int ad_mod_replace_binary(char *dn, char *attribute, char *data, int data_length) { LDAP *ds; LDAPMod *attrs[2]; LDAPMod attr; struct berval *values[2]; struct berval ber_data; int result; ds=ad_login(); if(!ds) return ad_error_code; ber_data.bv_val = data; ber_data.bv_len = data_length; values[0] = &ber_data; values[1] = NULL; attr.mod_op = LDAP_MOD_REPLACE|LDAP_MOD_BVALUES; attr.mod_type = attribute; attr.mod_bvalues = values; attrs[0] = &attr; attrs[1] = NULL; result = ldap_modify_s(ds, dn, attrs); if(result!=LDAP_SUCCESS) { snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ad_mod_replace_binary, ldap_mod_s: %s\n", ldap_err2string(result)); ad_error_code=AD_LDAP_OPERATION_FAILURE; } else { ad_error_code=AD_SUCCESS; } return ad_error_code; }
int ldap_delfromgroup(char *account, const char *group) { LDAPMod **mods; int num_mods; int rc, i; if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) { log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin"); return rc; } mods = make_mods_group(account, LDAP_MOD_DELETE, &num_mods); if(!mods) { log_module(MAIN_LOG, LOG_ERROR, "Error building mods for delfromgroup"); return LDAP_OTHER; } rc = ldap_modify_s(ld, group, mods); if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_ATTRIBUTE) { log_module(MAIN_LOG, LOG_ERROR, "Error removing %s from group %s: %s", account, group, ldap_err2string(rc)); return rc; } for(i = 0; i < num_mods; i++) { free(mods[i]->mod_type); free(mods[i]); } free(mods); return rc; }
char * gfarm_generic_info_modify( void *key, LDAPMod **modv, const struct gfarm_generic_info_ops *ops) { int rv; char *dn = ops->make_dn(key); char *error; if (dn == NULL) return (GFARM_ERR_NO_MEMORY); if ((error = gfarm_ldap_check()) != NULL) return (error); rv = ldap_modify_s(gfarm_ldap_server, dn, modv); free(dn); switch (rv) { case LDAP_SUCCESS: return (NULL); case LDAP_NO_SUCH_OBJECT: return (GFARM_ERR_NO_SUCH_OBJECT); case LDAP_ALREADY_EXISTS: return (GFARM_ERR_ALREADY_EXISTS); default: return (ldap_err2string(rv)); } }
/* set the given attribute to the given value. If value is NULL, unset it */ static idmap_stat idmap_ad_set(idmap_nm_handle_t *p, char *dn, char *attr, char *value) { idmap_stat rc = IDMAP_SUCCESS; int ldap_rc; char *new_values[2] = {NULL, NULL}; LDAPMod *mods[2] = {NULL, NULL}; mods[0] = (LDAPMod *)calloc(1, sizeof (LDAPMod)); mods[0]->mod_type = strdup(attr); if (value != NULL) { mods[0]->mod_op = LDAP_MOD_REPLACE; new_values[0] = strdup(value); mods[0]->mod_values = new_values; } else { mods[0]->mod_op = LDAP_MOD_DELETE; mods[0]->mod_values = NULL; } ldap_rc = ldap_modify_s(p->ad, dn, mods); if (ldap_rc != LDAP_SUCCESS) { namemap_log( gettext("Ldap modify of %s, attribute %s failed. (%s)"), dn, attr, ldap_err2string(ldap_rc)); rc = IDMAP_ERR_INTERNAL; } ldap_mods_free(mods, 0); return (rc); }
status ChangePasswd(LDAP *ld, char *user, char *passwd) { LDAPMod *attributes[2]; LDAPMod attribute1; char * pass_value[] = {passwd,NULL}; char *dn = GetClientDN(user); /* userPassword */ attribute1.mod_op = LDAP_MOD_REPLACE; attribute1.mod_type = "userPassword"; attribute1.mod_vals.modv_strvals = pass_value; attributes[0] = &attribute1; attributes[1] = NULL; if ( ldap_modify_s(ld, dn, attributes) != LDAP_SUCCESS ) { fprintf(stderr,"LDAP ERROR: No pudo cambiarse la clave del cliente\n"); return ERROR; } free(dn); return OK; }
/* ARGSUSED */ int _ns_ldap_modify_s(char *service, int flags, char *dn, LDAPMod **mods) { LDAP *ld = __s_api_getLDAPconn(flags); return (ldap_modify_s(ld, dn, mods)); }
int ad_mod_delete(char *dn, char *attribute, char *value) { LDAP *ds; LDAPMod *attrs[2]; LDAPMod attr; char *values[2]; int result; ds=ad_login(); if(!ds) return ad_error_code; values[0] = value; values[1] = NULL; attr.mod_op = LDAP_MOD_DELETE; attr.mod_type = attribute; attr.mod_values = values; attrs[0] = &attr; attrs[1] = NULL; result = ldap_modify_s(ds, dn, attrs); if(result!=LDAP_SUCCESS) { snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ad_mod_replace, ldap_mod_s: %s\n", ldap_err2string(result)); ad_error_code=AD_LDAP_OPERATION_FAILURE; } else { ad_error_code=AD_SUCCESS; } return ad_error_code; }
