int main( int argc, char **argv ) { LDAP *ld; LDAPMessage *result, *e; BerElement *ber; char *a, *dn; char **vals; int i; /* get a handle to an LDAP connection */ if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) { perror( "ldap_init" ); return( 1 ); } /* authenticate to the directory as nobody */ if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); ldap_unbind( ld ); return( 1 ); } /* search for all entries with surname of Jensen */ if ( ldap_search_s( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE, MY_FILTER, NULL, 0, &result ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_search_s" ); if ( result == NULL ) { ldap_unbind( ld ); return( 1 ); } } /* for each entry print out name + all attrs and values */ for ( e = ldap_first_entry( ld, result ); e != NULL; e = ldap_next_entry( ld, e ) ) { if ( (dn = ldap_get_dn( ld, e )) != NULL ) { printf( "dn: %s\n", dn ); ldap_memfree( dn ); } for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL; a = ldap_next_attribute( ld, e, ber ) ) { if ((vals = ldap_get_values( ld, e, a)) != NULL ) { for ( i = 0; vals[i] != NULL; i++ ) { printf( "%s: %s\n", a, vals[i] ); } ldap_value_free( vals ); } ldap_memfree( a ); } if ( ber != NULL ) { ber_free( ber, 0 ); } printf( "\n" ); } ldap_msgfree( result ); ldap_unbind( ld ); return( 0 ); }
int ldap_add_machine_account(const char *ldap_host, const char *hostname, const char *realm) { LDAP *ld; int ldap_port = LDAP_PORT; char *bind_path; int rc; LDAPMessage *res; void *sasl_defaults; int version = LDAP_VERSION3; bind_path = build_dn(realm); printf("Creating host account for %s@%s\n", hostname, realm); ld = ldap_open(ldap_host, ldap_port); ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); rc = ldap_sasl_interactive_bind_s(ld, NULL, NULL, NULL, NULL, 0, sasl_interact, NULL); if (rc != LDAP_SUCCESS) { ldap_perror(ld, "ldap_bind"); goto failed; } rc = find_host(ld, &res, bind_path, hostname); if (rc == LDAP_SUCCESS && ldap_count_entries(ld, res) == 1) { printf("Host account for %s already exists\n", hostname); goto finished; } rc = add_host(ld, bind_path, hostname, realm); if (rc != LDAP_SUCCESS) { ldap_perror(ld, "add_host"); goto failed; } rc = find_host(ld, &res, bind_path, hostname); if (rc != LDAP_SUCCESS || ldap_count_entries(ld, res) != 1) { ldap_perror(ld, "find_host test"); goto failed; } printf("Successfully added machine account for %s\n", hostname); finished: free(bind_path); return 0; failed: printf("ldap_add_machine_account failed\n"); free(bind_path); ldap_unbind(ld); return 1; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMod mod0, mod1, *mods[ 3 ]; char *vals0[ 2 ], *vals1[ 2 ], buf[ 128 ]; time_t now; /* get an LDAP session handle and authenticate */ if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) { perror( "ldap_init" ); return( 1 ); } if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); return( 1 ); } /* construct the list of modifications to make */ mod0.mod_op = LDAP_MOD_REPLACE; mod0.mod_type = "mail"; vals0[0] = "*****@*****.**"; vals0[1] = NULL; mod0.mod_values = vals0; mod1.mod_op = LDAP_MOD_ADD; mod1.mod_type = "description"; time( &now ); sprintf( buf, "This entry was modified with the modattrs program on %s", ctime( &now )); /* Get rid of \n which ctime put on the end of the time string */ if ( buf[ strlen( buf ) - 1 ] == '\n' ) { buf[ strlen( buf ) - 1 ] = '\0'; } vals1[ 0 ] = buf; vals1[ 1 ] = NULL; mod1.mod_values = vals1; mods[ 0 ] = &mod0; mods[ 1 ] = &mod1; mods[ 2 ] = NULL; /* make the change and clean up after ourselves */ if ( ldap_modify_s( ld, ENTRYDN, mods ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_modify_s" ); return( 1 ); } ldap_unbind( ld ); printf( "modification was successful\n" ); return( 0 ); }
/* init && bind */ int ldap_connect(ldap_opt_t * ldap) { int version = LDAP_VERSION3; if (!ldap->servers) return FAILURE; /* Connection Init and setup */ ldap->ld = ldap_init(ldap->servers, LDAP_PORT); if (!ldap->ld) { ldap_perror(ldap->ld, "ldap_init()"); return FAILURE; } if ( ldap_set_option(ldap->ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) { ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION)"); return FAILURE; } /* Timeouts setup */ if (ldap_set_option(ldap->ld, LDAP_OPT_NETWORK_TIMEOUT, &ldap->b_timeout) != LDAP_SUCCESS) { ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT)"); } if (ldap_set_option(ldap->ld, LDAP_OPT_TIMEOUT, &ldap->s_timeout) != LDAP_SUCCESS) { ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_TIMEOUT)"); } /* TLS support */ if ( (ldap->tls == -1) || (ldap->tls == 1) ) { if (ldap_start_tls_s(ldap->ld, NULL, NULL ) != LDAP_SUCCESS) { /* failed then reinit the initial connect */ ldap_perror(ldap->ld, "ldap_connect: (TLS) ldap_start_tls()"); if (ldap->tls == 1) return FAILURE; ldap->ld = ldap_init(ldap->servers, LDAP_PORT); if (!ldap->ld) { ldap_perror(ldap->ld, "ldap_init()"); return FAILURE; } if ( ldap_set_option(ldap->ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) { ldap_perror(ldap->ld, "ldap_set_option()"); return FAILURE; } } } if ( ldap_simple_bind_s(ldap->ld, ldap->binddn, ldap->bindpw) != LDAP_SUCCESS) { ldap_perror(ldap->ld, "ldap_simple_bind_s()"); return FAILURE; } /* says it is connected */ FLAG_SET_CONNECTED(ldap->flags); return SUCCESS; }
unsigned int GetUserLevel(LDAP *ld,char *user) { LDAPMessage *res, *e; char *a; BerElement *ptr; char **vals; unsigned int ret; char *filter = GetClientFilter(user); if (ldap_search_s(ld, CLIENT_PATH, LDAP_SCOPE_SUBTREE,filter, NULL, 0, &res)!= LDAP_SUCCESS) { printf("%s\n",filter); ldap_perror(ld, "ldap_search_s"); exit(1); } if( (e=ldap_first_entry(ld, res)) == NULL ) fprintf(stderr, "LDAP error: user not found"); a = ldap_first_attribute(ld, e, &ptr); while( strcmp(a,"internationaliSDNNumber") != 0 ) a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); ret = atoi(vals[0]); /* free the search results */ ldap_msgfree(res); return ret; }
int ldap_parse_whoami( LDAP *ld, LDAPMessage *res, struct berval **authzid ) { int rc; char *retoid = NULL; assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( res != NULL ); assert( authzid != NULL ); *authzid = NULL; rc = ldap_parse_extended_result( ld, res, &retoid, authzid, 0 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_whoami" ); return rc; } ber_memfree( retoid ); return rc; }
/* * Function: copy_value * Copy value from a LDAP attribute to $copy * INPUT: * $ld: the connection with the LDAP server * $entry: the entry who contains attributes * $attribut: this attribut * $copy: where data can go * OUTPUT: * void */ static void copy_value(LDAP *ld, LDAPMessage *entry, const char *attribut, char **copy, const char *username) { char ** values; values=ldap_get_values(ld,entry, (char *)attribut); if (values==NULL) { #ifdef HAVE_LDAP_RESULT2ERROR int ld_errno = ldap_result2error(ld,entry,0); if (ld_errno && ld_errno != LDAP_DECODING_ERROR) /* We didn't ask for this attribute */ ldap_perror(ld,"ldap_get_values"); #else if (ld->ld_errno != LDAP_DECODING_ERROR) /* We didn't ask for this attribute */ ldap_perror(ld,"ldap_get_values"); #endif *copy=NULL; return; } /* We accept only attribute with one value */ else if (ldap_count_values(values)>1) { *copy=strdup(values[0]); syslog(LOG_DAEMON, "authldaplib: duplicate attribute %s for %s\n", attribut, username); *copy=NULL; } /* We accept only attribute with one value */ else if (ldap_count_values(values)!=1) { *copy=NULL; } else { *copy=strdup(values[0]); } #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"copy_value %s: %s\n",attribut,values[0]); #endif ldap_value_free(values); }
