/*
creates a new organizational unit
sets objectclass=organizationalUnit and name=ou name
Returns AD_SUCCESS on success
*/
int ad_ou_create(char *ou_name, char *dn) {
LDAP *ds;
LDAPMod *attrs[3];
LDAPMod attr1, attr2;
int result;
char *objectClass_values[]={"organizationalUnit", NULL};
char *name_values[2];
ds=ad_login();
if(!ds) return ad_error_code;
attr1.mod_op = LDAP_MOD_ADD;
attr1.mod_type = "objectClass";
attr1.mod_values = objectClass_values;
name_values[0]=ou_name;
name_values[1]=NULL;
attr2.mod_op = LDAP_MOD_ADD;
attr2.mod_type = "name";
attr2.mod_values = name_values;
attrs[0]=&attr1;
attrs[1]=&attr2;
attrs[2]=NULL;
result=ldap_add_s(ds, dn, attrs);
if(result!=LDAP_SUCCESS) {
snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_add: %s", ldap_err2string(result));
ad_error_code=AD_LDAP_OPERATION_FAILURE;
} else {
ad_error_code=AD_SUCCESS;
}
return ad_error_code;
}
/* ARGSUSED */
int _ns_ldap_add_s(char *service, int flags,
char *dn, LDAPMod **attrs)
{
LDAP *ld = __s_api_getLDAPconn(flags);
return (ldap_add_s(ld, dn, attrs));
}
/*
* Takes an array of mappings, similar to modify above, with the
* exception that the 'op' field is ignored and not used at all.
*/
static void
f_ldap_add(INT32 args)
{
struct pike_string *dn;
struct array *arr;
struct mapping *m;
struct svalue *val;
LDAPMod **mods;
int i, ret;
if (!THIS->bound)
Pike_error("OpenLDAP.Client: attempting operation on an unbound connection\n");
get_all_args("OpenLDAP.Client->add()", args, "%S%a", &dn, &arr);
mods = (LDAPMod**)calloc((arr->size + 1), sizeof(LDAPMod*));
if (!mods)
Pike_error("OpenLDAP.Client: OUT OF MEMORY!\n");
for (i = 0; i < arr->size; i++) {
mods[i] = (LDAPMod*)calloc(1, sizeof(LDAPMod));
if (!mods[i])
Pike_error("OpenLDAP.Client: OUT OF MEMORY!\n");
mods[i]->mod_op = LDAP_MOD_BVALUES;
if (arr->item[i].type != T_MAPPING)
Pike_error("OpenLDAP.Client->add(): array member is not a mapping.\n");
m = arr->item[i].u.mapping;
val = low_mapping_string_lookup(m, modify_type);
if (!val)
Pike_error("OpenLDAP.Client->add(): invalid modification mapping. "
"Missing the '%s' field\n", "type");
if (val->type != T_STRING || val->u.string->size_shift > 0)
Pike_error("OpenLDAP.Client->add(): invalid modification mapping. "
"The '%s' field is not an 8-bit string\n", "type");
mods[i]->mod_type = val->u.string->str;
val = low_mapping_string_lookup(m, modify_values);
if (!val)
Pike_error("OpenLDAP.Client->add(): invalid modification mapping. "
"Missing the '%s' field\n", "values");
if (val->type != T_ARRAY)
Pike_error("OpenLDAP.Client->add(): invalid modification mapping. "
"The '%s' field is not an array\n", "values");
mods[i]->mod_bvalues = make_berval_array(val);
}
ret = ldap_add_s(THIS->conn, dn->str, mods);
if (ret != LDAP_SUCCESS)
Pike_error("OpenLDAP.Client->add(): %s\n",
ldap_err2string(ret));
free_mods(mods);
pop_n_elems(args);
}
/*
creates an empty, locked user account with given username and dn
and attributes:
objectClass=user
sAMAccountName=username
userAccountControl=66050
(ACCOUNTDISABLE|NORMAL_ACCOUNT|DONT_EXPIRE_PASSWORD)
userprincipalname
returns AD_SUCCESS on success
*/
int ad_create_user(char *username, char *dn) {
LDAP *ds;
LDAPMod *attrs[5];
LDAPMod attr1, attr2, attr3, attr4;
int result;
char *objectClass_values[]={"user", NULL};
char *name_values[2];
char *accountControl_values[]={"66050", NULL};
char *upn, *domain;
char *upn_values[2];
ds=ad_login();
if(!ds) return ad_error_code;
attr1.mod_op = LDAP_MOD_ADD;
attr1.mod_type = "objectClass";
attr1.mod_values = objectClass_values;
name_values[0]=username;
