int ldap_search_user(const char *account, LDAPMessage **entry) { char filter[MAXLEN+1]; int rc; LDAPMessage *res; struct timeval timeout; memset(filter, 0, MAXLEN+1); snprintf(filter, MAXLEN, "%s=%s", nickserv_conf.ldap_field_account, account); /* Now we do a search; */ timeout.tv_usec = 0; timeout.tv_sec = nickserv_conf.ldap_timeout; if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) { log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin"); return rc; } if( (rc = ldap_search_st(ld, nickserv_conf.ldap_base, LDAP_SCOPE_ONELEVEL, filter, NULL, 0, &timeout, &res)) != LDAP_SUCCESS) { log_module(MAIN_LOG, LOG_ERROR, "search failed: %s %s: %s", nickserv_conf.ldap_base, filter, ldap_err2string(rc)); return(rc); } log_module(MAIN_LOG, LOG_DEBUG, "Search successfull! %s %s\n", nickserv_conf.ldap_base, filter); if(ldap_count_entries(ld, res) != 1) { log_module(MAIN_LOG, LOG_DEBUG, "LDAP search got %d entries when looking for %s", ldap_count_entries(ld, res), account); return(LDAP_OTHER); /* Search was a success, but user not found.. */ } log_module(MAIN_LOG, LOG_DEBUG, "LDAP search got %d entries", ldap_count_entries(ld, res)); *entry = ldap_first_entry(ld, res); return(rc); }
int login::proof() { /* setup LDAP connection */ if((ld=ldap_init(LDAP_HOST, LDAP_PORT)) == NULL) { perror("ldap_init failed"); return EXIT_FAILURE; } printf("\nconnected to LDAP server %s on port %d\n",LDAP_HOST,LDAP_PORT); /* non-anonymous bind from home */ rc = ldap_simple_bind_s(ld,BIND_USER,BIND_PW); if(rc != LDAP_SUCCESS) { fprintf(stderr,"\nLDAP error: %s\n",ldap_err2string(rc)); return EXIT_FAILURE; } else { printf("\npretended anonymous bind successful\n"); } /* perform LDAP search */ rc = ldap_search_s(ld, SEARCHBASE, SCOPE, filter_c, attribs, 0, &result); if(rc != LDAP_SUCCESS) { fprintf(stderr,"\nLDAP search error: %s\n",ldap_err2string(rc)); return EXIT_FAILURE; }else{ printf("\nTotal results: %d\n", ldap_count_entries(ld, result)); if(ldap_count_entries(ld,result) < 1) { fprintf(stderr,"\nUser nicht gefunden!\n"); return EXIT_FAILURE; } } e = ldap_first_entry(ld, result); found = ldap_get_dn(ld,e); printf("\nDN: %s\n",found); /* User anmelden */ rc = ldap_simple_bind_s(ld,found,passwd_c); if(rc != LDAP_SUCCESS) { fprintf(stderr,"\nLDAP error: %s\n",ldap_err2string(rc)); return EXIT_FAILURE; } else { printf("\nbind successful\n"); } /* free memory used for result */ ldap_msgfree(result); free(attribs[0]); free(attribs[1]); printf("\nLDAP login succeeded\n"); ldap_unbind(ld); return EXIT_SUCCESS; }
int ldap_add_machine_account(const char *ldap_host, const char *hostname, const char *realm) { LDAP *ld; int ldap_port = LDAP_PORT; char *bind_path; int rc; LDAPMessage *res; void *sasl_defaults; int version = LDAP_VERSION3; bind_path = build_dn(realm); printf("Creating host account for %s@%s\n", hostname, realm); ld = ldap_open(ldap_host, ldap_port); ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); rc = ldap_sasl_interactive_bind_s(ld, NULL, NULL, NULL, NULL, 0, sasl_interact, NULL); if (rc != LDAP_SUCCESS) { ldap_perror(ld, "ldap_bind"); goto failed; } rc = find_host(ld, &res, bind_path, hostname); if (rc == LDAP_SUCCESS && ldap_count_entries(ld, res) == 1) { printf("Host account for %s already exists\n", hostname); goto finished; } rc = add_host(ld, bind_path, hostname, realm); if (rc != LDAP_SUCCESS) { ldap_perror(ld, "add_host"); goto failed; } rc = find_host(ld, &res, bind_path, hostname); if (rc != LDAP_SUCCESS || ldap_count_entries(ld, res) != 1) { ldap_perror(ld, "find_host test"); goto failed; } printf("Successfully added machine account for %s\n", hostname); finished: free(bind_path); return 0; failed: printf("ldap_add_machine_account failed\n"); free(bind_path); ldap_unbind(ld); return 1; }
