Пример #1
0
void *
create_sasl_defaults(LDAP *ld, char *mech, char *realm, char *authcid, char *passwd, char *authzid) {
	lutilSASLdefaults *defaults;

	defaults = ber_memalloc(sizeof(lutilSASLdefaults));
	if(defaults == NULL) return (void *)PyErr_NoMemory();

	defaults->mech = mech ? ber_strdup(mech) : NULL;
	defaults->realm = realm ? ber_strdup(realm) : NULL;
	defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
	defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
	defaults->authzid = authzid ? ber_strdup(authzid) : NULL;

	if (defaults->mech == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &defaults->mech);
	}
	if (defaults->realm == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &defaults->realm);
	}
	if (defaults->authcid == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &defaults->authcid);
	}
	if (defaults->authzid == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid);
	}
	defaults->resps = NULL;
	defaults->nresps = 0;

	return defaults;
}
Пример #2
0
static RLDAP_BICTX *_rldap_sasl_setdefs(LDAP *ld, char *sasl_mech, char *sasl_realm, char *sasl_authc_id, char *passwd, char *sasl_authz_id)
{
	RLDAP_BICTX *ctx;
	
	ctx = ber_memalloc(sizeof(RLDAP_BICTX));	
	ctx->mech    = (sasl_mech) ? ber_strdup(sasl_mech) : NULL;
	ctx->realm   = (sasl_realm) ? ber_strdup(sasl_realm) : NULL;
	ctx->authcid = (sasl_authc_id) ? ber_strdup(sasl_authc_id) : NULL;
	ctx->passwd  = (passwd) ? ber_strdup(passwd) : NULL;
	ctx->authzid = (sasl_authz_id) ? ber_strdup(sasl_authz_id) : NULL;

	if (ctx->mech == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &ctx->mech);
	}
	if (ctx->realm == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &ctx->realm);
	}
	if (ctx->authcid == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &ctx->authcid);
	}
	if (ctx->authzid == NULL) {
		ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &ctx->authzid);
	}

	return ctx;
}
Пример #3
0
static krb5_error_code
LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute,
	    const char *value)
{
    int cMods, i = 0;
    krb5_error_code ret;

    ret = LDAP__setmod(modlist, modop, attribute, &cMods);
    if (ret)
	return ret;

    if (value != NULL) {
	char **bv;

	bv = (*modlist)[cMods]->mod_values;
	if (bv != NULL) {
	    for (i = 0; bv[i] != NULL; i++)
		;
	    bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
	} else
	    bv = ber_memalloc(2 * sizeof(*bv));
	if (bv == NULL)
	    return ENOMEM;

	(*modlist)[cMods]->mod_values = bv;

	bv[i] = ber_strdup(value);
	if (bv[i] == NULL)
	    return ENOMEM;

	bv[i + 1] = NULL;
    }

    return 0;
}
Пример #4
0
FILE *
ldif_open_url(
	LDAP_CONST char *urlstr )
{
	FILE *url;

	if( strncasecmp( "file:", urlstr, sizeof("file:")-1 ) == 0 ) {
		char *p;
		urlstr += sizeof("file:")-1;

		/* we don't check for LDAP_DIRSEP since URLs should contain '/' */
		if ( urlstr[0] == '/' && urlstr[1] == '/' ) {
			urlstr += 2;
			/* path must be absolute if authority is present
			 * technically, file://hostname/path is also legal but we don't
			 * accept a non-empty hostname
			 */
			if ( urlstr[0] != '/' ) {
#ifdef _WIN32
				/* An absolute path in improper file://C:/foo/bar format */
				if ( urlstr[1] != ':' )
#endif
				return NULL;
			}
#ifdef _WIN32
			/* An absolute path in proper file:///C:/foo/bar format */
			if ( urlstr[2] == ':' )
				urlstr++;
#endif
		}

		p = ber_strdup( urlstr );

