void Connect() { std::string server = config->getString("server"); int i = ldap_initialize(&this->con, server.c_str()); if (i != LDAP_SUCCESS) throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + ldap_err2string(i)); const int version = LDAP_VERSION3; i = ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version); if (i != LDAP_OPT_SUCCESS) { ldap_unbind_ext(this->con, NULL, NULL); this->con = NULL; throw LDAPException("Unable to set protocol version for " + this->name + ": " + ldap_err2string(i)); } const struct timeval tv = { 0, 0 }; i = ldap_set_option(this->con, LDAP_OPT_NETWORK_TIMEOUT, &tv); if (i != LDAP_OPT_SUCCESS) { ldap_unbind_ext(this->con, NULL, NULL); this->con = NULL; throw LDAPException("Unable to set timeout for " + this->name + ": " + ldap_err2string(i)); } }
void TlsOptions::getOption( tls_option opt, void* value ) const { int ret = ldap_get_option( m_ld, optmap[opt].optval, value); if ( ret != LDAP_OPT_SUCCESS ) { if ( ret != LDAP_OPT_ERROR ){ throw( LDAPException( ret )); } else { throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) ); } } }
void TlsOptions::newCtx() const { int val = 0; int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val); if ( ret != LDAP_OPT_SUCCESS ) { if ( ret != LDAP_OPT_ERROR ){ throw( LDAPException( ret )); } else { throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) ); } } }
/* * Copyright 2010-2013 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ #include "TlsOptions.h" #include "LDAPException.h" enum opttype { INT=0, STRING, OTHER }; typedef struct tls_optmap { int optval; opttype type; } tls_optmap_t; static tls_optmap_t optmap[] = { { LDAP_OPT_X_TLS_CACERTFILE, STRING }, { LDAP_OPT_X_TLS_CACERTDIR, STRING }, { LDAP_OPT_X_TLS_CERTFILE, STRING }, { LDAP_OPT_X_TLS_KEYFILE, STRING }, { LDAP_OPT_X_TLS_REQUIRE_CERT, INT }, { LDAP_OPT_X_TLS_PROTOCOL_MIN, INT }, { LDAP_OPT_X_TLS_CIPHER_SUITE, STRING }, { LDAP_OPT_X_TLS_RANDOM_FILE, STRING }, { LDAP_OPT_X_TLS_CRLCHECK, INT }, { LDAP_OPT_X_TLS_DHFILE, STRING }, { LDAP_OPT_X_TLS_NEWCTX, INT } }; #if 0 /* not implemented currently */ static const int TLS_CRLFILE /* GNUtls only */ static const int TLS_SSL_CTX /* OpenSSL SSL* */ static const int TLS_CONNECT_CB static const int TLS_CONNECT_ARG #endif static void checkOpt( TlsOptions::tls_option opt, opttype type ) { if ( opt < TlsOptions::CACERTFILE || opt >= TlsOptions::LASTOPT ){ throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) ); } if ( optmap[opt].type != type ){ throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) ); } }
void Connect() { int i = ldap_initialize(&this->con, this->server.c_str()); if (i != LDAP_SUCCESS) throw LDAPException("Unable to connect to LDAP service " + this->GetName() + ": " + ldap_err2string(i)); const int version = LDAP_VERSION3; i = ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version); if (i != LDAP_OPT_SUCCESS) throw LDAPException("Unable to set protocol version for " + this->GetName() + ": " + ldap_err2string(i)); const struct timeval tv = { 0, 0 }; i = ldap_set_option(this->con, LDAP_OPT_NETWORK_TIMEOUT, &tv); if (i != LDAP_OPT_SUCCESS) throw LDAPException("Unable to set timeout for " + this->GetName() + ": " + ldap_err2string(i)); }
void Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter) override { if (i == NULL) throw LDAPException("No interface"); LDAPSearch *s = new LDAPSearch(this, i, base, filter); QueueRequest(s); }
void OnNickIdentify(User *u) { try { if (!this->ldap) throw LDAPException("No LDAP interface. Is m_ldap loaded and configured correctly?"); else if (this->basedn.empty() || this->filter.empty() || opertype_attribute.empty()) throw LDAPException("Could not search LDAP for opertype settings, invalid configuration."); if (!this->binddn.empty()) this->ldap->Bind(NULL, this->binddn.replace_all_cs("%a", u->Account()->display), this->password.c_str()); LDAPQuery id = this->ldap->Search(&this->iinterface, this->basedn, this->filter.replace_all_cs("%a", u->Account()->display)); this->iinterface.Add(id, u->nick); } catch (const LDAPException &ex) { Log() << "m_ldapoper: " << ex.GetReason(); } }
void Reconnect() { /* Only try one connect a minute. It is an expensive blocking operation */ if (last_connect > Anope::CurTime - 60) throw LDAPException("Unable to connect to LDAP service " + this->GetName() + ": reconnecting too fast"); last_connect = Anope::CurTime; ldap_unbind_ext(this->con, NULL, NULL); Connect(); }
void TlsOptions::setOption( tls_option opt, const std::string& value ) const { checkOpt(opt, STRING); switch(opt) { case TlsOptions::CACERTFILE : case TlsOptions::CERTFILE : case TlsOptions::KEYFILE : { // check if the supplied file is actually readable std::ifstream ifile(value.c_str()); if ( !ifile ) { throw( LDAPException( LDAP_LOCAL_ERROR, "Unable to open the supplied file for reading" ) ); } } break; case TlsOptions::CACERTDIR : { struct stat st; std::ostringstream msg; bool fail=false; int err = stat(value.c_str(),&st); if ( err ) { msg << strerror(errno); fail = true; } else { if ( !S_ISDIR(st.st_mode) ){ msg << "The supplied path is not a directory."; fail = true; } } if ( fail ) { std::ostringstream errstr; errstr << "Error while setting Certificate Directory (" << value << "): " << msg.str(); throw( LDAPException( LDAP_LOCAL_ERROR, errstr.str() ) ); } } break; } this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() ); }