Exemplo n.º 1
0
int
main( int argc, char **argv )
{
	LDAP		*ld;
	LDAPMessage	*result, *e;
	BerElement	*ber;
	char		*a, *dn;
	char		**vals;
	int		i;

	/* get a handle to an LDAP connection */
	if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
		perror( "ldap_init" );
		return( 1 );
	}
	/* authenticate to the directory as nobody */
	if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_simple_bind_s" );
		ldap_unbind( ld );
		return( 1 );
	}
	/* search for all entries with surname of Jensen */
	if ( ldap_search_s( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE,
		MY_FILTER, NULL, 0, &result ) != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_search_s" );
		if ( result == NULL ) {
			ldap_unbind( ld );
			return( 1 );
		}
	}
	/* for each entry print out name + all attrs and values */
	for ( e = ldap_first_entry( ld, result ); e != NULL;
	    e = ldap_next_entry( ld, e ) ) {
		if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
		    printf( "dn: %s\n", dn );
		    ldap_memfree( dn );
		}
		for ( a = ldap_first_attribute( ld, e, &ber );
		    a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
			if ((vals = ldap_get_values( ld, e, a)) != NULL ) {
				for ( i = 0; vals[i] != NULL; i++ ) {
				    printf( "%s: %s\n", a, vals[i] );
				}
				ldap_value_free( vals );
			}
			ldap_memfree( a );
		}
		if ( ber != NULL ) {
			ber_free( ber, 0 );
		}
		printf( "\n" );
	}
	ldap_msgfree( result );
	ldap_unbind( ld );
	return( 0 );
}
Exemplo n.º 2
0
int ldap_add_machine_account(const char *ldap_host, 
			     const char *hostname, const char *realm)
{
	LDAP *ld;
	int ldap_port = LDAP_PORT;
	char *bind_path;
	int rc;
	LDAPMessage *res;
	void *sasl_defaults;
	int version = LDAP_VERSION3;

	bind_path = build_dn(realm);

	printf("Creating host account for %s@%s\n", hostname, realm);

	ld = ldap_open(ldap_host, ldap_port);
	ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);

	rc = ldap_sasl_interactive_bind_s(ld, NULL, NULL, NULL, NULL, 0,
					  sasl_interact, NULL);

	if (rc != LDAP_SUCCESS) {
		ldap_perror(ld, "ldap_bind");
		goto failed;
	}

	rc = find_host(ld, &res, bind_path, hostname);
	if (rc == LDAP_SUCCESS && ldap_count_entries(ld, res) == 1) {
		printf("Host account for %s already exists\n", hostname);
		goto finished;
	}

	rc = add_host(ld, bind_path, hostname, realm);
	if (rc != LDAP_SUCCESS) {
		ldap_perror(ld, "add_host");
		goto failed;
	}

	rc = find_host(ld, &res, bind_path, hostname);
	if (rc != LDAP_SUCCESS || ldap_count_entries(ld, res) != 1) {
		ldap_perror(ld, "find_host test");
		goto failed;
	}

	printf("Successfully added machine account for %s\n", hostname);

finished:	
	free(bind_path);
	return 0;

failed:
	printf("ldap_add_machine_account failed\n");
	free(bind_path);
	ldap_unbind(ld);
	return 1;
}
Exemplo n.º 3
0
int
main( int argc, char **argv )
{
    LDAP	*ld;
    LDAPMod	mod0, mod1, *mods[ 3 ];
    char	*vals0[ 2 ], *vals1[ 2 ], buf[ 128 ];
    time_t	now;

    /* get an LDAP session handle and authenticate */
    if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
	perror( "ldap_init" );
	return( 1 );
    }
    if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) {
	ldap_perror( ld, "ldap_simple_bind_s" );
	return( 1 );
    }

    /* construct the list of modifications to make */
    mod0.mod_op = LDAP_MOD_REPLACE;
    mod0.mod_type = "mail";
    vals0[0] = "*****@*****.**";
    vals0[1] = NULL;
    mod0.mod_values = vals0;

    mod1.mod_op = LDAP_MOD_ADD;
    mod1.mod_type = "description";
    time( &now );
    sprintf( buf, "This entry was modified with the modattrs program on %s",
	    ctime( &now ));
    /* Get rid of \n which ctime put on the end of the time string */
    if ( buf[ strlen( buf ) - 1 ] == '\n' ) {
	buf[ strlen( buf ) - 1 ] = '\0';
    }
    vals1[ 0 ] = buf;
    vals1[ 1 ] = NULL;
    mod1.mod_values = vals1;

    mods[ 0 ] = &mod0;
    mods[ 1 ] = &mod1;
    mods[ 2 ] = NULL;

    /* make the change and clean up after ourselves */
    if ( ldap_modify_s( ld, ENTRYDN, mods ) != LDAP_SUCCESS ) {
	ldap_perror( ld, "ldap_modify_s" );
	return( 1 );
    }
    ldap_unbind( ld );
    printf( "modification was successful\n" );
    return( 0 );
}
Exemplo n.º 4
0
/* init && bind */
int ldap_connect(ldap_opt_t * ldap) {
    int version = LDAP_VERSION3;

    if (!ldap->servers)
        return FAILURE;

    /* Connection Init and setup */
    ldap->ld = ldap_init(ldap->servers, LDAP_PORT);
    if (!ldap->ld) {
        ldap_perror(ldap->ld, "ldap_init()");
        return FAILURE;
    }

    if ( ldap_set_option(ldap->ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) {
        ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION)");
        return FAILURE;
    }

    /* Timeouts setup */
    if (ldap_set_option(ldap->ld, LDAP_OPT_NETWORK_TIMEOUT, &ldap->b_timeout) != LDAP_SUCCESS) {
        ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT)");
    }
    if (ldap_set_option(ldap->ld, LDAP_OPT_TIMEOUT, &ldap->s_timeout) != LDAP_SUCCESS) {
        ldap_perror(ldap->ld, "ldap_set_option(LDAP_OPT_TIMEOUT)");
    }

    /* TLS support */
    if ( (ldap->tls == -1) || (ldap->tls == 1) ) {
        if (ldap_start_tls_s(ldap->ld, NULL, NULL ) != LDAP_SUCCESS) {
            /* failed then reinit the initial connect */
            ldap_perror(ldap->ld, "ldap_connect: (TLS) ldap_start_tls()");
            if (ldap->tls == 1)
                return FAILURE;

            ldap->ld = ldap_init(ldap->servers, LDAP_PORT);
            if (!ldap->ld) { 
                ldap_perror(ldap->ld, "ldap_init()");
                return FAILURE;
            }

            if ( ldap_set_option(ldap->ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) {
                 ldap_perror(ldap->ld, "ldap_set_option()");
                 return FAILURE;
            }
        }
    }


    if ( ldap_simple_bind_s(ldap->ld, ldap->binddn, ldap->bindpw) != LDAP_SUCCESS) {
        ldap_perror(ldap->ld, "ldap_simple_bind_s()");
        return FAILURE;
    }

    /* says it is connected */
    FLAG_SET_CONNECTED(ldap->flags);

    return SUCCESS;
}
Exemplo n.º 5
0
unsigned int
GetUserLevel(LDAP *ld,char *user)
{

	LDAPMessage        *res, *e;
	char               *a;
	BerElement         *ptr;
	char               **vals;
	unsigned int ret;
	
	char *filter = GetClientFilter(user);
	
	if (ldap_search_s(ld, CLIENT_PATH, LDAP_SCOPE_SUBTREE,filter, NULL, 0, &res)!= LDAP_SUCCESS) {
		printf("%s\n",filter);
		ldap_perror(ld, "ldap_search_s");
		exit(1);
	}
	
	if( (e=ldap_first_entry(ld, res)) == NULL )
	   fprintf(stderr, "LDAP error: user not found");

	a = ldap_first_attribute(ld, e, &ptr);
	while( strcmp(a,"internationaliSDNNumber") != 0 )
		a = ldap_next_attribute(ld, e, ptr);
	   
	vals = ldap_get_values(ld, e, a);	
	ret = atoi(vals[0]);		
	/* free the search results */
	ldap_msgfree(res);
	return ret;
}
Exemplo n.º 6
0
int ldap_parse_whoami(
	LDAP *ld,
	LDAPMessage *res,
	struct berval **authzid )
{
	int rc;
	char *retoid = NULL;

	assert( ld != NULL );
	assert( LDAP_VALID( ld ) );
	assert( res != NULL );
	assert( authzid != NULL );

	*authzid = NULL;

	rc = ldap_parse_extended_result( ld, res, &retoid, authzid, 0 );

	if( rc != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_parse_whoami" );
		return rc;
	}

	ber_memfree( retoid );
	return rc;
}
Exemplo n.º 7
0
/*
 * Function: copy_value
 *   Copy value from a LDAP attribute to $copy
 * INPUT:
 *   $ld:       the connection with the LDAP server
 *   $entry:    the entry who contains attributes
 *   $attribut: this attribut
 *   $copy:     where data can go
 * OUTPUT:
 *   void
 */
static void copy_value(LDAP *ld, LDAPMessage *entry, const char *attribut,
	char **copy, const char *username)
{
  char ** values;
  values=ldap_get_values(ld,entry, (char *)attribut);

	if (values==NULL)
	{
#ifdef HAVE_LDAP_RESULT2ERROR
	  int ld_errno = ldap_result2error(ld,entry,0);
	  if (ld_errno && ld_errno != LDAP_DECODING_ERROR)
	    /* We didn't ask for this attribute */
	    ldap_perror(ld,"ldap_get_values");
#else
		if (ld->ld_errno != LDAP_DECODING_ERROR)
			/* We didn't ask for this attribute */
			ldap_perror(ld,"ldap_get_values");
#endif
		*copy=NULL;
		return;
	}
  /* We accept only attribute with one value */
	else if (ldap_count_values(values)>1)
	 {
		 *copy=strdup(values[0]);
		 syslog(LOG_DAEMON,
			"authldaplib: duplicate attribute %s for %s\n",
			attribut,
			username);
		 *copy=NULL;
	 }
  /* We accept only attribute with one value */
	else if (ldap_count_values(values)!=1)
	 {
		 *copy=NULL;
	 }
  else
	 {
		 *copy=strdup(values[0]);
	 }
#if DEBUG_LDAP
  syslog(LOG_DAEMON|LOG_CRIT,"copy_value %s: %s\n",attribut,values[0]);
#endif
  ldap_value_free(values);
}
Exemplo n.º 8
0
int
main( int argc, char **argv )
{
    int             version;
    LDAP            *ld;
    char            *target;
    int             rc;
    struct berval   userid;
    struct berval   oldpasswd;
    struct berval   newpasswd;
    struct berval   genpasswd;

    /* Use LDAPv3. */
    version = LDAP_VERSION3;
    if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version )
         != 0 ) {
        fprintf( stderr,
                 "ldap_set_option protocol version to %d failed\n",
                 version );
        return ( 1 );
    }

    /* Get a handle to an LDAP connection. */
    if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
        perror( "ldap_init" );
        return( 1 );
    }