static int count_identical_fullnames(abook_ldap_state *ldap_state, char *alias) { int rc, count = 0; char filter[1024]; LDAPMessage *results; /* * To limit the work done for this search, look for some bogus attribute * that's probably not in the entry and don't return any values. */ char *attrs[] = {"c", NULL}; snprintf(filter, sizeof(filter), "(&%s(%s=%s))", config.defaultfilter, config.fullnameattr, alias); rc = ldap_search_s(ldap_state->ld, config.searchbase, config.scope, filter, attrs, 1 /*attrs-only*/, &results); if (rc != LDAP_SUCCESS) { syslog(LOG_ERR, "count_identical_fullnames: search failed: %s", ldap_err2string(rc)); count = -1; } else { count = ldap_count_entries(ldap_state->ld, results); /* Returns -1 on error, so just pass that back to the caller */ (void) ldap_msgfree(results); /* ignore message type return value */ } return count; }
PWCHAR kuhl_m_sid_getRootDomainNamingContext(LDAP *ld) { DWORD dwErr; PWCHAR rootAttr[] = {L"rootDomainNamingContext", NULL}, ret = NULL; PLDAPMessage pMessage = NULL; PBERVAL *pBerVal; dwErr = ldap_search_s(ld, NULL, LDAP_SCOPE_BASE, L"(dn=RootDSE)", rootAttr, FALSE, &pMessage); if(dwErr == LDAP_SUCCESS) { if(ldap_count_entries(ld, pMessage) == 1) { if(pBerVal = ldap_get_values_len(ld, pMessage, rootAttr[0])) { if(ldap_count_values_len(pBerVal) == 1) ret = kull_m_string_qad_ansi_c_to_unicode(pBerVal[0]->bv_val, pBerVal[0]->bv_len); else PRINT_ERROR(L"ldap_get_values_len is NOT 1\n"); ldap_value_free_len(pBerVal); } } else PRINT_ERROR(L"ldap_count_entries is NOT 1\n"); } else PRINT_ERROR(L"ldap_search_s 0x%x (%u)\n", dwErr, dwErr); if(pMessage) ldap_msgfree(pMessage); return ret; }
static int db_get_pass(void *handle, const char *qpw, const char *key, char **ppass) { struct _dico_ldap_handle *lp = handle; LDAPMessage *res, *msg; int rc; struct berval **values; res = _dico_ldap_search(lp, lp->user_filter, qpw, key); if (!res) return 1; rc = ldap_count_entries(lp->ldap, res); if (rc == 0) { dico_log(L_ERR, 0, "not enough entires"); ldap_msgfree(res); return 1; } msg = ldap_first_entry(lp->ldap, res); values = ldap_get_values_len(lp->ldap, msg, qpw); if (ldap_count_values_len(values) == 0) { dico_log(L_ERR, 0, "not enough entires"); ldap_msgfree(res); return 1; } *ppass = strdup(values[0]->bv_val); rc = *ppass == NULL; if (rc) dico_log(L_ERR, 0, "not enough memory"); ldap_value_free_len(values); ldap_msgfree(res); return rc; }
static int verify_single_result(LDAP *l, int always_log, char *reason, LDAPMessage *messages) { int rc, erc, num_entries; char *errmsg; rc = ldap_parse_result(l, messages, &erc, NULL, &errmsg, NULL, NULL, 0); if (rc != LDAP_SUCCESS) { prtmsg("Failed to %s (parse_result): %s", reason, ldap_err2string(rc)); return 0; } if (erc != LDAP_SUCCESS) { prtmsg("Failed to %s (server response): %s%s%s", reason, ldap_err2string(erc), (errmsg?", ":""), (errmsg?errmsg:"")); if (errmsg) ldap_memfree(errmsg); return 0; } if (errmsg) ldap_memfree(errmsg); num_entries=ldap_count_entries(l, messages); if (num_entries == 0) { if (always_log) prtmsg("Failed to %s (no entries returned)", reason); return 0; } if (num_entries > 1) { prtmsg("Failed to %s (too many entries: %d)", reason, num_entries); return 0; } return 1; }
DWORD LwLdapCountEntries( HANDLE hDirectory, LDAPMessage* pMessage, PDWORD pdwCount ) { int iCount = 0; int err = 0; PLW_LDAP_DIRECTORY_CONTEXT pDirectory = NULL; DWORD dwError = 0; pDirectory = (PLW_LDAP_DIRECTORY_CONTEXT)hDirectory; iCount = ldap_count_entries(pDirectory->ld, pMessage); if (iCount < 0) { dwError = ldap_get_option( pDirectory->ld, LDAP_OPT_ERROR_NUMBER, &err); BAIL_ON_LDAP_ERROR(dwError); dwError = err; BAIL_ON_LDAP_ERROR(dwError); } *pdwCount = iCount; cleanup: return dwError; error: *pdwCount = 0; goto cleanup; }
