int _LDAP_initialization(LDAP **ld, PyObject *url, int tls_option) { int rc; int portnum; char *hoststr = NULL; const int version = LDAP_VERSION3; const int tls_settings = SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_SERVERNAME_CHECK; PyObject *scheme = PyObject_GetAttrString(url, "scheme"); PyObject *host = PyObject_GetAttrString(url, "host"); PyObject *port = PyObject_GetAttrString(url, "port"); if (scheme == NULL || host == NULL || port == NULL) return -1; hoststr = PyObject2char(host); portnum = PyLong_AsLong(port); Py_DECREF(host); Py_DECREF(port); if (hoststr == NULL) return -1; if (PyUnicode_CompareWithASCIIString(scheme, "ldaps") == 0) { *ld = ldap_sslinit(hoststr, portnum, 1); } else { *ld = ldap_init(hoststr, portnum); } Py_DECREF(scheme); if (ld == NULL) return -1; ldap_set_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &version); switch (tls_option) { case -1: /* Cert policy is not set, nothing to do.*/ break; case 2: case 4: /* Cert policy is demand or try, then standard procedure. */ break; case 0: case 3: /* Cert policy is never or allow, then set TLS settings. */ ldap_set_option(*ld, 0x43, &tls_settings); ldap_set_option(*ld, LDAP_OPT_SERVER_CERTIFICATE, &noverify); break; } rc = ldap_connect(*ld, NULL); return rc; }
/* * \brief Load the cokebank database */ int Bank_Initialise(const char *Argument) { #if USE_LDAP int rv; #endif // Open Cokebank gBank_File = fopen(Argument, "rb+"); if( !gBank_File ) gBank_File = fopen(Argument, "wb+"); if( !gBank_File ) { perror("Opening coke bank"); return -1; } Bank_int_ReadDatabase(); // Open log file // TODO: Do I need this? gBank_LogFile = fopen("cokebank.log", "a"); if( !gBank_LogFile ) gBank_LogFile = stdout; #if USE_LDAP // Connect to LDAP rv = ldap_create(&gpLDAP); if(rv) { fprintf(stderr, "ldap_create: %s\n", ldap_err2string(rv)); return 1; } rv = ldap_initialize(&gpLDAP, gsLDAPPath); if(rv) { fprintf(stderr, "ldap_initialize: %s\n", ldap_err2string(rv)); return 1; } { int ver = LDAP_VERSION3; ldap_set_option(gpLDAP, LDAP_OPT_PROTOCOL_VERSION, &ver); } # if 0 rv = ldap_start_tls_s(gpLDAP, NULL, NULL); if(rv) { fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); return 1; } # endif { struct berval cred; struct berval *servcred; cred.bv_val = "secret"; cred.bv_len = 6; rv = ldap_sasl_bind_s(gpLDAP, "cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au", "", &cred, NULL, NULL, &servcred); if(rv) { fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); return 1; } } #endif return 0; }
DWORD VmDirSASLGSSAPIBind( LDAP** ppLd, PCSTR pszURI ) { DWORD dwError = 0; int retVal = 0; LDAP* pLd = NULL; const int ldapVer = LDAP_VERSION3; if ( ppLd == NULL || pszURI == NULL ) { dwError = VMDIR_ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } retVal = ldap_initialize( &pLd, pszURI); BAIL_ON_SIMPLE_LDAP_ERROR(retVal); retVal = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer); BAIL_ON_SIMPLE_LDAP_ERROR(retVal); retVal = ldap_sasl_interactive_bind_s( pLd, NULL, "GSSAPI", NULL, NULL, LDAP_SASL_QUIET, _VmDirSASLGSSAPIInteraction, NULL); BAIL_ON_SIMPLE_LDAP_ERROR(retVal); *ppLd = pLd; cleanup: return dwError; ldaperror: VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%d)(%s)", retVal, ldap_err2string(retVal) ); dwError = VmDirMapLdapError(retVal); error: if (retVal == 0) { VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%u)", dwError); } if ( pLd ) { ldap_unbind_ext_s( pLd, NULL, NULL); } goto cleanup; }
