Пример #1
1
static int fldap_read(const char* path, char* buf, size_t size, off_t offset, struct fuse_file_info* fi) {
  static char* attrs[] = {"description", NULL};
  LDAPMessage* msg = NULL;
  LDAPMessage* entry = NULL;
  BerElement* ber = NULL;
  char* dn;
  char** vals;
  char* attr;

  dn = path_to_dn(path, "cn=");
  ldap_search_s(ld, dn, LDAP_SCOPE_BASE, "(ObjectClass=*)", attrs, 0, &msg);
  entry = ldap_first_entry(ld, msg);

  if (!entry) {
    ldap_msgfree(msg);
    free(dn);
    return -ENOENT;
  }

  for (entry = ldap_first_entry(ld, msg); entry != NULL; entry = ldap_next_entry(ld, entry)) {
    for (attr = ldap_first_attribute(ld, entry, &ber); attr != NULL; attr = ldap_next_attribute(ld, entry, ber)) {
      if (!strcmp(attr, "description") && ((vals = ldap_get_values(ld, entry, attr)) != NULL))  {
	strncpy(buf, vals[0] + offset, size);
	ldap_value_free(vals);
      }
      ldap_memfree(attr);
    }
    ber_free(ber,0);
  }
  ldap_msgfree(msg);
  free(dn);
  return strlen(buf);
}
Пример #2
0
static LDAPMessage *pw_ldap_uid_search(LDAP * const ld,
                                       const char *uid,
                                       char *attrs[])
{
    char *alloca_filter;
    size_t uid_size;
    size_t filter_size;
    int rc;
    LDAPMessage *res;

    if (uid == NULL || *uid == 0) {
        return NULL;
    }
    uid_size = strlen(uid);
    if (uid_size > MAX_LDAP_UID_LENGTH) {
        return NULL;
    }
    filter_size = strlen(ldap_filter) + uid_size + (size_t) 1U;
    if ((alloca_filter = ALLOCA(filter_size)) == NULL) {
        return NULL;
    }
    if (SNCHECK(snprintf(alloca_filter, filter_size, ldap_filter, uid),
        filter_size)) {
        ALLOCA_FREE(alloca_filter);
        return NULL;
    }
    rc = ldap_search_s(ld, base, LDAP_SCOPE_SUBTREE,
                       alloca_filter, attrs, 0, &res);
    ALLOCA_FREE(alloca_filter);
    if (rc != LDAP_SUCCESS) {
        return NULL;
    }

    return res;
}
Пример #3
0
static int fldap_readlink(const char* path, char* buf, size_t size) {
  static char* attrs[] = {"description", NULL};
  char* dn;
  LDAPMessage* msg = NULL;
  LDAPMessage* entry = NULL;
  BerElement* ber = NULL;
  char** vals;
  char* attr;
  
  if ((dn = is_dn_exist(path))) {
    ldap_search_s(ld, dn, LDAP_SCOPE_BASE, "(ObjectClass=*)", attrs, 0, &msg);
    if ((entry = ldap_first_entry(ld, msg))) {
      for (attr = ldap_first_attribute(ld, entry, &ber); attr != NULL; attr = ldap_next_attribute(ld, entry, ber)) {
	if ((vals = ldap_get_values(ld, entry, attr)) != NULL)  {
	  if (!strcmp("description", attr))
	    strncpy(buf, vals[0], size);
	  ldap_value_free(vals);
	}
	ldap_memfree(attr);
      }
      ber_free(ber, 0);
    }
    ldap_msgfree(msg);
  }
  free(dn);
  return 0;
}
Пример #4
0
static int
count_identical_fullnames(abook_ldap_state *ldap_state, char *alias)
{
    int rc, count = 0;
    char filter[1024];
    LDAPMessage *results;

    /* 
     * To limit the work done for this search, look for some bogus attribute 
     * that's probably not in the entry and don't return any values.
     */
    char *attrs[] = {"c", NULL};

    snprintf(filter, sizeof(filter), "(&%s(%s=%s))", config.defaultfilter, 
	    config.fullnameattr, alias);
    rc = ldap_search_s(ldap_state->ld, config.searchbase, config.scope,
		       filter, attrs, 1 /*attrs-only*/, &results);
    if (rc != LDAP_SUCCESS) {
	syslog(LOG_ERR, "count_identical_fullnames: search failed: %s",
	       ldap_err2string(rc));
	count = -1;
    } else {
	count = ldap_count_entries(ldap_state->ld, results);
	/* Returns -1 on error, so just pass that back to the caller */
	(void) ldap_msgfree(results);  /* ignore message type return value */
    }

    return count;
}
Пример #5
0
PWCHAR kuhl_m_sid_getRootDomainNamingContext(LDAP *ld)
{
	DWORD dwErr;
	PWCHAR rootAttr[] = {L"rootDomainNamingContext", NULL}, ret = NULL;
	PLDAPMessage pMessage = NULL;
	PBERVAL *pBerVal;

	dwErr = ldap_search_s(ld, NULL, LDAP_SCOPE_BASE, L"(dn=RootDSE)", rootAttr, FALSE, &pMessage);
	if(dwErr == LDAP_SUCCESS)
	{
		if(ldap_count_entries(ld, pMessage) == 1)
		{
			if(pBerVal = ldap_get_values_len(ld, pMessage, rootAttr[0]))
			{
				if(ldap_count_values_len(pBerVal) == 1)
					ret = kull_m_string_qad_ansi_c_to_unicode(pBerVal[0]->bv_val, pBerVal[0]->bv_len);
				else PRINT_ERROR(L"ldap_get_values_len is NOT 1\n");
				ldap_value_free_len(pBerVal);
			}
		}
		else PRINT_ERROR(L"ldap_count_entries is NOT 1\n");
	}
	else PRINT_ERROR(L"ldap_search_s 0x%x (%u)\n", dwErr, dwErr);
	if(pMessage)
		ldap_msgfree(pMessage);
	return ret;
}
Пример #6
0
/**
 * @name tcp_mapper_ldap_query
 * @description Issue a query to a LDAP instance
 * @param LDAP *ldap
 * @return int numrows
 */
int tcp_mapper_ldap_search(LDAP *ldap, char *search, char *result){