int ldap_add2group(char *account, const char *group) { LDAPMod **mods; int num_mods; int rc, i; if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) { log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin"); return rc; } mods = make_mods_group(account, LDAP_MOD_ADD, &num_mods); if(!mods) { log_module(MAIN_LOG, LOG_ERROR, "Error building mods for add2group"); return LDAP_OTHER; } rc = ldap_modify_s(ld, group, mods); if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS) { log_module(MAIN_LOG, LOG_ERROR, "Error adding %s to group %s: %s", account, group, ldap_err2string(rc)); return rc; } for(i = 0; i < num_mods; i++) { free(mods[i]->mod_type); free(mods[i]); } free(mods); return rc; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMod mod0, mod1, *mods[ 3 ]; char *vals0[ 2 ], *vals1[ 2 ], buf[ 128 ]; time_t now; /* get an LDAP session handle and authenticate */ if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) { perror( "ldap_init" ); return( 1 ); } if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); return( 1 ); } /* construct the list of modifications to make */ mod0.mod_op = LDAP_MOD_REPLACE; mod0.mod_type = "mail"; vals0[0] = "*****@*****.**"; vals0[1] = NULL; mod0.mod_values = vals0; mod1.mod_op = LDAP_MOD_ADD; mod1.mod_type = "description"; time( &now ); sprintf( buf, "This entry was modified with the modattrs program on %s", ctime( &now )); /* Get rid of \n which ctime put on the end of the time string */ if ( buf[ strlen( buf ) - 1 ] == '\n' ) { buf[ strlen( buf ) - 1 ] = '\0'; } vals1[ 0 ] = buf; vals1[ 1 ] = NULL; mod1.mod_values = vals1; mods[ 0 ] = &mod0; mods[ 1 ] = &mod1; mods[ 2 ] = NULL; /* make the change and clean up after ourselves */ if ( ldap_modify_s( ld, ENTRYDN, mods ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_modify_s" ); return( 1 ); } ldap_unbind( ld ); printf( "modification was successful\n" ); return( 0 ); }
/* Sets the depot status. */ void set_depot_attr (LDAP *ldap, char *dn, char *attr, char *value) { LDAPMod **mods; mods = (LDAPMod **) malloc (2 * sizeof (LDAPMod *)); mods[0] = (LDAPMod *) malloc (sizeof (LDAPMod)); mods[1] = NULL; mods[0]->mod_op = LDAP_MOD_REPLACE; mods[0]->mod_type = strdup (attr); mods[0]->mod_values = (char **) malloc (2 * sizeof (char *)); mods[0]->mod_values[0] = strdup (value); mods[0]->mod_values[1] = NULL; ldap_modify_s (ldap, dn, mods); ldap_mods_free(mods, 1); }
NTSTATUS kuhl_m_sid_add(int argc, wchar_t * argv[]) { PLDAP ld; DWORD dwErr; PCWCHAR szName; PWCHAR domain = NULL; PLDAPMessage pMessage = NULL; BERVAL NewSid; PBERVAL pNewSid[2] = {&NewSid, NULL}; LDAPMod Modification = {LDAP_MOD_ADD | LDAP_MOD_BVALUES, L"sIDHistory"}; PLDAPMod pModification[2] = {&Modification, NULL}; Modification.mod_vals.modv_bvals = pNewSid; if(kull_m_string_args_byName(argc, argv, L"new", &szName, NULL)) { if(ConvertStringSidToSid(szName, (PSID *) &NewSid.bv_val) || kull_m_token_getSidDomainFromName(szName, (PSID *) &NewSid.bv_val, &domain, NULL, NULL)) { if(IsValidSid((PSID) NewSid.bv_val)) { NewSid.bv_len = GetLengthSid((PSID) NewSid.bv_val); if(kuhl_m_sid_quickSearch(argc, argv, TRUE, NULL, &ld, &pMessage)) { kprintf(L"\n * Will try to add \'%s\' this new SID:\'", Modification.mod_type); kull_m_string_displaySID(NewSid.bv_val); kprintf(L"\': "); dwErr = ldap_modify_s(ld, ldap_get_dn(ld, pMessage), pModification); if(dwErr == LDAP_SUCCESS) kprintf(L"OK!\n"); else PRINT_ERROR(L"ldap_modify_s 0x%x (%u)\n", dwErr, dwErr); if(pMessage) ldap_msgfree(pMessage); ldap_unbind(ld); } } else PRINT_ERROR(L"Invalid SID\n"); LocalFree(NewSid.bv_val); if(domain) LocalFree(domain); } else PRINT_ERROR_AUTO(L"ConvertStringSidToSid / kull_m_token_getSidDomainFromName"); } else PRINT_ERROR(L"/new:sid or /new:resolvable_name is needed"); return STATUS_SUCCESS; }