int main( int argc, char **argv ) { int version; LDAP *ld; char *target; int rc; struct berval userid; struct berval oldpasswd; struct berval newpasswd; struct berval genpasswd; /* Use LDAPv3. */ version = LDAP_VERSION3; if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version ) != 0 ) { fprintf( stderr, "ldap_set_option protocol version to %d failed\n", version ); return ( 1 ); } /* Get a handle to an LDAP connection. */ if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) { perror( "ldap_init" ); return( 1 ); } /* Authenticate to the directory. */ if ( ldap_simple_bind_s( ld, ENTRYDN, ENTRYPW ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); return( 1 ); } /* Change the password using the extended operation. */ userid.bv_val = ENTRYDN; userid.bv_len = strlen(userid.bv_val); oldpasswd.bv_val = ENTRYPW; oldpasswd.bv_len = strlen(oldpasswd.bv_val); newpasswd.bv_val = "ChangeMe!"; newpasswd.bv_len = strlen(newpasswd.bv_val); rc = ldap_passwd_s( ld, &userid, &oldpasswd, &newpasswd, &genpasswd, NULL, NULL ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_passwd_s: %s\n", ldap_err2string( rc ) ); ldap_unbind( ld ); return( 1 ); } else { printf( "Successfully changed password for %s\n", userid.bv_val ); } ldap_unbind( ld ); return( 0 ); }
static void _mu_ldap_unbind (LDAP *ld) { if (ld) { ldap_set_option (ld, LDAP_OPT_SERVER_CONTROLS, NULL); ldap_unbind_ext (ld, NULL, NULL); } }
/** @brief Connect to a LDAP server. * @param uri Server to connect too. * @param starttls Starttls flags to disallow,allow or enforce SSL. * @param timelimit Query timelimit. * @param limit Results limit. * @param debug Set LDAP_OPT_DEBUG_LEVEL and LBER_OPT_DEBUG_LEVEL to this level. * @param err Pointer to a int that will contain the ldap error on failure. * @returns Reference to LDAP connection if its NULL the error is returned in err.*/ extern struct ldap_conn *ldap_connect(const char *uri, enum ldap_starttls starttls, int timelimit, int limit, int debug, int *err) { struct ldap_conn *ld; int version = 3; int res, sslres; struct timeval timeout; if (!(ld = objalloc(sizeof(*ld), free_ldapconn))) { return NULL; } ld->uri = strdup(uri); ld->sctrlsp = NULL; ld->timelim = timelimit; ld->limit = limit; ld->sasl = NULL; if ((res = ldap_initialize(&ld->ldap, ld->uri) != LDAP_SUCCESS)) { objunref(ld); ld = NULL; } else { if (debug) { ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &debug); ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &debug); } if (timelimit) { timeout.tv_sec = timelimit; timeout.tv_usec = 0; ldap_set_option(ld->ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *)&timeout); } ldap_set_option(ld->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); ldap_set_option(ld->ldap, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_ON); ldap_set_rebind_proc(ld->ldap, ldap_rebind_proc, ld); if ((starttls != LDAP_STARTTLS_NONE) & !ldap_tls_inplace(ld->ldap) && (sslres = ldap_start_tls_s(ld->ldap, ld->sctrlsp, NULL))) { if (starttls == LDAP_STARTTLS_ENFORCE) { objunref(ld); ld = NULL; res = sslres; } } } *err = res; return ld; }
