/*********************************************************************** * ldap_add_sW (WLDAP32.@) * * Add an entry to a directory tree (synchronous operation). * * PARAMS * ld [I] Pointer to an LDAP context. * dn [I] DN of the entry to add. * attrs [I] Pointer to an array of LDAPModW structures, each * specifying an attribute and its values to add. * * RETURNS * Success: LDAP_SUCCESS * Failure: An LDAP error code. */ ULONG CDECL ldap_add_sW( WLDAP32_LDAP *ld, PWCHAR dn, LDAPModW *attrs[] ) { ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED; #ifdef HAVE_LDAP char *dnU = NULL; LDAPMod **attrsU = NULL; ret = WLDAP32_LDAP_NO_MEMORY; TRACE( "(%p, %s, %p)\n", ld, debugstr_w(dn), attrs ); if (!ld) return WLDAP32_LDAP_PARAM_ERROR; if (dn) { dnU = strWtoU( dn ); if (!dnU) goto exit; } if (attrs) { attrsU = modarrayWtoU( attrs ); if (!attrsU) goto exit; } ret = map_error( ldap_add_ext_s( ld, dn ? dnU : "", attrs ? attrsU : nullattrs, NULL, NULL )); exit: strfreeU( dnU ); modarrayfreeU( attrsU ); #endif return ret; }
DWORD VdcLdapAddGroup( LDAP* pLd, PCSTR pszDN, PCSTR pszCN ) { DWORD dwError = 0; PCSTR valsCn[] = {pszCN, NULL}; PCSTR valssAMActName[] = {pszCN, NULL}; PCSTR valsClass[] = {OC_TOP, OC_GROUP, NULL}; LDAPMod mod[3]={ {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}}, {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}}, {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}} }; LDAPMod* attrs[] = {&mod[0], &mod[1], &mod[2], NULL}; dwError = ldap_add_ext_s( pLd, pszDN, attrs, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); cleanup: return dwError; error: goto cleanup; }
krb5_error_code krb5_ldap_create_krbcontainer(krb5_context context, const char *dn) { LDAP *ld=NULL; char *strval[2]={NULL}, **rdns=NULL; LDAPMod **mods = NULL; krb5_error_code st=0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; SETUP_CONTEXT (); /* get ldap handle */ GET_HANDLE (); if (dn == NULL) { st = EINVAL; k5_setmsg(context, st, _("Kerberos Container information is missing")); goto cleanup; } strval[0] = "krbContainer"; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0) goto cleanup; rdns = ldap_explode_dn(dn, 1); if (rdns == NULL) { st = EINVAL; k5_setmsg(context, st, _("Invalid Kerberos container DN")); goto cleanup; } strval[0] = rdns[0]; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0) goto cleanup; /* create the kerberos container */ st = ldap_add_ext_s(ld, dn, mods, NULL, NULL); if (st == LDAP_ALREADY_EXISTS) st = LDAP_SUCCESS; if (st != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_ADD); k5_setmsg(context, st, _("Kerberos Container create FAILED: %s"), ldap_err2string(ost)); goto cleanup; } cleanup: if (rdns) ldap_value_free (rdns); ldap_mods_free(mods, 1); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return(st); }
int LDAPAdd::run() { LDAPMod **mods = LDAPService::BuildMods(attributes); int i = ldap_add_ext_s(service->GetConnection(), dn.c_str(), mods, NULL, NULL); LDAPService::FreeMods(mods); return i; }
krb5_error_code ipadb_simple_add(struct ipadb_context *ipactx, char *dn, LDAPMod **mods) { int ret; ret = ldap_add_ext_s(ipactx->lcontext, dn, mods, NULL, NULL); /* first test if we need to retry to connect */ if (ret != 0 && ipadb_need_retry(ipactx, ret)) { ret = ldap_add_ext_s(ipactx->lcontext, dn, mods, NULL, NULL); } return ipadb_simple_ldap_to_kerr(ret); }
DWORD VdcLdapAddContainer( LDAP* pLd, PCSTR pszDN, PCSTR pszCN ) { DWORD dwError = 0; PCSTR valsCn[] = {pszCN, NULL}; PCSTR valsClass[] = {OC_TOP, OC_CONTAINER, NULL}; LDAPMod mod[2]={ {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}}, {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}} }; LDAPMod* attrs[] = {&mod[0], &mod[1], NULL}; dwError = ldap_add_ext_s( pLd, pszDN, attrs, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); cleanup: return dwError; error: goto cleanup; }
/* ARGSUSED */ int _ns_ldap_add_ext_s(char *service, int flags, char *dn, LDAPMod **attrs, LDAPControl ** serverctrls, LDAPControl **clientctrls) { LDAP *ld = __s_api_getLDAPconn(flags); return (ldap_add_ext_s(ld, dn, attrs, serverctrls, clientctrls)); }
DWORD VmDirTestCreateContainer( PVMDIR_TEST_STATE pState, PCSTR pszContainer, PCSTR pszAcl /* OPTIONAL */ ) { DWORD dwError = 0; PCSTR valsCn[] = {pszContainer, NULL}; PCSTR valsClass[] = {"top", "container", NULL}; PCSTR valsAcl[] = {pszAcl, NULL}; PSTR pszDN = NULL; LDAPMod mod[]={ {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}}, {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}, {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}}, }; LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], NULL}; if (IsNullOrEmptyString(pszContainer)) { valsCn[0] = VmDirTestGetTestContainerCn(pState); dwError = VmDirAllocateStringPrintf( &pszDN, "cn=%s,%s", VmDirTestGetTestContainerCn(pState), pState->pszBaseDN); BAIL_ON_VMDIR_ERROR(dwError); } else { dwError = VmDirAllocateStringPrintf( &pszDN, "cn=%s,cn=%s,%s", pszContainer, VmDirTestGetTestContainerCn(pState), pState->pszBaseDN); BAIL_ON_VMDIR_ERROR(dwError); } if (IsNullOrEmptyString(pszAcl)) { attrs[2] = NULL; } dwError = ldap_add_ext_s( pState->pLd, pszDN, attrs, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); cleanup: VMDIR_SAFE_FREE_STRINGA(pszDN); return dwError; error: goto cleanup; }
static DWORD VMCACreateCAObject( PVMCA_LDAP_CONTEXT pContext, PCSTR pszCACN, PCSTR pszCADN ) { DWORD dwError = 0; PSTR ppszObjectClassValues[] = { "vmwCertificationAuthority", "pkiCA", "top", NULL }; char* modv_cn[] = { (PSTR)pszCACN, NULL }; LDAPMod mod_object = {0}; LDAPMod mod_cn = {0}; LDAPMod *mods[] = { &mod_object, &mod_cn, NULL }; mod_cn.mod_op = LDAP_MOD_ADD; mod_cn.mod_type = ATTR_CN; mod_cn.mod_values = modv_cn; mod_object.mod_op = LDAP_MOD_ADD; mod_object.mod_type = ATTR_OBJECTCLASS; mod_object.mod_values = ppszObjectClassValues; dwError = ldap_add_ext_s( pContext->pConnection, (PSTR)pszCADN, mods, NULL, NULL ); BAIL_ON_ERROR(dwError); cleanup: return dwError; error : goto cleanup; }