int main( int argc, char **argv ) { int version; LDAP *ld; char *target; int rc; struct berval userid; struct berval oldpasswd; struct berval newpasswd; struct berval genpasswd; /* Use LDAPv3. */ version = LDAP_VERSION3; if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version ) != 0 ) { fprintf( stderr, "ldap_set_option protocol version to %d failed\n", version ); return ( 1 ); } /* Get a handle to an LDAP connection. */ if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) { perror( "ldap_init" ); return( 1 ); } /* Authenticate to the directory. */ if ( ldap_simple_bind_s( ld, ENTRYDN, ENTRYPW ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); return( 1 ); } /* Change the password using the extended operation. */ userid.bv_val = ENTRYDN; userid.bv_len = strlen(userid.bv_val); oldpasswd.bv_val = ENTRYPW; oldpasswd.bv_len = strlen(oldpasswd.bv_val); newpasswd.bv_val = "ChangeMe!"; newpasswd.bv_len = strlen(newpasswd.bv_val); rc = ldap_passwd_s( ld, &userid, &oldpasswd, &newpasswd, &genpasswd, NULL, NULL ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_passwd_s: %s\n", ldap_err2string( rc ) ); ldap_unbind( ld ); return( 1 ); } else { printf( "Successfully changed password for %s\n", userid.bv_val ); } ldap_unbind( ld ); return( 0 ); }
/* Like isc_result_check, only for LDAP */ void ldap_result_check (char *msg, char *dn, int err) { if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS)) { fprintf(stderr, "Error while adding %s (%s):\n", dn, msg); ldap_perror (conn, dn); ldap_unbind_s (conn); exit (-1); } }
static void print_ldap_result( LDAP *ld, LDAPMessage *lm, const char *s ) { ldap_result2error( ld, lm, 1 ); ldap_perror( ld, s ); /* if ( ld->ld_error != NULL && *ld->ld_error != '\0' ) fprintf( stderr, "Additional info: %s\n", ld->ld_error ); if ( LDAP_NAME_ERROR( ld->ld_errno ) && ld->ld_matched != NULL ) fprintf( stderr, "Matched DN: %s\n", ld->ld_matched ); */ }
void ldap_close(ldap_opt_t * ldap) { if (!ldap) return; if ( ldap_unbind_ext(ldap->ld, NULL, NULL) < 0) ldap_perror(ldap->ld, "ldap_unbind()"); ldap->ld = NULL; FLAG_SET_DISCONNECTED(ldap->flags); return; }
/* -1 if trouble 0 if user is NOT member of current server group 1 if user IS MEMBER of current server group */ int ldap_ismember(ldap_opt_t * l, const char * user) { LDAPMessage *res; char * filter; int i; if ((!l->sgroup) || !(l->g_basedn)) return 1; /* Am i still connected ? RETRY n times */ /* XXX TODO: setup some conf value for retrying */ if (!(l->flags & FLAG_CONNECTED)) for (i = 0 ; i < 2 ; i++) if (ldap_connect(l) == 0) break; /* quick check for attempts to be evil */ if ((strchr(user, '(') != NULL) || (strchr(user, ')') != NULL) || (strchr(user, '*') != NULL) || (strchr(user, '\\') != NULL)) return FAILURE; /* build filter for LDAP request */ REQUEST_GROUP(filter, l->fgroup, user); if (ldap_search_st( l->ld, l->g_basedn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &l->s_timeout, &res) != LDAP_SUCCESS) { ldap_perror(l->ld, "ldap_search_st()"); free(filter); /* XXX error on search, timeout etc.. close ask for reconnect */ ldap_close(l); return FAILURE; } free(filter); /* check if any results */ if (ldap_count_entries(l->ld, res) > 0) { ldap_msgfree(res); return 1; } ldap_msgfree(res); return 0; }
static void *compare_thread(char *id) { char dn[BUFSIZ], name[40], cmpval[40]; int rc, randval, opcount; struct berval bv; void *voidrc = (void *)0; printf("Starting compare_thread %s.\n", id); opcount = 0; tsd_setup(); for (;;) { randval = get_random_id(); sprintf(name, "%d", randval); sprintf(dn, "cn=%s, " BASE, name); sprintf(cmpval, "%d", randval + random() % 3); bv.bv_val = cmpval; bv.bv_len = strlen(cmpval); printf("Thread %s: Comparing cn in entry (%s) with %s\n", id, dn, cmpval); rc = ldap_compare_ext_s(ld, dn, "cn", &bv, NULL, NULL); switch (rc) { case LDAP_COMPARE_TRUE: printf("Thread %s: entry (%s) contains cn %s\n", id, dn, cmpval); break; case LDAP_COMPARE_FALSE: printf("Thread %s: entry (%s) doesn't contain cn %s\n", id, dn, cmpval); break; default: ldap_perror(ld, "ldap_compare_ext_s"); if (rc == LDAP_SERVER_DOWN) { perror("ldap_compare_ext_s"); voidrc = (void *)1; goto compare_cleanup_and_return; } } ++opcount; if (maxops != 0 && opcount >= maxops) { break; } } compare_cleanup_and_return: printf("Thread %s: attempted %d compare operations\n", id, opcount); set_ld_error(0, NULL, NULL, NULL); /* disposes of memory */ tsd_cleanup(); free(id); return voidrc; }
static void *bind_thread(char *id) { char dn[BUFSIZ], name[40]; int rc, opcount; void *voidrc = (void *)0; printf("Starting bind_thread %s.\n", id); opcount = 0; tsd_setup(); for (;;) { sprintf(name, "%d", get_random_id()); sprintf(dn, "cn=%s, " BASE, name); printf("Thread %s: Binding as entry (%s)\n", id, dn); if ((rc = ldap_simple_bind_s(ld, dn, name)) != LDAP_SUCCESS) { ldap_perror(ld, "ldap_simple_bind_s"); if (rc == LDAP_SERVER_DOWN) { perror("ldap_simple_bind_s"); voidrc = (void *)1; goto bind_cleanup_and_return; } } else { printf("Thread %s: bound as entry (%s)\n", id, dn); } ++opcount; if (maxops != 0 && opcount >= maxops) { break; } } bind_cleanup_and_return: printf("Thread %s: attempted %d bind operations\n", id, opcount); set_ld_error(0, NULL, NULL, NULL); /* disposes of memory */ tsd_cleanup(); free(id); return voidrc; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMessage *result, *e; char *attrfail, *matched = NULL, *errmsg = NULL; char **vals, **referrals; int rc, parse_rc, version; unsigned long sortrc; LDAPControl *sortctrl = NULL; LDAPControl *requestctrls[ 2 ]; LDAPControl **resultctrls = NULL; LDAPsortkey **sortkeylist; /* Arrange for all connections to use LDAPv3 */ version = LDAP_VERSION3; if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version ) != 0 ) { fprintf( stderr, "ldap_set_option protocol version to %d failed\n", version ); return( 1 ); } /* Get a handle to an LDAP connection */ if ( (ld = ldap_init( MY_HOST, MY_PORT ) ) == NULL ) { perror( "ldap_init" ); return( 1 ); } /* Authenticate as Directory Manager */ if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); ldap_unbind( ld ); return( 1 ); } /* * Create a sort key list that specifies the sort order of the results. * Sort the results by last name first, then by first name. */ ldap_create_sort_keylist( &sortkeylist, "description -givenname" ); /* Create the sort control. */ rc = ldap_create_sort_control( ld, sortkeylist, 1, &sortctrl ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_create_sort_control: %s\n", ldap_err2string( rc ) ); ldap_unbind( ld ); return( 1 ); } requestctrls[ 0 ] = sortctrl; requestctrls[ 1 ] = NULL; /* Search for all entries in Sunnyvale */ rc = ldap_search_ext_s( ld, PEOPLE_BASE, LDAP_SCOPE_SUBTREE, "(objectclass=person)", NULL, 0, requestctrls, NULL, NULL, 0, &result ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_search_ext_s: %s\n", ldap_err2string( rc ) ); ldap_unbind( ld ); return( 1 ); } parse_rc = ldap_parse_result( ld, result, &rc, &matched, &errmsg, &referrals, &resultctrls, 0 ); if ( parse_rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_parse_result: %s\n", ldap_err2string( parse_rc ) ); ldap_unbind( ld ); return( 1 ); } if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_search_ext_s: %s\n", ldap_err2string( rc ) ); if ( errmsg != NULL && *errmsg != '\0' ) { fprintf( stderr, "%s\n", errmsg ); } ldap_unbind( ld ); return( 1 ); } parse_rc = ldap_parse_sort_control( ld, resultctrls, &sortrc, &attrfail ); if ( parse_rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_parse_sort_control: %s\n", ldap_err2string( parse_rc ) ); ldap_unbind( ld ); return( 1 ); } if ( sortrc != LDAP_SUCCESS ) { fprintf( stderr, "Sort error: %s\n", ldap_err2string( sortrc )); if ( attrfail != NULL && *attrfail != '\0' ) { fprintf( stderr, "Bad attribute: %s\n", attrfail); } ldap_unbind( ld ); return( 1 ); } /* for each entry print out name + all attrs and values */ for ( e = ldap_first_entry( ld, result ); e != NULL; e = ldap_next_entry( ld, e ) ) { if ((vals = ldap_get_values( ld, e, "sn")) != NULL ) { if ( vals[0] != NULL ) { printf( "%s", vals[0] ); } ldap_value_free( vals ); } if ((vals = ldap_get_values( ld, e, "givenname")) != NULL ) { if ( vals[0] != NULL ) { printf( "\t%s", vals[0] ); } ldap_value_free( vals ); } putchar( '\n' ); } ldap_msgfree( result ); ldap_free_sort_keylist( sortkeylist ); ldap_control_free( sortctrl ); ldap_controls_free( resultctrls ); ldap_unbind( ld ); return( 0 ); }