		/* But we should convert to LDAP_DIRSEP before use */
		if ( LDAP_DIRSEP[0] != '/' ) {
			char *s = p;
			while (( s = strchr( s, '/' )))
				*s++ = LDAP_DIRSEP[0];
		}

		ldap_pvt_hex_unescape( p );

		url = fopen( p, "rb" );

		ber_memfree( p );
	} else {
#ifdef HAVE_FETCH
		url = fetchGetURL( (char*) urlstr, "" );
#else
		url = NULL;
#endif
	}
	return url;
}
Пример #5
0
static krb5_error_code
LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute,
	     int *pIndex)
{
    int cMods;

    if (*modlist == NULL) {
	*modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *));
	if (*modlist == NULL)
	    return ENOMEM;
    }

    for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) {
	if ((*modlist)[cMods]->mod_op == modop &&
	    strcasecmp((*modlist)[cMods]->mod_type, attribute) == 0) {
	    break;
	}
    }

    *pIndex = cMods;

    if ((*modlist)[cMods] == NULL) {
	LDAPMod *mod;

	*modlist = (LDAPMod **)ber_memrealloc(*modlist,
					      (cMods + 2) * sizeof(LDAPMod *));
	if (*modlist == NULL)
	    return ENOMEM;

	(*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod));
	if ((*modlist)[cMods] == NULL)
	    return ENOMEM;

	mod = (*modlist)[cMods];
	mod->mod_op = modop;
	mod->mod_type = ber_strdup(attribute);
	if (mod->mod_type == NULL) {
	    ber_memfree(mod);
	    (*modlist)[cMods] = NULL;
	    return ENOMEM;
	}

	if (modop & LDAP_MOD_BVALUES) {
	    mod->mod_bvalues = NULL;
	} else {
	    mod->mod_values = NULL;
	}

	(*modlist)[cMods + 1] = NULL;
    }

    return 0;
}
Пример #6
0
FILE *
ldif_open_url(
	LDAP_CONST char *urlstr )
{
	FILE *url;

	if( strncasecmp( "file:", urlstr, sizeof("file:")-1 ) == 0 ) {
		char *p;
		urlstr += sizeof("file:")-1;

		/* we don't check for LDAP_DIRSEP since URLs should contain '/' */
		if ( urlstr[0] == '/' && urlstr[1] == '/' ) {
			urlstr += 2;
			/* path must be absolute if authority is present */
			if ( urlstr[0] != '/' )
				return NULL;
		}

		p = ber_strdup( urlstr );

		/* But we should convert to LDAP_DIRSEP before use */
		if ( LDAP_DIRSEP[0] != '/' ) {
			char *s = p;
			while (( s = strchr( s, '/' )))
				*s++ = LDAP_DIRSEP[0];
		}

		ldap_pvt_hex_unescape( p );

		url = fopen( p, "rb" );

		ber_memfree( p );
	} else {
#ifdef HAVE_FETCH
		url = fetchGetURL( (char*) urlstr, "" );
#else
		url = NULL;
#endif
	}
	return url;
}
Пример #7
0
Файл: ldap.c Проект: Mujj/tsps
int tsps_ldap_login(const char *user, const char *pass)
{
	char dn[1024];
	LDAP *lp;
	int res;
	int val;
	struct berval passwd;

	res = ldap_initialize(&lp, server.ldap_uri);
	if (res != LDAP_SUCCESS) {
		fprintf(stderr, "LDAP initialization error: %s\n",
			ldap_err2string(res));
		return -1;
	}
	val = LDAP_VERSION3;
	res = ldap_set_option(ldp, LDAP_OPT_PROTOCOL_VERSION, &val);
	if (res != LDAP_SUCCESS) {
		fprintf(stderr, "LDAP set_option error: %s\n",
			ldap_err2string(res));
		return -1;
	}
	/*
	 * Attempt to bind to the ldap server as the user
	 */
	snprintf(dn, sizeof(dn), "uid=%s,%s", user, server.ldap_user_base);
	memset(&passwd, 0, sizeof(passwd));
	passwd.bv_val = ber_strdup(pass);
	passwd.bv_len = strlen(pass);
	res = ldap_sasl_bind_s(lp, dn, LDAP_SASL_SIMPLE, &passwd,
		NULL, NULL, NULL);
	ldap_unbind_ext_s(lp, NULL, NULL);
	if (res != LDAP_SUCCESS) {
		fprintf(stderr, "LDAP bind error: %s\n",
			ldap_err2string(res));
		return -1;
	}
	return 0;
}
Пример #8
0
int
init_module( int argc, char *argv[] )
{
	int	i;

	for ( i = 0; i < argc; i++ ) {
		if ( strncasecmp( argv[ i ], "config=", STRLENOF( "config=" ) ) == 0 ) {
			/* FIXME: what if multiple loads of same module?
			 * does it make sense (e.g. override an existing one)? */
			if ( config_filename == NULL ) {
				config_filename = ber_strdup( &argv[ i ][ STRLENOF( "config=" ) ] );
			}