/** * @name tcp_mapper_ldap_query * @description Issue a query to a LDAP instance * @param LDAP *ldap * @return int numrows */ int tcp_mapper_ldap_search(LDAP *ldap, char *search, char *result){ LDAPMessage *ldap_result, *entry; int numentries = 0; int err; char **val; if(err = ldap_search_s(ldap, cfg.ldap_base, LDAP_SCOPE_SUBTREE, search, NULL, 0, &ldap_result) != LDAP_SUCCESS ) { printf("%s\n", ldap_err2string(err)); return -1; } numentries = ldap_count_entries(ldap, ldap_result); if(numentries != 0) { /* just firts entry. We don't need any other */ entry = ldap_first_entry(ldap, ldap_result); val = ldap_get_values(ldap, entry, cfg.ldap_result_attr); if(val == NULL) { return 0; } snprintf(result, strlen(val[0])+1, "%s", (char *) val[0]); ldap_value_free(val); } return numentries; }
void AD::AddGroups(LDAPMessage *search) { DWORD i; DWORD j; LDAPMessage *entry = NULL; PWCHAR attribute; PWCHAR *values; BerElement *berElement; for(i = 0; i < ldap_count_entries(ldap, search); i++) { Group *g = new Group(); if(!i) { entry = ldap_first_entry(ldap, search); } else { entry = ldap_next_entry(ldap, entry); } attribute = ldap_first_attribute(ldap, entry, &berElement); while(attribute != NULL) { values = ldap_get_values(ldap, entry, attribute); if(lstrcmpi(attribute, L"samaccountname") == 0) { g->name = values[0]; } if(lstrcmpi(attribute, L"member") == 0) { for(j = 0; j < ldap_count_values(values); j++) { std::wstring *ret = new std::wstring(); CNToAccountName(values[j], ret); g->users.push_back(ret); } } ldap_value_free(values); ldap_memfree(attribute); attribute = ldap_next_attribute(ldap, entry, berElement); } ber_free(berElement, 0); if(g->name.length() > 0) { GetGroupManager()->groups.push_back(g); g->PrettyPrint(); } else { delete(g); } } }
char * gfarm_generic_info_get( void *key, void *info, const struct gfarm_generic_info_ops *ops) { LDAPMessage *res, *e; int n, rv; char *a; BerElement *ber; char **vals; char *dn = ops->make_dn(key); char *error; if (dn == NULL) return (GFARM_ERR_NO_MEMORY); if ((error = gfarm_ldap_check()) != NULL) return (error); rv = ldap_search_s(gfarm_ldap_server, dn, LDAP_SCOPE_BASE, ops->query_type, NULL, 0, &res); free(dn); if (rv != LDAP_SUCCESS) { if (rv == LDAP_NO_SUCH_OBJECT) return (GFARM_ERR_NO_SUCH_OBJECT); return (ldap_err2string(rv)); } n = ldap_count_entries(gfarm_ldap_server, res); if (n == 0) { /* free the search results */ ldap_msgfree(res); return (GFARM_ERR_NO_SUCH_OBJECT); } ops->clear(info); e = ldap_first_entry(gfarm_ldap_server, res); ber = NULL; for (a = ldap_first_attribute(gfarm_ldap_server, e, &ber); a != NULL; a = ldap_next_attribute(gfarm_ldap_server, e, ber)) { vals = ldap_get_values(gfarm_ldap_server, e, a); if (vals[0] != NULL) ops->set_field(info, a, vals); ldap_value_free(vals); ldap_memfree(a); } if (ber != NULL) ber_free(ber, 0); /* free the search results */ ldap_msgfree(res); /* should check all fields are filled */ if (!ops->validate(info)) { ops->free(info); /* XXX - different error code is better ? */ return (GFARM_ERR_NO_SUCH_OBJECT); } return (NULL); /* success */ }
/* returns the number of matches found */ static GList * __auth_get_every_match(const char *q, const char **retfields) { LDAPMessage *ldap_msg; LDAPMessage *ldap_res; char **ldap_vals = NULL, *dn; int j = 0, k = 0, m = 0, err; GList *attlist,*fldlist,*entlist; LDAP *_ldap_conn = ldap_con_get(); attlist = fldlist = entlist = NULL; if (! (ldap_res = authldap_search(q))) return NULL; if ((j = ldap_count_entries(_ldap_conn, ldap_res)) < 1) { TRACE(TRACE_DEBUG, "nothing found"); if (ldap_res) ldap_msgfree(ldap_res); return NULL; } /* do the first entry here */ if ((ldap_msg = ldap_first_entry(_ldap_conn, ldap_res)) == NULL) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_first_entry