memfree(srv_dn); return ADS_ERROR(LDAP_NO_MEMORY); } status = ads_search(ads, res, s, attrs); ldap_memfree(srv_dn); ldap_value_free(srv_cn); SAFE_FREE(s); return status; }
/** Process an entry modification operation * * @note This is a callback for the sync_demux function. * * @param[in] conn the sync belongs to. * @param[in] config of the sync that received an entry. * @param[in] sync_id of the sync that received an entry. * @param[in] phase Refresh phase the sync is currently in. * @param[in] uuid of the entry. * @param[in] msg containing the entry. * @param[in] state The type of modification we need to perform to our * representation of the entry. * @param[in] user_ctx The listener. * @return * - 0 on success. * - -1 on failure. */ static int _proto_ldap_entry(fr_ldap_connection_t *conn, sync_config_t const *config, int sync_id, UNUSED sync_phases_t phase, uint8_t const uuid[SYNC_UUID_LENGTH], LDAPMessage *msg, sync_states_t state, void *user_ctx) { rad_listen_t *listen = talloc_get_type_abort(user_ctx, rad_listen_t); proto_ldap_inst_t *inst = talloc_get_type_abort(listen->data, proto_ldap_inst_t); fr_ldap_map_exp_t expanded; REQUEST *request; request = proto_ldap_request_setup(listen, inst, sync_id); if (!request) return -1; proto_ldap_attributes_add(request, config); request->packet->code = state; /* * Add the entry DN and attributes */ if (msg) { char *entry_dn; VALUE_PAIR *vp; entry_dn = ldap_get_dn(conn->handle, msg); MEM(pair_update_request(&vp, attr_ldap_sync_entry_dn) >= 0); ldap_memfree(entry_dn); MEM(pair_update_request(&vp, attr_ldap_sync_entry_uuid) >= 0); fr_pair_value_memcpy(vp, uuid, SYNC_UUID_LENGTH); } /* * Apply the attribute map */ if (fr_ldap_map_expand(&expanded, request, config->entry_map) < 0) { error: talloc_free(request); return -1; } if (fr_ldap_map_do(request, conn, NULL, &expanded, msg) < 0) goto error; // request_enqueue(request); return 0; }
/** * The public method auth authenticats the user with username and password * Parameters: * std::string *username: a reverence to the username * std::string *pw: a reverence to the password * Return: * bool: true if auth successfull */ bool LDAPConnection::auth(std::string *username, std::string *pw){ int rc = 0; LDAPMessage *result, *entry; std::string filter = "(uid="; filter.append(*username); filter.append(")"); //searches for user rc = ldap_search_s(this->ld, SEARCHBASE, SCOPE, filter.c_str(), this->attribs, 0, &result); if(rc != LDAP_SUCCESS){ std::cout << ldap_err2string(rc) << std::endl; ldap_msgfree(result); return false; } //counts results if(ldap_count_entries(this->ld, result) != 1){ ldap_msgfree(result); return false; } //gets user dn entry = ldap_first_entry(this->ld, result); std::string dn = ldap_get_dn(this->ld,entry); ldap_msgfree(result); //initializes a new ldap connection LDAP *ldp; ldap_initialize(&ldp, LDAP_HOST); if(ldp == NULL){ return false; } //tries to bind the user rc = ldap_simple_bind_s(ldp, dn.c_str(), pw->c_str()); if(rc != LDAP_SUCCESS){ ldap_unbind(ldp); return false; } //closes the new ldap connection ldap_unbind(ldp); return true; }