		} else {
			fprintf( stderr, "init_module(radius): unknown arg#%d=\"%s\".\n",
				i, argv[ i ] );
			return 1;
		}
	}

	ldap_pvt_thread_mutex_init( &libradius_mutex );

	return lutil_passwd_add( (struct berval *)&scheme, chk_radius, NULL );
}
Пример #9
0
/* Parse an LDIF control line of the form
      control:  oid  [true/false]  [: value]              or
      control:  oid  [true/false]  [:: base64-value]      or
      control:  oid  [true/false]  [:< url]
   The control is added to the list of controls in *ppctrls.
*/      
static int
parse_ldif_control(
	struct berval *bval,
	LDAPControl ***ppctrls )
{
	char *oid = NULL;
	int criticality = 0;   /* Default is false if not present */
	int i, rc=0;
	char *s, *oidStart;
	LDAPControl *newctrl = NULL;
	LDAPControl **pctrls = NULL;
	struct berval type, bv;
	int freeval;

	if (ppctrls) pctrls = *ppctrls;
	/* OID should come first. Validate and extract it. */
	s = bval->bv_val;
	if (*s == 0) return ( LDAP_PARAM_ERROR );
	oidStart = s;
	while (isdigit((unsigned char)*s) || *s == '.') {
		s++;                           /* OID should be digits or . */
	}
	if (s == oidStart) { 
		return ( LDAP_PARAM_ERROR );   /* OID was not present */
	}
	if (*s) {                          /* End of OID should be space or NULL */
		if (!isspace((unsigned char)*s)) {
			return ( LDAP_PARAM_ERROR ); /* else OID contained invalid chars */
		}
		*s++ = 0;                    /* Replace space with null to terminate */
	}

	oid = ber_strdup(oidStart);
	if (oid == NULL) return ( LDAP_NO_MEMORY );

	/* Optional Criticality field is next. */
	while (*s && isspace((unsigned char)*s)) {
		s++;                         /* Skip white space before criticality */
	}
	if (strncasecmp(s, "true", 4) == 0) {
		criticality = 1;
		s += 4;
	} 
	else if (strncasecmp(s, "false", 5) == 0) {
		criticality = 0;
		s += 5;
	}

	/* Optional value field is next */
	while (*s && isspace((unsigned char)*s)) {
		s++;                         /* Skip white space before value */
	}
	if (*s) {
		if (*s != ':') {           /* If value is present, must start with : */
			rc = LDAP_PARAM_ERROR;
			goto cleanup;
		}

		/* Back up so value is in the form
		     a: value
		     a:: base64-value
		     a:< url
		   Then we can use ldif_parse_line2 to extract and decode the value
		*/
		s--;
		*s = 'a';

		rc = ldif_parse_line2(s, &type, &bv, &freeval);
		if (rc < 0) {
			rc = LDAP_PARAM_ERROR;
			goto cleanup;
		}
    }

	/* Create a new LDAPControl structure. */
	newctrl = (LDAPControl *)ber_memalloc(sizeof(LDAPControl));
	if ( newctrl == NULL ) {
		rc = LDAP_NO_MEMORY;
		goto cleanup;
	}
	newctrl->ldctl_oid = oid;
	oid = NULL;
	newctrl->ldctl_iscritical = criticality;
	if ( freeval )
		newctrl->ldctl_value = bv;
	else
		ber_dupbv( &newctrl->ldctl_value, &bv );