int ldap_add_machine_account(const char *ldap_host, const char *hostname, const char *realm) { LDAP *ld; int ldap_port = LDAP_PORT; char *bind_path; int rc; LDAPMessage *res; void *sasl_defaults; int version = LDAP_VERSION3; bind_path = build_dn(realm); printf("Creating host account for %s@%s\n", hostname, realm); ld = ldap_open(ldap_host, ldap_port); ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); rc = ldap_sasl_interactive_bind_s(ld, NULL, NULL, NULL, NULL, 0, sasl_interact, NULL); if (rc != LDAP_SUCCESS) { ldap_perror(ld, "ldap_bind"); goto failed; } rc = find_host(ld, &res, bind_path, hostname); if (rc == LDAP_SUCCESS && ldap_count_entries(ld, res) == 1) { printf("Host account for %s already exists\n", hostname); goto finished; } rc = add_host(ld, bind_path, hostname, realm); if (rc != LDAP_SUCCESS) { ldap_perror(ld, "add_host"); goto failed; } rc = find_host(ld, &res, bind_path, hostname); if (rc != LDAP_SUCCESS || ldap_count_entries(ld, res) != 1) { ldap_perror(ld, "find_host test"); goto failed; } printf("Successfully added machine account for %s\n", hostname); finished: free(bind_path); return 0; failed: printf("ldap_add_machine_account failed\n"); free(bind_path); ldap_unbind(ld); return 1; }
static LDAP *ldap_init_and_bind (const char *host, #ifdef WIN32 gboolean use_ssl, #endif const char *user_dn, const char *password) { LDAP *ld; int res; int desired_version = LDAP_VERSION3; #ifndef WIN32 res = ldap_initialize (&ld, host); if (res != LDAP_SUCCESS) { ccnet_warning ("ldap_initialize failed: %s.\n", ldap_err2string(res)); return NULL; } #else char *host_copy = g_strdup (host); if (!use_ssl) ld = ldap_init (host_copy, LDAP_PORT); else ld = ldap_sslinit (host_copy, LDAP_SSL_PORT, 1); g_free (host_copy); if (!ld) { ccnet_warning ("ldap_init failed: %ul.\n", LdapGetLastError()); return NULL; } #endif /* set the LDAP version to be 3 */ res = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version); if (res != LDAP_OPT_SUCCESS) { ccnet_warning ("ldap_set_option failed: %s.\n", ldap_err2string(res)); return NULL; } if (user_dn) { #ifndef WIN32 res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE); #else char *dn_copy = g_strdup(user_dn); char *password_copy = g_strdup(password); res = ldap_bind_s (ld, dn_copy, password_copy, LDAP_AUTH_SIMPLE); g_free (dn_copy); g_free (password_copy); #endif if (res != LDAP_SUCCESS ) { ccnet_warning ("ldap_bind failed: %s.\n", ldap_err2string(res)); ldap_unbind_s (ld); return NULL; } } return ld; }
/* * Function: prldap_import_connection(). * * Given the LDAP handle the connection parameters for the * file descriptor are imported into NSPR layer. * * Returns an LDAP API code (LDAP_SUCCESS) if all goes well. */ int LDAP_CALL prldap_import_connection (LDAP *ld) { int rc = LDAP_SUCCESS; /* optimistic */ int shared = 1; /* Assume shared init */ LBER_SOCKET orig_socket = -1; PRLDAPIOSessionArg *prsessp = NULL; PRLDAPIOSocketArg *prsockp = NULL; PRFileDesc *pr_socket = NULL; /* Check for invalid ld handle */ if ( ld == NULL) { ldap_set_lderrno( ld, LDAP_PARAM_ERROR, NULL, NULL ); return( LDAP_PARAM_ERROR ); } /* Retrieve TCP socket's integer file descriptor */ if ( ldap_get_option( ld, LDAP_OPT_DESC, &orig_socket ) < 0 ) { return( ldap_get_lderrno( ld, NULL, NULL )); } /* Check for NSPR functions on ld */ if ( prldap_is_installed(ld)) { /* Error : NSPR already Installed */ ldap_set_lderrno( ld, LDAP_LOCAL_ERROR, NULL, NULL ); return( LDAP_LOCAL_ERROR ); } if (LDAP_SUCCESS != (rc = prldap_install_routines(ld, shared))) { return( rc ); } if (LDAP_SUCCESS != (rc = prldap_session_arg_from_ld( ld, &prsessp ))) { return( rc ); } /* Get NSPR Socket Arg */ if ( NULL == ( prsockp = prldap_socket_arg_alloc( prsessp ))) { ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL ); return( LDAP_NO_MEMORY ); } /* Import file descriptor of connection made via ldap_init() */ if (NULL == (pr_socket = PR_ImportTCPSocket(orig_socket)) ) { ldap_set_lderrno( ld, LDAP_LOCAL_ERROR, NULL, NULL ); return( LDAP_LOCAL_ERROR ); } prsockp->prsock_prfd = pr_socket; /* Set Socket Arg in Extended I/O Layer */ if ( ldap_set_option( ld, LDAP_X_OPT_SOCKETARG, prsockp) != 0 ) { return( ldap_get_lderrno( ld, NULL, NULL )); } return( rc ); }