/** * Get certificate from LDAP-Server. */ static int ldap_get_certificate(const char *login) { LDAP *ldap_connection; int entries; LDAPMessage *res; LDAPMessage *entry; struct berval **bvals = NULL; BerElement *ber = NULL; char *name = NULL; char filter_str[100]; char *attrs[2]; int rv = LDAP_SUCCESS; void *bv_val; char uri[4096]; char uribuf[4096]; char *uris[LDAP_CONFIG_URI_MAX + 1]; const char *p; int current_uri = 0, start_uri = 0; char *buffer; size_t buflen; uris[0] = NULL; attrs[0] = (char *)attribute; attrs[1] = NULL; DBG1("ldap_get_certificate(): begin login = %s", login); /* Put the login to the %s in Filterstring */ snprintf(filter_str, sizeof(filter_str), filter, login); DBG1("ldap_get_certificate(): filter_str = %s", filter_str); /* parse and split URI config entry */ buffer = uribuf; buflen = sizeof (uribuf); strncpy(uri, ldapURI, sizeof (uri)-1); /* Add a space separated list of URIs */ /* TODO: no spaces in one URI allowed => URL-encoding? */ if(strncmp(ldapURI,"",1)) for (p = uri; p != NULL; ) { char *q = strchr (p, ' '); if (q != NULL) *q = '\0'; if( strlen(p) > 1 ) /* SAW: don't add spaces */ rv = ldap_add_uri (uris, p, &buffer, &buflen); p = (q != NULL) ? ++q : NULL; if (rv) break; } /* set the default port if no port is given */ if (ldapport == 0) { if (ssl_on == SSL_LDAPS) { ldapport = LDAPS_PORT; } else { ldapport = LDAP_PORT; } } /* add ldaphost to uris if set, nevermind "uri" is set in config */ if( strlen(ldaphost) > 1 ) { /* No port specified in URI and non-default port specified */ snprintf (uri, sizeof (uri), "%s%s:%d", ssl_on == SSL_LDAPS ? "ldaps://" : "ldap://", ldaphost, ldapport); ldap_add_uri (uris, uri, &buffer, &buflen); } if (uris[0] == NULL) { DBG("ldap_get_certificate(): Nor URI or usable Host entry found"); return(-1); } /* Attempt to connect to specified URI in order until do_open succeed */ start_uri = current_uri; do { if(uris[current_uri] != NULL) DBG1("ldap_get_certificate(): try do_open for %s", uris[current_uri]); rv = do_open(&ldap_connection, uris[current_uri], ldapport, ssl_on); /* hot-fix, because in some circumstances an LDAP_SERVER_DOWN is returned */ if (rv != LDAP_UNAVAILABLE && rv != LDAP_SERVER_DOWN) break; current_uri++; if (uris[current_uri] == NULL) current_uri = 0; } while (current_uri != start_uri); if( rv != LDAP_SUCCESS ) { DBG("ldap_get_certificate(): do_open failed"); return(-2); } /* TODO: (1) The problem: if an working uri is found it is used and if there is an (SSL-)error, no other one is tried (2) There is no session, so we don't know which LDAP_Server is the last with a successful connection. So we try the same server again. Perhaps create a state file/smem/etc. ? */ rv = ldap_search_s( ldap_connection, base, sscope[scope], filter_str, attrs, 0, &res); if ( rv != LDAP_SUCCESS ) { DBG1("ldap_search_s() failed: %s", ldap_err2string(rv)); ldap_unbind_s(ldap_connection); return(-3); } else { entries = ldap_count_entries(ldap_connection, res); DBG1("ldap_get_certificate(): entries = %d", entries); if( entries > 1 ) { DBG("! Warning, more than one entry found. Please choose \"filter\" and"); DBG("! \"attribute\" in ldap mapper config section of your config,"); DBG("! that only one entry with one attribute is matched"); DBG("! Maybe there is another problem in ldap with not unique user"); DBG("! entries in your LDAP server."); } /* Only first entry is used. "filter" and "attribute" * should be choosen, so that only one entry with * one attribute is returned */ if ( NULL == (entry = ldap_first_entry(ldap_connection, res))){ DBG("ldap_first_entry() failed: %s"); ldap_unbind_s(ldap_connection); return(-4); } /* Only first attribute is used. See comment above... */ if ( NULL == (name = ldap_first_attribute(ldap_connection, res, &ber))){ DBG("ldap_first_attribute() failed (rc=%d)"); ldap_unbind_s(ldap_connection); return(-5); } DBG1("attribute name = %s", name); bvals = ldap_get_values_len(ldap_connection, entry, name); certcnt = ldap_count_values_len(bvals); DBG1("number of user certificates = %d", certcnt); ldap_x509 = malloc(sizeof(X509*) * certcnt ); if (NULL == ldap_x509) { DBG("not enough memory"); return(-7); } rv = 0; while(rv < certcnt ) { /* SaW: not nifty, but otherwise gcc doesn't optimize */ bv_val = &bvals[rv]->bv_val; #ifdef HAVE_NSS { SECItem derdata; derdata.data = bv_val; derdata.len = bvals[rv]->bv_len; ldap_x509[rv] = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derdata, NULL, 0, 1); } #else ldap_x509[rv] = d2i_X509(NULL, ((const unsigned char **) bv_val), bvals[rv]->bv_len); #endif if (NULL == ldap_x509[rv]) { DBG1("d2i_X509() failed for certificate %d", rv); free(ldap_x509); #ifdef HAVE_NSS { for (rv=0; rv<certcnt; rv++) if (ldap_x509[rv]) CERT_DestroyCertificate(ldap_x509[rv]); } #endif certcnt=0; ldap_msgfree(res); ldap_unbind_s(ldap_connection); return(-6); }else { DBG1("d2i_X509(): success for certificate %d", rv); } rv++; } ldap_msgfree(res); /* TODO: this leads to a segfault, but the doc said ... */ /* ldap_value_free_len(bvals); */ } if ( 0 != ldap_unbind_s(ldap_connection)) { DBG("ldap_unbind_s() failed."); ldap_perror(ldap_connection, "ldap_unbind_s() failed."); return(-1); }; DBG("ldap_get_certificate(): end"); return 1; }
static void do_modrdn( char *uri, char *host, int port, char *manager, char *passwd, char *entry, int maxloop ) { LDAP *ld = NULL; int i; pid_t pid; char *DNs[2]; char *rdns[2]; pid = getpid(); DNs[0] = entry; DNs[1] = strdup( entry ); /* reverse the RDN, make new DN */ { char *p1, *p2; p1 = strchr( entry, '=' ) + 1; p2 = strchr( p1, ',' ); *p2 = '\0'; rdns[1] = strdup( entry ); *p2-- = ','; for (i = p1 - entry;p2 >= p1;) DNs[1][i++] = *p2--; DNs[1][i] = '\0'; rdns[0] = strdup( DNs[1] ); DNs[1][i] = ','; } if ( uri ) { ldap_initialize( &ld, uri ); } else { ld = ldap_init( host, port ); } if ( ld == NULL ) { perror( "ldap_init" ); exit( EXIT_FAILURE ); } { int version = LDAP_VERSION3; (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ); } if ( ldap_bind_s( ld, manager, passwd, LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); exit( EXIT_FAILURE ); } fprintf( stderr, "PID=%ld - Modrdn(%d): entry=\"%s\".\n", (long) pid, maxloop, entry ); for ( i = 0; i < maxloop; i++ ) { int rc; if (( rc = ldap_modrdn2_s( ld, DNs[0], rdns[0], 0 )) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_modrdn" ); if ( rc != LDAP_NO_SUCH_OBJECT ) break; continue; } if (( rc = ldap_modrdn2_s( ld, DNs[1], rdns[1], 1 )) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_modrdn" ); if ( rc != LDAP_NO_SUCH_OBJECT ) break; continue; } } fprintf( stderr, " PID=%ld - Modrdn done.\n", (long) pid ); ldap_unbind( ld ); }
int ldap_parse_verify_credentials( LDAP *ld, LDAPMessage *res, int * code, char ** diagmsg, struct berval **cookie, struct berval **screds, LDAPControl ***ctrls) { int rc; char *retoid = NULL; struct berval *retdata = NULL; assert(ld != NULL); assert(LDAP_VALID(ld)); assert(res != NULL); assert(code != NULL); assert(diagmsg != NULL); rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0); if( rc != LDAP_SUCCESS ) { ldap_perror(ld, "ldap_parse_verify_credentials"); return rc; } if (retdata) { ber_tag_t tag; ber_len_t len; ber_int_t i; BerElement * ber = ber_init(retdata); struct berval diagmsg_bv = BER_BVNULL; if (!ber) { rc = ld->ld_errno = LDAP_NO_MEMORY; goto done; } ber_scanf(ber, "{im" /*"}"*/, &i, &diagmsg_bv); if ( diagmsg != NULL ) { *diagmsg = LDAP_MALLOC( diagmsg_bv.bv_len + 1 ); AC_MEMCPY( *diagmsg, diagmsg_bv.bv_val, diagmsg_bv.bv_len ); (*diagmsg)[diagmsg_bv.bv_len] = '\0'; } *code = i; tag = ber_peek_tag(ber, &len); if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) { ber_scanf(ber, "O", cookie); tag = ber_peek_tag(ber, &len); } if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) { ber_scanf(ber, "O", screds); tag = ber_peek_tag(ber, &len); } if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) { int nctrls = 0; char * opaque; *ctrls = LDAP_MALLOC(1 * sizeof(LDAPControl *)); if (!*ctrls) { rc = LDAP_NO_MEMORY; goto done; } *ctrls[nctrls] = NULL; for(tag = ber_first_element(ber, &len, &opaque); tag != LBER_ERROR; tag = ber_next_element(ber, &len, opaque)) { LDAPControl *tctrl; LDAPControl **tctrls; tctrl = LDAP_CALLOC(1, sizeof(LDAPControl)); /* allocate pointer space for current controls (nctrls) * + this control + extra NULL */ tctrls = !tctrl ? NULL : LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *)); if (!tctrls) { /* allocation failure */ if (tctrl) LDAP_FREE(tctrl); ldap_controls_free(*ctrls); *ctrls = NULL; rc = LDAP_NO_MEMORY; goto done; } tctrls[nctrls++] = tctrl; tctrls[nctrls] = NULL; tag = ber_scanf(ber, "{a" /*"}"*/, &tctrl->ldctl_oid); if (tag == LBER_ERROR) { *ctrls = NULL; ldap_controls_free(tctrls); rc = LDAP_DECODING_ERROR; goto done; } tag = ber_peek_tag(ber, &len); if (tag == LBER_BOOLEAN) { ber_int_t crit; tag = ber_scanf(ber, "b", &crit); tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0; tag = ber_peek_tag(ber, &len); } if (tag == LBER_OCTETSTRING) { tag = ber_scanf( ber, "o", &tctrl->ldctl_value ); } else { BER_BVZERO( &tctrl->ldctl_value ); } *ctrls = tctrls; } } ber_free(ber, 1); } done: ber_bvfree(retdata); ber_memfree(retoid); return rc; }