    LDAPMessage *ldap_result, *entry;
    int     numentries = 0;
    int     err;
    char    **val;


    if(err = ldap_search_s(ldap, cfg.ldap_base, LDAP_SCOPE_SUBTREE, search,
                NULL, 0, &ldap_result) != LDAP_SUCCESS ) {

        printf("%s\n", ldap_err2string(err));
        return -1;
    }
    numentries = ldap_count_entries(ldap, ldap_result);

    if(numentries != 0) {
        /* just firts entry. We don't need any other */
        entry = ldap_first_entry(ldap, ldap_result);
        val   = ldap_get_values(ldap, entry, cfg.ldap_result_attr);
   
	if(val == NULL) {
	    return 0; 
	}
	snprintf(result, strlen(val[0])+1, "%s", (char *) val[0]);
	ldap_value_free(val);
    }

    return numentries;
}
Пример #7
0
static int
ldaplookup_search_s(
	LDAP *ld,
	LDAP_CONST char *base,
	int scope,
	LDAP_CONST char *filter,
	char **attrs,
	int attrsonly,
	LDAPMessage **res
) {
	int result;
#ifdef HAVE_LDAP_SEARCH_EXT_S
	result = ldap_search_ext_s(ld, base,
		scope, filter, attrs, attrsonly,
		NULL, NULL, NULL, 0, res);
#else
	result = ldap_search_s(ld, base, scope, filter, attrs, attrsonly, res);
#endif

#ifdef TRACE_BY_LDAP
fprintf(stderr, "TRACE_BY_LDAP ldaplookup_search_s:"
"\n base=%s\n filter=%s\n"
" ldap_search_{XXX}s return 0x%x(%s)\n"
, base, filter
, result, ldap_err2string(result));
#endif
	return(result);
}
Пример #8
0
unsigned int
GetUserLevel(LDAP *ld,char *user)
{

	LDAPMessage        *res, *e;
	char               *a;
	BerElement         *ptr;
	char               **vals;
	unsigned int ret;
	
	char *filter = GetClientFilter(user);
	
	if (ldap_search_s(ld, CLIENT_PATH, LDAP_SCOPE_SUBTREE,filter, NULL, 0, &res)!= LDAP_SUCCESS) {
		printf("%s\n",filter);
		ldap_perror(ld, "ldap_search_s");
		exit(1);
	}
	
	if( (e=ldap_first_entry(ld, res)) == NULL )
	   fprintf(stderr, "LDAP error: user not found");

	a = ldap_first_attribute(ld, e, &ptr);
	while( strcmp(a,"internationaliSDNNumber") != 0 )
		a = ldap_next_attribute(ld, e, ptr);
	   
	vals = ldap_get_values(ld, e, a);	
	ret = atoi(vals[0]);		
	/* free the search results */
	ldap_msgfree(res);
	return ret;
}
Пример #9
0
static LDAPMessage * authldap_search(const gchar *query)
{
	LDAPMessage *ldap_res;
	int _ldap_attrsonly = 0;
	char **_ldap_attrs = NULL;
	int c=0, err;
	LDAP *_ldap_conn = ldap_con_get();

	g_return_val_if_fail(query!=NULL, NULL);

	while (c++ < 5) {
		TRACE(TRACE_DEBUG, " [%s]", query);
		err = ldap_search_s(_ldap_conn, _ldap_cfg.base_dn, _ldap_cfg.scope_int, 
				query, _ldap_attrs, _ldap_attrsonly, &ldap_res);

		if (! err)
			return ldap_res;

		switch (err) {
			case LDAP_SERVER_DOWN:
				TRACE(TRACE_WARNING, "LDAP gone away: %s. Try to reconnect(%d/5).", ldap_err2string(err),c);
				if (authldap_reconnect())
					sleep(2); // reconnect failed. wait before trying again
				break;
			default:
				TRACE(TRACE_ERR, "LDAP error(%d): %s", err, ldap_err2string(err));
				return NULL;
				break;
		}
	}

	TRACE(TRACE_EMERG,"unrecoverable error while talking to ldap server");
	return NULL;
}
Пример #10
0
/* XXX - this is for a stopgap implementation of gfs_opendir() */
char *
gfarm_generic_info_get_foreach(
	char *dn,
	int scope, /* LDAP_SCOPE_ONELEVEL or LDAP_SCOPE_SUBTREE */
	char *query,
	void *tmp_info, /* just used as a work area */
	void (*callback)(void *, void *),
	void *closure,
	const struct gfarm_generic_info_ops *ops)
{
	LDAPMessage *res, *e;
	int i, rv;
	char *a;
	BerElement *ptr;
	char **vals;

	/* search for entries, return all attrs  */
	rv = ldap_search_s(gfarm_ldap_server, dn, scope, query, NULL, 0, &res);
	if (rv != LDAP_SUCCESS) {
		if (rv == LDAP_NO_SUCH_OBJECT)
			return (GFARM_ERR_NO_SUCH_OBJECT);
		return (ldap_err2string(rv));
	}

