krb5_error_code ipadb_simple_search(struct ipadb_context *ipactx, char *basedn, int scope, char *filter, char **attrs, LDAPMessage **res) { int ret; ret = ipadb_check_connection(ipactx); if (ret != 0) return ipadb_simple_ldap_to_kerr(ret); ret = ldap_search_ext_s(ipactx->lcontext, basedn, scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, res); /* first test if we need to retry to connect */ if (ret != 0 && ipadb_need_retry(ipactx, ret)) { ldap_msgfree(*res); ret = ldap_search_ext_s(ipactx->lcontext, basedn, scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, res); } return ipadb_simple_ldap_to_kerr(ret); }
krb5_error_code ipadb_multibase_search(struct ipadb_context *ipactx, char **basedns, int scope, char *filter, char **attrs, struct ipadb_multires **res, bool any) { int ret; ret = ipadb_multires_init(ipactx->lcontext, res); if (ret != 0) return ret; ret = ipadb_check_connection(ipactx); if (ret != 0) return ipadb_simple_ldap_to_kerr(ret); for (int b = 0; basedns[b]; b++) { LDAPMessage *r; ret = ldap_search_ext_s(ipactx->lcontext, basedns[b], scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, &r); /* first test if we need to retry to connect */ if (ret != 0 && ipadb_need_retry(ipactx, ret)) { ldap_msgfree(r); ret = ldap_search_ext_s(ipactx->lcontext, basedns[b], scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, &r); } if (ret != 0) break; if (ldap_count_entries(ipactx->lcontext, r) > 0) { void *tmp = realloc((*res)->res, (((*res)->count + 1) * sizeof(LDAPMessage *))); if (tmp == NULL) { ret = ENOMEM; break; } (*res)->res = tmp; (*res)->res[(*res)->count] = r; (*res)->count++; if (any) break; } } if (ret != 0) { ipadb_multires_free(*res); *res = NULL; } return ipadb_simple_ldap_to_kerr(ret); }
char *ReadLDAPValue(const char *Filter, char *Value) { LDAPMessage *res, *res2; struct berval **attrValues; char *attrNames[] = {Value,NULL}; char *ret; struct timeval timeout; int rv; timeout.tv_sec = 5; timeout.tv_usec = 0; rv = ldap_search_ext_s(gpLDAP, "", LDAP_SCOPE_BASE, Filter, attrNames, 0, NULL, NULL, &timeout, 1, &res ); printf("ReadLDAPValue: rv = %i\n", rv); if(rv) { fprintf(stderr, "LDAP Error reading '%s' with filter '%s'\n%s\n", Value, Filter, ldap_err2string(rv) ); return NULL; } res2 = ldap_first_entry(gpLDAP, res); attrValues = ldap_get_values_len(gpLDAP, res2, Value); ret = strndup(attrValues[0]->bv_val, attrValues[0]->bv_len); ldap_value_free_len(attrValues); return ret; }
BOOLEAN VdcIfDNExist( LDAP* pLd, PCSTR pszDN) { DWORD dwError = 0; LDAPMessage* pSearchRes = NULL; dwError = ldap_search_ext_s( pLd, pszDN, /* base */ LDAP_SCOPE_BASE, NULL, /* filter */ NULL, /* attrs */ FALSE, /* attrsonly */ NULL, /* serverctrls */ NULL, /* clientctrls */ NULL, /* timeout */ 0, /* sizelimit */ &pSearchRes); BAIL_ON_VMDIR_ERROR(dwError); cleanup: if (pSearchRes) { ldap_msgfree(pSearchRes); } return dwError == 0; error: goto cleanup; }
int tsps_ldap_get_userid(const char *user) { char user_filt[128]; int res; char *attrs[] = { "uidNumber", NULL }; LDAPMessage *vals = NULL; LDAPMessage *val; int uidnum = -1; snprintf(user_filt, sizeof(user_filt), "(uid=%s)", user); res = ldap_search_ext_s(ldp, server.ldap_user_base, LDAP_SCOPE_ONELEVEL, user_filt, attrs, 0, NULL, NULL, NULL, 0, &vals); if (res != LDAP_SUCCESS) { fprintf(stderr, "LDAP search error: %s\n", ldap_err2string(res)); return -1; } for (val = ldap_first_message(ldp, vals); val; val = ldap_next_message(ldp, val)) { struct berval **uid_val = ldap_get_values_len(ldp, val, "uidNumber"); if (uid_val) { uidnum = (int)strtol(uid_val[0]->bv_val, NULL, 0); ldap_value_free_len(uid_val); break; } } ldap_msgfree(vals); return uidnum; }
/* * Given a list of naming contexts check each one to see if it has * an IPA v2 server in it. The first one we find wins. */ static int check_ipa_server(LDAP *ld, char **ldap_base, struct berval **vals) { struct berval **infovals; LDAPMessage *entry, *res = NULL; char *info_attrs[] = {"info", NULL}; int i, ret = 0; for (i = 0; !*ldap_base && vals[i]; i++) { ret = ldap_search_ext_s(ld, vals[i]->bv_val, LDAP_SCOPE_BASE, "(info=IPA*)", info_attrs, 0, NULL, NULL, NULL, 0, &res); if (ret != LDAP_SUCCESS) { break; } entry = ldap_first_entry(ld, res); infovals = ldap_get_values_len(ld, entry, info_attrs[0]); if (!strcmp(infovals[0]->bv_val, "IPA V2.0")) *ldap_base = strdup(vals[i]->bv_val); ldap_msgfree(res); res = NULL; } return ret; }
static int ldaplookup_search_s( LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter, char **attrs, int attrsonly, LDAPMessage **res ) { int result; #ifdef HAVE_LDAP_SEARCH_EXT_S result = ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, NULL, NULL, NULL, 0, res); #else result = ldap_search_s(ld, base, scope, filter, attrs, attrsonly, res); #endif #ifdef TRACE_BY_LDAP fprintf(stderr, "TRACE_BY_LDAP ldaplookup_search_s:" "\n base=%s\n filter=%s\n" " ldap_search_{XXX}s return 0x%x(%s)\n" , base, filter , result, ldap_err2string(result)); #endif return(result); }
/** * Attempt to discover the base DN for a server using LDAP version 3. * \param ld LDAP handle for a connected server. * \param tov Timeout value (seconds), or 0 for none, default 30 secs. * \return List of Base DN's, or NULL if could not read. List should be * g_free() when done. */ static GList *ldaputil_test_v3( LDAP *ld, gint tov ) { GList *baseDN = NULL; gint rc, i; LDAPMessage *result, *e; gchar *attribs[2]; BerElement *ber; gchar *attribute; gchar **vals; struct timeval timeout; /* Set timeout */ timeout.tv_usec = 0L; if( tov > 0 ) { timeout.tv_sec = tov; } else { timeout.tv_sec = 30L; } /* Test for LDAP version 3 */ attribs[0] = SYLDAP_V3_TEST_ATTR; attribs[1] = NULL; rc = ldap_search_ext_s( ld, SYLDAP_SEARCHBASE_V3, LDAP_SCOPE_BASE, SYLDAP_TEST_FILTER, attribs, 0, NULL, NULL, &timeout, 0, &result ); if( rc == LDAP_SUCCESS ) { /* Process entries */ for( e = ldap_first_entry( ld, result ); e != NULL; e = ldap_next_entry( ld, e ) ) { /* Process attributes */ for( attribute = ldap_first_attribute( ld, e, &ber ); attribute != NULL; attribute = ldap_next_attribute( ld, e, ber ) ) { if( strcasecmp( attribute, SYLDAP_V3_TEST_ATTR ) == 0 ) { vals = ldap_get_values( ld, e, attribute ); if( vals != NULL ) { for( i = 0; vals[i] != NULL; i++ ) { baseDN = g_list_append( baseDN, g_strdup( vals[i] ) ); } } ldap_value_free( vals ); } ldap_memfree( attribute ); } if( ber != NULL ) { ber_free( ber, 0 ); } ber = NULL; } } ldap_msgfree( result ); return baseDN; }