    /* Authenticate to the directory. */
    if ( ldap_simple_bind_s( ld, ENTRYDN, ENTRYPW ) != LDAP_SUCCESS ) {
        ldap_perror( ld, "ldap_simple_bind_s" );
        return( 1 );
    }

    /* Change the password using the extended operation. */
    userid.bv_val = ENTRYDN;
    userid.bv_len = strlen(userid.bv_val);

    oldpasswd.bv_val = ENTRYPW;
    oldpasswd.bv_len = strlen(oldpasswd.bv_val);

    newpasswd.bv_val = "ChangeMe!";
    newpasswd.bv_len = strlen(newpasswd.bv_val);

    rc = ldap_passwd_s(
        ld, &userid, &oldpasswd, &newpasswd, &genpasswd, NULL, NULL );
    if ( rc != LDAP_SUCCESS ) {
        fprintf( stderr, "ldap_passwd_s: %s\n", ldap_err2string( rc ) );
        ldap_unbind( ld );
        return( 1 );
    } else {
        printf( "Successfully changed password for %s\n", userid.bv_val );
    }

    ldap_unbind( ld );
    return( 0 );
}
Exemplo n.º 9
0
/* Like isc_result_check, only for LDAP */
void
ldap_result_check (char *msg, char *dn, int err)
{
  if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS))
    {
      fprintf(stderr, "Error while adding %s (%s):\n",
		      dn, msg);
      ldap_perror (conn, dn);
      ldap_unbind_s (conn);
      exit (-1);
    }
}
Exemplo n.º 10
0
static void
print_ldap_result( LDAP *ld, LDAPMessage *lm, const char *s )
{
	ldap_result2error( ld, lm, 1 );
	ldap_perror( ld, s );
/*
	if ( ld->ld_error != NULL && *ld->ld_error != '\0' )
		fprintf( stderr, "Additional info: %s\n", ld->ld_error );
	if ( LDAP_NAME_ERROR( ld->ld_errno ) && ld->ld_matched != NULL )
		fprintf( stderr, "Matched DN: %s\n", ld->ld_matched );
*/
}
Exemplo n.º 11
0
void ldap_close(ldap_opt_t * ldap) {

    if (!ldap)
        return;

    if ( ldap_unbind_ext(ldap->ld, NULL, NULL) < 0)
	ldap_perror(ldap->ld, "ldap_unbind()");

    ldap->ld = NULL;
    FLAG_SET_DISCONNECTED(ldap->flags);

    return;
}
Exemplo n.º 12
0
/* -1 if trouble
   0 if user is NOT member of current server group
   1 if user IS MEMBER of current server group 
 */
int ldap_ismember(ldap_opt_t * l, const char * user) {
    LDAPMessage *res;
    char * filter;
    int i;

    if ((!l->sgroup) || !(l->g_basedn))
        return 1;

    /* Am i still connected ? RETRY n times */
    /* XXX TODO: setup some conf value for retrying */
    if (!(l->flags & FLAG_CONNECTED)) 
        for (i = 0 ; i < 2 ; i++)
            if (ldap_connect(l) == 0)
                 break;

    /* quick check for attempts to be evil */
    if ((strchr(user, '(') != NULL) || (strchr(user, ')') != NULL) ||
        (strchr(user, '*') != NULL) || (strchr(user, '\\') != NULL))
        return FAILURE;

    /* build filter for LDAP request */
    REQUEST_GROUP(filter, l->fgroup, user);

    if (ldap_search_st( l->ld, 
        l->g_basedn,
        LDAP_SCOPE_SUBTREE,
        filter,
        NULL, 0, &l->s_timeout, &res) != LDAP_SUCCESS) {
    
        ldap_perror(l->ld, "ldap_search_st()");

        free(filter);

        /* XXX error on search, timeout etc.. close ask for reconnect */
        ldap_close(l);

        return FAILURE;
    }

    free(filter);

    /* check if any results */
    if (ldap_count_entries(l->ld, res) > 0) {
        ldap_msgfree(res);
        return 1;
    }

    ldap_msgfree(res);
    return 0;
}
Exemplo n.º 13
0
static void *compare_thread(char *id) {
  char dn[BUFSIZ], name[40], cmpval[40];
  int rc, randval, opcount;
  struct berval bv;
  void *voidrc = (void *)0;

  printf("Starting compare_thread %s.\n", id);
  opcount = 0;
  tsd_setup();

  for (;;) {
    randval = get_random_id();
    sprintf(name, "%d", randval);
    sprintf(dn, "cn=%s, " BASE, name);
    sprintf(cmpval, "%d", randval + random() % 3);
    bv.bv_val = cmpval;
    bv.bv_len = strlen(cmpval);

    printf("Thread %s: Comparing cn in entry (%s) with %s\n", id, dn, cmpval);

    rc = ldap_compare_ext_s(ld, dn, "cn", &bv, NULL, NULL);
    switch (rc) {
      case LDAP_COMPARE_TRUE:
        printf("Thread %s: entry (%s) contains cn %s\n", id, dn, cmpval);
        break;
      case LDAP_COMPARE_FALSE:
        printf("Thread %s: entry (%s) doesn't contain cn %s\n", id, dn, cmpval);
        break;
      default:
        ldap_perror(ld, "ldap_compare_ext_s");
        if (rc == LDAP_SERVER_DOWN) {
          perror("ldap_compare_ext_s");
          voidrc = (void *)1;
          goto compare_cleanup_and_return;
        }
    }

    ++opcount;
    if (maxops != 0 && opcount >= maxops) {
      break;
    }
  }

compare_cleanup_and_return:
  printf("Thread %s: attempted %d compare operations\n", id, opcount);
  set_ld_error(0, NULL, NULL, NULL); /* disposes of memory */
  tsd_cleanup();
  free(id);
  return voidrc;
}
Exemplo n.º 14
0
static void *bind_thread(char *id) {
  char dn[BUFSIZ], name[40];
  int rc, opcount;
  void *voidrc = (void *)0;

  printf("Starting bind_thread %s.\n", id);
  opcount = 0;
  tsd_setup();

  for (;;) {
    sprintf(name, "%d", get_random_id());
    sprintf(dn, "cn=%s, " BASE, name);
    printf("Thread %s: Binding as entry (%s)\n", id, dn);

    if ((rc = ldap_simple_bind_s(ld, dn, name)) != LDAP_SUCCESS) {
      ldap_perror(ld, "ldap_simple_bind_s");
      if (rc == LDAP_SERVER_DOWN) {
        perror("ldap_simple_bind_s");
        voidrc = (void *)1;
        goto bind_cleanup_and_return;
      }
    } else {
      printf("Thread %s: bound as entry (%s)\n", id, dn);
    }

    ++opcount;
    if (maxops != 0 && opcount >= maxops) {
      break;
    }
  }

bind_cleanup_and_return:
  printf("Thread %s: attempted %d bind operations\n", id, opcount);
  set_ld_error(0, NULL, NULL, NULL); /* disposes of memory */
  tsd_cleanup();
  free(id);
  return voidrc;
}
Exemplo n.º 15
0
int
main( int argc, char **argv )
{
	LDAP			*ld;
	LDAPMessage		*result, *e;
	char			*attrfail, *matched = NULL, *errmsg = NULL;
	char			**vals, **referrals;
	int			rc, parse_rc, version;
	unsigned long		sortrc;
	LDAPControl		*sortctrl = NULL;
	LDAPControl		*requestctrls[ 2 ];
	LDAPControl		**resultctrls = NULL;
	LDAPsortkey		**sortkeylist;

	/* Arrange for all connections to use LDAPv3 */
	version = LDAP_VERSION3;
	if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version )
	    != 0 ) {
		fprintf( stderr,
		    "ldap_set_option protocol version to %d failed\n",
		    version );
		return( 1 );
	}

	/* Get a handle to an LDAP connection */
	if ( (ld = ldap_init( MY_HOST, MY_PORT ) ) == NULL ) {
		perror( "ldap_init" );
		return( 1 );
	}

	/* Authenticate as Directory Manager */
	if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_simple_bind_s" );
		ldap_unbind( ld );
		return( 1 );
	}

	/*
	 * Create a sort key list that specifies the sort order of the results.
	 * Sort the results by last name first, then by first name.
	 */
	ldap_create_sort_keylist( &sortkeylist, "description -givenname" );

	/* Create the sort control. */
	rc = ldap_create_sort_control( ld, sortkeylist, 1, &sortctrl );
	if ( rc != LDAP_SUCCESS ) {
		fprintf( stderr, "ldap_create_sort_control: %s\n",
		    ldap_err2string( rc ) );
		ldap_unbind( ld );
		return( 1 );
	}
	requestctrls[ 0 ] = sortctrl;
	requestctrls[ 1 ] = NULL;

	/* Search for all entries in Sunnyvale */

	rc = ldap_search_ext_s( ld, PEOPLE_BASE, LDAP_SCOPE_SUBTREE,
	    "(objectclass=person)", NULL, 0, requestctrls, NULL, NULL, 0,
	    &result );

	if ( rc != LDAP_SUCCESS ) {
		fprintf( stderr, "ldap_search_ext_s: %s\n",
		    ldap_err2string( rc ) );
		ldap_unbind( ld );
		return( 1 );
	}

	parse_rc = ldap_parse_result( ld, result, &rc, &matched, &errmsg,
	    &referrals, &resultctrls, 0 );

	if ( parse_rc != LDAP_SUCCESS ) {
		fprintf( stderr, "ldap_parse_result: %s\n",
		    ldap_err2string( parse_rc ) );
		ldap_unbind( ld );
		return( 1 );
	}

	if ( rc != LDAP_SUCCESS ) {
		fprintf( stderr, "ldap_search_ext_s: %s\n",
		    ldap_err2string( rc ) );
		if ( errmsg != NULL && *errmsg != '\0' ) {
			fprintf( stderr, "%s\n", errmsg );
		}

		ldap_unbind( ld );
		return( 1 );
	}

	parse_rc = ldap_parse_sort_control( ld, resultctrls, &sortrc,
	    &attrfail );

	if ( parse_rc != LDAP_SUCCESS ) {
		fprintf( stderr, "ldap_parse_sort_control: %s\n",
		    ldap_err2string( parse_rc ) );
		ldap_unbind( ld );
		return( 1 );
	}

	if ( sortrc != LDAP_SUCCESS ) {
		fprintf( stderr, "Sort error: %s\n", ldap_err2string( sortrc ));
		if ( attrfail != NULL && *attrfail != '\0' ) {
			fprintf( stderr, "Bad attribute: %s\n", attrfail);
		}
		ldap_unbind( ld );
		return( 1 );
	}

