int
main( int argc, char **argv )
{
LDAP *ld;
LDAPMessage *result, *e;
BerElement *ber;
char *a, *dn;
char **vals;
int i;
/* get a handle to an LDAP connection */
if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
perror( "ldap_init" );
return( 1 );
}
/* authenticate to the directory as nobody */
if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_simple_bind_s" );
ldap_unbind( ld );
return( 1 );
}
/* search for all entries with surname of Jensen */
if ( ldap_search_s( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE,
MY_FILTER, NULL, 0, &result ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_search_s" );
if ( result == NULL ) {
ldap_unbind( ld );
return( 1 );
}
}
/* for each entry print out name + all attrs and values */
for ( e = ldap_first_entry( ld, result ); e != NULL;
e = ldap_next_entry( ld, e ) ) {
if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
printf( "dn: %s\n", dn );
ldap_memfree( dn );
}
for ( a = ldap_first_attribute( ld, e, &ber );
a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
if ((vals = ldap_get_values( ld, e, a)) != NULL ) {
for ( i = 0; vals[i] != NULL; i++ ) {
printf( "%s: %s\n", a, vals[i] );
}
ldap_value_free( vals );
}
ldap_memfree( a );
}
if ( ber != NULL ) {
ber_free( ber, 0 );
}
printf( "\n" );
}
ldap_msgfree( result );
ldap_unbind( ld );
return( 0 );
}
int ldap_add_machine_account(const char *ldap_host,
const char *hostname, const char *realm)
{
LDAP *ld;
int ldap_port = LDAP_PORT;
char *bind_path;
int rc;
LDAPMessage *res;
void *sasl_defaults;
int version = LDAP_VERSION3;
bind_path = build_dn(realm);
printf("Creating host account for %s@%s\n", hostname, realm);
ld = ldap_open(ldap_host, ldap_port);
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
rc = ldap_sasl_interactive_bind_s(ld, NULL, NULL, NULL, NULL, 0,
sasl_interact, NULL);
if (rc != LDAP_SUCCESS) {
ldap_perror(ld, "ldap_bind");
goto failed;
}
rc = find_host(ld, &res, bind_path, hostname);
if (rc == LDAP_SUCCESS && ldap_count_entries(ld, res) == 1) {
printf("Host account for %s already exists\n", hostname);
goto finished;
}
rc = add_host(ld, bind_path, hostname, realm);
if (rc != LDAP_SUCCESS) {
ldap_perror(ld, "add_host");
goto failed;
}
rc = find_host(ld, &res, bind_path, hostname);
if (rc != LDAP_SUCCESS || ldap_count_entries(ld, res) != 1) {
ldap_perror(ld, "find_host test");
goto failed;
}
printf("Successfully added machine account for %s\n", hostname);
finished:
free(bind_path);
return 0;
failed:
printf("ldap_add_machine_account failed\n");
free(bind_path);
ldap_unbind(ld);
return 1;
}
int
main( int argc, char **argv )
{
LDAP *ld;
LDAPMod mod0, mod1, *mods[ 3 ];
char *vals0[ 2 ], *vals1[ 2 ], buf[ 128 ];
time_t now;
/* get an LDAP session handle and authenticate */
if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
perror( "ldap_init" );
return( 1 );
}
if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_simple_bind_s" );
return( 1 );
}
/* construct the list of modifications to make */
mod0.mod_op = LDAP_MOD_REPLACE;
mod0.mod_type = "mail";
vals0[0] = "*****@*****.**";
vals0[1] = NULL;
mod0.mod_values = vals0;
mod1.mod_op = LDAP_MOD_ADD;
mod1.mod_type = "description";
time( &now );
sprintf( buf, "This entry was modified with the modattrs program on %s",
ctime( &now ));
/* Get rid of \n which ctime put on the end of the time string */
if ( buf[ strlen( buf ) - 1 ] == '\n' ) {
buf[ strlen( buf ) - 1 ] = '\0';
}
vals1[ 0 ] = buf;
vals1[ 1 ] = NULL;
mod1.mod_values = vals1;
mods[ 0 ] = &mod0;
mods[ 1 ] = &mod1;
mods[ 2 ] = NULL;
/* make the change and clean up after ourselves */
if ( ldap_modify_s( ld, ENTRYDN, mods ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_modify_s" );
return( 1 );
}
ldap_unbind( ld );
printf( "modification was successful\n" );
return( 0 );
}
/* init && bind */
int ldap_connect(ldap_opt_t * ldap) {
int version = LDAP_VERSION3;
if (!ldap->servers)
return FAILURE;
/* Connection Init and setup */
ldap->ld = ldap_init(ldap->servers, LDAP_PORT);
if (!ldap->ld) {
ldap_perror(ldap->ld, "ldap_init()");
return FAILURE;
}
if ( ldap_set_option(ldap->ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) {
ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION)");
return FAILURE;
}
/* Timeouts setup */
if (ldap_set_option(ldap->ld, LDAP_OPT_NETWORK_TIMEOUT, &ldap->b_timeout) != LDAP_SUCCESS) {
ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT)");
}
if (ldap_set_option(ldap->ld, LDAP_OPT_TIMEOUT, &ldap->s_timeout) != LDAP_SUCCESS) {
ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_TIMEOUT)");
}
/* TLS support */
if ( (ldap->tls == -1) || (ldap->tls == 1) ) {
if (ldap_start_tls_s(ldap->ld, NULL, NULL ) != LDAP_SUCCESS) {
/* failed then reinit the initial connect */
ldap_perror(ldap->ld, "ldap_connect: (TLS) ldap_start_tls()");
if (ldap->tls == 1)
return FAILURE;
ldap->ld = ldap_init(ldap->servers, LDAP_PORT);
if (!ldap->ld) {
ldap_perror(ldap->ld, "ldap_init()");
return FAILURE;
}
if ( ldap_set_option(ldap->ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) {
ldap_perror(ldap->ld, "ldap_set_option()");
return FAILURE;
}
}
}
if ( ldap_simple_bind_s(ldap->ld, ldap->binddn, ldap->bindpw) != LDAP_SUCCESS) {
ldap_perror(ldap->ld, "ldap_simple_bind_s()");
return FAILURE;
}
/* says it is connected */
FLAG_SET_CONNECTED(ldap->flags);
return SUCCESS;
}
unsigned int
GetUserLevel(LDAP *ld,char *user)
{
LDAPMessage *res, *e;
char *a;
BerElement *ptr;
char **vals;
unsigned int ret;
char *filter = GetClientFilter(user);
if (ldap_search_s(ld, CLIENT_PATH, LDAP_SCOPE_SUBTREE,filter, NULL, 0, &res)!= LDAP_SUCCESS) {
printf("%s\n",filter);
ldap_perror(ld, "ldap_search_s");
exit(1);
}
if( (e=ldap_first_entry(ld, res)) == NULL )
fprintf(stderr, "LDAP error: user not found");
a = ldap_first_attribute(ld, e, &ptr);
while( strcmp(a,"internationaliSDNNumber") != 0 )
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
ret = atoi(vals[0]);
/* free the search results */
ldap_msgfree(res);
return ret;
}
int ldap_parse_whoami(
LDAP *ld,
LDAPMessage *res,
struct berval **authzid )
{
int rc;
char *retoid = NULL;
assert( ld != NULL );
assert( LDAP_VALID( ld ) );
assert( res != NULL );
assert( authzid != NULL );
*authzid = NULL;
rc = ldap_parse_extended_result( ld, res, &retoid, authzid, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_whoami" );
return rc;
}
ber_memfree( retoid );
return rc;
}
/*
* Function: copy_value
* Copy value from a LDAP attribute to $copy
* INPUT:
* $ld: the connection with the LDAP server
* $entry: the entry who contains attributes
* $attribut: this attribut
* $copy: where data can go
* OUTPUT:
* void
*/
static void copy_value(LDAP *ld, LDAPMessage *entry, const char *attribut,
char **copy, const char *username)
{
char ** values;
values=ldap_get_values(ld,entry, (char *)attribut);
if (values==NULL)
{
#ifdef HAVE_LDAP_RESULT2ERROR
int ld_errno = ldap_result2error(ld,entry,0);
if (ld_errno && ld_errno != LDAP_DECODING_ERROR)
/* We didn't ask for this attribute */
ldap_perror(ld,"ldap_get_values");
#else
if (ld->ld_errno != LDAP_DECODING_ERROR)
/* We didn't ask for this attribute */
ldap_perror(ld,"ldap_get_values");
#endif
*copy=NULL;
return;
}
/* We accept only attribute with one value */
else if (ldap_count_values(values)>1)
{
*copy=strdup(values[0]);
syslog(LOG_DAEMON,
"authldaplib: duplicate attribute %s for %s\n",
attribut,
username);
*copy=NULL;
}
/* We accept only attribute with one value */
else if (ldap_count_values(values)!=1)
{
*copy=NULL;
}
else
{
*copy=strdup(values[0]);
}
#if DEBUG_LDAP
syslog(LOG_DAEMON|LOG_CRIT,"copy_value %s: %s\n",attribut,values[0]);
#endif
ldap_value_free(values);
}
int
main( int argc, char **argv )
{
int version;
LDAP *ld;
char *target;
int rc;
struct berval userid;
struct berval oldpasswd;
struct berval newpasswd;
struct berval genpasswd;
/* Use LDAPv3. */
version = LDAP_VERSION3;
if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version )
!= 0 ) {
fprintf( stderr,
"ldap_set_option protocol version to %d failed\n",
version );
return ( 1 );
}
/* Get a handle to an LDAP connection. */
