示例#1
0
/*
 * ldap_extended_operation_s - perform an arbitrary ldapv3 extended operation.
 * the oid and data of the extended operation are supplied. LDAP_SUCCESS
 * is returned upon success, the ldap error code otherwise.
 *
 * Example:
 *	struct berval	exdata, exretval;
 *	char		*exoid;
 *	int		rc;
 *	... fill in oid and data ...
 *	rc = ldap_extended_operation_s( ld, exoid, &exdata, &exretval );
 */
int
LDAP_CALL
ldap_extended_operation_s(
    LDAP		*ld,
    const char		*requestoid,
    const struct berval	*requestdata,
    LDAPControl		**serverctrls,
    LDAPControl		**clientctrls,
    char		**retoidp,
    struct berval	**retdatap
)
{
	int		err, msgid;
	LDAPMessage	*result;

	if (( err = ldap_extended_operation( ld, requestoid, requestdata,
	    serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) {
		return( err );
	}

	if ( ldap_result( ld, msgid, 1, (struct timeval *) 0, &result )
	    == -1 ) {
		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
	}

	if (( err = ldap_parse_extended_result( ld, result, retoidp, retdatap,
		0 )) != LDAP_SUCCESS ) {
	    ldap_msgfree( result );
	    return( err );
	}

	return( ldap_result2error( ld, result, 1 ) );
}
示例#2
0
文件: txn.c 项目: openldap/openldap
int
ldap_txn_end(
	LDAP *ld,
	int commit,
	struct berval *txnid,
	LDAPControl **sctrls,
	LDAPControl **cctrls,
	int *msgidp )
{
	int rc;
	BerElement *txnber = NULL;
	struct berval *txnval = NULL;

	assert( txnid != NULL );

	txnber = ber_alloc_t( LBER_USE_DER );

	if( commit ) {
		ber_printf( txnber, "{ON}", txnid );
	} else {
		ber_printf( txnber, "{bON}", commit, txnid );
	}

	ber_flatten( txnber, &txnval );

	rc = ldap_extended_operation( ld, LDAP_EXOP_X_TXN_END,
		txnval, sctrls, cctrls, msgidp );

	ber_free( txnber, 1 );
	return rc;
}
示例#3
0
int
ldap_turn(
	LDAP *ld,
	int mutual,
	LDAP_CONST char* identifier,
	LDAPControl **sctrls,
	LDAPControl **cctrls,
	int *msgidp )
{
#ifdef LDAP_EXOP_X_TURN
	BerElement *turnvalber = NULL;
	struct berval *turnvalp = NULL;
	int rc;

	turnvalber = ber_alloc_t( LBER_USE_DER );
	if( mutual ) {
		ber_printf( turnvalber, "{bs}", mutual, identifier );
	} else {
		ber_printf( turnvalber, "{s}", identifier );
	}
	ber_flatten( turnvalber, &turnvalp );

	rc = ldap_extended_operation( ld, LDAP_EXOP_X_TURN,
			turnvalp, sctrls, cctrls, msgidp );
	ber_free( turnvalber, 1 );
	return rc;
#else
	return LDAP_CONTROL_NOT_FOUND;
#endif
}
示例#4
0
int
ldap_start_tls( LDAP *ld,
	LDAPControl **serverctrls,
	LDAPControl **clientctrls,
	int *msgidp )
{
	return ldap_extended_operation( ld, LDAP_EXOP_START_TLS,
		NULL, serverctrls, clientctrls, msgidp );
}
示例#5
0
文件: txn.c 项目: openldap/openldap
int
ldap_txn_start(
	LDAP *ld,
	LDAPControl **sctrls,
	LDAPControl **cctrls,
	int *msgidp )
{
	return ldap_extended_operation( ld, LDAP_EXOP_X_TXN_START,
		NULL, sctrls, cctrls, msgidp );
}
示例#6
0
static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid,
                                struct berval *control,
                                LDAPControl ***srvctrl)
{
    struct berval *retdata = NULL;
    LDAPMessage *res = NULL;
    char *retoid = NULL;
    struct timeval tv;
    char *err = NULL;
    int msgid;
    int ret, rc;

    ret = ldap_extended_operation(ld, reqoid, control,
                                  NULL, NULL, &msgid);
    if (ret != LDAP_SUCCESS) {
        fprintf(stderr, _("Operation failed: %s\n"), ldap_err2string(ret));
        return ret;
    }