	/* Add the new control to the passed-in list of controls. */
	i = 0;
	if (pctrls) {
		while ( pctrls[i] ) {    /* Count the # of controls passed in */
			i++;
		}
	}
	/* Allocate 1 more slot for the new control and 1 for the NULL. */
	pctrls = (LDAPControl **) ber_memrealloc(pctrls,
		(i+2)*(sizeof(LDAPControl *)));
	if (pctrls == NULL) {
		rc = LDAP_NO_MEMORY;
		goto cleanup;
	}
	pctrls[i] = newctrl;
	newctrl = NULL;
	pctrls[i+1] = NULL;
	*ppctrls = pctrls;

cleanup:
	if (newctrl) {
		if (newctrl->ldctl_oid) ber_memfree(newctrl->ldctl_oid);
		if (newctrl->ldctl_value.bv_val) {
			ber_memfree(newctrl->ldctl_value.bv_val);
		}
		ber_memfree(newctrl);
	}
	if (oid) ber_memfree(oid);

	return( rc );
}
Пример #10
0
int
handle_private_option( int i )
{
	char	*control, *cvalue;
	int		crit;

	switch ( i ) {
	case 'E': /* modify extensions */
		if( protocol == LDAP_VERSION2 ) {
			fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
				prog, protocol );
			exit( EXIT_FAILURE );
		}

		/* should be extended to support comma separated list of
		 *	[!]key[=value] parameters, e.g.  -E !foo,bar=567
		 */

		crit = 0;
		cvalue = NULL;
		if( optarg[0] == '!' ) {
			crit = 1;
			optarg++;
		}

		control = ber_strdup( optarg );
		if ( (cvalue = strchr( control, '=' )) != NULL ) {
			*cvalue++ = '\0';
		}

#ifdef LDAP_X_TXN
		if( strcasecmp( control, "txn" ) == 0 ) {
			/* Transaction */
			if( txn ) {
				fprintf( stderr,
					_("txn control previously specified\n"));
				exit( EXIT_FAILURE );
			}
			if( cvalue != NULL ) {
				if( strcasecmp( cvalue, "abort" ) == 0 ) {
					txnabort=1;
				} else if( strcasecmp( cvalue, "commit" ) != 0 ) {
					fprintf( stderr, _("Invalid value for txn control, %s\n"),
						cvalue );
					exit( EXIT_FAILURE );
				}
			}

			txn = 1 + crit;
		} else
#endif
		{
			fprintf( stderr, _("Invalid modify extension name: %s\n"),
				control );
			usage();
		}
		break;

	case 'a':	/* add */
		ldapadd = 1;
		break;

	case 'r':	/* replace (obsolete) */
		break;

	case 'S':	/* skipped modifications to file */
		if( rejfile != NULL ) {
			fprintf( stderr, _("%s: -S previously specified\n"), prog );
			exit( EXIT_FAILURE );
		}
		rejfile = ber_strdup( optarg );
		break;

	default:
		return 0;
	}
	return 1;
}
Пример #11
0
int
ldif_parse_line(
    LDAP_CONST char	*line,
    char	**typep,
    char	**valuep,
    ber_len_t *vlenp
)
{
	char	*s, *p, *d; 
	char	nib;
	int	b64, url;
	char	*freeme, *type, *value;
	ber_len_t vlen;

	*typep = NULL;
	*valuep = NULL;
	*vlenp = 0;

	/* skip any leading space */
	while ( isspace( (unsigned char) *line ) ) {
		line++;
	}

	freeme = ber_strdup( line );

	if( freeme == NULL ) {
		ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
			"ldif_parse_line: line malloc failed\n");
		return( -1 );
	}

	type = freeme;

	s = strchr( type, ':' );

	if ( s == NULL ) {
		ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
			"ldif_parse_line: missing ':' after %s\n",
			type );
		ber_memfree( freeme );
		return( -1 );
	}

	/* trim any space between type and : */
	for ( p = &s[-1]; p > type && isspace( * (unsigned char *) p ); p-- ) {
		*p = '\0';
	}
	*s++ = '\0';

	url = 0;
	b64 = 0;

	if ( *s == '<' ) {
		s++;
		url = 1;

	} else if ( *s == ':' ) {
		/* base 64 encoded value */
		s++;
		b64 = 1;
	}

	/* skip space between : and value */
	while ( isspace( (unsigned char) *s ) ) {
		s++;
	}