	/* step through each entry returned */
	for (i = 0, e = ldap_first_entry(gfarm_ldap_server, res); e != NULL;
	    e = ldap_next_entry(gfarm_ldap_server, e)) {

		ops->clear(tmp_info);

		for (a = ldap_first_attribute(gfarm_ldap_server, e, &ptr);
		    a != NULL;
		    a = ldap_next_attribute(gfarm_ldap_server, e, ptr)) {
			vals = ldap_get_values(gfarm_ldap_server, e, a);

			if (vals[0] == NULL) {
				ldap_value_free(vals);
				continue;
			}
			ops->set_field(tmp_info, a, vals);
			ldap_value_free(vals);
		}

		if (!ops->validate(tmp_info)) {
			/* invalid record */
			ops->free(tmp_info);
			continue;
		}
		(*callback)(closure, tmp_info);
		ops->free(tmp_info);
		i++;
	}
	/* free the search results */
	ldap_msgfree(res);

	if (i == 0)
		return (GFARM_ERR_NO_SUCH_OBJECT);
	return (NULL);
}
Пример #11
0
char *
gfarm_generic_info_get(
	void *key,
	void *info,
	const struct gfarm_generic_info_ops *ops)
{
	LDAPMessage *res, *e;
	int n, rv;
	char *a;
	BerElement *ber;
	char **vals;
	char *dn = ops->make_dn(key);
	char *error;

	if (dn == NULL)
		return (GFARM_ERR_NO_MEMORY);
	if ((error = gfarm_ldap_check()) != NULL)
		return (error);
	rv = ldap_search_s(gfarm_ldap_server, dn, 
	    LDAP_SCOPE_BASE, ops->query_type, NULL, 0, &res);
	free(dn);
	if (rv != LDAP_SUCCESS) {
		if (rv == LDAP_NO_SUCH_OBJECT)
			return (GFARM_ERR_NO_SUCH_OBJECT);
		return (ldap_err2string(rv));
	}
	n = ldap_count_entries(gfarm_ldap_server, res);
	if (n == 0) {
		/* free the search results */
		ldap_msgfree(res);
		return (GFARM_ERR_NO_SUCH_OBJECT);
	}
	ops->clear(info);
	e = ldap_first_entry(gfarm_ldap_server, res);

	ber = NULL;
	for (a = ldap_first_attribute(gfarm_ldap_server, e, &ber); a != NULL;
	    a = ldap_next_attribute(gfarm_ldap_server, e, ber)) {
		vals = ldap_get_values(gfarm_ldap_server, e, a);
		if (vals[0] != NULL)
			ops->set_field(info, a, vals);
		ldap_value_free(vals);
		ldap_memfree(a);
	}
	if (ber != NULL)
		ber_free(ber, 0);

	/* free the search results */
	ldap_msgfree(res);

	/* should check all fields are filled */
	if (!ops->validate(info)) {
		ops->free(info);
		/* XXX - different error code is better ? */
		return (GFARM_ERR_NO_SUCH_OBJECT);
	}

	return (NULL); /* success */
}
Пример #12
0
static int	check_ldap(const char *host, unsigned short port, int timeout, int *value_int)
{
	LDAP		*ldap	= NULL;
	LDAPMessage	*res	= NULL;
	LDAPMessage	*msg	= NULL;
	BerElement	*ber	= NULL;

	char	*attrs[2] = {"namingContexts", NULL };
	char	*attr	 = NULL;
	char	**valRes = NULL;
	int	ldapErr = 0;

	zbx_alarm_on(timeout);

	*value_int = 0;

	if (NULL == (ldap = ldap_init(host, port)))
	{
		zabbix_log(LOG_LEVEL_DEBUG, "LDAP - initialization failed [%s:%hu]", host, port);
		goto lbl_ret;
	}

	if (LDAP_SUCCESS != (ldapErr = ldap_search_s(ldap, "", LDAP_SCOPE_BASE, "(objectClass=*)", attrs, 0, &res)))
	{
		zabbix_log(LOG_LEVEL_DEBUG, "LDAP - searching failed [%s] [%s]", host, ldap_err2string(ldapErr));
		goto lbl_ret;
	}

	if (NULL == (msg = ldap_first_entry(ldap, res)))
	{
		zabbix_log(LOG_LEVEL_DEBUG, "LDAP - empty sort result. [%s] [%s]", host, ldap_err2string(ldapErr));
		goto lbl_ret;
	}

	if (NULL == (attr = ldap_first_attribute(ldap, msg, &ber)))
	{
		zabbix_log(LOG_LEVEL_DEBUG, "LDAP - empty first entry result. [%s] [%s]", host, ldap_err2string(ldapErr));
		goto lbl_ret;
	}

	valRes = ldap_get_values(ldap, msg, attr);

	*value_int = 1;
lbl_ret:
	zbx_alarm_off();

	if (NULL != valRes)
		ldap_value_free(valRes);
	if (NULL != attr)
		ldap_memfree(attr);
	if (NULL != ber)
		ber_free(ber, 0);
	if (NULL != res)
		ldap_msgfree(res);
	if (NULL != ldap)
		ldap_unbind(ldap);

	return SYSINFO_RET_OK;
}
Пример #13
0
/**
int  check_ldap_passwd(LDAP* ld, JBXL_LDAP_Dn user)

LDAP を使用してユーザ認証を行う.