    /* wait max 100 secs for the answer */
    tv.tv_sec = 100;
    tv.tv_usec = 0;
    ret = ldap_result(ld, msgid, 1, &tv, &res);
    if (ret == -1) {
        fprintf(stderr, _("Failed to get result: %s\n"), ldap_err2string(ret));
        goto done;
    }
    else if (res == NULL) {
        fprintf(stderr, _("Timeout exceeded."));
        goto done;
    }

    ret = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
    if (ret != LDAP_SUCCESS) {
        fprintf(stderr, _("Failed to parse extended result: %s\n"),
                        ldap_err2string(ret));
        goto done;
    }

    ret = ldap_parse_result(ld, res, &rc, NULL, &err, NULL, srvctrl, 0);
    if (ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) {
        fprintf(stderr, _("Failed to parse result: %s\n"),
                        err ? err : ldap_err2string(ret));
        if (ret == LDAP_SUCCESS) ret = rc;
        goto done;
    }

done:
    if (err) ldap_memfree(err);
    if (res) ldap_msgfree(res);
    return ret;
}
示例#7
0
int
ldap_extended_operation_s(
	LDAP			*ld,
	LDAP_CONST char	*reqoid,
	struct berval	*reqdata,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	char			**retoidp,
	struct berval	**retdatap )
{
    int     rc;
    int     msgid;
    LDAPMessage *res;

#ifdef NEW_LOGGING
	LDAP_LOG ( OPERATION, ENTRY, "ldap_extended_operation_s\n", 0,0,0 );
#else
	Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );
#endif

	assert( ld != NULL );
	assert( LDAP_VALID( ld ) );
	assert( reqoid != NULL || *reqoid == '\0' );
	assert( retoidp != NULL || retdatap != NULL );

    rc = ldap_extended_operation( ld, reqoid, reqdata,
		sctrls, cctrls, &msgid );
        
    if ( rc != LDAP_SUCCESS ) {
        return( rc );
	}
 
    if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 ) {
        return( ld->ld_errno );
	}

	if ( retoidp != NULL ) *retoidp = NULL;
	if ( retdatap != NULL ) *retdatap = NULL;

	rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );

	if( rc != LDAP_SUCCESS ) {
		ldap_msgfree( res );
		return rc;
	}

    return( ldap_result2error( ld, res, 1 ) );
}
示例#8
0
文件: dds.c 项目: ryo/netbsd-src
int
ldap_refresh(
    LDAP		*ld,
    struct berval	*dn,
    ber_int_t		ttl,
    LDAPControl	**sctrls,
    LDAPControl	**cctrls,
    int		*msgidp )
{
    struct berval	bv = { 0, NULL };
    BerElement	*ber = NULL;
    int		rc;

    assert( ld != NULL );
    assert( LDAP_VALID( ld ) );
    assert( dn != NULL );
    assert( msgidp != NULL );

    *msgidp = -1;

    ber = ber_alloc_t( LBER_USE_DER );

    if ( ber == NULL ) {
        ld->ld_errno = LDAP_NO_MEMORY;
        return ld->ld_errno;
    }

    ber_printf( ber, "{tOtiN}",
                LDAP_TAG_EXOP_REFRESH_REQ_DN, dn,
                LDAP_TAG_EXOP_REFRESH_REQ_TTL, ttl );

    rc = ber_flatten2( ber, &bv, 0 );

    if ( rc < 0 ) {
        rc = ld->ld_errno = LDAP_ENCODING_ERROR;
        goto done;
    }

    rc = ldap_extended_operation( ld, LDAP_EXOP_REFRESH, &bv,
                                  sctrls, cctrls, msgidp );

done:
    ;
    ber_free( ber, 1 );

    return rc;
}
示例#9
0
int
ldap_whoami( LDAP *ld,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp )
{
	int rc;

	assert( ld != NULL );
	assert( LDAP_VALID( ld ) );
	assert( msgidp != NULL );

	rc = ldap_extended_operation( ld, LDAP_EXOP_X_WHO_AM_I,
		NULL, sctrls, cctrls, msgidp );

	return rc;
}
示例#10
0
int
ldap_extended_operation_s(
	LDAP			*ld,
	LDAP_CONST char	*reqoid,
	struct berval	*reqdata,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	char			**retoidp,
	struct berval	**retdatap )
{
    int     rc;
    int     msgid;
    LDAPMessage *res;

	Debug( LDAP_DEBUG_TRACE, "ldap_extended_operation_s\n", 0, 0, 0 );

	assert( ld != NULL );
	assert( LDAP_VALID( ld ) );
	assert( reqoid != NULL && *reqoid != '\0' );

    rc = ldap_extended_operation( ld, reqoid, reqdata,
		sctrls, cctrls, &msgid );
        
    if ( rc != LDAP_SUCCESS ) {
        return( rc );
	}
 
    if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res ) {
        return( ld->ld_errno );
	}

	if ( retoidp != NULL ) *retoidp = NULL;
	if ( retdatap != NULL ) *retdatap = NULL;

	rc = ldap_parse_extended_result( ld, res, retoidp, retdatap, 0 );