name_values[1]=NULL;
attr2.mod_op = LDAP_MOD_ADD;
attr2.mod_type = "sAMAccountName";
attr2.mod_values = name_values;
attr3.mod_op = LDAP_MOD_ADD;
attr3.mod_type = "userAccountControl";
attr3.mod_values = accountControl_values;
domain=dn2domain(dn);
upn=malloc(strlen(username)+strlen(domain)+2);
sprintf(upn, "%s@%s", username, domain);
upn_values[0]=upn;
upn_values[1]=NULL;
attr4.mod_op = LDAP_MOD_ADD;
attr4.mod_type = "userPrincipalName";
attr4.mod_values = upn_values;
attrs[0]=&attr1;
attrs[1]=&attr2;
attrs[2]=&attr3;
attrs[3]=&attr4;
attrs[4]=NULL;
result=ldap_add_s(ds, dn, attrs);
if(result!=LDAP_SUCCESS) {
snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_add %s", ldap_err2string(result));
ad_error_code=AD_LDAP_OPERATION_FAILURE;
} else {
ad_error_code=AD_SUCCESS;
}
free(domain);
return ad_error_code;
}
/*
* Create an LDAP server container entry.
*/
static void rpc_ns__ldap_export_server(LDAP *ld,
char *dn,
rpc_if_handle_t if_spec,
unsigned32 *status
)
{
unsigned_char_p_t uuid = NULL;
rpc_if_id_t if_id;
LDAPMod *modV[4];
LDAPMod modRpcNsObjectID, modObjectClass;
char *valueRpcNsObjectID[2], *valueObjectClass[3];
rpc_if_inq_id(if_spec, &if_id, status);
if (*status != rpc_s_ok) {
return;
}
uuid_to_string(&if_id.uuid, &uuid, status);
if (*status != rpc_s_ok) {
return;
}
valueRpcNsObjectID[0] = uuid;
valueRpcNsObjectID[1] = NULL;
modRpcNsObjectID.mod_op = LDAP_MOD_ADD;
modRpcNsObjectID.mod_type = "rpcNsObjectID";
modRpcNsObjectID.mod_values = valueRpcNsObjectID;
valueObjectClass[0] = "rpcServer";
valueObjectClass[1] = "rpcEntry";
valueObjectClass[2] = "top";
modObjectClass.mod_op = LDAP_MOD_ADD;
modObjectClass.mod_type = "objectClass";
modObjectClass.mod_values = valueObjectClass;
modV[0] = &modRpcNsObjectID;
modV[1] = &modObjectClass;
modV[2] = NULL;
if (ldap_add_s(ld, dn, modV) != LDAP_SUCCESS) {
*status = rpc_s_update_failed;
} else {
*status = rpc_s_ok;
}
rpc_string_free(&uuid, status);
}
/* For running the ldap_info run queue. */
void
add_ldap_values (ldap_info * ldinfo)
{
int result;
char dnbuffer[1024];
if (ldapbase != NULL)
sprintf (dnbuffer, "%s,%s", ldinfo->dn, ldapbase);
else
sprintf (dnbuffer, "%s", ldinfo->dn);
result = ldap_add_s (conn, dnbuffer, ldinfo->attrs);
ldap_result_check ("ldap_add_s", dnbuffer, result);
}
void LDAPSession::addStringValue ( string dn,
const list<LDAPStringValue>& values )
{
list<LDAPStringValue>::const_iterator it=values.begin();
list<LDAPStringValue>::const_iterator end=values.end();
int i=0;
LDAPMod** mods= ( LDAPMod** ) malloc (
sizeof ( LDAPMod* ) *values.size() +1 );
for ( ;it!=end;++it )
{
mods[i]= ( LDAPMod* ) malloc ( sizeof ( LDAPMod ) );
mods[i]->mod_op=LDAP_MOD_ADD;
mods[i]->mod_type= ( char* ) malloc (
sizeof ( char ) *
( *it ).attr.length() );
strcpy ( mods[i]->mod_type, ( *it ).attr.c_str() );
list<string>::const_iterator sit= ( *it ).value.begin();
list<string>::const_iterator send= ( *it ).value.end();
int j=0;
mods[i]->mod_vals.modv_strvals= ( char** ) malloc (
sizeof ( char* ) *
( *it ).value.size() +1 );
for ( ;sit!=send;++sit )
{
mods[i]->mod_vals.modv_strvals[j]=
( char* ) malloc (
sizeof ( char ) *
( *sit ).length() );
strcpy ( mods[i]->mod_vals.modv_strvals[j],
( *sit ).c_str() );
++j;
}
mods[i]->mod_vals.modv_strvals[j]=0l;
++i;
}
mods[i]=0l;
int errc= ldap_add_s ( ld,dn.c_str(),mods );
if ( errc != LDAP_SUCCESS )
throw LDAPExeption ( "ldap_add_s",ldap_err2string ( errc ) );
ldap_mods_free ( mods,1 );
}
/*
a convenient routine for adding a generic LDAP record
*/
int ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ...)