static void do_read( LDAP *ld, char *entry, char **attrs, int noattrs, int nobind, int maxloop, int maxretries, int delay, int force, int chaserefs, int idx ) { int i = 0, do_retry = maxretries; int rc = LDAP_SUCCESS; char thrstr[BUFSIZ]; retry:; if ( do_retry == maxretries ) { snprintf( thrstr, BUFSIZ, "Read(%d): entry=\"%s\".\n", maxloop, entry ); thread_verbose( idx, thrstr ); } snprintf(thrstr, BUFSIZ, "LD %p cnt: %d (retried %d) (%s)", \ (void *) ld, maxloop, (do_retry - maxretries), entry); thread_verbose( idx, thrstr ); for ( ; i < maxloop; i++ ) { LDAPMessage *res = NULL; rc = ldap_search_ext_s( ld, entry, LDAP_SCOPE_BASE, NULL, attrs, noattrs, NULL, NULL, NULL, LDAP_NO_LIMIT, &res ); if ( res != NULL ) { ldap_msgfree( res ); } if ( rc == 0 ) { rt_pass[idx]++; } else { int first = tester_ignore_err( rc ); char buf[ BUFSIZ ]; rt_fail[idx]++; snprintf( buf, sizeof( buf ), "ldap_search_ext_s(%s)", entry ); /* if ignore.. */ if ( first ) { /* only log if first occurrence */ if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) { tester_ldap_error( ld, buf, NULL ); } continue; } /* busy needs special handling */ tester_ldap_error( ld, buf, NULL ); if ( rc == LDAP_BUSY && do_retry > 0 ) { do_retry--; goto retry; } break; } } }
static int st_search(SearchThread *st) { char *filterBuffer = NULL; char *pFilter; struct timeval timeout; struct timeval *timeoutp; int scope, attrsOnly = 0; LDAPMessage *result; int ret; scope = myScope; if (ntable || numeric) { char *s = NULL; char num[22]; /* string length of unsigned 64 bit integer + 1 */ if (! numeric) { do { s = nt_getrand(ntable); } while ((s) && (strlen(s) < 1)); } else { sprintf(num, "%d", get_large_random_number() % numeric); s = num; } filterBuffer = PR_smprintf("%s%s",filter, s ? s : ""); pFilter = filterBuffer; } else { pFilter = filter; } /* Try to get attributes from the attrNameTable */ if (!attrToReturn) attrToReturn = nt_get_all(attrTable); if (searchTimelimit <= 0) { timeoutp = NULL; } else { timeout.tv_sec = searchTimelimit; timeout.tv_usec = 0; timeoutp = &timeout; } ret = ldap_search_ext_s(st->ld, suffix, scope, pFilter, attrToReturn, attrsOnly, NULL, NULL, timeoutp, -1, &result); if (ret != LDAP_SUCCESS) { fprintf(stderr, "T%d: failed to search 2, error=0x%02X\n", st->id, ret); } ldap_msgfree(result); if(filterBuffer){ PR_smprintf_free(filterBuffer); } return ret; }
/* ARGSUSED */ int _ns_ldap_search_ext_s(char *service, int flags, char *base, int scope, char *filter, char **attrs, int attrsonly, LDAPControl **serverctrls, LDAPControl **clientctrls, struct timeval *timeoutp, int sizelimit, LDAPMessage **res) { LDAP *ld = __s_api_getLDAPconn(flags); return (ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeoutp, sizelimit, res)); }
/*********************************************************************** * ldap_search_ext_sW (WLDAP32.@) * * Search a directory tree (synchronous operation). * * PARAMS * ld [I] Pointer to an LDAP context. * base [I] Starting point for the search. * scope [I] Search scope. One of LDAP_SCOPE_BASE, * LDAP_SCOPE_ONELEVEL and LDAP_SCOPE_SUBTREE. * filter [I] Search filter. * attrs [I] Attributes to return. * attrsonly [I] Return no values, only attributes. * serverctrls [I] Array of LDAP server controls. * clientctrls [I] Array of LDAP client controls. * timeout [I] Timeout in seconds. * sizelimit [I] Maximum number of entries to return. Zero means unlimited. * res [O] Results of the search operation. * * RETURNS * Success: LDAP_SUCCESS * Failure: An LDAP error code. * * NOTES * Call ldap_msgfree to free the results. */ ULONG CDECL ldap_search_ext_sW( WLDAP32_LDAP *ld, PWCHAR base, ULONG scope, PWCHAR filter, PWCHAR attrs[], ULONG attrsonly, PLDAPControlW *serverctrls, PLDAPControlW *clientctrls, struct l_timeval* timeout, ULONG sizelimit, WLDAP32_LDAPMessage **res ) { ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED; #ifdef HAVE_LDAP char *baseU = NULL, *filterU = NULL, **attrsU = NULL; LDAPControl **serverctrlsU = NULL, **clientctrlsU = NULL; ret = WLDAP32_LDAP_NO_MEMORY; TRACE( "(%p, %s, 0x%08x, %s, %p, 0x%08x, %p, %p, %p, 0x%08x, %p)\n", ld, debugstr_w(base), scope, debugstr_w(filter), attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res ); if (!ld || !res) return WLDAP32_LDAP_PARAM_ERROR; if (base) { baseU = strWtoU( base ); if (!baseU) goto exit; } if (filter) { filterU = strWtoU( filter ); if (!filterU) goto exit; } if (attrs) { attrsU = strarrayWtoU( attrs ); if (!attrsU) goto exit; } if (serverctrls) { serverctrlsU = controlarrayWtoU( serverctrls ); if (!serverctrlsU) goto exit; } if (clientctrls) { clientctrlsU = controlarrayWtoU( clientctrls ); if (!clientctrlsU) goto exit; } ret = map_error( ldap_search_ext_s( ld, baseU, scope, filterU, attrsU, attrsonly, serverctrlsU, clientctrlsU, (struct timeval *)timeout, sizelimit, res )); exit: strfreeU( baseU ); strfreeU( filterU ); strarrayfreeU( attrsU ); controlarrayfreeU( serverctrlsU ); controlarrayfreeU( clientctrlsU ); #endif return ret; }
static int ldap_get_fulldn(LD_session *session, char *username, char *userstr, int username_length) { struct berval cred; struct berval *msgidp=NULL; char filter[MAXFILTERSTR], *dn; int rc = 0; char logbuf[MAXLOGBUF]; LDAPMessage *res, *entry; memset(userstr, 0, username_length); cred.bv_val = ldap_authorization_bindpasswd; cred.bv_len = strlen(ldap_authorization_bindpasswd); #if LDAP_API_VERSION > 3000 if((rc = ldap_sasl_bind_s(session->sess, ldap_authorization_binddn, ldap_authorization_type, &cred, NULL, NULL, &msgidp))!=LDAP_SUCCESS) { snprintf(logbuf, MAXLOGBUF, "!!!Ldap server %s authentificate with method %s failed: %s", ldap_authorization_host, ldap_authorization_type, ldap_err2string(rc)); ldap_log(LOG_DEBUG, logbuf); return RETURN_FALSE; }; #else if((rc = ldap_bind_s(session->sess, ldap_authorization_binddn, ldap_authorization_bindpasswd, LDAP_AUTH_SIMPLE))!=LDAP_SUCCESS) { snprintf(logbuf, MAXLOGBUF, "Ldap server %s authentificate failed: %s", ldap_authorization_host, ldap_err2string(rc)); ldap_log(LOG_DEBUG, logbuf); return RETURN_FALSE; } #endif /* create filter for search */ memset(filter, 0, MAXFILTERSTR); snprintf(filter, MAXLOGBUF, "(uid=%s)", username); if ((rc = ldap_search_ext_s(session->sess, ldap_authorization_basedn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &res)) != LDAP_SUCCESS) { #if LDAP_API_VERSION > 3000 ldap_unbind_ext(session->sess, NULL, NULL); #else ldap_unbind(session->sess); #endif return RETURN_FALSE; } if ((entry = ldap_first_entry(session->sess,res)) == NULL) { return RETURN_FALSE; } else { dn = ldap_get_dn(session->sess, entry); strncpy(userstr, dn, strlen(dn)); }; ldap_msgfree(res); return RETURN_TRUE; }