@param  ld    LDAPサーバへのセッションハンドラ
@param  user  ユーザ情報が格納された JBXL_LDAP_Dn

@retval  0    正常終了.
@retval  1    ユーザ認証失敗(ユーザは存在するが,パスワードが一致しない)
@retval  2    ユーザ認証失敗(ユーザが存在しない)
@retval -1    LDAPサーバへのセッションハンドラが NULL
@retval -2    BASE名が不明
*/
int  check_ldap_passwd(LDAP* ld, JBXL_LDAP_Dn user)
{
    int   ret;
    char* dn_attr[] = {_tochar("distinguishedName"), NULL};

    if (ld==NULL) return -1;

    if (user.base.buf==NULL) user.base = dup_Buffer(JBXLdapDnBind->base);
    if (user.base.buf==NULL) return -2;

    //
    if (user.dnbind.buf==NULL) return 2;
    else {
        Buffer tmp = erase_sBuffer(user.dnbind, "*");
        copy_Buffer(&tmp, &user.dnbind);
        free_Buffer(&tmp);
    }
    if (user.dnbind.buf[0]=='\0') return 2;

    Buffer cond = make_Buffer_bystr("uid=");
    cat_Buffer(&user.dnbind, &cond);

    LDAPMessage* res = NULL;
    ret = ldap_search_s(ld, (char*)user.base.buf, LDAP_SCOPE_SUBTREE, (char*)cond.buf, dn_attr, 0, &res);
    if (res==NULL) return 2;

    LDAPMessage* ent = ldap_first_entry(ld, res);
    if (ent==NULL) {
        ldap_msgfree(res);
        return 2;
    }

    BerElement* ber = NULL;
    char* attr = ldap_first_attribute(ld, ent, &ber);
    if (attr==NULL) {
        ldap_msgfree(res);
        return 2;
    }

    char** dn = ldap_get_values(ld, ent, attr);
    ldap_memfree(attr);
    ldap_msgfree(res);
    if (dn==NULL || *dn==NULL) return 2;


    // ユーザチェック   Password "" is OK!! Ohhh GeroGero!!
    if (user.passwd.buf==NULL || user.passwd.buf[0]=='\0') return 1;


    // パスワード確認
    ret = ldap_simple_bind_s(ld, *dn, (char*)user.passwd.buf);
    if (ret!=LDAP_SUCCESS) return 1;

    // 念のため,セッションを確認
    //ret = ldap_compare_s(ld, *dn, "name", (char*)user.dnbind.buf);
    //if (ret!=LDAP_COMPARE_TRUE) return 1;

    return 0;
}
Пример #14
0
int login::proof()
{
	
	/* setup LDAP connection */
	if((ld=ldap_init(LDAP_HOST, LDAP_PORT)) == NULL) {
		perror("ldap_init failed");
		return EXIT_FAILURE;
	}
	printf("\nconnected to LDAP server %s on port %d\n",LDAP_HOST,LDAP_PORT);
	
	/* non-anonymous bind from home */
	rc = ldap_simple_bind_s(ld,BIND_USER,BIND_PW);
	
	if(rc != LDAP_SUCCESS) {
		fprintf(stderr,"\nLDAP error: %s\n",ldap_err2string(rc));
		return EXIT_FAILURE;
	} else {
		printf("\npretended anonymous bind successful\n");
	}
	
	/* perform LDAP search */
	rc = ldap_search_s(ld, SEARCHBASE, SCOPE, filter_c, attribs, 0, &result);
	
	if(rc != LDAP_SUCCESS) {
		fprintf(stderr,"\nLDAP search error: %s\n",ldap_err2string(rc));
		return EXIT_FAILURE;
	}else{
		printf("\nTotal results: %d\n", ldap_count_entries(ld, result));
		if(ldap_count_entries(ld,result) < 1) {
			fprintf(stderr,"\nUser nicht gefunden!\n");
			return EXIT_FAILURE;
		}
	}
	
	e = ldap_first_entry(ld, result);
	found = ldap_get_dn(ld,e);
	printf("\nDN: %s\n",found);
	
	/* User anmelden */
	rc = ldap_simple_bind_s(ld,found,passwd_c);
	
	if(rc != LDAP_SUCCESS) {
		fprintf(stderr,"\nLDAP error: %s\n",ldap_err2string(rc));
		return EXIT_FAILURE;
	} else {
		printf("\nbind successful\n");
	}
	
	
	/* free memory used for result */
	ldap_msgfree(result);
	free(attribs[0]);
	free(attribs[1]);
	printf("\nLDAP login succeeded\n");
	
	ldap_unbind(ld);
	return EXIT_SUCCESS;
}
Пример #15
0
/* ARGSUSED */
int _ns_ldap_search_s(char *service, int flags,
	char *base, int scope, char *filter,
	char **attrs, int attrsonly, LDAPMessage **res)
{
	LDAP *ld = __s_api_getLDAPconn(flags);

	return (ldap_search_s(ld, base, scope, filter,
		attrs, attrsonly, res));
}
Пример #16
0
int
main( int argc, char **argv )
{
	LDAP		*ld;
	LDAPMessage	*result, *e;
	BerElement	*ber;
	char		*a, *dn;
	char		**vals;
	int		i;