{
int i;
va_list ap;
LDAPMod **mods;
char *name, *value;
int ret;
#define MAX_MOD_VALUES 10
/* count the number of attributes */
va_start(ap, new_dn);
for (i=0; va_arg(ap, char *); i++) {
/* skip the values */
while (va_arg(ap, char *)) ;
}
va_end(ap);
mods = malloc(sizeof(LDAPMod *) * (i+1));
va_start(ap, new_dn);
for (i=0; (name=va_arg(ap, char *)); i++) {
char **values;
int j;
values = (char **)malloc(sizeof(char *) * (MAX_MOD_VALUES+1));
for (j=0; (value=va_arg(ap, char *)) && j < MAX_MOD_VALUES; j++) {
values[j] = value;
}
values[j] = NULL;
mods[i] = malloc(sizeof(LDAPMod));
mods[i]->mod_type = name;
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_values = values;
}
mods[i] = NULL;
va_end(ap);
ret = ldap_add_s(ads->ld, new_dn, mods);
for (i=0; mods[i]; i++) {
free(mods[i]->mod_values);
free(mods[i]);
}
free(mods);
return ret;
}
/*
creates a computer account
and attributes:
objectClass=top,person,organizationalPerson,user,computer
sAMAccountName=NAME$
userAccountControl=4128
returns AD_SUCCESS on success
*/
int ad_create_computer(char *name, char *dn) {
LDAP *ds;
LDAPMod *attrs[4];
LDAPMod attr1, attr2, attr3;
int i, result;
char *objectClass_values[]={"top", "person", "organizationalPerson",
"user", "computer", NULL};
char *name_values[2];
char *accountControl_values[]={"4128", NULL};
ds=ad_login();
if(!ds) return ad_error_code;
attr1.mod_op = LDAP_MOD_ADD;
attr1.mod_type = "objectClass";
attr1.mod_values = objectClass_values;
name_values[0]=malloc(strlen(name)+2);
sprintf(name_values[0], "%s$", name);
for(i=0; name_values[0][i]; i++)
name_values[0][i]=toupper(name_values[0][i]);
name_values[1]=NULL;
attr2.mod_op = LDAP_MOD_ADD;
attr2.mod_type = "sAMAccountName";
attr2.mod_values = name_values;
attr3.mod_op = LDAP_MOD_ADD;
attr3.mod_type = "userAccountControl";
attr3.mod_values = accountControl_values;
attrs[0]=&attr1;
attrs[1]=&attr2;
attrs[2]=&attr3;
attrs[3]=NULL;
result=ldap_add_s(ds, dn, attrs);
if(result!=LDAP_SUCCESS) {
snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_add %s", ldap_err2string(result));
ad_error_code=AD_LDAP_OPERATION_FAILURE;
} else {
ad_error_code=AD_SUCCESS;
}
return ad_error_code;
}
char *
gfarm_generic_info_set(
void *key,
LDAPMod **modv,
const struct gfarm_generic_info_ops *ops)
{
int rv;
char *dn = ops->make_dn(key);
if (dn == NULL)
return (GFARM_ERR_NO_MEMORY);
rv = ldap_add_s(gfarm_ldap_server, dn, modv);
free(dn);
if (rv != LDAP_SUCCESS) {
if (rv == LDAP_ALREADY_EXISTS)
return (GFARM_ERR_ALREADY_EXISTS);
return (ldap_err2string(rv));
}
return (NULL);
}
static status
ClientsInit(LDAP *ld)
{
LDAPMod *attributes[4];
LDAPMod attribute1,attribute2,attribute3;
char * objectclass_vals[] = { "top","organizationalUnit",NULL };
char * ou_value[] = {"clients",NULL};
char * desc_value[] = {"Lista de clientes",NULL};
/* objectclass */
attribute1.mod_op = LDAP_MOD_ADD;
attribute1.mod_type = "objectclass";
attribute1.mod_vals.modv_strvals = objectclass_vals;
attributes[0] = &attribute1;
/* ou */
attribute2.mod_op = LDAP_MOD_ADD;
attribute2.mod_type = "ou";
attribute2.mod_vals.modv_strvals = ou_value;