/** * Should be called on an event requiring an ldap search, * will return an slack_ldap_event_t struct. The event * struct will provide all the necessary information * and pointers to relevant information. The function * itself uses the ldap_query_t tree to make a series * of ldap searches to find out information about the * nick provided, or the lack of it. */ void slack_ldap_search(const char *qval) { slack_ldap_query_t *shead = &head; //Local searches event head while(shead->next != NULL) { LDAPMessage *result; syslog(LOG_INFO, "Performing ldap search for %s", qval); char newfilter[strlen(shead->filterstr) + strlen(qval)]; sprintf(newfilter, shead->filterstr, qval); int search_status = ldap_search_ext_s( ldap, shead->basednstr, LDAP_SCOPE_SUBTREE, newfilter, NULL, 0, NULL, NULL, &timeout, 1, &result); syslog(LOG_INFO, "Search Status: %s", ldap_err2string(search_status)); //if(search_status != LDAP_SUCCESS) { return; } // We should probably die syslog(LOG_INFO, "Parsing ldap search result"); LDAPMessage *entry = ldap_first_entry(ldap, result); char *attribute; BerElement *ber; char **vals; int i; if(entry != NULL) { syslog(LOG_INFO, "Found LDAP Entry..."); /* For each attribute of the entry that has been parsed */ for(attribute = ldap_first_attribute(ldap, entry, &ber); attribute != NULL; // if NULL then we are at the end attribute = ldap_next_attribute(ldap, entry, ber)) { /* For each attribute print the attribute name and values */ if ((vals = ldap_get_values(ldap, entry, attribute)) != NULL) { for(i=0; vals[i] != NULL; i++) { syslog(LOG_INFO, "FOUND VALUE %s: %s", attribute, vals[i]); /* We now have to call the ldap event, which allows the * custom handling from the configuration. */ } ldap_value_free(vals); // MY } ldap_memfree(attribute); // GOD } if(ber != NULL) { ber_free(ber, 0); // MEMLEAK } } ldap_msgfree(result); // AVERTED /* Iterate through to the next ldap search event */ shead = shead->next; } // End While }
static DWORD _GetSchemaEntryFromPartner( LDAP *pLd, LDAPMessage **ppResult, LDAPMessage **ppEntry ) { DWORD dwError = 0; PCSTR pcszFilter = "(objectclass=*)"; LDAPMessage *pResult = NULL; LDAPMessage *pEntry = NULL; dwError = ldap_search_ext_s( pLd, SUB_SCHEMA_SUB_ENTRY_DN, LDAP_SCOPE_BASE, pcszFilter, ppszSchemaEntryAttrs, FALSE, /* get values */ NULL, /* server controls */ NULL, /* client controls */ NULL, /* timeout */ 0, /* size limit */ &pResult); BAIL_ON_VMDIR_ERROR(dwError); // Note: searching by name should yield just one if (ldap_count_entries(pLd, pResult) != 1) { dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION; BAIL_ON_VMDIR_ERROR(dwError); } pEntry = ldap_first_entry(pLd, pResult); *ppEntry = pEntry; *ppResult = pResult; cleanup: return dwError; error: VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s,%d failed, error(%d)", __FUNCTION__, __LINE__, dwError ); if (pResult) { ldap_msgfree(pResult); } goto cleanup; }
/* * If attribute or attrvalues is NULL, just check for the existence of dn. * Otherwise, read values for attribute from dn; then set the bit 1<<n in mask * for each attrvalues[n] which is present in the values read. */ krb5_error_code checkattributevalue(LDAP *ld, char *dn, char *attribute, char **attrvalues, int *mask) { krb5_error_code ret; int one = 1, i, j; char **values = NULL, *attributes[2] = { NULL }; LDAPMessage *result = NULL, *entry; if (strlen(dn) == 0) return set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH); attributes[0] = attribute; /* Read values for attribute from the dn, or check for its existence. */ ret = ldap_search_ext_s(ld, dn, LDAP_SCOPE_BASE, 0, attributes, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); if (ret != LDAP_SUCCESS) { ldap_msgfree(result); return set_ldap_error(0, ret, OP_SEARCH); } /* Don't touch *mask if we are only checking for existence. */ if (attribute == NULL || attrvalues == NULL) goto done; *mask = 0; entry = ldap_first_entry(ld, result); if (entry == NULL) goto done; values = ldap_get_values(ld, entry, attribute); if (values == NULL) goto done; /* Set bits in mask for each matching value we read. */ for (i = 0; attrvalues[i]; i++) { for (j = 0; values[j]; j++) { if (strcasecmp(attrvalues[i], values[j]) == 0) { *mask |= (one << i); break; } } } done: ldap_msgfree(result); ldap_value_free(values); return 0; }
static int ldap_search_ext_s_wrapper(LDAP *ld, char *base, int scope, char *filter, char *attrs[], int attrsonly, LDAPControl **serverctrls, LDAPControl **clientctrls, struct timeval *timeout, int sizelimit, LDAPMessage **res) { #ifdef AUTH_LDAP_TEST_API return (ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)); #else return ((*ldap_search_ext_s_p)(ld, base, scope, filter, attrs, attrsonly, serverctrls, clientctrls, timeout, sizelimit, res)); #endif }
/* * Get the certificate subject base from the IPA configuration. * * Not considered a show-stopper if this fails for some reason. * * The caller is responsible for binding/unbinding to LDAP. */ static int get_subject(LDAP *ld, char *ldap_base, const char **subject, int quiet) { char *attrs[] = {"ipaCertificateSubjectBase", NULL}; char *base = NULL; LDAPMessage *entry, *res = NULL; struct berval **ncvals; int ret, rval = 0; ret = asprintf(&base, "cn=ipaconfig,cn=etc,%s", ldap_base); if (ret == -1) { if (!quiet) fprintf(stderr, _("Out of memory!\n")); rval = 3; goto done; } ret = ldap_search_ext_s(ld, base, LDAP_SCOPE_BASE, "objectclass=*", attrs, 0, NULL, NULL, NULL, 0, &res); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Search for ipaCertificateSubjectBase failed with error %d"), ret); rval = 14; goto done; } entry = ldap_first_entry(ld, res); ncvals = ldap_get_values_len(ld, entry, attrs[0]); if (!ncvals) { fprintf(stderr, _("No values for %s"), attrs[0]); rval = 14; goto done; } *subject = strdup(ncvals[0]->bv_val); ldap_value_free_len(ncvals); done: free(base); if (res) ldap_msgfree(res); return rval; }
static krb5_error_code LDAP_dn2principal(krb5_context context, HDB * db, const char *dn, krb5_principal * principal) { krb5_error_code ret; int rc; const char *filter = "(objectClass=krb5Principal)"; LDAPMessage *res = NULL, *e; char *p; ret = LDAP_no_size_limit(context, HDB2LDAP(db)); if (ret) goto out; rc = ldap_search_ext_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE, filter, krb5principal_attrs, 0, NULL, NULL, NULL, 0, &res); if (check_ldap(context, db, rc)) { ret = HDB_ERR_NOENTRY; krb5_set_error_message(context, ret, "ldap_search_ext_s: " "filter: %s error: %s", filter, ldap_err2string(rc)); goto out; } e = ldap_first_entry(HDB2LDAP(db), res); if (e == NULL) { ret = HDB_ERR_NOENTRY; goto out; } ret = LDAP_get_string_value(db, e, "krb5PrincipalName", &p); if (ret) { ret = HDB_ERR_NOENTRY; goto out; } ret = krb5_parse_name(context, p, principal); free(p); out: if (res) ldap_msgfree(res); return ret; }