static int ldap_set_option_wrapper(LDAP *ld, int option, const void *invalue) { #ifdef AUTH_LDAP_TEST_API return (ldap_set_option(ld, option, invalue)); #else return ((*ldap_set_option_p)(ld, option, invalue)); #endif }
static int _dico_conn_setup(struct _dico_ldap_handle *lp) { int rc; LDAP *ld = NULL; int protocol = LDAP_VERSION3; /* FIXME: must be configurable */ if (lp->debug) { if (ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &lp->debug) != LBER_OPT_SUCCESS ) dico_log(L_ERR, 0, _("cannot set LBER_OPT_DEBUG_LEVEL %d"), lp->debug); if (ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &lp->debug) != LDAP_OPT_SUCCESS ) dico_log(L_ERR, 0, _("could not set LDAP_OPT_DEBUG_LEVEL %d"), lp->debug); } rc = ldap_initialize(&ld, lp->url); if (rc != LDAP_SUCCESS) { dico_log(L_ERR, 0, _("cannot create LDAP session handle for URI=%s (%d): %s"), lp->url, rc, ldap_err2string(rc)); return 1; } if (lp->tls) { rc = ldap_start_tls_s(ld, NULL, NULL); if (rc != LDAP_SUCCESS) { dico_log(L_ERR, 0, _("ldap_start_tls failed: %s"), ldap_err2string(rc)); return 1; } } ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &protocol); /* FIXME: Timeouts, SASL, etc. */ lp->ldap = ld; return 0; }
static int set_char_option(LDAP *ld, int option, char *cv) { int rc; if ( (rc=ldap_set_option( NULL, option, cv )) != LDAP_SUCCESS ) { report_error(rc, "set char opt"); return (0); } return (1); }
static krb5_error_code LDAP__connect(krb5_context context, HDB * db) { int rc, version = LDAP_VERSION3; /* * Empty credentials to do a SASL bind with LDAP. Note that empty * different from NULL credentials. If you provide NULL * credentials instead of empty credentials you will get a SASL * bind in progress message. */ struct berval bv = { 0, "" }; if (HDB2LDAP(db)) { /* connection has been opened. ping server. */ struct sockaddr_un addr; socklen_t len = sizeof(addr); int sd; if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 && getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { /* the other end has died. reopen. */ LDAP_close(context, db); } } if (HDB2LDAP(db) != NULL) /* server is UP */ return 0; rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, "ldapi:///"); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_initialize: %s", ldap_err2string(rc)); return HDB_ERR_NOENTRY; } rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION, (const void *)&version); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv, NULL, NULL, NULL); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_sasl_bind_s: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } return 0; }