/*********************************************************************** * ldap_get_dnW (WLDAP32.@) * * Retrieve the DN from a given LDAP message. * * PARAMS * ld [I] Pointer to an LDAP context. * entry [I] LDAPMessage structure to retrieve the DN from. * * RETURNS * Success: Pointer to a string that contains the DN. * Failure: NULL * * NOTES * Free the string with ldap_memfree. */ PWCHAR CDECL ldap_get_dnW( WLDAP32_LDAP *ld, WLDAP32_LDAPMessage *entry ) { PWCHAR ret = NULL; #ifdef HAVE_LDAP char *retU; TRACE( "(%p, %p)\n", ld, entry ); if (!ld || !entry) return NULL; retU = ldap_get_dn( ld, entry ); ret = strUtoW( retU ); ldap_memfree( retU ); #endif return ret; }
NTSTATUS kuhl_m_sid_add(int argc, wchar_t * argv[]) { PLDAP ld; DWORD dwErr; PCWCHAR szName; PWCHAR domain = NULL; PLDAPMessage pMessage = NULL; BERVAL NewSid; PBERVAL pNewSid[2] = {&NewSid, NULL}; LDAPMod Modification = {LDAP_MOD_ADD | LDAP_MOD_BVALUES, L"sIDHistory"}; PLDAPMod pModification[2] = {&Modification, NULL}; Modification.mod_vals.modv_bvals = pNewSid; if(kull_m_string_args_byName(argc, argv, L"new", &szName, NULL)) { if(ConvertStringSidToSid(szName, (PSID *) &NewSid.bv_val) || kull_m_token_getSidDomainFromName(szName, (PSID *) &NewSid.bv_val, &domain, NULL, NULL)) { if(IsValidSid((PSID) NewSid.bv_val)) { NewSid.bv_len = GetLengthSid((PSID) NewSid.bv_val); if(kuhl_m_sid_quickSearch(argc, argv, TRUE, NULL, &ld, &pMessage)) { kprintf(L"\n * Will try to add \'%s\' this new SID:\'", Modification.mod_type); kull_m_string_displaySID(NewSid.bv_val); kprintf(L"\': "); dwErr = ldap_modify_s(ld, ldap_get_dn(ld, pMessage), pModification); if(dwErr == LDAP_SUCCESS) kprintf(L"OK!\n"); else PRINT_ERROR(L"ldap_modify_s 0x%x (%u)\n", dwErr, dwErr); if(pMessage) ldap_msgfree(pMessage); ldap_unbind(ld); } } else PRINT_ERROR(L"Invalid SID\n"); LocalFree(NewSid.bv_val); if(domain) LocalFree(domain); } else PRINT_ERROR_AUTO(L"ConvertStringSidToSid / kull_m_token_getSidDomainFromName"); } else PRINT_ERROR(L"/new:sid or /new:resolvable_name is needed"); return STATUS_SUCCESS; }
//- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - std::string LDAP_UNX::getDistinguishedName( const std::string userID, std::string *dname ) { *dname = ""; LDAP *ldap = NULL; // INITIALISE AND CONNECT TO LDAP SERVER std::string e = initialize( &ldap ); if ( ! e.empty() ) {return( e ); } std::string base = ou + "," + dc; std::string bparam = std::string("CN=LDAPbind,") + base; const int ibind = ldap_simple_bind_s( ldap, bparam.c_str(), ldap_pw.c_str() ); if ( ibind != LDAP_SUCCESS ) {sprintf( ebuf, "ldap_simple_bind_s=%d", ibind ); return( std::string(ebuf) ); } /* SEARCH FOR ENTRY WITH sAMAccountName AS GIVEN BY USER AND GET distinguishedName IF IT EXISTS (IF FOUND, THEN USERNAME EXISTS) */ LDAPMessage *res = ( LDAPMessage * )NULL; std::string filter = "(sAMAccountName=" + userID + ")"; const int isearch = ldap_search_s( ldap, base.c_str(), LDAP_SCOPE_ONELEVEL, filter.c_str(), ( char ** )NULL, 0, &res ); if ( isearch != LDAP_SUCCESS ) {sprintf( ebuf, "ldap_search_s=%d", isearch ); return( std::string(ebuf) ); } const int nentries = ldap_count_entries( ldap, res ); if ( nentries <= 0 ) { // FAILED TO FIND distinguishedName from sAMAccountName ldap_msgfree( res ); ldap_unbind_s( ldap ); return( "Username not found in LDAP-OU" ); } // EXTRACT distinguishedNAme char *dn = ldap_get_dn( ldap, ldap_first_entry( ldap, res ) ); *dname = std::string( dn ); ldap_memfree( dn ); // TIDY UP ldap_msgfree( res ); ldap_unbind_s( ldap ); // DROP ASSOCIATION return( "" ); }
