示例#1
0
文件: utils.c 项目: ihrwein/PyLDAP
int _LDAP_initialization(LDAP **ld, PyObject *url, int tls_option) {
	int rc;
	int portnum;
	char *hoststr = NULL;
	const int version = LDAP_VERSION3;
	const int tls_settings = SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_SERVERNAME_CHECK;
	PyObject *scheme = PyObject_GetAttrString(url, "scheme");
	PyObject *host = PyObject_GetAttrString(url, "host");
	PyObject *port = PyObject_GetAttrString(url, "port");

	if (scheme == NULL || host == NULL || port == NULL) return -1;

	hoststr = PyObject2char(host);
	portnum = PyLong_AsLong(port);
	Py_DECREF(host);
	Py_DECREF(port);

	if (hoststr == NULL) return -1;

	if (PyUnicode_CompareWithASCIIString(scheme, "ldaps") == 0) {
		*ld = ldap_sslinit(hoststr, portnum, 1);
	} else {
		*ld = ldap_init(hoststr, portnum);
	}
	Py_DECREF(scheme);
	if (ld == NULL) return -1;
	ldap_set_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &version);
	switch (tls_option) {
		case -1:
			/* Cert policy is not set, nothing to do.*/
			break;
		case 2:
		case 4:
			/* Cert policy is demand or try, then standard procedure. */
			break;
		case 0:
		case 3:
			/* Cert policy is never or allow, then set TLS settings. */
			ldap_set_option(*ld, 0x43, &tls_settings);
			ldap_set_option(*ld, LDAP_OPT_SERVER_CERTIFICATE, &noverify);
			break;
	}
	rc = ldap_connect(*ld, NULL);
	return rc;
}
示例#2
0
/*
 * \brief Load the cokebank database
 */
int Bank_Initialise(const char *Argument)
{
	#if USE_LDAP
	 int	rv;
	#endif
	
	// Open Cokebank
	gBank_File = fopen(Argument, "rb+");
	if( !gBank_File )	gBank_File = fopen(Argument, "wb+");
	if( !gBank_File ) {
		perror("Opening coke bank");
		return -1;
	}
	Bank_int_ReadDatabase();

	// Open log file
	// TODO: Do I need this?
	gBank_LogFile = fopen("cokebank.log", "a");
	if( !gBank_LogFile )	gBank_LogFile = stdout;
	
	
	#if USE_LDAP
	// Connect to LDAP
	rv = ldap_create(&gpLDAP);
	if(rv) {
		fprintf(stderr, "ldap_create: %s\n", ldap_err2string(rv));
		return 1;
	}
	rv = ldap_initialize(&gpLDAP, gsLDAPPath);
	if(rv) {
		fprintf(stderr, "ldap_initialize: %s\n", ldap_err2string(rv));
		return 1;
	}
	{ int ver = LDAP_VERSION3; ldap_set_option(gpLDAP, LDAP_OPT_PROTOCOL_VERSION, &ver); }
	# if 0
	rv = ldap_start_tls_s(gpLDAP, NULL, NULL);
	if(rv) {
		fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv));
		return 1;
	}
	# endif
	{
		struct berval	cred;
		struct berval	*servcred;
		cred.bv_val = "secret";
		cred.bv_len = 6;
		rv = ldap_sasl_bind_s(gpLDAP, "cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au",
			"", &cred, NULL, NULL, &servcred);
		if(rv) {
			fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv));
			return 1;
		}
	}
	#endif
	
	return 0;
}
示例#3
0
DWORD
VmDirSASLGSSAPIBind(
     LDAP**     ppLd,
     PCSTR      pszURI
     )
{
    DWORD       dwError = 0;
    int         retVal = 0;
    LDAP*       pLd = NULL;
    const int   ldapVer = LDAP_VERSION3;

    if ( ppLd == NULL || pszURI == NULL )
    {
        dwError = VMDIR_ERROR_INVALID_PARAMETER;
        BAIL_ON_VMDIR_ERROR(dwError);
    }

    retVal = ldap_initialize( &pLd, pszURI);
    BAIL_ON_SIMPLE_LDAP_ERROR(retVal);

    retVal = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer);
    BAIL_ON_SIMPLE_LDAP_ERROR(retVal);

    retVal = ldap_sasl_interactive_bind_s( pLd,
                                            NULL,
                                            "GSSAPI",
                                            NULL,
                                            NULL,
                                            LDAP_SASL_QUIET,
                                            _VmDirSASLGSSAPIInteraction,
                                            NULL);
    BAIL_ON_SIMPLE_LDAP_ERROR(retVal);

    *ppLd = pLd;

cleanup:

    return dwError;

ldaperror:

    VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%d)(%s)",
                                           retVal, ldap_err2string(retVal) );
    dwError = VmDirMapLdapError(retVal);

error:
    if (retVal == 0)
    {
        VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%u)", dwError);
    }

    if ( pLd )
    {
        ldap_unbind_ext_s( pLd, NULL, NULL);
    }
    goto cleanup;
}
示例#4
0
int
main( int argc, char **argv )
{
    int             version;
    LDAP            *ld;
    char            *target;
    int             rc;
    struct berval   userid;
    struct berval   oldpasswd;
    struct berval   newpasswd;
    struct berval   genpasswd;

    /* Use LDAPv3. */
    version = LDAP_VERSION3;
    if ( ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version )
         != 0 ) {
        fprintf( stderr,
                 "ldap_set_option protocol version to %d failed\n",
                 version );
        return ( 1 );
    }

    /* Get a handle to an LDAP connection. */
    if ( (ld = ldap_init( MY_HOST, MY_PORT )) == NULL ) {
        perror( "ldap_init" );
        return( 1 );
    }

    /* Authenticate to the directory. */
    if ( ldap_simple_bind_s( ld, ENTRYDN, ENTRYPW ) != LDAP_SUCCESS ) {
        ldap_perror( ld, "ldap_simple_bind_s" );
        return( 1 );
    }

    /* Change the password using the extended operation. */
    userid.bv_val = ENTRYDN;
    userid.bv_len = strlen(userid.bv_val);

    oldpasswd.bv_val = ENTRYPW;
    oldpasswd.bv_len = strlen(oldpasswd.bv_val);

    newpasswd.bv_val = "ChangeMe!";
    newpasswd.bv_len = strlen(newpasswd.bv_val);

    rc = ldap_passwd_s(
        ld, &userid, &oldpasswd, &newpasswd, &genpasswd, NULL, NULL );
    if ( rc != LDAP_SUCCESS ) {
        fprintf( stderr, "ldap_passwd_s: %s\n", ldap_err2string( rc ) );
        ldap_unbind( ld );
        return( 1 );
    } else {
        printf( "Successfully changed password for %s\n", userid.bv_val );
    }

    ldap_unbind( ld );
    return( 0 );
}
示例#5
0
static void
_mu_ldap_unbind (LDAP *ld)
{
  if (ld)
    {
      ldap_set_option (ld, LDAP_OPT_SERVER_CONTROLS, NULL);
      ldap_unbind_ext (ld, NULL, NULL);
    }
}
示例#6
0
/** @brief Connect to a LDAP server.
  * @param uri Server to connect too.
  * @param starttls Starttls flags to disallow,allow or enforce SSL.
  * @param timelimit Query timelimit.
  * @param limit Results limit.
  * @param debug Set LDAP_OPT_DEBUG_LEVEL and LBER_OPT_DEBUG_LEVEL to this level.
  * @param err Pointer to a int that will contain the ldap error on failure.
  * @returns Reference to LDAP connection if its NULL the error is returned in err.*/
extern struct ldap_conn *ldap_connect(const char *uri, enum ldap_starttls starttls, int timelimit, int limit, int debug, int *err) {
	struct ldap_conn *ld;
	int version = 3;
	int res, sslres;
	struct timeval timeout;

	if (!(ld = objalloc(sizeof(*ld), free_ldapconn))) {
		return NULL;
	}

	ld->uri = strdup(uri);
	ld->sctrlsp = NULL;
	ld->timelim = timelimit;
	ld->limit = limit;
	ld->sasl = NULL;

	if ((res = ldap_initialize(&ld->ldap, ld->uri) != LDAP_SUCCESS)) {
		objunref(ld);
		ld = NULL;
	} else {
		if (debug) {
			ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &debug);
			ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &debug);
		}
		if (timelimit) {
			timeout.tv_sec = timelimit;
			timeout.tv_usec = 0;
			ldap_set_option(ld->ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *)&timeout);
		}
		ldap_set_option(ld->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
		ldap_set_option(ld->ldap, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_ON);
		ldap_set_rebind_proc(ld->ldap, ldap_rebind_proc, ld);

		if ((starttls != LDAP_STARTTLS_NONE) & !ldap_tls_inplace(ld->ldap) && (sslres = ldap_start_tls_s(ld->ldap, ld->sctrlsp, NULL))) {
			if (starttls == LDAP_STARTTLS_ENFORCE) {
				objunref(ld);
				ld = NULL;
				res = sslres;
			}
		}
	}
	*err = res;
	return ld;
}
示例#7
0
文件: addhost.c 项目: tridge/junkcode
int ldap_add_machine_account(const char *ldap_host, 
			     const char *hostname, const char *realm)
{
	LDAP *ld;
	int ldap_port = LDAP_PORT;
	char *bind_path;
	int rc;
	LDAPMessage *res;
	void *sasl_defaults;
	int version = LDAP_VERSION3;

	bind_path = build_dn(realm);

	printf("Creating host account for %[email protected]%s\n", hostname, realm);