	/* check for continued line markers that should be deleted */
	for ( p = s, d = s; *p; p++ ) {
		if ( *p != CONTINUED_LINE_MARKER )
			*d++ = *p;
	}
	*d = '\0';

	if ( b64 ) {
		char *byte = s;

		if ( *s == '\0' ) {
			/* no value is present, error out */
			ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
				"ldif_parse_line: %s missing base64 value\n", type );
			ber_memfree( freeme );
			return( -1 );
		}

		byte = value = s;

		for ( p = s, vlen = 0; p < d; p += 4, vlen += 3 ) {
			int i;
			for ( i = 0; i < 4; i++ ) {
				if ( p[i] != '=' && (p[i] & 0x80 ||
				    b642nib[ p[i] & 0x7f ] > 0x3f) ) {
					ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
						"ldif_parse_line: %s: invalid base64 encoding"
						" char (%c) 0x%x\n",
					    type, p[i], p[i] );
					ber_memfree( freeme );
					return( -1 );
				}
			}

			/* first digit */
			nib = b642nib[ p[0] & 0x7f ];
			byte[0] = nib << 2;
			/* second digit */
			nib = b642nib[ p[1] & 0x7f ];
			byte[0] |= nib >> 4;
			byte[1] = (nib & RIGHT4) << 4;
			/* third digit */
			if ( p[2] == '=' ) {
				vlen += 1;
				break;
			}
			nib = b642nib[ p[2] & 0x7f ];
			byte[1] |= nib >> 2;
			byte[2] = (nib & RIGHT2) << 6;
			/* fourth digit */
			if ( p[3] == '=' ) {
				vlen += 2;
				break;
			}
			nib = b642nib[ p[3] & 0x7f ];
			byte[2] |= nib;

			byte += 3;
		}
		s[ vlen ] = '\0';

	} else if ( url ) {
Пример #12
0
static int
do_base( char *uri, char *dn, struct berval *pass, char *base, char *filter, char *pwattr,
	int maxloop, int force, int chaserefs, int noinit, int delay,
	int action_type, void *action )
{
	LDAP	*ld = NULL;
	int  	i = 0;
	int     rc = LDAP_SUCCESS;
	ber_int_t msgid;
	LDAPMessage *res, *msg;
	char **dns = NULL;
	struct berval *creds = NULL;
	char *attrs[] = { LDAP_NO_ATTRS, NULL };
	int ndns = 0;
#ifdef _WIN32
	DWORD beg, end;
#else
	struct timeval beg, end;
#endif
	int version = LDAP_VERSION3;
	char *nullstr = "";

	ldap_initialize( &ld, uri );
	if ( ld == NULL ) {
		tester_perror( "ldap_initialize", NULL );
		exit( EXIT_FAILURE );
	}

	(void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
	(void) ldap_set_option( ld, LDAP_OPT_REFERRALS,
		chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF );

	rc = ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, pass, NULL, NULL, NULL );
	if ( rc != LDAP_SUCCESS ) {
		tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
		exit( EXIT_FAILURE );
	}

	fprintf( stderr, "PID=%ld - Bind(%d): base=\"%s\", filter=\"%s\" attr=\"%s\".\n",
			(long) pid, maxloop, base, filter, pwattr );

	if ( pwattr != NULL ) {
		attrs[ 0 ] = pwattr;
	}
	rc = ldap_search_ext( ld, base, LDAP_SCOPE_SUBTREE,
			filter, attrs, 0, NULL, NULL, 0, 0, &msgid );
	if ( rc != LDAP_SUCCESS ) {
		tester_ldap_error( ld, "ldap_search_ext", NULL );
		exit( EXIT_FAILURE );
	}

	while ( ( rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ONE, NULL, &res ) ) > 0 )
	{
		BerElement *ber;
		struct berval bv;
		int done = 0;

		for ( msg = ldap_first_message( ld, res ); msg;
			msg = ldap_next_message( ld, msg ) )
		{
			switch ( ldap_msgtype( msg ) ) {
			case LDAP_RES_SEARCH_ENTRY:
				rc = ldap_get_dn_ber( ld, msg, &ber, &bv );
				dns = realloc( dns, (ndns + 1)*sizeof(char *) );
				dns[ndns] = ber_strdup( bv.bv_val );
				if ( pwattr != NULL ) {
					struct berval	**values = ldap_get_values_len( ld, msg, pwattr );

					creds = realloc( creds, (ndns + 1)*sizeof(struct berval) );
					if ( values == NULL ) {
novals:;
						creds[ndns].bv_len = 0;
						creds[ndns].bv_val = nullstr;