if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
perror( "ldap_init" );
return( 1 );
}
/* Authenticate to the directory. */
if ( ldap_simple_bind_s( ld, ENTRYDN, ENTRYPW ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_simple_bind_s" );
return( 1 );
}
/* Change the password using the extended operation. */
userid.bv_val = ENTRYDN;
userid.bv_len = strlen(userid.bv_val);
oldpasswd.bv_val = ENTRYPW;
oldpasswd.bv_len = strlen(oldpasswd.bv_val);
newpasswd.bv_val = "ChangeMe!";
newpasswd.bv_len = strlen(newpasswd.bv_val);
rc = ldap_passwd_s(
ld, &userid, &oldpasswd, &newpasswd, &genpasswd, NULL, NULL );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_passwd_s: %s\n", ldap_err2string( rc ) );
ldap_unbind( ld );
return( 1 );
} else {
printf( "Successfully changed password for %s\n", userid.bv_val );
}
ldap_unbind( ld );
return( 0 );
}
/* Like isc_result_check, only for LDAP */
void
ldap_result_check (char *msg, char *dn, int err)
{
if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS))
{
fprintf(stderr, "Error while adding %s (%s):\n",
dn, msg);
ldap_perror (conn, dn);
ldap_unbind_s (conn);
exit (-1);
}
}
static void
print_ldap_result( LDAP *ld, LDAPMessage *lm, const char *s )
{
ldap_result2error( ld, lm, 1 );
ldap_perror( ld, s );
/*
if ( ld->ld_error != NULL && *ld->ld_error != '\0' )
fprintf( stderr, "Additional info: %s\n", ld->ld_error );
if ( LDAP_NAME_ERROR( ld->ld_errno ) && ld->ld_matched != NULL )
fprintf( stderr, "Matched DN: %s\n", ld->ld_matched );
*/
}
void ldap_close(ldap_opt_t * ldap) {
if (!ldap)
return;
if ( ldap_unbind_ext(ldap->ld, NULL, NULL) < 0)
ldap_perror(ldap->ld, "ldap_unbind()");
ldap->ld = NULL;
FLAG_SET_DISCONNECTED(ldap->flags);
return;
}
/* -1 if trouble
0 if user is NOT member of current server group
1 if user IS MEMBER of current server group
*/
int ldap_ismember(ldap_opt_t * l, const char * user) {
LDAPMessage *res;
char * filter;
int i;
if ((!l->sgroup) || !(l->g_basedn))
return 1;
/* Am i still connected ? RETRY n times */
/* XXX TODO: setup some conf value for retrying */
if (!(l->flags & FLAG_CONNECTED))
for (i = 0 ; i < 2 ; i++)
if (ldap_connect(l) == 0)
break;
/* quick check for attempts to be evil */
if ((strchr(user, '(') != NULL) || (strchr(user, ')') != NULL) ||
(strchr(user, '*') != NULL) || (strchr(user, '\\') != NULL))
return FAILURE;
/* build filter for LDAP request */
REQUEST_GROUP(filter, l->fgroup, user);
if (ldap_search_st( l->ld,
l->g_basedn,
LDAP_SCOPE_SUBTREE,
filter,
NULL, 0, &l->s_timeout, &res) != LDAP_SUCCESS) {
ldap_perror(l->ld, "ldap_search_st()");
free(filter);
/* XXX error on search, timeout etc.. close ask for reconnect */
ldap_close(l);
return FAILURE;
}
free(filter);
/* check if any results */
if (ldap_count_entries(l->ld, res) > 0) {
ldap_msgfree(res);
return 1;
}
ldap_msgfree(res);
return 0;
}
static void *compare_thread(char *id) {
char dn[BUFSIZ], name[40], cmpval[40];
int rc, randval, opcount;
struct berval bv;
void *voidrc = (void *)0;
printf("Starting compare_thread %s.\n", id);
opcount = 0;
tsd_setup();
for (;;) {
randval = get_random_id();
sprintf(name, "%d", randval);
sprintf(dn, "cn=%s, " BASE, name);
sprintf(cmpval, "%d", randval + random() % 3);
bv.bv_val = cmpval;
bv.bv_len = strlen(cmpval);
printf("Thread %s: Comparing cn in entry (%s) with %s\n", id, dn, cmpval);
rc = ldap_compare_ext_s(ld, dn, "cn", &bv, NULL, NULL);
switch (rc) {
case LDAP_COMPARE_TRUE:
printf("Thread %s: entry (%s) contains cn %s\n", id, dn, cmpval);
break;
case LDAP_COMPARE_FALSE:
printf("Thread %s: entry (%s) doesn't contain cn %s\n", id, dn, cmpval);
break;
default:
ldap_perror(ld, "ldap_compare_ext_s");
if (rc == LDAP_SERVER_DOWN) {
perror("ldap_compare_ext_s");
voidrc = (void *)1;
goto compare_cleanup_and_return;
}
}
++opcount;
if (maxops != 0 && opcount >= maxops) {
break;
}
}
compare_cleanup_and_return:
printf("Thread %s: attempted %d compare operations\n", id, opcount);
set_ld_error(0, NULL, NULL, NULL); /* disposes of memory */
tsd_cleanup();
free(id);
return voidrc;
}
static void *bind_thread(char *id) {
char dn[BUFSIZ], name[40];
int rc, opcount;
void *voidrc = (void *)0;
printf("Starting bind_thread %s.\n", id);
opcount = 0;
tsd_setup();
for (;;) {
sprintf(name, "%d", get_random_id());
sprintf(dn, "cn=%s, " BASE, name);
printf("Thread %s: Binding as entry (%s)\n", id, dn);
if ((rc = ldap_simple_bind_s(ld, dn, name)) != LDAP_SUCCESS) {
ldap_perror(ld, "ldap_simple_bind_s");
if (rc == LDAP_SERVER_DOWN) {
perror("ldap_simple_bind_s");
voidrc = (void *)1;
goto bind_cleanup_and_return;
}
} else {
printf("Thread %s: bound as entry (%s)\n", id, dn);
}
++opcount;
if (maxops != 0 && opcount >= maxops) {
break;
}
}
bind_cleanup_and_return:
printf("Thread %s: attempted %d bind operations\n", id, opcount);
set_ld_error(0, NULL, NULL, NULL); /* disposes of memory */
tsd_cleanup();
free(id);
return voidrc;
}
int
main( int argc, char **argv )
{
LDAP *ld;
LDAPMessage *result, *e;
char *attrfail, *matched = NULL, *errmsg = NULL;
char **vals, **referrals;
int rc, parse_rc, version;
unsigned long sortrc;
LDAPControl *sortctrl = NULL;
LDAPControl *requestctrls[ 2 ];
LDAPControl **resultctrls = NULL;
LDAPsortkey **sortkeylist;
/* Arrange for all connections to use LDAPv3 */
version = LDAP_VERSION3;
if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version )
!= 0 ) {
fprintf( stderr,
"ldap_set_option protocol version to %d failed\n",
version );
return( 1 );
}
/* Get a handle to an LDAP connection */
if ( (ld = ldap_init( MY_HOST, MY_PORT ) ) == NULL ) {
perror( "ldap_init" );
return( 1 );
}
/* Authenticate as Directory Manager */
if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_simple_bind_s" );
ldap_unbind( ld );
return( 1 );
}
/*
* Create a sort key list that specifies the sort order of the results.
* Sort the results by last name first, then by first name.
*/
ldap_create_sort_keylist( &sortkeylist, "description -givenname" );
/* Create the sort control. */
rc = ldap_create_sort_control( ld, sortkeylist, 1, &sortctrl );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_create_sort_control: %s\n",
ldap_err2string( rc ) );
ldap_unbind( ld );
return( 1 );
}
requestctrls[ 0 ] = sortctrl;
requestctrls[ 1 ] = NULL;
/* Search for all entries in Sunnyvale */
rc = ldap_search_ext_s( ld, PEOPLE_BASE, LDAP_SCOPE_SUBTREE,
"(objectclass=person)", NULL, 0, requestctrls, NULL, NULL, 0,
&result );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_search_ext_s: %s\n",
ldap_err2string( rc ) );
ldap_unbind( ld );
return( 1 );
}
parse_rc = ldap_parse_result( ld, result, &rc, &matched, &errmsg,
&referrals, &resultctrls, 0 );
if ( parse_rc != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_parse_result: %s\n",
ldap_err2string( parse_rc ) );
ldap_unbind( ld );
return( 1 );
}
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_search_ext_s: %s\n",
ldap_err2string( rc ) );
if ( errmsg != NULL && *errmsg != '\0' ) {
fprintf( stderr, "%s\n", errmsg );
}
ldap_unbind( ld );
return( 1 );
}
parse_rc = ldap_parse_sort_control( ld, resultctrls, &sortrc,
&attrfail );
if ( parse_rc != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_parse_sort_control: %s\n",
ldap_err2string( parse_rc ) );
ldap_unbind( ld );
return( 1 );
}
if ( sortrc != LDAP_SUCCESS ) {
fprintf( stderr, "Sort error: %s\n", ldap_err2string( sortrc ));
if ( attrfail != NULL && *attrfail != '\0' ) {
fprintf( stderr, "Bad attribute: %s\n", attrfail);
}
ldap_unbind( ld );
return( 1 );
}
/* for each entry print out name + all attrs and values */
for ( e = ldap_first_entry( ld, result ); e != NULL;
e = ldap_next_entry( ld, e ) ) {
if ((vals = ldap_get_values( ld, e, "sn")) != NULL ) {
if ( vals[0] != NULL ) {
printf( "%s", vals[0] );
}
ldap_value_free( vals );
}
if ((vals = ldap_get_values( ld, e, "givenname")) != NULL ) {
if ( vals[0] != NULL ) {
printf( "\t%s", vals[0] );
}
ldap_value_free( vals );
}
putchar( '\n' );
}
ldap_msgfree( result );
ldap_free_sort_keylist( sortkeylist );
ldap_control_free( sortctrl );
ldap_controls_free( resultctrls );
ldap_unbind( ld );
return( 0 );
}
/**
* Get certificate from LDAP-Server.