/* Save OpServ level to LDAP * * level - OpServ level * * A level of <0 will be treated as 0 */ int ldap_do_oslevel(const char *account, int level, int oldlevel) { LDAPMod **mods; static char *oslevel_vals[] = { NULL, NULL }; char dn[MAXLEN], temp[MAXLEN]; int rc; if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) { log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin"); return rc; } if (level < 0) { level = 0; } snprintf(temp, MAXLEN-1, "%d", (level ? level : oldlevel)); oslevel_vals[0] = (char *) temp; if(!(nickserv_conf.ldap_field_oslevel && *nickserv_conf.ldap_field_oslevel)) return 0; snprintf(dn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account); mods = ( LDAPMod ** ) malloc(( 1 ) * sizeof( LDAPMod * )); mods[0] = (LDAPMod *) malloc(sizeof(LDAPMod)); memset(mods[0], 0, sizeof(LDAPMod)); mods[0]->mod_op = (level ? LDAP_MOD_REPLACE : LDAP_MOD_DELETE); mods[0]->mod_type = strdup(nickserv_conf.ldap_field_oslevel); mods[0]->mod_values = oslevel_vals; mods[1] = NULL; rc = ldap_modify_s(ld, dn, mods); if(rc != LDAP_SUCCESS) { log_module(MAIN_LOG, LOG_ERROR, "Error modifying ldap OpServ level: %s -- %s", account, ldap_err2string(rc)); //return rc; } free(mods[0]->mod_type); free(mods[0]); free(mods); return rc; }
static int dm_ldap_mod_field(u64_t user_idnr, const char *fieldname, const char *newvalue) { LDAPMod *mods[2], modField; char *newvalues[2], *dn; int err; LDAP *_ldap_conn = ldap_con_get(); if (! user_idnr) { TRACE(TRACE_ERR, "no user_idnr specified"); return FALSE; } if (! fieldname) { TRACE(TRACE_ERR, "no fieldname specified"); return FALSE; } if (! newvalue) { TRACE(TRACE_ERR, "no new value specified"); return FALSE; } if (! (dn = dm_ldap_user_getdn(user_idnr))) return FALSE; newvalues[0] = (char *)newvalue; newvalues[1] = NULL; modField.mod_op = LDAP_MOD_REPLACE; modField.mod_type = (char *)fieldname; modField.mod_values = newvalues; mods[0] = &modField; mods[1] = NULL; err = ldap_modify_s(_ldap_conn, dn, mods); if (err) { TRACE(TRACE_ERR,"dn: %s, %s: %s [%s]", dn, fieldname, newvalue, ldap_err2string(err)); ldap_memfree(dn); return FALSE; } TRACE(TRACE_DEBUG,"dn: %s, %s: %s", dn, fieldname, newvalue); ldap_memfree(dn); return TRUE; }
void LDAPSession::modifyStringValue ( string dn, const list<LDAPStringValue>& values ) { list<LDAPStringValue>::const_iterator it=values.begin(); list<LDAPStringValue>::const_iterator end=values.end(); int i=0; LDAPMod** mods= ( LDAPMod** ) malloc ( sizeof ( LDAPMod* ) *values.size() +1 ); for ( ;it!=end;++it ) { mods[i]= ( LDAPMod* ) malloc ( sizeof ( LDAPMod ) ); mods[i]->mod_op=LDAP_MOD_REPLACE; mods[i]->mod_type= ( char* ) malloc ( sizeof ( char ) * ( *it ).attr.length() ); strcpy ( mods[i]->mod_type, ( *it ).attr.c_str() ); list<string>::const_iterator sit= ( *it ).value.begin(); list<string>::const_iterator send= ( *it ).value.end(); int j=0; mods[i]->mod_vals.modv_strvals= ( char** ) malloc ( sizeof ( char* ) * ( *it ).value.size() +1 ); for ( ;sit!=send;++sit ) { mods[i]->mod_vals.modv_strvals[j]= ( char* ) malloc ( sizeof ( char ) * ( *sit ).length() ); strcpy ( mods[i]->mod_vals.modv_strvals[j], ( *sit ).c_str() ); ++j; } mods[i]->mod_vals.modv_strvals[j]=0l; ++i; } mods[i]=0l; int errc= ldap_modify_s ( ld,dn.c_str(),mods ); if ( errc != LDAP_SUCCESS ) throw LDAPExeption ( "ldap_modify_s",ldap_err2string ( errc ) ); ldap_mods_free ( mods,1 ); }
/* ad_setpass sets the password for the given user returns AD_SUCCESS on success */ int ad_setpass(char *dn, char *password) { LDAP *ds; char quoted_password[MAX_PASSWORD_LENGTH+2]; char unicode_password[(MAX_PASSWORD_LENGTH+2)*2]; int i; LDAPMod *attrs[2]; LDAPMod attr1; struct berval *bervalues[2]; struct berval pw; int result; ds=ad_login(); if(!ds) return ad_error_code; /* put quotes around the password */ snprintf(quoted_password, sizeof(quoted_password), "\"%s\"", password); /* unicode the password string */ memset(unicode_password, 0, sizeof(unicode_password)); for(i=0; i<strlen(quoted_password); i++) unicode_password[i*2]=quoted_password[i]; pw.bv_val = unicode_password; pw.bv_len = strlen(quoted_password)*2; bervalues[0]=&pw; bervalues[1]=NULL; attr1.mod_type="unicodePwd"; attr1.mod_op = LDAP_MOD_REPLACE|LDAP_MOD_BVALUES; attr1.mod_bvalues = bervalues; attrs[0]=&attr1; attrs[1]=NULL; result = ldap_modify_s(ds, dn, attrs); if(result!=LDAP_SUCCESS) { snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_modify for password: %s", ldap_err2string(result)); ad_error_code=AD_LDAP_OPERATION_FAILURE; } else { ad_error_code=AD_SUCCESS; } return ad_error_code; }