	/* for each entry print out name + all attrs and values */
	for ( e = ldap_first_entry( ld, result ); e != NULL;
	    e = ldap_next_entry( ld, e ) ) {
		if ((vals = ldap_get_values( ld, e, "sn")) != NULL ) {
			if ( vals[0] != NULL ) {
				printf( "%s", vals[0] );
			}
			ldap_value_free( vals );
		}

		if ((vals = ldap_get_values( ld, e, "givenname")) != NULL ) {
			if ( vals[0] != NULL ) {
				printf( "\t%s", vals[0] );
			}
			ldap_value_free( vals );
		}

		putchar( '\n' );
	}

	ldap_msgfree( result );
	ldap_free_sort_keylist( sortkeylist );
	ldap_control_free( sortctrl );
	ldap_controls_free( resultctrls );
	ldap_unbind( ld );

	return( 0 );
}
Exemplo n.º 16
0
/**
* Get certificate from LDAP-Server.
*/
static int ldap_get_certificate(const char *login) {
	LDAP *ldap_connection;
	int entries;
	LDAPMessage *res;
	LDAPMessage *entry;
	struct berval **bvals = NULL;
	BerElement *ber = NULL;
	char *name = NULL;
	char filter_str[100];
	char *attrs[2];
	int rv = LDAP_SUCCESS;
	void *bv_val;

	char uri[4096];
	char uribuf[4096];
	char *uris[LDAP_CONFIG_URI_MAX + 1];
	const char *p;
	int current_uri = 0, start_uri = 0;

	char *buffer;
	size_t buflen;

	uris[0] = NULL;

	attrs[0] = (char *)attribute;
	attrs[1] = NULL;

	DBG1("ldap_get_certificate(): begin login = %s", login);

	/* Put the login to the %s in Filterstring */
	snprintf(filter_str, sizeof(filter_str), filter, login);

	DBG1("ldap_get_certificate(): filter_str = %s", filter_str);

	/* parse and split URI config entry */
	buffer = uribuf;
	buflen = sizeof (uribuf);

	strncpy(uri, ldapURI, sizeof (uri)-1);

	/* Add a space separated list of URIs */
	/* TODO: no spaces in one URI allowed => URL-encoding? */
	if(strncmp(ldapURI,"",1))
		for (p = uri; p != NULL; )
		{
			char *q = strchr (p, ' ');
			if (q != NULL)
				*q = '\0';

			if( strlen(p) > 1 ) /* SAW: don't add spaces */
				rv = ldap_add_uri (uris, p, &buffer, &buflen);

			p = (q != NULL) ? ++q : NULL;

			if (rv)
				break;
		}
    /* set the default port if no port is given */
  	if (ldapport == 0)
    {
		if (ssl_on == SSL_LDAPS)
		{
		  ldapport = LDAPS_PORT;
		}
		else
		{
		  ldapport = LDAP_PORT;
		}
	}

	/* add ldaphost to uris if set, nevermind "uri" is set in config */
	if( strlen(ldaphost) > 1 )
	{
		/* No port specified in URI and non-default port specified */
		snprintf (uri, sizeof (uri), "%s%s:%d",
		       ssl_on == SSL_LDAPS ? "ldaps://" : "ldap://",
		       ldaphost, ldapport);
		ldap_add_uri (uris, uri, &buffer, &buflen);
	}

  	if (uris[0] == NULL)
    {
		DBG("ldap_get_certificate(): Nor URI or usable Host entry found");
		return(-1);
    }

	/* Attempt to connect to specified URI in order until do_open succeed */
	start_uri = current_uri;
	do
	{
		if(uris[current_uri] != NULL)
			DBG1("ldap_get_certificate(): try do_open for %s", uris[current_uri]);
		rv = do_open(&ldap_connection, uris[current_uri], ldapport, ssl_on);
		/* hot-fix, because in some circumstances an LDAP_SERVER_DOWN is returned */
		if (rv != LDAP_UNAVAILABLE && rv != LDAP_SERVER_DOWN)
			break;
		current_uri++;

		if (uris[current_uri] == NULL)
			current_uri = 0;
	}
	while (current_uri != start_uri);

	if( rv != LDAP_SUCCESS )
	{
		DBG("ldap_get_certificate(): do_open failed");
		return(-2);
	}

	/* TODO: (1) The problem: if an working uri is found it is used
    	     and if there is an (SSL-)error, no other one is tried
    	     (2) There is no session, so we don't know which LDAP_Server
    	     is the last with a successful connection. So we try the same
    	     server again. Perhaps create a state file/smem/etc. ?
    */

	rv = ldap_search_s(
				ldap_connection,
				base,
				sscope[scope],
				filter_str,
				attrs,
				0,
				&res);
	if ( rv != LDAP_SUCCESS ) {
		DBG1("ldap_search_s() failed: %s", ldap_err2string(rv));
		ldap_unbind_s(ldap_connection);
		return(-3);
	} else {
		entries = ldap_count_entries(ldap_connection, res);
		DBG1("ldap_get_certificate(): entries = %d", entries);

		if( entries > 1 ) {
			DBG("!  Warning, more than one entry found. Please choose \"filter\" and");
			DBG("!  \"attribute\" in ldap mapper config section of your config,");
			DBG("!  that only one entry with one attribute is matched");
			DBG("!  Maybe there is another problem in ldap with not unique user");
			DBG("!  entries in your LDAP server.");
		}

		/* Only first entry is used. "filter" and "attribute"
		 *  should be choosen, so that only one entry with
		 * one attribute is returned */
		if ( NULL == (entry = ldap_first_entry(ldap_connection, res))){
			DBG("ldap_first_entry() failed: %s");
			ldap_unbind_s(ldap_connection);
			return(-4);
		}

		/* Only first attribute is used. See comment above... */
		if ( NULL == (name = ldap_first_attribute(ldap_connection, res, &ber))){
			DBG("ldap_first_attribute() failed (rc=%d)");
			ldap_unbind_s(ldap_connection);
			return(-5);
		}
		DBG1("attribute name = %s", name);

		bvals = ldap_get_values_len(ldap_connection, entry, name);
		certcnt = ldap_count_values_len(bvals);

		DBG1("number of user certificates = %d", certcnt);

		ldap_x509 = malloc(sizeof(X509*) * certcnt );
		if (NULL == ldap_x509)
		{
			DBG("not enough memory");
			return(-7);
		}

		rv = 0;
		while(rv < certcnt )
		{
			/* SaW: not nifty, but otherwise gcc doesn't optimize */
			bv_val = &bvals[rv]->bv_val;
#ifdef HAVE_NSS
			{
				SECItem derdata;
				derdata.data = bv_val;
				derdata.len = bvals[rv]->bv_len;

				ldap_x509[rv] = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
					&derdata, NULL, 0, 1);
			}
#else
			ldap_x509[rv] = d2i_X509(NULL, ((const unsigned char **) bv_val), bvals[rv]->bv_len);
#endif
			if (NULL == ldap_x509[rv]) {
				DBG1("d2i_X509() failed for certificate %d", rv);
				free(ldap_x509);
#ifdef HAVE_NSS
				{
					for (rv=0; rv<certcnt; rv++)
						if (ldap_x509[rv])
							CERT_DestroyCertificate(ldap_x509[rv]);
				}
#endif
				certcnt=0;
				ldap_msgfree(res);
				ldap_unbind_s(ldap_connection);
				return(-6);
			}else {
				DBG1("d2i_X509(): success for certificate %d", rv);
			}
			rv++;
		}
		ldap_msgfree(res);
		/* TODO: this leads to a segfault, but the doc said ... */
		/* ldap_value_free_len(bvals); */
	}
	if ( 0 != ldap_unbind_s(ldap_connection)) {
		DBG("ldap_unbind_s() failed.");
		ldap_perror(ldap_connection, "ldap_unbind_s() failed.");
		return(-1);
	};

	DBG("ldap_get_certificate(): end");
	return 1;
}
Exemplo n.º 17
0
static void
do_modrdn( char *uri, char *host, int port, char *manager,
	char *passwd, char *entry, int maxloop )
{
	LDAP	*ld = NULL;
	int  	i;
	pid_t	pid;
	char *DNs[2];
	char *rdns[2];

	pid = getpid();
	DNs[0] = entry;
	DNs[1] = strdup( entry );

	/* reverse the RDN, make new DN */
	{
		char *p1, *p2;

		p1 = strchr( entry, '=' ) + 1;
		p2 = strchr( p1, ',' );

		*p2 = '\0';
		rdns[1] = strdup( entry );
		*p2-- = ',';

		for (i = p1 - entry;p2 >= p1;)
			DNs[1][i++] = *p2--;
		
		DNs[1][i] = '\0';
		rdns[0] = strdup( DNs[1] );
		DNs[1][i] = ',';
	}
		
	if ( uri ) {
		ldap_initialize( &ld, uri );
	} else {
		ld = ldap_init( host, port );
	}
	if ( ld == NULL ) {
		perror( "ldap_init" );
		exit( EXIT_FAILURE );
	}

	{
		int version = LDAP_VERSION3;
		(void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
			&version ); 
	}

	if ( ldap_bind_s( ld, manager, passwd, LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_bind" );
		 exit( EXIT_FAILURE );
	}


	fprintf( stderr, "PID=%ld - Modrdn(%d): entry=\"%s\".\n",
		 (long) pid, maxloop, entry );

	for ( i = 0; i < maxloop; i++ ) {
		int         rc;

		if (( rc = ldap_modrdn2_s( ld, DNs[0], rdns[0], 0 ))
			!= LDAP_SUCCESS ) {
			ldap_perror( ld, "ldap_modrdn" );
			if ( rc != LDAP_NO_SUCH_OBJECT ) break;
			continue;
		}
		if (( rc = ldap_modrdn2_s( ld, DNs[1], rdns[1], 1 ))
			!= LDAP_SUCCESS ) {
			ldap_perror( ld, "ldap_modrdn" );
			if ( rc != LDAP_NO_SUCH_OBJECT ) break;
			continue;
		}
	}

	fprintf( stderr, " PID=%ld - Modrdn done.\n", (long) pid );

	ldap_unbind( ld );
}
Exemplo n.º 18
0
Arquivo: vc.c Projeto: Joywar/openldap
int ldap_parse_verify_credentials(
	LDAP *ld,
	LDAPMessage *res,
	int * code,
	char ** diagmsg,
    struct berval **cookie,
	struct berval **screds,
	LDAPControl ***ctrls)
{
	int rc;
	char *retoid = NULL;
	struct berval *retdata = NULL;

	assert(ld != NULL);
	assert(LDAP_VALID(ld));
	assert(res != NULL);
	assert(code != NULL);
	assert(diagmsg != NULL);

	rc = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);

	if( rc != LDAP_SUCCESS ) {
		ldap_perror(ld, "ldap_parse_verify_credentials");
		return rc;
	}

	if (retdata) {
		ber_tag_t tag;
		ber_len_t len;
		ber_int_t i;
		BerElement * ber = ber_init(retdata);
		struct berval diagmsg_bv = BER_BVNULL;
		if (!ber) {
		    rc = ld->ld_errno = LDAP_NO_MEMORY;
			goto done;
		}

		ber_scanf(ber, "{im" /*"}"*/, &i, &diagmsg_bv);
		if ( diagmsg != NULL ) {
			*diagmsg = LDAP_MALLOC( diagmsg_bv.bv_len + 1 );
			AC_MEMCPY( *diagmsg, diagmsg_bv.bv_val, diagmsg_bv.bv_len );
			(*diagmsg)[diagmsg_bv.bv_len] = '\0';
		}
		*code = i;

		tag = ber_peek_tag(ber, &len);
		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) {
			ber_scanf(ber, "O", cookie);
		    tag = ber_peek_tag(ber, &len);
		}