	ld = ldap_open(ldap_host, ldap_port);
	ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);

	rc = ldap_sasl_interactive_bind_s(ld, NULL, NULL, NULL, NULL, 0,
					  sasl_interact, NULL);

	if (rc != LDAP_SUCCESS) {
		ldap_perror(ld, "ldap_bind");
		goto failed;
	}

	rc = find_host(ld, &res, bind_path, hostname);
	if (rc == LDAP_SUCCESS && ldap_count_entries(ld, res) == 1) {
		printf("Host account for %s already exists\n", hostname);
		goto finished;
	}

	rc = add_host(ld, bind_path, hostname, realm);
	if (rc != LDAP_SUCCESS) {
		ldap_perror(ld, "add_host");
		goto failed;
	}

	rc = find_host(ld, &res, bind_path, hostname);
	if (rc != LDAP_SUCCESS || ldap_count_entries(ld, res) != 1) {
		ldap_perror(ld, "find_host test");
		goto failed;
	}

	printf("Successfully added machine account for %s\n", hostname);

finished:	
	free(bind_path);
	return 0;

failed:
	printf("ldap_add_machine_account failed\n");
	free(bind_path);
	ldap_unbind(ld);
	return 1;
}
示例#8
0
static LDAP *ldap_init_and_bind (const char *host,
#ifdef WIN32
                                 gboolean use_ssl,
#endif
                                 const char *user_dn,
                                 const char *password)
{
    LDAP *ld;
    int res;
    int desired_version = LDAP_VERSION3;

#ifndef WIN32
    res = ldap_initialize (&ld, host);
    if (res != LDAP_SUCCESS) {
        ccnet_warning ("ldap_initialize failed: %s.\n", ldap_err2string(res));
        return NULL;
    }
#else
    char *host_copy = g_strdup (host);
    if (!use_ssl)
        ld = ldap_init (host_copy, LDAP_PORT);
    else
        ld = ldap_sslinit (host_copy, LDAP_SSL_PORT, 1);
    g_free (host_copy);
    if (!ld) {
        ccnet_warning ("ldap_init failed: %ul.\n", LdapGetLastError());
        return NULL;
    }
#endif

    /* set the LDAP version to be 3 */
    res = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version);
    if (res != LDAP_OPT_SUCCESS) {
        ccnet_warning ("ldap_set_option failed: %s.\n", ldap_err2string(res));
        return NULL;
    }

    if (user_dn) {
#ifndef WIN32
        res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE);
#else
        char *dn_copy = g_strdup(user_dn);
        char *password_copy = g_strdup(password);
        res = ldap_bind_s (ld, dn_copy, password_copy, LDAP_AUTH_SIMPLE);
        g_free (dn_copy);
        g_free (password_copy);
#endif
        if (res != LDAP_SUCCESS ) {
            ccnet_warning ("ldap_bind failed: %s.\n", ldap_err2string(res));
            ldap_unbind_s (ld);
            return NULL;
        }
    }

    return ld;
}
/*
* Function: prldap_import_connection().
* 
* Given the LDAP handle the connection parameters for the
* file descriptor are imported into NSPR layer.
* 
* Returns an LDAP API code (LDAP_SUCCESS) if all goes well.
*/
int LDAP_CALL
prldap_import_connection (LDAP *ld)
{
	int rc = LDAP_SUCCESS; /* optimistic */
	int shared = 1; /* Assume shared init */
	LBER_SOCKET orig_socket = -1;
	PRLDAPIOSessionArg *prsessp = NULL;
	PRLDAPIOSocketArg *prsockp = NULL;
	PRFileDesc *pr_socket = NULL;
	
	/* Check for invalid ld handle */
    	if ( ld == NULL) {
	    ldap_set_lderrno( ld, LDAP_PARAM_ERROR, NULL, NULL );
	    return( LDAP_PARAM_ERROR );
    	}
	
	/* Retrieve TCP socket's integer file descriptor */
    	if ( ldap_get_option( ld, LDAP_OPT_DESC, &orig_socket ) < 0 ) {
	    return( ldap_get_lderrno( ld, NULL, NULL ));
    	}
	
	/* Check for NSPR functions on ld */
   	if ( prldap_is_installed(ld)) {	/* Error : NSPR already Installed */
	    ldap_set_lderrno( ld, LDAP_LOCAL_ERROR, NULL, NULL );
	    return( LDAP_LOCAL_ERROR );
	}
	
    	if (LDAP_SUCCESS != (rc = prldap_install_routines(ld, shared))) {
	    return( rc );
    	}

	if (LDAP_SUCCESS != (rc = prldap_session_arg_from_ld( ld, &prsessp ))) {
	    return( rc );
	}
		
	/* Get NSPR Socket Arg  */
	if ( NULL == ( prsockp = prldap_socket_arg_alloc( prsessp ))) {
	    ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL );
	    return( LDAP_NO_MEMORY );
	}
	