int cb_ping_farm(cb_backend_instance *cb, cb_outgoing_conn * cnx,time_t end_time) { char *attrs[] ={"1.1",NULL}; int rc; struct timeval timeout; LDAP *ld; LDAPMessage *result; time_t now; int secure; if (cb->max_idle_time <=0) /* Heart-beat disabled */ return LDAP_SUCCESS; if (cnx && (cnx->status != CB_CONNSTATUS_OK )) /* Known problem */ return LDAP_SERVER_DOWN; now = current_time(); if (end_time && ((now <= end_time) || (end_time <0))) return LDAP_SUCCESS; secure = cb->pool->secure; if (cb->pool->starttls) { secure = 2; } ld=slapi_ldap_init(cb->pool->hostname,cb->pool->port,secure,0); if (NULL == ld) { cb_update_failed_conn_cpt( cb ); return LDAP_SERVER_DOWN; } timeout.tv_sec=cb->max_test_time; timeout.tv_usec=0; /* NOTE: This will fail if we implement the ability to disable anonymous bind */ rc=ldap_search_ext_s(ld ,NULL,LDAP_SCOPE_BASE,"objectclass=*",attrs,1,NULL, NULL, &timeout, 1,&result); if ( LDAP_SUCCESS != rc ) { slapi_ldap_unbind( ld ); cb_update_failed_conn_cpt( cb ); return LDAP_SERVER_DOWN; } ldap_msgfree(result); slapi_ldap_unbind( ld ); cb_reset_conn_cpt( cb ); return LDAP_SUCCESS; }
/*********************************************************************** * ldap_search_stW (WLDAP32.@) * * Search a directory tree (synchronous operation). * * PARAMS * ld [I] Pointer to an LDAP context. * base [I] Starting point for the search. * scope [I] Search scope. One of LDAP_SCOPE_BASE, * LDAP_SCOPE_ONELEVEL and LDAP_SCOPE_SUBTREE. * filter [I] Search filter. * attrs [I] Attributes to return. * attrsonly [I] Return no values, only attributes. * timeout [I] Timeout in seconds. * res [O] Results of the search operation. * * RETURNS * Success: LDAP_SUCCESS * Failure: An LDAP error code. * * NOTES * Call ldap_msgfree to free the results. */ ULONG CDECL ldap_search_stW( WLDAP32_LDAP *ld, const PWCHAR base, ULONG scope, const PWCHAR filter, PWCHAR attrs[], ULONG attrsonly, struct l_timeval *timeout, WLDAP32_LDAPMessage **res ) { ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED; #ifdef HAVE_LDAP char *baseU = NULL, *filterU = NULL, **attrsU = NULL; ret = WLDAP32_LDAP_NO_MEMORY; TRACE( "(%p, %s, 0x%08x, %s, %p, 0x%08x, %p, %p)\n", ld, debugstr_w(base), scope, debugstr_w(filter), attrs, attrsonly, timeout, res ); if (!ld || !res) return WLDAP32_LDAP_PARAM_ERROR; if (base) { baseU = strWtoU( base ); if (!baseU) goto exit; } if (filter) { filterU = strWtoU( filter ); if (!filterU) goto exit; } if (attrs) { attrsU = strarrayWtoU( attrs ); if (!attrsU) goto exit; } ret = map_error( ldap_search_ext_s( ld, baseU, scope, filterU, attrsU, attrsonly, NULL, NULL, (struct timeval *)timeout, 0, res )); exit: strfreeU( baseU ); strfreeU( filterU ); strarrayfreeU( attrsU ); #endif return ret; }
char *ldap_search(char *searchstring, char returnattribute[]){ char **value = 0; char *attribute = (char *) malloc(32 * sizeof(char)); LDAPMessage *entry; LDAPMessage *res; BerElement *berptr; ldap_init(); if(ldap_search_ext_s(ld,LDAP_BASE,LDAP_SCOPE_ONELEVEL,searchstring,NULL,0,NULL,NULL,NULL,LDAP_NO_LIMIT,&res) != LDAP_SUCCESS) { printf("LDAP search faild: %s\n", searchstring); return "failed"; } entry = ldap_first_entry(ld,res); if(entry == NULL) { printf("Could not find first entry\n"); return "failed"; } for(attribute = ldap_first_attribute(ld,entry,&berptr);strcmp(returnattribute,attribute);attribute = ldap_next_attribute(ld,entry,berptr)) { if(!attribute){ printf("Could not find first attribute for: %s\n",entry); return "failed"; } } value = ldap_get_values(ld,entry,attribute); if(value == NULL) { printf("Value returnd NULL\n"); return "failed"; } printf("%s\r\n",value[0]); free(attribute); return value[0]; }
/* return 0 IFF op_dn is a value in group_at (member) attribute * of entry with gr_dn AND that entry has an objectClass * value of group_oc (groupOfNames) */ int ldap_back_group( Backend *be, Connection *conn, Operation *op, Entry *target, struct berval *gr_ndn, struct berval *op_ndn, ObjectClass *group_oc, AttributeDescription* group_at ) { struct ldapinfo *li = (struct ldapinfo *) be->be_private; int rc = 1; Attribute *attr; LDAPMessage *result; char *gattr[2]; char *filter = NULL, *ptr; LDAP *ld; struct berval mop_ndn = { 0, NULL }, mgr_ndn = { 0, NULL }; AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; struct berval group_oc_name = {0, NULL}; struct berval group_at_name = group_at->ad_cname; if( group_oc->soc_names && group_oc->soc_names[0] ) { group_oc_name.bv_val = group_oc->soc_names[0]; } else { group_oc_name.bv_val = group_oc->soc_oid; } if (group_oc_name.bv_val) group_oc_name.bv_len = strlen(group_oc_name.bv_val); if (target != NULL && dn_match( &target->e_nname, gr_ndn ) ) { /* we already have a copy of the entry */ /* attribute and objectclass mapping has already been done */ /* * first we need to check if the objectClass attribute * has been retieved; otherwise we need to repeat the search */ attr = attr_find( target->e_attrs, ad_objectClass ); if ( attr != NULL ) { /* * Now we can check for the group objectClass value */ if( !is_entry_objectclass( target, group_oc, 0 ) ) { return(1); } /* * This part has been reworked: the group attr compare * fails only if the attribute is PRESENT but the value * is NOT PRESENT; if the attribute is NOT PRESENT, the * search must be repeated as well. * This may happen if a search for an entry has already * been performed (target is not null) but the group * attribute has not been required */ if ((attr = attr_find(target->e_attrs, group_at)) != NULL) { if( value_find_ex( group_at, SLAP_MR_VALUE_NORMALIZED_MATCH, attr->a_vals, op_ndn ) != LDAP_SUCCESS ) return(1); return(0); } /* else: repeat the search */ } /* else: repeat the search */ } /* else: do the search */ /* * Rewrite the op ndn if needed */ #ifdef ENABLE_REWRITE switch ( rewrite_session( li->rwinfo, "bindDn", op_ndn->bv_val, conn, &mop_ndn.bv_val ) ) { case REWRITE_REGEXEC_OK: if ( mop_ndn.bv_val == NULL ) { mop_ndn = *op_ndn; } #ifdef NEW_LOGGING LDAP_LOG( BACK_LDAP, DETAIL1, "[rw] bindDn (op ndn in group): \"%s\" -> \"%s\"\n", op_ndn->bv_val, mop_ndn.bv_val, 