	if( rc != LDAP_SUCCESS ) {
		ldap_msgfree( res );
		return rc;
	}

    return( ldap_result2error( ld, res, 1 ) );
}
示例#11
0
文件: cancel.c 项目: 1ack/Impala
int
ldap_cancel(
	LDAP		*ld,
	int		cancelid,
	LDAPControl	**sctrls,
	LDAPControl	**cctrls,
	int		*msgidp )
{
	BerElement *cancelidber = NULL;
	struct berval *cancelidvalp = NULL;
	int rc;

	cancelidber = ber_alloc_t( LBER_USE_DER );
	ber_printf( cancelidber, "{i}", cancelid );
	ber_flatten( cancelidber, &cancelidvalp );
	rc = ldap_extended_operation( ld, LDAP_EXOP_CANCEL,
		cancelidvalp, sctrls, cctrls, msgidp );
	ber_free( cancelidber, 1 );
	return rc;
}
示例#12
0
/***********************************************************************
 *      ldap_extended_operationW     (WLDAP32.@)
 *
 * Perform an extended operation (asynchronous mode).
 *
 * PARAMS
 *  ld          [I] Pointer to an LDAP context.
 *  oid         [I] OID of the extended operation.
 *  data        [I] Data needed by the operation.
 *  serverctrls [I] Array of LDAP server controls.
 *  clientctrls [I] Array of LDAP client controls.
 *  message     [O] Message ID of the extended operation.
 *
 * RETURNS
 *  Success: LDAP_SUCCESS
 *  Failure: An LDAP error code.
 *
 * NOTES
 *  The data parameter should be set to NULL if the operation
 *  requires no data. Call ldap_result with the message ID to
 *  get the result of the operation or ldap_abandon to cancel
 *  the operation. The serverctrls and clientctrls parameters
 *  are optional and should be set to NULL if not used. Call
 *  ldap_close_extended_op to close the operation.
 */
ULONG CDECL ldap_extended_operationW( WLDAP32_LDAP *ld, PWCHAR oid, struct WLDAP32_berval *data,
                                      PLDAPControlW *serverctrls, PLDAPControlW *clientctrls, ULONG *message )
{
    ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED;
#ifdef HAVE_LDAP
    char *oidU = NULL;
    LDAPControl **serverctrlsU = NULL, **clientctrlsU = NULL;

    ret = WLDAP32_LDAP_NO_MEMORY;

    TRACE( "(%p, %s, %p, %p, %p, %p)\n", ld, debugstr_w(oid), data, serverctrls,
           clientctrls, message );

    if (!ld || !message) return WLDAP32_LDAP_PARAM_ERROR;

    if (oid) {
        oidU = strWtoU( oid );
        if (!oidU) goto exit;
    }
    if (serverctrls) {
        serverctrlsU = controlarrayWtoU( serverctrls );
        if (!serverctrlsU) goto exit;
    }
    if (clientctrls) {
        clientctrlsU = controlarrayWtoU( clientctrls );
        if (!clientctrlsU) goto exit;
    }

    ret = map_error( ldap_extended_operation( ld, oid ? oidU : "", (struct berval *)data,
                     serverctrlsU, clientctrlsU, (int *)message ));

exit:
    strfreeU( oidU );
    controlarrayfreeU( serverctrlsU );
    controlarrayfreeU( clientctrlsU );

#endif
    return ret;
}
示例#13
0
static int
ldap_back_exop_generic(
	Operation	*op,
	SlapReply	*rs,
	ldapconn_t	**lcp )
{
	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;

	ldapconn_t	*lc = *lcp;
	LDAPMessage	*res;
	ber_int_t	msgid;
	int		rc;
	int		do_retry = 1;
	char		*text = NULL;

	Debug( LDAP_DEBUG_ARGS, "==> ldap_back_exop_generic(%s, \"%s\")\n",
		op->ore_reqoid.bv_val, op->o_req_dn.bv_val, 0 );
	assert( lc != NULL );
	assert( rs->sr_ctrls == NULL );

retry:
	rc = ldap_extended_operation( lc->lc_ld,
		op->ore_reqoid.bv_val, op->ore_reqdata,
		op->o_ctrls, NULL, &msgid );

	if ( rc == LDAP_SUCCESS ) {
		/* TODO: set timeout? */
		/* by now, make sure no timeout is used (ITS#6282) */
		struct timeval tv = { -1, 0 };
		if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
			ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
			rs->sr_err = rc;

		} else {
			/* only touch when activity actually took place... */
			if ( li->li_idle_timeout ) {
				lc->lc_time = op->o_time;
			}

			/* sigh. parse twice, because parse_passwd
			 * doesn't give us the err / match / msg info.
			 */
			rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
					(char **)&rs->sr_matched,
					&text,
					NULL, &rs->sr_ctrls, 0 );
			if ( rc == LDAP_SUCCESS ) {
				if ( rs->sr_err == LDAP_SUCCESS ) {
					rc = ldap_parse_extended_result( lc->lc_ld, res,
							(char **)&rs->sr_rspoid, &rs->sr_rspdata, 0 );
					if ( rc == LDAP_SUCCESS ) {
						rs->sr_type = REP_EXTENDED;
					}