attributes[1] = &attribute2;
/* description */
attribute3.mod_op = LDAP_MOD_ADD;
attribute3.mod_type = "description";
attribute3.mod_vals.modv_strvals = desc_value;
attributes[2] = &attribute3;
attributes[3] = NULL;
if ( ldap_add_s(ld, CLIENT_PATH, attributes) != LDAP_SUCCESS ) {
fprintf(stderr,"LDAP ERROR: No se pudo inicializar la lista de clientes %s\n", CLIENT_PATH);
return FATAL_ERROR;
}
return OK;
}
static status
RootAdd(LDAP *ld)
{
LDAPMod *attributes[4];
LDAPMod attribute1,attribute2,attribute3;
char * objectclass_vals[] = { "top","organization",NULL };
char * o_value[] = {MOVIE_STORE_NAME,NULL};
char * l_value[] = {MOVIE_STORE_LOCATION,NULL};
/* objectclass */
attribute1.mod_op = LDAP_MOD_ADD;
attribute1.mod_type = "objectclass";
attribute1.mod_vals.modv_strvals = objectclass_vals;
attributes[0] = &attribute1;
/* o */
attribute2.mod_op = LDAP_MOD_ADD;
attribute2.mod_type = "dc";
attribute2.mod_vals.modv_strvals = o_value;
attributes[1] = &attribute2;
/* l */
attribute3.mod_op = LDAP_MOD_ADD;
attribute3.mod_type = "l";
attribute3.mod_vals.modv_strvals = l_value;
attributes[2] = &attribute3;
attributes[3] = NULL;
if ( ldap_add_s(ld, MOVIE_STORE_DN, attributes) != LDAP_SUCCESS ) {
fprintf(stderr,"LDAP ERROR: No se pudo agregar el nodo inicial %s\n", MOVIE_STORE_DN);
return FATAL_ERROR;
}
return OK;
}
int
main (int *argc, char **argv)
{
isc_mem_t *mctx = NULL;
isc_entropy_t *ectx = NULL;
isc_result_t result;
char *basedn;
ldap_info *tmp;
LDAPMod *base_attrs[2];
LDAPMod base;
isc_buffer_t buff;
char *zonefile;
char fullbasedn[1024];
char *ctmp;
dns_fixedname_t fixedzone, fixedname;
dns_rdataset_t rdataset;
char **dc_list;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdatasetiter_t *riter;
dns_name_t *zone, *name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbit = NULL;
dns_dbnode_t *node;
extern char *optarg;
extern int optind, opterr, optopt;
int create_base = 0;
int topt;
if ((int) argc < 2)
{
usage ();
exit (-1);
}
while ((topt = getopt ((int) argc, argv, "D:w:b:z:f:h:?dcv")) != -1)
{
switch (topt)
{
case 'v':
printf("%s\n", VERSION);
exit(0);
case 'c':
create_base++;
break;
case 'd':
debug++;
break;
case 'D':
binddn = strdup (optarg);
break;
case 'w':
bindpw = strdup (optarg);
break;
case 'b':
ldapbase = strdup (optarg);
break;
case 'z':
argzone = strdup (optarg);
// We wipe argzone all to hell when we parse it for the DN */
gbl_zone = strdup(argzone);
break;
case 'f':
zonefile = strdup (optarg);
break;
case 'h':
ldapsystem = strdup (optarg);
break;
case '?':
default:
usage ();
exit (0);
}
}
if ((argzone == NULL) || (zonefile == NULL))
{
usage ();
exit (-1);
}
if (debug)
printf ("Initializing ISC Routines, parsing zone file\n");
result = isc_mem_create (0, 0, &mctx);
isc_result_check (result, "isc_mem_create");
result = isc_entropy_create(mctx, &ectx);
isc_result_check (result, "isc_entropy_create");
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
isc_result_check (result, "isc_hash_create");
isc_buffer_init (&buff, argzone, strlen (argzone));
isc_buffer_add (&buff, strlen (argzone));
dns_fixedname_init (&fixedzone);