	/* Import file descriptor of connection made via ldap_init() */
	if (NULL == (pr_socket = PR_ImportTCPSocket(orig_socket)) ) {
	    ldap_set_lderrno( ld, LDAP_LOCAL_ERROR, NULL, NULL );
	    return( LDAP_LOCAL_ERROR );
	}

	prsockp->prsock_prfd = pr_socket;

	/* Set Socket Arg in Extended I/O Layer */
	if ( ldap_set_option( ld, LDAP_X_OPT_SOCKETARG, prsockp) != 0 ) {
	    return( ldap_get_lderrno( ld, NULL, NULL ));
	}

	return( rc );
}
static int
ldap_set_option_wrapper(LDAP *ld, int option, const void *invalue)
{

#ifdef AUTH_LDAP_TEST_API
	return (ldap_set_option(ld, option, invalue));
#else
	return ((*ldap_set_option_p)(ld, option, invalue));
#endif
}
示例#11
0
文件: ldap.c 项目: baohaojun/dico
static int
_dico_conn_setup(struct _dico_ldap_handle *lp)
{
    int rc;
    LDAP *ld = NULL;
    int protocol = LDAP_VERSION3; /* FIXME: must be configurable */
  
    if (lp->debug) {
	if (ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &lp->debug)
	    != LBER_OPT_SUCCESS )
	    dico_log(L_ERR, 0, _("cannot set LBER_OPT_DEBUG_LEVEL %d"),
		     lp->debug);

	if (ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &lp->debug)
	    != LDAP_OPT_SUCCESS )
	    dico_log(L_ERR, 0, _("could not set LDAP_OPT_DEBUG_LEVEL %d"),
		     lp->debug);
    }


    rc = ldap_initialize(&ld, lp->url);
    if (rc != LDAP_SUCCESS) {
	dico_log(L_ERR, 0,
		 _("cannot create LDAP session handle for URI=%s (%d): %s"),
		 lp->url, rc, ldap_err2string(rc));
	return 1;
    }
  
    if (lp->tls) {
	rc = ldap_start_tls_s(ld, NULL, NULL);
	if (rc != LDAP_SUCCESS) {
	    dico_log(L_ERR, 0, _("ldap_start_tls failed: %s"),
		     ldap_err2string(rc));
	    return 1;
	}
    }

    ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &protocol);

    /* FIXME: Timeouts, SASL, etc. */
    lp->ldap = ld;
    return 0;
}
示例#12
0
static int set_char_option(LDAP *ld, int option, char *cv)
{  
   int rc;
   
   if ( (rc=ldap_set_option( NULL, option, cv )) != LDAP_SUCCESS ) {
        report_error(rc, "set char opt");
        return (0);
   }
   return (1);
}
示例#13
0
static krb5_error_code
LDAP__connect(krb5_context context, HDB * db)
{
    int rc, version = LDAP_VERSION3;
    /*
     * Empty credentials to do a SASL bind with LDAP. Note that empty
     * different from NULL credentials. If you provide NULL
     * credentials instead of empty credentials you will get a SASL
     * bind in progress message.
     */
    struct berval bv = { 0, "" };

    if (HDB2LDAP(db)) {
	/* connection has been opened. ping server. */
	struct sockaddr_un addr;
	socklen_t len = sizeof(addr);
	int sd;

	if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 &&
	    getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
	    /* the other end has died. reopen. */
	    LDAP_close(context, db);
	}
    }

    if (HDB2LDAP(db) != NULL) /* server is UP */
	return 0;

    rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, "ldapi:///");
    if (rc != LDAP_SUCCESS) {
	krb5_set_error_string(context, "ldap_initialize: %s", 
			      ldap_err2string(rc));
	return HDB_ERR_NOENTRY;
    }

    rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION,
			 (const void *)&version);
    if (rc != LDAP_SUCCESS) {
	krb5_set_error_string(context, "ldap_set_option: %s",
			      ldap_err2string(rc));
	LDAP_close(context, db);
	return HDB_ERR_BADVERSION;
    }

    rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv,
			  NULL, NULL, NULL);
    if (rc != LDAP_SUCCESS) {
	krb5_set_error_string(context, "ldap_sasl_bind_s: %s",
			      ldap_err2string(rc));
	LDAP_close(context, db);
	return HDB_ERR_BADVERSION;
    }

    return 0;
}
示例#14
0
static void dict_ldap_set_tls_options(DICT_LDAP *dict_ldap)
{
    char   *myname = "dict_ldap_set_tls_options";
    int     rc;