		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) {
			ber_scanf(ber, "O", screds);
		    tag = ber_peek_tag(ber, &len);
		}

		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) {
		    int nctrls = 0;
			char * opaque;

		    *ctrls = LDAP_MALLOC(1 * sizeof(LDAPControl *));

			if (!*ctrls) {
				rc = LDAP_NO_MEMORY;
				goto done;
			}

			*ctrls[nctrls] = NULL;

			for(tag = ber_first_element(ber, &len, &opaque);
				tag != LBER_ERROR;
				tag = ber_next_element(ber, &len, opaque))
		    {
				LDAPControl *tctrl;
				LDAPControl **tctrls;

				tctrl = LDAP_CALLOC(1, sizeof(LDAPControl));

				/* allocate pointer space for current controls (nctrls)
				 * + this control + extra NULL
				 */
				tctrls = !tctrl ? NULL : LDAP_REALLOC(*ctrls, (nctrls+2) * sizeof(LDAPControl *));

				if (!tctrls) {
					/* allocation failure */
					if (tctrl) LDAP_FREE(tctrl);
					ldap_controls_free(*ctrls);
					*ctrls = NULL;
				    rc = LDAP_NO_MEMORY;
				    goto done;
				}

				tctrls[nctrls++] = tctrl;
				tctrls[nctrls] = NULL;

				tag = ber_scanf(ber, "{a" /*"}"*/, &tctrl->ldctl_oid);
				if (tag == LBER_ERROR) {
					*ctrls = NULL;
					ldap_controls_free(tctrls);
					rc = LDAP_DECODING_ERROR;
					goto done;
				}

				tag = ber_peek_tag(ber, &len);
				if (tag == LBER_BOOLEAN) {
					ber_int_t crit;
					tag = ber_scanf(ber, "b", &crit);
					tctrl->ldctl_iscritical = crit ? (char) 0 : (char) ~0;
				    tag = ber_peek_tag(ber, &len);
				}

			    if (tag == LBER_OCTETSTRING) {
                    tag = ber_scanf( ber, "o", &tctrl->ldctl_value );
                } else {
                    BER_BVZERO( &tctrl->ldctl_value );
                }

                *ctrls = tctrls;
			}
	    }

	    ber_free(ber, 1);
    }

done:
	ber_bvfree(retdata);
	ber_memfree(retoid);
	return rc;
}
Exemplo n.º 19
0
static int domodrdn(
    LDAP	*ld,
    char	*dn,
    char	*rdn,
    char	*newSuperior,
    int		remove ) /* flag: remove old RDN */
{
    int rc, code, id;
    char *matcheddn=NULL, *text=NULL, **refs=NULL;
    LDAPMessage *res;

    if ( verbose ) {
        printf( "Renaming \"%s\"\n", dn );
        printf( "\tnew rdn=\"%s\" (%s old rdn)\n",
                rdn, remove ? "delete" : "keep" );
        if( newSuperior != NULL ) {
            printf("\tnew parent=\"%s\"\n", newSuperior);
        }
    }

    if( not ) return LDAP_SUCCESS;

    rc = ldap_rename( ld, dn, rdn, newSuperior, remove,
                      NULL, NULL, &id );

    if ( rc != LDAP_SUCCESS ) {
        fprintf( stderr, "%s: ldap_rename: %s (%d)\n",
                 prog, ldap_err2string( rc ), rc );
        return rc;
    }

    rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
    if ( rc < 0 ) {
        ldap_perror( ld, "ldapmodrdn: ldap_result" );
        return rc;
    }

    rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );

    if( rc != LDAP_SUCCESS ) {
        fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
                 prog, ldap_err2string( rc ), rc );
        return rc;
    }

    if( verbose || code != LDAP_SUCCESS ||
            (matcheddn && *matcheddn) || (text && *text) || (refs && *refs) )
    {
        printf( "Rename Result: %s (%d)\n",
                ldap_err2string( code ), code );

        if( text && *text ) {
            printf( "Additional info: %s\n", text );
        }

        if( matcheddn && *matcheddn ) {
            printf( "Matched DN: %s\n", matcheddn );
        }

        if( refs ) {
            int i;
            for( i=0; refs[i]; i++ ) {
                printf("Referral: %s\n", refs[i] );
            }
        }
    }

    ber_memfree( text );
    ber_memfree( matcheddn );
    ber_memvfree( (void **) refs );

    return code;
}
Exemplo n.º 20
0
int main (int argc, char const *argv[])
{
	/* code */
	
	pam_handle_t *pamh = NULL;
	char *user, *password , **userVals = NULL, **ouVals = NULL, **uriVals = NULL, *context;
	LDAP *ldap = NULL;
	LDAPMessage *userResults = NULL,*ouResults = NULL, *userEntry = NULL, *ouEntry = NULL;
	//bool haveGpoDescriptor = 0;
	
	user = getlogin();

	int pamretval, ret, version, i = 0 ,j = 0, k = 0;
	
	printf("----------------------------------\n");
	printf("Getting session informations...\n");
	printf("----------------------------------\n\n");	

	pamretval = pam_start("custom",user,&conv,&pamh);
	
	if(pamretval == PAM_SUCCESS ){
		/*
		TODO:
		-------------------------------------------------------------
		Si pam_start(...) renvoie PAM_SUCCESS alors
		récuperer:
			- username 
			- password			
		*/
				
		printf("Logged as: \033[32;m%s\033[00m.\n",user);
			
		printf("\n\n----------------------------------\n");
		printf("Connecting to %s\n",LDAP_SERVER);
		printf("----------------------------------\n\n");
		
		ldap = (LDAP*) ldap_open(LDAP_SERVER,LDAP_PORT);
		
		if(!ldap){
			printf("Unable to connect to the LDAP Server\n");
				return PAM_SUCCESS; // Don't break the PAM Stack
			}else{
				version = LDAP_VERSION3;
				ldap_set_option( ldap, LDAP_OPT_PROTOCOL_VERSION, &version );
				
				printf("Connected to LDAP server: \033[32;mOk\033[00m.\n");
				
				printf("\n\n----------------------------------\n");
				printf("Binding...\n");
				printf("----------------------------------\n\n");
				
				/*	Anonymous Binding */				
	
				ret = ldap_simple_bind_s(ldap, NULL, NULL);
				if (ret != LDAP_SUCCESS) {
					printf("Binding \033[31;mFailed\033[00m\n\n");
					char *error;
					ldap_perror(ldap,error);
					printf("%s",error);
					return PAM_SUCCESS;
				}
				
				printf("Binding: \033[32;mOk\033[00m.\n");
				
				/*
				TODO <Version compliquée>
				--------------------------------------------------
				Note:
				Créer autant de LDAPMessage *results qu'il ya de recherche à faire				
				ldap_get_values return char** (un tableau/array)
				context = (cn | ou = <username | ou_name)
				------
				
				1. Récupérer l'utilisateur 
					-> ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&userResults); context = (cn=username)
					-> userEntry = ldap_get_first_entry(ldap,userResults);
				2. Récupérer le nom de l'OU (OrganizationalUnit) de l'utilisateur 
					-> char ou_name =  ldap_get_values(ldap,userEntry,"ou")					
				3. Récupérer l'OU en faisant une nouvelle recherche 
					-> ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&ouResults); context = (ou=ou_name)
					-> ouEntry = ldap_get_first_entry(ldap,ouResults);
				4. Chercher l'objectClass groupPolicyDescriptor dans l'OU de l'étape précédente
					- char **vals = ldap_get_values(ldap,ouEntry,"objectClass")
					NB: Un objet LDAP peut avoir plusieur objectClass
					for(i=0 ; vals[i] != NULL;i++){
						if(strcmp(vals[i], "groupPolicyDescriptor")){
							
							4.1 Récuperer l'attribut "uri"
							char **vals = ldap_get_values(ldap,ouEntry,"uri");
							// action 
							system("/bin/sh <uri>")							
						}
					}
									
				*/
				
				context = calloc(sizeof(char),strlen(user)+29);
				sprintf(context,"(&(cn=%s)(objectClass=account))",user);
								
				
				// 1. Récupérer l'utilisateur 
				ret = ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,&userResults);
				userEntry = ldap_first_entry(ldap,userResults);					
								
				if(userEntry){
					// 2. Récupérer le(s) nom(s) de(s) l'OU (OrganizationalUnit) de l'utilisateur 					
					userVals = (char**) ldap_get_values(ldap,userEntry,"ou");
					
					for (i = 0 ; userVals[i] != NULL ; i++ ){
						
						context = calloc(sizeof(char),strlen(userVals[i])+40);
						sprintf(context,"(&(ou=%s)(objectClass=organizationalUnit))",userVals[i]);
						
						// 3. Récupérer l'OU en faisant une nouvelle recherche 
						ret = ldap_search_s(ldap,BASE_DN,LDAP_SCOPE_SUBTREE,context,NULL,0,	&ouResults);
						ouEntry = ldap_first_entry(ldap,ouResults);					
						
						if (ouEntry){
							printf("\033[33;m\nFound OU %s ... \033[00m\n", userVals[i]);
							printf("\033[33;m\nSearching GPO in ou=%s ... \033[00m\n", userVals[i]);
							ouVals = (char **) ldap_get_values(ldap,ouEntry,"objectClass");
							
							for ( j = 0 ; ouVals[j] != NULL ; j++ ){
								
								// 4. Chercher l'objectClass groupPolicyDescriptor dans l'OU
																
								if(strcmp(ouVals[j],"groupPolicyDescriptor") == 0){
									
									// 4.1 Récuperer l'attribut "uri"
									
									uriVals = (char **) ldap_get_values(ldap,ouEntry,"uri");
									printf("\033[33;mGPO Found in ou=%s \033[00m\n", userVals[i]);
																									
									for ( k = 0 ; uriVals[k] != NULL ; k++) {
										printf("\033[33;mURI Script: %s\033[00m\n", uriVals[k]);
									}
								}
							}
						} else {	printf("\033[33;m\nNo OU found for user: %s \033[00m\n", user )	;}	
					}
				} else {	printf("\033[33;m\nUser %s not found in LDAP Directory \033[00m\n", user);	}	
					
				printf("\n\n----------------------------------\n");
				printf("Cleaning memory\n");
				printf("----------------------------------\n\n");
				
				if(userVals) ldap_value_free(userVals);
				if(ouVals) ldap_value_free(ouVals);
				if(uriVals) ldap_value_free(uriVals);
				if(ouEntry) ldap_msgfree(ouEntry);
				if(userEntry) ldap_msgfree(userEntry);
				ldap_unbind(ldap);
			}
		
		pam_end(pamh,pamretval);
		
		return PAM_SUCCESS;
	}else{
		printf("User not logged in.\n");
		return PAM_USER_UNKNOWN;
	}	
}
Exemplo n.º 21
0
int
main( int argc, char *argv[] )
{
	int rc;
	char	*user = NULL;