				} else {
					rc = rs->sr_err;
				}
			}
			ldap_msgfree( res );
		}
	}

	if ( rc != LDAP_SUCCESS ) {
		rs->sr_err = slap_map_api2result( rs );
		if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
			do_retry = 0;
			if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
				goto retry;
			}
		}

		if ( LDAP_BACK_QUARANTINE( li ) ) {
			ldap_back_quarantine( op, rs );
		}

		if ( text ) rs->sr_text = text;
		send_ldap_extended( op, rs );
		/* otherwise frontend resends result */
		rc = rs->sr_err = SLAPD_ABANDON;

	} else if ( LDAP_BACK_QUARANTINE( li ) ) {
		ldap_back_quarantine( op, rs );
	}

	ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
	ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_EXTENDED ], 1 );
	ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );

	/* these have to be freed anyway... */
	if ( rs->sr_matched ) {
		free( (char *)rs->sr_matched );
		rs->sr_matched = NULL;
	}

	if ( rs->sr_ctrls ) {
		ldap_controls_free( rs->sr_ctrls );
		rs->sr_ctrls = NULL;
	}

	if ( text ) {
		free( text );
		rs->sr_text = NULL;
	}

	/* in case, cleanup handler */
	if ( lc == NULL ) {
		*lcp = NULL;
	}

	return rc;
}
示例#14
0
文件: vc.c 项目: Joywar/openldap
int
ldap_verify_credentials(LDAP *ld,
	struct berval	*cookie,
	LDAP_CONST char *dn,
	LDAP_CONST char *mechanism,
	struct berval	*cred,
    LDAPControl		**vcctrls,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp)
{
	int rc;
	BerElement *ber;
	struct berval reqdata;

	assert(ld != NULL);
	assert(LDAP_VALID(ld));
	assert(msgidp != NULL);

	ber = ber_alloc_t(LBER_USE_DER);
	if (dn == NULL) dn = "";

	if (mechanism == LDAP_SASL_SIMPLE) {
		assert(!cookie);

		rc = ber_printf(ber, "{stO" /*"}"*/,
			dn, LDAP_AUTH_SIMPLE, cred);

	} else {
		if (!cred || BER_BVISNULL(cred)) {
			if (cookie) {
				rc = ber_printf(ber, "{tOst{sN}" /*"}"*/,
					LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
					dn, LDAP_AUTH_SASL, mechanism);
			} else {
				rc = ber_printf(ber, "{st{sN}N" /*"}"*/,
					dn, LDAP_AUTH_SASL, mechanism);
			}
		} else {
			if (cookie) {
				rc = ber_printf(ber, "{tOst{sON}" /*"}"*/,
					LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, cookie,
					dn, LDAP_AUTH_SASL, mechanism, cred);
			} else {
				rc = ber_printf(ber, "{st{sON}" /*"}"*/,
					dn, LDAP_AUTH_SASL, mechanism, cred);
			}
		}
	}

	if (rc < 0) {
		rc = ld->ld_errno = LDAP_ENCODING_ERROR;
		goto done;
	}

	if (vcctrls && *vcctrls) {
		LDAPControl *const *c;

		rc = ber_printf(ber, "t{" /*"}"*/, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS);

		for (c=vcctrls; *c; c++) {
			rc = ldap_pvt_put_control(*c, ber);
			if (rc != LDAP_SUCCESS) {
				rc = ld->ld_errno = LDAP_ENCODING_ERROR;
				goto done;
			}
		}

		rc = ber_printf(ber, /*"{{"*/ "}N}");

	} else {
		rc = ber_printf(ber, /*"{"*/ "N}");
	}

	if (rc < 0) {
		rc = ld->ld_errno = LDAP_ENCODING_ERROR;
		goto done;
	}


	rc = ber_flatten2(ber, &reqdata, 0);
	if (rc < 0) {
		rc = ld->ld_errno = LDAP_ENCODING_ERROR;
		goto done;
	}

	rc = ldap_extended_operation(ld, LDAP_EXOP_VERIFY_CREDENTIALS,
		&reqdata, sctrls, cctrls, msgidp);

done:
	ber_free(ber, 1);
	return rc;
}
示例#15
0
int
main( int argc, char *argv[] )
{
	int		rc;

	LDAP		*ld = NULL;

	char		*matcheddn = NULL, *text = NULL, **refs = NULL;
	LDAPControl **ctrls = NULL;
	int		id, code;
	LDAPMessage	*res = NULL;

	tool_init( TOOL_EXOP );
	prog = lutil_progname( "ldapexop", argc, argv );