/*********************************************************************** * ldap_add_ext_sW (WLDAP32.@) * * Add an entry to a directory tree (synchronous operation). * * PARAMS * ld [I] Pointer to an LDAP context. * dn [I] DN of the entry to add. * attrs [I] Pointer to an array of LDAPModW structures, each * specifying an attribute and its values to add. * serverctrls [I] Array of LDAP server controls. * clientctrls [I] Array of LDAP client controls. * * RETURNS * Success: LDAP_SUCCESS * Failure: An LDAP error code. * * NOTES * The serverctrls and clientctrls parameters are optional and * should be set to NULL if not used. */ ULONG CDECL ldap_add_ext_sW( WLDAP32_LDAP *ld, PWCHAR dn, LDAPModW *attrs[], PLDAPControlW *serverctrls, PLDAPControlW *clientctrls ) { ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED; #ifdef HAVE_LDAP char *dnU = NULL; LDAPMod **attrsU = NULL; LDAPControl **serverctrlsU = NULL, **clientctrlsU = NULL; ret = WLDAP32_LDAP_NO_MEMORY; TRACE( "(%p, %s, %p, %p, %p)\n", ld, debugstr_w(dn), attrs, serverctrls, clientctrls ); if (!ld) return WLDAP32_LDAP_PARAM_ERROR; if (dn) { dnU = strWtoU( dn ); if (!dnU) goto exit; } if (attrs) { attrsU = modarrayWtoU( attrs ); if (!attrsU) goto exit; } if (serverctrls) { serverctrlsU = controlarrayWtoU( serverctrls ); if (!serverctrlsU) goto exit; } if (clientctrls) { clientctrlsU = controlarrayWtoU( clientctrls ); if (!clientctrlsU) goto exit; } ret = map_error( ldap_add_ext_s( ld, dn ? dnU : "", attrs ? attrsU : nullattrs, serverctrlsU, clientctrlsU )); exit: strfreeU( dnU ); modarrayfreeU( attrsU ); controlarrayfreeU( serverctrlsU ); controlarrayfreeU( clientctrlsU ); #endif return ret; }
DWORD VmDirTestCreateClass( PVMDIR_TEST_STATE pState, PCSTR pszClassName ) { DWORD dwError = 0; PCSTR valsCn[] = {pszClassName, NULL}; PCSTR valsClass[] = {"classschema", NULL}; PCSTR valsSubclass[] = {OC_TOP, NULL}; PCSTR valsGovernsId[] = {"111.111.4.001", NULL}; PCSTR valsCategory[] = {"1", NULL}; PSTR pszDN = NULL; LDAPMod mod[]={ {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}}, {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}, {LDAP_MOD_ADD, "governsid", {(PSTR*)valsGovernsId}}, {LDAP_MOD_ADD, "objectclasscategory", {(PSTR*)valsCategory}}, {LDAP_MOD_ADD, "subclassof", {(PSTR*)valsSubclass}}, }; LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], &mod[4], NULL}; dwError = VmDirAllocateStringPrintf( &pszDN, "cn=%s,cn=schemacontext", pszClassName); BAIL_ON_VMDIR_ERROR(dwError); dwError = ldap_add_ext_s( pState->pLd, pszDN, attrs, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); cleanup: VMDIR_SAFE_FREE_STRINGA(pszDN); return dwError; error: goto cleanup; }
DWORD VmDirTestCreateObjectByDNPrefix( PVMDIR_TEST_STATE pState, PCSTR pszDNPrefix, PCSTR pszClassName ) { DWORD dwError = 0; PSTR pszCN = NULL; PSTR pszDN = NULL; PSTR valsCn[] = { NULL, NULL }; PSTR valsClass[] = { NULL, NULL }; LDAPMod mod[]= { { LDAP_MOD_ADD, ATTR_CN, { valsCn } }, { LDAP_MOD_ADD, ATTR_OBJECT_CLASS, { valsClass } }, }; LDAPMod *attrs[] = {&mod[0], &mod[1], NULL}; dwError = VmDirDnLastRDNToCn(pszDNPrefix, &pszCN); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirAllocateStringPrintf( &pszDN, "%s,%s", pszDNPrefix, pState->pszBaseDN); BAIL_ON_VMDIR_ERROR(dwError); valsCn[0] = pszCN; valsClass[0] = (PSTR)pszClassName; dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); cleanup: VMDIR_SAFE_FREE_STRINGA(pszCN); VMDIR_SAFE_FREE_STRINGA(pszDN); return dwError; error: goto cleanup; }
/* Preform a LDAP add or modify operation depend on the `mod` parameter. */ PyObject * add_or_modify(LDAPEntry *self, int mod) { int rc = -1; char *dnstr = NULL; LDAPMod **mods = NULL; PyObject *tmp; /* Get DN string. */ tmp = PyObject_Str(self->dn); dnstr = PyObject2char(tmp); Py_DECREF(tmp); if (dnstr == NULL || strlen(dnstr) == 0) { PyErr_SetString(PyExc_AttributeError, "Missing distinguished name."); return NULL; } mods = LDAPEntry_CreateLDAPMods(self); if (mods == NULL) { PyErr_SetString(PyExc_MemoryError, "Create LDAPMods is failed."); return NULL; } if (mod == 0) { rc = ldap_add_ext_s(self->client->ld, dnstr, mods, NULL, NULL); } else { rc = ldap_modify_ext_s(self->client->ld, dnstr, mods, NULL, NULL); } if (rc != LDAP_SUCCESS) { //TODO Proper errors PyObject *ldaperror = get_error("LDAPError"); PyErr_SetString(ldaperror, ldap_err2string(rc)); Py_DECREF(ldaperror); LDAPEntry_DismissLDAPMods(self, mods); free(dnstr); return NULL; } free(dnstr); LDAPEntry_DismissLDAPMods(self, mods); return Py_None; }
DWORD VmDirTestCreateObject( PVMDIR_TEST_STATE pState, PCSTR pszContainer, PCSTR pszClassName, PCSTR pszObjectName ) { DWORD dwError = 0; PCSTR valsCn[] = {pszObjectName, NULL}; PCSTR valsClass[] = {"classschema", NULL}; PSTR pszDN = NULL; LDAPMod mod[]={ {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}}, {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}, }; LDAPMod *attrs[] = {&mod[0], &mod[1], NULL}; dwError = VmDirAllocateStringPrintf( &pszDN, "cn=%s,cn=%s,cn=%s,%s", pszClassName, pszContainer, VmDirTestGetTestContainerCn(pState), pState->pszBaseDN); BAIL_ON_VMDIR_ERROR(dwError); dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); cleanup: VMDIR_SAFE_FREE_STRINGA(pszDN); return dwError; error: goto cleanup; }
int ldap_do_add(const char *account, const char *crypted, const char *email) { char newdn[MAXLEN]; LDAPMod **mods; int rc, i; int num_mods; char *passbuf = NULL; if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) { log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin"); return rc; } if (crypted != NULL) passbuf = make_password(crypted); snprintf(newdn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account); mods = make_mods_add(account, (crypted != NULL ? passbuf : crypted), email, &num_mods); if(!mods) { log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_add"); return LDAP_OTHER; } rc = ldap_add_ext_s(ld, newdn, mods, NULL, NULL); if(rc != LDAP_SUCCESS && rc!= LDAP_ALREADY_EXISTS) { log_module(MAIN_LOG, LOG_ERROR, "Error adding ldap account: %s -- %s", account, ldap_err2string(rc)); // return rc; } //ldap_unbind_s(ld); for(i = 0; i < num_mods; i++) { free(mods[i]->mod_type); free(mods[i]); } free(mods); if (crypted != NULL) free(passbuf); return rc; }
static krb5_error_code LDAP_store(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) { LDAPMod **mods = NULL; krb5_error_code ret; const char *errfn; int rc; LDAPMessage *msg = NULL, *e = NULL; char *dn = NULL, *name = NULL; ret = LDAP_principal2message(context, db, entry->entry.principal, &msg); if (ret == 0) e = ldap_first_entry(HDB2LDAP(db), msg); ret = krb5_unparse_name(context, entry->entry.principal, &name); if (ret) { free(name); return ret; } ret = hdb_seal_keys(context, db, &entry->entry); if (ret) goto out; /* turn new entry into LDAPMod array */ ret = LDAP_entry2mods(context, db, entry, e, &mods); if (ret) goto out; if (e == NULL) { ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db)); if (ret < 0) { ret = ENOMEM; krb5_set_error_message(context, ret, "asprintf: out of memory"); goto out; } } else if (flags & HDB_F_REPLACE) { /* Entry exists, and we're allowed to replace it. */ dn = ldap_get_dn(HDB2LDAP(db), e); } else { /* Entry exists, but we're not allowed to replace it. Bail. */ ret = HDB_ERR_EXISTS; goto out; } /* write entry into directory */ if (e == NULL) { /* didn't exist before */ rc = ldap_add_ext_s(HDB2LDAP(db), dn, mods, NULL, NULL ); errfn = "ldap_add_ext_s"; } else { /* already existed, send deltas only */ rc = ldap_modify_ext_s(HDB2LDAP(db), dn, mods, NULL, NULL ); errfn = "ldap_modify_ext_s"; } if (check_ldap(context, db, rc)) { char *ld_error = NULL; ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING, &ld_error); ret = HDB_ERR_CANT_LOCK_DB; krb5_set_error_message(context, ret, "%s: %s (DN=%s) %s: %s", errfn, name, dn, ldap_err2string(rc), ld_error); } else ret = 0; out: /* free stuff */ if (dn) free(dn); if (msg) ldap_msgfree(msg); if (mods) ldap_mods_free(mods, 1); if (name) free(name); return ret; }