/* Save email or password to server * * password - UNENCRYPTED password. This function encrypts if libs are available * email - email address * * NULL to make no change */ int ldap_do_modify(const char *account, const char *password, const char *email) { char dn[MAXLEN]; LDAPMod **mods; int rc, i; int num_mods; char *passbuf = NULL; if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) { log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin"); return rc; } if(password) { passbuf = make_password(password); } snprintf(dn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account); mods = make_mods_modify(passbuf, email, &num_mods); if(!mods) { log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_do_modify"); return LDAP_OTHER; } rc = ldap_modify_s(ld, dn, mods); if(rc != LDAP_SUCCESS) { log_module(MAIN_LOG, LOG_ERROR, "Error modifying ldap account: %s -- %s", account, ldap_err2string(rc)); // return rc; } for(i = 0; i < num_mods; i++) { free(mods[i]->mod_type); free(mods[i]); } free(mods); if(passbuf) free(passbuf); return rc; }
DWORD LwLdapModify( HANDLE hDirectory, PCSTR pszDN, LDAPMod** ppMods ) { PLW_LDAP_DIRECTORY_CONTEXT pDirectory = NULL; DWORD dwError = 0; pDirectory = (PLW_LDAP_DIRECTORY_CONTEXT)hDirectory; dwError = ldap_modify_s( pDirectory->ld, pszDN, ppMods); BAIL_ON_LDAP_ERROR(dwError); cleanup: return dwError; error: goto cleanup; }
NTSTATUS kuhl_m_sid_clear(int argc, wchar_t * argv[]) { PLDAP ld; DWORD dwErr; PLDAPMessage pMessage = NULL; LDAPMod Modification = {LDAP_MOD_DELETE, L"sIDHistory", NULL}; PLDAPMod pModification[2] = {&Modification, NULL}; if(kuhl_m_sid_quickSearch(argc, argv, TRUE, NULL, &ld, &pMessage)) { kprintf(L"\n * Will try to clear \'%s\': ", Modification.mod_type); dwErr = ldap_modify_s(ld, ldap_get_dn(ld, pMessage), pModification); if(dwErr == LDAP_SUCCESS) kprintf(L"OK!\n"); else if(dwErr == LDAP_NO_SUCH_ATTRIBUTE) PRINT_ERROR(L"No sIDHistory attribute\n"); else PRINT_ERROR(L"ldap_modify_s 0x%x (%u)\n", dwErr, dwErr); if(pMessage) ldap_msgfree(pMessage); ldap_unbind(ld); } return STATUS_SUCCESS; }
int meta_back_modify( Backend *be, Connection *conn, Operation *op, struct berval *dn, struct berval *ndn, Modifications *modlist ) { struct metainfo *li = ( struct metainfo * )be->be_private; struct metaconn *lc; LDAPMod **modv; LDAPMod *mods; Modifications *ml; int candidate = -1, i; char *mdn; struct berval mapped; lc = meta_back_getconn( li, conn, op, META_OP_REQUIRE_SINGLE, ndn, &candidate ); if ( !lc || !meta_back_dobind( lc, op ) || !meta_back_is_valid( lc, candidate ) ) { send_ldap_result( conn, op, LDAP_OTHER, NULL, NULL, NULL, NULL ); return -1; } /* * Rewrite the modify dn, if needed */ switch ( rewrite_session( li->targets[ candidate ]->rwinfo, "modifyDn", dn->bv_val, conn, &mdn ) ) { case REWRITE_REGEXEC_OK: if ( mdn == NULL ) { mdn = ( char * )dn->bv_val; } #ifdef NEW_LOGGING LDAP_LOG( BACK_META, DETAIL1, "[rw] modifyDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn, 0 ); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> modifyDn: \"%s\" -> \"%s\"\n%s", dn->bv_val, mdn, "" ); #endif /* !NEW_LOGGING */ break; case REWRITE_REGEXEC_UNWILLING: send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM, NULL, "Operation not allowed", NULL, NULL ); return -1; case REWRITE_REGEXEC_ERR: send_ldap_result( conn, op, LDAP_OTHER, NULL, "Rewrite error", NULL, NULL ); return -1; } for ( i = 0, ml = modlist; ml; i++ ,ml = ml->sml_next ) ; mods = ch_malloc( sizeof( LDAPMod )*i ); if ( mods == NULL ) { if ( mdn != dn->bv_val ) { free( mdn ); } return -1; } modv = ( LDAPMod ** )ch_malloc( ( i + 1 )*sizeof( LDAPMod * ) ); if ( modv == NULL ) { free( mods ); if ( mdn != dn->bv_val ) { free( mdn ); } return -1; } for ( i = 0, ml = modlist; ml; ml = ml->sml_next ) { int j; if ( ml->sml_desc->ad_type->sat_no_user_mod ) { continue; } ldap_back_map( &li->targets[ candidate ]->at_map, &ml->sml_desc->ad_cname, &mapped, BACKLDAP_MAP ); if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0' ) { continue; } modv[ i ] = &mods[ i ]; mods[ i ].mod_op = ml->sml_op | LDAP_MOD_BVALUES; mods[ i ].mod_type = mapped.bv_val; /* * FIXME: dn-valued attrs should be rewritten * to allow their use in ACLs at the back-ldap * level. */ if ( strcmp( ml->sml_desc->ad_type->sat_syntax->ssyn_oid, SLAPD_DN_SYNTAX ) == 0 ) { ldap_dnattr_rewrite( li->targets[ candidate ]->rwinfo, ml->sml_bvalues, conn ); } if ( ml->sml_bvalues != NULL ){ for (j = 0; ml->sml_bvalues[ j ].bv_val; j++); mods[ i ].mod_bvalues = (struct berval **)ch_malloc((j+1) * sizeof(struct berval *)); for (j = 0; ml->sml_bvalues[ j ].bv_val; j++) mods[ i ].mod_bvalues[ j ] = &ml->sml_bvalues[j]; mods[ i ].mod_bvalues[ j ] = NULL; } else { mods[ i ].mod_bvalues = NULL; } i++; } modv[ i ] = 0; ldap_modify_s( lc->conns[ candidate ].ld, mdn, modv ); if ( mdn != dn->bv_val ) { free( mdn ); } for ( i=0; modv[ i ]; i++) free( modv[ i ]->mod_bvalues ); free( mods ); free( modv ); return meta_back_op_result( lc, op ); }
static int auth_ldap_do3(const char *attrname, const char *user, const char *pass, int (*callback)(struct authinfo *, void *), void *arg, const char *newpass, const char *authaddr) { char *newpass_crypt=0; const char *attributes[10], *ldap_attributes[10]; struct timeval timeout; LDAPMessage *result; LDAPMessage *entry; char *filter, *dn; int i, j; struct authinfo auth; char *homeDir=0; char *mailDir=0; char *userPassword=0; char *cryptPassword=0; char *cn=0; uid_t au; gid_t ag; int rc; char *quota=0; int additionalFilter = 0; int hasAdditionalFilter = 0; hasAdditionalFilter = my_ldap.filter != 0; memset(&auth, 0, sizeof(auth)); if (hasAdditionalFilter) { /* To add the additional filter, we need to add on the * additional size for "(&)" and the other filter. So * filter+3 */ additionalFilter = strlen(my_ldap.filter) + 3; } if ((filter=malloc(additionalFilter+strlen(attrname)+strlen(user)+ (my_ldap.domain ? strlen(my_ldap.domain):0)+ sizeof ("(=@)"))) == 0) { perror("malloc"); return 1; } strcpy(filter, "\0"); if (hasAdditionalFilter) { strcat(filter, "(&"); strcat(filter, my_ldap.filter); } strcat(strcat(strcat(strcat(filter, "("), attrname), "="), user); if ( my_ldap.domain && my_ldap.domain[0] && strchr(user, '@') == 0 ) strcat(strcat(filter, "@"), my_ldap.domain); strcat(filter, ")"); if (hasAdditionalFilter) { strcat(filter, ")"); } timeout.tv_sec=my_ldap.timeout; timeout.tv_usec=0; read_env("LDAP_HOMEDIR", &attributes[0], "", 0, "homeDir"); read_env("LDAP_MAILDIR", &attributes[1], "", 0, 0); read_env("LDAP_FULLNAME", &attributes[2], "", 0, "cn"); read_env("LDAP_CLEARPW", &attributes[3], "", 0, 0); read_env("LDAP_CRYPTPW", &attributes[4], "", 0, 0); read_env("LDAP_UID", &attributes[5], "", 0, 0); read_env("LDAP_GID", &attributes[6], "", 0, 0); attributes[7]=my_ldap.mail; read_env("LDAP_MAILDIRQUOTA", &attributes[8], "", 0, 0); j=0; for (i=0; i<9; i++) { if (attributes[i]) ldap_attributes[j++]=attributes[i]; } ldap_attributes[j]=0; if (ldaperror(ldap_search_st(my_ldap_fp, (char *)my_ldap.basedn,LDAP_SCOPE_SUBTREE, filter, (char **)ldap_attributes, 0, &timeout, &result) != LDAP_SUCCESS)) { free(filter); if (my_ldap_fp) return (-1); return (1); } free(filter); /* If we are more than one result, reject */ if (ldap_count_entries(my_ldap_fp,result)!=1) { ldap_msgfree(result); return -1; } #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"Nombre de résulat: %d\n",ldap_count_entries(my_ldap_fp,result)); #endif dn = ldap_get_dn(my_ldap_fp, result); #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"DN: %s\n",dn); #endif if (dn == NULL) { ldap_perror(my_ldap_fp, "ldap_get_dn"); return -1; } /* Get the pointer on this result */ entry=ldap_first_entry(my_ldap_fp,result); if (entry==NULL) { ldap_perror(my_ldap_fp,"ldap_first_entry"); free(dn); return -1; } #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"after ldap_first_entry\n"); #endif /* Copy the directory and the password into struct */ copy_value(my_ldap_fp,entry,attributes[0],&homeDir, user); if (attributes[1]) copy_value(my_ldap_fp,entry,attributes[1],&mailDir, user); copy_value(my_ldap_fp,entry,attributes[2],&cn, user); if (attributes[3]) copy_value(my_ldap_fp,entry,attributes[3],&userPassword, user); if (attributes[4]) copy_value(my_ldap_fp,entry,attributes[4],&cryptPassword, user); au=my_ldap.uid; ag=my_ldap.gid; if (attributes[5]) { char *p=0; unsigned long n; copy_value(my_ldap_fp, entry, attributes[5], &p, user); if (p) { if (sscanf(p, "%lu", &n) > 0) au= (uid_t)n; free(p); } #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"au= %d\n",au); #endif } if (attributes[6]) { char *p=0; unsigned long n; copy_value(my_ldap_fp, entry, attributes[6], &p, user); if (p) { if (sscanf(p, "%lu", &n) > 0) ag= (gid_t)n; free(p); } #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"ag= %d\n",ag); #endif } if (attributes[8]) copy_value(my_ldap_fp,entry,attributes[8],"a, user); if (homeDir != 0 && my_ldap.mailroot != 0 && *my_ldap.mailroot) { char *new_mailroot=malloc(strlen(homeDir)+ strlen(my_ldap.mailroot)+2); if (!new_mailroot) { syslog(LOG_DAEMON|LOG_CRIT, "authldap: malloc failed"); rc= -1; } else { strcat(strcat(strcpy(new_mailroot, my_ldap.mailroot), "/"), homeDir); free(homeDir); homeDir=new_mailroot; } } auth.sysusername=user; auth.sysuserid= &au; auth.sysgroupid= ag; auth.homedir=homeDir; auth.address=authaddr; auth.fullname=cn; auth.maildir=mailDir; auth.clearpasswd=userPassword; auth.passwd=cryptPassword; auth.quota=quota; if (auth.sysusername == 0) auth.sysusername=auth.address=""; if (homeDir == 0) auth.homedir=""; rc=0; if (au == 0 || ag == 0) { syslog(LOG_DAEMON|LOG_CRIT, "authlib: refuse to authenticate %s: uid=%d, gid=%d\n", user, au, ag); rc= 1; } if (pass) { if (my_ldap.authbind) { LDAP *bindp=ldapconnect(); if (!bindp) rc=1; else { #if HAVE_LDAP_TLS if(my_ldap.tls && enable_tls_on(bindp)) { #if HAVE_SYSLOG_H syslog(LOG_DAEMON|LOG_CRIT, "authlib: LDAP_TLS enabled but I'm unable to start tls, check your config\n"); #endif rc = 1; } else { #endif switch (ldap_simple_bind_s(bindp, dn, (char *)pass)) { case LDAP_SUCCESS: break; case LDAP_INVALID_CREDENTIALS: rc = -1; break; default: rc = 1; break; } #if HAVE_LDAP_TLS } #endif ldap_unbind(bindp); } if (rc == 0 && newpass) { if ((newpass_crypt=authcryptpasswd(newpass, NULL)) == 0) rc= -1; } } else { if (auth.clearpasswd) { if (strcmp(pass,auth.clearpasswd)) rc= -1; } else { const char *p=auth.passwd; if (p && strncasecmp(p, "{crypt}", 7) == 0) p += 7; /* For authcheckpassword */ if (!p || authcheckpassword(pass, p)) rc= -1; } if (rc == 0 && newpass && auth.passwd) { if ((newpass_crypt=authcryptpasswd(newpass, auth.passwd) ) == 0) rc= -1; } } } if (rc == 0 && newpass) { LDAPMod *mods[3]; int mod_index=0; LDAPMod mod_clear, mod_crypt; char *mod_clear_vals[2], *mod_crypt_vals[2]; if (attributes[3]) { mods[mod_index]= &mod_clear; mod_clear.mod_op=LDAP_MOD_REPLACE; mod_clear.mod_type=(char *)attributes[3]; mod_clear.mod_values=mod_clear_vals; mod_clear_vals[0]=(char *)newpass; mod_clear_vals[1]=NULL; ++mod_index; } if (attributes[4] && newpass_crypt) { mods[mod_index]= &mod_crypt; mod_crypt.mod_op=LDAP_MOD_REPLACE; mod_crypt.mod_type=(char *)attributes[4]; mod_crypt.mod_values=mod_crypt_vals; mod_crypt_vals[0]=newpass_crypt; mod_crypt_vals[1]=NULL; ++mod_index; } if (mod_index == 0) rc= -1; else { mods[mod_index]=0; if (ldap_modify_s(my_ldap_fp, dn, mods)) { rc= -1; } } } if (newpass_crypt) free(newpass_crypt); free (dn); #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"before callback rc=%d\n",rc); #endif if (rc == 0 && callback) rc= (*callback)(&auth, arg); #if DEBUG_LDAP syslog(LOG_DAEMON|LOG_CRIT,"after callback rc=%d\n",rc); #endif ldap_msgfree(result); if (homeDir) free(homeDir); if (mailDir) free(mailDir); if (userPassword) free(userPassword); if (cryptPassword) free(cryptPassword); if (cn) free(cn); if (quota) free(quota); return (rc); }