	LDAP	       *ld = NULL;
	struct berval bv = {0, NULL};
	BerElement  *ber = NULL;

	int id, code = LDAP_OTHER;
	LDAPMessage *res;
	char *matcheddn = NULL, *text = NULL, **refs = NULL;
	char	*retoid = NULL;
	struct berval *retdata = NULL;

	prog = lutil_progname( "ldappasswd", argc, argv );

	/* LDAPv3 only */
	protocol = LDAP_VERSION3;

	tool_args( argc, argv );

	if( argc - optind > 1 ) {
		usage();
	} else if ( argc - optind == 1 ) {
		user = strdup( argv[optind] );
	} else {
		user = NULL;
	}

	if( oldpwfile ) {
		rc = lutil_get_filed_password( prog, &oldpw );
		if( rc ) return EXIT_FAILURE;
	}

	if( want_oldpw && oldpw.bv_val == NULL ) {
		/* prompt for old password */
		char *ckoldpw;
		oldpw.bv_val = strdup(getpassphrase("Old password: "******"Re-enter old password: "******"passwords do not match\n" );
			return EXIT_FAILURE;
		}

		oldpw.bv_len = strlen( oldpw.bv_val );
	}

	if( newpwfile ) {
		rc = lutil_get_filed_password( prog, &newpw );
		if( rc ) return EXIT_FAILURE;
	}

	if( want_newpw && newpw.bv_val == NULL ) {
		/* prompt for new password */
		char *cknewpw;
		newpw.bv_val = strdup(getpassphrase("New password: "******"Re-enter new password: "******"passwords do not match\n" );
			return EXIT_FAILURE;
		}

		newpw.bv_len = strlen( newpw.bv_val );
	}

	if( want_bindpw && passwd.bv_val == NULL ) {
		/* handle bind password */
		if ( pw_file ) {
			rc = lutil_get_filed_password( pw_file, &passwd );
			if( rc ) return EXIT_FAILURE;
		} else {
			passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"ber_alloc_t" );
			ldap_unbind( ld );
			return EXIT_FAILURE;
		}

		ber_printf( ber, "{" /*}*/ );

		if( user != NULL ) {
			ber_printf( ber, "ts",
				LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
			free(user);
		}

		if( oldpw.bv_val != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
			free(oldpw.bv_val);
		}

		if( newpw.bv_val != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
			free(newpw.bv_val);
		}

		ber_printf( ber, /*{*/ "N}" );

		rc = ber_flatten2( ber, &bv, 0 );

		if( rc < 0 ) {
			perror( "ber_flatten2" );
			ldap_unbind( ld );
			return EXIT_FAILURE;
		}
	}

	if ( not ) {
		rc = LDAP_SUCCESS;
		goto skip;
	}

	rc = ldap_extended_operation( ld,
		LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, 
		NULL, NULL, &id );

	ber_free( ber, 1 );

	if( rc != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_extended_operation" );
		ldap_unbind( ld );
		return EXIT_FAILURE;
	}

	rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
	if ( rc < 0 ) {
		ldap_perror( ld, "ldappasswd: ldap_result" );
		return rc;
	}

	rc = ldap_parse_result( ld, res,
		&code, &matcheddn, &text, &refs, NULL, 0 );

	if( rc != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_parse_result" );
		return rc;
	}

	rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );

	if( rc != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_parse_result" );
		return rc;
	}

	if( retdata != NULL ) {
		ber_tag_t tag;
		char *s;
		ber = ber_init( retdata );

		if( ber == NULL ) {
			perror( "ber_init" );
			ldap_unbind( ld );
			return EXIT_FAILURE;
		}

		/* we should check the tag */
		tag = ber_scanf( ber, "{a}", &s);

		if( tag == LBER_ERROR ) {
			perror( "ber_scanf" );
		} else {
			printf("New password: %s\n", s);
			free( s );
		}

		ber_free( ber, 1 );
	}

	if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
		printf( "Result: %s (%d)\n", ldap_err2string( code ), code );

		if( text && *text ) {
			printf( "Additional info: %s\n", text );
		}

		if( matcheddn && *matcheddn ) {
			printf( "Matched DN: %s\n", matcheddn );
		}

		if( refs ) {
			int i;
			for( i=0; refs[i]; i++ ) {
				printf("Referral: %s\n", refs[i] );
			}
		}
	}

	ber_memfree( text );
	ber_memfree( matcheddn );
	ber_memvfree( (void **) refs );
	ber_memfree( retoid );
	ber_bvfree( retdata );

skip:
	/* disconnect from server */
	ldap_unbind (ld);

	return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
Exemplo n.º 22
0
status 
ClientAdd(LDAP *ld, client_t client)
{
	LDAPMod *attributes[10];
	LDAPMod attribute1,attribute2,attribute3,attribute4,attribute5,attribute6,attribute7,attribute8,attribute9;
	
	char aux_error[100];
	
	char * objectclass_vals[] = { "top", "person", "organizationalPerson", "inetOrgPerson", NULL };
	char *  ou_value[]		  = {"clients",NULL};
	char * cn_value[]         = {client.user,NULL};
	char * uid_value[]        = {client.user,NULL};
	char * mail_value[]       = {client.mail,NULL};
	char * pass_value[]		  = {client.passwd,NULL};
	char * sn_value[]		  = {client.user,NULL};
	char * desc_value[]		  = {client.desc,NULL};
	/* convierto el level a string */
	char aux_level[5];
	sprintf(aux_level, "%d",(int)client.level);
	char * level_value[]	  = {aux_level,NULL};
	
	char *dn = GetClientDN(client.user);
	
	/* objectclass */	
	attribute1.mod_op = LDAP_MOD_ADD;
	attribute1.mod_type = "objectclass";
	attribute1.mod_vals.modv_strvals = objectclass_vals;	
	attributes[0] = &attribute1;
	/* ou */
	attribute2.mod_op = LDAP_MOD_ADD;
	attribute2.mod_type = "ou";
	attribute2.mod_vals.modv_strvals = ou_value;	
	attributes[1] = &attribute2;	
	/* cn */
	attribute3.mod_op = LDAP_MOD_ADD;
	attribute3.mod_type = "cn";
	attribute3.mod_vals.modv_strvals = cn_value;	
	attributes[2] = &attribute3;	
	/* uid */
	attribute4.mod_op = LDAP_MOD_ADD;
	attribute4.mod_type = "uid";
	attribute4.mod_vals.modv_strvals = uid_value;	
	attributes[3] = &attribute4;
	/* mail */
	attribute5.mod_op = LDAP_MOD_ADD;
	attribute5.mod_type = "mail";
	attribute5.mod_vals.modv_strvals = mail_value;	
	attributes[4] = &attribute5;
	/* userPassword */
	attribute6.mod_op = LDAP_MOD_ADD;
	attribute6.mod_type = "userPassword";
	attribute6.mod_vals.modv_strvals = pass_value;	
	attributes[5] = &attribute6;
	/* sn */
	attribute7.mod_op = LDAP_MOD_ADD;
	attribute7.mod_type = "sn";
	attribute7.mod_vals.modv_strvals = sn_value;	
	attributes[6] = &attribute7;
	/* description */
	attribute8.mod_op = LDAP_MOD_ADD;
	attribute8.mod_type = "description";
	attribute8.mod_vals.modv_strvals = desc_value;	
	attributes[7] = &attribute8;
	/* level */
	attribute9.mod_op = LDAP_MOD_ADD;
	attribute9.mod_type = "internationaliSDNNumber";
	attribute9.mod_vals.modv_strvals = level_value;
	attributes[8] = &attribute9;	
	
	/* Fin del arreglo */
	attributes[9] = NULL;
	
	if ( ldap_add_s(ld, dn, attributes) != LDAP_SUCCESS ) {
		fprintf(stderr,"LDAP ERROR: No pudo agregarse el cliente con level %s\n",level_value[0]);
		ldap_perror(ld, aux_error);
		fprintf(stderr, "%s\n",aux_error);
		return ERROR;
	}
	
	return OK;
}
Exemplo n.º 23
0
int
GetUsersList(LDAP *ld,client_t ***list_ptr)
{
	LDAPMessage        *res, *e;
	char               *a;
	BerElement         *ptr;
	char               **vals;
	client_t aux;
	client_t **ret;
	
	char filter[] = "(uid=*)"; 
	
	if ( ldap_search_s(ld, CLIENT_PATH, LDAP_SCOPE_SUBTREE,filter, NULL, 0, &res)!= LDAP_SUCCESS ) {
		ldap_perror(ld, "ldap_search_s");
		exit(1);
	}
	
	int count=0;
	for (e = ldap_first_entry(ld, res); e != NULL; e = ldap_next_entry(ld, e)) count++;
	
	
	ret = malloc(sizeof(client_t*)*(count+1));
	int pos=0;
	for (e = ldap_first_entry(ld, res); e != NULL; e = ldap_next_entry(ld, e)) {
		
		printf("%s\n",ldap_get_dn(ld,e));
		
		/* objectClass */
		a = ldap_first_attribute(ld, e, &ptr);
		vals = ldap_get_values(ld, e, a);
		printf("object:%s\n",vals[0]);
		
		/* ou */
		a = ldap_next_attribute(ld, e, ptr);
		vals = ldap_get_values(ld, e, a);
		printf("ou:%s\n",vals[0]);
		
		/* cn */
		a = ldap_next_attribute(ld, e, ptr);
		vals = ldap_get_values(ld, e, a);
		printf("cn:%s\n",vals[0]);
		
		/* uid */
		a = ldap_next_attribute(ld, e, ptr);
		vals = ldap_get_values(ld, e, a);
		printf("uid:%s\n",vals[0]);
		
		strcpy(aux.user,vals[0]);		
		ldap_value_free(vals);
		/* mail */
		a = ldap_next_attribute(ld, e, ptr);
		vals = ldap_get_values(ld, e, a);		
		printf("mail:%s\n",vals[0]);
		
		strcpy(aux.mail,vals[0]);		
		ldap_value_free(vals);
		/* userPass */
		a = ldap_next_attribute(ld, e, ptr);
		vals = ldap_get_values(ld, e, a);
		printf("pass:%s\n",vals[0]);
		/* sn */
		a = ldap_next_attribute(ld, e, ptr);
		vals = ldap_get_values(ld, e, a);
		printf("sn:%s\n",vals[0]);
		/* description */
		a = ldap_next_attribute(ld, e, ptr);
		vals = ldap_get_values(ld, e, a);	
		printf("description%s\n",vals[0]);
		
		strcpy(aux.desc,vals[0]);		
		ldap_value_free(vals);
		
		/* level */
		a = ldap_next_attribute(ld, e, ptr);	
		vals = ldap_get_values(ld, e, a);	
		
		printf("%s\n",vals[0]);
		
		aux.level = atoi(vals[0]);		
		ldap_value_free(vals);
		
		ret[pos] = malloc(sizeof(client_t));
		*(ret[pos]) = aux;
		pos++;
	}

	ret[pos] = NULL;
	