0 ); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> bindDn (op ndn in group): \"%s\" -> \"%s\"\n%s", op_ndn->bv_val, mop_ndn.bv_val, "" ); #endif /* !NEW_LOGGING */ break; case REWRITE_REGEXEC_UNWILLING: case REWRITE_REGEXEC_ERR: goto cleanup; } /* * Rewrite the gr ndn if needed */ switch ( rewrite_session( li->rwinfo, "searchBase", gr_ndn->bv_val, conn, &mgr_ndn.bv_val ) ) { case REWRITE_REGEXEC_OK: if ( mgr_ndn.bv_val == NULL ) { mgr_ndn = *gr_ndn; } #ifdef NEW_LOGGING LDAP_LOG( BACK_LDAP, DETAIL1, "[rw] searchBase (gr ndn in group): \"%s\" -> \"%s\"\n%s", gr_ndn->bv_val, mgr_ndn.bv_val, "" ); #else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "rw> searchBase (gr ndn in group):" " \"%s\" -> \"%s\"\n%s", gr_ndn->bv_val, mgr_ndn.bv_val, "" ); #endif /* !NEW_LOGGING */ break; case REWRITE_REGEXEC_UNWILLING: case REWRITE_REGEXEC_ERR: goto cleanup; } #else /* !ENABLE_REWRITE */ ldap_back_dn_massage( li, op_ndn, &mop_ndn, 1, 1 ); if ( mop_ndn.bv_val == NULL ) { goto cleanup; } ldap_back_dn_massage( li, gr_ndn, &mgr_ndn, 1, 1 ); if ( mgr_ndn.bv_val == NULL ) { goto cleanup; } #endif /* !ENABLE_REWRITE */ ldap_back_map(&li->oc_map, &group_oc_name, &group_oc_name, BACKLDAP_MAP); if (group_oc_name.bv_val == NULL || group_oc_name.bv_val[0] == '\0') goto cleanup; ldap_back_map(&li->at_map, &group_at_name, &group_at_name, BACKLDAP_MAP); if (group_at_name.bv_val == NULL || group_at_name.bv_val[0] == '\0') goto cleanup; filter = ch_malloc(sizeof("(&(objectclass=)(=))") + group_oc_name.bv_len + group_at_name.bv_len + mop_ndn.bv_len + 1); if (filter == NULL) goto cleanup; if (ldap_initialize(&ld, li->url) != LDAP_SUCCESS) { goto cleanup; } if (ldap_bind_s(ld, li->binddn, li->bindpw, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { goto cleanup; } ptr = lutil_strcopy(filter, "(&(objectclass="); ptr = lutil_strcopy(ptr, group_oc_name.bv_val); ptr = lutil_strcopy(ptr, ")("); ptr = lutil_strcopy(ptr, group_at_name.bv_val); ptr = lutil_strcopy(ptr, "="); ptr = lutil_strcopy(ptr, mop_ndn.bv_val); strcpy(ptr, "))"); gattr[0] = "objectclass"; gattr[1] = NULL; if (ldap_search_ext_s(ld, mgr_ndn.bv_val, LDAP_SCOPE_BASE, filter, gattr, 0, NULL, NULL, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &result) == LDAP_SUCCESS) { if (ldap_first_entry(ld, result) != NULL) rc = 0; ldap_msgfree(result); } cleanup:; if ( ld != NULL ) { ldap_unbind(ld); } ch_free(filter); if ( mop_ndn.bv_val != op_ndn->bv_val ) { free( mop_ndn.bv_val ); } if ( mgr_ndn.bv_val != gr_ndn->bv_val ) { free( mgr_ndn.bv_val ); } return(rc); }
/* * sets last_ldap_result and last_ldap_handle */ int lds_search( char* _lds_name, char* _dn, int _scope, char* _filter, char** _attrs, struct timeval* _search_timeout, int* _ld_result_count, int* _ld_error) { struct ld_session* lds; #ifdef LDAP_PERF struct timeval before_search = { 0, 0 }, after_search = { 0, 0 }; #endif /* * get ld_handle */ if (get_connected_ldap_session(_lds_name, &lds) != 0) { LM_ERR("[%s]: couldn't get ldap session\n", _lds_name); return -1; } /* * free last_ldap_result */ if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } LM_DBG( "[%s]: performing LDAP search: dn [%s]," " scope [%d], filter [%s], client_timeout [%d] usecs\n", _lds_name, _dn, _scope, _filter, (int)(lds->client_search_timeout.tv_sec * 1000000 + lds->client_search_timeout.tv_usec)); #ifdef LDAP_PERF gettimeofday(&before_search, NULL); #endif /* * perform ldap search */ *_ld_error = ldap_search_ext_s( lds->handle, _dn, _scope, _filter, _attrs, 0, NULL, NULL, &lds->client_search_timeout, 0, &last_ldap_result); #ifdef LDAP_PERF gettimeofday(&after_search, NULL); LM_INFO("[%s]: LDAP search took [%d] usecs\n", _lds_name, (int)((after_search.tv_sec * 1000000 + after_search.tv_usec) - (before_search.tv_sec * 1000000 + before_search.tv_usec))); #endif if (*_ld_error != LDAP_SUCCESS) { if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } if (LDAP_API_ERROR(*_ld_error)) { ldap_disconnect(_lds_name); } LM_DBG( "[%s]: ldap_search_ext_st failed: %s\n", _lds_name, ldap_err2string(*_ld_error)); return -1; } last_ldap_handle = lds->handle; *_ld_result_count = ldap_count_entries(lds->handle, last_ldap_result); if (*_ld_result_count < 0) { LM_DBG("[%s]: ldap_count_entries failed\n", _lds_name); return -1; } return 0; }
int main( int argc, char **argv ) { LDAP *ld; LDAPMessage *result, *e; char *attrfail, *matched = NULL, *errmsg = NULL; char **vals, **referrals; int rc, parse_rc, version; unsigned long sortrc; LDAPControl *sortctrl = NULL; LDAPControl *requestctrls[ 2 ]; LDAPControl **resultctrls = NULL; LDAPsortkey **sortkeylist; /* Arrange for all connections to use LDAPv3 */ version = LDAP_VERSION3; if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version ) != 0 ) { fprintf( stderr, "ldap_set_option protocol version to %d failed\n", version ); return( 1 ); } /* Get a handle to an LDAP connection */ if ( (ld = ldap_init( MY_HOST, MY_PORT ) ) == NULL ) { perror( "ldap_init" ); return( 1 ); } /* Authenticate as Directory Manager */ if ( ldap_simple_bind_s( ld, MGR_DN, MGR_PW ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_simple_bind_s" ); ldap_unbind( ld ); return( 1 ); } /* * Create a sort key list that specifies the sort order of the results. * Sort the results by last name first, then by first name. */ ldap_create_sort_keylist( &sortkeylist, "description -givenname" ); /* Create the sort control. */ rc = ldap_create_sort_control( ld, sortkeylist, 1, &sortctrl ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_create_sort_control: %s\n", ldap_err2string( rc ) ); ldap_unbind( ld ); return( 1 ); } requestctrls[ 0 ] = sortctrl; requestctrls[ 1 ] = NULL; /* Search for all entries in Sunnyvale */ rc = ldap_search_ext_s( ld, PEOPLE_BASE, LDAP_SCOPE_SUBTREE, "(objectclass=person)", NULL, 0, requestctrls, NULL, NULL, 0, &result ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_search_ext_s: %s\n", ldap_err2string( rc ) ); ldap_unbind( ld ); return( 1 ); } parse_rc = ldap_parse_result( ld, result, &rc, &matched, &errmsg, &referrals, &resultctrls, 0 ); if ( parse_rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_parse_result: %s\n", ldap_err2string( parse_rc ) ); ldap_unbind( ld ); return( 1 ); } if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_search_ext_s: %s\n", ldap_err2string( rc ) ); if ( errmsg != NULL && *errmsg != '\0' ) { fprintf( stderr, "%s\n", errmsg ); } ldap_unbind( ld ); return( 1 ); } parse_rc = ldap_parse_sort_control( ld, resultctrls, &sortrc, &attrfail ); if ( parse_rc != LDAP_SUCCESS ) { fprintf( stderr, "ldap_parse_sort_control: %s\n", ldap_err2string( parse_rc ) ); ldap_unbind( ld ); return( 1 ); } if ( sortrc != LDAP_SUCCESS ) { fprintf( stderr, "Sort error: %s\n", ldap_err2string( sortrc )); if ( attrfail != NULL && *attrfail != '\0' ) { fprintf( stderr, "Bad attribute: %s\n", attrfail); } ldap_unbind( ld ); return( 1 ); } /* for each entry print out name + all attrs and values */ for ( e = ldap_first_entry( ld, result ); e != NULL; e = ldap_next_entry( ld, e ) ) { if ((vals = ldap_get_values( ld, e, "sn")) != NULL ) { if ( vals[0] != NULL ) { printf( "%s", vals[0] ); } ldap_value_free( vals ); } if ((vals = ldap_get_values( ld, e, "givenname")) != NULL ) { if ( vals[0] != NULL ) { printf( "\t%s", vals[0] ); } ldap_value_free( vals ); } putchar( '\n' ); } ldap_msgfree( result ); ldap_free_sort_keylist( sortkeylist ); ldap_control_free( sortctrl ); ldap_controls_free( resultctrls ); ldap_unbind( ld ); return( 0 ); }
/* * This function will look in ldap id the token correspond to the * requested user. It will returns 0 for failure and 1 for success. * * For the moment ldaps is not supported. ldap serve can be on a * remote host. * * You need the following parameters in you pam config: * ldapserver= OR ldap_uri= * ldapdn= * user_attr= * yubi_attr= * */ static int authorize_user_token_ldap (struct cfg *cfg, const char *user, const char *token_id) { DBG(("called")); int retval = 0; int protocol; #ifdef HAVE_LIBLDAP LDAP *ld = NULL; LDAPMessage *result = NULL, *e; BerElement *ber; char *a; char *attrs[2] = {NULL, NULL}; struct berval **vals; int i, rc; char *find = NULL, *sr = NULL; if (cfg->user_attr == NULL) { DBG (("Trying to look up user to YubiKey mapping in LDAP, but user_attr not set!")); return 0; } if (cfg->yubi_attr == NULL) { DBG (("Trying to look up user to YubiKey mapping in LDAP, but yubi_attr not set!")); return 0; } if (cfg->ldapdn == NULL) { DBG (("Trying to look up user to YubiKey mapping in LDAP, but ldapdn not set!")); return 0; } /* Get a handle to an LDAP connection. */ if (cfg->ldap_uri) { rc = ldap_initialize (&ld, cfg->ldap_uri); if (rc != LDAP_SUCCESS) { DBG (("ldap_init: %s", ldap_err2string (rc))); retval = 0; goto done; } } else { if ((ld = ldap_init (cfg->ldapserver, PORT_NUMBER)) == NULL) { DBG (("ldap_init")); retval = 0; goto done; } } /* LDAPv2 is historical -- RFC3494. */ protocol = LDAP_VERSION3; ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &protocol); /* Bind anonymously to the LDAP server. */ rc = ldap_simple_bind_s (ld, NULL, NULL); if (rc != LDAP_SUCCESS) { DBG (("ldap_simple_bind_s: %s", ldap_err2string (rc))); retval = 0; goto done; } /* Allocation of memory for search strings depending on input size */ find = malloc((strlen(cfg->user_attr)+strlen(cfg->ldapdn)+strlen(user)+3)*sizeof(char)); sprintf (find, "%s=%s,%s", cfg->user_attr, user, cfg->ldapdn); attrs[0] = (char *) cfg->yubi_attr; DBG(("LDAP : look up object '%s', ask for attribute '%s'", find, cfg->yubi_attr)); /* Search for the entry. */ if ((rc = ldap_search_ext_s (ld, find, LDAP_SCOPE_BASE, NULL, attrs, 0, NULL, NULL, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &result)) != LDAP_SUCCESS) { DBG (("ldap_search_ext_s: %s", ldap_err2string (rc))); retval = 0; goto done; } e = ldap_first_entry (ld, result); if (e == NULL) { DBG (("No result from LDAP search")); } else { /* Iterate through each returned attribute. */ for (a = ldap_first_attribute (ld, e, &ber); a != NULL; a = ldap_next_attribute (ld, e, ber)) { if ((vals = ldap_get_values_len (ld, e, a)) != NULL) { /* Compare each value for the attribute against the token id. */ for (i = 0; vals[i] != NULL; i++) { if (!strncmp (token_id, vals[i]->bv_val, strlen (token_id))) { DBG (("Token Found :: %s", vals[i]->bv_val)); retval = 1; } else { DBG (("No match : (%s) %s != %s", a, vals[i]->bv_val, token_id)); } } ldap_value_free_len (vals); } ldap_memfree (a); } if (ber != NULL) ber_free (ber, 0); } done: if (result != NULL) ldap_msgfree (result); if (ld != NULL) ldap_unbind (ld); /* free memory allocated for search strings */ if (find != NULL) free(find); if (sr != NULL) free(sr); #else DBG (("Trying to use LDAP, but this function is not compiled in pam_yubico!!")); DBG (("Install libldap-dev and then recompile pam_yubico.")); #endif return retval; }
static GdaLdapClass * worker_gdaprov_ldap_get_class_info (WorkerLdapClassInfoData *data, GError **error) { GdaLdapClass *retval = NULL; /* initialize known classes */ data->cdata->classes_hash = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, (GDestroyNotify) ldap_class_free); LDAPMessage *msg, *entry; int res; gchar *subschema = NULL; char *subschemasubentry[] = {"subschemaSubentry", NULL}; char *schema_attrs[] = {"objectClasses", NULL}; /* look for subschema */ if (! gda_ldap_ensure_bound (data->cnc, NULL)) return NULL; gda_ldap_execution_slowdown (data->cnc); res = ldap_search_ext_s (data->cdata->handle, "", LDAP_SCOPE_BASE, "(objectclass=*)", subschemasubentry, 0, NULL, NULL, NULL, 0, &msg); if (res != LDAP_SUCCESS) { gda_ldap_may_unbind (data->cnc); return NULL; } if ((entry = ldap_first_entry (data->cdata->handle, msg))) { char *attr; BerElement *ber; if ((attr = ldap_first_attribute (data->cdata->handle, entry, &ber))) { BerValue **bvals; if ((bvals = ldap_get_values_len (data->cdata->handle, entry, attr))) { subschema = g_strdup (bvals[0]->bv_val); ldap_value_free_len (bvals); } ldap_memfree (attr); } if (ber) ber_free (ber, 0); } ldap_msgfree (msg); if (! subschema) { gda_ldap_may_unbind (data->cnc); return NULL; } /* look for attributeTypes */ gda_ldap_execution_slowdown (data->cnc); res = ldap_search_ext_s (data->cdata->handle, subschema, LDAP_SCOPE_BASE, "(objectclass=*)", schema_attrs, 0, NULL, NULL, NULL, 0, &msg); g_free (subschema); if (res != LDAP_SUCCESS) { gda_ldap_may_unbind (data->cnc); return NULL; } GHashTable *h_refs; h_refs = g_hash_table_new_full (NULL, NULL, NULL, (GDestroyNotify) g_strfreev); for (entry = ldap_first_entry (data->cdata->handle, msg); entry; entry = ldap_next_entry (data->cdata->handle, msg)) { char *attr; BerElement *ber; for (attr = ldap_first_attribute (data->cdata->handle, msg, &ber); attr; attr = ldap_next_attribute (data->cdata->handle, msg, ber)) { if (strcasecmp(attr, "objectClasses")) { ldap_memfree (attr); continue; } BerValue **bvals; bvals = ldap_get_values_len (data->cdata->handle, entry, attr); if (bvals) { gint i; for (i = 0; bvals[i]; i++) { LDAPObjectClass *oc; const char *errp; int retcode; oc = ldap_str2objectclass (bvals[i]->bv_val, &retcode, &errp, LDAP_SCHEMA_ALLOW_ALL); if (oc && oc->oc_oid && oc->oc_names && oc->oc_names[0]) { GdaLdapClass *lcl; guint k; lcl = g_new0 (GdaLdapClass, 1); lcl->oid = g_strdup (oc->oc_oid); //#define CLASS_DEBUG #ifdef CLASS_DEBUG g_print ("FOUND CLASS\n"); #endif lcl->names = make_array_from_strv (oc->oc_names, &(lcl->nb_names)); for (k = 0; lcl->names[k]; k++) { #ifdef CLASS_DEBUG g_print (" oc_names[%d] = %s\n", k, lcl->names[k]); #endif g_hash_table_insert (data->cdata->classes_hash, lcl->names[k], lcl); } if (oc->oc_desc) { #ifdef CLASS_DEBUG g_print (" oc_desc = %s\n", oc->oc_desc); #endif lcl->description = g_strdup (oc->oc_desc); } #ifdef CLASS_DEBUG g_print (" oc_kind = %d\n", oc->oc_kind); #endif switch (oc->oc_kind) { case 0: lcl->kind = GDA_LDAP_CLASS_KIND_ABSTRACT; break; case 1: lcl->kind = GDA_LDAP_CLASS_KIND_STRUTURAL; break; case 2: lcl->kind = GDA_LDAP_CLASS_KIND_AUXILIARY; break; default: lcl->kind = GDA_LDAP_CLASS_KIND_UNKNOWN; break; } lcl->obsolete = oc->oc_obsolete; #ifdef CLASS_DEBUG g_print (" oc_obsolete = %d\n", oc->oc_obsolete); #endif gchar **refs; refs = make_array_from_strv (oc->oc_sup_oids, NULL); if (refs) g_hash_table_insert (h_refs, lcl, refs); else data->cdata->top_classes = g_slist_insert_sorted (data->cdata->top_classes, lcl, (GCompareFunc) classes_sort); #ifdef CLASS_DEBUG for (k = 0; oc->oc_sup_oids && oc->oc_sup_oids[k]; k++) g_print (" oc_sup_oids[0] = %s\n", oc->oc_sup_oids[k]); #endif lcl->req_attributes = make_array_from_strv (oc->oc_at_oids_must, &(lcl->nb_req_attributes)); #ifdef CLASS_DEBUG for (k = 0; oc->oc_at_oids_must && oc->oc_at_oids_must[k]; k++) g_print (" oc_at_oids_must[0] = %s\n", oc->oc_at_oids_must[k]); #endif lcl->opt_attributes = make_array_from_strv (oc->oc_at_oids_may, &(lcl->nb_opt_attributes)); #ifdef CLASS_DEBUG for (k = 0; oc->oc_at_oids_may && oc->oc_at_oids_may[k]; k++) g_print (" oc_at_oids_may[0] = %s\n", oc->oc_at_oids_may[k]); #endif } if (oc) ldap_memfree (oc); } ldap_value_free_len (bvals); } ldap_memfree (attr); } if (ber) ber_free (ber, 0); } ldap_msgfree (msg); /* create hierarchy */ g_hash_table_foreach (h_refs, (GHFunc) classes_h_func, data->cdata); g_hash_table_destroy (h_refs); retval = g_hash_table_lookup (data->cdata->classes_hash, data->classname); gda_ldap_may_unbind (data->cnc); return retval; }
static LdapAttribute * worker_gda_ldap_get_attr_info (WorkerLdapAttrInfoData *data, GError **error) { LdapAttribute *retval = NULL; if (data->cdata->attributes_hash) return g_hash_table_lookup (data->cdata->attributes_hash, data->attribute); /* initialize known types */ data->cdata->attributes_hash = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, (GDestroyNotify) ldap_attribute_free); if (data->cdata->attributes_cache_file) { /* try to load from cache file, which must contain one line per attribute: * <syntax oid>,0|1,<attribute name> */ gchar *fdata; if (g_file_get_contents (data->cdata->attributes_cache_file, &fdata, NULL, NULL)) { gchar *start, *ptr; gchar **array; start = fdata; while (1) { gboolean done = FALSE; for (ptr = start; *ptr && (*ptr != '\n'); ptr++); if (*ptr == '\n') *ptr = 0; else done = TRUE; if (*start && (*start != '#')) { array = g_strsplit (start, ",", 3); if (array[0] && array[1] && array[2]) { LdapAttribute *lat; lat = g_new (LdapAttribute, 1); lat->name = g_strdup (array[2]); lat->type = gda_ldap_get_type_info (array[0]); lat->single_value = (*array[1] == '0' ? FALSE : TRUE); g_hash_table_insert (data->cdata->attributes_hash, lat->name, lat); /*g_print ("CACHE ADDED [%s][%p][%d] for OID %s\n", lat->name, lat->type, lat->single_value, array[0]);*/ } g_strfreev (array); } if (done) break; else start = ptr+1; } g_free (fdata); return g_hash_table_lookup (data->cdata->attributes_hash, data->attribute); } } GString *string = NULL; LDAPMessage *msg, *entry; int res; gchar *subschema = NULL; char *subschemasubentry[] = {"subschemaSubentry", NULL}; char *schema_attrs[] = {"attributeTypes", NULL}; /* look for subschema */ if (! gda_ldap_ensure_bound (data->cnc, NULL)) return NULL; gda_ldap_execution_slowdown (data->cnc); res = ldap_search_ext_s (data->cdata->handle, "", LDAP_SCOPE_BASE, "(objectclass=*)", subschemasubentry, 0, NULL, NULL, NULL, 0, &msg); if (res != LDAP_SUCCESS) { gda_ldap_may_unbind (data->cnc); return NULL; } if ((entry = ldap_first_entry (data->cdata->handle, msg))) { char *attr; BerElement *ber; if ((attr = ldap_first_attribute (data->cdata->handle, entry, &ber))) { BerValue **bvals; if ((bvals = ldap_get_values_len (data->cdata->handle, entry, attr))) { subschema = g_strdup (bvals[0]->bv_val); ldap_value_free_len (bvals); } ldap_memfree (attr); } if (ber) ber_free (ber, 0); } ldap_msgfree (msg); if (! subschema) { gda_ldap_may_unbind (data->cnc); return NULL; } /* look for attributeTypes */ gda_ldap_execution_slowdown (data->cnc); res = ldap_search_ext_s (data->cdata->handle, subschema, LDAP_SCOPE_BASE, "(objectclass=*)", schema_attrs, 0, NULL, NULL, NULL, 0, &msg); g_free (subschema); if (res != LDAP_SUCCESS) { gda_ldap_may_unbind (data->cnc); return NULL; } if (data->cdata->attributes_cache_file) string = g_string_new ("# Cache file. This file can safely be removed, in this case\n" "# it will be automatically recreated.\n" "# DO NOT MODIFY\n"); for (entry = ldap_first_entry (data->cdata->handle, msg); entry; entry = ldap_next_entry (data->cdata->handle, msg)) { char *attr; BerElement *ber; for (attr = ldap_first_attribute (data->cdata->handle, msg, &ber); attr; attr = ldap_next_attribute (data->cdata->handle, msg, ber)) { if (strcasecmp(attr, "attributeTypes")) { ldap_memfree (attr); continue; } BerValue **bvals; bvals = ldap_get_values_len (data->cdata->handle, entry, attr); if (bvals) { gint i; for (i = 0; bvals[i]; i++) { LDAPAttributeType *at; const char *errp; int retcode; at = ldap_str2attributetype (bvals[i]->bv_val, &retcode, &errp, LDAP_SCHEMA_ALLOW_ALL); if (at && at->at_names && at->at_syntax_oid && at->at_names[0] && *(at->at_names[0])) { LdapAttribute *lat; lat = g_new (LdapAttribute, 1); lat->name = g_strdup (at->at_names [0]); lat->type = gda_ldap_get_type_info (at->at_syntax_oid); lat->single_value = (at->at_single_value == 0 ? FALSE : TRUE); g_hash_table_insert (data->cdata->attributes_hash, lat->name, lat); /*g_print ("ADDED [%s][%p][%d] for OID %s\n", lat->name, lat->type, lat->single_value, at->at_syntax_oid);*/ if (string) g_string_append_printf (string, "%s,%d,%s\n", at->at_syntax_oid, lat->single_value, lat->name); } if (at) ldap_memfree (at); } ldap_value_free_len (bvals); } ldap_memfree (attr); } if (ber) ber_free (ber, 0); } ldap_msgfree (msg); if (string) { if (! g_file_set_contents (data->cdata->attributes_cache_file, string->str, -1, NULL)) { gchar *dirname; dirname = g_path_get_dirname (data->cdata->attributes_cache_file); g_mkdir_with_parents (dirname, 0700); g_free (dirname); g_file_set_contents (data->cdata->attributes_cache_file, string->str, -1, NULL); } g_string_free (string, TRUE); } gda_ldap_may_unbind (data->cnc); retval = g_hash_table_lookup (data->cdata->attributes_hash, data->attribute); return retval; }