zone = dns_fixedname_name (&fixedzone);
result = dns_name_fromtext (zone, &buff, dns_rootname, 0, NULL);
isc_result_check (result, "dns_name_fromtext");
result = dns_db_create (mctx, "rbt", zone, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db);
isc_result_check (result, "dns_db_create");
result = dns_db_load (db, zonefile);
isc_result_check (result, "Check Zone Syntax: dns_db_load");
result = dns_db_createiterator (db, 0, &dbit);
isc_result_check (result, "dns_db_createiterator");
result = dns_dbiterator_first (dbit);
isc_result_check (result, "dns_dbiterator_first");
dns_fixedname_init (&fixedname);
name = dns_fixedname_name (&fixedname);
dns_rdataset_init (&rdataset);
dns_rdata_init (&rdata);
while (result == ISC_R_SUCCESS)
{
node = NULL;
result = dns_dbiterator_current (dbit, &node, name);
if (result == ISC_R_NOMORE)
break;
isc_result_check (result, "dns_dbiterator_current");
riter = NULL;
result = dns_db_allrdatasets (db, node, NULL, 0, &riter);
isc_result_check (result, "dns_db_allrdatasets");
result = dns_rdatasetiter_first (riter);
//isc_result_check(result, "dns_rdatasetiter_first");
while (result == ISC_R_SUCCESS)
{
dns_rdatasetiter_current (riter, &rdataset);
result = dns_rdataset_first (&rdataset);
isc_result_check (result, "dns_rdatasetiter_current");
while (result == ISC_R_SUCCESS)
{
dns_rdataset_current (&rdataset, &rdata);
generate_ldap (name, &rdata, rdataset.ttl);
dns_rdata_reset (&rdata);
result = dns_rdataset_next (&rdataset);
}
dns_rdataset_disassociate (&rdataset);
result = dns_rdatasetiter_next (riter);
}
dns_rdatasetiter_destroy (&riter);
result = dns_dbiterator_next (dbit);
}
/* Initialize the LDAP Connection */
if (debug)
printf ("Initializing LDAP Connection to %s as %s\n", ldapsystem, binddn);
init_ldap_conn ();
if (create_base)
{
if (debug)
printf ("Creating base zone DN %s\n", argzone);
dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP);
basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC);
for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
{
if ((*ctmp == ',') || (ctmp == &basedn[0]))
{
base.mod_op = LDAP_MOD_ADD;
base.mod_type = "objectClass";
base.mod_values = topObjectClasses;
base_attrs[0] = &base;
base_attrs[1] = NULL;
if (ldapbase)
{
if (ctmp != &basedn[0])
sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase);
else
sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
}
else
{
if (ctmp != &basedn[0])
sprintf (fullbasedn, "%s", ctmp + 1);
else
sprintf (fullbasedn, "%s", ctmp);
}
result = ldap_add_s (conn, fullbasedn, base_attrs);
ldap_result_check ("intial ldap_add_s", fullbasedn, result);
}
}
}
else
{
if (debug)
printf ("Skipping zone base dn creation for %s\n", argzone);
}
for (tmp = ldap_info_base; tmp != NULL; tmp = tmp->next)
{
if (debug)
printf ("Adding DN: %s\n", tmp->dn);
add_ldap_values (tmp);
}
if (debug)
printf("Operation Complete.\n");
/* Cleanup */
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
if (zonefile)
free(zonefile);
return 0;
}
status
ClientAdd(LDAP *ld, client_t client)
{
LDAPMod *attributes[10];
LDAPMod attribute1,attribute2,attribute3,attribute4,attribute5,attribute6,attribute7,attribute8,attribute9;