static int domodrdn( LDAP *ld, char *dn, char *rdn, char *newSuperior, int remove ) /* flag: remove old RDN */ { int rc, code, id; char *matcheddn=NULL, *text=NULL, **refs=NULL; LDAPMessage *res; if ( verbose ) { printf( "Renaming \"%s\"\n", dn ); printf( "\tnew rdn=\"%s\" (%s old rdn)\n", rdn, remove ? "delete" : "keep" ); if( newSuperior != NULL ) { printf("\tnew parent=\"%s\"\n", newSuperior); } } if( not ) return LDAP_SUCCESS; rc = ldap_rename( ld, dn, rdn, newSuperior, remove, NULL, NULL, &id ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "%s: ldap_rename: %s (%d)\n", prog, ldap_err2string( rc ), rc ); return rc; } rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res ); if ( rc < 0 ) { ldap_perror( ld, "ldapmodrdn: ldap_result" ); return rc; } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 ); if( rc != LDAP_SUCCESS ) { fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n", prog, ldap_err2string( rc ), rc ); return rc; } if( verbose || code != LDAP_SUCCESS || (matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ) { printf( "Rename Result: %s (%d)\n", ldap_err2string( code ), code ); if( text && *text ) { printf( "Additional info: %s\n", text ); } if( matcheddn && *matcheddn ) { printf( "Matched DN: %s\n", matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf("Referral: %s\n", refs[i] ); } } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); return code; }
int main (int argc, char const *argv[]) { /* code */ pam_handle_t *pamh = NULL; char *user, *password , **userVals = NULL, **ouVals = NULL, **uriVals = NULL, *context; LDAP *ldap = NULL; LDAPMessage *userResults = NULL,*ouResults = NULL, *userEntry = NULL, *ouEntry = NULL; //bool haveGpoDescriptor = 0; user = getlogin(); int pamretval, ret, version, i = 0 ,j = 0, k = 0; printf("----------------------------------\n"); printf("Getting session informations...\n"); printf("----------------------------------\n\n"); pamretval = pam_start("custom",user,&conv,&pamh); if(pamretval == PAM_SUCCESS ){ /* TODO: ------------------------------------------------------------- Si pam_start(...) renvoie PAM_SUCCESS alors récuperer: - username - password */ printf("Logged as: \033[32;m%s\033[00m.\n",user); printf("\n\n----------------------------------\n"); printf("Connecting to %s\n",LDAP_SERVER); printf("----------------------------------\n\n"); ldap = (LDAP*) ldap_open(LDAP_SERVER,LDAP_PORT); if(!ldap){ printf("Unable to connect to the LDAP Server\n"); return PAM_SUCCESS; // Don't break the PAM Stack }else{ version = LDAP_VERSION3; ldap_set_option( ldap, LDAP_OPT_PROTOCOL_VERSION, &version ); printf("Connected to LDAP server: \033[32;mOk\033[00m.\n"); printf("\n\n----------------------------------\n"); printf("Binding...\n"); printf("----------------------------------\n\n"); /* Anonymous Binding */ ret = ldap_simple_bind_s(ldap, NULL, NULL); if (ret != LDAP_SUCCESS) { printf("Binding \033[31;mFailed\033[00m\n\n"); char *error; ldap_perror(ldap,error); printf("%s",error); return PAM_SUCCESS; } printf("Binding: \033[32;mOk\033[00m.\n"); /* TODO <Version compliquée> -------------------------------------------------- Note: Créer autant de LDAPMessage *results qu'il ya de recherche à faire ldap_get_values return char** (un tableau/array) context = (cn | ou = <username | ou_name) ------ 1. Récupérer l'utilisateur -> ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&userResults); context = (cn=username) -> userEntry = ldap_get_first_entry(ldap,userResults); 2. Récupérer le nom de l'OU (OrganizationalUnit) de l'utilisateur -> char ou_name = ldap_get_values(ldap,userEntry,"ou") 3. Récupérer l'OU en faisant une nouvelle recherche -> ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&ouResults); context = (ou=ou_name) -> ouEntry = ldap_get_first_entry(ldap,ouResults); 4. Chercher l'objectClass groupPolicyDescriptor dans l'OU de l'étape précédente - char **vals = ldap_get_values(ldap,ouEntry,"objectClass") NB: Un objet LDAP peut avoir plusieur objectClass for(i=0 ; vals[i] != NULL;i++){ if(strcmp(vals[i], "groupPolicyDescriptor")){ 4.1 Récuperer l'attribut "uri" char **vals = ldap_get_values(ldap,ouEntry,"uri"); // action system("/bin/sh <uri>") } } */ context = calloc(sizeof(char),strlen(user)+29); sprintf(context,"(&(cn=%s)(objectClass=account))",user); // 1. Récupérer l'utilisateur ret = ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&userResults); userEntry = ldap_first_entry(ldap,userResults); if(userEntry){ // 2. Récupérer le(s) nom(s) de(s) l'OU (OrganizationalUnit) de l'utilisateur userVals = (char**) ldap_get_values(ldap,userEntry,"ou"); for (i = 0 ; userVals[i] != NULL ; i++ ){ context = calloc(sizeof(char),strlen(userVals[i])+40); sprintf(context,"(&(ou=%s)(objectClass=organizationalUnit))",userVals[i]); // 3. Récupérer l'OU en faisant une nouvelle recherche ret = ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0, &ouResults); ouEntry = ldap_first_entry(ldap,ouResults); if (ouEntry){ printf("\033[33;m\nFound OU %s ... \033[00m\n", userVals[i]); printf("\033[33;m\nSearching GPO in ou=%s ... \033[00m\n", userVals[i]); ouVals = (char **) ldap_get_values(ldap,ouEntry,"objectClass"); for ( j = 0 ; ouVals[j] != NULL ; j++ ){ // 4. Chercher l'objectClass groupPolicyDescriptor dans l'OU if(strcmp(ouVals[j],"groupPolicyDescriptor") == 0){ // 4.1 Récuperer l'attribut "uri" uriVals = (char **) ldap_get_values(ldap,ouEntry,"uri"); printf("\033[33;mGPO Found in ou=%s \033[00m\n", userVals[i]); for ( k = 0 ; uriVals[k] != NULL ; k++) { printf("\033[33;mURI Script: %s\033[00m\n", uriVals[k]); } } } } else { printf("\033[33;m\nNo OU found for user: %s \033[00m\n", user ) ;} } } else { printf("\033[33;m\nUser %s not found in LDAP Directory \033[00m\n", user); } printf("\n\n----------------------------------\n"); printf("Cleaning memory\n"); printf("----------------------------------\n\n"); if(userVals) ldap_value_free(userVals); if(ouVals) ldap_value_free(ouVals); if(uriVals) ldap_value_free(uriVals); if(ouEntry) ldap_msgfree(ouEntry); if(userEntry) ldap_msgfree(userEntry); ldap_unbind(ldap); } pam_end(pamh,pamretval); return PAM_SUCCESS; }else{ printf("User not logged in.\n"); return PAM_USER_UNKNOWN; } }