					} else {
						static struct berval	cleartext = BER_BVC( "{CLEARTEXT} " );
						struct berval		value = *values[ 0 ];

						if ( value.bv_val[ 0 ] == '{' ) {
							char *end = ber_bvchr( &value, '}' );

							if ( end ) {
								if ( ber_bvcmp( &value, &cleartext ) == 0 ) {
									value.bv_val += cleartext.bv_len;
									value.bv_len -= cleartext.bv_len;

								} else {
									ldap_value_free_len( values );
									goto novals;
								}
							}

						}

						ber_dupbv( &creds[ndns], &value );
						ldap_value_free_len( values );
					}
				}
				ndns++;
				ber_free( ber, 0 );
				break;

			case LDAP_RES_SEARCH_RESULT:
				done = 1;
				break;
			}
			if ( done )
				break;
		}
		ldap_msgfree( res );
		if ( done ) break;
	}

#ifdef _WIN32
	beg = GetTickCount();
#else
	gettimeofday( &beg, NULL );
#endif

	if ( ndns == 0 ) {
		tester_error( "No DNs" );
		return 1;
	}

	fprintf( stderr, "  PID=%ld - Bind base=\"%s\" filter=\"%s\" got %d values.\n",
		(long) pid, base, filter, ndns );

	/* Ok, got list of DNs, now start binding to each */
	for ( i = 0; i < maxloop; i++ ) {
		int		j;
		struct berval	cred = { 0, NULL };


#if 0	/* use high-order bits for better randomness (Numerical Recipes in "C") */
		j = rand() % ndns;
#endif
		j = ((double)ndns)*rand()/(RAND_MAX + 1.0);

		if ( creds && !BER_BVISEMPTY( &creds[j] ) ) {
			cred = creds[j];
		}

		if ( do_bind( uri, dns[j], &cred, 1, force, chaserefs, noinit, &ld,
			action_type, action ) && !force )
		{
			break;
		}

		if ( delay ) {
			sleep( delay );
		}
	}

	if ( ld != NULL ) {
		ldap_unbind_ext( ld, NULL, NULL );
		ld = NULL;
	}

#ifdef _WIN32
	end = GetTickCount();
	end -= beg;

	fprintf( stderr, "  PID=%ld - Bind done %d in %d.%03d seconds.\n",
		(long) pid, i, end / 1000, end % 1000 );
#else
	gettimeofday( &end, NULL );
	end.tv_usec -= beg.tv_usec;
	if (end.tv_usec < 0 ) {
		end.tv_usec += 1000000;
		end.tv_sec -= 1;
	}
	end.tv_sec -= beg.tv_sec;

	fprintf( stderr, "  PID=%ld - Bind done %d in %ld.%06ld seconds.\n",
		(long) pid, i, (long) end.tv_sec, (long) end.tv_usec );
#endif

	if ( dns ) {
		for ( i = 0; i < ndns; i++ ) {
			ber_memfree( dns[i] );
		}
		free( dns );
	}

	if ( creds ) {
		for ( i = 0; i < ndns; i++ ) {
			if ( creds[i].bv_val != nullstr ) {
				ber_memfree( creds[i].bv_val );
			}
		}
		free( creds );
	}

	return 0;
}
Пример #13
0
int
tester_config_opt( struct tester_conn_args *config, char opt, char *optarg )
{
	switch ( opt ) {
		case 'C':
			config->chaserefs++;
			break;

		case 'D':
			config->binddn = strdup( optarg );
			break;

		case 'd':
			{
				int debug;
				if ( lutil_atoi( &debug, optarg ) != 0 ) {
					return -1;
				}

				if ( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug )
					!= LBER_OPT_SUCCESS )
				{
					fprintf( stderr,
						"Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
				}

				if ( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug )
					!= LDAP_OPT_SUCCESS )
				{
					fprintf( stderr,
						"Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
				}
				break;
			}

		case 'H':
			config->uri = strdup( optarg );
			break;

		case 'h':
			config->host = strdup( optarg );
			break;

		case 'i':
			tester_ignore_str2errlist( optarg );
			break;

		case 'L':
			if ( lutil_atoi( &config->outerloops, optarg ) != 0 ) {
				return -1;
			}
			break;

		case 'l':
			if ( lutil_atoi( &config->loops, optarg ) != 0 ) {
				return -1;
			}
			break;