*/
static int ldap_get_certificate(const char *login) {
LDAP *ldap_connection;
int entries;
LDAPMessage *res;
LDAPMessage *entry;
struct berval **bvals = NULL;
BerElement *ber = NULL;
char *name = NULL;
char filter_str[100];
char *attrs[2];
int rv = LDAP_SUCCESS;
void *bv_val;
char uri[4096];
char uribuf[4096];
char *uris[LDAP_CONFIG_URI_MAX + 1];
const char *p;
int current_uri = 0, start_uri = 0;
char *buffer;
size_t buflen;
uris[0] = NULL;
attrs[0] = (char *)attribute;
attrs[1] = NULL;
DBG1("ldap_get_certificate(): begin login = %s", login);
/* Put the login to the %s in Filterstring */
snprintf(filter_str, sizeof(filter_str), filter, login);
DBG1("ldap_get_certificate(): filter_str = %s", filter_str);
/* parse and split URI config entry */
buffer = uribuf;
buflen = sizeof (uribuf);
strncpy(uri, ldapURI, sizeof (uri)-1);
/* Add a space separated list of URIs */
/* TODO: no spaces in one URI allowed => URL-encoding? */
if(strncmp(ldapURI,"",1))
for (p = uri; p != NULL; )
{
char *q = strchr (p, ' ');
if (q != NULL)
*q = '\0';
if( strlen(p) > 1 ) /* SAW: don't add spaces */
rv = ldap_add_uri (uris, p, &buffer, &buflen);
p = (q != NULL) ? ++q : NULL;
if (rv)
break;
}
/* set the default port if no port is given */
if (ldapport == 0)
{
if (ssl_on == SSL_LDAPS)
{
ldapport = LDAPS_PORT;
}
else
{
ldapport = LDAP_PORT;
}
}
/* add ldaphost to uris if set, nevermind "uri" is set in config */
if( strlen(ldaphost) > 1 )
{
/* No port specified in URI and non-default port specified */
snprintf (uri, sizeof (uri), "%s%s:%d",
ssl_on == SSL_LDAPS ? "ldaps://" : "ldap://",
ldaphost, ldapport);
ldap_add_uri (uris, uri, &buffer, &buflen);
}
if (uris[0] == NULL)
{
DBG("ldap_get_certificate(): Nor URI or usable Host entry found");
return(-1);
}
/* Attempt to connect to specified URI in order until do_open succeed */
start_uri = current_uri;
do
{
if(uris[current_uri] != NULL)
DBG1("ldap_get_certificate(): try do_open for %s", uris[current_uri]);
rv = do_open(&ldap_connection, uris[current_uri], ldapport, ssl_on);
/* hot-fix, because in some circumstances an LDAP_SERVER_DOWN is returned */
if (rv != LDAP_UNAVAILABLE && rv != LDAP_SERVER_DOWN)
break;
current_uri++;
if (uris[current_uri] == NULL)
current_uri = 0;
}
while (current_uri != start_uri);
if( rv != LDAP_SUCCESS )
{
DBG("ldap_get_certificate(): do_open failed");
return(-2);
}
/* TODO: (1) The problem: if an working uri is found it is used
and if there is an (SSL-)error, no other one is tried
(2) There is no session, so we don't know which LDAP_Server
is the last with a successful connection. So we try the same
server again. Perhaps create a state file/smem/etc. ?
*/
rv = ldap_search_s(
ldap_connection,
base,
sscope[scope],
filter_str,
attrs,
0,
&res);
if ( rv != LDAP_SUCCESS ) {
DBG1("ldap_search_s() failed: %s", ldap_err2string(rv));
ldap_unbind_s(ldap_connection);
return(-3);
} else {
entries = ldap_count_entries(ldap_connection, res);
DBG1("ldap_get_certificate(): entries = %d", entries);
if( entries > 1 ) {
DBG("! Warning, more than one entry found. Please choose \"filter\" and");
DBG("! \"attribute\" in ldap mapper config section of your config,");
DBG("! that only one entry with one attribute is matched");
DBG("! Maybe there is another problem in ldap with not unique user");
DBG("! entries in your LDAP server.");
}
/* Only first entry is used. "filter" and "attribute"
* should be choosen, so that only one entry with
* one attribute is returned */
if ( NULL == (entry = ldap_first_entry(ldap_connection, res))){
DBG("ldap_first_entry() failed: %s");
ldap_unbind_s(ldap_connection);
return(-4);
}
/* Only first attribute is used. See comment above... */
if ( NULL == (name = ldap_first_attribute(ldap_connection, res, &ber))){
DBG("ldap_first_attribute() failed (rc=%d)");
ldap_unbind_s(ldap_connection);
return(-5);
}
DBG1("attribute name = %s", name);
bvals = ldap_get_values_len(ldap_connection, entry, name);
certcnt = ldap_count_values_len(bvals);
DBG1("number of user certificates = %d", certcnt);
ldap_x509 = malloc(sizeof(X509*) * certcnt );
if (NULL == ldap_x509)
{
DBG("not enough memory");
return(-7);
}
rv = 0;
while(rv < certcnt )
{
/* SaW: not nifty, but otherwise gcc doesn't optimize */
bv_val = &bvals[rv]->bv_val;
#ifdef HAVE_NSS
{
SECItem derdata;
derdata.data = bv_val;
derdata.len = bvals[rv]->bv_len;
ldap_x509[rv] = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
&derdata, NULL, 0, 1);
}
#else
ldap_x509[rv] = d2i_X509(NULL, ((const unsigned char **) bv_val), bvals[rv]->bv_len);
#endif
if (NULL == ldap_x509[rv]) {
DBG1("d2i_X509() failed for certificate %d", rv);
free(ldap_x509);
#ifdef HAVE_NSS
{
for (rv=0; rv<certcnt; rv++)
if (ldap_x509[rv])
CERT_DestroyCertificate(ldap_x509[rv]);
}
#endif
certcnt=0;
ldap_msgfree(res);
ldap_unbind_s(ldap_connection);
return(-6);
}else {
DBG1("d2i_X509(): success for certificate %d", rv);
}
rv++;
}
ldap_msgfree(res);
/* TODO: this leads to a segfault, but the doc said ... */
/* ldap_value_free_len(bvals); */
}
if ( 0 != ldap_unbind_s(ldap_connection)) {
DBG("ldap_unbind_s() failed.");
ldap_perror(ldap_connection, "ldap_unbind_s() failed.");
return(-1);
};
DBG("ldap_get_certificate(): end");
return 1;
}
static void
do_modrdn( char *uri, char *host, int port, char *manager,
char *passwd, char *entry, int maxloop )
{
LDAP *ld = NULL;
int i;
pid_t pid;
char *DNs[2];
char *rdns[2];
pid = getpid();
DNs[0] = entry;
DNs[1] = strdup( entry );
/* reverse the RDN, make new DN */
{
char *p1, *p2;
p1 = strchr( entry, '=' ) + 1;
p2 = strchr( p1, ',' );
*p2 = '\0';
rdns[1] = strdup( entry );
*p2-- = ',';
for (i = p1 - entry;p2 >= p1;)
DNs[1][i++] = *p2--;
DNs[1][i] = '\0';
rdns[0] = strdup( DNs[1] );
DNs[1][i] = ',';
}
if ( uri ) {
ldap_initialize( &ld, uri );
} else {
ld = ldap_init( host, port );
}
if ( ld == NULL ) {
perror( "ldap_init" );
exit( EXIT_FAILURE );
}
{
int version = LDAP_VERSION3;
(void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
&version );
}
if ( ldap_bind_s( ld, manager, passwd, LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
exit( EXIT_FAILURE );
}
fprintf( stderr, "PID=%ld - Modrdn(%d): entry=\"%s\".\n",
(long) pid, maxloop, entry );
for ( i = 0; i < maxloop; i++ ) {
int rc;
if (( rc = ldap_modrdn2_s( ld, DNs[0], rdns[0], 0 ))
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_modrdn" );
if ( rc != LDAP_NO_SUCH_OBJECT ) break;
continue;
}
if (( rc = ldap_modrdn2_s( ld, DNs[1], rdns[1], 1 ))
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_modrdn" );
if ( rc != LDAP_NO_SUCH_OBJECT ) break;
continue;
}
}
fprintf( stderr, " PID=%ld - Modrdn done.\n", (long) pid );
ldap_unbind( ld );
}
int ldap_parse_verify_credentials(
LDAP *ld,
LDAPMessage *res,
int * code,
char ** diagmsg,
struct berval **cookie,
struct berval **screds,
LDAPControl ***ctrls)
{
int rc;
char *retoid = NULL;
struct berval *retdata = NULL;
assert(ld != NULL);
assert(LDAP_VALID(ld));
assert(res != NULL);
assert(code != NULL);
assert(diagmsg != NULL);
rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
if( rc != LDAP_SUCCESS ) {
ldap_perror(ld, "ldap_parse_verify_credentials");
return rc;
}
if (retdata) {
ber_tag_t tag;
ber_len_t len;
ber_int_t i;
BerElement * ber = ber_init(retdata);
struct berval diagmsg_bv = BER_BVNULL;
if (!ber) {
rc = ld->ld_errno = LDAP_NO_MEMORY;
goto done;
}
ber_scanf(ber, "{im" /*"}"*/, &i, &diagmsg_bv);
if ( diagmsg != NULL ) {
*diagmsg = LDAP_MALLOC( diagmsg_bv.bv_len + 1 );
AC_MEMCPY( *diagmsg, diagmsg_bv.bv_val, diagmsg_bv.bv_len );
(*diagmsg)[diagmsg_bv.bv_len] = '\0';
}
*code = i;
tag = ber_peek_tag(ber, &len);
if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) {
ber_scanf(ber, "O", cookie);
tag = ber_peek_tag(ber, &len);
}
if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) {
ber_scanf(ber, "O", screds);
tag = ber_peek_tag(ber, &len);
}
if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) {
int nctrls = 0;
char * opaque;
*ctrls = LDAP_MALLOC(1 * sizeof(LDAPControl *));
if (!*ctrls) {
rc = LDAP_NO_MEMORY;
goto done;
}
*ctrls[nctrls] = NULL;
