RafaelMagalhaes82 Postado Março 30, 2012 Denunciar Share Postado Março 30, 2012 Estou com esse código fonte:/* * ----------------------------------------------------------------------------- * * Author: Markus Moeller * * Copyright © 2007 Markus Moeller. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. * * ----------------------------------------------------------------------------- */ #include <netdb.h> #include <ctype.h> #include <errno.h> #include "support.h" char *convert_domain_to_bind_path(char *domain); char *escape_filter(char *filter); int check_AD(struct main_args *margs, LDAP *ld); int ldap_set_defaults(struct main_args *margs, LDAP *ld); int ldap_set_ssl_defaults(struct main_args *margs); LDAP *tool_ldap_open(struct main_args *margs, char* host, int port, char *ssl); #define CONNECT_TIMEOUT 2 #define SEARCH_TIMEOUT 30 #define FILTER "(memberuid=%s)" #define ATTRIBUTE "cn" #define FILTER_UID "(uid=%s)" #define FILTER_GID "(&(gidNumber=%s)(objectclass=posixgroup))" #define ATTRIBUTE_GID "gidNumber" #define FILTER_AD "(samaccountname=%s)" #define ATTRIBUTE_AD "memberof" int get_attributes(struct main_args *margs, LDAP *ld, LDAPMessage *res, const char *attribute /* IN */, char ***out_val /* OUT (caller frees) */); int search_group_tree(struct main_args *margs,LDAP *ld, char *bindp, char *ldap_group,char *group, int depth); #ifdef HAVE_SUN_LDAP_SDK #ifdef HAVE_LDAP_REBINDPROC_CALLBACK #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBINDPROC_CALLBACK ldap_sasl_rebind; static int LDAP_CALL LDAP_CALLBACK ldap_sasl_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return tool_sasl_bind(ld,cp->dn,cp->pw); } #endif static LDAP_REBINDPROC_CALLBACK ldap_simple_rebind; static int LDAP_CALL LDAP_CALLBACK ldap_simple_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #elif defined(HAVE_LDAP_REBIND_PROC) #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBIND_PROC ldap_sasl_rebind; static int ldap_sasl_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return tool_sasl_bind(ld, cp->dn, cp->pw); } #endif static LDAP_REBIND_PROC ldap_simple_rebind; static int ldap_simple_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #elif defined(HAVE_LDAP_REBIND_FUNCTION) #ifndef LDAP_REFERRALS #define LDAP_REFERRALS #endif #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBIND_FUNCTION ldap_sasl_rebind; static int ldap_sasl_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return tool_sasl_bind(ld,cp->dn,cp->pw); } #endif static LDAP_REBIND_FUNCTION ldap_simple_rebind; static int ldap_simple_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #else # error "No rebind functione defined" #endif #else /* HAVE_SUN_LDAP_SDK */ #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBIND_PROC ldap_sasl_rebind; static int ldap_sasl_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params ) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return tool_sasl_bind(ld,cp->dn,cp->pw); } #endif static LDAP_REBIND_PROC ldap_simple_rebind; static int ldap_simple_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params ) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #endif char *convert_domain_to_bind_path(char *domain) { char *dp,*bindp=NULL,*bp=NULL; int i=0; if (!domain) return NULL; for (dp=domain; *dp; dp++) { if ( *dp == '.' ) i++; } /* * add dc= and * replace . with ,dc= => new length = old length + #dots * 3 + 3 */ bindp=malloc(strlen(domain)+3+i*3+1); bp=bindp; strcpy(bp,"dc="); bp +=3; for (dp=domain; *dp; dp++) { if ( *dp == '.' ) { strcpy(bp,",dc="); bp+=4; } else *bp++ = *dp; } *bp=''; return bindp; } char *escape_filter(char *filter) { int i; char *ldap_filter_esc,*ldf; i=0; for (ldap_filter_esc=filter; *ldap_filter_esc; ldap_filter_esc++) { if ( (*ldap_filter_esc== '*') || (*ldap_filter_esc== '(') || (*ldap_filter_esc== ')') || (*ldap_filter_esc== '\\') ) i=i+3; } ldap_filter_esc=calloc(strlen(filter)+i+1,sizeof(char)); ldf = ldap_filter_esc; for (; *filter; filter++) { if ( *filter == '*') { strcpy(ldf,"\\2a"); ldf = ldf + 3; } else if (*filter == '(') { strcpy(ldf,"\\28"); ldf = ldf + 3; } else if (*filter == ')') { strcpy(ldf,"\\29"); ldf = ldf + 3; } else if (*filter == '\\') { strcpy(ldf,"\\5c"); ldf = ldf + 3; } else { *ldf=*filter; ldf++; } } *ldf=''; return ldap_filter_esc; }; int check_AD(struct main_args *margs, LDAP *ld) { LDAPMessage *res; char **attr_value=NULL; struct timeval searchtime; int max_attr=0; int j,rc=0; #define FILTER_SCHEMA "(objectclass=*)" #define ATTRIBUTE_SCHEMA "schemaNamingContext" #define FILTER_SAM "(ldapdisplayname=samaccountname)" searchtime.tv_sec = SEARCH_TIMEOUT; searchtime.tv_usec = 0; if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path \"\" and filter: %s\n",LogTime(), PROGRAM,FILTER_SCHEMA); rc = ldap_search_ext_s(ld, (char *)"", LDAP_SCOPE_BASE, (char *)FILTER_SCHEMA, NULL, 0, NULL, NULL, &searchtime, 0, &res); if ( rc == LDAP_SUCCESS ) max_attr = get_attributes(margs,ld,res,ATTRIBUTE_SCHEMA,&attr_value); if (max_attr==1) { ldap_msgfree(res); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter: %s\n",LogTime(), PROGRAM,attr_value[0],FILTER_SAM); rc = ldap_search_ext_s(ld, attr_value[0], LDAP_SCOPE_SUBTREE, (char *)FILTER_SAM, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); if (ldap_count_entries( ld, res) > 0) margs->AD=1; } else { if (margs->debug) fprintf(stderr, "%s| %s: Did not find ldap entry for subschemasubentry\n",LogTime(), PROGRAM); } if (margs->debug) fprintf(stderr, "%s| %s: Determined ldap server %sas an Active Directory server\n",LogTime(), PROGRAM,margs->AD?"":"not "); /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } ldap_msgfree(res); return rc; } int search_group_tree(struct main_args *margs,LDAP *ld, char* bindp, char *ldap_group,char *group, int depth) { LDAPMessage *res=NULL; char **attr_value=NULL; int max_attr=0; char *filter=NULL; char *search_exp=NULL; int j,rc=0,retval=0; char *av=NULL,*avp=NULL; int ldepth; char *ldap_filter_esc=NULL; struct timeval searchtime; #define FILTER_GROUP_AD "(&(%s)(objectclass=group))" #define FILTER_GROUP "(&(memberuid=%s)(objectclass=posixgroup))" searchtime.tv_sec = SEARCH_TIMEOUT; searchtime.tv_usec = 0; if (margs->AD) filter=(char *)FILTER_GROUP_AD; else filter=(char *)FILTER_GROUP; ldap_filter_esc = escape_filter(ldap_group); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free(ldap_filter_esc); if (depth > margs->mdepth) { if (margs->debug) fprintf(stderr, "%s| %s: Max search depth reached %d>%d\n",LogTime(), PROGRAM,depth,margs->mdepth); return 0; } if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter : %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error searching ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind_s(ld); return 0; } if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); if (margs->AD) max_attr = get_attributes(margs,ld,res,ATTRIBUTE_AD,&attr_value); else max_attr = get_attributes(margs,ld,res,ATTRIBUTE,&attr_value); /* * Compare group names */ retval=0; ldepth = depth+1; for (j=0;j<max_attr;j++) { /* Compare first CN= value assuming it is the same as the group name itself */ av=attr_value[j]; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) { int n; fprintf(stderr, "%s| %s: Entry %d \"%s\" in hex UTF-8 is ",LogTime(), PROGRAM, j+1, av); for (n=0; av[n] != ''; n++) fprintf(stderr, "%02x",(unsigned char)av[n]); fprintf(stderr, "\n"); } if (!strcasecmp(group,av)) { retval=1; if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" matches group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); break; } else { if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" does not match group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); } /* * Do recursive group search */ if (margs->debug) fprintf(stderr, "%s| %s: Perform recursive group search for group \"%s\"\n",LogTime(), PROGRAM,av); av=attr_value[j]; if (search_group_tree(margs,ld,bindp,av,group,ldepth)) { retval=1; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" is member of group named \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); else