char aux_error[100];
char * objectclass_vals[] = { "top", "person", "organizationalPerson", "inetOrgPerson", NULL };
char * ou_value[] = {"clients",NULL};
char * cn_value[] = {client.user,NULL};
char * uid_value[] = {client.user,NULL};
char * mail_value[] = {client.mail,NULL};
char * pass_value[] = {client.passwd,NULL};
char * sn_value[] = {client.user,NULL};
char * desc_value[] = {client.desc,NULL};
/* convierto el level a string */
char aux_level[5];
sprintf(aux_level, "%d",(int)client.level);
char * level_value[] = {aux_level,NULL};
char *dn = GetClientDN(client.user);
/* objectclass */
attribute1.mod_op = LDAP_MOD_ADD;
attribute1.mod_type = "objectclass";
attribute1.mod_vals.modv_strvals = objectclass_vals;
attributes[0] = &attribute1;
/* ou */
attribute2.mod_op = LDAP_MOD_ADD;
attribute2.mod_type = "ou";
attribute2.mod_vals.modv_strvals = ou_value;
attributes[1] = &attribute2;
/* cn */
attribute3.mod_op = LDAP_MOD_ADD;
attribute3.mod_type = "cn";
attribute3.mod_vals.modv_strvals = cn_value;
attributes[2] = &attribute3;
/* uid */
attribute4.mod_op = LDAP_MOD_ADD;
attribute4.mod_type = "uid";
attribute4.mod_vals.modv_strvals = uid_value;
attributes[3] = &attribute4;
/* mail */
attribute5.mod_op = LDAP_MOD_ADD;
attribute5.mod_type = "mail";
attribute5.mod_vals.modv_strvals = mail_value;
attributes[4] = &attribute5;
/* userPassword */
attribute6.mod_op = LDAP_MOD_ADD;
attribute6.mod_type = "userPassword";
attribute6.mod_vals.modv_strvals = pass_value;
attributes[5] = &attribute6;
/* sn */
attribute7.mod_op = LDAP_MOD_ADD;
attribute7.mod_type = "sn";
attribute7.mod_vals.modv_strvals = sn_value;
attributes[6] = &attribute7;
/* description */
attribute8.mod_op = LDAP_MOD_ADD;
attribute8.mod_type = "description";
attribute8.mod_vals.modv_strvals = desc_value;
attributes[7] = &attribute8;
/* level */
attribute9.mod_op = LDAP_MOD_ADD;
attribute9.mod_type = "internationaliSDNNumber";
attribute9.mod_vals.modv_strvals = level_value;
attributes[8] = &attribute9;
/* Fin del arreglo */
attributes[9] = NULL;
if ( ldap_add_s(ld, dn, attributes) != LDAP_SUCCESS ) {
fprintf(stderr,"LDAP ERROR: No pudo agregarse el cliente con level %s\n",level_value[0]);
ldap_perror(ld, aux_error);
fprintf(stderr, "%s\n",aux_error);
return ERROR;
}
return OK;
}
/* Creates new LDAP Account */
int db_create(char *bid, char *username, char *first, char *last, char *pass) {
/* declares local vars */
LDAP *ld;
LDAPMessage *res;
LDAPMod **mods;
char filter[1024];
int i;
int bid_len;
char *dn;
char *uid;
/* checks for connection */
if (db_pointer) {
ld = db_pointer;
} else {
return(1);
};
/* Gets size of bid */
bid_len = strlen(bid);
/* Creates filter */
strcpy(filter, "(blipsid=");
strcpy(filter+9, bid);
strcpy(filter+9+bid_len, ")");
if (ldap_search_s(ld, "o=acsalaska.net", LDAP_SCOPE_SUBTREE, filter, NULL, 0, &res)) {
ldap_perror(ld, "ldap_search_s");
return(1);
};
/* Checks for results */
if (ldap_count_entries(ld, res)) {
ldap_msgfree(res);
return(2);
};
ldap_msgfree(res);
res = NULL;
/* Generates DN */
dn = (char *) db_dn(username);
if (!dn) {