krb5_error_code krb5_ldap_create_krbcontainer(krb5_context context, const krb5_ldap_krbcontainer_params *krbcontparams) { LDAP *ld=NULL; char *strval[2]={NULL}, *kerberoscontdn=NULL, **rdns=NULL; int pmask=0; LDAPMod **mods = NULL; krb5_error_code st=0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; SETUP_CONTEXT (); /* get ldap handle */ GET_HANDLE (); if (krbcontparams != NULL && krbcontparams->DN != NULL) { kerberoscontdn = krbcontparams->DN; } else { st = EINVAL; krb5_set_error_message(context, st, _("Kerberos Container information is missing")); goto cleanup; } strval[0] = "krbContainer"; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0) goto cleanup; rdns = ldap_explode_dn(kerberoscontdn, 1); if (rdns == NULL) { st = EINVAL; krb5_set_error_message(context, st, _("Invalid Kerberos container DN")); goto cleanup; } strval[0] = rdns[0]; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0) goto cleanup; /* check if the policy reference value exists and is of krbticketpolicyreference object class */ if (krbcontparams && krbcontparams->policyreference) { st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass, &pmask); CHECK_CLASS_VALIDITY(st, pmask, _("ticket policy object value: ")); strval[0] = krbcontparams->policyreference; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_ADD, strval)) != 0) goto cleanup; } /* create the kerberos container */ if ((st = ldap_add_ext_s(ld, kerberoscontdn, mods, NULL, NULL)) != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, _("Kerberos Container create FAILED: %s"), ldap_err2string(ost)); goto cleanup; } cleanup: if (rdns) ldap_value_free (rdns); ldap_mods_free(mods, 1); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return(st); }
static void * do_onerwthread( void *arg ) { int i, j, thisconn; LDAP **mlds, *ld; char thrstr[BUFSIZ]; char dn[256], uids[32], cns[32], *base; LDAPMod *attrp[5], attrs[4]; char *oc_vals[] = { "top", "OpenLDAPperson", NULL }; char *cn_vals[] = { NULL, NULL }; char *sn_vals[] = { NULL, NULL }; char *uid_vals[] = { NULL, NULL }; int ret; int adds = 0; int dels = 0; int rc, refcnt = 0; int idx = (ldap_pvt_thread_t *)arg - rtid; mlds = (LDAP **) calloc( sizeof(LDAP *), noconns); if (mlds == NULL) { thread_error( idx, "Memory error: thread calloc for noconns" ); exit( EXIT_FAILURE ); } snprintf(uids, sizeof(uids), "rwtest%04d", idx); snprintf(cns, sizeof(cns), "rwtest%04d", idx); /* add setup */ for (i = 0; i < 4; i++) { attrp[i] = &attrs[i]; attrs[i].mod_op = 0; } attrp[4] = NULL; attrs[0].mod_type = "objectClass"; attrs[0].mod_values = oc_vals; attrs[1].mod_type = "cn"; attrs[1].mod_values = cn_vals; cn_vals[0] = &cns[0]; attrs[2].mod_type = "sn"; attrs[2].mod_values = sn_vals; sn_vals[0] = &cns[0]; attrs[3].mod_type = "uid"; attrs[3].mod_values = uid_vals; uid_vals[0] = &uids[0]; for ( j = 0; j < outerloops; j++ ) { for(i = 0; i < noconns; i++) { mlds[i] = ldap_dup(lds[i]); if (mlds[i] == NULL) { thread_error( idx, "ldap_dup error" ); } } rc = ldap_get_option(mlds[0], LDAP_OPT_SESSION_REFCNT, &refcnt); snprintf(thrstr, BUFSIZ, "RW Thread conns: %d refcnt: %d (rc = %d)", noconns, refcnt, rc); thread_verbose(idx, thrstr); thisconn = (idx + j) % noconns; if (thisconn < 0 || thisconn >= noconns) thisconn = 0; if (mlds[thisconn] == NULL) { thread_error( idx, "(failed to dup)"); tester_perror( "ldap_dup", "(failed to dup)" ); exit( EXIT_FAILURE ); } snprintf(thrstr, BUFSIZ, "START RW Thread using conn %d", thisconn); thread_verbose(idx, thrstr); ld = mlds[thisconn]; if (entry != NULL) base = entry; else base = DEFAULT_BASE; snprintf(dn, 256, "cn=%s,%s", cns, base); adds = 0; dels = 0; for (i = 0; i < loops; i++) { ret = ldap_add_ext_s(ld, dn, &attrp[0], NULL, NULL); if (ret == LDAP_SUCCESS) { adds++; ret = ldap_delete_ext_s(ld, dn, NULL, NULL); if (ret == LDAP_SUCCESS) { dels++; rt_pass[idx]++; } else { thread_output(idx, ldap_err2string(ret)); rt_fail[idx]++; } } else { thread_output(idx, ldap_err2string(ret)); rt_fail[idx]++; } } snprintf(thrstr, BUFSIZ, "INNER STOP RW Thread using conn %d (%d/%d)", thisconn, adds, dels); thread_verbose(idx, thrstr); for(i = 0; i < noconns; i++) { (void) ldap_destroy(mlds[i]); mlds[i] = NULL; } } free( mlds ); return( NULL ); }
static void *add_thread(char *id) { LDAPMod mod[4]; LDAPMod *mods[5]; char dn[BUFSIZ], name[40]; char *cnvals[2], *snvals[2], *pwdvals[2], *ocvals[3]; int i, rc, opcount; void *voidrc = (void *)0; printf("Starting add_thread %s.\n", id); opcount = 0; tsd_setup(); for (i = 0; i < 4; i++) { mods[i] = &mod[i]; } mods[4] = NULL; mod[0].mod_op = 0; mod[0].mod_type = "cn"; mod[0].mod_values = cnvals; cnvals[1] = NULL; mod[1].mod_op = 0; mod[1].mod_type = "sn"; mod[1].mod_values = snvals; snvals[1] = NULL; mod[2].mod_op = 0; mod[2].mod_type = "objectclass"; mod[2].mod_values = ocvals; ocvals[0] = "top"; ocvals[1] = "person"; ocvals[2] = NULL; mod[3].mod_op = 0; mod[3].mod_type = "userPassword"; mod[3].mod_values = pwdvals; pwdvals[1] = NULL; mods[4] = NULL; for (;;) { sprintf(name, "%d", get_random_id()); sprintf(dn, "cn=%s, " BASE, name); cnvals[0] = name; snvals[0] = name; pwdvals[0] = name; printf("Thread %s: Adding entry (%s)\n", id, dn); rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL); if (rc != LDAP_SUCCESS) { fprintf(stderr, "ldap_add_ext_s: %s\n", ldap_err2string(rc)); if (rc == LDAP_SERVER_DOWN) { perror("ldap_add_ext_s"); voidrc = (void *)1; goto add_cleanup_and_return; } } ++opcount; if (maxops != 0 && opcount >= maxops) { break; } } add_cleanup_and_return: printf("Thread %s: attempted %d add operations\n", id, opcount); set_ld_error(0, NULL, NULL, NULL); /* disposes of memory */ tsd_cleanup(); free(id); return voidrc; }