	/* get a handle to an LDAP connection */
	if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
		perror( "ldap_init" );
		return( 1 );
	}
	/* authenticate to the directory as nobody */
	if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_simple_bind_s" );
		ldap_unbind( ld );
		return( 1 );
	}
	/* search for all entries with surname of Jensen */
	if ( ldap_search_s( ld, MY_SEARCHBASE, LDAP_SCOPE_SUBTREE,
		MY_FILTER, NULL, 0, &result ) != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_search_s" );
		if ( result == NULL ) {
			ldap_unbind( ld );
			return( 1 );
		}
	}
	/* for each entry print out name + all attrs and values */
	for ( e = ldap_first_entry( ld, result ); e != NULL;
	    e = ldap_next_entry( ld, e ) ) {
		if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
		    printf( "dn: %s\n", dn );
		    ldap_memfree( dn );
		}
		for ( a = ldap_first_attribute( ld, e, &ber );
		    a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
			if ((vals = ldap_get_values( ld, e, a)) != NULL ) {
				for ( i = 0; vals[i] != NULL; i++ ) {
				    printf( "%s: %s\n", a, vals[i] );
				}
				ldap_value_free( vals );
			}
			ldap_memfree( a );
		}
		if ( ber != NULL ) {
			ber_free( ber, 0 );
		}
		printf( "\n" );
	}
	ldap_msgfree( result );
	ldap_unbind( ld );
	return( 0 );
}
Пример #17
0
char *gfarm_metadb_initialize(void)
{
	int rv;
	int port;
	char *e;
	LDAPMessage *res;

	if (gfarm_ldap_server_name == NULL)
		return ("gfarm.conf: ldap_serverhost is missing");
	if (gfarm_ldap_server_port == NULL)
		return ("gfarm.conf: ldap_serverport is missing");
	port = strtol(gfarm_ldap_server_port, &e, 0);
	if (e == gfarm_ldap_server_port || port <= 0 || port >= 65536)
		return ("gfarm.conf: ldap_serverport: "
			"illegal value");
	if (gfarm_ldap_base_dn == NULL)
		return ("gfarm.conf: ldap_base_dn is missing");

	/*
	 * initialize LDAP
	 */

	/* open a connection */
	gfarm_ldap_server = ldap_open(gfarm_ldap_server_name, port);
	if (gfarm_ldap_server == NULL) {
		switch (errno) {
		case EHOSTUNREACH:
			return ("gfarm meta-db ldap_serverhost "
				"access failed");
		case ECONNREFUSED:
			return ("gfarm meta-db ldap_serverport "
				"connection refused");
		default:
			return ("gfarm meta-db ldap_server "
				"access failed");
			/*return (strerror(errno));*/
		}
	}

	/* authenticate as nobody */
	rv = ldap_simple_bind_s(gfarm_ldap_server, NULL, NULL); 
	if (rv != LDAP_SUCCESS)
		return (ldap_err2string(rv));

	/* sanity check. base_dn can be accessed? */
	rv = ldap_search_s(gfarm_ldap_server, gfarm_ldap_base_dn,
	    LDAP_SCOPE_BASE, "objectclass=top", NULL, 0, &res);
	if (rv != LDAP_SUCCESS) {
		if (rv == LDAP_NO_SUCH_OBJECT)
			return ("gfarm meta-db ldap_base_dn not found");
		return ("gfarm meta-db ldap_base_dn access failed");
	}
	ldap_msgfree(res);

	return (NULL);
}
Пример #18
0
static int find_host(LDAP *ld, LDAPMessage **res, 
		     const char *bind_path, const char *host)
{
	int ret;
	char *exp;

	asprintf(&exp, "(samAccountName=%s$)", host);
	*res = NULL;
	ret = ldap_search_s(ld, bind_path, LDAP_SCOPE_SUBTREE, exp, NULL, 0, res);
	free(exp);
	return ret;
}
Пример #19
0
int
ldap_pvt_sasl_getmechs ( LDAP *ld, char **pmechlist )
{
	/* we need to query the server for supported mechs anyway */
	LDAPMessage *res, *e;
	char *attrs[] = { "supportedSASLMechanisms", NULL };
	char **values, *mechlist;
	int rc;

#ifdef NEW_LOGGING
	LDAP_LOG ( TRANSPORT, ENTRY, "ldap_pvt_sasl_getmech\n", 0, 0, 0 );
#else
	Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_getmech\n", 0, 0, 0 );
#endif

	rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE,
		NULL, attrs, 0, &res );

	if ( rc != LDAP_SUCCESS ) {
		return ld->ld_errno;
	}
		
	e = ldap_first_entry( ld, res );
	if ( e == NULL ) {
		ldap_msgfree( res );
		if ( ld->ld_errno == LDAP_SUCCESS ) {
			ld->ld_errno = LDAP_NO_SUCH_OBJECT;
		}
		return ld->ld_errno;
	}

	values = ldap_get_values( ld, e, "supportedSASLMechanisms" );
	if ( values == NULL ) {
		ldap_msgfree( res );
		ld->ld_errno = LDAP_NO_SUCH_ATTRIBUTE;
		return ld->ld_errno;
	}

	mechlist = ldap_charray2str( values, " " );
	if ( mechlist == NULL ) {
		LDAP_VFREE( values );
		ldap_msgfree( res );
		ld->ld_errno = LDAP_NO_MEMORY;
		return ld->ld_errno;
	} 

	LDAP_VFREE( values );
	ldap_msgfree( res );

	*pmechlist = mechlist;

	return LDAP_SUCCESS;
}
Пример #20
0
/* Remove the user from all groups below the given container */
int ad_group_subtree_remove_user(char *container_dn, char *user_dn) {
	LDAP *ds;
	char *filter;
	int filter_length;
	char *attrs[]={"1.1", NULL};
	LDAPMessage *res;
	LDAPMessage *entry;
	int result, num_results;
	char *group_dn=NULL;

	ds=ad_login();
	if(!ds) return ad_error_code;

	filter_length=(strlen(user_dn)+255);
	filter=malloc(filter_length);
	snprintf(filter, filter_length, 
		"(&(objectclass=group)(member=%s))", user_dn);

