int get_connected_ldap_session(char* _lds_name, struct ld_session** _lds) { /* * get ld session */ if ((*_lds = get_ld_session(_lds_name)) == NULL) { LM_ERR("[%s]: ldap_session not found\n", _lds_name); return -1; } /* try to reconnect if ldap session handle is NULL */ if ((*_lds)->handle == NULL) { if (ldap_reconnect(_lds_name) == 0) { if ((*_lds = get_ld_session(_lds_name)) == NULL) { LM_ERR("[%s]: ldap_session not found\n", _lds_name); return -1; } } else { if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } ldap_disconnect(_lds_name); LM_ERR("[%s]: reconnect failed\n", _lds_name); return -1; } } /* free old last_ldap_result */ /* * this is done now in lds_search * if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } */ return 0; }
int ldap_disconnect(char* _ld_name) { struct ld_session* lds; /* * get ld session */ if ((lds = get_ld_session(_ld_name)) == NULL) { LM_ERR("ld_session [%s] not found\n", _ld_name); return -1; } if (lds->handle == NULL) { return 0; } ldap_unbind_ext(lds->handle, NULL, NULL); lds->handle = NULL; return 0; }
int ldap_connect(char* _ld_name) { int rc; int ldap_bind_result_code; char *ldap_err_str; int ldap_proto_version; int msgid; LDAPMessage *result; struct ld_session* lds; struct berval ldap_cred; /* * get ld session and session config parameters */ if ((lds = get_ld_session(_ld_name)) == NULL) { LM_ERR("ld_session [%s] not found\n", _ld_name); return -1; } /* * ldap_initialize */ rc = ldap_initialize(&lds->handle, lds->host_name); if (rc != LDAP_SUCCESS) { LM_ERR( "[%s]: ldap_initialize (%s) failed: %s\n", _ld_name, lds->host_name, ldap_err2string(rc)); return -1; } /* * set LDAP OPTIONS */ /* LDAP_OPT_PROTOCOL_VERSION */ switch (lds->version) { case 2: ldap_proto_version = LDAP_VERSION2; break; case 3: ldap_proto_version = LDAP_VERSION3; break; default: LM_ERR( "[%s]: Invalid LDAP protocol version [%d]\n", _ld_name, lds->version); return -1; } if (ldap_set_option(lds->handle, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto_version) != LDAP_OPT_SUCCESS) { LM_ERR( "[%s]: Could not set LDAP_OPT_PROTOCOL_VERSION [%d]\n", _ld_name, ldap_proto_version); return -1; } /* LDAP_OPT_RESTART */ if (ldap_set_option(lds->handle, LDAP_OPT_RESTART, LDAP_OPT_ON) != LDAP_OPT_SUCCESS) { LM_ERR("[%s]: Could not set LDAP_OPT_RESTART to ON\n", _ld_name); return -1; } /* LDAP_OPT_TIMELIMIT */ /* if (lds->server_search_timeout > 0) { if (ldap_set_option(lds->handle, LDAP_OPT_TIMELIMIT, &lds->server_search_timeout) != LDAP_OPT_SUCCESS) { LM_ERR("[%s]: Could not set LDAP_OPT_TIMELIMIT to [%d]\n", _ld_name, lds->server_search_timeout); return -1; } } */ /* LDAP_OPT_NETWORK_TIMEOUT */ if ((lds->network_timeout.tv_sec > 0) || (lds->network_timeout.tv_usec > 0)) { if (ldap_set_option(lds->handle, LDAP_OPT_NETWORK_TIMEOUT, (const void *)&lds->network_timeout) != LDAP_OPT_SUCCESS) { LM_ERR( "[%s]: Could not set" " LDAP_NETWORK_TIMEOUT to [%d.%d]\n", _ld_name, (int)lds->network_timeout.tv_sec, (int)lds->network_timeout.tv_usec); } } /* * ldap_sasl_bind (LDAP_SASL_SIMPLE) */ ldap_cred.bv_val = lds->bind_pwd; ldap_cred.bv_len = strlen(lds->bind_pwd); rc = ldap_sasl_bind( lds->handle, lds->bind_dn, LDAP_SASL_SIMPLE, &ldap_cred, NULL, NULL, &msgid); if (rc != LDAP_SUCCESS) { LM_ERR( "[%s]: ldap bind failed: %s\n", _ld_name, ldap_err2string(rc)); return -1; } if ((lds->client_bind_timeout.tv_sec == 0) && (lds->client_bind_timeout.tv_usec == 0)) { rc = ldap_result(lds->handle, msgid, 1, NULL, &result); } else { rc = ldap_result(lds->handle, msgid, 1, &lds->client_bind_timeout, &result); } if (rc == -1) { ldap_get_option(lds->handle, LDAP_OPT_ERROR_NUMBER, &rc); ldap_err_str = ldap_err2string(rc); LM_ERR( "[%s]: ldap_result failed: %s\n", _ld_name, ldap_err_str); return -1; } else