failed: [%s]", ldap_err2string(err)); if (ldap_res) ldap_msgfree(ldap_res); return NULL; } while (ldap_msg) { dn = ldap_get_dn(_ldap_conn, ldap_msg); TRACE(TRACE_DEBUG,"scan results for DN: [%s]", dn); for (k = 0; retfields[k] != NULL; k++) { TRACE(TRACE_DEBUG,"ldap_get_values [%s]", retfields[k]); if ((ldap_vals = ldap_get_values(_ldap_conn, ldap_msg, retfields[k]))) { m = 0; while (ldap_vals[m]) { TRACE(TRACE_DEBUG,"got value [%s]", ldap_vals[m]); attlist = g_list_append(attlist,g_strdup(ldap_vals[m])); m++; } } fldlist = g_list_append(fldlist, attlist); attlist = NULL; ldap_value_free(ldap_vals); } entlist = g_list_append(entlist, fldlist); fldlist = NULL; ldap_memfree(dn); ldap_msg = ldap_next_entry(_ldap_conn, ldap_msg); } if (ldap_res) ldap_msgfree(ldap_res); if (ldap_msg) ldap_msgfree(ldap_msg); return entlist; }
krb5_error_code ipadb_multibase_search(struct ipadb_context *ipactx, char **basedns, int scope, char *filter, char **attrs, struct ipadb_multires **res, bool any) { int ret; ret = ipadb_multires_init(ipactx->lcontext, res); if (ret != 0) return ret; ret = ipadb_check_connection(ipactx); if (ret != 0) return ipadb_simple_ldap_to_kerr(ret); for (int b = 0; basedns[b]; b++) { LDAPMessage *r; ret = ldap_search_ext_s(ipactx->lcontext, basedns[b], scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, &r); /* first test if we need to retry to connect */ if (ret != 0 && ipadb_need_retry(ipactx, ret)) { ldap_msgfree(r); ret = ldap_search_ext_s(ipactx->lcontext, basedns[b], scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, &r); } if (ret != 0) break; if (ldap_count_entries(ipactx->lcontext, r) > 0) { void *tmp = realloc((*res)->res, (((*res)->count + 1) * sizeof(LDAPMessage *))); if (tmp == NULL) { ret = ENOMEM; break; } (*res)->res = tmp; (*res)->res[(*res)->count] = r; (*res)->count++; if (any) break; } } if (ret != 0) { ipadb_multires_free(*res); *res = NULL; } return ipadb_simple_ldap_to_kerr(ret); }
/* Remove the user from all groups below the given container */ int ad_group_subtree_remove_user(char *container_dn, char *user_dn) { LDAP *ds; char *filter; int filter_length; char *attrs[]={"1.1", NULL}; LDAPMessage *res; LDAPMessage *entry; int result, num_results; char *group_dn=NULL; ds=ad_login(); if(!ds) return ad_error_code; filter_length=(strlen(user_dn)+255); filter=malloc(filter_length); snprintf(filter, filter_length, "(&(objectclass=group)(member=%s))", user_dn); result=ldap_search_s(ds, container_dn, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &res); if(result!=LDAP_SUCCESS) { snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ldap_search_s for ad_group_subtree_remove_user: %s", ldap_err2string(result)); ad_error_code=AD_LDAP_OPERATION_FAILURE; return ad_error_code; } free(filter); num_results=ldap_count_entries(ds, res); if(num_results==0) { ad_error_code=AD_SUCCESS; return ad_error_code; } entry=ldap_first_entry(ds, res); while(entry!=NULL) { group_dn=ldap_get_dn(ds, entry); if(ad_group_remove_user(group_dn, user_dn)!=AD_SUCCESS) { snprintf(ad_error_msg, MAX_ERR_LENGTH, "Error in ad_group_subtree_remove_user" "\nwhen removing %s from %s:\n%s", user_dn, group_dn, ad_error_msg); return ad_error_code; } entry=ldap_next_entry(ds, entry); } if(group_dn!=NULL) ldap_memfree(group_dn); ldap_msgfree(res); ad_error_code=AD_SUCCESS; return ad_error_code; }