static void dict_ldap_set_tls_options(DICT_LDAP *dict_ldap) { char *myname = "dict_ldap_set_tls_options"; int rc; if (dict_ldap->start_tls || dict_ldap->ldap_ssl) { if (*dict_ldap->tls_random_file) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, dict_ldap->tls_random_file)) != LDAP_SUCCESS) msg_warn("%s: Unable to set tls_random_file to %s: %d: %s", myname, dict_ldap->tls_random_file, rc, ldap_err2string(rc)); } if (*dict_ldap->tls_ca_cert_file) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS) msg_warn("%s: Unable to set tls_ca_cert_file to %s: %d: %s", myname, dict_ldap->tls_ca_cert_file, rc, ldap_err2string(rc)); } if (*dict_ldap->tls_ca_cert_dir) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS) msg_warn("%s: Unable to set tls_ca_cert_dir to %s: %d: %s", myname, dict_ldap->tls_ca_cert_dir, rc, ldap_err2string(rc)); } if (*dict_ldap->tls_cert) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, dict_ldap->tls_cert)) != LDAP_SUCCESS) msg_warn("%s: Unable to set tls_cert to %s: %d: %s", myname, dict_ldap->tls_cert, rc, ldap_err2string(rc)); } if (*dict_ldap->tls_key) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, dict_ldap->tls_key)) != LDAP_SUCCESS) msg_warn("%s: Unable to set tls_key to %s: %d: %s", myname, dict_ldap->tls_key, rc, ldap_err2string(rc)); } if (*dict_ldap->tls_cipher_suite) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS) msg_warn("%s: Unable to set tls_cipher_suite to %s: %d: %s", myname, dict_ldap->tls_cipher_suite, rc, ldap_err2string(rc)); } if (dict_ldap->tls_require_cert) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS) msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s", myname, dict_ldap->tls_require_cert, rc, ldap_err2string(rc)); } } }
bool BindTheDemon(const char * username, const char * passwd) { static LDAP * ld = NULL; static int auth_method = LDAP_AUTH_SIMPLE; static int version = LDAP_VERSION3; static char uri[] = "ldaps://ldap.pheme.uwa.edu.au"; char dn[BUFSIZ]; // The "dn" is essentially the username plus a bunch of cruft that for some (presumably good) reason LDAP requires if (ld == NULL) { ldap_initialize(&ld, uri); // This is deprecated. if (ld == NULL) { fprintf(stderr, "ldap_init failed - %s\n", strerror(errno)); return false; } printf("ldap_init succeeded\n"); if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) // This is also deprecated. { fprintf(stderr, "ldap_set_option failed - %s\n", strerror(errno)); return false; } printf("ldap_set_option succeeded\n"); } char * user_type = "Students"; if (username[0] == '0') user_type = "Staff"; if (sprintf(dn, "cn=%s,ou=%s,ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au", username, user_type) >= BUFSIZ) { fprintf(stderr, "LDAP DN string too long!\n"); return false; } printf("ldap_bind_s ...\n"); //printf("dn = %s\npasswd = %s\n", dn, passwd); struct berval creds; creds.bv_val = (char*)passwd; if (ldap_simple_bind_s(ld, dn, passwd) != LDAP_SUCCESS) // Yep. Deprecated. //if (ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE , &creds, NULL, NULL, NULL) != LDAP_SUCCESS) // Doesn't work { fprintf(stderr,"ldap_bind_s failed - %s", strerror(errno)); return false; } return true; }
static int set_ldap_options(LD_session *session) { struct timeval timeout; int rc = 0; char logbuf[MAXLOGBUF]; timeout.tv_sec = ldap_network_timeout; timeout.tv_usec = FALSE; ldap_set_option(session->sess, LDAP_OPT_PROTOCOL_VERSION, &ldap_protocol_version); ldap_set_option(session->sess, LDAP_OPT_NETWORK_TIMEOUT, &timeout); /* Start TLS if we need it*/ if (ldap_authorization_tls) { if((rc = ldap_start_tls_s(session->sess, NULL,NULL))!=LDAP_SUCCESS) { snprintf(logbuf, MAXLOGBUF, "Ldap start TLS error: %s. ", ldap_err2string(rc)); ldap_log(LOG_WARNING, logbuf); } } }