for(tag = ber_first_element(ber, &len, &opaque);
tag != LBER_ERROR;
tag = ber_next_element(ber, &len, opaque))
{
LDAPControl *tctrl;
LDAPControl **tctrls;
tctrl = LDAP_CALLOC(1, sizeof(LDAPControl));
/* allocate pointer space for current controls (nctrls)
* + this control + extra NULL
*/
tctrls = !tctrl ? NULL : LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *));
if (!tctrls) {
/* allocation failure */
if (tctrl) LDAP_FREE(tctrl);
ldap_controls_free(*ctrls);
*ctrls = NULL;
rc = LDAP_NO_MEMORY;
goto done;
}
tctrls[nctrls++] = tctrl;
tctrls[nctrls] = NULL;
tag = ber_scanf(ber, "{a" /*"}"*/, &tctrl->ldctl_oid);
if (tag == LBER_ERROR) {
*ctrls = NULL;
ldap_controls_free(tctrls);
rc = LDAP_DECODING_ERROR;
goto done;
}
tag = ber_peek_tag(ber, &len);
if (tag == LBER_BOOLEAN) {
ber_int_t crit;
tag = ber_scanf(ber, "b", &crit);
tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0;
tag = ber_peek_tag(ber, &len);
}
if (tag == LBER_OCTETSTRING) {
tag = ber_scanf( ber, "o", &tctrl->ldctl_value );
} else {
BER_BVZERO( &tctrl->ldctl_value );
}
*ctrls = tctrls;
}
}
ber_free(ber, 1);
}
done:
ber_bvfree(retdata);
ber_memfree(retoid);
return rc;
}
static int domodrdn(
LDAP *ld,
char *dn,
char *rdn,
char *newSuperior,
int remove ) /* flag: remove old RDN */
{
int rc, code, id;
char *matcheddn=NULL, *text=NULL, **refs=NULL;
LDAPMessage *res;
if ( verbose ) {
printf( "Renaming \"%s\"\n", dn );
printf( "\tnew rdn=\"%s\" (%s old rdn)\n",
rdn, remove ? "delete" : "keep" );
if( newSuperior != NULL ) {
printf("\tnew parent=\"%s\"\n", newSuperior);
}
}
if( not ) return LDAP_SUCCESS;
rc = ldap_rename( ld, dn, rdn, newSuperior, remove,
NULL, NULL, &id );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: ldap_rename: %s (%d)\n",
prog, ldap_err2string( rc ), rc );
return rc;
}
rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
if ( rc < 0 ) {
ldap_perror( ld, "ldapmodrdn: ldap_result" );
return rc;
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
prog, ldap_err2string( rc ), rc );
return rc;
}
if( verbose || code != LDAP_SUCCESS ||
(matcheddn && *matcheddn) || (text && *text) || (refs && *refs) )
{
printf( "Rename Result: %s (%d)\n",
ldap_err2string( code ), code );
if( text && *text ) {
printf( "Additional info: %s\n", text );
}
if( matcheddn && *matcheddn ) {
printf( "Matched DN: %s\n", matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf("Referral: %s\n", refs[i] );
}
}
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( (void **) refs );
return code;
}
int main (int argc, char const *argv[])
{
/* code */
pam_handle_t *pamh = NULL;
char *user, *password , **userVals = NULL, **ouVals = NULL, **uriVals = NULL, *context;
LDAP *ldap = NULL;
LDAPMessage *userResults = NULL,*ouResults = NULL, *userEntry = NULL, *ouEntry = NULL;
//bool haveGpoDescriptor = 0;
user = getlogin();
int pamretval, ret, version, i = 0 ,j = 0, k = 0;
printf("----------------------------------\n");
printf("Getting session informations...\n");
printf("----------------------------------\n\n");
pamretval = pam_start("custom",user,&conv,&pamh);
if(pamretval == PAM_SUCCESS ){
/*
TODO:
-------------------------------------------------------------
Si pam_start(...) renvoie PAM_SUCCESS alors
récuperer:
- username
- password
*/
printf("Logged as: \033[32;m%s\033[00m.\n",user);
printf("\n\n----------------------------------\n");
printf("Connecting to %s\n",LDAP_SERVER);
printf("----------------------------------\n\n");
ldap = (LDAP*) ldap_open(LDAP_SERVER,LDAP_PORT);
if(!ldap){
printf("Unable to connect to the LDAP Server\n");
return PAM_SUCCESS; // Don't break the PAM Stack
}else{
version = LDAP_VERSION3;
ldap_set_option( ldap, LDAP_OPT_PROTOCOL_VERSION, &version );
printf("Connected to LDAP server: \033[32;mOk\033[00m.\n");
printf("\n\n----------------------------------\n");
printf("Binding...\n");
printf("----------------------------------\n\n");
/* Anonymous Binding */
ret = ldap_simple_bind_s(ldap, NULL, NULL);
if (ret != LDAP_SUCCESS) {
printf("Binding \033[31;mFailed\033[00m\n\n");
char *error;
ldap_perror(ldap,error);
printf("%s",error);
return PAM_SUCCESS;
}
printf("Binding: \033[32;mOk\033[00m.\n");
/*
TODO <Version compliquée>
--------------------------------------------------
Note:
Créer autant de LDAPMessage *results qu'il ya de recherche à faire
ldap_get_values return char** (un tableau/array)
context = (cn | ou = <username | ou_name)
------
1. Récupérer l'utilisateur
-> ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&userResults); context = (cn=username)
-> userEntry = ldap_get_first_entry(ldap,userResults);
2. Récupérer le nom de l'OU (OrganizationalUnit) de l'utilisateur
-> char ou_name = ldap_get_values(ldap,userEntry,"ou")
3. Récupérer l'OU en faisant une nouvelle recherche
-> ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&ouResults); context = (ou=ou_name)
-> ouEntry = ldap_get_first_entry(ldap,ouResults);
4. Chercher l'objectClass groupPolicyDescriptor dans l'OU de l'étape précédente
- char **vals = ldap_get_values(ldap,ouEntry,"objectClass")
NB: Un objet LDAP peut avoir plusieur objectClass
for(i=0 ; vals[i] != NULL;i++){
if(strcmp(vals[i], "groupPolicyDescriptor")){
4.1 Récuperer l'attribut "uri"
char **vals = ldap_get_values(ldap,ouEntry,"uri");
// action
system("/bin/sh <uri>")
}
}
*/
context = calloc(sizeof(char),strlen(user)+29);
sprintf(context,"(&(cn=%s)(objectClass=account))",user);
// 1. Récupérer l'utilisateur
ret = ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&userResults);
userEntry = ldap_first_entry(ldap,userResults);
if(userEntry){
// 2. Récupérer le(s) nom(s) de(s) l'OU (OrganizationalUnit) de l'utilisateur
userVals = (char**) ldap_get_values(ldap,userEntry,"ou");
for (i = 0 ; userVals[i] != NULL ; i++ ){
context = calloc(sizeof(char),strlen(userVals[i])+40);
sprintf(context,"(&(ou=%s)(objectClass=organizationalUnit))",userVals[i]);
// 3. Récupérer l'OU en faisant une nouvelle recherche
ret = ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0, &ouResults);
ouEntry = ldap_first_entry(ldap,ouResults);
if (ouEntry){
printf("\033[33;m\nFound OU %s ... \033[00m\n", userVals[i]);
printf("\033[33;m\nSearching GPO in ou=%s ... \033[00m\n", userVals[i]);
ouVals = (char **) ldap_get_values(ldap,ouEntry,"objectClass");
for ( j = 0 ; ouVals[j] != NULL ; j++ ){
// 4. Chercher l'objectClass groupPolicyDescriptor dans l'OU
if(strcmp(ouVals[j],"groupPolicyDescriptor") == 0){
// 4.1 Récuperer l'attribut "uri"
uriVals = (char **) ldap_get_values(ldap,ouEntry,"uri");
printf("\033[33;mGPO Found in ou=%s \033[00m\n", userVals[i]);
for ( k = 0 ; uriVals[k] != NULL ; k++) {
printf("\033[33;mURI Script: %s\033[00m\n", uriVals[k]);
}
}
}
} else { printf("\033[33;m\nNo OU found for user: %s \033[00m\n", user ) ;}
}
} else { printf("\033[33;m\nUser %s not found in LDAP Directory \033[00m\n", user); }
printf("\n\n----------------------------------\n");
printf("Cleaning memory\n");
printf("----------------------------------\n\n");
if(userVals) ldap_value_free(userVals);
if(ouVals) ldap_value_free(ouVals);
if(uriVals) ldap_value_free(uriVals);
if(ouEntry) ldap_msgfree(ouEntry);
if(userEntry) ldap_msgfree(userEntry);
ldap_unbind(ldap);
}
pam_end(pamh,pamretval);
return PAM_SUCCESS;
}else{
printf("User not logged in.\n");
return PAM_USER_UNKNOWN;
}
}
int
main( int argc, char *argv[] )
{
int rc;
char *user = NULL;
LDAP *ld = NULL;
struct berval bv = {0, NULL};
BerElement *ber = NULL;
int id, code = LDAP_OTHER;
LDAPMessage *res;
char *matcheddn = NULL, *text = NULL, **refs = NULL;
char *retoid = NULL;
struct berval *retdata = NULL;
prog = lutil_progname( "ldappasswd", argc, argv );
/* LDAPv3 only */
protocol = LDAP_VERSION3;
tool_args( argc, argv );
if( argc - optind > 1 ) {
usage();
} else if ( argc - optind == 1 ) {
user = strdup( argv[optind] );
} else {
user = NULL;
}
if( oldpwfile ) {
rc = lutil_get_filed_password( prog, &oldpw );
if( rc ) return EXIT_FAILURE;
}
if( want_oldpw && oldpw.bv_val == NULL ) {
/* prompt for old password */
char *ckoldpw;