	*list_ptr = ret;
	ldap_msgfree(res);
	
	return pos;
}
Exemplo n.º 24
0
int
main( int argc, char **argv )
{
    LDAP	    	*ld;
    LDAPMessage	    	*result, *e;
    BerElement	    	*ber;
    char	    	*host, *a, *dn;
    char	  	**vals;
    int		    	i;
    int		   	rc;
    int			finished;
    int			msgid;
    int			num_entries = 0;
    struct timeval	zerotime;

    if ( argc > 1 ) {
	host = argv[1];
    } else {
	host = MY_HOST;
    }

    zerotime.tv_sec = zerotime.tv_usec = 0L;

    if ( prldap_install_routines( NULL, 1 /* shared */ ) != LDAP_SUCCESS ) {
	ldap_perror( NULL, "prldap_install_routines" );
	return( 1 );
    }

    /* get a handle to an LDAP connection */
    if ( (ld = ldap_init( host, MY_PORT )) == NULL ) {
	perror( host );
	return( 1 );
    }

    /* authenticate to the directory as nobody */
    if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
	ldap_perror( ld, "ldap_simple_bind_s" );
	return( 1 );
    }
    /* search for all entries with surname of Jensen */
    if (( msgid = ldap_search( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE,
	    MY_FILTER, NULL, 0 )) < 0 ) {
	ldap_perror( ld, "ldap_search" );
	return( 1 );
    }

    /* Loop, polling for results until finished */
    finished = 0;
    while ( !finished ) {
	/*
	 * Poll for results.   We call ldap_result with the "all" argument
	 * set to LDAP_MSG_ONE.  This causes ldap_result() to return exactly one
	 * entry if at least one entry is available.  This allows us to
	 * display the entries as they are received.
	 */
	result = NULL;
	rc = ldap_result( ld, msgid, LDAP_MSG_ONE, &zerotime, &result );
	switch ( rc ) {
	case -1:
	    /* some error occurred */
	    ldap_perror( ld, "ldap_result" );
	    return( 1 );
	case 0:
	    /* Timeout was exceeded.  No entries are ready for retrieval. */
	    if ( result != NULL ) {
		ldap_msgfree( result );
	    }
	    break;
	default:
	    /*
	     * Either an entry is ready for retrieval, or all entries have
	     * been retrieved.
	     */
	    if (( e = ldap_first_entry( ld, result )) == NULL ) {
		/* All done */
		finished = 1;
		if ( result != NULL ) {
		    ldap_msgfree( result );
		}
		continue;
	    }
	    /* for each entry print out name + all attrs and values */
	    num_entries++;
	    if (( dn = ldap_get_dn( ld, e )) != NULL ) {
		printf( "dn: %s\n", dn );
		ldap_memfree( dn );
	    }
	    for ( a = ldap_first_attribute( ld, e, &ber );
		    a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
		if (( vals = ldap_get_values( ld, e, a )) != NULL ) {
		    for ( i = 0; vals[ i ] != NULL; i++ ) {
			printf( "%s: %s\n", a, vals[ i ] );
		    }
		    ldap_value_free( vals );
		}
		ldap_memfree( a );
	    }
	    if ( ber != NULL ) {
		ber_free( ber, 0 );
	    }
	    printf( "\n" );
	    ldap_msgfree( result );
	}
	/* Do other work here while you are waiting... */
	do_other_work();
    }

    /* All done.  Print a summary. */
    printf( "%d entries retrieved.  I counted to %ld "
	    "while I was waiting.\n", num_entries,
	    global_counter );
    ldap_unbind( ld );
    return( 0 );
}
int main (int argc, char const *argv[])
{
	/* code */
	char hostname[MAXHOSTNAMELEN], *attrs[2], **vals;
	LDAP *ldap;
	LDAPMessage *results = NULL, *entry = NULL;
	int haveGpoDescriptor = 0;
	
	int ret, version, i;
	
	
	printf("----------------------------------\n");
	printf("Getting host informations...\n");
	printf("----------------------------------\n\n");	
	
	if(gethostname(hostname,MAXHOSTNAMELEN) == 0){
		struct hostent * record = gethostbyname(hostname);
		struct in_addr * address = ( struct in_addr *) record->h_addr;
		printf("Hostname: %s\n", hostname);
		printf("FQDN: %s\n", record->h_name);
		printf("IP Address: %s\n", inet_ntoa(address->s_addr));

		printf("\n\n----------------------------------\n");
		printf("Connecting to %s\n",LDAP_SERVER);
		printf("----------------------------------\n\n");
		
		ldap = (LDAP*) ldap_open(LDAP_SERVER,LDAP_PORT);
		
		if(!ldap){
			printf("Unable to connect to the LDAP Server\n");
			return 1;
			}else{
				version = LDAP_VERSION3;
				ldap_set_option( ldap, LDAP_OPT_PROTOCOL_VERSION, &version );
				
				printf("Connected to LDAP server: \033[32;mOk\033[00m.\n");
				
				printf("\n\n----------------------------------\n");
				printf("Binding...\n");
				printf("----------------------------------\n\n");
				
				/* Anonymous binding... Les machines n'ont pas de mot de passe*/
				ret = ldap_simple_bind_s(ldap, NULL, NULL);
				if (ret != LDAP_SUCCESS) {
					printf("Binding \033[31;mFailed\033[00m\n\n");
					char *error;
					ldap_perror(ldap,error);
					printf("%s",error);
					return 1;
				}
				
				printf("Binding: \033[32;mOk\033[00m.\n");
				
				printf("\n\n----------------------------------\n");
				printf("Searching for workstation %s in %s\n",hostname, BASE_DN);
				printf("----------------------------------\n\n");
				
				char context[MAXHOSTNAMELEN + 5];				
				snprintf(context,MAXHOSTNAMELEN + 5, "(cn=%s)",hostname);
								
				ret = ldap_search_s(
					ldap,
					BASE_DN,
					LDAP_SCOPE_SUBTREE,
					context,
					NULL,
					0,
					&results);
				
				if(ret != LDAP_SUCCESS){
					printf("Unable to perform search\n");
					char *error;
					ldap_perror(ldap,error);
					printf("%s",error);					
				}
				
				entry = ldap_first_entry(ldap, results);
				if (!entry) {
					printf("\033[33;m%s workstation not found !\033[00m\n", hostname);
					return 1;
				}else{
					printf("\033[33;m%s workstation found !\033[00m\n", hostname);
				}
				
				printf("\n\n----------------------------------\n");
				printf("Getting OU container name of %s\n",context);
				printf("----------------------------------\n\n");
				
				vals = (char**) ldap_get_values(ldap,entry,"ou");
				char *ou = NULL;
				for(i=0;vals[i] != NULL;i++){
					ou = vals[i];
					printf("\033[33;mOU [%d] name of %s: %s\033[00m\n",i,context,vals[i]);
					break;
				}
				
				printf("\n\n----------------------------------\n");
				printf("Searching groupPolicyDescriptor into OU container name: %s of %s\n",ou,context);
				printf("----------------------------------\n\n");
				
				
				vals = (char**) ldap_get_values(ldap,entry,"objectClass");

				for(i=0;vals[i] != NULL;i++){
					if (strcmp(vals[i],"groupPolicyDescriptor") ) {
						haveGpoDescriptor = 1;
						printf("\033[33;mGPO Found !\033[00m\n");
						char **uri = ldap_get_values(ldap,entry,"uri");
						printf("\033[33;mScript path: %s !\033[00m\n",uri[0]);
						// system("/bin/sh -c %s"); %s = uri[0]
						break;
					}
				}
				
				
				printf("\n\n----------------------------------\n");
				printf("Cleaning memory\n");
				printf("----------------------------------\n\n");
				
				ldap_value_free(vals);
				ldap_msgfree(entry);
				ldap_unbind(ldap);
			}
		
	}else{
		printf("Cannot get the hostname.\n");
	}	
	
	return 0;
}
Exemplo n.º 26
0
int
main( int argc, char **argv )
{
	LDAP		*ld;
	LDAPMessage	*result, *e;
	BerElement	*ber;
	char		*a, *dn;
	char		**vals;
	int		i;

	/* Initialize the client */
	if ( ldapssl_client_init( MY_CERTDB_PATH, NULL ) < 0 ) {
		perror( "ldapssl_client_init" );
		return( 1 );
	}

	/* set the max I/O timeout option to 10 seconds */
	if ( prldap_set_session_option( NULL, NULL, PRLDAP_OPT_IO_MAX_TIMEOUT,
	    10000 /* 10 secs */ ) != LDAP_SUCCESS ) {
		ldap_perror( NULL,
		    "prldap_set_session_option PRLDAP_OPT_IO_MAX_TIMEOUT" );
		exit( 1 );
	}

	/* get a handle to an LDAP connection */
	if ( (ld = ldapssl_init( MY_HOST, MY_SSL_PORT, 1 )) == NULL ) {
		perror( "ldapssl_init" );
		return( 1 );
	}

	/* use LDAPv3 */
	i = LDAP_VERSION3;
	if ( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &i ) < 0 ) {
		ldap_perror( ld, "ldap_set_option LDAPv3" );
		ldap_unbind( ld );
		return( 1 );
	}

	/* search for all entries with surname of Jensen */
	if ( ldap_search_s( ld, PEOPLE_BASE, LDAP_SCOPE_SUBTREE,
		"(sn=jensen)", NULL, 0, &result ) != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_search_s" );
		if ( result == NULL ) {
			ldap_unbind( ld );
			return( 1 );
		}
	}
	/* for each entry print out name + all attrs and values */
	for ( e = ldap_first_entry( ld, result ); e != NULL;
	    e = ldap_next_entry( ld, e ) ) {
		if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
		    printf( "dn: %s\n", dn );
		    ldap_memfree( dn );
		}
		for ( a = ldap_first_attribute( ld, e, &ber );
		    a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
			if ((vals = ldap_get_values( ld, e, a)) != NULL ) {
				for ( i = 0; vals[i] != NULL; i++ ) {
				    printf( "%s: %s\n", a, vals[i] );
				}
				ldap_value_free( vals );
			}
			ldap_memfree( a );
		}
		if ( ber != NULL ) {
			ber_free( ber, 0 );
		}
		printf( "\n" );
	}
	ldap_msgfree( result );
	ldap_unbind( ld );
	return( 0 );
}
Exemplo n.º 27
0
int
main (int argc, char *argv[])
{

	LDAP *ld;
	LDAPMessage *result;

	/* should be 	int result = STATE_UNKNOWN; */

	int status = STATE_UNKNOWN;
	long microsec;
	double elapsed_time;

	/* for ldap tls */

	int tls;
	int version=3;

	/* for entry counting */

	LDAPMessage *next_entry;
	int status_entries = STATE_OK;
	int num_entries = 0;

	setlocale (LC_ALL, "");
	bindtextdomain (PACKAGE, LOCALEDIR);
	textdomain (PACKAGE);

	if (strstr(argv[0],"check_ldaps")) {
		xasprintf (&progname, "check_ldaps");
 	}

	/* Parse extra opts if any */
	argv=np_extra_opts (&argc, argv, progname);

	if (process_arguments (argc, argv) == ERROR)
		usage4 (_("Could not parse arguments"));

	if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect)
		starttls = TRUE;

	/* initialize alarm signal handling */
	signal (SIGALRM, socket_timeout_alarm_handler);