static krb5_error_code LDAP_store(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry) { LDAPMod **mods = NULL; krb5_error_code ret; const char *errfn; int rc; LDAPMessage *msg = NULL, *e = NULL; char *dn = NULL, *name = NULL; ret = LDAP_principal2message(context, db, entry->principal, &msg); if (ret == 0) e = ldap_first_entry(HDB2LDAP(db), msg); ret = krb5_unparse_name(context, entry->principal, &name); if (ret) { free(name); return ret; } ret = hdb_seal_keys(context, db, entry); if (ret) goto out; /* turn new entry into LDAPMod array */ ret = LDAP_entry2mods(context, db, entry, e, &mods); if (ret) goto out; if (e == NULL) { ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db)); if (ret < 0) { krb5_set_error_string(context, "asprintf: out of memory"); ret = ENOMEM; goto out; } } else if (flags & HDB_F_REPLACE) { /* Entry exists, and we're allowed to replace it. */ dn = ldap_get_dn(HDB2LDAP(db), e); } else { /* Entry exists, but we're not allowed to replace it. Bail. */ ret = HDB_ERR_EXISTS; goto out; } /* write entry into directory */ if (e == NULL) { /* didn't exist before */ rc = ldap_add_s(HDB2LDAP(db), dn, mods); errfn = "ldap_add_s"; } else { /* already existed, send deltas only */ rc = ldap_modify_s(HDB2LDAP(db), dn, mods); errfn = "ldap_modify_s"; } if (check_ldap(context, db, rc)) { char *ld_error = NULL; ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING, &ld_error); krb5_set_error_string(context, "%s: %s (dn=%s) %s: %s", errfn, name, dn, ldap_err2string(rc), ld_error); ret = HDB_ERR_CANT_LOCK_DB; } else ret = 0; out: /* free stuff */ if (dn) free(dn); if (msg) ldap_msgfree(msg); if (mods) ldap_mods_free(mods, 1); if (name) free(name); return ret; }
int ldapModifyEntry (RDFT rdf, RDF_Resource parent, RDF_Resource child, PRBool addFlag) { RDF_Cursor c; RDF_Resource newParent, r; char *urivals[2]; LDAP *ld; LDAPMod urimod, *mods[2]; LDAPURLDesc *ldURL=NULL; int err; char *errStr, *parentID; parentID = resourceID(parent); if (containerp(child)) { if (newParent = ldapNewContainer(parentID)) { if ((c = RDF_GetSources(rdf->rdf->rdf, child, gCoreVocab->RDF_parent, RDF_RESOURCE_TYPE, 1)) != NULL) { while ((r = RDF_NextValue(c)) != NULL) { err = ldapModifyEntry(rdf, newParent, r, addFlag); if (err) { /* XXX MAJOR rollback issues! Punt for now! */ return(err); } } } else { return(-1); } } else { return(-1); } } ldap_url_parse(parentID, &ldURL); if (ldURL == NULL) return(-1); ld = ldap_init (ldURL->lud_host, ldURL->lud_port); if (ld == NULL) { ldap_free_urldesc(ldURL); return(-1); } if ((err = ldap_simple_bind_s(ld, ADMIN_ID, ADMIN_PW)) /* XXX */ != LDAP_SUCCESS) { if ((errStr = ldap_err2string(err)) != NULL) { XP_MakeHTMLAlert(NULL, errStr); } ldap_unbind(ld); ldap_free_urldesc(ldURL); return(-1); } urivals[0] = resourceID(child); urivals[1] = NULL; urimod.mod_op = ((addFlag == true) ? LDAP_MOD_ADD : LDAP_MOD_DELETE); urimod.mod_type = "labeledURI"; urimod.mod_values = urivals; mods[0] = &urimod; mods[1] = NULL; err = ldap_modify_s(ld, ldURL->lud_dn, mods); if (err != LDAP_SUCCESS) { if ((errStr = ldap_err2string(err)) != NULL) { XP_MakeHTMLAlert(NULL, errStr); } } ldap_unbind(ld); ldap_free_urldesc(ldURL); return(err); }
/* * Create or update an LDAP server binding entry. */ static void rpc_ns__ldap_export_server_element_ext(LDAP *ld, char *dn, rpc_if_handle_t if_spec, rpc_binding_vector_p_t vec, int modop, unsigned32 *status ) { unsigned_char_p_t uuid = NULL; unsigned_char_p_t interfaceID = NULL; rpc_if_id_t if_id; LDAPMod *modV[4]; LDAPMod modRpcNsInterfaceID, modRpcNsBindings, modObjectClass; char **valueRpcNsBindings = NULL; char *valueRpcNsInterfaceID[2], *valueObjectClass[3]; int rc; unsigned i; rpc_if_inq_id(if_spec, &if_id, status); if (*status != rpc_s_ok) { goto out; } /* Get the interface ID */ uuid_to_string(&if_id.uuid, &uuid, status); if (*status != rpc_s_ok) { goto out; } RPC_MEM_ALLOC(interfaceID, unsigned_char_p_t, strlen(uuid) + sizeof(",65535.65535"), RPC_C_MEM_NSRESOLUTION, RPC_C_MEM_WAITOK); sprintf(interfaceID, "%s,%hu.