int ldap_sort_entries( LDAP *ld, LDAPMessage **chain, char *attr, /* NULL => sort by DN */ int (*cmp)(const void *a, const void *b) ) { int i, count; struct entrything *et; LDAPMessage *e, *last; LDAPMessage **ep; count = ldap_count_entries( ld, *chain ); if ( (et = (struct entrything *) malloc( count * sizeof(struct entrything) )) == NULL ) { ld->ld_errno = LDAP_NO_MEMORY; return( -1 ); } e = *chain; for ( i = 0; i < count; i++ ) { et[i].et_msg = e; if ( attr == NULL ) { char *dn; dn = ldap_get_dn( ld, e ); et[i].et_vals = ldap_explode_dn( dn, 1 ); free( dn ); } else { et[i].et_vals = ldap_get_values( ld, e, attr ); } e = e->lm_chain; } last = e; et_cmp_fn = cmp; qsort( et, count, sizeof(struct entrything), (void *) et_cmp ); ep = chain; for ( i = 0; i < count; i++ ) { *ep = et[i].et_msg; ep = &(*ep)->lm_chain; ldap_value_free( et[i].et_vals ); } *ep = last; free( (char *) et ); return( 0 ); }
/*********************************************************************** * ldap_count_entries (WLDAP32.@) * * Count the number of entries returned from a search. * * PARAMS * ld [I] Pointer to an LDAP context. * res [I] LDAP message. * * RETURNS * Success: The number of entries. * Failure: ~0u */ ULONG CDECL WLDAP32_ldap_count_entries( WLDAP32_LDAP *ld, WLDAP32_LDAPMessage *res ) { ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED; #ifdef HAVE_LDAP TRACE( "(%p, %p)\n", ld, res ); if (!ld) return ~0u; ret = ldap_count_entries( ld, res ); #endif return ret; }
// Sorry that this is kind of crappy, but passing the point to wstring // is basically necessary unless you want thrashed memory for strings. void AD::CNToAccountName(LPWSTR s, std::wstring *d) { LDAPMessage *search = NULL; LDAPMessage *entry = NULL; PWCHAR attribute; PWCHAR *values; BerElement *berElement = NULL; DWORD i; DWORD j; LPWSTR filters[2]; filters[0] = L"samAccountName"; filters[1] = NULL; d->clear(); if(ldap_search_s(ldap, s, LDAP_SCOPE_SUBTREE, NULL, filters, 0, &search) != LDAP_SUCCESS) { Util::Error(LdapGetLastError(), L"ldap_search_s()"); } entry = ldap_first_entry(ldap, search); for(i = 0; i < ldap_count_entries(ldap, search); i++) { if(!i) { entry = ldap_first_entry(ldap, search); } else { entry = ldap_next_entry(ldap, entry); } attribute = ldap_first_attribute(ldap, entry, &berElement); while(attribute != NULL) { values = ldap_get_values(ldap, entry, attribute); if(lstrcmpi(attribute, L"samaccountname") == 0) { d->append(values[0]); } ldap_value_free(values); ldap_memfree(attribute); attribute = ldap_next_attribute(ldap, entry, berElement); } } ber_free(berElement, 0); ldap_msgfree(search); }
void AD::AddServers(LDAPMessage *search) { DWORD i; DWORD j; LDAPMessage *entry = NULL; BerElement *berElement = NULL; PWCHAR attribute; PWCHAR *values; for(i = 0; i < ldap_count_entries(ldap, search); i++) { Server *s = new Server(); if(!i) { entry = ldap_first_entry(ldap, search); } else { entry = ldap_next_entry(ldap, entry); } attribute = ldap_first_attribute(ldap, entry, &berElement); while(attribute != NULL) { values = ldap_get_values(ldap, entry, attribute); if(lstrcmpi(attribute, L"samaccountname") == 0) { s->name = values[0]; s->name.resize(s->name.length()-1); } ldap_value_free(values); ldap_memfree(attribute); attribute = ldap_next_attribute(ldap, entry, berElement); } if(s->name.length() > 0) { GetServerManager()->servers.push_back(s); s->PrettyPrint(); } else { delete(s); } } ber_free(berElement, 0); }
/* * @uid: user's uid, list all users if * is passed in. */ static int ldap_count_users (CcnetUserManager *manager, const char *uid) { LDAP *ld = NULL; int res; GString *filter; char *filter_str; char *attrs[2]; LDAPMessage *msg = NULL; ld = ldap_init_and_bind (manager->ldap_host, #ifdef WIN32 manager->use_ssl, #endif manager->user_dn, manager->password); if (!ld) return -1; filter = g_string_new (NULL); if (!manager->filter) g_string_printf (filter, "(%s=%s)", manager->login_attr, uid); else g_string_printf (filter, "(&(%s=%s) (%s))", manager->login_attr, uid, manager->filter); filter_str = g_string_free (filter, FALSE); attrs[0] = manager->login_attr; attrs[1] = NULL; char **base; int count = 0; for (base = manager->base_list; *base; ++base) { res = ldap_search_s (ld, *base, LDAP_SCOPE_SUBTREE, filter_str, attrs, 0, &msg); if (res != LDAP_SUCCESS) { ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res)); ldap_msgfree (msg); count = -1; goto out; } count += ldap_count_entries (ld, msg); ldap_msgfree (msg); } out: g_free (filter_str); if (ld) ldap_unbind_s (ld); return count; }