    if (dict_ldap->start_tls || dict_ldap->ldap_ssl) {
	if (*dict_ldap->tls_random_file) {
	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
			       dict_ldap->tls_random_file)) != LDAP_SUCCESS)
		msg_warn("%s: Unable to set tls_random_file to %s: %d: %s",
			 myname, dict_ldap->tls_random_file,
			 rc, ldap_err2string(rc));
	}
	if (*dict_ldap->tls_ca_cert_file) {
	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
			      dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS)
		msg_warn("%s: Unable to set tls_ca_cert_file to %s: %d: %s",
			 myname, dict_ldap->tls_ca_cert_file,
			 rc, ldap_err2string(rc));
	}
	if (*dict_ldap->tls_ca_cert_dir) {
	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR,
			       dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS)
		msg_warn("%s: Unable to set tls_ca_cert_dir to %s: %d: %s",
			 myname, dict_ldap->tls_ca_cert_dir,
			 rc, ldap_err2string(rc));
	}
	if (*dict_ldap->tls_cert) {
	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE,
				      dict_ldap->tls_cert)) != LDAP_SUCCESS)
		msg_warn("%s: Unable to set tls_cert to %s: %d: %s",
			 myname, dict_ldap->tls_cert,
			 rc, ldap_err2string(rc));
	}
	if (*dict_ldap->tls_key) {
	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE,
				      dict_ldap->tls_key)) != LDAP_SUCCESS)
		msg_warn("%s: Unable to set tls_key to %s: %d: %s",
			 myname, dict_ldap->tls_key,
			 rc, ldap_err2string(rc));
	}
	if (*dict_ldap->tls_cipher_suite) {
	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
			      dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS)
		msg_warn("%s: Unable to set tls_cipher_suite to %s: %d: %s",
			 myname, dict_ldap->tls_cipher_suite,
			 rc, ldap_err2string(rc));
	}
	if (dict_ldap->tls_require_cert) {
	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
			   &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS)
		msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s",
			 myname, dict_ldap->tls_require_cert,
			 rc, ldap_err2string(rc));
	}
    }
}
示例#15
0
文件: ldap_test.c 项目: 119/MCTX3420
bool BindTheDemon(const char * username, const char * passwd)
{
	static LDAP * ld = NULL;
	

	static int auth_method = LDAP_AUTH_SIMPLE;
	static int version = LDAP_VERSION3;
	static char uri[] = "ldaps://ldap.pheme.uwa.edu.au";
	char dn[BUFSIZ]; // The "dn" is essentially the username plus a bunch of cruft that for some (presumably good) reason LDAP requires

	if (ld == NULL)
	{
		ldap_initialize(&ld, uri); // This is deprecated.
		if (ld == NULL)
		{
			fprintf(stderr, "ldap_init failed - %s\n", strerror(errno));
			return false;
		}

		printf("ldap_init succeeded\n");
		if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) // This is also deprecated.
		{
			fprintf(stderr, "ldap_set_option failed - %s\n", strerror(errno));
			return false;
		}

		printf("ldap_set_option succeeded\n");
	}

	char * user_type = "Students";
	if (username[0] == '0')
		user_type = "Staff";

	if (sprintf(dn, "cn=%s,ou=%s,ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au", username, user_type) >= BUFSIZ)
	{
		fprintf(stderr, "LDAP DN string too long!\n");
		return false;
	}

	printf("ldap_bind_s ...\n");

	//printf("dn = %s\npasswd = %s\n", dn, passwd);

	struct berval creds;
	creds.bv_val = (char*)passwd;
	if (ldap_simple_bind_s(ld, dn, passwd) != LDAP_SUCCESS) // Yep. Deprecated.
	//if (ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE , &creds, NULL, NULL, NULL) != LDAP_SUCCESS) // Doesn't work
	{
		fprintf(stderr,"ldap_bind_s failed - %s", strerror(errno));
		return false;
	}
	return true;

}
static int
set_ldap_options(LD_session *session) {
	struct timeval timeout;
	int rc = 0;
	char logbuf[MAXLOGBUF];

	timeout.tv_sec = ldap_network_timeout;
	timeout.tv_usec = FALSE;
	ldap_set_option(session->sess, LDAP_OPT_PROTOCOL_VERSION, &ldap_protocol_version);
	ldap_set_option(session->sess, LDAP_OPT_NETWORK_TIMEOUT, &timeout);

	/* Start TLS if we need it*/
	if (ldap_authorization_tls) {
		if((rc = ldap_start_tls_s(session->sess, NULL,NULL))!=LDAP_SUCCESS)
		{
		    snprintf(logbuf, MAXLOGBUF, "Ldap start TLS error: %s. ", ldap_err2string(rc));	
		    ldap_log(LOG_WARNING, logbuf);
		}
	}
}
示例#17
0
int
ldap_open_internal_connection( LDAP **ldp, ber_socket_t *fdp )
{
	int rc;
	LDAPConn *c;
	LDAPRequest *lr;

	rc = ldap_create( ldp );
	if( rc != LDAP_SUCCESS ) {
		*ldp = NULL;
		return( rc );
	}