	/* set socket timeout */
	alarm (timeout_interval);

	/* get the start time */
	gettimeofday (&tv, NULL);

	/* initialize ldap */
	if (ld_uri != NULL)
	{
#ifdef HAVE_LDAP_INITIALIZE
		int result = ldap_initialize(&ld, ld_uri);
		if (result != LDAP_SUCCESS)
		{
			printf ("Failed to connect to LDAP server at %s: %s\n",
				ld_uri, ldap_err2string(result));
			return STATE_CRITICAL;
		}
#else
		printf ("Sorry, this version of %s was compiled without URI support!\n",
			argv[0]);
		return STATE_CRITICAL;
#endif
	}
#ifdef HAVE_LDAP_INIT
	else if (!(ld = ldap_init (ld_host, ld_port))) {
		printf ("Could not connect to the server at port %i\n", ld_port);
		return STATE_CRITICAL;
	}
#else
	else if (!(ld = ldap_open (ld_host, ld_port))) {
		if (verbose)
			ldap_perror(ld, "ldap_open");
		printf (_("Could not connect to the server at port %i\n"), ld_port);
		return STATE_CRITICAL;
	}
#endif /* HAVE_LDAP_INIT */

#ifdef HAVE_LDAP_SET_OPTION
	/* set ldap options */
	if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=
			LDAP_OPT_SUCCESS ) {
		printf(_("Could not set protocol version %d\n"), ld_protocol);
		return STATE_CRITICAL;
	}
#endif

	if (ld_port == LDAPS_PORT || ssl_on_connect) {
		xasprintf (&SERVICE, "LDAPS");
#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
		/* ldaps: set option tls */
		tls = LDAP_OPT_X_TLS_HARD;

		if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
		{
			if (verbose)
				ldap_perror(ld, "ldaps_option");
			printf (_("Could not init TLS at port %i!\n"), ld_port);
			return STATE_CRITICAL;
		}
#else
		printf (_("TLS not supported by the libraries!\n"));
		return STATE_CRITICAL;
#endif /* LDAP_OPT_X_TLS */
	} else if (starttls) {
		xasprintf (&SERVICE, "LDAP-TLS");
#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
		/* ldap with startTLS: set option version */
		if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
		{
			if (version < LDAP_VERSION3)
			{
				version = LDAP_VERSION3;
				ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
			}
		}
		/* call start_tls */
		if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
		{
			if (verbose)
				ldap_perror(ld, "ldap_start_tls");
			printf (_("Could not init startTLS at port %i!\n"), ld_port);
			return STATE_CRITICAL;
		}
#else
		printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
		return STATE_CRITICAL;
#endif /* HAVE_LDAP_START_TLS_S */
	}

	/* bind to the ldap server */
	if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
			LDAP_SUCCESS) {
		if (verbose)
			ldap_perror(ld, "ldap_bind");
		printf (_("Could not bind to the LDAP server\n"));
		return STATE_CRITICAL;
	}

	/* do a search of all objectclasses in the base dn */
	if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
			!= LDAP_SUCCESS) {
		if (verbose)
			ldap_perror(ld, "ldap_search");
		printf (_("Could not search/find objectclasses in %s\n"), ld_base);
		return STATE_CRITICAL;
	} else if (crit_entries!=NULL || warn_entries!=NULL) {
		num_entries = ldap_count_entries(ld, result);
	}

	/* unbind from the ldap server */
	ldap_unbind (ld);

	/* reset the alarm handler */
	alarm (0);

	/* calcutate the elapsed time and compare to thresholds */

	microsec = deltime (tv);
	elapsed_time = (double)microsec / 1.0e6;

	if (crit_time!=UNDEFINED && elapsed_time>crit_time)
		status = STATE_CRITICAL;
	else if (warn_time!=UNDEFINED && elapsed_time>warn_time)
		status = STATE_WARNING;
	else
		status = STATE_OK;

	if(entries_thresholds != NULL) {
		if (verbose) {
			printf ("entries found: %d\n", num_entries);
			print_thresholds("entry threasholds", entries_thresholds);
		}
		status_entries = get_status(num_entries, entries_thresholds);
		if (status_entries == STATE_CRITICAL) {
			status = STATE_CRITICAL;
		} else if (status != STATE_CRITICAL) {
			status = status_entries;
		}
	}

	/* print out the result */
	if (crit_entries!=NULL || warn_entries!=NULL) {
		printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
			state_text (status),
			num_entries,
			elapsed_time,
			fperfdata ("time", elapsed_time, "s",
				(int)warn_time, warn_time,
				(int)crit_time, crit_time,
				TRUE, 0, FALSE, 0),
			sperfdata ("entries", (double)num_entries, "",
				warn_entries,
				crit_entries,
				TRUE, 0.0, FALSE, 0.0));
	} else {
		printf (_("LDAP %s - %.3f seconds response time|%s\n"),
			state_text (status),
			elapsed_time,
			fperfdata ("time", elapsed_time, "s",
				(int)warn_time, warn_time,
				(int)crit_time, crit_time,
				TRUE, 0, FALSE, 0));
	}

	return status;
}
Exemplo n.º 28
0
int
main( int argc, char **argv )
{
    LDAP		*ld;
    LDAPMessage		*result, *e;
    char		**vals, *attrs[ 5 ];
    int			i;

    /* get a handle to an LDAP connection */
    if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
	perror( "ldap_init" );
	return( 1 );
    }

    attrs[ 0 ] = "cn";			/* Get canonical name(s) (full name) */
    attrs[ 1 ] = "sn";			/* Get surname(s) (last name) */
    attrs[ 2 ] = "mail";		/* Get email address(es) */
    attrs[ 3 ] = "telephonenumber";	/* Get telephone number(s) */
    attrs[ 4 ] = NULL;

    if ( ldap_search_s( ld, ENTRYDN, LDAP_SCOPE_BASE,
	    "(objectclass=*)", attrs, 0, &result ) != LDAP_SUCCESS ) {
	ldap_perror( ld, "ldap_search_s" );
	return( 1 );
    }

    /* print it out */
    if (( e = ldap_first_entry( ld, result )) != NULL ) {
	if (( vals = ldap_get_values( ld, e, "cn" )) != NULL ) {
	    printf( "Full name:\n" );
	    for ( i = 0; vals[i] != NULL; i++ ) {
		printf( "\t%s\n", vals[i] );
	    }
	    ldap_value_free( vals );
	}
	if (( vals = ldap_get_values( ld, e, "sn" )) != NULL ) {
	    printf( "Last name (surname):\n" );
	    for ( i = 0; vals[i] != NULL; i++ ) {
		printf( "\t%s\n", vals[i] );
	    }
	    ldap_value_free( vals );
	}
	if (( vals = ldap_get_values( ld, e, "mail" )) != NULL ) {
	    printf( "Email address:\n" );
	    for ( i = 0; vals[i] != NULL; i++ ) {
		printf( "\t%s\n", vals[i] );
	    }
	    ldap_value_free( vals );
	}
	if (( vals = ldap_get_values( ld, e, "telephonenumber" )) != NULL ) {
	    printf( "Telephone number:\n" );
	    for ( i = 0; vals[i] != NULL; i++ ) {
		printf( "\t%s\n", vals[i] );
	    }
	    ldap_value_free( vals );
	}
    }
    ldap_msgfree( result );
    ldap_unbind( ld );
    return( 0 );
}
Exemplo n.º 29
0
int main( int argc, char *argv[] ) {
   LDAP *ld;
   int  result;
   int  auth_method = LDAP_AUTH_SIMPLE;
   int desired_version = LDAP_VERSION3;
   char *ldap_host = "localhost";
   char *root_dn = "cn=Manager, dc=example, dc=com";
   char *root_pw = "secret";

   BerElement* ber;
   LDAPMessage* msg;
   LDAPMessage* entry;

   char* base="ou=developers,dc=example,dc=com";
   char* filter="(objectClass=*)";
   char* errstring;
   char* dn = NULL;
   char* attr;
   char** vals;
   int i;

   if ((ld = ldap_init(ldap_host, LDAP_PORT)) == NULL ) {
      perror( "ldap_init failed" );
      exit( EXIT_FAILURE );
   }

   /* set the LDAP version to be 3 */
   if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS)
   {
      ldap_perror(ld, "ldap_set_option");
      exit(EXIT_FAILURE);
   }

   if (ldap_bind_s(ld, root_dn, root_pw, auth_method) != LDAP_SUCCESS ) {
      ldap_perror( ld, "ldap_bind" );
      exit( EXIT_FAILURE );
   }

   if (ldap_search_s(ld, base, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &msg) != LDAP_SUCCESS) {
      ldap_perror( ld, "ldap_search_s" );
      exit(EXIT_FAILURE);
   }

   printf("The number of entries returned was %d\n\n", ldap_count_entries(ld, msg));

   /* Iterate through the returned entries */
   for(entry = ldap_first_entry(ld, msg); entry != NULL; entry = ldap_next_entry(ld, entry)) {

      if((dn = ldap_get_dn(ld, entry)) != NULL) {
	 printf("Returned dn: %s\n", dn);
	 ldap_memfree(dn);
      }

      for( attr = ldap_first_attribute(ld, entry, &ber); 
	    attr != NULL; 
	    attr = ldap_next_attribute(ld, entry, ber)) {
	 if ((vals = ldap_get_values(ld, entry, attr)) != NULL)  {
	    for(i = 0; vals[i] != NULL; i++) {
	       printf("%s: %s\n", attr, vals[i]);
	    }

	    ldap_value_free(vals);
	 }

	 ldap_memfree(attr);
      }

      if (ber != NULL) {
	 ber_free(ber,0);
      }

      printf("\n");
   }

   /* clean up */
   ldap_msgfree(msg);
   result = ldap_unbind_s(ld);

   if (result != 0) {
      fprintf(stderr, "ldap_unbind_s: %s\n", ldap_err2string(result));
      exit( EXIT_FAILURE );
   }

   return EXIT_SUCCESS;
}
Exemplo n.º 30
0
int
main( int argc, char **argv )
{
	LDAP		*ld = NULL;
	int		i, c, port, errflg, method, id, msgtype;
	char		line[256], command1, command2, command3;
	char		passwd[64], dn[256], rdn[64], attr[64], value[256];
	char		filter[256], *host, **types;
	char		**exdn;
	static const char usage[] =
		"usage: %s [-u] [-h host] [-d level] [-s dnsuffix] [-p port] [-t file] [-T file]\n";
	int		bound, all, scope, attrsonly;
	LDAPMessage	*res;
	LDAPMod		**mods, **attrs;
	struct timeval	timeout;
	char		*copyfname = NULL;
	int		copyoptions = 0;
	LDAPURLDesc	*ludp;

	host = NULL;
	port = LDAP_PORT;
	dnsuffix = "";
	errflg = 0;

	while (( c = getopt( argc, argv, "h:d:s:p:t:T:" )) != -1 ) {
		switch( c ) {
		case 'd':
#ifdef LDAP_DEBUG
			ldap_debug = atoi( optarg );
#ifdef LBER_DEBUG
			if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
				ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
			}
#endif
#else
			printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
			break;

		case 'h':
			host = optarg;
			break;

		case 's':
			dnsuffix = optarg;
			break;

		case 'p':
			port = atoi( optarg );
			break;

		case 't':	/* copy ber's to given file */
			copyfname = strdup( optarg );
/*			copyoptions = LBER_TO_FILE; */
			break;

		case 'T':	/* only output ber's to given file */
			copyfname = strdup( optarg );
/*			copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY); */
			break;

		default:
		    ++errflg;
		}
	}

	if ( host == NULL && optind == argc - 1 ) {
		host = argv[ optind ];
		++optind;
	}

	if ( errflg || optind < argc - 1 ) {
		fprintf( stderr, usage, argv[ 0 ] );
		exit( EXIT_FAILURE );
	}
	
	printf( "ldap_init( %s, %d )\n",
		host == NULL ? "(null)" : host, port );

	ld = ldap_init( host, port );

	if ( ld == NULL ) {
		perror( "ldap_init" );
		exit( EXIT_FAILURE );
	}

	if ( copyfname != NULL ) {
		if ( ( ld->ld_sb->sb_fd = open( copyfname, O_WRONLY|O_CREAT|O_EXCL,
		    0600 ))  == -1 ) {
			perror( copyfname );
			exit ( EXIT_FAILURE );
		}
		ld->ld_sb->sb_options = copyoptions;
	}

	bound = 0;
	timeout.tv_sec = 0;
	timeout.tv_usec = 0;