int ldap_open_internal_connection( LDAP **ldp, ber_socket_t *fdp ) { int rc; LDAPConn *c; LDAPRequest *lr; rc = ldap_create( ldp ); if( rc != LDAP_SUCCESS ) { *ldp = NULL; return( rc ); } /* Make it appear that a search request, msgid 0, was sent */ lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest )); if( lr == NULL ) { ldap_unbind_ext( *ldp, NULL, NULL ); *ldp = NULL; return( LDAP_NO_MEMORY ); } memset(lr, 0, sizeof( LDAPRequest )); lr->lr_msgid = 0; lr->lr_status = LDAP_REQST_INPROGRESS; lr->lr_res_errno = LDAP_SUCCESS; /* no mutex lock needed, we just created this ld here */ (*ldp)->ld_requests = lr; /* Attach the passed socket as the *LDAP's connection */ c = ldap_new_connection( *ldp, NULL, 1, 0, NULL); if( c == NULL ) { ldap_unbind_ext( *ldp, NULL, NULL ); *ldp = NULL; return( LDAP_NO_MEMORY ); } ber_sockbuf_ctrl( c->lconn_sb, LBER_SB_OPT_SET_FD, fdp ); #ifdef LDAP_DEBUG ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_debug, LBER_SBIOD_LEVEL_PROVIDER, (void *)"int_" ); #endif ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_tcp, LBER_SBIOD_LEVEL_PROVIDER, NULL ); (*ldp)->ld_defconn = c; /* Add the connection to the *LDAP's select pool */ ldap_mark_select_read( *ldp, c->lconn_sb ); ldap_mark_select_write( *ldp, c->lconn_sb ); /* Make this connection an LDAP V3 protocol connection */ rc = LDAP_VERSION3; ldap_set_option( *ldp, LDAP_OPT_PROTOCOL_VERSION, &rc ); return( LDAP_SUCCESS ); }
void TlsOptions::newCtx() const { int val = 0; int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val); if ( ret != LDAP_OPT_SUCCESS ) { if ( ret != LDAP_OPT_ERROR ){ throw( LDAPException( ret )); } else { throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) ); } } }
void TlsOptions::setOption( tls_option opt, void *value ) const { int ret = ldap_set_option( m_ld, optmap[opt].optval, value); if ( ret != LDAP_OPT_SUCCESS ) { if ( ret != LDAP_OPT_ERROR ){ throw( LDAPException( ret )); } else { throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) ); } } this->newCtx(); }
static void set_cert_policy(LDAP *ld, int cert_policy) { const int tls_settings = SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_SERVERNAME_CHECK; DEBUG("set_cert_policy (ld:%p, cert_policy:%d)", ld, cert_policy); switch (cert_policy) { case -1: /* Cert policy is not set, nothing to do.*/ break; case 2: case 4: /* Cert policy is demand or try, then standard procedure. */ break; case 0: case 3: /* Cert policy is never or allow, then set TLS settings. */ ldap_set_option(ld, 0x43, &tls_settings); ldap_set_option(ld, LDAP_OPT_SERVER_CERTIFICATE, &noverify); break; } }
// }}} // {{{AuthLDAP bool AuthLDAP::setup() { LDAPURLDesc* urlDescription; LDAP* ldap; std::string url("dc=trapni,dc=de"); int rv = ldap_url_parse(url.c_str(), &urlDescription); if (rv != LDAP_SUCCESS) { return false; } int ldapVersion = LDAP_VERSION3; ldap_set_option(nullptr, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion); timeval timeout = { 10, 0 }; ldap_set_option(nullptr, LDAP_OPT_NETWORK_TIMEOUT, &timeout); int reqcert = LDAP_OPT_X_TLS_ALLOW; ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); rv = ldap_initialize(&ldap, url.c_str()); }