static int at_add(AddThread *at) { LDAPMod *attrs[10]; LDAPMod attr_cn, attr_sn, attr_givenname, attr_objectclass, attr_uid, attr_mail, attr_telephonenumber, attr_audio, attr_password; struct berval audio_berval; struct berval *audio_values[2]; char dn[100], uid[10], telno[20], *sn, *givenname, cn[50], mail[50]; char *cn_values[2], *sn_values[2], *givenname_values[2]; char *uid_values[2], *mail_values[2], *telno_values[2]; #if 1 char *objectclass_values[] = { "top", "person", "organizationalPerson", "inetOrgPerson", NULL }; #else char *objectclass_values[] = { "inetOrgPerson", NULL }; #endif int ret; /* make up the strings */ sprintf(uid, "%lu", getID()); at_random_tel_number(telno); sn = nt_getrand(family_names); givenname = nt_getrand(given_names); sprintf(cn, "%s %s %s", givenname, sn, uid); sprintf(mail, "*****@*****.**", givenname, uid); sprintf(dn, "cn=%s,%s", cn, suffix); cn_values[0] = cn; cn_values[1] = NULL; sn_values[0] = sn; sn_values[1] = NULL; givenname_values[0] = givenname; givenname_values[1] = NULL; uid_values[0] = uid; uid_values[1] = NULL; mail_values[0] = mail; mail_values[1] = NULL; telno_values[0] = telno; telno_values[1] = NULL; attrs[0] = &attr_objectclass; attrs[1] = &attr_cn; attrs[2] = &attr_sn; attrs[3] = &attr_givenname; attrs[4] = &attr_uid; attrs[5] = &attr_password; attrs[6] = &attr_mail; attrs[7] = &attr_telephonenumber; if (blobsize > 0) { audio_values[0] = &audio_berval; audio_values[1] = 0; audio_berval.bv_len = (blobsize > 32000) ? ((long)rand() * 1039) % blobsize : (rand() % blobsize); audio_berval.bv_val = at->blob; attr_audio.mod_op = LDAP_MOD_BVALUES; attr_audio.mod_type = "audio"; attr_audio.mod_values = (char **)&audio_values; attrs[8] = &attr_audio; attrs[9] = 0; } else attrs[8] = 0; attr_cn.mod_op = LDAP_MOD_ADD; attr_cn.mod_type = "cn"; attr_cn.mod_values = cn_values; attr_sn.mod_op = LDAP_MOD_ADD; attr_sn.mod_type = "sn"; attr_sn.mod_values = sn_values; attr_givenname.mod_op = LDAP_MOD_ADD; attr_givenname.mod_type = "givenname"; attr_givenname.mod_values = givenname_values; attr_objectclass.mod_op = LDAP_MOD_ADD; attr_objectclass.mod_type = "objectClass"; attr_objectclass.mod_values = objectclass_values; attr_uid.mod_op = LDAP_MOD_ADD; attr_uid.mod_type = "uid"; attr_uid.mod_values = uid_values; attr_password.mod_op = LDAP_MOD_ADD; attr_password.mod_type = "userpassword"; attr_password.mod_values = uid_values; attr_mail.mod_op = LDAP_MOD_ADD; attr_mail.mod_type = "mail"; attr_mail.mod_values = mail_values; attr_telephonenumber.mod_op = LDAP_MOD_ADD; attr_telephonenumber.mod_type = "telephonenumber"; attr_telephonenumber.mod_values = telno_values; #if 0 for (i = 0; attrs[i]; i++) { fprintf(stderr, "attr '%s': ", attrs[i]->mod_type); if (strcasecmp(attrs[i]->mod_type, "audio") == 0) fprintf(stderr, "binary data len=%lu\n", ((struct berval **)(attrs[i]->mod_values))[0]->bv_len); else fprintf(stderr, "'%s'\n", attrs[i]->mod_values[0]); } #endif ret = ldap_add_ext_s(at->ld, dn, attrs, NULL, NULL); if (ret != LDAP_SUCCESS) { fprintf(stderr, "T%d: failed to add, error = %d\n", at->id, ret); } return ret; }
/** * Add new contact to LDAP * * \param server AddressBook resource * \param contact GHashTable with object to add */ void ldapsvr_add_contact(LdapServer *server, GHashTable *contact) { gchar *email = NULL, *param = NULL; LDAP *ld = NULL; LDAPMod *mods[MODSIZE]; LDAPMod modarr[7]; gint cnt = 0; char *cn[] = {NULL, NULL}; char *displayName[] = {NULL, NULL}; char *givenName[] = {NULL, NULL}; char **mail = NULL; char *sn[] = {NULL, NULL}; char *org[] = {NULL, NULL}; char *obj[] = {/*"top",*/ "person", "organizationalPerson", "inetOrgPerson", NULL}; int rc=0; GList *node; AttrKeyValue *ou, *commonName; ItemPerson *person; gchar *base_dn; GList *mailList; cm_return_if_fail(server != NULL || contact != NULL); node = g_hash_table_lookup(contact , "mail"); if (node) { EmailKeyValue *newEmail = node->data; email = g_strdup(newEmail->mail); } if (email == NULL) { server->retVal = LDAPRC_NODN; clean_up(ld, server, contact); return; } base_dn = g_strdup_printf("mail=%s,%s", email, server->control->baseDN?server->control->baseDN:"null"); g_free(email); person = ldapsvr_get_contact(server, g_hash_table_lookup(contact , "uid")); person->externalID = g_strdup(base_dn); debug_print("dn: %s\n", base_dn); ld = ldapsvr_connect(server->control); if (ld == NULL) { clean_up(ld, server, contact); debug_print("no ldap found\n"); return; } SETMODS(mods[cnt], modarr[cnt], LDAP_MOD_ADD, "objectClass", obj); cnt++; ou = get_ou(base_dn); if (ou != NULL) { SETMOD(mods[cnt], modarr[cnt], LDAP_MOD_ADD, g_strdup(ou->key), org, g_strdup(ou->value)); cnt++; attrkeyvalue_free(ou); } commonName = get_cn(base_dn); if (commonName == NULL) { param = g_hash_table_lookup(contact , "cn"); if (param) { SETMOD(mods[cnt], modarr[cnt], LDAP_MOD_ADD, "cn", cn, param); } else { clean_up(ld, server, contact); debug_print("no CN found\n"); return; } } else { SETMOD(mods[cnt], modarr[cnt], LDAP_MOD_ADD, g_strdup(commonName->key), cn, g_strdup(commonName->value)); cnt++; param = g_hash_table_lookup(contact , "cn"); SETMOD(mods[cnt], modarr[cnt], LDAP_MOD_ADD, "displayName", displayName, param); g_hash_table_insert(contact, "displayName", param); attrkeyvalue_free(commonName); } cnt++; param = g_hash_table_lookup(contact , "givenName"); if (param) { SETMOD(mods[cnt], modarr[cnt], LDAP_MOD_ADD, "givenName", givenName, param); cnt++; } mailList = g_hash_table_lookup(contact , "mail"); if (mailList) { char **tmp; tmp = g_malloc(sizeof(*tmp) * (g_list_length(mailList)+1)); mail = tmp; while (mailList) { EmailKeyValue *item = mailList->data; *tmp++ = g_strdup((gchar *) item->mail); mailList = g_list_next(mailList); } *tmp = NULL; SETMODS(mods[cnt], modarr[cnt], LDAP_MOD_ADD, "mail", mail); cnt++; } param = g_hash_table_lookup(contact, "sn"); if (param == NULL) param = g_strdup(N_("Some SN")); SETMOD(mods[cnt], modarr[cnt], LDAP_MOD_ADD, "sn", sn, param); cnt++; mods[cnt] = NULL; if (debug_get_mode()) { ldapsvr_print_ldapmod(mods); } server->retVal = LDAPRC_SUCCESS; rc = ldap_add_ext_s(ld, base_dn, mods, NULL, NULL); if (rc) { switch (rc) { case LDAP_ALREADY_EXISTS: server->retVal = LDAPRC_ALREADY_EXIST; break; default: g_printerr("ldap_modify for dn=%s\" failed[0x%x]: %s\n", base_dn, rc, ldaputil_get_error(ld)); if (rc == 0x8) server->retVal = LDAPRC_STRONG_AUTH; else server->retVal = LDAPRC_NAMING_VIOLATION; } } ldapsvr_handle_other_attributes(ld, server, base_dn, contact); g_free(base_dn); clean_up(ld, server, contact); }