int main( int argc, char *argv[] ) { int rc; char *user = NULL; LDAP *ld = NULL; struct berval bv = {0, NULL}; BerElement *ber = NULL; int id, code = LDAP_OTHER; LDAPMessage *res; char *matcheddn = NULL, *text = NULL, **refs = NULL; char *retoid = NULL; struct berval *retdata = NULL; prog = lutil_progname( "ldappasswd", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if( argc - optind > 1 ) { usage(); } else if ( argc - optind == 1 ) { user = strdup( argv[optind] ); } else { user = NULL; } if( oldpwfile ) { rc = lutil_get_filed_password( prog, &oldpw ); if( rc ) return EXIT_FAILURE; } if( want_oldpw && oldpw.bv_val == NULL ) { /* prompt for old password */ char *ckoldpw; oldpw.bv_val = strdup(getpassphrase("Old password: "******"Re-enter old password: "******"passwords do not match\n" ); return EXIT_FAILURE; } oldpw.bv_len = strlen( oldpw.bv_val ); } if( newpwfile ) { rc = lutil_get_filed_password( prog, &newpw ); if( rc ) return EXIT_FAILURE; } if( want_newpw && newpw.bv_val == NULL ) { /* prompt for new password */ char *cknewpw; newpw.bv_val = strdup(getpassphrase("New password: "******"Re-enter new password: "******"passwords do not match\n" ); return EXIT_FAILURE; } newpw.bv_len = strlen( newpw.bv_val ); } if( want_bindpw && passwd.bv_val == NULL ) { /* handle bind password */ if ( pw_file ) { rc = lutil_get_filed_password( pw_file, &passwd ); if( rc ) return EXIT_FAILURE; } else { passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"ber_alloc_t" ); ldap_unbind( ld ); return EXIT_FAILURE; } ber_printf( ber, "{" /*}*/ ); if( user != NULL ) { ber_printf( ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); free(user); } if( oldpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw ); free(oldpw.bv_val); } if( newpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw ); free(newpw.bv_val); } ber_printf( ber, /*{*/ "N}" ); rc = ber_flatten2( ber, &bv, 0 ); if( rc < 0 ) { perror( "ber_flatten2" ); ldap_unbind( ld ); return EXIT_FAILURE; } } if ( not ) { rc = LDAP_SUCCESS; goto skip; } rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, NULL, NULL, &id ); ber_free( ber, 1 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_extended_operation" ); ldap_unbind( ld ); return EXIT_FAILURE; } rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res ); if ( rc < 0 ) { ldap_perror( ld, "ldappasswd: ldap_result" ); return rc; } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); return rc; } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); return rc; } if( retdata != NULL ) { ber_tag_t tag; char *s; ber = ber_init( retdata ); if( ber == NULL ) { perror( "ber_init" ); ldap_unbind( ld ); return EXIT_FAILURE; } /* we should check the tag */ tag = ber_scanf( ber, "{a}", &s); if( tag == LBER_ERROR ) { perror( "ber_scanf" ); } else { printf("New password: %s\n", s); free( s ); } ber_free( ber, 1 ); } if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) { printf( "Result: %s (%d)\n", ldap_err2string( code ), code ); if( text && *text ) { printf( "Additional info: %s\n", text ); } if( matcheddn && *matcheddn ) { printf( "Matched DN: %s\n", matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf("Referral: %s\n", refs[i] ); } } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); ber_memfree( retoid ); ber_bvfree( retdata ); skip: /* disconnect from server */ ldap_unbind (ld); return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; }
status ClientAdd(LDAP *ld, client_t client) { LDAPMod *attributes[10]; LDAPMod attribute1,attribute2,attribute3,attribute4,attribute5,attribute6,attribute7,attribute8,attribute9; char aux_error[100]; char * objectclass_vals[] = { "top", "person", "organizationalPerson", "inetOrgPerson", NULL }; char * ou_value[] = {"clients",NULL}; char * cn_value[] = {client.user,NULL}; char * uid_value[] = {client.user,NULL}; char * mail_value[] = {client.mail,NULL}; char * pass_value[] = {client.passwd,NULL}; char * sn_value[] = {client.user,NULL}; char * desc_value[] = {client.desc,NULL}; /* convierto el level a string */ char aux_level[5]; sprintf(aux_level, "%d",(int)client.level); char * level_value[] = {aux_level,NULL}; char *dn = GetClientDN(client.user); /* objectclass */ attribute1.mod_op = LDAP_MOD_ADD; attribute1.mod_type = "objectclass"; attribute1.mod_vals.modv_strvals = objectclass_vals; attributes[0] = &attribute1; /* ou */ attribute2.mod_op = LDAP_MOD_ADD; attribute2.mod_type = "ou"; attribute2.mod_vals.modv_strvals = ou_value; attributes[1] = &attribute2; /* cn */ attribute3.mod_op = LDAP_MOD_ADD; attribute3.mod_type = "cn"; attribute3.mod_vals.modv_strvals = cn_value; attributes[2] = &attribute3; /* uid */ attribute4.mod_op = LDAP_MOD_ADD; attribute4.mod_type = "uid"; attribute4.mod_vals.modv_strvals = uid_value; attributes[3] = &attribute4; /* mail */ attribute5.mod_op = LDAP_MOD_ADD; attribute5.mod_type = "mail"; attribute5.mod_vals.modv_strvals = mail_value; attributes[4] = &attribute5; /* userPassword */ attribute6.mod_op = LDAP_MOD_ADD; attribute6.mod_type = "userPassword"; attribute6.mod_vals.modv_strvals = pass_value; attributes[5] = &attribute6; /* sn */ attribute7.mod_op = LDAP_MOD_ADD; attribute7.mod_type = "sn"; attribute7.mod_vals.modv_strvals = sn_value; attributes[6] = &attribute7; /* description */ attribute8.mod_op = LDAP_MOD_ADD; attribute8.mod_type = "description"; attribute8.mod_vals.modv_strvals = desc_value; attributes[7] = &attribute8; /* level */ attribute9.mod_op = LDAP_MOD_ADD; attribute9.mod_type = "internationaliSDNNumber"; attribute9.mod_vals.modv_strvals = level_value; attributes[8] = &attribute9; /* Fin del arreglo */ attributes[9] = NULL; if ( ldap_add_s(ld, dn, attributes) != LDAP_SUCCESS ) { fprintf(stderr,"LDAP ERROR: No pudo agregarse el cliente con level %s\n",level_value[0]); ldap_perror(ld, aux_error); fprintf(stderr, "%s\n",aux_error); return ERROR; } return OK; }
int GetUsersList(LDAP *ld,client_t ***list_ptr) { LDAPMessage *res, *e; char *a; BerElement *ptr; char **vals; client_t aux; client_t **ret; char filter[] = "(uid=*)"; if ( ldap_search_s(ld, CLIENT_PATH, LDAP_SCOPE_SUBTREE,filter, NULL, 0, &res)!= LDAP_SUCCESS ) { ldap_perror(ld, "ldap_search_s"); exit(1); } int count=0; for (e = ldap_first_entry(ld, res); e != NULL; e = ldap_next_entry(ld, e)) count++; ret = malloc(sizeof(client_t*)*(count+1)); int pos=0; for (e = ldap_first_entry(ld, res); e != NULL; e = ldap_next_entry(ld, e)) { printf("%s\n",ldap_get_dn(ld,e)); /* objectClass */ a = ldap_first_attribute(ld, e, &ptr); vals = ldap_get_values(ld, e, a); printf("object:%s\n",vals[0]); /* ou */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("ou:%s\n",vals[0]); /* cn */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("cn:%s\n",vals[0]); /* uid */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("uid:%s\n",vals[0]); strcpy(aux.user,vals[0]); ldap_value_free(vals); /* mail */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("mail:%s\n",vals[0]); strcpy(aux.mail,vals[0]); ldap_value_free(vals); /* userPass */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("pass:%s\n",vals[0]); /* sn */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("sn:%s\n",vals[0]); /* description */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("description%s\n",vals[0]); strcpy(aux.desc,vals[0]); ldap_value_free(vals); /* level */ a = ldap_next_attribute(ld, e, ptr); vals = ldap_get_values(ld, e, a); printf("%s\n",vals[0]); aux.level = atoi(vals[0]); ldap_value_free(vals); ret[pos] = malloc(sizeof(client_t)); *(ret[pos]) = aux; pos++; } ret[pos] = NULL; *list_ptr = ret; ldap_msgfree(res); return pos; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMessage *result, *e; BerElement *ber; char *host, *a, *dn; char **vals; int i; int rc; int finished; int msgid; int num_entries = 0; struct timeval zerotime; if ( argc > 1 ) { host = argv[1]; } else { host = MY_HOST; } zerotime.tv_sec = zerotime.tv_usec = 0L; if ( prldap_install_routines( NULL, 1 /* shared */ ) != LDAP_SUCCESS ) { ldap_perror( NULL, "prldap_install_routines" ); return( 1 ); } /* get a handle to an LDAP connection */ if ( (ld = ldap_init( host, MY_PORT )) == NULL ) { perror( host ); return( 1 ); } /* authenticate to the directory as nobody */ if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); return( 1 ); } /* search for all entries with surname of Jensen */ if (( msgid = ldap_search( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE, MY_FILTER, NULL, 0 )) < 0 ) { ldap_perror( ld, "ldap_search" ); return( 1 ); } /* Loop, polling for results until finished */ finished = 0; while ( !finished ) { /* * Poll for results. We call ldap_result with the "all" argument * set to LDAP_MSG_ONE. This causes ldap_result() to return exactly one * entry if at least one entry is available. This allows