	/* LDAPv3 only */
	protocol = LDAP_VERSION3;

	tool_args( argc, argv );

	if ( argc - optind < 1 ) {
		usage();
	}

	ld = tool_conn_setup( 0, 0 );

	tool_bind( ld );

	argv += optind;
	argc -= optind;

	if ( strcasecmp( argv[ 0 ], "whoami" ) == 0 ) {
		tool_server_controls( ld, NULL, 0 );

		rc = ldap_whoami( ld, NULL, NULL, &id ); 
		if ( rc != LDAP_SUCCESS ) {
			tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
			rc = EXIT_FAILURE;
			goto skip;
		}

	} else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
		int		cancelid;

		switch ( argc ) {
		case 2:
			 if ( lutil_atoi( &cancelid, argv[ 1 ] ) != 0 || cancelid < 0 ) {
				fprintf( stderr, "invalid cancelid=%s\n\n", argv[ 1 ] );
				usage();
			}
			break;

		default:
			fprintf( stderr, "need cancelid\n\n" );
			usage();
		}

		rc = ldap_cancel( ld, cancelid, NULL, NULL, &id );
		if ( rc != LDAP_SUCCESS ) {
			tool_perror( "ldap_cancel", rc, NULL, NULL, NULL, NULL );
			rc = EXIT_FAILURE;
			goto skip;
		}

	} else if ( strcasecmp( argv[ 0 ], "passwd" ) == 0 ) {
		fprintf( stderr, "use ldappasswd(1) instead.\n\n" );
		usage();
		/* TODO? */

	} else if ( strcasecmp( argv[ 0 ], "refresh" ) == 0 ) {
		int		ttl = 3600;
		struct berval	dn;

		switch ( argc ) {
		case 3:
			ttl = atoi( argv[ 2 ] );

		case 2:
			dn.bv_val = argv[ 1 ];
			dn.bv_len = strlen( dn.bv_val );
			break;

		default:
			fprintf( stderr, _("need DN [ttl]\n\n") );
			usage();
		}
		
		tool_server_controls( ld, NULL, 0 );

		rc = ldap_refresh( ld, &dn, ttl, NULL, NULL, &id ); 
		if ( rc != LDAP_SUCCESS ) {
			tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
			rc = EXIT_FAILURE;
			goto skip;
		}

	} else {
		char *p;

		if ( argc != 1 ) {
			usage();
		}

		p = strchr( argv[ 0 ], ':' );
		if ( p == argv[ 0 ] ) {
			usage();
		}

		if ( p != NULL )
			*p++ = '\0';

		if ( tool_is_oid( argv[ 0 ] ) ) {
			struct berval	reqdata;
			struct berval	type;
			struct berval	value;
			int		freeval;

			if ( p != NULL ) {
				p[ -1 ] = ':';
				ldif_parse_line2( argv[ 0 ], &type, &value, &freeval );
				p[ -1 ] = '\0';

				if ( freeval ) {
					reqdata = value;
				} else {
					ber_dupbv( &reqdata, &value );
				}
			}


			tool_server_controls( ld, NULL, 0 );

			rc = ldap_extended_operation( ld, argv[ 0 ], p ? &reqdata : NULL, NULL, NULL, &id );
			if ( rc != LDAP_SUCCESS ) {
				tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
				rc = EXIT_FAILURE;
				goto skip;
			}
		} else {
			fprintf( stderr, "unknown exop \"%s\"\n\n", argv[ 0 ] );
			usage();
		}
	}

	for ( ; ; ) {
		struct timeval	tv;

		if ( tool_check_abandon( ld, id ) ) {
			tool_exit( ld, LDAP_CANCELLED );
		}

		tv.tv_sec = 0;
		tv.tv_usec = 100000;

		rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
		if ( rc < 0 ) {
			tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
			rc = EXIT_FAILURE;
			goto skip;
		}

		if ( rc != 0 ) {
			break;
		}
	}

	rc = ldap_parse_result( ld, res,
		&code, &matcheddn, &text, &refs, &ctrls, 0 );
	if ( rc == LDAP_SUCCESS ) {
		rc = code;
	}

	if ( rc != LDAP_SUCCESS ) {
		tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs );
		rc = EXIT_FAILURE;
		goto skip;
	}

	if ( strcasecmp( argv[ 0 ], "whoami" ) == 0 ) {
		char		*retoid = NULL;
		struct berval	*retdata = NULL;

		rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );

		if ( rc != LDAP_SUCCESS ) {
			tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
			rc = EXIT_FAILURE;
			goto skip;
		}

		if ( retdata != NULL ) {
			if ( retdata->bv_len == 0 ) {
				printf(_("anonymous\n") );
			} else {
				printf("%s\n", retdata->bv_val );
			}
		}

		ber_memfree( retoid );
		ber_bvfree( retdata );