oldpw.bv_val = strdup(getpassphrase("Old password: "******"Re-enter old password: "******"passwords do not match\n" );
return EXIT_FAILURE;
}
oldpw.bv_len = strlen( oldpw.bv_val );
}
if( newpwfile ) {
rc = lutil_get_filed_password( prog, &newpw );
if( rc ) return EXIT_FAILURE;
}
if( want_newpw && newpw.bv_val == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw.bv_val = strdup(getpassphrase("New password: "******"Re-enter new password: "******"passwords do not match\n" );
return EXIT_FAILURE;
}
newpw.bv_len = strlen( newpw.bv_val );
}
if( want_bindpw && passwd.bv_val == NULL ) {
/* handle bind password */
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"ber_alloc_t" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
ber_printf( ber, "{" /*}*/ );
if( user != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
free(user);
}
if( oldpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
free(oldpw.bv_val);
}
if( newpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
free(newpw.bv_val);
}
ber_printf( ber, /*{*/ "N}" );
rc = ber_flatten2( ber, &bv, 0 );
if( rc < 0 ) {
perror( "ber_flatten2" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
}
if ( not ) {
rc = LDAP_SUCCESS;
goto skip;
}
rc = ldap_extended_operation( ld,
LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL,
NULL, NULL, &id );
ber_free( ber, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_extended_operation" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
if ( rc < 0 ) {
ldap_perror( ld, "ldappasswd: ldap_result" );
return rc;
}
rc = ldap_parse_result( ld, res,
&code, &matcheddn, &text, &refs, NULL, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
return rc;
}
if( retdata != NULL ) {
ber_tag_t tag;
char *s;
ber = ber_init( retdata );
if( ber == NULL ) {
perror( "ber_init" );
ldap_unbind( ld );
return EXIT_FAILURE;
}
/* we should check the tag */
tag = ber_scanf( ber, "{a}", &s);
if( tag == LBER_ERROR ) {
perror( "ber_scanf" );
} else {
printf("New password: %s\n", s);
free( s );
}
ber_free( ber, 1 );
}
if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
printf( "Result: %s (%d)\n", ldap_err2string( code ), code );
if( text && *text ) {
printf( "Additional info: %s\n", text );
}
if( matcheddn && *matcheddn ) {
printf( "Matched DN: %s\n", matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf("Referral: %s\n", refs[i] );
}
}
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( (void **) refs );
ber_memfree( retoid );
ber_bvfree( retdata );
skip:
/* disconnect from server */
ldap_unbind (ld);
return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
status
ClientAdd(LDAP *ld, client_t client)
{
LDAPMod *attributes[10];
LDAPMod attribute1,attribute2,attribute3,attribute4,attribute5,attribute6,attribute7,attribute8,attribute9;
char aux_error[100];
char * objectclass_vals[] = { "top", "person", "organizationalPerson", "inetOrgPerson", NULL };
char * ou_value[] = {"clients",NULL};
char * cn_value[] = {client.user,NULL};
char * uid_value[] = {client.user,NULL};
char * mail_value[] = {client.mail,NULL};
char * pass_value[] = {client.passwd,NULL};
char * sn_value[] = {client.user,NULL};
char * desc_value[] = {client.desc,NULL};
/* convierto el level a string */
char aux_level[5];
sprintf(aux_level, "%d",(int)client.level);
char * level_value[] = {aux_level,NULL};
char *dn = GetClientDN(client.user);
/* objectclass */
attribute1.mod_op = LDAP_MOD_ADD;
attribute1.mod_type = "objectclass";
attribute1.mod_vals.modv_strvals = objectclass_vals;
attributes[0] = &attribute1;
/* ou */
attribute2.mod_op = LDAP_MOD_ADD;
attribute2.mod_type = "ou";
attribute2.mod_vals.modv_strvals = ou_value;
attributes[1] = &attribute2;
/* cn */
attribute3.mod_op = LDAP_MOD_ADD;
attribute3.mod_type = "cn";
attribute3.mod_vals.modv_strvals = cn_value;
attributes[2] = &attribute3;
/* uid */
attribute4.mod_op = LDAP_MOD_ADD;
attribute4.mod_type = "uid";
attribute4.mod_vals.modv_strvals = uid_value;
attributes[3] = &attribute4;
/* mail */
attribute5.mod_op = LDAP_MOD_ADD;
attribute5.mod_type = "mail";
attribute5.mod_vals.modv_strvals = mail_value;
attributes[4] = &attribute5;
/* userPassword */
attribute6.mod_op = LDAP_MOD_ADD;
attribute6.mod_type = "userPassword";
attribute6.mod_vals.modv_strvals = pass_value;
attributes[5] = &attribute6;
/* sn */
attribute7.mod_op = LDAP_MOD_ADD;
attribute7.mod_type = "sn";
attribute7.mod_vals.modv_strvals = sn_value;
attributes[6] = &attribute7;
/* description */
attribute8.mod_op = LDAP_MOD_ADD;
attribute8.mod_type = "description";
attribute8.mod_vals.modv_strvals = desc_value;
attributes[7] = &attribute8;
/* level */
attribute9.mod_op = LDAP_MOD_ADD;
attribute9.mod_type = "internationaliSDNNumber";
attribute9.mod_vals.modv_strvals = level_value;
attributes[8] = &attribute9;
/* Fin del arreglo */
attributes[9] = NULL;
if ( ldap_add_s(ld, dn, attributes) != LDAP_SUCCESS ) {
fprintf(stderr,"LDAP ERROR: No pudo agregarse el cliente con level %s\n",level_value[0]);
ldap_perror(ld, aux_error);
fprintf(stderr, "%s\n",aux_error);
return ERROR;
}
return OK;
}
int
GetUsersList(LDAP *ld,client_t ***list_ptr)
{
LDAPMessage *res, *e;
char *a;
BerElement *ptr;
char **vals;
client_t aux;
client_t **ret;
char filter[] = "(uid=*)";
if ( ldap_search_s(ld, CLIENT_PATH, LDAP_SCOPE_SUBTREE,filter, NULL, 0, &res)!= LDAP_SUCCESS ) {
ldap_perror(ld, "ldap_search_s");
exit(1);
}
int count=0;
for (e = ldap_first_entry(ld, res); e != NULL; e = ldap_next_entry(ld, e)) count++;
ret = malloc(sizeof(client_t*)*(count+1));
int pos=0;
for (e = ldap_first_entry(ld, res); e != NULL; e = ldap_next_entry(ld, e)) {
printf("%s\n",ldap_get_dn(ld,e));
/* objectClass */
a = ldap_first_attribute(ld, e, &ptr);
vals = ldap_get_values(ld, e, a);
printf("object:%s\n",vals[0]);
/* ou */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("ou:%s\n",vals[0]);
/* cn */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("cn:%s\n",vals[0]);
/* uid */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("uid:%s\n",vals[0]);
strcpy(aux.user,vals[0]);
ldap_value_free(vals);
/* mail */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("mail:%s\n",vals[0]);
strcpy(aux.mail,vals[0]);
ldap_value_free(vals);
/* userPass */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("pass:%s\n",vals[0]);
/* sn */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("sn:%s\n",vals[0]);
/* description */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("description%s\n",vals[0]);
strcpy(aux.desc,vals[0]);
ldap_value_free(vals);
/* level */
a = ldap_next_attribute(ld, e, ptr);
vals = ldap_get_values(ld, e, a);
printf("%s\n",vals[0]);
aux.level = atoi(vals[0]);
ldap_value_free(vals);
ret[pos] = malloc(sizeof(client_t));
*(ret[pos]) = aux;
pos++;
}
ret[pos] = NULL;
*list_ptr = ret;
ldap_msgfree(res);
return pos;
}
int
main( int argc, char **argv )
{
LDAP *ld;
LDAPMessage *result, *e;
BerElement *ber;
char *host, *a, *dn;
char **vals;
int i;
int rc;
int finished;
int msgid;
int num_entries = 0;
struct timeval zerotime;
if ( argc > 1 ) {
host = argv[1];
} else {
host = MY_HOST;
}
zerotime.tv_sec = zerotime.tv_usec = 0L;
if ( prldap_install_routines( NULL, 1 /* shared */ ) != LDAP_SUCCESS ) {
ldap_perror( NULL, "prldap_install_routines" );
return( 1 );
}
/* get a handle to an LDAP connection */
if ( (ld = ldap_init( host, MY_PORT )) == NULL ) {
perror( host );
return( 1 );
}
/* authenticate to the directory as nobody */
if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_simple_bind_s" );
return( 1 );
}
/* search for all entries with surname of Jensen */
if (( msgid = ldap_search( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE,
MY_FILTER, NULL, 0 )) < 0 ) {
ldap_perror( ld, "ldap_search" );
return( 1 );
}
/* Loop, polling for results until finished */
finished = 0;
while ( !finished ) {
/*
* Poll for results. We call ldap_result with the "all" argument
* set to LDAP_MSG_ONE. This causes ldap_result() to return exactly one
* entry if at least one entry is available. This allows us to
* display the entries as they are received.