return(1);
};
/* Searches for existing username */
if (ldap_search_s(ld, dn, LDAP_SCOPE_SUBTREE, "(uid=*)", NULL, 0, &res) != LDAP_NO_SUCH_OBJECT) {
ldap_perror(ld, "ldap_search_s");
free(dn);
return(1);
};
/* Checks for results */
if (ldap_count_entries(ld, res)) {
ldap_msgfree(res);
return(3);
};
ldap_msgfree(res);
/* gets UID of account */
uid = strtok(username, "@");
/* Creates mod pointers */
mods = (LDAPMod **) malloc (9*sizeof(LDAPMod *));
if (!mods) {
return(1);
};
memset(mods, 0, (8*sizeof(LDAPMod *)));
for(i = 0; i < 8; i++) {
mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
if (!mods[i]) {
for(i = i; i >= 0; i--)
free(mods[i]);
free(mods);
return(1);
};
};
/* Creates mod entries */
mods[0]->mod_op = 0;
mods[0]->mod_type = (char *) strdup("objectclass");
mods[0]->mod_values = (char **) malloc(sizeof(char *)*8);
mods[0]->mod_values[0] = (char *) strdup("top");
mods[0]->mod_values[1] = (char *) strdup("person");
mods[0]->mod_values[2] = (char *) strdup("organizationalperson");
mods[0]->mod_values[3] = (char *) strdup("inetorgperson");
mods[0]->mod_values[4] = (char *) strdup("inetuser");
mods[0]->mod_values[5] = (char *) strdup("acsaccount");
mods[0]->mod_values[6] = (char *) strdup("acsblipsaccount");
mods[0]->mod_values[7] = NULL;
mods[1]->mod_op = 0;
mods[1]->mod_type = (char *) strdup("uid");
mods[1]->mod_values = (char **) malloc(sizeof(char *)*2);
mods[1]->mod_values[0] = uid;
mods[1]->mod_values[1] = NULL;
mods[2]->mod_op = 0;
mods[2]->mod_type = (char *) strdup("datasource");
mods[2]->mod_values = (char **) malloc(sizeof(char *)*2);
mods[2]->mod_values[0] = (char *) strdup("Backend LDAP Internet Provisioning System Daemon");
mods[2]->mod_values[1] = NULL;
mods[3]->mod_op = 0;
mods[3]->mod_type = (char *) strdup("givenname");
mods[3]->mod_values = (char **) malloc(sizeof(char *)*2);
mods[3]->mod_values[0] = first;
mods[3]->mod_values[1] = NULL;
mods[4]->mod_op = 0;
mods[4]->mod_type = (char *) strdup("sn");
mods[4]->mod_values = (char **) malloc(sizeof(char *)*2);
mods[4]->mod_values[0] = last;
mods[4]->mod_values[1] = NULL;
mods[5]->mod_op = 0;
mods[5]->mod_type = (char *) strdup("cn");
mods[5]->mod_values = (char **) malloc(sizeof(char *)*2);
mods[5]->mod_values[0] = (char *) strdup("First Last");
mods[5]->mod_values[1] = NULL;
mods[6]->mod_op = 0;
mods[6]->mod_type = (char *) strdup("clearpassword");
mods[6]->mod_values = (char **) malloc(sizeof(char *)*2);
mods[6]->mod_values[0] = pass;
mods[6]->mod_values[1] = NULL;
mods[7]->mod_op = 0;
mods[7]->mod_type = (char *) strdup("userpassword");
mods[7]->mod_values = (char **) malloc(sizeof(char *)*2);
mods[7]->mod_values[0] = pass;
mods[7]->mod_values[1] = NULL;
mods[8] = NULL;
/* Creates the account in LDAP */
if (ldap_add_s(ld, dn, mods)) {
ldap_perror(ld, "ldap_add_s");
free(dn);
ldap_mods_free(mods, 9);
return(1);
};
ldap_perror(ld, "ldap_add_s");
/* ends function */
fprintf(stderr, "got here 98\n");
free(dn);
fprintf(stderr, "got here 99\n");
//ldap_mods_free(mods, 9);
fprintf(stderr, "got here 100\n");
return(0);
}
/*
* Create or update an LDAP server binding entry.