/* -1 if trouble 0 if user is NOT member of current server group 1 if user IS MEMBER of current server group */ int ldap_ismember(ldap_opt_t * l, const char * user) { LDAPMessage *res; char * filter; int i; if ((!l->sgroup) || !(l->g_basedn)) return 1; /* Am i still connected ? RETRY n times */ /* XXX TODO: setup some conf value for retrying */ if (!(l->flags & FLAG_CONNECTED)) for (i = 0 ; i < 2 ; i++) if (ldap_connect(l) == 0) break; /* quick check for attempts to be evil */ if ((strchr(user, '(') != NULL) || (strchr(user, ')') != NULL) || (strchr(user, '*') != NULL) || (strchr(user, '\\') != NULL)) return FAILURE; /* build filter for LDAP request */ REQUEST_GROUP(filter, l->fgroup, user); if (ldap_search_st( l->ld, l->g_basedn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &l->s_timeout, &res) != LDAP_SUCCESS) { ldap_perror(l->ld, "ldap_search_st()"); free(filter); /* XXX error on search, timeout etc.. close ask for reconnect */ ldap_close(l); return FAILURE; } free(filter); /* check if any results */ if (ldap_count_entries(l->ld, res) > 0) { ldap_msgfree(res); return 1; } ldap_msgfree(res); return 0; }
static DWORD _GetSchemaEntryFromPartner( LDAP *pLd, LDAPMessage **ppResult, LDAPMessage **ppEntry ) { DWORD dwError = 0; PCSTR pcszFilter = "(objectclass=*)"; LDAPMessage *pResult = NULL; LDAPMessage *pEntry = NULL; dwError = ldap_search_ext_s( pLd, SUB_SCHEMA_SUB_ENTRY_DN, LDAP_SCOPE_BASE, pcszFilter, ppszSchemaEntryAttrs, FALSE, /* get values */ NULL, /* server controls */ NULL, /* client controls */ NULL, /* timeout */ 0, /* size limit */ &pResult); BAIL_ON_VMDIR_ERROR(dwError); // Note: searching by name should yield just one if (ldap_count_entries(pLd, pResult) != 1) { dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION; BAIL_ON_VMDIR_ERROR(dwError); } pEntry = ldap_first_entry(pLd, pResult); *ppEntry = pEntry; *ppResult = pResult; cleanup: return dwError; error: VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s,%d failed, error(%d)", __FUNCTION__, __LINE__, dwError ); if (pResult) { ldap_msgfree(pResult); } goto cleanup; }
static char *__auth_get_first_match(const char *q, const char **retfields) { LDAPMessage *ldap_msg; LDAPMessage *ldap_res; char *returnid = NULL, *ldap_dn = NULL; char **ldap_vals = NULL; int k = 0, err; LDAP *_ldap_conn = ldap_con_get(); if (! (ldap_res = authldap_search(q))) return NULL; if (ldap_count_entries(_ldap_conn, ldap_res) < 1) { TRACE(TRACE_DEBUG, "none found"); goto endfree; } ldap_msg = ldap_first_entry(_ldap_conn, ldap_res); if (ldap_msg == NULL) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_first_entry failed: %s", ldap_err2string(err)); goto endfree; } for (k = 0; retfields[k] != NULL; k++) { if (0 == strcasecmp(retfields[k], "dn")) { ldap_dn = ldap_get_dn(_ldap_conn, ldap_msg); if (ldap_dn) returnid = g_strdup(ldap_dn); break; } else { ldap_vals = ldap_get_values(_ldap_conn, ldap_msg, retfields[k]); if (ldap_vals) returnid = g_strdup(ldap_vals[0]); break; } } endfree: if (ldap_dn) ldap_memfree(ldap_dn); if (ldap_vals) ldap_value_free(ldap_vals); if (ldap_res) ldap_msgfree(ldap_res); return returnid; }
int qldap_first(qldap *q) { CHECK(q, EXTRACT); /* get first match of a qldap_filter search */ q->msg = ldap_first_entry(q->ld, q->res); if (q->msg == (LDAPMessage *)0) { if (ldap_count_entries(q->ld, q->res) == 0) return NOSUCH; else return FAILED; } q->state = EXTRACT; return OK; }