	/* Make it appear that a search request, msgid 0, was sent */
	lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ));
	if( lr == NULL ) {
		ldap_unbind_ext( *ldp, NULL, NULL );
		*ldp = NULL;
		return( LDAP_NO_MEMORY );
	}
	memset(lr, 0, sizeof( LDAPRequest ));
	lr->lr_msgid = 0;
	lr->lr_status = LDAP_REQST_INPROGRESS;
	lr->lr_res_errno = LDAP_SUCCESS;
	/* no mutex lock needed, we just created this ld here */
	(*ldp)->ld_requests = lr;

	/* Attach the passed socket as the *LDAP's connection */
	c = ldap_new_connection( *ldp, NULL, 1, 0, NULL);
	if( c == NULL ) {
		ldap_unbind_ext( *ldp, NULL, NULL );
		*ldp = NULL;
		return( LDAP_NO_MEMORY );
	}
	ber_sockbuf_ctrl( c->lconn_sb, LBER_SB_OPT_SET_FD, fdp );
#ifdef LDAP_DEBUG
	ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_debug,
		LBER_SBIOD_LEVEL_PROVIDER, (void *)"int_" );
#endif
	ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_tcp,
	  LBER_SBIOD_LEVEL_PROVIDER, NULL );
	(*ldp)->ld_defconn = c;

	/* Add the connection to the *LDAP's select pool */
	ldap_mark_select_read( *ldp, c->lconn_sb );
	ldap_mark_select_write( *ldp, c->lconn_sb );

	/* Make this connection an LDAP V3 protocol connection */
	rc = LDAP_VERSION3;
	ldap_set_option( *ldp, LDAP_OPT_PROTOCOL_VERSION, &rc );

	return( LDAP_SUCCESS );
}
示例#18
0
void TlsOptions::newCtx() const {
    int val = 0;
    int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val);
    if ( ret != LDAP_OPT_SUCCESS )
    {
        if ( ret != LDAP_OPT_ERROR ){
            throw( LDAPException( ret ));
        } else {
            throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) );
        }
    }
}
示例#19
0
void TlsOptions::setOption( tls_option opt, void *value ) const {
    int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
    if ( ret != LDAP_OPT_SUCCESS )
    {
        if ( ret != LDAP_OPT_ERROR ){
            throw( LDAPException( ret ));
        } else {
            throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
        }
    }
    this->newCtx();
}
示例#20
0
static void
set_cert_policy(LDAP *ld, int cert_policy) {
    const int tls_settings = SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_SERVERNAME_CHECK;

    DEBUG("set_cert_policy (ld:%p, cert_policy:%d)", ld, cert_policy);
    switch (cert_policy) {
    case -1:
        /* Cert policy is not set, nothing to do.*/
        break;
    case 2:
    case 4:
        /* Cert policy is demand or try, then standard procedure. */
        break;
    case 0:
    case 3:
        /* Cert policy is never or allow, then set TLS settings. */
        ldap_set_option(ld, 0x43, &tls_settings);
        ldap_set_option(ld, LDAP_OPT_SERVER_CERTIFICATE, &noverify);
        break;
    }
}
示例#21
0
文件: auth.cpp 项目: saeschdivara/x0
// }}}
// {{{AuthLDAP
bool AuthLDAP::setup()
{
	LDAPURLDesc* urlDescription;
	LDAP* ldap;
	std::string url("dc=trapni,dc=de");

	int rv = ldap_url_parse(url.c_str(), &urlDescription);
	if (rv != LDAP_SUCCESS) {
		return false;
	}

	int ldapVersion = LDAP_VERSION3;
	ldap_set_option(nullptr, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion);

	timeval timeout = { 10, 0 };
	ldap_set_option(nullptr, LDAP_OPT_NETWORK_TIMEOUT, &timeout);

	int reqcert = LDAP_OPT_X_TLS_ALLOW;
    ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);

	rv = ldap_initialize(&ldap, url.c_str());
}
示例#22
0
文件: utils.c 项目: ihrwein/PyLDAP
int _LDAP_initialization(LDAP **ld, PyObject *url, int tls_option) {
	int rc;
	char *addrstr;
	const int version = LDAP_VERSION3;

	PyObject *addr = PyObject_CallMethod(url, "get_address", NULL);
	if (addr == NULL) return -1;
	addrstr = PyObject2char(addr);
	Py_DECREF(addr);
	if (addrstr == NULL) return -1;

	rc = ldap_initialize(ld, addrstr);
	if (rc != LDAP_SUCCESS) return rc;

	ldap_set_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &version);
	if (tls_option != -1) {
		ldap_set_option(*ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_option);
		/* Set TLS option globally. */
		ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_option);
	}
	return rc;
}
示例#23
0
文件: warnusers.c 项目: jlafon/purger
int
init_ldap(char * host, int port)
{
    int status = ldap_initialize(&LDAP_handle,host);
    if(status != LDAP_SUCCESS)
    {
        LOG(PURGER_LOG_ERR,"Error: unable to create LDAP handle.");
        return -1;
    }
    int version = LDAP_VERSION3;
    ldap_set_option(LDAP_handle, LDAP_OPT_PROTOCOL_VERSION, (void*)&version);