*/
result = NULL;
rc = ldap_result( ld, msgid, LDAP_MSG_ONE, &zerotime, &result );
switch ( rc ) {
case -1:
/* some error occurred */
ldap_perror( ld, "ldap_result" );
return( 1 );
case 0:
/* Timeout was exceeded. No entries are ready for retrieval. */
if ( result != NULL ) {
ldap_msgfree( result );
}
break;
default:
/*
* Either an entry is ready for retrieval, or all entries have
* been retrieved.
*/
if (( e = ldap_first_entry( ld, result )) == NULL ) {
/* All done */
finished = 1;
if ( result != NULL ) {
ldap_msgfree( result );
}
continue;
}
/* for each entry print out name + all attrs and values */
num_entries++;
if (( dn = ldap_get_dn( ld, e )) != NULL ) {
printf( "dn: %s\n", dn );
ldap_memfree( dn );
}
for ( a = ldap_first_attribute( ld, e, &ber );
a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
if (( vals = ldap_get_values( ld, e, a )) != NULL ) {
for ( i = 0; vals[ i ] != NULL; i++ ) {
printf( "%s: %s\n", a, vals[ i ] );
}
ldap_value_free( vals );
}
ldap_memfree( a );
}
if ( ber != NULL ) {
ber_free( ber, 0 );
}
printf( "\n" );
ldap_msgfree( result );
}
/* Do other work here while you are waiting... */
do_other_work();
}
/* All done. Print a summary. */
printf( "%d entries retrieved. I counted to %ld "
"while I was waiting.\n", num_entries,
global_counter );
ldap_unbind( ld );
return( 0 );
}
int main (int argc, char const *argv[])
{
/* code */
char hostname[MAXHOSTNAMELEN], *attrs[2], **vals;
LDAP *ldap;
LDAPMessage *results = NULL, *entry = NULL;
int haveGpoDescriptor = 0;
int ret, version, i;
printf("----------------------------------\n");
printf("Getting host informations...\n");
printf("----------------------------------\n\n");
if(gethostname(hostname,MAXHOSTNAMELEN) == 0){
struct hostent * record = gethostbyname(hostname);
struct in_addr * address = ( struct in_addr *) record->h_addr;
printf("Hostname: %s\n", hostname);
printf("FQDN: %s\n", record->h_name);
printf("IP Address: %s\n", inet_ntoa(address->s_addr));
printf("\n\n----------------------------------\n");
printf("Connecting to %s\n",LDAP_SERVER);
printf("----------------------------------\n\n");
ldap = (LDAP*) ldap_open(LDAP_SERVER,LDAP_PORT);
if(!ldap){
printf("Unable to connect to the LDAP Server\n");
return 1;
}else{
version = LDAP_VERSION3;
ldap_set_option( ldap, LDAP_OPT_PROTOCOL_VERSION, &version );
printf("Connected to LDAP server: \033[32;mOk\033[00m.\n");
printf("\n\n----------------------------------\n");
printf("Binding...\n");
printf("----------------------------------\n\n");
/* Anonymous binding... Les machines n'ont pas de mot de passe*/
ret = ldap_simple_bind_s(ldap, NULL, NULL);
if (ret != LDAP_SUCCESS) {
printf("Binding \033[31;mFailed\033[00m\n\n");
char *error;
ldap_perror(ldap,error);
printf("%s",error);
return 1;
}
printf("Binding: \033[32;mOk\033[00m.\n");
printf("\n\n----------------------------------\n");
printf("Searching for workstation %s in %s\n",hostname, BASE_DN);
printf("----------------------------------\n\n");
char context[MAXHOSTNAMELEN + 5];
snprintf(context,MAXHOSTNAMELEN + 5, "(cn=%s)",hostname);
ret = ldap_search_s(
ldap,
BASE_DN,
LDAP_SCOPE_SUBTREE,
context,
NULL,
0,
&results);
if(ret != LDAP_SUCCESS){
printf("Unable to perform search\n");
char *error;
ldap_perror(ldap,error);
printf("%s",error);
}
entry = ldap_first_entry(ldap, results);
if (!entry) {
printf("\033[33;m%s workstation not found !\033[00m\n", hostname);
return 1;
}else{
printf("\033[33;m%s workstation found !\033[00m\n", hostname);
}
printf("\n\n----------------------------------\n");
printf("Getting OU container name of %s\n",context);
printf("----------------------------------\n\n");
vals = (char**) ldap_get_values(ldap,entry,"ou");
char *ou = NULL;
for(i=0;vals[i] != NULL;i++){
ou = vals[i];
printf("\033[33;mOU [%d] name of %s: %s\033[00m\n",i,context,vals[i]);
break;
}
printf("\n\n----------------------------------\n");
printf("Searching groupPolicyDescriptor into OU container name: %s of %s\n",ou,context);
printf("----------------------------------\n\n");
vals = (char**) ldap_get_values(ldap,entry,"objectClass");
for(i=0;vals[i] != NULL;i++){
if (strcmp(vals[i],"groupPolicyDescriptor") ) {
haveGpoDescriptor = 1;
printf("\033[33;mGPO Found !\033[00m\n");
char **uri = ldap_get_values(ldap,entry,"uri");
printf("\033[33;mScript path: %s !\033[00m\n",uri[0]);
// system("/bin/sh -c %s"); %s = uri[0]
break;
}
}
printf("\n\n----------------------------------\n");
printf("Cleaning memory\n");
printf("----------------------------------\n\n");
ldap_value_free(vals);
ldap_msgfree(entry);
ldap_unbind(ldap);
}
}else{
printf("Cannot get the hostname.\n");
}
return 0;
}
int
main( int argc, char **argv )
{
LDAP *ld;
LDAPMessage *result, *e;
BerElement *ber;
char *a, *dn;
char **vals;
int i;
/* Initialize the client */
if ( ldapssl_client_init( MY_CERTDB_PATH, NULL ) < 0 ) {
perror( "ldapssl_client_init" );
return( 1 );
}
/* set the max I/O timeout option to 10 seconds */
if ( prldap_set_session_option( NULL, NULL, PRLDAP_OPT_IO_MAX_TIMEOUT,
10000 /* 10 secs */ ) != LDAP_SUCCESS ) {
ldap_perror( NULL,
"prldap_set_session_option PRLDAP_OPT_IO_MAX_TIMEOUT" );
exit( 1 );
}
/* get a handle to an LDAP connection */
if ( (ld = ldapssl_init( MY_HOST, MY_SSL_PORT, 1 )) == NULL ) {
perror( "ldapssl_init" );
return( 1 );
}
/* use LDAPv3 */
i = LDAP_VERSION3;
if ( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &i ) < 0 ) {
ldap_perror( ld, "ldap_set_option LDAPv3" );
ldap_unbind( ld );
return( 1 );
}
/* search for all entries with surname of Jensen */
if ( ldap_search_s( ld, PEOPLE_BASE, LDAP_SCOPE_SUBTREE,
"(sn=jensen)", NULL, 0, &result ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_search_s" );
if ( result == NULL ) {
ldap_unbind( ld );
return( 1 );
}
}
/* for each entry print out name + all attrs and values */
for ( e = ldap_first_entry( ld, result ); e != NULL;
e = ldap_next_entry( ld, e ) ) {
if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
printf( "dn: %s\n", dn );
ldap_memfree( dn );
}
for ( a = ldap_first_attribute( ld, e, &ber );
a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
if ((vals = ldap_get_values( ld, e, a)) != NULL ) {
for ( i = 0; vals[i] != NULL; i++ ) {
printf( "%s: %s\n", a, vals[i] );
}
ldap_value_free( vals );
}
ldap_memfree( a );
}
if ( ber != NULL ) {
ber_free( ber, 0 );
}
printf( "\n" );
}
ldap_msgfree( result );
ldap_unbind( ld );
return( 0 );
}
int
main (int argc, char *argv[])
{
LDAP *ld;
LDAPMessage *result;
/* should be int result = STATE_UNKNOWN; */
int status = STATE_UNKNOWN;
long microsec;
double elapsed_time;
/* for ldap tls */
int tls;
int version=3;
/* for entry counting */
LDAPMessage *next_entry;
int status_entries = STATE_OK;
int num_entries = 0;
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
if (strstr(argv[0],"check_ldaps")) {
xasprintf (&progname, "check_ldaps");
}
/* Parse extra opts if any */
argv=np_extra_opts (&argc, argv, progname);
if (process_arguments (argc, argv) == ERROR)
usage4 (_("Could not parse arguments"));
if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect)
starttls = TRUE;
/* initialize alarm signal handling */
signal (SIGALRM, socket_timeout_alarm_handler);
/* set socket timeout */
alarm (timeout_interval);
/* get the start time */
gettimeofday (&tv, NULL);
/* initialize ldap */
if (ld_uri != NULL)
{
#ifdef HAVE_LDAP_INITIALIZE
int result = ldap_initialize(&ld, ld_uri);
if (result != LDAP_SUCCESS)
{
printf ("Failed to connect to LDAP server at %s: %s\n",
ld_uri, ldap_err2string(result));
return STATE_CRITICAL;
}
#else
printf ("Sorry, this version of %s was compiled without URI support!\n",
argv[0]);
return STATE_CRITICAL;
#endif
}
#ifdef HAVE_LDAP_INIT
else if (!(ld = ldap_init (ld_host, ld_port))) {
printf ("Could not connect to the server at port %i\n", ld_port);
return STATE_CRITICAL;
}
#else
else if (!(ld = ldap_open (ld_host, ld_port))) {
if (verbose)
ldap_perror(ld, "ldap_open");
printf (_("Could not connect to the server at port %i\n"), ld_port);
return STATE_CRITICAL;
}
#endif /* HAVE_LDAP_INIT */