#ifdef HAVE_CYRUS_SASL
		case 'O':
			if ( config->secprops != NULL ) {
				return -1;
			}
			if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
				return -1;
			}
			config->authmethod = LDAP_AUTH_SASL;
			config->secprops = ber_strdup( optarg );
			break;

		case 'R':
			if ( config->realm != NULL ) {
				return -1;
			}
			if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
				return -1;
			}
			config->authmethod = LDAP_AUTH_SASL;
			config->realm = ber_strdup( optarg );
			break;

		case 'U':
			if ( config->authc_id != NULL ) {
				return -1;
			}
			if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
				return -1;
			}
			config->authmethod = LDAP_AUTH_SASL;
			config->authc_id = ber_strdup( optarg );
			break;

		case 'X':
			if ( config->authz_id != NULL ) {
				return -1;
			}
			if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
				return -1;
			}
			config->authmethod = LDAP_AUTH_SASL;
			config->authz_id = ber_strdup( optarg );
			break;

		case 'Y':
			if ( config->mech != NULL ) {
				return -1;
			}
			if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
				return -1;
			}
			config->authmethod = LDAP_AUTH_SASL;
			config->mech = ber_strdup( optarg );
			break;
#endif

		case 'p':
			if ( lutil_atoi( &config->port, optarg ) != 0 ) {
				return -1;
			}
			break;

		case 'r':
			if ( lutil_atoi( &config->retries, optarg ) != 0 ) {
				return -1;
			}
			break;

		case 't':
			if ( lutil_atoi( &config->delay, optarg ) != 0 ) {
				return -1;
			}
			break;

		case 'w':
			config->pass.bv_val = strdup( optarg );
			config->pass.bv_len = strlen( optarg );
			memset( optarg, '*', config->pass.bv_len );
			break;

		case 'x':
			if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SIMPLE ) {
				return -1;
			}
			config->authmethod = LDAP_AUTH_SIMPLE;
			break;

		default:
			return -1;
	}

	return LDAP_SUCCESS;
}
Пример #14
0
int
handle_private_option( int i )
{
	char	*control, *cvalue;
	int		crit;

	switch ( i ) {
	case 'E': /* compare extensions */
		if( protocol == LDAP_VERSION2 ) {
			fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
				prog, protocol );
			exit( EXIT_FAILURE );
		}

		/* should be extended to support comma separated list of
		 *	[!]key[=value] parameters, e.g.  -E !foo,bar=567
		 */

		crit = 0;
		cvalue = NULL;
		if( optarg[0] == '!' ) {
			crit = 1;
			optarg++;
		}

		control = ber_strdup( optarg );
		if ( (cvalue = strchr( control, '=' )) != NULL ) {
			*cvalue++ = '\0';
		}

#ifdef LDAP_CONTROL_DONTUSECOPY
		if ( strcasecmp( control, "dontUseCopy" ) == 0 ) {
			if( dontUseCopy ) {
				fprintf( stderr,
					_("dontUseCopy control previously specified\n"));
				exit( EXIT_FAILURE );
			}
			if( cvalue != NULL ) {
				fprintf( stderr,
					_("dontUseCopy: no control value expected\n") );
				usage();
			}
			if( !crit ) {
				fprintf( stderr,
					_("dontUseCopy: critical flag required\n") );
				usage();
			}

			dontUseCopy = 1 + crit;
		} else
#endif
		{
			fprintf( stderr,
				_("Invalid compare extension name: %s\n"), control );
			usage();
		}
		break;

	case 'z':
		quiet = 1;
		break;

	default:
		return 0;
	}
	return 1;
}
Пример #15
0
int
handle_private_option( int i )
{
	switch ( i ) {
		char	*control, *cvalue;
		int		crit;
	case 'E': /* vc extension */
		if( protocol == LDAP_VERSION2 ) {
			fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
				prog, protocol );
			exit( EXIT_FAILURE );
		}