	result=ldap_search_s(ds, container_dn, LDAP_SCOPE_SUBTREE, 
				filter, attrs, 0, &res);
	if(result!=LDAP_SUCCESS) {
		snprintf(ad_error_msg, MAX_ERR_LENGTH, 
			"Error in ldap_search_s for ad_group_subtree_remove_user: %s", 
			ldap_err2string(result));
		ad_error_code=AD_LDAP_OPERATION_FAILURE;
		return ad_error_code;
	}
	free(filter);

	num_results=ldap_count_entries(ds, res);
	if(num_results==0) {
		ad_error_code=AD_SUCCESS;
		return ad_error_code;
	}

	entry=ldap_first_entry(ds, res);
	while(entry!=NULL) {
		group_dn=ldap_get_dn(ds, entry);
		if(ad_group_remove_user(group_dn, user_dn)!=AD_SUCCESS) {
			snprintf(ad_error_msg, MAX_ERR_LENGTH, 
				"Error in ad_group_subtree_remove_user"
				"\nwhen removing %s from %s:\n%s", 
				user_dn, group_dn, ad_error_msg);
			return ad_error_code;
		}
		entry=ldap_next_entry(ds, entry);
	}

	if(group_dn!=NULL) ldap_memfree(group_dn);
	ldap_msgfree(res);
	ad_error_code=AD_SUCCESS;
	return ad_error_code; 
}
Пример #21
0
// Sorry that this is kind of crappy, but passing the point to wstring
// is basically necessary unless you want thrashed memory for strings.
void AD::CNToAccountName(LPWSTR s, std::wstring *d)
{
    LDAPMessage *search = NULL;
    LDAPMessage *entry = NULL;
    PWCHAR attribute;
    PWCHAR *values;
    BerElement *berElement = NULL;
    DWORD i;
    DWORD j;
    LPWSTR filters[2];

    filters[0] = L"samAccountName";
    filters[1] = NULL;

    d->clear();

    if(ldap_search_s(ldap, s, LDAP_SCOPE_SUBTREE, NULL, filters, 0, &search) != LDAP_SUCCESS)
    {
        Util::Error(LdapGetLastError(), L"ldap_search_s()");
    }

    entry = ldap_first_entry(ldap, search);

    for(i = 0; i < ldap_count_entries(ldap, search); i++)
    {
        if(!i)
        {
            entry = ldap_first_entry(ldap, search);
        }
        else
        {
            entry = ldap_next_entry(ldap, entry);
        }

        attribute = ldap_first_attribute(ldap, entry, &berElement);

        while(attribute != NULL)
        {
            values = ldap_get_values(ldap, entry, attribute);
            if(lstrcmpi(attribute, L"samaccountname") == 0)
            {
                d->append(values[0]);
            }
            ldap_value_free(values);
            ldap_memfree(attribute);
            attribute = ldap_next_attribute(ldap, entry, berElement);
        }
    }
    ber_free(berElement, 0);
    ldap_msgfree(search);
}
Пример #22
0
/*
 * @uid: user's uid, list all users if * is passed in.
 */
static int ldap_count_users (CcnetUserManager *manager, const char *uid)
{
    LDAP *ld = NULL;
    int res;
    GString *filter;
    char *filter_str;
    char *attrs[2];
    LDAPMessage *msg = NULL;

    ld = ldap_init_and_bind (manager->ldap_host,
#ifdef WIN32
                             manager->use_ssl,
#endif
                             manager->user_dn,
                             manager->password);
    if (!ld)
        return -1;

    filter = g_string_new (NULL);
    if (!manager->filter)
        g_string_printf (filter, "(%s=%s)", manager->login_attr, uid);
    else
        g_string_printf (filter, "(&(%s=%s) (%s))",
                         manager->login_attr, uid, manager->filter);
    filter_str = g_string_free (filter, FALSE);

    attrs[0] = manager->login_attr;
    attrs[1] = NULL;

    char **base;
    int count = 0;
    for (base = manager->base_list; *base; ++base) {
        res = ldap_search_s (ld, *base, LDAP_SCOPE_SUBTREE,
                             filter_str, attrs, 0, &msg);
        if (res != LDAP_SUCCESS) {
            ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res));
            ldap_msgfree (msg);
            count = -1;
            goto out;
        }

        count += ldap_count_entries (ld, msg);
        ldap_msgfree (msg);
    }

out:
    g_free (filter_str);
    if (ld) ldap_unbind_s (ld);
    return count;
}
Пример #23
0
/*
  find a machine account given a hostname 
*/
int ads_find_machine_acct(ADS_STRUCT *ads, LDAPMessage **res, const char *host)
{
	int ret;
	char *exp;

	/* the easiest way to find a machine account anywhere in the tree
	   is to look for hostname$ */
	asprintf(&exp, "(samAccountName=%s$)", host);
	*res = NULL;
	ret = ldap_search_s(ads->ld, ads->bind_path, 
			    LDAP_SCOPE_SUBTREE, exp, NULL, 0, res);
	free(exp);
	return ret;
}
Пример #24
0
/*******************************************************************************
 函数名称  : dot1x_ldap_search_dn_timeout
 功能描述  : LDAP_SEARCH_DN状态查询用户DN
 输入参数  : user_data   ---   定时器参数,sm状态机
 输出参数  : 无
 返 回 值     : 无
------------------------------------------------------------
 最近一次修改记录 :
 修改作者   : 王群
 修改目的   : 新增函数
 修改日期   : 2011年6月2日
*******************************************************************************/
void dot1x_ldap_search_dn_timeout(void *user_data)
{
	s8 filter[1024];
	s32 retcode;
	s8 *userdn = NULL;
	LDAPMessage *res = NULL;
	LDAPMessage *msg = NULL;
	struct eapol_state_machine *sm = (struct eapol_state_machine *)user_data;

	snprintf(filter, sizeof(filter), "(%s=%s)", g_dot1x_var.ldap_conf.ldap_filter, sm->identity);
	/*执行查询操作*/
	retcode = ldap_search_s(sm->ldap_sm->ldap, g_dot1x_var.ldap_conf.ldap_basedn, LDAP_SCOPE_SUBTREE, filter, g_ldap_attrs, 0, &res);
	(sm->ldap_sm->req_count)++;
	if (LDAP_SUCCESS == retcode)
	{
		msg = ldap_first_entry(sm->ldap_sm->ldap, res);
		if (NULL == msg)
		{
			ldap_msgfree(res);
			return;
		}