break; } } /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } ldap_msgfree(res); return retval; } int ldap_set_defaults(struct main_args *margs, LDAP *ld) { int val,rc=0; #ifdef LDAP_OPT_NETWORK_TIMEOUT struct timeval tv; #endif val = LDAP_VERSION3; rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &val); if ( rc != LDAP_SUCCESS ) { if(margs->debug) fprintf(stderr, "%s| %s: Error while setting protocol version: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } rc = ldap_set_option(ld, LDAP_OPT_REFERRALS , LDAP_OPT_OFF); if ( rc != LDAP_SUCCESS ) { if(margs->debug) fprintf(stderr, "%s| %s: Error while setting referrals off: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } #ifdef LDAP_OPT_NETWORK_TIMEOUT tv.tv_sec = CONNECT_TIMEOUT; tv.tv_usec = 0; rc = ldap_set_option (ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); if ( rc != LDAP_SUCCESS ) { if(margs->debug) fprintf(stderr, "%s| %s: Error while setting network timeout: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } #endif /* LDAP_OPT_NETWORK_TIMEOUT */ return LDAP_SUCCESS; } int ldap_set_ssl_defaults(struct main_args *margs) { #if defined(HAVE_OPENLDAP) || defined(HAVE_LDAPSSL_CLIENT_INIT) int rc=0; #endif #ifdef HAVE_OPENLDAP int val; char *ssl_cacertfile=NULL; int free_path; #elif defined(HAVE_LDAPSSL_CLIENT_INIT) char *ssl_certdbpath=NULL; #endif #ifdef HAVE_OPENLDAP if (!margs->rc_allow) { ssl_cacertfile=getenv("TLS_CACERTFILE"); free_path=0; if (!ssl_cacertfile) { ssl_cacertfile=strdup("/etc/ssl/certs/cert.pem"); free_path=1; } if (margs->debug) fprintf(stderr, "%s| %s: Set certificate file for ldap server to %s.(Changeable through setting environment variable TLS_CACERTFILE)\n",LogTime(), PROGRAM,ssl_cacertfile); rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ssl_cacertfile); if (ssl_cacertfile && free_path) { free(ssl_cacertfile); ssl_cacertfile=NULL; } if ( rc != LDAP_OPT_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting LDAP_OPT_X_TLS_CACERTFILE for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } } else { if (margs->debug) fprintf(stderr, "%s| %s: Disable server certificate check for ldap server.\n",LogTime(), PROGRAM); val = LDAP_OPT_X_TLS_ALLOW; rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &val); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting LDAP_OPT_X_TLS_REQUIRE_CERT ALLOW for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } } #elif defined(HAVE_LDAPSSL_CLIENT_INIT) /* * Solaris SSL ldap calls require path to certificate database */ /* rc = ldapssl_client_init( ssl_certdbpath, NULL ); rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 2); */ ssl_certdbpath=getenv("SSL_CERTDBPATH"); if (!ssl_certdbpath) { ssl_certdbpath=strdup("/etc/certs"); } if (margs->debug) fprintf(stderr, "%s| %s: Set certificate database path for ldap server to %s.(Changeable through setting environment variable SSL_CERTDBPATH)\n",LogTime(), PROGRAM,ssl_certdbpath); if (!margs->rc_allow) { rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 2); } else { rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 0); if (margs->debug) fprintf(stderr, "%s| %s: Disable server certificate check for ldap server.\n",LogTime(), PROGRAM); } if (ssl_certdbpath) { free(ssl_certdbpath); ssl_certdbpath=NULL; } if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting SSL for ldap server: %s\n",LogTime(), PROGRAM,ldapssl_err2string(rc)); return rc; } #else fprintf(stderr, "%s| %s: SSL not supported by ldap library\n",LogTime(), PROGRAM); #endif return LDAP_SUCCESS; } int get_attributes(struct main_args *margs,LDAP *ld,LDAPMessage *res, const char *attribute, char ***ret_value) { /* Part of this work is from OpenLDAP Software. * * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * */ LDAPMessage *msg; char **attr_value=NULL; int max_attr=0; attr_value=*ret_value; /* * loop over attributes */ if (margs->debug) fprintf(stderr, "%s| %s: Search ldap entries for attribute : %s\n",LogTime(), PROGRAM,attribute); for (msg = ldap_first_entry (ld, res); msg; msg = ldap_next_entry (ld, msg)) { BerElement *b; char *attr; switch (ldap_msgtype( msg )) { case LDAP_RES_SEARCH_ENTRY: for (attr = ldap_first_attribute (ld, msg, &b); attr; attr = ldap_next_attribute (ld, msg, B)) { if (strcasecmp (attr, attribute) == 0) { struct berval **values; int il; if ( (values = ldap_get_values_len (ld, msg, attr)) != NULL ) { for (il = 0; values[il] != NULL; il++) { attr_value= realloc (attr_value,(il+1)*sizeof(char *)); if ( !attr_value) break; attr_value[il] = malloc (values[il]->bv_len + 1); memcpy(attr_value[il],values[il]->bv_val,values[il]->bv_len); attr_value[il][values[il]->bv_len]=0; } max_attr=il; } ber_bvecfree(values); } ldap_memfree (attr); } ber_free (b, 0); break; case LDAP_RES_SEARCH_REFERENCE: if (margs->debug) fprintf(stderr, "%s| %s: Received a search reference message\n",LogTime(), PROGRAM); break; case LDAP_RES_SEARCH_RESULT: if (margs->debug) fprintf(stderr, "%s| %s: Received a search result message\n",LogTime(), PROGRAM); break; default: break; } } if (margs->debug) fprintf(stderr, "%s| %s: %d ldap entr%s found with attribute : %s\n",LogTime(), PROGRAM,max_attr,max_attr>1||max_attr==0?"ies":"y",attribute); *ret_value=attr_value; return max_attr; } /* * call to open ldap server with or without SSL */ LDAP *tool_ldap_open(struct main_args *margs, char* host, int port, char *ssl) { LDAP *ld; #ifdef HAVE_OPENLDAP LDAPURLDesc *url=NULL; char *ldapuri=NULL; #endif int rc=0; /* * Use ldap open here to check if TCP connection is possible. If possible use it. * (Not sure if this is the best way) */ #ifdef HAVE_OPENLDAP url = malloc(sizeof(*url)); memset( url, 0, sizeof(*url)); #ifdef HAVE_LDAP_URL_LUD_SCHEME if (ssl) url->lud_scheme = (char *)"ldaps"; else url->lud_scheme = (char *)"ldap"; #endif url->lud_host = host; url->lud_port = port; #ifdef HAVE_LDAP_SCOPE_DEFAULT url->lud_scope = LDAP_SCOPE_DEFAULT; #else url->lud_scope = LDAP_SCOPE_SUBTREE; #endif #ifdef HAVE_LDAP_URL_DESC2STR ldapuri = ldap_url_desc2str( url ); #elif defined(HAVE_LDAP_URL_PARSE) rc = ldap_url_parse(ldapuri, &url); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while parsing url: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); if (ldapuri) free(ldapuri); if (url) free(url); return NULL; } #else #error "No URL parsing function" #endif if (url) { free(url); url=NULL; } rc = ldap_initialize(&ld, ldapuri); if (ldapuri) free(ldapuri); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while initialising connection to ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } #else ld = ldap_init(host,port); #endif rc = ldap_set_defaults(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } if (ssl) { /* * Try Start TLS first */ if (margs->debug) fprintf(stderr, "%s| %s: Set SSL defaults\n",LogTime(), PROGRAM); rc = ldap_set_ssl_defaults(margs); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting SSL default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } #ifdef HAVE_OPENLDAP /* * Use tls if possible */ rc = ldap_start_tls_s(ld, NULL, NULL); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting start_tls for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; url = malloc(sizeof(*url)); memset( url, 0, sizeof(*url)); #ifdef HAVE_LDAP_URL_LUD_SCHEME url->lud_scheme = (char *)"ldaps"; #endif url->lud_host = host; url->lud_port = port; #ifdef HAVE_LDAP_SCOPE_DEFAULT url->lud_scope = LDAP_SCOPE_DEFAULT; #else url->lud_scope = LDAP_SCOPE_SUBTREE; #endif #ifdef HAVE_LDAP_URL_DESC2STR ldapuri = ldap_url_desc2str( url ); #elif defined(HAVE_LDAP_URL_PARSE) rc = ldap_url_parse(ldapuri, &url); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while parsing url: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); if (ldapuri) free(ldapuri); if (url) free(url); return NULL; } #else #error "No URL parsing function" #endif if (url) { free(url); url=NULL; } rc = ldap_initialize(&ld, ldapuri); if (ldapuri) free(ldapuri); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while initialising