		/* should be extended to support comma separated list of
		 *	[!]key[=value] parameters, e.g.  -E !foo,bar=567
		 */

		crit = 0;
		cvalue = NULL;
		if( optarg[0] == '!' ) {
			crit = 1;
			optarg++;
		}

		control = strdup( optarg );
		if ( (cvalue = strchr( control, '=' )) != NULL ) {
			*cvalue++ = '\0';
		}

		if (strcasecmp(control, "sasl") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
			if (vc_sasl != LDAP_SASL_NONE) {
				fprintf(stderr,
				    _("SASL option previously specified\n"));
				exit(EXIT_FAILURE);
			}
			if (cvalue == NULL) {
				fprintf(stderr,
					_("missing mode in SASL option\n"));
				exit(EXIT_FAILURE);
			}

			switch (*cvalue) {
			case 'a':
			case 'A':
				vc_sasl = LDAP_SASL_AUTOMATIC;
				break;
			case 'i':
			case 'I':
				vc_sasl = LDAP_SASL_INTERACTIVE;
				break;
			case 'q':
			case 'Q':
				vc_sasl = LDAP_SASL_QUIET;
				break;
			default:
				fprintf(stderr,
					_("unknown mode %s in SASL option\n"), cvalue);
				exit(EXIT_FAILURE);
			}
#else
			fprintf(stderr,
				_("%s: not compiled with SASL support\n"), prog);
			exit(EXIT_FAILURE);
#endif

		} else if (strcasecmp(control, "mech") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
			if (vc_sasl_mech) {
				fprintf(stderr,
				    _("SASL mech previously specified\n"));
				exit(EXIT_FAILURE);
			}
			if (cvalue == NULL) {
				fprintf(stderr,
					_("missing mech in SASL option\n"));
				exit(EXIT_FAILURE);
			}

			vc_sasl_mech = ber_strdup(cvalue);
#else
#endif

		} else if (strcasecmp(control, "realm") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
			if (vc_sasl_realm) {
				fprintf(stderr,
				    _("SASL realm previously specified\n"));
				exit(EXIT_FAILURE);
			}
			if (cvalue == NULL) {
				fprintf(stderr,
					_("missing realm in SASL option\n"));
				exit(EXIT_FAILURE);
			}

			vc_sasl_realm = ber_strdup(cvalue);
#else
			fprintf(stderr,
				_("%s: not compiled with SASL support\n"), prog);
			exit(EXIT_FAILURE);
#endif

		} else if (strcasecmp(control, "authcid") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
			if (vc_sasl_authcid) {
				fprintf(stderr,
				    _("SASL authcid previously specified\n"));
				exit(EXIT_FAILURE);
			}
			if (cvalue == NULL) {
				fprintf(stderr,
					_("missing authcid in SASL option\n"));
				exit(EXIT_FAILURE);
			}

			vc_sasl_authcid = ber_strdup(cvalue);
#else
			fprintf(stderr,
				_("%s: not compiled with SASL support\n"), prog);
			exit(EXIT_FAILURE);
#endif

		} else if (strcasecmp(control, "authzid") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
			if (vc_sasl_authzid) {
				fprintf(stderr,
				    _("SASL authzid previously specified\n"));
				exit(EXIT_FAILURE);
			}
			if (cvalue == NULL) {
				fprintf(stderr,
					_("missing authzid in SASL option\n"));
				exit(EXIT_FAILURE);
			}

			vc_sasl_authzid = ber_strdup(cvalue);
#else
			fprintf(stderr,
				_("%s: not compiled with SASL support\n"), prog);
			exit(EXIT_FAILURE);
#endif

		} else if (strcasecmp(control, "secprops") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
			if (vc_sasl_secprops) {
				fprintf(stderr,
				    _("SASL secprops previously specified\n"));
				exit(EXIT_FAILURE);
			}
			if (cvalue == NULL) {
				fprintf(stderr,
					_("missing secprops in SASL option\n"));
				exit(EXIT_FAILURE);
			}

			vc_sasl_secprops = ber_strdup(cvalue);
#else
			fprintf(stderr,
				_("%s: not compiled with SASL support\n"), prog);
			exit(EXIT_FAILURE);
#endif

		} else {
		    fprintf( stderr, _("Invalid Verify Credentials extension name: %s\n"), control );
		    usage();
		}
		free( control );
		break;

	case 'a':  /* request authzid */
		req_authzid++;
		break;

	case 'b':  /* request authzid */
		req_pp++;
		break;

	default:
		return 0;
	}
	return 1;
}