	(void) memset( line, '\0', sizeof(line) );
	while ( get_line( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) {
		command1 = line[0];
		command2 = line[1];
		command3 = line[2];

		switch ( command1 ) {
		case 'a':	/* add or abandon */
			switch ( command2 ) {
			case 'd':	/* add */
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (attrs = get_modlist( NULL, "attr? ",
				    "value? " )) == NULL )
					break;
				if ( (id = ldap_add( ld, dn, attrs )) == -1 )
					ldap_perror( ld, "ldap_add" );
				else
					printf( "Add initiated with id %d\n",
					    id );
				break;

			case 'b':	/* abandon */
				get_line( line, sizeof(line), stdin, "msgid? " );
				id = atoi( line );
				if ( ldap_abandon( ld, id ) != 0 )
					ldap_perror( ld, "ldap_abandon" );
				else
					printf( "Abandon successful\n" );
				break;
			default:
				printf( "Possibilities: [ad]d, [ab]ort\n" );
			}
			break;

		case 'b':	/* asynch bind */
			method = LDAP_AUTH_SIMPLE;
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );

			if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' )
				get_line( passwd, sizeof(passwd), stdin,
				    "password? " );
			else
				passwd[0] = '\0';

			if ( ldap_bind( ld, dn, passwd, method ) == -1 ) {
				fprintf( stderr, "ldap_bind failed\n" );
				ldap_perror( ld, "ldap_bind" );
			} else {
				printf( "Bind initiated\n" );
				bound = 1;
			}
			break;

		case 'B':	/* synch bind */
			method = LDAP_AUTH_SIMPLE;
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );

			if ( dn[0] != '\0' )
				get_line( passwd, sizeof(passwd), stdin,
				    "password? " );
			else
				passwd[0] = '\0';

			if ( ldap_bind_s( ld, dn, passwd, method ) !=
			    LDAP_SUCCESS ) {
				fprintf( stderr, "ldap_bind_s failed\n" );
				ldap_perror( ld, "ldap_bind_s" );
			} else {
				printf( "Bind successful\n" );
				bound = 1;
			}
			break;

		case 'c':	/* compare */
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );
			get_line( attr, sizeof(attr), stdin, "attr? " );
			get_line( value, sizeof(value), stdin, "value? " );

			if ( (id = ldap_compare( ld, dn, attr, value )) == -1 )
				ldap_perror( ld, "ldap_compare" );
			else
				printf( "Compare initiated with id %d\n", id );
			break;

		case 'd':	/* turn on debugging */
#ifdef LDAP_DEBUG
			get_line( line, sizeof(line), stdin, "debug level? " );
			ldap_debug = atoi( line );
#ifdef LBER_DEBUG
			if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
				ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
			}
#endif
#else
			printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
			break;

		case 'E':	/* explode a dn */
			get_line( line, sizeof(line), stdin, "dn? " );
			exdn = ldap_explode_dn( line, 0 );
			for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) {
				printf( "\t%s\n", exdn[i] );
			}
			break;

		case 'g':	/* set next msgid */
			get_line( line, sizeof(line), stdin, "msgid? " );
			ld->ld_msgid = atoi( line );
			break;

		case 'v':	/* set version number */
			get_line( line, sizeof(line), stdin, "version? " );
			ld->ld_version = atoi( line );
			break;

		case 'm':	/* modify or modifyrdn */
			if ( strncmp( line, "modify", 4 ) == 0 ) {
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (mods = get_modlist(
				    "mod (0=>add, 1=>delete, 2=>replace -1=>done)? ",
				    "attribute type? ", "attribute value? " ))
				    == NULL )
					break;
				if ( (id = ldap_modify( ld, dn, mods )) == -1 )
					ldap_perror( ld, "ldap_modify" );
				else
					printf( "Modify initiated with id %d\n",
					    id );
			} else if ( strncmp( line, "modrdn", 4 ) == 0 ) {
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				get_line( rdn, sizeof(rdn), stdin, "newrdn? " );
				if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 )
					ldap_perror( ld, "ldap_modrdn" );
				else
					printf( "Modrdn initiated with id %d\n",
					    id );
			} else {
				printf( "Possibilities: [modi]fy, [modr]dn\n" );
			}
			break;

		case 'q':	/* quit */
			ldap_unbind( ld );
			exit( EXIT_SUCCESS );
			break;

		case 'r':	/* result or remove */
			switch ( command3 ) {
			case 's':	/* result */
				get_line( line, sizeof(line), stdin,
				    "msgid (-1=>any)? " );
				if ( line[0] == '\0' )
					id = -1;
				else
					id = atoi( line );
				get_line( line, sizeof(line), stdin,
				    "all (0=>any, 1=>all)? " );
				if ( line[0] == '\0' )
					all = 1;
				else
					all = atoi( line );
				if (( msgtype = ldap_result( ld, id, all,
				    &timeout, &res )) < 1 ) {
					ldap_perror( ld, "ldap_result" );
					break;
				}
				printf( "\nresult: msgtype %d msgid %d\n",
				    msgtype, res->lm_msgid );
				handle_result( ld, res );
				res = NULL;
				break;

			case 'm':	/* remove */
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (id = ldap_delete( ld, dn )) == -1 )
					ldap_perror( ld, "ldap_delete" );
				else
					printf( "Remove initiated with id %d\n",
					    id );
				break;

			default:
				printf( "Possibilities: [rem]ove, [res]ult\n" );
				break;
			}
			break;

		case 's':	/* search */
			get_line( dn, sizeof(dn), stdin, "searchbase? " );
			strcat( dn, dnsuffix );
			get_line( line, sizeof(line), stdin,
			    "scope (0=baseObject, 1=oneLevel, 2=subtree, 3=children)? " );
			scope = atoi( line );
			get_line( filter, sizeof(filter), stdin,
			    "search filter (e.g. sn=jones)? " );
			types = get_list( "attrs to return? " );
			get_line( line, sizeof(line), stdin,
			    "attrsonly (0=attrs&values, 1=attrs only)? " );
			attrsonly = atoi( line );

			    if (( id = ldap_search( ld, dn, scope, filter,
				    types, attrsonly  )) == -1 ) {
				ldap_perror( ld, "ldap_search" );
			    } else {
				printf( "Search initiated with id %d\n", id );
			    }
			free_list( types );
			break;

		case 't':	/* set timeout value */
			get_line( line, sizeof(line), stdin, "timeout? " );
			timeout.tv_sec = atoi( line );
			break;

		case 'p':	/* parse LDAP URL */
			get_line( line, sizeof(line), stdin, "LDAP URL? " );
			if (( i = ldap_url_parse( line, &ludp )) != 0 ) {
			    fprintf( stderr, "ldap_url_parse: error %d\n", i );
			} else {
			    printf( "\t  host: " );
			    if ( ludp->lud_host == NULL ) {
				printf( "DEFAULT\n" );
			    } else {
				printf( "<%s>\n", ludp->lud_host );
			    }
			    printf( "\t  port: " );
			    if ( ludp->lud_port == 0 ) {
				printf( "DEFAULT\n" );
			    } else {
				printf( "%d\n", ludp->lud_port );
			    }
			    printf( "\t    dn: <%s>\n", ludp->lud_dn );
			    printf( "\t attrs:" );
			    if ( ludp->lud_attrs == NULL ) {
				printf( " ALL" );
			    } else {
				for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) {
				    printf( " <%s>", ludp->lud_attrs[ i ] );
				}
			    }
			    printf( "\n\t scope: %s\n",
					ludp->lud_scope == LDAP_SCOPE_BASE ? "baseObject"
					: ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "oneLevel"
					: ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "subtree"
#ifdef LDAP_SCOPE_SUBORDINATE
					: ludp->lud_scope == LDAP_SCOPE_SUBORDINATE ? "children"
#endif
					: "**invalid**" );
			    printf( "\tfilter: <%s>\n", ludp->lud_filter );
			    ldap_free_urldesc( ludp );
			}
			    break;

		case 'n':	/* set dn suffix, for convenience */
			get_line( line, sizeof(line), stdin, "DN suffix? " );
			strcpy( dnsuffix, line );
			break;

		case 'o':	/* set ldap options */
			get_line( line, sizeof(line), stdin, "alias deref (0=never, 1=searching, 2=finding, 3=always)?" );
			ld->ld_deref = atoi( line );
			get_line( line, sizeof(line), stdin, "timelimit?" );
			ld->ld_timelimit = atoi( line );
			get_line( line, sizeof(line), stdin, "sizelimit?" );
			ld->ld_sizelimit = atoi( line );

			LDAP_BOOL_ZERO(&ld->ld_options);

			get_line( line, sizeof(line), stdin,
				"Recognize and chase referrals (0=no, 1=yes)?" );
			if ( atoi( line ) != 0 ) {
				LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_REFERRALS);
				get_line( line, sizeof(line), stdin,
					"Prompt for bind credentials when chasing referrals (0=no, 1=yes)?" );
				if ( atoi( line ) != 0 ) {
					ldap_set_rebind_proc( ld, bind_prompt, NULL );
				}
			}
			break;

		case '?':	/* help */
			printf(
"Commands: [ad]d         [ab]andon         [b]ind\n"
"          [B]ind async  [c]ompare\n"
"          [modi]fy      [modr]dn          [rem]ove\n"
"          [res]ult      [s]earch          [q]uit/unbind\n\n"
"          [d]ebug       set ms[g]id\n"
"          d[n]suffix    [t]imeout         [v]ersion\n"
"          [?]help       [o]ptions"
"          [E]xplode dn  [p]arse LDAP URL\n" );
			break;

		default:
			printf( "Invalid command.  Type ? for help.\n" );
			break;
		}

		(void) memset( line, '\0', sizeof(line) );
	}

	return( 0 );
}