int _LDAP_initialization(LDAP **ld, PyObject *url, int tls_option) { int rc; char *addrstr; const int version = LDAP_VERSION3; PyObject *addr = PyObject_CallMethod(url, "get_address", NULL); if (addr == NULL) return -1; addrstr = PyObject2char(addr); Py_DECREF(addr); if (addrstr == NULL) return -1; rc = ldap_initialize(ld, addrstr); if (rc != LDAP_SUCCESS) return rc; ldap_set_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &version); if (tls_option != -1) { ldap_set_option(*ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_option); /* Set TLS option globally. */ ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_option); } return rc; }
int init_ldap(char * host, int port) { int status = ldap_initialize(&LDAP_handle,host); if(status != LDAP_SUCCESS) { LOG(PURGER_LOG_ERR,"Error: unable to create LDAP handle."); return -1; } int version = LDAP_VERSION3; ldap_set_option(LDAP_handle, LDAP_OPT_PROTOCOL_VERSION, (void*)&version); }
static int LDAP_no_size_limit(krb5_context context, LDAP *lp) { int ret, limit = LDAP_NO_LIMIT; ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit); if (ret != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(ret)); return HDB_ERR_BADVERSION; } return 0; }
/* connect to the database */ static int lldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[], struct ldb_module **_module) { struct ldb_module *module; struct lldb_private *lldb; int version = 3; int ret; module = ldb_module_new(ldb, ldb, "ldb_ldap backend", &lldb_ops); if (!module) return LDB_ERR_OPERATIONS_ERROR; lldb = talloc_zero(module, struct lldb_private); if (!lldb) { ldb_oom(ldb); goto failed; } ldb_module_set_private(module, lldb); ret = ldap_initialize(&lldb->ldap, url); if (ret != LDAP_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_initialize failed for URL '%s' - %s", url, ldap_err2string(ret)); goto failed; } talloc_set_destructor(lldb, lldb_destructor); ret = ldap_set_option(lldb->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); if (ret != LDAP_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_set_option failed - %s", ldap_err2string(ret)); goto failed; } *_module = module; ret = lldb_bind(module, options); if (ret != LDB_SUCCESS) { goto failed; } return LDB_SUCCESS; failed: talloc_free(module); return LDB_ERR_OPERATIONS_ERROR; }
/******************************************************************************* 函数名称 : dot1x_reauth_ldap_verify 功能描述 : LDAP_BIND_DN状态绑定验证用户DN 输入参数 : 输出参数 : 无 返 回 值 : 无 ------------------------------------------------------------ 最近一次修改记录 : 修改作者 : 王群 修改目的 : 新增函数 修改日期 : 2011年6月3日 *******************************************************************************/ s32 dot1x_reauth_ldap_verify(struct eapol_state_machine *sm) { s32 retcode = ERROR_SUCCESS; s8 filter[1024]; LDAPMessage *res = NULL; s32 sizelimit_value = 1; s32 version = 3; /*根据用户的dn和密码进行重认证*/ do{ sm->ldap_sm->ldap = ldap_open(g_dot1x_var.ldap_conf.ldap_host, g_dot1x_var.ldap_conf.ldap_port); if (NULL == sm->ldap_sm->ldap) { retcode = !LDAP_SUCCESS; break; } (void)ldap_set_option(sm->ldap_sm->ldap, LDAP_OPT_SIZELIMIT, &sizelimit_value); (void)ldap_set_option(sm->ldap_sm->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); /*绑定管理员*/ retcode = ldap_simple_bind_s(sm->ldap_sm->ldap, g_dot1x_var.ldap_conf.ldap_rootdn, g_dot1x_var.ldap_conf.ldap_rootpw); if (LDAP_SUCCESS != retcode) { break; } snprintf(filter, sizeof(filter), "(%s=%s)", g_dot1x_var.ldap_conf.ldap_filter, sm->identity); /*执行查询操作*/ retcode = ldap_search_s(sm->ldap_sm->ldap, g_dot1x_var.ldap_conf.ldap_basedn, LDAP_SCOPE_SUBTREE, filter, g_ldap_attrs, 0, &res); ldap_msgfree(res); if (LDAP_SUCCESS != retcode) { break; } }while(0); ldap_unbind(sm->ldap_sm->ldap); return retcode; }
