LDAP * ldap_open( LDAP_CONST char *host, int port ) { int rc; LDAP *ld; Debug( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n", host, port, 0 ); ld = ldap_init( host, port ); if ( ld == NULL ) { return( NULL ); } rc = ldap_open_defconn( ld ); if( rc < 0 ) { ldap_ld_free( ld, 0, NULL, NULL ); ld = NULL; } Debug( LDAP_DEBUG_TRACE, "ldap_open: %s\n", ld != NULL ? "succeeded" : "failed", 0, 0 ); return ld; }
int ldap_initialize( LDAP **ldp, LDAP_CONST char *url ) { int rc; LDAP *ld; *ldp = NULL; rc = ldap_create(&ld); if ( rc != LDAP_SUCCESS ) return rc; if (url != NULL) { rc = ldap_set_option(ld, LDAP_OPT_URI, url); if ( rc != LDAP_SUCCESS ) { ldap_ld_free(ld, 1, NULL, NULL); return rc; } #ifdef LDAP_CONNECTIONLESS if (ldap_is_ldapc_url(url)) LDAP_IS_UDP(ld) = 1; #endif } *ldp = ld; return LDAP_SUCCESS; }
LDAP * ldap_ssl_open(char *host, int port, char *keyname) { LDAP *ld; int rval; if (port == 0) port = SSL_LDAP_PORT; ld = ldap_open(host, port); Debug(LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 197, "ldap_ssl_open (after ldap_open)\n"), 0, 0, 0); if (ld == NULL) return (NULL); ld->ld_use_ssl = 1; if (keyname) ld->ld_ssl_key = strdup(keyname); if (establish_ssl_connection(ld) != 0) { ldap_ld_free(ld, 1); return (NULL); } return (ld); }
int ldap_unbind_ext( LDAP *ld, LDAPControl **sctrls, LDAPControl **cctrls ) { int rc; assert( ld != NULL ); assert( LDAP_VALID( ld ) ); /* check client controls */ rc = ldap_int_client_controls( ld, cctrls ); if( rc != LDAP_SUCCESS ) return rc; return ldap_ld_free( ld, 1, sctrls, cctrls ); }
LDAP *LDAP_CALL ldap_open(const char *host, int port) { LDAP *ld; LDAPDebug(LDAP_DEBUG_TRACE, "ldap_open\n", 0, 0, 0); if ((ld = ldap_init(host, port)) == NULL) { return (NULL); } LDAP_MUTEX_LOCK(ld, LDAP_CONN_LOCK); if (nsldapi_open_ldap_defconn(ld) < 0) { LDAP_MUTEX_UNLOCK(ld, LDAP_CONN_LOCK); ldap_ld_free(ld, NULL, NULL, 0); return (NULL); } LDAP_MUTEX_UNLOCK(ld, LDAP_CONN_LOCK); LDAPDebug(LDAP_DEBUG_TRACE, "ldap_open successful, ld_host is %s\n", (ld->ld_host == NULL) ? "(null)" : ld->ld_host, 0, 0); return (ld); }
/* * ldap_init - initialize the LDAP library. A magic cookie to be used for * future communication is returned on success, NULL on failure. * "host" may be a space-separated list of hosts or IP addresses * * Example: * LDAP *ld; * ld = ldap_init( host, port ); */ LDAP * ldap_init( LDAP_CONST char *defhost, int defport ) { LDAP *ld; int rc; rc = ldap_create(&ld); if ( rc != LDAP_SUCCESS ) return NULL; if (defport != 0) ld->ld_options.ldo_defport = defport; if (defhost != NULL) { rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, defhost); if ( rc != LDAP_SUCCESS ) { ldap_ld_free(ld, 1, NULL, NULL); return NULL; } } return( ld ); }
LDAP * ldap_open(char *host, int port) { LDAP *ld; int err; if ((ld = ldap_init(host, port)) == NULL) { return (NULL); } Debug(LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 113, "ldap_open (after ldap_init)\n"), 0, 0, 0); #ifdef _REENTRANT LOCK_LDAP(ld); #endif if ((err = open_default_ldap_connection(ld)) != LDAP_SUCCESS) { #ifdef _REENTRANT UNLOCK_LDAP(ld); #endif ldap_ld_free(ld, 0); Debug(LDAP_DEBUG_ANY, catgets(slapdcat, 1, 1275, "ldap_open failed, %s\n"), ldap_err2string(err), 0, 0); return (NULL); } Debug(LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 194, "ldap_open successful, ld_host is %s\n"), (ld->ld_host == NULL) ? "(null)" : ld->ld_host, 0, 0); #ifdef _REENTRANT UNLOCK_LDAP(ld); #endif return (ld); }