	} else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
		/* no extended response; returns specific errors */
		assert( 0 );

	} else if ( strcasecmp( argv[ 0 ], "passwd" ) == 0 ) {
		/* TODO */

	} else if ( strcasecmp( argv[ 0 ], "refresh" ) == 0 ) {
		int	newttl;

		rc = ldap_parse_refresh( ld, res, &newttl );

		if ( rc != LDAP_SUCCESS ) {
			tool_perror( "ldap_parse_refresh", rc, NULL, NULL, NULL, NULL );
			rc = EXIT_FAILURE;
			goto skip;
		}

		printf( "newttl=%d\n", newttl );

	} else if ( tool_is_oid( argv[ 0 ] ) ) {
		char		*retoid = NULL;
		struct berval	*retdata = NULL;

		if( ldif < 2 ) {
			printf(_("# extended operation response\n"));
		}

		rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 0 );
		if ( rc != LDAP_SUCCESS ) {
			tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
			rc = EXIT_FAILURE;
			goto skip;
		}

		if ( ldif < 2 && retoid != NULL ) {
			tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
				"oid", retoid, strlen(retoid) );
		}

		ber_memfree( retoid );

		if( retdata != NULL ) {
			if ( ldif < 2 ) {
				tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_BINARY,
					"data", retdata->bv_val, retdata->bv_len );
			}

			ber_bvfree( retdata );
		}
	}

	if( verbose || code != LDAP_SUCCESS ||
		( matcheddn && *matcheddn ) || ( text && *text ) || refs ) {
		printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );

		if( text && *text ) {
			printf( _("Additional info: %s\n"), text );
		}

		if( matcheddn && *matcheddn ) {
			printf( _("Matched DN: %s\n"), matcheddn );
		}

		if( refs ) {
			int i;
			for( i=0; refs[i]; i++ ) {
				printf(_("Referral: %s\n"), refs[i] );
			}
		}
	}

    if (ctrls) {
		tool_print_ctrls( ld, ctrls );
		ldap_controls_free( ctrls );
	}

	ber_memfree( text );
	ber_memfree( matcheddn );
	ber_memvfree( (void **) refs );

skip:
	/* disconnect from server */
	if ( res )
		ldap_msgfree( res );
	tool_exit( ld, code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
}
示例#16
0
int
main( int argc, char *argv[] )
{
	int rc;
	char	*user = NULL;

	LDAP	       *ld = NULL;
	struct berval bv = {0, NULL};
	BerElement  *ber = NULL;

	int id, code = LDAP_OTHER;
	LDAPMessage *res;
	char *matcheddn = NULL, *text = NULL, **refs = NULL;
	char	*retoid = NULL;
	struct berval *retdata = NULL;
	LDAPControl **ctrls = NULL;

    tool_init( TOOL_PASSWD );
	prog = lutil_progname( "ldappasswd", argc, argv );

	/* LDAPv3 only */
	protocol = LDAP_VERSION3;

	tool_args( argc, argv );

	if( argc - optind > 1 ) {
		usage();
	} else if ( argc - optind == 1 ) {
		user = strdup( argv[optind] );
	} else {
		user = NULL;
	}

	if( oldpwfile ) {
		rc = lutil_get_filed_password( oldpwfile, &oldpw );
		if( rc ) {
			rc = EXIT_FAILURE;
			goto done;
		}
	}

	if( want_oldpw && oldpw.bv_val == NULL ) {
		/* prompt for old password */
		char *ckoldpw;
		oldpw.bv_val = strdup(getpassphrase(_("Old password: "******"Re-enter old password: "******"passwords do not match\n") );
			rc = EXIT_FAILURE;
			goto done;
		}

		oldpw.bv_len = strlen( oldpw.bv_val );
	}

	if( newpwfile ) {
		rc = lutil_get_filed_password( newpwfile, &newpw );
		if( rc ) {
			rc = EXIT_FAILURE;
			goto done;
		}
	}

	if( want_newpw && newpw.bv_val == NULL ) {
		/* prompt for new password */
		char *cknewpw;
		newpw.bv_val = strdup(getpassphrase(_("New password: "******"Re-enter new password: "******"passwords do not match\n") );
			rc = EXIT_FAILURE;
			goto done;
		}

		newpw.bv_len = strlen( newpw.bv_val );
	}

	ld = tool_conn_setup( 0, 0 );

	tool_bind( ld );

	if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) {
		/* build the password modify request data */
		ber = ber_alloc_t( LBER_USE_DER );

		if( ber == NULL ) {
			perror( "ber_alloc_t" );
			rc = EXIT_FAILURE;
			goto done;
		}

		ber_printf( ber, "{" /*}*/ );

		if( user != NULL ) {
			ber_printf( ber, "ts",
				LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
			free(user);
		}