#ifdef HAVE_LDAP_SET_OPTION
/* set ldap options */
if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=
LDAP_OPT_SUCCESS ) {
printf(_("Could not set protocol version %d\n"), ld_protocol);
return STATE_CRITICAL;
}
#endif
if (ld_port == LDAPS_PORT || ssl_on_connect) {
xasprintf (&SERVICE, "LDAPS");
#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
/* ldaps: set option tls */
tls = LDAP_OPT_X_TLS_HARD;
if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
{
if (verbose)
ldap_perror(ld, "ldaps_option");
printf (_("Could not init TLS at port %i!\n"), ld_port);
return STATE_CRITICAL;
}
#else
printf (_("TLS not supported by the libraries!\n"));
return STATE_CRITICAL;
#endif /* LDAP_OPT_X_TLS */
} else if (starttls) {
xasprintf (&SERVICE, "LDAP-TLS");
#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
/* ldap with startTLS: set option version */
if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
{
if (version < LDAP_VERSION3)
{
version = LDAP_VERSION3;
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
}
}
/* call start_tls */
if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
{
if (verbose)
ldap_perror(ld, "ldap_start_tls");
printf (_("Could not init startTLS at port %i!\n"), ld_port);
return STATE_CRITICAL;
}
#else
printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
return STATE_CRITICAL;
#endif /* HAVE_LDAP_START_TLS_S */
}
/* bind to the ldap server */
if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
LDAP_SUCCESS) {
if (verbose)
ldap_perror(ld, "ldap_bind");
printf (_("Could not bind to the LDAP server\n"));
return STATE_CRITICAL;
}
/* do a search of all objectclasses in the base dn */
if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
!= LDAP_SUCCESS) {
if (verbose)
ldap_perror(ld, "ldap_search");
printf (_("Could not search/find objectclasses in %s\n"), ld_base);
return STATE_CRITICAL;
} else if (crit_entries!=NULL || warn_entries!=NULL) {
num_entries = ldap_count_entries(ld, result);
}
/* unbind from the ldap server */
ldap_unbind (ld);
/* reset the alarm handler */
alarm (0);
/* calcutate the elapsed time and compare to thresholds */
microsec = deltime (tv);
elapsed_time = (double)microsec / 1.0e6;
if (crit_time!=UNDEFINED && elapsed_time>crit_time)
status = STATE_CRITICAL;
else if (warn_time!=UNDEFINED && elapsed_time>warn_time)
status = STATE_WARNING;
else
status = STATE_OK;
if(entries_thresholds != NULL) {
if (verbose) {
printf ("entries found: %d\n", num_entries);
print_thresholds("entry threasholds", entries_thresholds);
}
status_entries = get_status(num_entries, entries_thresholds);
if (status_entries == STATE_CRITICAL) {
status = STATE_CRITICAL;
} else if (status != STATE_CRITICAL) {
status = status_entries;
}
}
/* print out the result */
if (crit_entries!=NULL || warn_entries!=NULL) {
printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
state_text (status),
num_entries,
elapsed_time,
fperfdata ("time", elapsed_time, "s",
(int)warn_time, warn_time,
(int)crit_time, crit_time,
TRUE, 0, FALSE, 0),
sperfdata ("entries", (double)num_entries, "",
warn_entries,
crit_entries,
TRUE, 0.0, FALSE, 0.0));
} else {
printf (_("LDAP %s - %.3f seconds response time|%s\n"),
state_text (status),
elapsed_time,
fperfdata ("time", elapsed_time, "s",
(int)warn_time, warn_time,
(int)crit_time, crit_time,
TRUE, 0, FALSE, 0));
}
return status;
}
int
main( int argc, char **argv )
{
LDAP *ld;
LDAPMessage *result, *e;
char **vals, *attrs[ 5 ];
int i;
/* get a handle to an LDAP connection */
if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
perror( "ldap_init" );
return( 1 );
}
attrs[ 0 ] = "cn"; /* Get canonical name(s) (full name) */
attrs[ 1 ] = "sn"; /* Get surname(s) (last name) */
attrs[ 2 ] = "mail"; /* Get email address(es) */
attrs[ 3 ] = "telephonenumber"; /* Get telephone number(s) */
attrs[ 4 ] = NULL;
if ( ldap_search_s( ld, ENTRYDN, LDAP_SCOPE_BASE,
"(objectclass=*)", attrs, 0, &result ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_search_s" );
return( 1 );
}
/* print it out */
if (( e = ldap_first_entry( ld, result )) != NULL ) {
if (( vals = ldap_get_values( ld, e, "cn" )) != NULL ) {
printf( "Full name:\n" );
for ( i = 0; vals[i] != NULL; i++ ) {
printf( "\t%s\n", vals[i] );
}
ldap_value_free( vals );
}
if (( vals = ldap_get_values( ld, e, "sn" )) != NULL ) {
printf( "Last name (surname):\n" );
for ( i = 0; vals[i] != NULL; i++ ) {
printf( "\t%s\n", vals[i] );
}
ldap_value_free( vals );
}
if (( vals = ldap_get_values( ld, e, "mail" )) != NULL ) {
printf( "Email address:\n" );
for ( i = 0; vals[i] != NULL; i++ ) {
printf( "\t%s\n", vals[i] );
}
ldap_value_free( vals );
}
if (( vals = ldap_get_values( ld, e, "telephonenumber" )) != NULL ) {
printf( "Telephone number:\n" );
for ( i = 0; vals[i] != NULL; i++ ) {
printf( "\t%s\n", vals[i] );
}
ldap_value_free( vals );
}
}
ldap_msgfree( result );
ldap_unbind( ld );
return( 0 );
}
int main( int argc, char *argv[] ) {
LDAP *ld;
int result;
int auth_method = LDAP_AUTH_SIMPLE;
int desired_version = LDAP_VERSION3;
char *ldap_host = "localhost";
char *root_dn = "cn=Manager, dc=example, dc=com";
char *root_pw = "secret";
BerElement* ber;
LDAPMessage* msg;
LDAPMessage* entry;
char* base="ou=developers,dc=example,dc=com";
char* filter="(objectClass=*)";
char* errstring;
char* dn = NULL;
char* attr;
char** vals;
int i;
if ((ld = ldap_init(ldap_host, LDAP_PORT)) == NULL ) {
perror( "ldap_init failed" );
exit( EXIT_FAILURE );
}
/* set the LDAP version to be 3 */
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS)
{
ldap_perror(ld, "ldap_set_option");
exit(EXIT_FAILURE);
}
if (ldap_bind_s(ld, root_dn, root_pw, auth_method) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
exit( EXIT_FAILURE );
}
if (ldap_search_s(ld, base, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &msg) != LDAP_SUCCESS) {
ldap_perror( ld, "ldap_search_s" );
exit(EXIT_FAILURE);
}
printf("The number of entries returned was %d\n\n", ldap_count_entries(ld, msg));
/* Iterate through the returned entries */
for(entry = ldap_first_entry(ld, msg); entry != NULL; entry = ldap_next_entry(ld, entry)) {
if((dn = ldap_get_dn(ld, entry)) != NULL) {
printf("Returned dn: %s\n", dn);
ldap_memfree(dn);
}
for( attr = ldap_first_attribute(ld, entry, &ber);
attr != NULL;
attr = ldap_next_attribute(ld, entry, ber)) {
if ((vals = ldap_get_values(ld, entry, attr)) != NULL) {
for(i = 0; vals[i] != NULL; i++) {
printf("%s: %s\n", attr, vals[i]);
}
ldap_value_free(vals);
}
ldap_memfree(attr);
}
if (ber != NULL) {
ber_free(ber,0);
}
printf("\n");
}
/* clean up */
ldap_msgfree(msg);
result = ldap_unbind_s(ld);
if (result != 0) {
fprintf(stderr, "ldap_unbind_s: %s\n", ldap_err2string(result));
exit( EXIT_FAILURE );
}
return EXIT_SUCCESS;
}
int
main( int argc, char **argv )
{
LDAP *ld = NULL;
int i, c, port, errflg, method, id, msgtype;
char line[256], command1, command2, command3;
char passwd[64], dn[256], rdn[64], attr[64], value[256];
char filter[256], *host, **types;
char **exdn;
static const char usage[] =
"usage: %s [-u] [-h host] [-d level] [-s dnsuffix] [-p port] [-t file] [-T file]\n";
int bound, all, scope, attrsonly;
LDAPMessage *res;
LDAPMod **mods, **attrs;
struct timeval timeout;
char *copyfname = NULL;
int copyoptions = 0;
LDAPURLDesc *ludp;
host = NULL;
port = LDAP_PORT;
dnsuffix = "";
errflg = 0;
while (( c = getopt( argc, argv, "h:d:s:p:t:T:" )) != -1 ) {
switch( c ) {
case 'd':
#ifdef LDAP_DEBUG
ldap_debug = atoi( optarg );
#ifdef LBER_DEBUG
if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
}
#endif
#else
printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
break;
case 'h':
host = optarg;
break;
case 's':
dnsuffix = optarg;
break;
case 'p':
port = atoi( optarg );
break;
case 't': /* copy ber's to given file */
copyfname = strdup( optarg );
/* copyoptions = LBER_TO_FILE; */
break;
case 'T': /* only output ber's to given file */
copyfname = strdup( optarg );
/* copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY); */
break;
default:
++errflg;
}
}
if ( host == NULL && optind == argc - 1 ) {