int ldap_destroy( LDAP *ld ) { return ( ldap_ld_free( ld, 1, NULL, NULL ) ); }
int ldap_init_fd( ber_socket_t fd, int proto, LDAP_CONST char *url, LDAP **ldp ) { int rc; LDAP *ld; LDAPConn *conn; *ldp = NULL; rc = ldap_create( &ld ); if( rc != LDAP_SUCCESS ) return( rc ); if (url != NULL) { rc = ldap_set_option(ld, LDAP_OPT_URI, url); if ( rc != LDAP_SUCCESS ) { ldap_ld_free(ld, 1, NULL, NULL); return rc; } } /* Attach the passed socket as the LDAP's connection */ conn = ldap_new_connection( ld, NULL, 1, 0, NULL); if( conn == NULL ) { ldap_unbind_ext( ld, NULL, NULL ); return( LDAP_NO_MEMORY ); } ber_sockbuf_ctrl( conn->lconn_sb, LBER_SB_OPT_SET_FD, &fd ); ld->ld_defconn = conn; ++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */ switch( proto ) { case LDAP_PROTO_TCP: #ifdef LDAP_DEBUG ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug, LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" ); #endif ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp, LBER_SBIOD_LEVEL_PROVIDER, NULL ); break; #ifdef LDAP_CONNECTIONLESS case LDAP_PROTO_UDP: #ifdef LDAP_DEBUG ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug, LBER_SBIOD_LEVEL_PROVIDER, (void *)"udp_" ); #endif ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_udp, LBER_SBIOD_LEVEL_PROVIDER, NULL ); ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead, LBER_SBIOD_LEVEL_PROVIDER, NULL ); break; #endif /* LDAP_CONNECTIONLESS */ case LDAP_PROTO_IPC: #ifdef LDAP_DEBUG ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug, LBER_SBIOD_LEVEL_PROVIDER, (void *)"ipc_" ); #endif ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_fd, LBER_SBIOD_LEVEL_PROVIDER, NULL ); break; case LDAP_PROTO_EXT: /* caller must supply sockbuf handlers */ break; default: ldap_unbind_ext( ld, NULL, NULL ); return LDAP_PARAM_ERROR; } #ifdef LDAP_DEBUG ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug, INT_MAX, (void *)"ldap_" ); #endif /* Add the connection to the *LDAP's select pool */ ldap_mark_select_read( ld, conn->lconn_sb ); ldap_mark_select_write( ld, conn->lconn_sb ); *ldp = ld; return LDAP_SUCCESS; }
void cldap_close( LDAP *ld ) { ldap_ld_free( ld, 0 ); }
/* * asyncmeta_single_bind * * attempts to perform a bind with creds */ static int asyncmeta_single_bind( Operation *op, SlapReply *rs, a_metaconn_t *mc, int candidate ) { a_metainfo_t *mi = mc->mc_info; a_metatarget_t *mt = mi->mi_targets[ candidate ]; struct berval mdn = BER_BVNULL; a_metasingleconn_t *msc = &mc->mc_conns[ candidate ]; int msgid; a_dncookie dc; struct berval save_o_dn; int save_o_do_not_cache; LDAPControl **ctrls = NULL; if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) { ch_free( msc->msc_bound_ndn.bv_val ); BER_BVZERO( &msc->msc_bound_ndn ); } if ( !BER_BVISNULL( &msc->msc_cred ) ) { /* destroy sensitive data */ memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len ); ch_free( msc->msc_cred.bv_val ); BER_BVZERO( &msc->msc_cred ); } /* * Rewrite the bind dn if needed */ dc.target = mt; dc.conn = op->o_conn; dc.rs = rs; dc.ctx = "bindDN"; if ( asyncmeta_dn_massage( &dc, &op->o_req_dn, &mdn ) ) { rs->sr_text = "DN rewrite error"; rs->sr_err = LDAP_OTHER; return rs->sr_err; } /* don't add proxyAuthz; set the bindDN */ save_o_dn = op->o_dn; save_o_do_not_cache = op->o_do_not_cache; op->o_do_not_cache = 1; op->o_dn = op->o_req_dn; ctrls = op->o_ctrls; rs->sr_err = asyncmeta_controls_add( op, rs, mc, candidate, &ctrls ); op->o_dn = save_o_dn; op->o_do_not_cache = save_o_do_not_cache; if ( rs->sr_err != LDAP_SUCCESS ) { goto return_results; } /* FIXME: this fixes the bind problem right now; we need * to use the asynchronous version to get the "matched" * and more in case of failure ... */ /* FIXME: should we check if at least some of the op->o_ctrls * can/should be passed? */ for (;;) { rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val, LDAP_SASL_SIMPLE, &op->orb_cred, ctrls, NULL, &msgid ); if ( rs->sr_err != LDAP_X_CONNECTING ) { break; } ldap_pvt_thread_yield(); } mi->mi_ldap_extra->controls_free( op, rs, &ctrls ); asyncmeta_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND, 1 ); if ( rs->sr_err != LDAP_SUCCESS ) { goto return_results; } /* If defined, proxyAuthz will be used also when * back-ldap is the authorizing backend; for this * purpose, a successful bind is followed by a * bind with the configured identity assertion */ /* NOTE: use with care */ if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) { asyncmeta_proxy_authz_bind( mc, candidate, op, rs, LDAP_BACK_SENDERR, 1 ); if ( !LDAP_BACK_CONN_ISBOUND( msc ) ) { goto return_results; } goto cache_refresh; } ber_bvreplace( &msc->msc_bound_ndn, &op->o_req_ndn ); LDAP_BACK_CONN_ISBOUND_SET( msc ); mc->mc_authz_target = candidate; if ( META_BACK_TGT_SAVECRED( mt ) ) { if ( !BER_BVISNULL( &msc->msc_cred ) ) { memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len ); } ber_bvreplace( &msc->msc_cred, &op->orb_cred ); ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc ); } cache_refresh:; if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED && !BER_BVISEMPTY( &op->o_req_ndn ) ) { ( void )asyncmeta_dncache_update_entry( &mi->mi_cache, &op->o_req_ndn, candidate ); } return_results:; if ( mdn.bv_val != op->o_req_dn.bv_val ) { free( mdn.bv_val ); } if ( META_BACK_TGT_QUARANTINE( mt ) ) { asyncmeta_quarantine( op, mi, rs, candidate ); } ldap_unbind_ext( msc->msc_ld, NULL, NULL ); msc->msc_ld = NULL; ldap_ld_free( msc->msc_ldr, 0, NULL, NULL ); msc->msc_ldr = NULL; return rs->sr_err; }
static int pam_bindcb( Operation *op, SlapReply *rs) { struct paminfo *pi = op->o_callback->sc_private; LDAPControl *ctrl = ldap_control_find(LDAP_CONTROL_PASSWORDPOLICYRESPONSE, rs->sr_ctrls, NULL); if (ctrl) { LDAP *ld; ber_int_t expire, grace; LDAPPasswordPolicyError error; ldap_create(&ld); if (ld) { int rc = ldap_parse_passwordpolicy_control(ld,ctrl, &expire,&grace,&error); if (rc == LDAP_SUCCESS) { if (expire >= 0) { char *unit = "seconds"; if (expire > 60) { expire /= 60; unit = "minutes"; } if (expire > 60) { expire /= 60; unit = "hours"; } if (expire > 24) { expire /= 24; unit = "days"; } #if 0 /* Who warns about expiration so far in advance? */ if (expire > 7) { expire /= 7; unit = "weeks"; } if (expire > 4) { expire /= 4; unit = "months"; } if (expire > 12) { expire /= 12; unit = "years"; } #endif pi->msg.bv_len = sprintf(pi->msg.bv_val, "\nWARNING: Password expires in %d %s\n", expire, unit); } else if (grace > 0) { pi->msg.bv_len = sprintf(pi->msg.bv_val, "Password expired; %d grace logins remaining", grace); pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD; } else if (error != PP_noError) { ber_str2bv(ldap_passwordpolicy_err2txt(error), 0, 0, &pi->msg); switch (error) { case PP_passwordExpired: /* report this during authz */ rs->sr_err = LDAP_SUCCESS; /* fallthru */ case PP_changeAfterReset: pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD; } } } ldap_ld_free(ld,0,NULL,NULL); } } return LDAP_SUCCESS; }