static int do_bind( char *uri, char *dn, struct berval *pass, int maxloop, int force, int chaserefs, int noinit, LDAP **ldp, int action_type, void *action ) { LDAP *ld = ldp ? *ldp : NULL; int i, rc = -1; /* for internal search */ int timelimit = 0; int sizelimit = 0; switch ( action_type ) { case -1: break; case TESTER_SEARCH: { LDAPURLDesc *ludp = (LDAPURLDesc *)action; assert( action != NULL ); if ( ludp->lud_exts != NULL ) { for ( i = 0; ludp->lud_exts[ i ] != NULL; i++ ) { char *ext = ludp->lud_exts[ i ]; int crit = 0; if (ext[0] == '!') { crit++; ext++; } if ( strncasecmp( ext, "x-timelimit=", STRLENOF( "x-timelimit=" ) ) == 0 ) { if ( lutil_atoi( &timelimit, &ext[ STRLENOF( "x-timelimit=" ) ] ) && crit ) { tester_error( "unable to parse critical extension x-timelimit" ); } } else if ( strncasecmp( ext, "x-sizelimit=", STRLENOF( "x-sizelimit=" ) ) == 0 ) { if ( lutil_atoi( &sizelimit, &ext[ STRLENOF( "x-sizelimit=" ) ] ) && crit ) { tester_error( "unable to parse critical extension x-sizelimit" ); } } else if ( crit ) { tester_error( "unknown critical extension" ); } } } } break; default: /* nothing to do yet */ break; } if ( maxloop > 1 ) { fprintf( stderr, "PID=%ld - Bind(%d): dn=\"%s\".\n", (long) pid, maxloop, dn ); } for ( i = 0; i < maxloop; i++ ) { if ( !noinit || ld == NULL ) { int version = LDAP_VERSION3; ldap_initialize( &ld, uri ); if ( ld == NULL ) { tester_perror( "ldap_initialize", NULL ); rc = -1; break; } (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ); (void) ldap_set_option( ld, LDAP_OPT_REFERRALS, chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF ); } rc = ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, pass, NULL, NULL, NULL ); if ( rc ) { int first = tester_ignore_err( rc ); /* if ignore.. */ if ( first ) { /* only log if first occurrence */ if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) { tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); } rc = LDAP_SUCCESS; } else { tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); } } switch ( action_type ) { case -1: break; case TESTER_SEARCH: { LDAPURLDesc *ludp = (LDAPURLDesc *)action; LDAPMessage *res = NULL; struct timeval tv = { 0 }, *tvp = NULL; if ( timelimit ) { tv.tv_sec = timelimit; tvp = &tv; } assert( action != NULL ); rc = ldap_search_ext_s( ld, ludp->lud_dn, ludp->lud_scope, ludp->lud_filter, ludp->lud_attrs, 0, NULL, NULL, tvp, sizelimit, &res ); ldap_msgfree( res ); } break; default: /* nothing to do yet */ break; } if ( !noinit ) { ldap_unbind_ext( ld, NULL, NULL ); ld = NULL; } if ( rc != LDAP_SUCCESS ) { break; } } if ( maxloop > 1 ) { fprintf( stderr, " PID=%ld - Bind done (%d).\n", (long) pid, rc ); } if ( ldp && noinit ) { *ldp = ld; } else if ( ld != NULL ) { ldap_unbind_ext( ld, NULL, NULL ); } return rc; }
static GdaLdapEntry * worker_gdaprov_ldap_describe_entry (WorkerLdapDescrEntryData *data, GError **error) { if (! gda_ldap_ensure_bound (data->cnc, error)) return NULL; gda_ldap_execution_slowdown (data->cnc); int res; LDAPMessage *msg = NULL; const gchar *real_dn; real_dn = data->dn ? data->dn : data->cdata->base_dn; retry: res = ldap_search_ext_s (data->cdata->handle, real_dn, LDAP_SCOPE_BASE, "(objectClass=*)", NULL, 0, NULL, NULL, NULL, -1, &msg); switch (res) { case LDAP_SUCCESS: case LDAP_NO_SUCH_OBJECT: { gint nb_entries; LDAPMessage *ldap_row; char *attr; BerElement* ber; GdaLdapEntry *lentry; GArray *array = NULL; nb_entries = ldap_count_entries (data->cdata->handle, msg); if (nb_entries == 0) { ldap_msgfree (msg); gda_ldap_may_unbind (data->cnc); return NULL; } else if (nb_entries > 1) { g_set_error (error, GDA_SERVER_PROVIDER_ERROR, GDA_SERVER_PROVIDER_INTERNAL_ERROR, _("LDAP server returned more than one entry with DN '%s'"), real_dn); gda_ldap_may_unbind (data->cnc); return NULL; } lentry = g_new0 (GdaLdapEntry, 1); lentry->dn = g_strdup (real_dn); lentry->attributes_hash = g_hash_table_new (g_str_hash, g_str_equal); array = g_array_new (TRUE, FALSE, sizeof (GdaLdapAttribute*)); ldap_row = ldap_first_entry (data->cdata->handle, msg); for (attr = ldap_first_attribute (data->cdata->handle, ldap_row, &ber); attr; attr = ldap_next_attribute (data->cdata->handle, ldap_row, ber)) { BerValue **bvals; GArray *varray = NULL; bvals = ldap_get_values_len (data->cdata->handle, ldap_row, attr); if (bvals) { gint i; for (i = 0; bvals [i]; i++) { if (!varray) varray = g_array_new (TRUE, FALSE, sizeof (GValue *)); GValue *value; GType type; type = gda_ldap_get_g_type (data->cnc, data->cdata, attr, NULL); /*g_print ("Type for attr %s is %s\n", attr, gda_g_type_to_string (type)); */ value = gda_ldap_attr_value_to_g_value (data->cdata, type, bvals[i]); g_array_append_val (varray, value); } ldap_value_free_len (bvals); } if (varray) { GdaLdapAttribute *lattr = NULL; lattr = g_new0 (GdaLdapAttribute, 1); lattr->attr_name = g_strdup (attr); lattr->values = (GValue**) varray->data; lattr->nb_values = varray->len; g_array_free (varray, FALSE); g_array_append_val (array, lattr); g_hash_table_insert (lentry->attributes_hash, lattr->attr_name, lattr); } ldap_memfree (attr); } if (ber) ber_free (ber, 0); ldap_msgfree (msg); if (array) { g_array_sort (array, (GCompareFunc) attr_array_sort_func); lentry->attributes = (GdaLdapAttribute**) array->data; lentry->nb_attributes = array->len; g_array_free (array, FALSE); } gda_ldap_may_unbind (data->cnc); return lentry; } case LDAP_SERVER_DOWN: default: { if (res == LDAP_SERVER_DOWN) { gint i; for (i = 0; i < 5; i++) { if (gda_ldap_rebind (data->cnc, NULL)) goto retry; g_usleep (G_USEC_PER_SEC * 2); } } /* error */ int ldap_errno; ldap_get_option (data->cdata->handle, LDAP_OPT_ERROR_NUMBER, &ldap_errno); g_set_error (error, GDA_DATA_MODEL_ERROR, GDA_DATA_MODEL_OTHER_ERROR, "%s", ldap_err2string(ldap_errno)); gda_ldap_may_unbind (data->cnc); return NULL; } } }