		/*获得用户的dn*/
		userdn = ldap_get_dn(sm->ldap_sm->ldap, msg);
		if (NULL == userdn)
		{
			ldap_msgfree(res);
			return;
		}
		sm->ldap_sm->userdn = userdn;
		/*查询成功,进入LDAP_BIND_DN状态*/
		dot1x_ldap_bind_dn_entry(sm);
	}
	else if (LDAP_TIMEOUT == retcode &&
			sm->ldap_sm->req_count < g_dot1x_var.conf.retransmit_times)
	{
		/*重载定时器*/
		dloop_register_timeout(0, 0, dot1x_ldap_search_dn_timeout, sm);
	}
	else
	{
		/*关闭连接*/
		ldap_unbind(sm->ldap_sm->ldap);
		/*查询失败,进入LDAP_FAILURE状态*/
		dot1x_ldap_failure_entry(sm);
	}

	ldap_msgfree(res);
	return;
}
Пример #25
0
int _ldap_lookup(void)
{
	char *attrs[] = { NULL };
	char *filter, *dn;
	char **values;
	LDAP *ld;
	LDAPMessage *res, *entry;
	int ret;

	ld = ldap_init(LDAP_HOST, LDAP_PORT);
	if (!ld) {
		fprintf(stderr, "%s: unable to initialise ldap connection\n",
				prog);
		return 1;
	}

	ret = ldap_simple_bind_s(ld, LDAP_BIND_DN, LDAP_BIND_PASSWD);

	if (ret)
		return 1;

	filter = malloc(sizeof(LDAP_FILTER) + strlen(user) + strlen(host));
	sprintf(filter, LDAP_FILTER, user, host);

	ret = ldap_search_s(ld, LDAP_BASE, LDAP_SCOPE, filter, attrs, 0, &res);
	if (ret) {
		fprintf(stderr, "%s: ldap search failed: %s\n", prog,
				ldap_err2string(ret));
		return 1;
	}

	entry = ldap_first_entry(ld, res);


	if (!entry)
		return 1;

	dn = ldap_get_dn(ld, res);
	
	ldap_msgfree(res);

	ret = ldap_simple_bind_s(ld, dn, password);

	if (ret)
		return 1;

	ldap_memfree(dn);
	ldap_unbind(ld);
	return 0;
}
Пример #26
0
int _ldap_get_home_param(void)
{
	char *attrs[] = { NULL };
	char *filter, *dn;
	char **values;
	LDAP *ld;
	LDAPMessage *res, *entry;
	int ret;
	
	ld = ldap_init(LDAP_HOST, LDAP_PORT);
	if (!ld) {
		fprintf(stderr, "%s: unable to initialise ldap connection\n",
				prog);
		return 1;
		} 

	ret = ldap_simple_bind_s(ld, LDAP_BIND_DN, LDAP_BIND_PASSWD);
	if (ret)
		return 1;

	filter = malloc(sizeof(LDAP_FILTER) + strlen(user) + strlen(host));
	sprintf(filter, LDAP_FILTER, user, host);
	
	ret = ldap_search_s(ld, LDAP_BASE, LDAP_SCOPE, filter, attrs, 0, &res);

	if (ret) {
		fprintf(stderr, "%s: ldap search failed: %s\n", prog,
				ldap_err2string(ret));
		return 1;
	}
	
	entry = ldap_first_entry(ld, res);
	if (!entry)
		return 1;

	values = ldap_get_values(ld, entry, LDAP_HOME_PARAM);
	if (values && values[0])
		{
		homeparam = malloc(strlen(values[0]) + strlen("../../") + 1);
		strcpy(homeparam,values[0]); 
		strcat(homeparam,"../../");
		}
	ldap_msgfree(res);
	ldap_unbind(ld);
	return 0;
}
Пример #27
0
BOOL kuhl_m_sid_quickSearch(int argc, wchar_t * argv[], BOOL needUnique, PCWCHAR system, PLDAP *ld, PLDAPMessage *pMessage)
{
	BOOL status = FALSE;
	DWORD dwErr;
	PWCHAR myAttrs[] = {L"name", L"sAMAccountName", L"objectSid", L"sIDHistory", L"objectGUID", NULL}, dn, filter;
	if(filter = kuhl_m_sid_filterFromArgs(argc, argv))
	{
		if(kuhl_m_sid_getLdapAndRootDN(system, ld, &dn))
		{
			*pMessage = NULL;
			dwErr = ldap_search_s(*ld, dn, LDAP_SCOPE_SUBTREE, filter, myAttrs, FALSE, pMessage);
			if(status = (dwErr == LDAP_SUCCESS))
			{
				switch(ldap_count_entries(*ld, *pMessage))
				{
				case 0:
					status = FALSE;
					PRINT_ERROR(L"No result! - filter was \'%s\'\n", filter);
					break;
				case 1:
					break;
				default:
					if(needUnique)
					{
						PRINT_ERROR(L"Not unique - Please: don\'t brick your AD! - filter was \'%s\'\n", filter);
						status = FALSE;
					}
					break;
				}
			}
			else PRINT_ERROR(L"ldap_search_s 0x%x (%u)\n", dwErr, dwErr);
			