/*% Connects / reconnects to LDAP server */ static isc_result_t dlz_ldap_connect (ldap_instance_t * dbi, dbinstance_t * dbc) { isc_result_t result; int ldap_result; /* if we have a connection, get ride of it. */ if (dbc->dbconn != NULL) { ldap_unbind_s ((LDAP *) dbc->dbconn); dbc->dbconn = NULL; } /* now connect / reconnect. */ /* initialize. */ dbc->dbconn = ldap_init (dbi->hosts, LDAP_PORT); if (dbc->dbconn == NULL) return (ISC_R_NOMEMORY); /* set protocol version. */ ldap_result = ldap_set_option ((LDAP *) dbc->dbconn, LDAP_OPT_PROTOCOL_VERSION, &(dbi->protocol)); if (ldap_result != LDAP_SUCCESS) { result = ISC_R_NOPERM; goto cleanup; } /* "bind" to server. i.e. send username / pass */ ldap_result = ldap_bind_s ((LDAP *) dbc->dbconn, dbi->user, dbi->cred, dbi->method); if (ldap_result != LDAP_SUCCESS) { result = ISC_R_FAILURE; goto cleanup; } return (ISC_R_SUCCESS); cleanup: /* cleanup if failure. */ if (dbc->dbconn != NULL) { ldap_unbind_s ((LDAP *) dbc->dbconn); dbc->dbconn = NULL; } return (result); }
static void _VmDirClientTestSimpleBind( PCSTR pszLDAPURI ) { DWORD dwError = 0; int ldap_version_3 = LDAP_VERSION3; LDAP * pLD = NULL; BerValue ldapBindPwd = {0}; printf("_VmDirClientTestSimpleBind ldap simple bind initialize %s\n", pszLDAPURI); dwError = ldap_initialize( &pLD, pszLDAPURI ); /* Set LDAP V3 protocol version */ ldap_set_option( pLD, LDAP_OPT_PROTOCOL_VERSION, &ldap_version_3 ); printf("_VmDirClientTestSimpleBind ldap simple ANONYMOUS bind started.\n"); dwError = ldap_sasl_bind_s( pLD, "", LDAP_SASL_SIMPLE, &ldapBindPwd, // no credentials NULL, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); printf("_VmDirClientTestSimpleBind ldap simple ANONYMOUS bind succeeded.\n"); cleanup: if (pLD) { dwError = ldap_unbind_ext_s( pLD, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); printf("_VmDirClientTestSimpleBind ldap unbind succeeded.\n\n\n"); } return; error: printf("_VmDirClientTestSimpleBind failed. (%d)(%s)\n\n", dwError, ldap_err2string(dwError)); goto cleanup; }
static krb5_error_code LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry) { krb5_error_code ret; LDAPMessage *msg, *e; char *dn = NULL; int rc, limit = LDAP_NO_LIMIT; ret = LDAP_principal2message(context, db, entry->principal, &msg); if (ret) goto out; e = ldap_first_entry(HDB2LDAP(db), msg); if (e == NULL) { ret = HDB_ERR_NOENTRY; goto out; } dn = ldap_get_dn(HDB2LDAP(db), e); if (dn == NULL) { ret = HDB_ERR_NOENTRY; goto out; } rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc)); ret = HDB_ERR_BADVERSION; goto out; } rc = ldap_delete_s(HDB2LDAP(db), dn); if (check_ldap(context, db, rc)) { krb5_set_error_string(context, "ldap_delete_s: %s", ldap_err2string(rc)); ret = HDB_ERR_CANT_LOCK_DB; } else ret = 0; out: if (dn != NULL) free(dn); if (msg != NULL) ldap_msgfree(msg); return ret; }
int ldap_do_init() { if(!nickserv_conf.ldap_enable) return false; /* TODO: check here for all required config options and exit() out if not present */ //ld = ldap_init(nickserv_conf.ldap_host, nickserv_conf.ldap_port); //if(ld == NULL) { if(ldap_initialize(&ld, nickserv_conf.ldap_uri)) { log_module(MAIN_LOG, LOG_ERROR, "LDAP initilization failed!\n"); exit(1); } ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &nickserv_conf.ldap_version); log_module(MAIN_LOG, LOG_INFO, "Success! ldap_init() was successfull in connecting to %s\n", nickserv_conf.ldap_uri); return true; }