krb5_error_code krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams, int mask) { LDAP *ld=NULL; krb5_error_code st=0; char *dn=NULL; char *strval[4]={NULL}; char *contref[2]={NULL}; LDAPMod **mods = NULL; int i=0, objectmask=0, subtreecount=0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; char *realm_name; SETUP_CONTEXT (); /* Check input validity ... */ if (ldap_context->container_dn == NULL || rparams == NULL || rparams->realm_name == NULL || ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || 0) { st = EINVAL; return st; } /* get ldap handle */ GET_HANDLE (); realm_name = rparams->realm_name; if (asprintf(&dn, "cn=%s,%s", realm_name, ldap_context->container_dn) < 0) dn = NULL; CHECK_NULL(dn); strval[0] = realm_name; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0) goto cleanup; strval[0] = "top"; strval[1] = "krbrealmcontainer"; strval[2] = "krbticketpolicyaux"; strval[3] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0) goto cleanup; /* SUBTREE ATTRIBUTE */ if (mask & LDAP_REALM_SUBTREE) { if ( rparams->subtree!=NULL) { subtreecount = rparams->subtreecount; for (i=0; rparams->subtree[i]!=NULL && i<subtreecount; i++) { if (strlen(rparams->subtree[i]) != 0) { st = checkattributevalue(ld, rparams->subtree[i], "Objectclass", subtreeclass, &objectmask); CHECK_CLASS_VALIDITY(st, objectmask, _("realm object value: ")); } } if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_ADD, rparams->subtree)) != 0) { goto cleanup; } } } /* CONTAINER REFERENCE ATTRIBUTE */ if (mask & LDAP_REALM_CONTREF) { if (strlen(rparams->containerref) != 0 ) { st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass, &objectmask); CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: "); contref[0] = rparams->containerref; contref[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbPrincContainerRef", LDAP_MOD_ADD, contref)) != 0) goto cleanup; } } /* SEARCHSCOPE ATTRIBUTE */ if (mask & LDAP_REALM_SEARCHSCOPE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD, (rparams->search_scope == LDAP_SCOPE_ONELEVEL || rparams->search_scope == LDAP_SCOPE_SUBTREE) ? rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0) goto cleanup; } if (mask & LDAP_REALM_MAXRENEWLIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD, rparams->max_renewable_life)) != 0) goto cleanup; } /* krbMaxTicketLife ATTRIBUTE */ if (mask & LDAP_REALM_MAXTICKETLIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD, rparams->max_life)) != 0) goto cleanup; } /* krbTicketFlags ATTRIBUTE */ if (mask & LDAP_REALM_KRBTICKETFLAGS) { if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD, rparams->tktflags)) != 0) goto cleanup; } /* realm creation operation */ if ((st=ldap_add_ext_s(ld, dn, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_ADD); goto cleanup; } cleanup: if (dn) free(dn); ldap_mods_free(mods, 1); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return st; }
int ldap_add_s( LDAP *ld, LDAP_CONST char *dn, LDAPMod **attrs ) { return ldap_add_ext_s( ld, dn, attrs, NULL, NULL ); }
DWORD _VmDirTestCreateTestContainer( PVMDIR_TEST_STATE pState ) { DWORD dwError = 0; PCSTR valsCn[] = {DEFAULT_TEST_CONTAINER_NAME, NULL}; PCSTR valsClass[] = {OC_TOP, OC_CONTAINER, NULL}; PCSTR valsAcl[] = {NULL, NULL}; PSTR pszDN = NULL; PSTR pszDomainSid = NULL; PSTR pszAclString = NULL; PSTR pszLimitedUserSid = NULL; LDAPMod mod[] = { {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}}, {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}, {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}}, }; LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], NULL}; dwError = VmDirAllocateStringPrintf( &pszDN, "cn=%s,%s", DEFAULT_TEST_CONTAINER_NAME, pState->pszBaseDN); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid); BAIL_ON_VMDIR_ERROR(dwError); dwError = VmDirTestGetUserSid(pState, VmDirTestGetInternalUserCn(pState), NULL, &pszLimitedUserSid); BAIL_ON_VMDIR_ERROR(dwError); // O:%s-500G:BAD:(A;;RPWP;;;S-1-7-32-666)(A;;GXNRNWGXCCDCRPWP;;;BA)(A;;GXNRNWGXCCDCRPWP;;;%s-500)", dwError = VmDirAllocateStringPrintf( &pszAclString, "O:%s-500G:BAD:(A;;CCDCRPWP;;;BA)(A;;CCDCRPWP;;;%s-500)(A;;CCRPWP;;;%s)", pszDomainSid, pszDomainSid, pszLimitedUserSid); BAIL_ON_VMDIR_ERROR(dwError); valsAcl[0] = pszAclString; dwError = ldap_add_ext_s( pState->pLd, pszDN, attrs, NULL, NULL); BAIL_ON_VMDIR_ERROR(dwError); cleanup: VMDIR_SAFE_FREE_STRINGA(pszAclString); VMDIR_SAFE_FREE_STRINGA(pszLimitedUserSid); VMDIR_SAFE_FREE_STRINGA(pszDomainSid); VMDIR_SAFE_FREE_STRINGA(pszDN); return dwError; error: printf("%s failed with error %d\n", __FUNCTION__, dwError); goto cleanup; }
static LibBalsaABErr libbalsa_address_book_ldap_add_address(LibBalsaAddressBook *ab, LibBalsaAddress *address) { static char *object_class_values[] = { "person", "organizationalPerson", "inetOrgPerson", NULL }; gchar *dn; LDAPMod *mods[7]; LDAPMod modarr[6]; int cnt; char *cn[] = {NULL, NULL}; char *gn[] = {NULL, NULL}; char *org[] = {NULL, NULL}; char *sn[] = {NULL, NULL}; char *mail[] = {NULL, NULL}; LibBalsaAddressBookLdap *ldap_ab = LIBBALSA_ADDRESS_BOOK_LDAP(ab); g_return_val_if_fail(address, LBABERR_CANNOT_WRITE); g_return_val_if_fail(address->address_list, LBABERR_CANNOT_WRITE); if (ldap_ab->directory == NULL) { if(libbalsa_address_book_ldap_open_connection(ldap_ab) != LDAP_SUCCESS) return LBABERR_CANNOT_CONNECT; } if(ldap_ab->priv_book_dn == NULL) { libbalsa_address_book_set_status (ab, _("Undefined location of user address book")); return LBABERR_CANNOT_WRITE; } dn = g_strdup_printf("mail=%s,%s", (char*)address->address_list->data, ldap_ab->priv_book_dn); mods[0] = &modarr[0]; modarr[0].mod_op = LDAP_MOD_ADD; modarr[0].mod_type = "objectClass"; modarr[0].mod_values = object_class_values; cnt = 1; if(address->full_name) { SETMOD(mods[cnt],modarr[cnt],LDAP_MOD_ADD,"cn",cn,address->full_name); cnt++; } if(address->first_name) { SETMOD(mods[cnt],modarr[cnt],LDAP_MOD_ADD,"givenName",gn, address->first_name); cnt++; } if(address->last_name) { SETMOD(mods[cnt],modarr[cnt],LDAP_MOD_ADD,"sn",sn,address->last_name); cnt++; } if(address->organization) { SETMOD(mods[cnt],modarr[cnt],LDAP_MOD_ADD,"o",org, address->organization); cnt++; } SETMOD(mods[cnt],modarr[cnt],LDAP_MOD_ADD,"mail",mail, (char*)address->address_list->data); cnt++; mods[cnt] = NULL; cnt = 0; do { int rc = ldap_add_ext_s(ldap_ab->directory, dn, mods, NULL, NULL); switch(rc) { case LDAP_SUCCESS: g_free(dn); return LBABERR_OK; case LDAP_ALREADY_EXISTS: g_free(dn); libbalsa_address_book_set_status(ab, g_strdup(ldap_err2string(rc))); return LBABERR_DUPLICATE; case LDAP_SERVER_DOWN: libbalsa_address_book_ldap_close_connection(ldap_ab); if( (rc=libbalsa_address_book_ldap_open_connection(ldap_ab)) != LDAP_SUCCESS) { g_free(dn); return LBABERR_CANNOT_CONNECT; } /* fall through */ default: fprintf(stderr, "ldap_add for dn=“%s” failed[0x%x]: %s\n", dn, rc, ldap_err2string(rc)); } } while(cnt++<1); g_free(dn); libbalsa_address_book_set_status(ab, NULL); return LBABERR_CANNOT_WRITE; }