}
示例#24
0
static int
LDAP_no_size_limit(krb5_context context, LDAP *lp)
{
    int ret, limit = LDAP_NO_LIMIT;

    ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit);
    if (ret != LDAP_SUCCESS) {
	krb5_set_error_string(context, "ldap_set_option: %s",
			      ldap_err2string(ret));
	return HDB_ERR_BADVERSION;
    }
    return 0;
}
示例#25
0
/*
  connect to the database
*/
static int lldb_connect(struct ldb_context *ldb,
			const char *url,
			unsigned int flags,
			const char *options[],
			struct ldb_module **_module)
{
	struct ldb_module *module;
	struct lldb_private *lldb;
	int version = 3;
	int ret;

	module = ldb_module_new(ldb, ldb, "ldb_ldap backend", &lldb_ops);
	if (!module) return LDB_ERR_OPERATIONS_ERROR;

	lldb = talloc_zero(module, struct lldb_private);
	if (!lldb) {
		ldb_oom(ldb);
		goto failed;
	}
	ldb_module_set_private(module, lldb);

	ret = ldap_initialize(&lldb->ldap, url);
	if (ret != LDAP_SUCCESS) {
		ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_initialize failed for URL '%s' - %s",
			  url, ldap_err2string(ret));
		goto failed;
	}

	talloc_set_destructor(lldb, lldb_destructor);

	ret = ldap_set_option(lldb->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
	if (ret != LDAP_SUCCESS) {
		ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_set_option failed - %s",
			  ldap_err2string(ret));
		goto failed;
	}

	*_module = module;

	ret = lldb_bind(module, options);
	if (ret != LDB_SUCCESS) {
		goto failed;
	}


	return LDB_SUCCESS;

failed:
	talloc_free(module);
	return LDB_ERR_OPERATIONS_ERROR;
}
示例#26
0
/*******************************************************************************
 函数名称  : dot1x_reauth_ldap_verify
 功能描述  : LDAP_BIND_DN状态绑定验证用户DN
 输入参数  :
 输出参数  : 无
 返 回 值     : 无
------------------------------------------------------------
 最近一次修改记录 :
 修改作者   : 王群
 修改目的   : 新增函数
 修改日期   : 2011年6月3日
*******************************************************************************/
s32 dot1x_reauth_ldap_verify(struct eapol_state_machine *sm)
{
	s32 retcode = ERROR_SUCCESS;
	s8 filter[1024];
	LDAPMessage *res = NULL;
	s32 sizelimit_value = 1;
	s32 version = 3;

	/*根据用户的dn和密码进行重认证*/
	do{
		sm->ldap_sm->ldap = ldap_open(g_dot1x_var.ldap_conf.ldap_host, g_dot1x_var.ldap_conf.ldap_port);
		if (NULL == sm->ldap_sm->ldap)
		{
			retcode = !LDAP_SUCCESS;
			break;
		}
		(void)ldap_set_option(sm->ldap_sm->ldap, LDAP_OPT_SIZELIMIT, &sizelimit_value);
		(void)ldap_set_option(sm->ldap_sm->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
		/*绑定管理员*/
		retcode = ldap_simple_bind_s(sm->ldap_sm->ldap, g_dot1x_var.ldap_conf.ldap_rootdn, g_dot1x_var.ldap_conf.ldap_rootpw);
		if (LDAP_SUCCESS != retcode)
		{
			break;
		}
		snprintf(filter, sizeof(filter), "(%s=%s)", g_dot1x_var.ldap_conf.ldap_filter, sm->identity);
		/*执行查询操作*/
		retcode = ldap_search_s(sm->ldap_sm->ldap, g_dot1x_var.ldap_conf.ldap_basedn, LDAP_SCOPE_SUBTREE, filter, g_ldap_attrs, 0, &res);
		ldap_msgfree(res);
		if (LDAP_SUCCESS != retcode)
		{
			break;
		}
	}while(0);
	ldap_unbind(sm->ldap_sm->ldap);

	return retcode;
}
示例#27
0
/*% Connects / reconnects to LDAP server */
static isc_result_t dlz_ldap_connect (ldap_instance_t * dbi, dbinstance_t * dbc)
{
    isc_result_t result;

    int ldap_result;

    /* if we have a connection, get ride of it. */
    if (dbc->dbconn != NULL)
    {
        ldap_unbind_s ((LDAP *) dbc->dbconn);
        dbc->dbconn = NULL;
    }