if (rc == 0) { LM_ERR("[%s]: bind operation timed out\n", _ld_name); return -1; } rc = ldap_parse_result( lds->handle, result, &ldap_bind_result_code, NULL, NULL, NULL, NULL, 1); if (rc != LDAP_SUCCESS) { LM_ERR( "[%s]: ldap_parse_result failed: %s\n", _ld_name, ldap_err2string(rc)); return -1; } if (ldap_bind_result_code != LDAP_SUCCESS) { LM_ERR( "[%s]: ldap bind failed: %s\n", _ld_name, ldap_err2string(ldap_bind_result_code)); return -1; } /* freeing result leads to segfault ... bind result is probably used by openldap lib */ /* ldap_msgfree(result); */ LM_DBG( "[%s]: LDAP bind successful (ldap_host [%s])\n", _ld_name, lds->host_name); return 0; }
int ldap_connect(char* _ld_name) { int rc; int ldap_proto_version; struct ld_session* lds; struct berval ldap_cred; struct berval* ldap_credp; /* struct berval* serv_cred = (struct berval*)pkg_malloc(sizeof(struct berval)); if(!serv_cred){ LM_ERR("Out of mem\n"); return -1; } */ /* * get ld session and session config parameters */ if ((lds = get_ld_session(_ld_name)) == NULL) { LM_ERR("ld_session [%s] not found\n", _ld_name); return -1; } /* * ldap_initialize */ rc = ldap_initialize(&lds->handle, lds->host_name); if (rc != LDAP_SUCCESS) { LM_ERR( "[%s]: ldap_initialize (%s) failed: %s\n", _ld_name, lds->host_name, ldap_err2string(rc)); return -1; } /* * set LDAP OPTIONS */ /* LDAP_OPT_PROTOCOL_VERSION */ switch (lds->version) { case 2: ldap_proto_version = LDAP_VERSION2; break; case 3: ldap_proto_version = LDAP_VERSION3; break; default: LM_ERR( "[%s]: Invalid LDAP protocol version [%d]\n", _ld_name, lds->version); return -1; } if (ldap_set_option(lds->handle, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto_version) != LDAP_OPT_SUCCESS) { LM_ERR( "[%s]: Could not set LDAP_OPT_PROTOCOL_VERSION [%d]\n", _ld_name, ldap_proto_version); return -1; } /* LDAP_OPT_RESTART */ if (ldap_set_option(lds->handle, LDAP_OPT_RESTART, LDAP_OPT_ON) != LDAP_OPT_SUCCESS) { LM_ERR("[%s]: Could not set LDAP_OPT_RESTART to ON\n", _ld_name); return -1; } /* LDAP_OPT_TIMELIMIT */ /* if (lds->server_search_timeout > 0) { if (ldap_set_option(lds->handle, LDAP_OPT_TIMELIMIT, &lds->server_search_timeout) != LDAP_OPT_SUCCESS) { LM_ERR("[%s]: Could not set LDAP_OPT_TIMELIMIT to [%d]\n", _ld_name, lds->server_search_timeout); return -1; } } */ /* LDAP_OPT_NETWORK_TIMEOUT */ if ((lds->network_timeout.tv_sec > 0) || (lds->network_timeout.tv_usec > 0)) { if (ldap_set_option(lds->handle, LDAP_OPT_NETWORK_TIMEOUT, (const void *)&lds->network_timeout) != LDAP_OPT_SUCCESS) { LM_ERR( "[%s]: Could not set" " LDAP_NETWORK_TIMEOUT to [%d.%d]\n", _ld_name, (int)lds->network_timeout.tv_sec, (int)lds->network_timeout.tv_usec); } } /* if timeout == 0 then use default */ if ((lds->client_bind_timeout.tv_sec == 0) && (lds->client_bind_timeout.tv_usec == 0)) { lds->client_bind_timeout.tv_sec = CFG_DEF_LDAP_CLIENT_BIND_TIMEOUT / 1000; lds->client_bind_timeout.tv_usec = (CFG_DEF_LDAP_CLIENT_BIND_TIMEOUT % 1000) * 1000; } rc = ldap_set_option(lds->handle, LDAP_OPT_TIMEOUT, &lds->client_bind_timeout); if(rc != LDAP_SUCCESS){ LM_ERR("[%s]: ldap set option LDAP_OPT_TIMEOUT failed\n", _ld_name); return -1; } /* if no "ldap_bind_password" then anonymous */ ldap_cred.bv_val = lds->bind_pwd; ldap_cred.bv_len = strlen(lds->bind_pwd); if(ldap_cred.bv_len == 0 || ldap_cred.bv_val[0]==0){ ldap_credp = NULL; }else{ ldap_credp = &ldap_cred; } /* * ldap_sasl_bind (LDAP_SASL_SIMPLE) */ rc = ldap_sasl_bind_s( lds->handle, lds->bind_dn, LDAP_SASL_SIMPLE, ldap_credp, NULL, NULL, NULL /*&serv_cred */ ); if (rc != LDAP_SUCCESS) { LM_ERR( "[%s]: ldap bind failed: %s\n", _ld_name, ldap_err2string(rc)); return -1; } LM_DBG( "[%s]: LDAP bind successful (ldap_host [%s])\n", _ld_name, lds->host_name); return 0; }