		if( oldpw.bv_val != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
			free(oldpw.bv_val);
		}

		if( newpw.bv_val != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
			free(newpw.bv_val);
		}

		ber_printf( ber, /*{*/ "N}" );

		rc = ber_flatten2( ber, &bv, 0 );

		if( rc < 0 ) {
			perror( "ber_flatten2" );
			rc = EXIT_FAILURE;
			goto done;
		}
	}

	if ( dont ) {
		rc = LDAP_SUCCESS;
		goto done;
	}

	tool_server_controls( ld, NULL, 0);

	rc = ldap_extended_operation( ld,
		LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, 
		NULL, NULL, &id );

	ber_free( ber, 1 );

	if( rc != LDAP_SUCCESS ) {
		tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
		rc = EXIT_FAILURE;
		goto done;
	}

	for ( ; ; ) {
		struct timeval	tv;

		if ( tool_check_abandon( ld, id ) ) {
			tool_exit( ld, LDAP_CANCELLED );
		}

		tv.tv_sec = 0;
		tv.tv_usec = 100000;

		rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
		if ( rc < 0 ) {
			tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
			tool_exit( ld, rc );
		}

		if ( rc != 0 ) {
			break;
		}
	}

	rc = ldap_parse_result( ld, res,
		&code, &matcheddn, &text, &refs, &ctrls, 0 );
	if( rc != LDAP_SUCCESS ) {
		tool_perror( "ldap_parse_result", rc, NULL, NULL, NULL, NULL );
		rc = EXIT_FAILURE;
		goto done;
	}

	rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
	if( rc != LDAP_SUCCESS ) {
		tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
		rc = EXIT_FAILURE;
		goto done;
	}

	if( retdata != NULL ) {
		ber_tag_t tag;
		char *s;
		ber = ber_init( retdata );

		if( ber == NULL ) {
			perror( "ber_init" );
			rc = EXIT_FAILURE;
			goto done;
		}

		/* we should check the tag */
		tag = ber_scanf( ber, "{a}", &s);

		if( tag == LBER_ERROR ) {
			perror( "ber_scanf" );
		} else {
			printf(_("New password: %s\n"), s);
			ber_memfree( s );
		}

		ber_free( ber, 1 );

	} else if ( code == LDAP_SUCCESS && newpw.bv_val == NULL ) {
		tool_perror( "ldap_parse_extended_result", LDAP_DECODING_ERROR,
			" new password expected", NULL, NULL, NULL );
	}

	if( verbose || code != LDAP_SUCCESS ||
		( matcheddn && *matcheddn ) || ( text && *text ) || refs || ctrls )
	{
		printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );

		if( text && *text ) {
			printf( _("Additional info: %s\n"), text );
		}

		if( matcheddn && *matcheddn ) {
			printf( _("Matched DN: %s\n"), matcheddn );
		}

		if( refs ) {
			int i;
			for( i=0; refs[i]; i++ ) {
				printf(_("Referral: %s\n"), refs[i] );
			}
		}

		if( ctrls ) {
			tool_print_ctrls( ld, ctrls );
			ldap_controls_free( ctrls );
		}
	}

	ber_memfree( text );
	ber_memfree( matcheddn );
	ber_memvfree( (void **) refs );
	ber_memfree( retoid );
	ber_bvfree( retdata );

	rc = ( code == LDAP_SUCCESS ) ? EXIT_SUCCESS : EXIT_FAILURE;

done:
	/* disconnect from server */
	tool_exit( ld, rc ); 
}
示例#17
0
int
ldap_passwd( LDAP *ld,
	struct berval	*user,
	struct berval	*oldpw,
	struct berval	*newpw,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp )
{
	int rc;
	struct berval bv = BER_BVNULL;
	BerElement *ber = NULL;

	assert( ld != NULL );
	assert( LDAP_VALID( ld ) );
	assert( msgidp != NULL );

	if( user != NULL || oldpw != NULL || newpw != NULL ) {
		/* build change password control */
		ber = ber_alloc_t( LBER_USE_DER );

		if( ber == NULL ) {
			ld->ld_errno = LDAP_NO_MEMORY;
			return ld->ld_errno;
		}

		ber_printf( ber, "{" /*}*/ );

		if( user != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
		}

		if( oldpw != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
		}

		if( newpw != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
		}

		ber_printf( ber, /*{*/ "N}" );

		rc = ber_flatten2( ber, &bv, 0 );

		if( rc < 0 ) {
			ld->ld_errno = LDAP_ENCODING_ERROR;
			return ld->ld_errno;
		}

	}
	
	rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD,
		bv.bv_val ? &bv : NULL, sctrls, cctrls, msgidp );

	ber_free( ber, 1 );

	return rc;
}
示例#18
0
int
main( int argc, char *argv[] )
{
	int rc;
	char	*user = NULL;