host = argv[ optind ];
++optind;
}
if ( errflg || optind < argc - 1 ) {
fprintf( stderr, usage, argv[ 0 ] );
exit( EXIT_FAILURE );
}
printf( "ldap_init( %s, %d )\n",
host == NULL ? "(null)" : host, port );
ld = ldap_init( host, port );
if ( ld == NULL ) {
perror( "ldap_init" );
exit( EXIT_FAILURE );
}
if ( copyfname != NULL ) {
if ( ( ld->ld_sb->sb_fd = open( copyfname, O_WRONLY|O_CREAT|O_EXCL,
0600 )) == -1 ) {
perror( copyfname );
exit ( EXIT_FAILURE );
}
ld->ld_sb->sb_options = copyoptions;
}
bound = 0;
timeout.tv_sec = 0;
timeout.tv_usec = 0;
(void) memset( line, '\0', sizeof(line) );
while ( get_line( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) {
command1 = line[0];
command2 = line[1];
command3 = line[2];
switch ( command1 ) {
case 'a': /* add or abandon */
switch ( command2 ) {
case 'd': /* add */
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
if ( (attrs = get_modlist( NULL, "attr? ",
"value? " )) == NULL )
break;
if ( (id = ldap_add( ld, dn, attrs )) == -1 )
ldap_perror( ld, "ldap_add" );
else
printf( "Add initiated with id %d\n",
id );
break;
case 'b': /* abandon */
get_line( line, sizeof(line), stdin, "msgid? " );
id = atoi( line );
if ( ldap_abandon( ld, id ) != 0 )
ldap_perror( ld, "ldap_abandon" );
else
printf( "Abandon successful\n" );
break;
default:
printf( "Possibilities: [ad]d, [ab]ort\n" );
}
break;
case 'b': /* asynch bind */
method = LDAP_AUTH_SIMPLE;
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' )
get_line( passwd, sizeof(passwd), stdin,
"password? " );
else
passwd[0] = '\0';
if ( ldap_bind( ld, dn, passwd, method ) == -1 ) {
fprintf( stderr, "ldap_bind failed\n" );
ldap_perror( ld, "ldap_bind" );
} else {
printf( "Bind initiated\n" );
bound = 1;
}
break;
case 'B': /* synch bind */
method = LDAP_AUTH_SIMPLE;
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
if ( dn[0] != '\0' )
get_line( passwd, sizeof(passwd), stdin,
"password? " );
else
passwd[0] = '\0';
if ( ldap_bind_s( ld, dn, passwd, method ) !=
LDAP_SUCCESS ) {
fprintf( stderr, "ldap_bind_s failed\n" );
ldap_perror( ld, "ldap_bind_s" );
} else {
printf( "Bind successful\n" );
bound = 1;
}
break;
case 'c': /* compare */
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
get_line( attr, sizeof(attr), stdin, "attr? " );
get_line( value, sizeof(value), stdin, "value? " );
if ( (id = ldap_compare( ld, dn, attr, value )) == -1 )
ldap_perror( ld, "ldap_compare" );
else
printf( "Compare initiated with id %d\n", id );
break;
case 'd': /* turn on debugging */
#ifdef LDAP_DEBUG
get_line( line, sizeof(line), stdin, "debug level? " );
ldap_debug = atoi( line );
#ifdef LBER_DEBUG
if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
}
#endif
#else
printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
break;
case 'E': /* explode a dn */
get_line( line, sizeof(line), stdin, "dn? " );
exdn = ldap_explode_dn( line, 0 );
for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) {
printf( "\t%s\n", exdn[i] );
}
break;
case 'g': /* set next msgid */
get_line( line, sizeof(line), stdin, "msgid? " );
ld->ld_msgid = atoi( line );
break;
case 'v': /* set version number */
get_line( line, sizeof(line), stdin, "version? " );
ld->ld_version = atoi( line );
break;
case 'm': /* modify or modifyrdn */
if ( strncmp( line, "modify", 4 ) == 0 ) {
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
if ( (mods = get_modlist(
"mod (0=>add, 1=>delete, 2=>replace -1=>done)? ",
"attribute type? ", "attribute value? " ))
== NULL )
break;
if ( (id = ldap_modify( ld, dn, mods )) == -1 )
ldap_perror( ld, "ldap_modify" );
else
printf( "Modify initiated with id %d\n",
id );
} else if ( strncmp( line, "modrdn", 4 ) == 0 ) {
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
get_line( rdn, sizeof(rdn), stdin, "newrdn? " );
if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 )
ldap_perror( ld, "ldap_modrdn" );
else
printf( "Modrdn initiated with id %d\n",
id );
} else {
printf( "Possibilities: [modi]fy, [modr]dn\n" );
}
break;
case 'q': /* quit */
ldap_unbind( ld );
exit( EXIT_SUCCESS );
break;
case 'r': /* result or remove */
switch ( command3 ) {
case 's': /* result */
get_line( line, sizeof(line), stdin,
"msgid (-1=>any)? " );
if ( line[0] == '\0' )
id = -1;
else
id = atoi( line );
get_line( line, sizeof(line), stdin,
"all (0=>any, 1=>all)? " );
if ( line[0] == '\0' )
all = 1;
else
all = atoi( line );
if (( msgtype = ldap_result( ld, id, all,
&timeout, &res )) < 1 ) {
ldap_perror( ld, "ldap_result" );
break;
}
printf( "\nresult: msgtype %d msgid %d\n",
msgtype, res->lm_msgid );
handle_result( ld, res );
res = NULL;
break;
case 'm': /* remove */
get_line( dn, sizeof(dn), stdin, "dn? " );
strcat( dn, dnsuffix );
if ( (id = ldap_delete( ld, dn )) == -1 )
ldap_perror( ld, "ldap_delete" );
else
printf( "Remove initiated with id %d\n",
id );
break;
default:
printf( "Possibilities: [rem]ove, [res]ult\n" );
break;
}
break;
case 's': /* search */
get_line( dn, sizeof(dn), stdin, "searchbase? " );
strcat( dn, dnsuffix );
get_line( line, sizeof(line), stdin,
"scope (0=baseObject, 1=oneLevel, 2=subtree, 3=children)? " );
scope = atoi( line );
get_line( filter, sizeof(filter), stdin,
"search filter (e.g. sn=jones)? " );
types = get_list( "attrs to return? " );
get_line( line, sizeof(line), stdin,
"attrsonly (0=attrs&values, 1=attrs only)? " );
attrsonly = atoi( line );
if (( id = ldap_search( ld, dn, scope, filter,
types, attrsonly )) == -1 ) {
ldap_perror( ld, "ldap_search" );
} else {
printf( "Search initiated with id %d\n", id );
}
free_list( types );
break;
case 't': /* set timeout value */
get_line( line, sizeof(line), stdin, "timeout? " );
timeout.tv_sec = atoi( line );
break;
case 'p': /* parse LDAP URL */
get_line( line, sizeof(line), stdin, "LDAP URL? " );
if (( i = ldap_url_parse( line, &ludp )) != 0 ) {
fprintf( stderr, "ldap_url_parse: error %d\n", i );
} else {
printf( "\t host: " );
if ( ludp->lud_host == NULL ) {
printf( "DEFAULT\n" );
} else {
printf( "<%s>\n", ludp->lud_host );
}
printf( "\t port: " );
if ( ludp->lud_port == 0 ) {
printf( "DEFAULT\n" );
} else {
printf( "%d\n", ludp->lud_port );
}
printf( "\t dn: <%s>\n", ludp->lud_dn );
printf( "\t attrs:" );
if ( ludp->lud_attrs == NULL ) {
printf( " ALL" );
} else {
for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) {
printf( " <%s>", ludp->lud_attrs[ i ] );
}
}
printf( "\n\t scope: %s\n",
ludp->lud_scope == LDAP_SCOPE_BASE ? "baseObject"
: ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "oneLevel"
: ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "subtree"
#ifdef LDAP_SCOPE_SUBORDINATE
: ludp->lud_scope == LDAP_SCOPE_SUBORDINATE ? "children"
#endif
: "**invalid**" );
printf( "\tfilter: <%s>\n", ludp->lud_filter );
ldap_free_urldesc( ludp );
}
break;
case 'n': /* set dn suffix, for convenience */
get_line( line, sizeof(line), stdin, "DN suffix? " );
strcpy( dnsuffix, line );
break;
case 'o': /* set ldap options */
get_line( line, sizeof(line), stdin, "alias deref (0=never, 1=searching, 2=finding, 3=always)?" );
ld->ld_deref = atoi( line );
get_line( line, sizeof(line), stdin, "timelimit?" );
ld->ld_timelimit = atoi( line );
get_line( line, sizeof(line), stdin, "sizelimit?" );
ld->ld_sizelimit = atoi( line );
LDAP_BOOL_ZERO(&ld->ld_options);
get_line( line, sizeof(line), stdin,
"Recognize and chase referrals (0=no, 1=yes)?" );
if ( atoi( line ) != 0 ) {
LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_REFERRALS);
get_line( line, sizeof(line), stdin,
"Prompt for bind credentials when chasing referrals (0=no, 1=yes)?" );
if ( atoi( line ) != 0 ) {
ldap_set_rebind_proc( ld, bind_prompt, NULL );
}
}
break;
case '?': /* help */
printf(
"Commands: [ad]d [ab]andon [b]ind\n"
" [B]ind async [c]ompare\n"
" [modi]fy [modr]dn [rem]ove\n"
" [res]ult [s]earch [q]uit/unbind\n\n"
" [d]ebug set ms[g]id\n"
" d[n]suffix [t]imeout [v]ersion\n"
" [?]help [o]ptions"
" [E]xplode dn [p]arse LDAP URL\n" );
break;
default:
printf( "Invalid command. Type ? for help.\n" );
break;
}
(void) memset( line, '\0', sizeof(line) );
}
return( 0 );
}