			if(status)
				kuhl_m_sid_displayMessage(*ld, *pMessage);
			else
			{
				if(*pMessage)
					ldap_msgfree(*pMessage);
				ldap_unbind(*ld);
			}
			LocalFree(dn);			
		}
		LocalFree(filter);
	}
	return status;
}
Пример #28
0
/**
 * The public method auth authenticats the user with username and password
 * Parameters:
 * 		std::string *username: a reverence to the username
 * 		std::string *pw: a reverence to the password
 * Return:
 * 		bool: true if auth successfull
 */
bool LDAPConnection::auth(std::string *username, std::string *pw){
	int rc = 0;
	LDAPMessage *result, *entry;
	std::string filter = "(uid=";
	filter.append(*username);
	filter.append(")");

	//searches for user
	rc = ldap_search_s(this->ld, SEARCHBASE, SCOPE, filter.c_str(), this->attribs, 0, &result);
	if(rc != LDAP_SUCCESS){
		std::cout << ldap_err2string(rc) << std::endl;
		ldap_msgfree(result);
		return false;
	}

	//counts results
	if(ldap_count_entries(this->ld, result) != 1){
		ldap_msgfree(result);
		return false;
	}

	//gets user dn
	entry = ldap_first_entry(this->ld, result);
	std::string dn = ldap_get_dn(this->ld,entry);
	ldap_msgfree(result);

	//initializes a new ldap connection
	LDAP *ldp;
	ldap_initialize(&ldp, LDAP_HOST);
	if(ldp == NULL){
		return false;
	}

	//tries to bind the user
	rc = ldap_simple_bind_s(ldp, dn.c_str(), pw->c_str());

	if(rc != LDAP_SUCCESS){
		ldap_unbind(ldp);
		return false;
	}

	//closes the new ldap connection
	ldap_unbind(ldp);
	return true;
}
Пример #29
0
static int fldap_readdir(const char* path, void* buf, fuse_fill_dir_t filler, off_t offset, struct fuse_file_info* fi) {
  static char* attrs[] = {"filename", NULL};
  LDAPMessage* msg = NULL;
  LDAPMessage* entry = NULL;
  BerElement* ber = NULL;
  char* dn;
  char** vals;
  char* attr;

  /* The path returned should look like that "/path/to/the/folder".
   *  After the split, we should have something like that:
   *  ou=folder,ou=the,ou=to,ou=path,dc=example,dc=com
   *  This is the dn of the folder.
   */

  filler(buf, ".", NULL, 0);
  filler(buf, "..", NULL, 0);
  dn = path_to_dn(path, "ou=");
  if (ldap_search_s(ld, dn, LDAP_SCOPE_ONE, "(ObjectClass=*)", attrs, 0, &msg) != LDAP_SUCCESS) {
    return -ENOENT;
    free(dn);
  }
  entry = ldap_first_entry(ld, msg);
  if (!entry) {
    ldap_msgfree(msg);
    free(dn);
    return 0;
  }

  for (entry = ldap_first_entry(ld, msg); entry != NULL; entry = ldap_next_entry(ld, entry)) {
    for( attr = ldap_first_attribute(ld, entry, &ber); attr != NULL; attr = ldap_next_attribute(ld, entry, ber)) {
      if ((vals = ldap_get_values(ld, entry, attr)) != NULL)  {
	if (!strcmp("filename", attr))
	  filler(buf, vals[0], NULL, 0);
	ldap_value_free(vals);
      }
      ldap_memfree(attr);
    }
    ber_free(ber,0);
  }
  ldap_msgfree(msg);

  free(dn);
  return 0;
}
Пример #30
0
static int fldap_write(const char* path, const char* data, size_t size, off_t offset, struct fuse_file_info* fi) {
  static char* attrs[] = {"description", NULL};
  LDAPMessage* msg = NULL;
  LDAPMessage* entry = NULL;
  BerElement* ber = NULL;
  char* buf = NULL;
  char strsize[32];
  char* dn;
  char** vals;
  char* attr;

  dn = path_to_dn(path, "cn=");
  ldap_search_s(ld, dn, LDAP_SCOPE_BASE, "(ObjectClass=*)", attrs, 0, &msg);
  entry = ldap_first_entry(ld, msg);

  if (!entry) {
    ldap_msgfree(msg);
    free(dn);
    return -ENOENT;
  }
  for (entry = ldap_first_entry(ld, msg); entry != NULL; entry = ldap_next_entry(ld, entry)) {
    for (attr = ldap_first_attribute(ld, entry, &ber); attr != NULL; attr = ldap_next_attribute(ld, entry, ber)) {
      if (!strcmp(attr, "description") && ((vals = ldap_get_values(ld, entry, attr)) != NULL))  {
	buf = calloc(strlen(vals[0]) + size + 1, sizeof(char));
	strncpy(buf, vals[0], offset);
	strncat(buf, data, size);
	ldap_value_free(vals);
      }
      ldap_memfree(attr);
    }
    ber_free(ber, 0);
  }
  ldap_msgfree(msg);
  if (!buf) {
    buf = calloc(size + 1, sizeof(char));
    strncpy(buf, data, size);
  }
  snprintf(strsize, 32, "%"PRIi32, (int)strlen(buf));
  modify_attr(path, LDAP_MOD_REPLACE, "description", buf);
  modify_attr(path, LDAP_MOD_REPLACE, "stsize", strsize);
  free(dn);
  free(buf);
  return size;
}