krb5_error_code krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, char **db_args) { int l=0, kerberos_principal_object_type=0; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; char *user=NULL, *subtree=NULL, *principal_dn=NULL; char **values=NULL, *strval[10]= {NULL}, errbuf[1024]; struct berval **bersecretkey=NULL; LDAPMod **mods=NULL; krb5_boolean create_standalone_prinicipal=FALSE; krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE; char *standalone_principal_dn=NULL; krb5_tl_data *tl_data=NULL; krb5_key_data **keys=NULL; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; osa_princ_ent_rec princ_ent; xargs_t xargs = {0}; char *polname = NULL; OPERATION optype; krb5_boolean found_entry = FALSE; /* Clear the global error string */ krb5_clear_error_message(context); SETUP_CONTEXT(); if (ldap_context->lrparams == NULL || ldap_context->krbcontainer == NULL) return EINVAL; /* get ldap handle */ GET_HANDLE(); if (is_principal_in_realm(ldap_context, entry->princ) != 0) { st = EINVAL; krb5_set_error_message(context, st, _("Principal does not belong to " "the default realm")); goto cleanup; } /* get the principal information to act on */ if (entry->princ) { if (((st=krb5_unparse_name(context, entry->princ, &user)) != 0) || ((st=krb5_ldap_unparse_principal_name(user)) != 0)) goto cleanup; } /* Identity the type of operation, it can be * add principal or modify principal. * hack if the entry->mask has KRB_PRINCIPAL flag set * then it is a add operation */ if (entry->mask & KADM5_PRINCIPAL) optype = ADD_PRINCIPAL; else optype = MODIFY_PRINCIPAL; if (((st=krb5_get_princ_type(context, entry, &kerberos_principal_object_type)) != 0) || ((st=krb5_get_userdn(context, entry, &principal_dn)) != 0)) goto cleanup; if ((st=process_db_args(context, db_args, &xargs, optype)) != 0) goto cleanup; if (entry->mask & KADM5_LOAD) { int tree = 0, ntrees = 0, princlen = 0, numlentries = 0; char **subtreelist = NULL, *filter = NULL; /* A load operation is special, will do a mix-in (add krbprinc * attrs to a non-krb object entry) if an object exists with a * matching krbprincipalname attribute so try to find existing * object and set principal_dn. This assumes that the * krbprincipalname attribute is unique (only one object entry has * a particular krbprincipalname attribute). */ if (user == NULL) { /* must have principal name for search */ st = EINVAL; krb5_set_error_message(context, st, _("operation can not continue, principal " "name not found")); goto cleanup; } princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */ if ((filter = malloc(princlen)) == NULL) { st = ENOMEM; goto cleanup; } snprintf(filter, princlen, FILTER"%s))", user); /* get the current subtree list */ if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0) goto cleanup; found_entry = FALSE; /* search for entry with matching krbprincipalname attribute */ for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) { result = NULL; if (principal_dn == NULL) { LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS); } else { /* just look for entry with principal_dn */ LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS); } if (st == LDAP_SUCCESS) { numlentries = ldap_count_entries(ld, result); if (numlentries > 1) { ldap_msgfree(result); free(filter); st = EINVAL; krb5_set_error_message(context, st, _("operation can not continue, " "more than one entry with " "principal name \"%s\" found"), user); goto cleanup; } else if (numlentries == 1) { found_entry = TRUE; if (principal_dn == NULL) { ent = ldap_first_entry(ld, result); if (ent != NULL) { /* setting principal_dn will cause that entry to be modified further down */ if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) { ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st); st = set_ldap_error (context, st, 0); ldap_msgfree(result); free(filter); goto cleanup; } } } } if (result) ldap_msgfree(result); } else if (st != LDAP_NO_SUCH_OBJECT) { /* could not perform search, return with failure */ st = set_ldap_error (context, st, 0); free(filter); goto cleanup; } /* * If it isn't found then assume a standalone princ entry is to * be created. */ } /* end for (tree = 0; principal_dn == ... */ free(filter); if (found_entry == FALSE && principal_dn != NULL) { /* * if principal_dn is null then there is code further down to * deal with setting standalone_principal_dn. Also note that * this will set create_standalone_prinicipal true for * non-mix-in entries which is okay if loading from a dump. */ create_standalone_prinicipal = TRUE; standalone_principal_dn = strdup(principal_dn); CHECK_NULL(standalone_principal_dn); } } /* end if (entry->mask & KADM5_LOAD */ /* time to generate the DN information with the help of * containerdn, principalcontainerreference or * realmcontainerdn information */ if (principal_dn == NULL && xargs.dn == NULL) { /* creation of standalone principal */ /* get the subtree information */ if (entry->princ->length == 2 && entry->princ->data[0].length == strlen("krbtgt") && strncmp(entry->princ->data[0].data, "krbtgt", entry->princ->data[0].length) == 0) { /* if the principal is a inter-realm principal, always created in the realm container */ subtree = strdup(ldap_context->lrparams->realmdn); } else if (xargs.containerdn) { if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) { if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; snprintf(errbuf, sizeof(errbuf), _("'%s' not found: "), xargs.containerdn); prepend_err_str(context, errbuf, st, ost); } goto cleanup; } subtree = strdup(xargs.containerdn); } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) { /* * Here the subtree should be changed with * principalcontainerreference attribute value */ subtree = strdup(ldap_context->lrparams->containerref); } else { subtree = strdup(ldap_context->lrparams->realmdn); } CHECK_NULL(subtree); if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s", user, subtree) < 0) standalone_principal_dn = NULL; CHECK_NULL(standalone_principal_dn); /* * free subtree when you are done using the subtree * set the boolean create_standalone_prinicipal to TRUE */ create_standalone_prinicipal = TRUE; free(subtree); subtree = NULL; } /* * If the DN information is presented by the user, time to * validate the input to ensure that the DN falls under * any of the subtrees */ if (xargs.dn_from_kbd == TRUE) { /* make sure the DN falls in the subtree */ int tre=0, dnlen=0, subtreelen=0, ntrees=0; char **subtreelist=NULL; char *dn=NULL; krb5_boolean outofsubtree=TRUE; if (xargs.dn != NULL) { dn = xargs.dn; } else if (xargs.linkdn != NULL) { dn = xargs.linkdn; } else if (standalone_principal_dn != NULL) { /* * Even though the standalone_principal_dn is constructed * within this function, there is the containerdn input * from the user that can become part of the it. */ dn = standalone_principal_dn; } /* get the current subtree list */ if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0) goto cleanup; for (tre=0; tre<ntrees; ++tre) { if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) { outofsubtree = FALSE; break; } else { dnlen = strlen (dn); subtreelen = strlen(subtreelist[tre]); if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) { outofsubtree = FALSE; break; } } } for (tre=0; tre < ntrees; ++tre) { free(subtreelist[tre]); } if (outofsubtree == TRUE) { st = EINVAL; krb5_set_error_message(context, st, _("DN is out of the realm subtree")); goto cleanup; } /* * dn value will be set either by dn, linkdn or the standalone_principal_dn * In the first 2 cases, the dn should be existing and in the last case we * are