    /* now connect / reconnect. */

    /* initialize. */
    dbc->dbconn = ldap_init (dbi->hosts, LDAP_PORT);
    if (dbc->dbconn == NULL)
        return (ISC_R_NOMEMORY);

    /* set protocol version. */
    ldap_result = ldap_set_option ((LDAP *) dbc->dbconn, LDAP_OPT_PROTOCOL_VERSION, &(dbi->protocol));
    if (ldap_result != LDAP_SUCCESS)
    {
        result = ISC_R_NOPERM;
        goto cleanup;
    }

    /* "bind" to server.  i.e. send username / pass */
    ldap_result = ldap_bind_s ((LDAP *) dbc->dbconn, dbi->user, dbi->cred, dbi->method);
    if (ldap_result != LDAP_SUCCESS)
    {
        result = ISC_R_FAILURE;
        goto cleanup;
    }

    return (ISC_R_SUCCESS);

  cleanup:

    /* cleanup if failure. */
    if (dbc->dbconn != NULL)
    {
        ldap_unbind_s ((LDAP *) dbc->dbconn);
        dbc->dbconn = NULL;
    }

    return (result);
}
示例#28
0
static
void
_VmDirClientTestSimpleBind(
    PCSTR   pszLDAPURI
    )
{
    DWORD   dwError = 0;
    int	    ldap_version_3 = LDAP_VERSION3;
    LDAP *  pLD = NULL;
    BerValue    ldapBindPwd = {0};

    printf("_VmDirClientTestSimpleBind ldap simple bind initialize %s\n", pszLDAPURI);
    dwError = ldap_initialize( &pLD, pszLDAPURI );
    /* Set LDAP V3 protocol version */
    ldap_set_option( pLD, LDAP_OPT_PROTOCOL_VERSION, &ldap_version_3 );

    printf("_VmDirClientTestSimpleBind ldap simple ANONYMOUS bind started.\n");
    dwError = ldap_sasl_bind_s(
                                   pLD,
                                   "",
                                   LDAP_SASL_SIMPLE,
                                   &ldapBindPwd,  // no credentials
                                   NULL,
                                   NULL,
                                   NULL);
    BAIL_ON_VMDIR_ERROR(dwError);

    printf("_VmDirClientTestSimpleBind ldap simple ANONYMOUS bind succeeded.\n");

cleanup:
    if (pLD)
    {
        dwError = ldap_unbind_ext_s(    pLD,
                                        NULL,
                                        NULL);
        BAIL_ON_VMDIR_ERROR(dwError);

        printf("_VmDirClientTestSimpleBind ldap unbind succeeded.\n\n\n");
    }

    return;

error:

	printf("_VmDirClientTestSimpleBind failed. (%d)(%s)\n\n", dwError, ldap_err2string(dwError));

	goto cleanup;
}
示例#29
0
static krb5_error_code
LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry)
{
    krb5_error_code ret;
    LDAPMessage *msg, *e;
    char *dn = NULL;
    int rc, limit = LDAP_NO_LIMIT;

    ret = LDAP_principal2message(context, db, entry->principal, &msg);
    if (ret)
	goto out;

    e = ldap_first_entry(HDB2LDAP(db), msg);
    if (e == NULL) {
	ret = HDB_ERR_NOENTRY;
	goto out;
    }

    dn = ldap_get_dn(HDB2LDAP(db), e);
    if (dn == NULL) {
	ret = HDB_ERR_NOENTRY;
	goto out;
    }

    rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit);
    if (rc != LDAP_SUCCESS) {
	krb5_set_error_string(context, "ldap_set_option: %s",
			      ldap_err2string(rc));
	ret = HDB_ERR_BADVERSION;
	goto out;
    }

    rc = ldap_delete_s(HDB2LDAP(db), dn);
    if (check_ldap(context, db, rc)) {
	krb5_set_error_string(context, "ldap_delete_s: %s", 
			      ldap_err2string(rc));
	ret = HDB_ERR_CANT_LOCK_DB;
    } else
	ret = 0;

  out:
    if (dn != NULL)
	free(dn);
    if (msg != NULL)
	ldap_msgfree(msg);

    return ret;
}
示例#30
0
文件: x3ldap.c 项目: evilnet/x3
int ldap_do_init()
{
   if(!nickserv_conf.ldap_enable)
     return false;
   /* TODO: check here for all required config options and exit() out if not present */
   //ld = ldap_init(nickserv_conf.ldap_host, nickserv_conf.ldap_port);

   //if(ld == NULL) {
   if(ldap_initialize(&ld, nickserv_conf.ldap_uri)) {
      log_module(MAIN_LOG, LOG_ERROR, "LDAP initilization failed!\n");
      exit(1);
   }
   ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &nickserv_conf.ldap_version);
   log_module(MAIN_LOG, LOG_INFO, "Success! ldap_init() was successfull in connecting to %s\n", nickserv_conf.ldap_uri);
   return true;
}