%hu", uuid, if_id.vers_major, if_id.vers_minor); valueRpcNsInterfaceID[0] = interfaceID; valueRpcNsInterfaceID[1] = NULL; modRpcNsInterfaceID.mod_op = LDAP_MOD_ADD; modRpcNsInterfaceID.mod_type = "rpcNsInterfaceID"; modRpcNsInterfaceID.mod_values = valueRpcNsInterfaceID; RPC_MEM_ALLOC(valueRpcNsBindings, char **, (vec->count * sizeof(char *)), RPC_C_MEM_NSRESOLUTION, RPC_C_MEM_WAITOK); memset(valueRpcNsBindings, 0, (vec->count * sizeof(unsigned_char_p_t))); for (i = 0; i < vec->count; i++) { rpc_binding_to_string_binding(vec->binding_h[i], (unsigned_char_p_t *)&valueRpcNsBindings[i], status); if (*status != rpc_s_ok) { goto out; } } valueRpcNsBindings[vec->count] = NULL; modRpcNsBindings.mod_op = modop; modRpcNsBindings.mod_type = "rpcNsBindings"; modRpcNsBindings.mod_values = valueRpcNsBindings; valueObjectClass[0] = "rpcServerElement"; valueObjectClass[1] = "rpcEntry"; valueObjectClass[2] = "top"; modObjectClass.mod_op = modop; modObjectClass.mod_type = "objectClass"; modObjectClass.mod_values = valueObjectClass; modV[0] = &modRpcNsInterfaceID; modV[1] = &modRpcNsBindings; modV[2] = &modObjectClass; modV[3] = NULL; if (modop == LDAP_MOD_ADD) { rc = ldap_add_s(ld, dn, modV); } else { rc = ldap_modify_s(ld, dn, modV); } *status = (rc == LDAP_SUCCESS) ? rpc_s_ok : rpc_s_update_failed; out: if (uuid != NULL) free(uuid); if (interfaceID != NULL) free(interfaceID); if (valueRpcNsBindings != NULL) { char **p; for (p = valueRpcNsBindings; *valueRpcNsBindings != NULL; p++) { unsigned_char_p_t tmp = (unsigned_char_p_t)*p; rpc_string_free(&tmp, status); } RPC_MEM_FREE(valueRpcNsBindings, RPC_C_MEM_NSRESOLUTION); } }
/* * Expects the following structure to modify an entry: * * An array of mappings. Each mapping has the following fields: * * string|int op * modop is one of: * "add" (LDAP_MOD_ADD), * "delete" (LDAP_MOD_DELETE), * "replace" (LDAP_MOD_REPLACE) * * string type * The type name of the attribute to modify (e.g. userPassword). * * string|array(string) values * Value(s) to be used in this operation. */ static void f_ldap_modify(INT32 args) { struct array *arr; struct pike_string *dn; struct mapping *m; LDAPMod **mods; int i, ret; struct svalue *val; if (!THIS->bound) Pike_error("OpenLDAP.Client: attempting operation on an unbound connection\n"); get_all_args("OpenLDAP.Client->modify()", args, "%S%a", &dn, &arr); mods = (LDAPMod**)calloc((arr->size + 1), sizeof(LDAPMod*)); if (!mods) Pike_error("OpenLDAP.Client: OUT OF MEMORY!\n"); for (i = 0; i < arr->size; i++) { mods[i] = (LDAPMod*)calloc(1, sizeof(LDAPMod)); if (!mods[i]) Pike_error("OpenLDAP.Client: OUT OF MEMORY!\n"); if (arr->item[i].type != T_MAPPING) Pike_error("OpenLDAP.Client->modify(): array member is not a mapping.\n"); m = arr->item[i].u.mapping; val = low_mapping_string_lookup(m, modify_op); if (!val) Pike_error("OpenLDAP.Client->modify(): invalid modification mapping. " "Missing the '%s' field\n", "op"); if (val->type == T_INT) { mods[i]->mod_op = val->u.integer; } else if (val->type == T_STRING && val->u.string->size_shift == 0) { if (c_compare_string(val->u.string, MOD_ADD_STR, sizeof(MOD_ADD_STR))) mods[i]->mod_op = LDAP_MOD_ADD; else if (c_compare_string(val->u.string, MOD_DELETE_STR, sizeof(MOD_DELETE_STR))) mods[i]->mod_op = LDAP_MOD_DELETE; else if (c_compare_string(val->u.string, MOD_REPLACE_STR, sizeof(MOD_REPLACE_STR))) mods[i]->mod_op = LDAP_MOD_REPLACE; } else { Pike_error("OpenLDAP.Client->modify(): invalid 'op' value in modification mapping.\n"); } mods[i]->mod_op |= LDAP_MOD_BVALUES; val = low_mapping_string_lookup(m, modify_type); if (!val) Pike_error("OpenLDAP.Client->modify(): invalid modification mapping. " "Missing the '%s' field\n", "type"); if (val->type != T_STRING || val->u.string->size_shift > 0) Pike_error("OpenLDAP.Client->modify(): invalid modification mapping. " "The '%s' field is not an 8-bit string\n", "type"); mods[i]->mod_type = val->u.string->str; val = low_mapping_string_lookup(m, modify_values); if (!val) Pike_error("OpenLDAP.Client->modify(): invalid modification mapping. " "Missing the '%s' field\n", "values"); if (val->type != T_ARRAY) Pike_error("OpenLDAP.Client->modify(): invalid modification mapping. " "The '%s' field is not an array\n", "values"); mods[i]->mod_bvalues = make_berval_array(val); } ret = ldap_modify_s(THIS->conn, dn->str, mods); if (ret != LDAP_SUCCESS) Pike_error("OpenLDAP.Client->modify(): %s\n", ldap_err2string(ret)); free_mods(mods); pop_n_elems(args); }