supposed to create the ldap object. so the below should not be * executed for the last case. */ if (standalone_principal_dn == NULL) { /* * If the ldap object is missing, this results in an error. */ /* * Search for krbprincipalname attribute here. * This is to find if a kerberos identity is already present * on the ldap object, in which case adding a kerberos identity * on the ldap object should result in an error. */ char *attributes[]= {"krbticketpolicyreference", "krbprincipalname", NULL}; LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS); if (st == LDAP_SUCCESS) { ent = ldap_first_entry(ld, result); if (ent != NULL) { if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) { ldap_value_free(values); } if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) { krb_identity_exists = TRUE; ldap_value_free(values); } } ldap_msgfree(result); } else { st = set_ldap_error(context, st, OP_SEARCH); goto cleanup; } } } /* * If xargs.dn is set then the request is to add a * kerberos principal on a ldap object, but if * there is one already on the ldap object this * should result in an error. */ if (xargs.dn != NULL && krb_identity_exists == TRUE) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _("ldap object is already kerberized")); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; } if (xargs.linkdn != NULL) { /* * link information can be changed using modprinc. * However, link information can be changed only on the * standalone kerberos principal objects. A standalone * kerberos principal object is of type krbprincipal * structural objectclass. * * NOTE: kerberos principals on an ldap object can't be * linked to other ldap objects. */ if (optype == MODIFY_PRINCIPAL && kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _("link information can not be set/updated as the " "kerberos principal belongs to an ldap object")); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; } /* * Check the link information. If there is already a link * existing then this operation is not allowed. */ { char **linkdns=NULL; int j=0; if ((st=krb5_get_linkdn(context, entry, &linkdns)) != 0) { snprintf(errbuf, sizeof(errbuf), _("Failed getting object references")); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; } if (linkdns != NULL) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _("kerberos principal is already linked to a ldap " "object")); krb5_set_error_message(context, st, "%s", errbuf); for (j=0; linkdns[j] != NULL; ++j) free (linkdns[j]); free (linkdns); goto cleanup; } } establish_links = TRUE; } if (entry->mask & KADM5_LAST_SUCCESS) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_success)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastSuccessfulAuth", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_LAST_FAILED) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_failed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastFailedAuth", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free(strval[0]); } if (entry->mask & KADM5_FAIL_AUTH_COUNT) { krb5_kvno fail_auth_count; fail_auth_count = entry->fail_auth_count; if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) fail_auth_count++; st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount", LDAP_MOD_REPLACE, fail_auth_count); if (st != 0) goto cleanup; } else if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) { int attr_mask = 0; krb5_boolean has_fail_count; /* Check if the krbLoginFailedCount attribute exists. (Through * krb5 1.8.1, it wasn't set in new entries.) */ st = krb5_get_attributes_mask(context, entry, &attr_mask); if (st != 0) goto cleanup; has_fail_count = ((attr_mask & KDB_FAIL_AUTH_COUNT_ATTR) != 0); /* * If the client library and server supports RFC 4525, * then use it to increment by one the value of the * krbLoginFailedCount attribute. Otherwise, assert the * (provided) old value by deleting it before adding. */ #ifdef LDAP_MOD_INCREMENT if (ldap_server_handle->server_info->modify_increment && has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount", LDAP_MOD_INCREMENT, 1); if (st != 0) goto cleanup; } else { #endif /* LDAP_MOD_INCREMENT */ if (has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount", LDAP_MOD_DELETE, entry->fail_auth_count); if (st != 0) goto cleanup; } st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount", LDAP_MOD_ADD, entry->fail_auth_count + 1); if (st != 0) goto cleanup; #ifdef LDAP_MOD_INCREMENT } #endif } else if (optype == ADD_PRINCIPAL) { /* Initialize krbLoginFailedCount in new entries to help avoid a * race during the first failed login. */ st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount", LDAP_MOD_ADD, 0); } if (entry->mask & KADM5_MAX_LIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entry->max_life)) != 0) goto cleanup; } if (entry->mask & KADM5_MAX_RLIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE, entry->max_renewable_life)) != 0) goto cleanup; } if (entry->mask & KADM5_ATTRIBUTES) { if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE, entry->attributes)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINCIPAL) { memset(strval, 0, sizeof(strval)); strval[0] = user; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINC_EXPIRE_TIME) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalexpiration", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_PW_EXPIRATION) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_POLICY) { memset(&princ_ent, 0, sizeof(princ_ent)); for (tl_data=entry->tl_data; tl_data; tl_data=tl_data->tl_data_next) { if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) { /* FIX ME: I guess the princ_ent should be freed after this call */ if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) { goto cleanup; } } } if (princ_ent.aux_attributes & KADM5_POLICY) { memset(strval, 0, sizeof(strval)); if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0) goto cleanup; strval[0] = polname; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { st = EINVAL; krb5_set_error_message(context, st, "Password policy value null"); goto cleanup; } } else if (entry->mask & KADM5_LOAD && found_entry == TRUE) { /* * a load is special in that existing entries must have attrs that * removed. */ if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_POLICY_CLR) { if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_KEY_DATA || entry->mask & KADM5_KVNO) { krb5_kvno mkvno; if ((st=krb5_dbe_lookup_mkvno(context, entry, &mkvno)) != 0) goto cleanup; bersecretkey = krb5_encode_krbsecretkey (entry->key_data, entry->n_key_data, mkvno); if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0) goto cleanup; if (!