*/
static void rpc_ns__ldap_export_server_element_ext(LDAP *ld,
char *dn,
rpc_if_handle_t if_spec,
rpc_binding_vector_p_t vec,
int modop,
unsigned32 *status
)
{
unsigned_char_p_t uuid = NULL;
unsigned_char_p_t interfaceID = NULL;
rpc_if_id_t if_id;
LDAPMod *modV[4];
LDAPMod modRpcNsInterfaceID, modRpcNsBindings, modObjectClass;
char **valueRpcNsBindings = NULL;
char *valueRpcNsInterfaceID[2], *valueObjectClass[3];
int rc;
unsigned i;
rpc_if_inq_id(if_spec, &if_id, status);
if (*status != rpc_s_ok) {
goto out;
}
/* Get the interface ID */
uuid_to_string(&if_id.uuid, &uuid, status);
if (*status != rpc_s_ok) {
goto out;
}
RPC_MEM_ALLOC(interfaceID, unsigned_char_p_t,
strlen(uuid) + sizeof(",65535.65535"),
RPC_C_MEM_NSRESOLUTION, RPC_C_MEM_WAITOK);
sprintf(interfaceID, "%s,%hu.%hu", uuid,
if_id.vers_major, if_id.vers_minor);
valueRpcNsInterfaceID[0] = interfaceID;
valueRpcNsInterfaceID[1] = NULL;
modRpcNsInterfaceID.mod_op = LDAP_MOD_ADD;
modRpcNsInterfaceID.mod_type = "rpcNsInterfaceID";
modRpcNsInterfaceID.mod_values = valueRpcNsInterfaceID;
RPC_MEM_ALLOC(valueRpcNsBindings, char **,
(vec->count * sizeof(char *)),
RPC_C_MEM_NSRESOLUTION, RPC_C_MEM_WAITOK);
memset(valueRpcNsBindings, 0, (vec->count * sizeof(unsigned_char_p_t)));
for (i = 0; i < vec->count; i++) {
rpc_binding_to_string_binding(vec->binding_h[i],
(unsigned_char_p_t *)&valueRpcNsBindings[i], status);
if (*status != rpc_s_ok) {
goto out;
}
}
valueRpcNsBindings[vec->count] = NULL;
modRpcNsBindings.mod_op = modop;
modRpcNsBindings.mod_type = "rpcNsBindings";
modRpcNsBindings.mod_values = valueRpcNsBindings;
valueObjectClass[0] = "rpcServerElement";
valueObjectClass[1] = "rpcEntry";
valueObjectClass[2] = "top";
modObjectClass.mod_op = modop;
modObjectClass.mod_type = "objectClass";
modObjectClass.mod_values = valueObjectClass;
modV[0] = &modRpcNsInterfaceID;
modV[1] = &modRpcNsBindings;
modV[2] = &modObjectClass;
modV[3] = NULL;
if (modop == LDAP_MOD_ADD) {
rc = ldap_add_s(ld, dn, modV);
} else {
rc = ldap_modify_s(ld, dn, modV);
}
*status = (rc == LDAP_SUCCESS) ? rpc_s_ok : rpc_s_update_failed;
out:
if (uuid != NULL)
free(uuid);
if (interfaceID != NULL)
free(interfaceID);
if (valueRpcNsBindings != NULL) {
char **p;
for (p = valueRpcNsBindings; *valueRpcNsBindings != NULL; p++) {
unsigned_char_p_t tmp = (unsigned_char_p_t)*p;
rpc_string_free(&tmp, status);
}
RPC_MEM_FREE(valueRpcNsBindings, RPC_C_MEM_NSRESOLUTION);
}
}
static krb5_error_code
LDAP_store(krb5_context context, HDB * db, unsigned flags,
hdb_entry * entry)
{
LDAPMod **mods = NULL;
krb5_error_code ret;
const char *errfn;
int rc;
LDAPMessage *msg = NULL, *e = NULL;
char *dn = NULL, *name = NULL;
ret = LDAP_principal2message(context, db, entry->principal, &msg);
if (ret == 0)
e = ldap_first_entry(HDB2LDAP(db), msg);
ret = krb5_unparse_name(context, entry->principal, &name);
if (ret) {
free(name);
return ret;
}
ret = hdb_seal_keys(context, db, entry);
if (ret)
goto out;
/* turn new entry into LDAPMod array */
ret = LDAP_entry2mods(context, db, entry, e, &mods);
if (ret)
goto out;
if (e == NULL) {
ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db));
if (ret < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM;
goto out;
}
} else if (flags & HDB_F_REPLACE) {
/* Entry exists, and we're allowed to replace it. */
dn = ldap_get_dn(HDB2LDAP(db), e);
} else {
/* Entry exists, but we're not allowed to replace it. Bail. */
ret = HDB_ERR_EXISTS;
goto out;
}
/* write entry into directory */
if (e == NULL) {
/* didn't exist before */
rc = ldap_add_s(HDB2LDAP(db), dn, mods);
errfn = "ldap_add_s";
} else {
/* already existed, send deltas only */
rc = ldap_modify_s(HDB2LDAP(db), dn, mods);
errfn = "ldap_modify_s";
}
if (check_ldap(context, db, rc)) {
char *ld_error = NULL;
ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING,
&ld_error);
krb5_set_error_string(context, "%s: %s (dn=%s) %s: %s",
errfn, name, dn, ldap_err2string(rc), ld_error);
ret = HDB_ERR_CANT_LOCK_DB;
} else
ret = 0;
out:
/* free stuff */
if (dn)
free(dn);
if (msg)
ldap_msgfree(msg);
if (mods)
ldap_mods_free(mods, 1);
if (name)
free(name);
return ret;
}