us to * display the entries as they are received. */ result = NULL; rc = ldap_result( ld, msgid, LDAP_MSG_ONE, &zerotime, &result ); switch ( rc ) { case -1: /* some error occurred */ ldap_perror( ld, "ldap_result" ); return( 1 ); case 0: /* Timeout was exceeded. No entries are ready for retrieval. */ if ( result != NULL ) { ldap_msgfree( result ); } break; default: /* * Either an entry is ready for retrieval, or all entries have * been retrieved. */ if (( e = ldap_first_entry( ld, result )) == NULL ) { /* All done */ finished = 1; if ( result != NULL ) { ldap_msgfree( result ); } continue; } /* for each entry print out name + all attrs and values */ num_entries++; if (( dn = ldap_get_dn( ld, e )) != NULL ) { printf( "dn: %s\n", dn ); ldap_memfree( dn ); } for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL; a = ldap_next_attribute( ld, e, ber ) ) { if (( vals = ldap_get_values( ld, e, a )) != NULL ) { for ( i = 0; vals[ i ] != NULL; i++ ) { printf( "%s: %s\n", a, vals[ i ] ); } ldap_value_free( vals ); } ldap_memfree( a ); } if ( ber != NULL ) { ber_free( ber, 0 ); } printf( "\n" ); ldap_msgfree( result ); } /* Do other work here while you are waiting... */ do_other_work(); } /* All done. Print a summary. */ printf( "%d entries retrieved. I counted to %ld " "while I was waiting.\n", num_entries, global_counter ); ldap_unbind( ld ); return( 0 ); }
int main (int argc, char const *argv[]) { /* code */ char hostname[MAXHOSTNAMELEN], *attrs[2], **vals; LDAP *ldap; LDAPMessage *results = NULL, *entry = NULL; int haveGpoDescriptor = 0; int ret, version, i; printf("----------------------------------\n"); printf("Getting host informations...\n"); printf("----------------------------------\n\n"); if(gethostname(hostname,MAXHOSTNAMELEN) == 0){ struct hostent * record = gethostbyname(hostname); struct in_addr * address = ( struct in_addr *) record->h_addr; printf("Hostname: %s\n", hostname); printf("FQDN: %s\n", record->h_name); printf("IP Address: %s\n", inet_ntoa(address->s_addr)); printf("\n\n----------------------------------\n"); printf("Connecting to %s\n",LDAP_SERVER); printf("----------------------------------\n\n"); ldap = (LDAP*) ldap_open(LDAP_SERVER,LDAP_PORT); if(!ldap){ printf("Unable to connect to the LDAP Server\n"); return 1; }else{ version = LDAP_VERSION3; ldap_set_option( ldap, LDAP_OPT_PROTOCOL_VERSION, &version ); printf("Connected to LDAP server: \033[32;mOk\033[00m.\n"); printf("\n\n----------------------------------\n"); printf("Binding...\n"); printf("----------------------------------\n\n"); /* Anonymous binding... Les machines n'ont pas de mot de passe*/ ret = ldap_simple_bind_s(ldap, NULL, NULL); if (ret != LDAP_SUCCESS) { printf("Binding \033[31;mFailed\033[00m\n\n"); char *error; ldap_perror(ldap,error); printf("%s",error); return 1; } printf("Binding: \033[32;mOk\033[00m.\n"); printf("\n\n----------------------------------\n"); printf("Searching for workstation %s in %s\n",hostname, BASE_DN); printf("----------------------------------\n\n"); char context[MAXHOSTNAMELEN + 5]; snprintf(context,MAXHOSTNAMELEN + 5, "(cn=%s)",hostname); ret = ldap_search_s( ldap, BASE_DN, LDAP_SCOPE_SUBTREE, context, NULL, 0, &results); if(ret != LDAP_SUCCESS){ printf("Unable to perform search\n"); char *error; ldap_perror(ldap,error); printf("%s",error); } entry = ldap_first_entry(ldap, results); if (!entry) { printf("\033[33;m%s workstation not found !\033[00m\n", hostname); return 1; }else{ printf("\033[33;m%s workstation found !\033[00m\n", hostname); } printf("\n\n----------------------------------\n"); printf("Getting OU container name of %s\n",context); printf("----------------------------------\n\n"); vals = (char**) ldap_get_values(ldap,entry,"ou"); char *ou = NULL; for(i=0;vals[i] != NULL;i++){ ou = vals[i]; printf("\033[33;mOU [%d] name of %s: %s\033[00m\n",i,context,vals[i]); break; } printf("\n\n----------------------------------\n"); printf("Searching groupPolicyDescriptor into OU container name: %s of %s\n",ou,context); printf("----------------------------------\n\n"); vals = (char**) ldap_get_values(ldap,entry,"objectClass"); for(i=0;vals[i] != NULL;i++){ if (strcmp(vals[i],"groupPolicyDescriptor") ) { haveGpoDescriptor = 1; printf("\033[33;mGPO Found !\033[00m\n"); char **uri = ldap_get_values(ldap,entry,"uri"); printf("\033[33;mScript path: %s !\033[00m\n",uri[0]); // system("/bin/sh -c %s"); %s = uri[0] break; } } printf("\n\n----------------------------------\n"); printf("Cleaning memory\n"); printf("----------------------------------\n\n"); ldap_value_free(vals); ldap_msgfree(entry); ldap_unbind(ldap); } }else{ printf("Cannot get the hostname.\n"); } return 0; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMessage *result, *e; BerElement *ber; char *a, *dn; char **vals; int i; /* Initialize the client */ if ( ldapssl_client_init( MY_CERTDB_PATH, NULL ) < 0 ) { perror( "ldapssl_client_init" ); return( 1 ); } /* set the max I/O timeout option to 10 seconds */ if ( prldap_set_session_option( NULL, NULL, PRLDAP_OPT_IO_MAX_TIMEOUT, 10000 /* 10 secs */ ) != LDAP_SUCCESS ) { ldap_perror( NULL, "prldap_set_session_option PRLDAP_OPT_IO_MAX_TIMEOUT" ); exit( 1 ); } /* get a handle to an LDAP connection */ if ( (ld = ldapssl_init( MY_HOST, MY_SSL_PORT, 1 )) == NULL ) { perror( "ldapssl_init" ); return( 1 ); } /* use LDAPv3 */ i = LDAP_VERSION3; if ( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &i ) < 0 ) { ldap_perror( ld, "ldap_set_option LDAPv3" ); ldap_unbind( ld ); return( 1 ); } /* search for all entries with surname of Jensen */ if ( ldap_search_s( ld, PEOPLE_BASE, LDAP_SCOPE_SUBTREE, "(sn=jensen)", NULL, 0, &result ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_search_s" ); if ( result == NULL ) { ldap_unbind( ld ); return( 1 ); } } /* for each entry print out name + all attrs and values */ for ( e = ldap_first_entry( ld, result ); e != NULL; e = ldap_next_entry( ld, e ) ) { if ( (dn = ldap_get_dn( ld, e )) != NULL ) { printf( "dn: %s\n", dn ); ldap_memfree( dn ); } for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL; a = ldap_next_attribute( ld, e, ber ) ) { if ((vals = ldap_get_values( ld, e, a)) != NULL ) { for ( i = 0; vals[i] != NULL; i++ ) { printf( "%s: %s\n", a, vals[i] ); } ldap_value_free( vals ); } ldap_memfree( a ); } if ( ber != NULL ) { ber_free( ber, 0 ); } printf( "\n" ); } ldap_msgfree( result ); ldap_unbind( ld ); return( 0 ); }
int main (int argc, char *argv[]) { LDAP *ld; LDAPMessage *result; /* should be int result = STATE_UNKNOWN; */ int status = STATE_UNKNOWN; long microsec; double elapsed_time; /* for ldap tls */ int tls; int version=3; /* for entry counting */ LDAPMessage *next_entry; int status_entries = STATE_OK; int num_entries = 0; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); if (strstr(argv[0],"check_ldaps")) { xasprintf (&progname, "check_ldaps"); } /* Parse extra opts if any */ argv=np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) usage4 (_("Could not parse arguments")); if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect) starttls = TRUE; /* initialize alarm signal handling */ signal (SIGALRM, socket_timeout_alarm_handler); /* set socket timeout */ alarm (timeout_interval); /* get the start time */ gettimeofday (&tv, NULL); /* initialize ldap */ if (ld_uri != NULL) { #ifdef HAVE_LDAP_INITIALIZE int result = ldap_initialize(&ld, ld_uri); if (result != LDAP_SUCCESS) { printf ("Failed to connect to LDAP server at %s: %s\n", ld_uri, ldap_err2string(result)); return STATE_CRITICAL; } #else printf ("Sorry, this version of %s was compiled without URI support!\n", argv[0]); return STATE_CRITICAL; #endif } #ifdef HAVE_LDAP_INIT else if (!(ld = ldap_init (ld_host, ld_port))) { printf ("Could not connect to the server at port %i\n", ld_port); return STATE_CRITICAL; } #else else if (!(ld = ldap_open (ld_host, ld_port))) { if (verbose) ldap_perror(ld, "ldap_open"); printf (_("Could not connect to the server at port %i\n"), ld_port); return STATE_CRITICAL; } #endif /* HAVE_LDAP_INIT */ #ifdef HAVE_LDAP_SET_OPTION /* set ldap options */ if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != LDAP_OPT_SUCCESS ) { printf(_("Could not set protocol version %d\n"), ld_protocol); return STATE_CRITICAL; } #endif if (ld_port == LDAPS_PORT || ssl_on_connect) { xasprintf (&SERVICE, "LDAPS"); #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) /* ldaps: set option tls */ tls = LDAP_OPT_X_TLS_HARD; if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldaps_option"); printf (_("Could not init TLS at port %i!\n"), ld_port); return STATE_CRITICAL; } #else printf (_("TLS not supported by the libraries!\n")); return STATE_CRITICAL; #endif /* LDAP_OPT_X_TLS */ } else if (starttls) { xasprintf (&SERVICE, "LDAP-TLS"); #if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) /* ldap with startTLS: set option version */ if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS ) { if (version < LDAP_VERSION3) { version = LDAP_VERSION3; ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); } } /* call start_tls */ if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_start_tls"); printf (_("Could not init startTLS at port %i!\n"), ld_port); return STATE_CRITICAL; } #else printf (_("startTLS not supported by the library, needs LDAPv3!\n")); return STATE_CRITICAL; #endif /* HAVE_LDAP_START_TLS_S */ } /* bind to the ldap server */ if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_bind"); printf (_("Could not bind to the LDAP server\n")); return STATE_CRITICAL; } /* do a search of all objectclasses in the base dn */ if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_search"); printf (_("Could not search/find objectclasses in %s\n"), ld_base); return STATE_CRITICAL; } else if (crit_entries!=NULL || warn_entries!=NULL) { num_entries = ldap_count_entries(ld, result); } /* unbind from the ldap server */ ldap_unbind (ld); /* reset the alarm handler */ alarm (0); /* calcutate the elapsed time and compare to thresholds */ microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; if (crit_time!=UNDEFINED && elapsed_time>crit_time) status = STATE_CRITICAL; else if (warn_time!=UNDEFINED && elapsed_time>warn_time) status = STATE_WARNING; else status = STATE_OK; if(entries_thresholds != NULL) { if (verbose) { printf ("entries found: %d\n", num_entries); print_thresholds("entry threasholds", entries_thresholds); } status_entries = get_status(num_entries, entries_thresholds); if (status_entries == STATE_CRITICAL) { status = STATE_CRITICAL; } else if (status != STATE_CRITICAL) { status = status_entries; } } /* print out the result */ if (crit_entries!=NULL || warn_entries!=NULL) { printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), state_text (status), num_entries, elapsed_time, fperfdata ("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, TRUE, 0, FALSE, 0), sperfdata ("entries", (double)num_entries, "", warn_entries, crit_entries, TRUE, 0.0, FALSE, 0.0)); } else { printf (_("LDAP %s - %.3f seconds response time|%s\n"), state_text (status), elapsed_time, fperfdata ("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, TRUE, 0, FALSE, 0)); } return status; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMessage *result, *e; char **vals, *attrs[ 5 ]; int i; /* get a handle to an LDAP connection */ if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) { perror( "ldap_init" ); return( 1 ); } attrs[ 0 ] = "cn"; /* Get canonical name(s) (full name) */ attrs[ 1 ] = "sn"; /* Get surname(s) (last name) */ attrs[ 2 ] = "mail"; /* Get email address(es) */ attrs[ 3 ] = "telephonenumber"; /* Get telephone number(s) */ attrs[ 4 ] = NULL; if ( ldap_search_s( ld, ENTRYDN, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, 0, &result ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_search_s" ); return( 1 ); } /* print it out */ if (( e = ldap_first_entry( ld, result )) != NULL ) { if (( vals = ldap_get_values( ld, e, "cn" )) != NULL ) { printf( "Full name:\n" ); for ( i = 0; vals[i] != NULL; i++ ) { printf( "\t%s\n", vals[i] ); } ldap_value_free( vals ); } if (( vals = ldap_get_values( ld, e, "sn" )) != NULL ) { printf( "Last name (surname):\n" ); for ( i = 0; vals[i] != NULL; i++ ) { printf( "\t%s\n", vals[i] ); } ldap_value_free( vals ); } if (( vals = ldap_get_values( ld, e, "mail" )) != NULL ) { printf( "Email address:\n" ); for ( i = 0; vals[i] != NULL; i++ ) { printf( "\t%s\n", vals[i] ); } ldap_value_free( vals ); } if (( vals = ldap_get_values( ld, e, "telephonenumber" )) != NULL ) { printf( "Telephone number:\n" ); for ( i = 0; vals[i] != NULL; i++ ) { printf( "\t%s\n", vals[i] ); } ldap_value_free( vals ); } } ldap_msgfree( result ); ldap_unbind( ld ); return( 0 ); }
int main( int argc, char *argv[] ) { LDAP *ld; int result; int auth_method = LDAP_AUTH_SIMPLE; int desired_version = LDAP_VERSION3; char *ldap_host = "localhost"; char *root_dn = "cn=Manager, dc=example, dc=com"; char *root_pw = "secret"; BerElement* ber; LDAPMessage* msg; LDAPMessage* entry; char* base="ou=developers,dc=example,dc=com"; char* filter="(objectClass=*)"; char* errstring; char* dn = NULL; char* attr; char** vals; int i; if ((ld = ldap_init(ldap_host, LDAP_PORT)) == NULL ) { perror( "ldap_init failed" ); exit( EXIT_FAILURE ); } /* set the LDAP version to be 3 */ if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS) { ldap_perror(ld, "ldap_set_option"); exit(EXIT_FAILURE); } if (ldap_bind_s(ld, root_dn, root_pw, auth_method) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); exit( EXIT_FAILURE ); } if (ldap_search_s(ld, base, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &msg) != LDAP_SUCCESS) { ldap_perror( ld, "ldap_search_s" ); exit(EXIT_FAILURE); } printf("The number of entries returned was %d\n\n", ldap_count_entries(ld, msg)); /* Iterate through the returned entries */ for(entry = ldap_first_entry(ld, msg); entry != NULL; entry = ldap_next_entry(ld, entry)) { if((dn = ldap_get_dn(ld, entry)) != NULL) { printf("Returned dn: %s\n", dn); ldap_memfree(dn); } for( attr = ldap_first_attribute(ld, entry, &ber); attr != NULL; attr = ldap_next_attribute(ld, entry, ber)) { if ((vals = ldap_get_values(ld, entry, attr)) != NULL) { for(i = 0; vals[i] != NULL; i++) { printf("%s: %s\n", attr, vals[i]); } ldap_value_free(vals); } ldap_memfree(attr); } if (ber != NULL) { ber_free(ber,0); } printf("\n"); } /* clean up */ ldap_msgfree(msg); result = ldap_unbind_s(ld); if (result != 0) { fprintf(stderr, "ldap_unbind_s: %s\n", ldap_err2string(result)); exit( EXIT_FAILURE ); } return EXIT_SUCCESS; }
int main( int argc, char **argv ) { LDAP *ld = NULL; int i, c, port, errflg, method, id, msgtype; char line[256], command1, command2, command3; char passwd[64], dn[256], rdn[64], attr[64], value[256]; char filter[256], *host, **types; char **exdn; static const char usage[] = "usage: %s [-u] [-h host] [-d level] [-s dnsuffix] [-p port] [-t file] [-T file]\n"; int bound, all, scope, attrsonly; LDAPMessage *res; LDAPMod **mods, **attrs; struct timeval timeout; char *copyfname = NULL; int copyoptions = 0; LDAPURLDesc *ludp; host = NULL; port = LDAP_PORT; dnsuffix = ""; errflg = 0; while (( c = getopt( argc, argv, "h:d:s:p:t:T:" )) != -1 ) { switch( c ) { case 'd': #ifdef LDAP_DEBUG ldap_debug = atoi( optarg ); #ifdef LBER_DEBUG if ( ldap_debug & LDAP_DEBUG_PACKETS ) { ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug ); } #endif #else printf( "Compile with -DLDAP_DEBUG for debugging\n" ); #endif break; case 'h': host = optarg; break; case 's': dnsuffix = optarg; break; case 'p': port = atoi( optarg ); break; case 't': /* copy ber's to given file */ copyfname = strdup( optarg ); /* copyoptions = LBER_TO_FILE; */ break; case 'T': /* only output ber's to given file */ copyfname = strdup( optarg ); /* copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY); */ break; default: ++errflg; } } if ( host == NULL && optind == argc - 1 ) { host = argv[ optind ]; ++optind; } if ( errflg || optind < argc - 1 ) { fprintf( stderr, usage, argv[ 0 ] ); exit( EXIT_FAILURE ); } printf( "ldap_init( %s, %d )\n", host == NULL ? "(null)" : host, port ); ld = ldap_init( host, port ); if ( ld == NULL ) { perror( "ldap_init" ); exit( EXIT_FAILURE ); } if ( copyfname != NULL ) { if ( ( ld->ld_sb->sb_fd = open( copyfname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) == -1 ) { perror( copyfname ); exit ( EXIT_FAILURE ); } ld->ld_sb->sb_options = copyoptions; } bound = 0; timeout.tv_sec = 0; timeout.tv_usec = 0; (void) memset( line, '\0', sizeof(line) ); while ( get_line( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) { command1 = line[0]; command2 = line[1]; command3 = line[2]; switch ( command1 ) { case 'a': /* add or abandon */ switch ( command2 ) { case 'd': /* add */ get_line( dn, sizeof(dn), stdin, "dn? " ); strcat( dn, dnsuffix ); if ( (attrs = get_modlist( NULL, "attr? ", "value? " )) == NULL ) break; if ( (id = ldap_add( ld, dn, attrs )) == -1 ) ldap_perror( ld, "ldap_add" ); else printf( "Add initiated with id %d\n", id ); break; case 'b': /* abandon */ get_line( line, sizeof(line), stdin, "msgid? " ); id = atoi( line ); if ( ldap_abandon( ld, id ) != 0 ) ldap_perror( ld, "ldap_abandon" ); else printf( "Abandon successful\n" ); break; default: printf( "Possibilities: [ad]d, [ab]ort\n" ); } break; case 'b': /* asynch bind */ method = LDAP_AUTH_SIMPLE; get_line( dn, sizeof(dn), stdin, "dn? " ); strcat( dn, dnsuffix ); if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) get_line( passwd, sizeof(passwd), stdin, "password? " ); else passwd[0] = '\0'; if ( ldap_bind( ld, dn, passwd, method ) == -1 ) { fprintf( stderr, "ldap_bind failed\n" ); ldap_perror( ld, "ldap_bind" ); } else { printf( "Bind initiated\n" ); bound = 1; } break; case 'B': /* synch bind */ method = LDAP_AUTH_SIMPLE; get_line( dn, sizeof(dn), stdin, "dn? " ); strcat( dn, dnsuffix ); if ( dn[0] != '\0' ) get_line( passwd, sizeof(passwd), stdin, "password? " ); else passwd[0] = '\0'; if ( ldap_bind_s( ld, dn, passwd, method ) != LDAP_SUCCESS ) { fprintf( stderr, "ldap_bind_s failed\n" ); ldap_perror( ld, "ldap_bind_s" ); } else { printf( "Bind successful\n" ); bound = 1; } break; case 'c': /* compare */ get_line( dn, sizeof(dn), stdin, "dn? " ); strcat( dn, dnsuffix ); get_line( attr, sizeof(attr), stdin, "attr? " ); get_line( value, sizeof(value), stdin, "value? " ); if ( (id = ldap_compare( ld, dn, attr, value )) == -1 ) ldap_perror( ld, "ldap_compare" ); else printf( "Compare initiated with id %d\n", id ); break; case 'd': /* turn on debugging */ #ifdef LDAP_DEBUG get_line( line, sizeof(line), stdin, "debug level? " ); ldap_debug = atoi( line ); #ifdef LBER_DEBUG if ( ldap_debug & LDAP_DEBUG_PACKETS ) { ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug ); } #endif #else printf( "Compile with -DLDAP_DEBUG for debugging\n" ); #endif break; case 'E': /* explode a dn */ get_line( line, sizeof(line), stdin, "dn? " ); exdn = ldap_explode_dn( line, 0 ); for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) { printf( "\t%s\n", exdn[i] ); } break; case 'g': /* set next msgid */ get_line( line, sizeof(line), stdin, "msgid? " ); ld->ld_msgid = atoi( line ); break; case 'v': /* set version number */ get_line( line, sizeof(line), stdin, "version? " ); ld->ld_version = atoi( line ); break; case 'm': /* modify or modifyrdn */ if ( strncmp( line, "modify", 4 ) == 0 ) { get_line( dn, sizeof(dn), stdin, "dn? " ); strcat( dn, dnsuffix ); if ( (mods = get_modlist( "mod (0=>add, 1=>delete, 2=>replace -1=>done)? ", "attribute type? ", "attribute value? " )) == NULL ) break; if ( (id = ldap_modify( ld, dn, mods )) == -1 ) ldap_perror( ld, "ldap_modify" ); else printf( "Modify initiated with id %d\n", id ); } else if ( strncmp( line, "modrdn", 4 ) == 0 ) { get_line( dn, sizeof(dn), stdin, "dn? " ); strcat( dn, dnsuffix ); get_line( rdn, sizeof(rdn), stdin, "newrdn? " ); if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 ) ldap_perror( ld, "ldap_modrdn" ); else printf( "Modrdn initiated with id %d\n", id ); } else { printf( "Possibilities: [modi]fy, [modr]dn\n" ); } break; case 'q': /* quit */ ldap_unbind( ld ); exit( EXIT_SUCCESS ); break; case 'r': /* result or remove */ switch ( command3 ) { case 's': /* result */ get_line( line, sizeof(line), stdin, "msgid (-1=>any)? " ); if ( line[0] == '\0' ) id = -1; else id = atoi( line ); get_line( line, sizeof(line), stdin, "all (0=>any, 1=>all)? " ); if ( line[0] == '\0' ) all = 1; else all = atoi( line ); if (( msgtype = ldap_result( ld, id, all, &timeout, &res )) < 1 ) { ldap_perror( ld, "ldap_result" ); break; } printf( "\nresult: msgtype %d msgid %d\n", msgtype, res->lm_msgid ); handle_result( ld, res ); res = NULL; break; case 'm': /* remove */ get_line( dn, sizeof(dn), stdin, "dn? " ); strcat( dn, dnsuffix ); if ( (id = ldap_delete( ld, dn )) == -1 ) ldap_perror( ld, "ldap_delete" ); else printf( "Remove initiated with id %d\n", id ); break; default: printf( "Possibilities: [rem]ove, [res]ult\n" ); break; } break; case 's': /* search */ get_line( dn, sizeof(dn), stdin, "searchbase? " ); strcat( dn, dnsuffix ); get_line( line, sizeof(line), stdin, "scope (0=baseObject, 1=oneLevel, 2=subtree, 3=children)? " ); scope = atoi( line ); get_line( filter, sizeof(filter), stdin, "search filter (e.g. sn=jones)? " ); types = get_list( "attrs to return? " ); get_line( line, sizeof(line), stdin, "attrsonly (0=attrs&values, 1=attrs only)? " ); attrsonly = atoi( line ); if (( id = ldap_search( ld, dn, scope, filter, types, attrsonly )) == -1 ) { ldap_perror( ld, "ldap_search" ); } else { printf( "Search initiated with id %d\n", id ); } free_list( types ); break; case 't': /* set timeout value */ get_line( line, sizeof(line), stdin, "timeout? " ); timeout.tv_sec = atoi( line ); break; case 'p': /* parse LDAP URL */ get_line( line, sizeof(line), stdin, "LDAP URL? " ); if (( i = ldap_url_parse( line, &ludp )) != 0 ) { fprintf( stderr, "ldap_url_parse: error %d\n", i ); } else { printf( "\t host: " ); if ( ludp->lud_host == NULL ) { printf( "DEFAULT\n" ); } else { printf( "<%s>\n", ludp->lud_host ); } printf( "\t port: " ); if ( ludp->lud_port == 0 ) { printf( "DEFAULT\n" ); } else { printf( "%d\n", ludp->lud_port ); } printf( "\t dn: <%s>\n", ludp->lud_dn ); printf( "\t attrs:" ); if ( ludp->lud_attrs == NULL ) { printf( " ALL" ); } else { for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) { printf( " <%s>", ludp->lud_attrs[ i ] ); } } printf( "\n\t scope: %s\n", ludp->lud_scope == LDAP_SCOPE_BASE ? "baseObject" : ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "oneLevel" : ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "subtree" #ifdef LDAP_SCOPE_SUBORDINATE : ludp->lud_scope == LDAP_SCOPE_SUBORDINATE ? "children" #endif : "**invalid**" ); printf( "\tfilter: <%s>\n", ludp->lud_filter ); ldap_free_urldesc( ludp ); } break; case 'n': /* set dn suffix, for convenience */ get_line( line, sizeof(line), stdin, "DN suffix? " ); strcpy( dnsuffix, line ); break; case 'o': /* set ldap options */ get_line( line, sizeof(line), stdin, "alias deref (0=never, 1=searching, 2=finding, 3=always)?" ); ld->ld_deref = atoi( line ); get_line( line, sizeof(line), stdin, "timelimit?" ); ld->ld_timelimit = atoi( line ); get_line( line, sizeof(line), stdin, "sizelimit?" ); ld->ld_sizelimit = atoi( line ); LDAP_BOOL_ZERO(&ld->ld_options); get_line( line, sizeof(line), stdin, "Recognize and chase referrals (0=no, 1=yes)?" ); if ( atoi( line ) != 0 ) { LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_REFERRALS); get_line( line, sizeof(line), stdin, "Prompt for bind credentials when chasing referrals (0=no, 1=yes)?" ); if ( atoi( line ) != 0 ) { ldap_set_rebind_proc( ld, bind_prompt, NULL ); } } break; case '?': /* help */ printf( "Commands: [ad]d [ab]andon [b]ind\n" " [B]ind async [c]ompare\n" " [modi]fy [modr]dn [rem]ove\n" " [res]ult [s]earch [q]uit/unbind\n\n" " [d]ebug set ms[g]id\n" " d[n]suffix [t]imeout [v]ersion\n" " [?]help [o]ptions" " [E]xplode dn [p]arse LDAP URL\n" ); break; default: printf( "Invalid command. Type ? for help.\n" ); break; } (void) memset( line, '\0', sizeof(line) ); } return( 0 ); }