static char * dm_ldap_user_getdn(u64_t user_idnr) { GString *t = g_string_new(""); char *dn; int err; LDAPMessage *ldap_res; LDAPMessage *ldap_msg; LDAP *_ldap_conn = ldap_con_get(); g_string_printf(t, "(%s=%llu)", _ldap_cfg.field_nid, user_idnr); TRACE(TRACE_DEBUG, "searching with query [%s]", t->str); if (! (ldap_res = authldap_search(t->str))) { g_string_free(t,TRUE); return NULL; } g_string_free(t,TRUE); if (ldap_count_entries(_ldap_conn, ldap_res) < 1) { TRACE(TRACE_DEBUG, "no entries found"); ldap_msgfree(ldap_res); return NULL; } if (! (ldap_msg = ldap_first_entry(_ldap_conn, ldap_res))) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_first_entry failed: %s", ldap_err2string(err)); ldap_msgfree(ldap_res); return NULL; } if (! (dn = ldap_get_dn(_ldap_conn, ldap_msg))) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_get_dn failed: %s", ldap_err2string(err)); ldap_msgfree(ldap_res); return NULL; } ldap_msgfree(ldap_res); return dn; }
static void ldap_bind_lookup_dn_callback(struct ldap_connection *conn, struct ldap_request *ldap_request, LDAPMessage *res) { struct passdb_ldap_request *passdb_ldap_request = (struct passdb_ldap_request *)ldap_request; struct auth_request *auth_request = ldap_request->auth_request; struct passdb_ldap_request *brequest; char *dn; if (res != NULL && ldap_msgtype(res) == LDAP_RES_SEARCH_ENTRY) { if (passdb_ldap_request->entries++ > 0) { /* too many replies */ return; } /* first entry */ ldap_query_save_result(conn, auth_request, &passdb_ldap_request->request.search, res); /* save dn */ dn = ldap_get_dn(conn->ld, res); passdb_ldap_request->dn = p_strdup(auth_request->pool, dn); ldap_memfree(dn); } else if (res == NULL || passdb_ldap_request->entries != 1) { /* failure */ ldap_bind_lookup_dn_fail(auth_request, passdb_ldap_request, res); } else { /* create a new bind request */ brequest = p_new(auth_request->pool, struct passdb_ldap_request, 1); brequest->dn = passdb_ldap_request->dn; brequest->callback = passdb_ldap_request->callback; brequest->request.bind.dn = brequest->dn; brequest->request.bind.request.type = LDAP_REQUEST_TYPE_BIND; brequest->request.bind.request.auth_request = auth_request; ldap_auth_bind(conn, &brequest->request.bind); } }
int qldap_get_dn(qldap *q, stralloc *dn) { char *d; CHECK(q, EXTRACT); d = ldap_get_dn(q->ld, q->msg); if (d == (char *)0) return NOSUCH; if (!stralloc_copys(dn, d) || !stralloc_0(dn)) return ERRNO; #ifdef LDAP_OPT_PROTOCOL_VERSION /* * OpenLDAP 1.x does not have ldap_memfree() use free() instead. */ ldap_memfree(d); #else free(d); #endif return OK; }
/* used for debugging */ static void print_dn( LDAP *ld, LDAPMessage *entry ) { char *dn, *ufn; dn = ldap_get_dn( ld, entry ); if ( ldif ) { write_ldif_value( "dn", dn, strlen( dn )); } else { printf( "%s\n", dn ); } if ( includeufn ) { ufn = ldap_dn2ufn( dn ); if ( ldif ) { write_ldif_value( "ufn", ufn, strlen( ufn )); } else { printf( "%s\n", ufn ); } free( ufn ); } ldap_memfree( dn ); }