	LDAP	       *ld = NULL;
	struct berval bv = {0, NULL};
	BerElement  *ber = NULL;

	int id, code = LDAP_OTHER;
	LDAPMessage *res;
	char *matcheddn = NULL, *text = NULL, **refs = NULL;
	char	*retoid = NULL;
	struct berval *retdata = NULL;

	prog = lutil_progname( "ldappasswd", argc, argv );

	/* LDAPv3 only */
	protocol = LDAP_VERSION3;

	tool_args( argc, argv );

	if( argc - optind > 1 ) {
		usage();
	} else if ( argc - optind == 1 ) {
		user = strdup( argv[optind] );
	} else {
		user = NULL;
	}

	if( oldpwfile ) {
		rc = lutil_get_filed_password( prog, &oldpw );
		if( rc ) return EXIT_FAILURE;
	}

	if( want_oldpw && oldpw.bv_val == NULL ) {
		/* prompt for old password */
		char *ckoldpw;
		oldpw.bv_val = strdup(getpassphrase("Old password: "******"Re-enter old password: "******"passwords do not match\n" );
			return EXIT_FAILURE;
		}

		oldpw.bv_len = strlen( oldpw.bv_val );
	}

	if( newpwfile ) {
		rc = lutil_get_filed_password( prog, &newpw );
		if( rc ) return EXIT_FAILURE;
	}

	if( want_newpw && newpw.bv_val == NULL ) {
		/* prompt for new password */
		char *cknewpw;
		newpw.bv_val = strdup(getpassphrase("New password: "******"Re-enter new password: "******"passwords do not match\n" );
			return EXIT_FAILURE;
		}

		newpw.bv_len = strlen( newpw.bv_val );
	}

	if( want_bindpw && passwd.bv_val == NULL ) {
		/* handle bind password */
		if ( pw_file ) {
			rc = lutil_get_filed_password( pw_file, &passwd );
			if( rc ) return EXIT_FAILURE;
		} else {
			passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"ber_alloc_t" );
			ldap_unbind( ld );
			return EXIT_FAILURE;
		}

		ber_printf( ber, "{" /*}*/ );

		if( user != NULL ) {
			ber_printf( ber, "ts",
				LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user );
			free(user);
		}

		if( oldpw.bv_val != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
			free(oldpw.bv_val);
		}

		if( newpw.bv_val != NULL ) {
			ber_printf( ber, "tO",
				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
			free(newpw.bv_val);
		}

		ber_printf( ber, /*{*/ "N}" );

		rc = ber_flatten2( ber, &bv, 0 );

		if( rc < 0 ) {
			perror( "ber_flatten2" );
			ldap_unbind( ld );
			return EXIT_FAILURE;
		}
	}

	if ( not ) {
		rc = LDAP_SUCCESS;
		goto skip;
	}

	rc = ldap_extended_operation( ld,
		LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, 
		NULL, NULL, &id );

	ber_free( ber, 1 );

	if( rc != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_extended_operation" );
		ldap_unbind( ld );
		return EXIT_FAILURE;
	}

	rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
	if ( rc < 0 ) {
		ldap_perror( ld, "ldappasswd: ldap_result" );
		return rc;
	}

	rc = ldap_parse_result( ld, res,
		&code, &matcheddn, &text, &refs, NULL, 0 );

	if( rc != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_parse_result" );
		return rc;
	}

	rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );

	if( rc != LDAP_SUCCESS ) {
		ldap_perror( ld, "ldap_parse_result" );
		return rc;
	}

	if( retdata != NULL ) {
		ber_tag_t tag;
		char *s;
		ber = ber_init( retdata );

		if( ber == NULL ) {
			perror( "ber_init" );
			ldap_unbind( ld );
			return EXIT_FAILURE;
		}

		/* we should check the tag */
		tag = ber_scanf( ber, "{a}", &s);

		if( tag == LBER_ERROR ) {
			perror( "ber_scanf" );
		} else {
			printf("New password: %s\n", s);
			free( s );
		}

		ber_free( ber, 1 );
	}

	if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) {
		printf( "Result: %s (%d)\n", ldap_err2string( code ), code );

		if( text && *text ) {
			printf( "Additional info: %s\n", text );
		}

		if( matcheddn && *matcheddn ) {
			printf( "Matched DN: %s\n", matcheddn );
		}

		if( refs ) {
			int i;
			for( i=0; refs[i]; i++ ) {
				printf("Referral: %s\n", refs[i] );
			}
		}
	}

	ber_memfree( text );
	ber_memfree( matcheddn );
	ber_memvfree( (void **) refs );
	ber_memfree( retoid );
	ber_bvfree( retdata );

skip:
	/* disconnect from server */
	ldap_unbind (ld);

	return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}