(entry->mask & KADM5_PRINCIPAL)) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } /* Update last password change whenever a new key is set */ { krb5_timestamp last_pw_changed; if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(last_pw_changed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastPwdChange", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } /* Modify Key data ends here */ /* Set tl_data */ if (entry->tl_data != NULL) { int count = 0; struct berval **ber_tl_data = NULL; krb5_tl_data *ptr; krb5_timestamp unlock_time; for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; count++; } if (count != 0) { int j; ber_tl_data = (struct berval **) calloc (count + 1, sizeof (struct berval*)); if (ber_tl_data == NULL) { st = ENOMEM; goto cleanup; } for (j = 0, ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { /* Ignore tl_data that are stored in separate directory * attributes */ if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0) break; j++; } if (st == 0) { ber_tl_data[count] = NULL; st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, ber_tl_data); } for (j = 0; ber_tl_data[j] != NULL; j++) { free(ber_tl_data[j]->bv_val); free(ber_tl_data[j]); } free(ber_tl_data); if (st != 0) goto cleanup; } if ((st=krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time)) != 0) goto cleanup; if (unlock_time != 0) { /* Update last admin unlock */ memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(unlock_time)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastAdminUnlock", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } /* Directory specific attribute */ if (xargs.tktpolicydn != NULL) { int tmask=0; if (strlen(xargs.tktpolicydn) != 0) { st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask); CHECK_CLASS_VALIDITY(st, tmask, _("ticket policy object value: ")); strval[0] = xargs.tktpolicydn; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { /* if xargs.tktpolicydn is a empty string, then delete * already existing krbticketpolicyreference attr */ if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } } if (establish_links == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = xargs.linkdn; if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbObjectReferences", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } /* * in case mods is NULL then return * not sure but can happen in a modprinc * so no need to return an error * addprinc will at least have the principal name * and the keys passed in */ if (mods == NULL) goto cleanup; if (create_standalone_prinicipal == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = "krbprincipal"; strval[1] = "krbprincipalaux"; strval[2] = "krbTicketPolicyAux"; if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0) goto cleanup; st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); if (st == LDAP_ALREADY_EXISTS && entry->mask & KADM5_LOAD) { /* a load operation must replace an existing entry */ st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _("Principal delete failed (trying to replace " "entry): %s"), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; } else { st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); } } if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _("Principal add failed: %s"), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; } } else { /* * Here existing ldap object is modified and can be related * to any attribute, so always ensure that the ldap * object is extended with all the kerberos related * objectclasses so that there are no constraint * violations. */ { char *attrvalues[] = {"krbprincipalaux", "krbTicketPolicyAux", NULL}; int p, q, r=0, amask=0; if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn, "objectclass", attrvalues, &amask)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); for (p=1, q=0; p<=2; p<<=1, ++q) { if ((p & amask) == 0) strval[r++] = attrvalues[q]; } if (r != 0) { if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0) goto cleanup; } } if (xargs.dn != NULL) st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL); else st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _("User modification failed: %s"), ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; } if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) entry->fail_auth_count++; } cleanup: if (user) free(user); free_xargs(xargs); if (standalone_principal_dn) free(standalone_principal_dn); if (principal_dn) free (principal_dn); if (polname != NULL) free(polname); if (subtree) free (subtree); if (bersecretkey) { for (l=0; bersecretkey[l]; ++l) { if (bersecretkey[l]->bv_val) free (bersecretkey[l]->bv_val); free (bersecretkey[l]); } free (bersecretkey); } if (keys) free (keys); ldap_mods_free(mods, 1); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return(st); }
static void do_addel( char *uri, char *manager, struct berval *passwd, char *entry, LDAPMod **attrs, int maxloop, int maxretries, int delay, int friendly, int chaserefs ) { LDAP *ld = NULL; int i = 0, do_retry = maxretries; int rc = LDAP_SUCCESS; int version = LDAP_VERSION3; retry:; ldap_initialize( &ld, uri ); if ( ld == NULL ) { tester_perror( "ldap_initialize", NULL ); exit( EXIT_FAILURE ); } (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ); (void) ldap_set_option( ld, LDAP_OPT_REFERRALS, chaserefs ? LDAP_OPT_ON : LDAP_OPT_OFF ); if ( do_retry == maxretries ) { fprintf( stderr, "PID=%ld - Add/Delete(%d): entry=\"%s\".\n", (long) pid, maxloop, entry ); } rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL ); if ( rc != LDAP_SUCCESS ) { tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); switch ( rc ) { case LDAP_BUSY: case LDAP_UNAVAILABLE: if ( do_retry > 0 ) { do_retry--; if ( delay != 0 ) { sleep( delay ); } goto retry; } /* fallthru */ default: break; } exit( EXIT_FAILURE ); } for ( ; i < maxloop; i++ ) { /* add the entry */ rc = ldap_add_ext_s( ld, entry, attrs, NULL, NULL ); if ( rc != LDAP_SUCCESS ) { tester_ldap_error( ld, "ldap_add_ext_s", NULL ); switch ( rc ) { case LDAP_ALREADY_EXISTS: /* NOTE: this likely means * the delete failed * during the previous round... */ if ( !friendly ) { goto done; } break; case LDAP_BUSY: case LDAP_UNAVAILABLE: if ( do_retry > 0 ) { do_retry--; goto retry; } /* fall thru */ default: goto done; } } #if 0 /* wait a second for the add to really complete */ /* This masks some race conditions though. */ sleep( 1 ); #endif /* now delete the entry again */ rc = ldap_delete_ext_s( ld, entry, NULL, NULL ); if ( rc != LDAP_SUCCESS ) { tester_ldap_error( ld, "ldap_delete_ext_s", NULL ); switch ( rc ) { case LDAP_NO_SUCH_OBJECT: /* NOTE: this likely means * the add failed * during the previous round... */ if ( !friendly ) { goto done; } break; case LDAP_BUSY: case LDAP_UNAVAILABLE: if ( do_retry > 0 ) { do_retry--; goto retry; } /* fall thru */ default: goto done; } } } done:; fprintf( stderr, " PID=%ld - Add/Delete done (%d).\n", (long) pid, rc ); ldap_unbind_ext( ld, NULL, NULL ); }