BOOL kuhl_m_sid_quickSearch(int argc, wchar_t * argv[], BOOL needUnique, PCWCHAR system, PLDAP *ld, PLDAPMessage *pMessage) { BOOL status = FALSE; DWORD dwErr; PWCHAR myAttrs[] = {L"name", L"sAMAccountName", L"objectSid", L"sIDHistory", L"objectGUID", NULL}, dn, filter; if(filter = kuhl_m_sid_filterFromArgs(argc, argv)) { if(kuhl_m_sid_getLdapAndRootDN(system, ld, &dn)) { *pMessage = NULL; dwErr = ldap_search_s(*ld, dn, LDAP_SCOPE_SUBTREE, filter, myAttrs, FALSE, pMessage); if(status = (dwErr == LDAP_SUCCESS)) { switch(ldap_count_entries(*ld, *pMessage)) { case 0: status = FALSE; PRINT_ERROR(L"No result! - filter was \'%s\'\n", filter); break; case 1: break; default: if(needUnique) { PRINT_ERROR(L"Not unique - Please: don\'t brick your AD! - filter was \'%s\'\n", filter); status = FALSE; } break; } } else PRINT_ERROR(L"ldap_search_s 0x%x (%u)\n", dwErr, dwErr); if(status) kuhl_m_sid_displayMessage(*ld, *pMessage); else { if(*pMessage) ldap_msgfree(*pMessage); ldap_unbind(*ld); } LocalFree(dn); } LocalFree(filter); } return status; }
static int get_ldap_seq(const char *server, int port, uint32 *seq) { int ret = -1; struct timeval to; char *attrs[] = {"highestCommittedUSN", NULL}; LDAPMessage *res = NULL; char **values = NULL; LDAP *ldp = NULL; *seq = DOM_SEQUENCE_NONE; /* * Parameterised (5) second timeout on open. This is needed as the search timeout * doesn't seem to apply to doing an open as well. JRA. */ if ((ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout())) == NULL) return -1; /* Timeout if no response within 20 seconds. */ to.tv_sec = 10; to.tv_usec = 0; if (ldap_search_st(ldp, "", LDAP_SCOPE_BASE, "(objectclass=*)", &attrs[0], 0, &to, &res)) goto done; if (ldap_count_entries(ldp, res) != 1) goto done; values = ldap_get_values(ldp, res, "highestCommittedUSN"); if (!values || !values[0]) goto done; *seq = atoi(values[0]); ret = 0; done: if (values) ldap_value_free(values); if (res) ldap_msgfree(res); if (ldp) ldap_unbind(ldp); return ret; }
/** * The public method auth authenticats the user with username and password * Parameters: * std::string *username: a reverence to the username * std::string *pw: a reverence to the password * Return: * bool: true if auth successfull */ bool LDAPConnection::auth(std::string *username, std::string *pw){ int rc = 0; LDAPMessage *result, *entry; std::string filter = "(uid="; filter.append(*username); filter.append(")"); //searches for user rc = ldap_search_s(this->ld, SEARCHBASE, SCOPE, filter.c_str(), this->attribs, 0, &result); if(rc != LDAP_SUCCESS){ std::cout << ldap_err2string(rc) << std::endl; ldap_msgfree(result); return false; } //counts results if(ldap_count_entries(this->ld, result) != 1){ ldap_msgfree(result); return false; } //gets user dn entry = ldap_first_entry(this->ld, result); std::string dn = ldap_get_dn(this->ld,entry); ldap_msgfree(result); //initializes a new ldap connection LDAP *ldp; ldap_initialize(&ldp, LDAP_HOST); if(ldp == NULL){ return false; } //tries to bind the user rc = ldap_simple_bind_s(ldp, dn.c_str(), pw->c_str()); if(rc != LDAP_SUCCESS){ ldap_unbind(ldp); return false; } //closes the new ldap connection ldap_unbind(ldp); return true; }
//- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - std::string LDAP_UNX::getDistinguishedName( const std::string userID, std::string *dname ) { *dname = ""; LDAP *ldap = NULL; // INITIALISE AND CONNECT TO LDAP SERVER std::string e = initialize( &ldap ); if ( ! e.empty() ) {return( e ); } std::string base = ou + "," + dc; std::string bparam = std::string("CN=LDAPbind,") + base; const int ibind = ldap_simple_bind_s( ldap, bparam.c_str(), ldap_pw.c_str() ); if ( ibind != LDAP_SUCCESS ) {sprintf( ebuf, "ldap_simple_bind_s=%d", ibind ); return( std::string(ebuf) ); } /* SEARCH FOR ENTRY WITH sAMAccountName AS GIVEN BY USER AND GET distinguishedName IF IT EXISTS (IF FOUND, THEN USERNAME EXISTS) */ LDAPMessage *res = ( LDAPMessage * )NULL; std::string filter = "(sAMAccountName=" + userID + ")"; const int isearch = ldap_search_s( ldap, base.c_str(), LDAP_SCOPE_ONELEVEL, filter.c_str(), ( char ** )NULL, 0, &res ); if ( isearch != LDAP_SUCCESS ) {sprintf( ebuf, "ldap_search_s=%d", isearch ); return( std::string(ebuf) ); } const int nentries = ldap_count_entries( ldap, res ); if ( nentries <= 0 ) { // FAILED TO FIND distinguishedName from sAMAccountName ldap_msgfree( res ); ldap_unbind_s( ldap ); return( "Username not found in LDAP-OU" ); } // EXTRACT distinguishedNAme char *dn = ldap_get_dn( ldap, ldap_first_entry( ldap, res ) ); *dname = std::string( dn ); ldap_memfree( dn ); // TIDY UP ldap_msgfree( res ); ldap_unbind_s( ldap ); // DROP ASSOCIATION return( "" ); }
static int db_get_groups(void *handle, const char *qgr, const char *key, dico_list_t *pgroups) { struct _dico_ldap_handle *lp = handle; LDAPMessage *res, *msg; int rc; dico_list_t groups = NULL; res = _dico_ldap_search(lp, lp->group_filter, qgr, key); if (!res) return 1; rc = ldap_count_entries(lp->ldap, res); if (rc == 0) { dico_log(L_INFO, 0, "no groups containing %s", key); ldap_msgfree(res); *pgroups = NULL; return 0; } groups = dico_list_create(); dico_list_set_free_item(groups, _free_group, NULL); *pgroups = groups; rc = 0; for (msg = ldap_first_entry(lp->ldap, res); msg; msg = ldap_next_entry(lp->ldap, msg)) { struct berval **values; size_t i, count; values = ldap_get_values_len(lp->ldap, msg, qgr); count = ldap_count_values_len(values); for (i = 0; i < count; i++) { char *s = strdup(values[i]->bv_val); dico_list_append(groups, s); } ldap_value_free_len(values); } ldap_msgfree(res); return rc; }
static char * dm_ldap_user_getdn(u64_t user_idnr) { GString *t = g_string_new(""); char *dn; int err; LDAPMessage *ldap_res; LDAPMessage *ldap_msg; LDAP *_ldap_conn = ldap_con_get(); g_string_printf(t, "(%s=%llu)", _ldap_cfg.field_nid, user_idnr); TRACE(TRACE_DEBUG, "searching with query [%s]", t->str); if (! (ldap_res = authldap_search(t->str))) { g_string_free(t,TRUE); return NULL; } g_string_free(t,TRUE); if (ldap_count_entries(_ldap_conn, ldap_res) < 1) { TRACE(TRACE_DEBUG, "no entries found"); ldap_msgfree(ldap_res); return NULL; } if (! (ldap_msg = ldap_first_entry(_ldap_conn, ldap_res))) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_first_entry failed: %s", ldap_err2string(err)); ldap_msgfree(ldap_res); return NULL; } if (! (dn = ldap_get_dn(_ldap_conn, ldap_msg))) { ldap_get_option(_ldap_conn, LDAP_OPT_ERROR_NUMBER, &err); TRACE(TRACE_ERR, "ldap_get_dn failed: %s", ldap_err2string(err)); ldap_msgfree(ldap_res); return NULL; } ldap_msgfree(ldap_res); return dn; }
/* * @uid: user's uid, list all users if * is passed in. */ static int ldap_count_users (CcnetUserManager *manager, const char *uid) { LDAP *ld = NULL; int res; GString *filter; char *filter_str; char *attrs[2]; LDAPMessage *msg = NULL; int count = -1; ld = ldap_init_and_bind (manager->ldap_host, manager->user_dn, manager->password); if (!ld) return -1; filter = g_string_new (NULL); g_string_printf (filter, "(%s=%s)", manager->login_attr, uid); filter_str = g_string_free (filter, FALSE); attrs[0] = manager->login_attr; attrs[1] = NULL; res = ldap_search_s (ld, manager->base, LDAP_SCOPE_SUBTREE, filter_str, attrs, 0, &msg); if (res != LDAP_SUCCESS) { ccnet_warning ("ldap_search failed: %s.\n", ldap_err2string(res)); goto out; } count = ldap_count_entries (ld, msg); out: ldap_msgfree (msg); g_free (filter_str); if (ld) ldap_unbind_s (ld); return count; }