connection to ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } rc = ldap_set_defaults(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } } #elif defined(HAVE_LDAPSSL_CLIENT_INIT) ld = ldapssl_init(host,port,1); if (!ld) { fprintf(stderr, "%s| %s: Error while setting SSL for ldap server: %s\n",LogTime(), PROGRAM,ldapssl_err2string(rc)); ldap_unbind(ld); ld=NULL; return NULL; } rc = ldap_set_defaults(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } #else fprintf(stderr, "%s| %s: SSL not supported by ldap library\n",LogTime(), PROGRAM); #endif } return ld; } /* * ldap calls to get attribute from Ldap Directory Server */ int get_memberof(struct main_args *margs,char* user,char* domain,char *group) { LDAP *ld=NULL; LDAPMessage *res; #ifndef HAVE_SUN_LDAP_SDK int ldap_debug=0; #endif struct ldap_creds *lcreds=NULL; char *bindp=NULL; char *filter=NULL; char *search_exp; struct timeval searchtime; int i,j,rc=0,kc=1; int retval; char **attr_value=NULL; char *av=NULL,*avp=NULL; int max_attr=0; struct hstruct *hlist=NULL; int nhosts=0; char *hostname; char *host; int port; char *ssl=NULL; char* p; char* ldap_filter_esc=NULL; searchtime.tv_sec = SEARCH_TIMEOUT; searchtime.tv_usec = 0; /* * Fill Kerberos memory cache with credential from keytab for SASL/GSSAPI */ if (domain) { if (margs->debug) fprintf(stderr, "%s| %s: Setup Kerberos credential cache\n",LogTime(), PROGRAM); #ifdef HAVE_KRB5_H kc = krb5_create_cache(margs,domain); if (kc) { fprintf(stderr, "%s| %s: Error during setup of Kerberos credential cache\n",LogTime(), PROGRAM); } #endif } if (kc && (!margs->lurl || !margs->luser | !margs->lpass )) { /* * If Kerberos fails and no url given exit here */ retval=0; goto cleanup; } #ifndef HAVE_SUN_LDAP_SDK /* * Initialise ldap */ ldap_debug = 127 /* LDAP_DEBUG_TRACE */; ldap_debug = -1 /* LDAP_DEBUG_ANY */; ldap_debug = 0; (void) ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug); #endif if (margs->debug) fprintf(stderr, "%s| %s: Initialise ldap connection\n",LogTime(), PROGRAM); if (domain && !kc) { if (margs->ssl) { if (margs->debug) fprintf(stderr, "%s| %s: Enable SSL to ldap servers\n",LogTime(), PROGRAM); } if (margs->debug) fprintf(stderr, "%s| %s: Canonicalise ldap server name for domain %s\n",LogTime(), PROGRAM,domain); /* * Loop over list of ldap servers of users domain */ nhosts=get_ldap_hostname_list(margs,&hlist,0,domain); for (i=0;i<nhosts;i++) { port=389; if (hlist[i].port != -1) port=hlist[i].port; if (margs->debug) fprintf(stderr, "%s| %s: Setting up connection to ldap server %s:%d\n",LogTime(), PROGRAM, hlist[i].host,port); ld = tool_ldap_open(margs,hlist[i].host,port,margs->ssl); if (!ld) continue; /* * ldap bind with SASL/GSSAPI authentication (only possible if a domain was part of the username) */ #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) if (margs->debug) fprintf(stderr, "%s| %s: Bind to ldap server with SASL/GSSAPI\n",LogTime(), PROGRAM); rc = tool_sasl_bind(ld, bindp, margs->ssl); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while binding to ldap server with SASL/GSSAPI: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; continue; } lcreds=malloc(sizeof(struct ldap_creds)); lcreds->dn = bindp?strdup(bindp):NULL; lcreds->pw = margs->ssl?strdup(margs->ssl):NULL; ldap_set_rebind_proc(ld, ldap_sasl_rebind,(char *)lcreds); if ( ld != NULL ) { if (margs->debug) fprintf(stderr, "%s| %s: %s initialised %sconnection to ldap server %s:%d\n",LogTime(), PROGRAM, ld?"Successfully":"Failed to",margs->ssl?"SSL protected ":"",hlist[i].host,port); break; } #else ldap_unbind(ld); ld=NULL; fprintf(stderr, "%s| %s: SASL not supported on system\n",LogTime(), PROGRAM); continue; #endif } free_hostname_list(&hlist,nhosts); if ( ld == NULL ) { if (margs->debug) fprintf(stderr, "%s| %s: Error during initialisation of ldap connection: %s\n",LogTime(), PROGRAM,strerror(errno)); } bindp=convert_domain_to_bind_path(domain); } if ((!domain || !ld) && margs->lurl && strstr(margs->lurl,"://") ) { /* * If username does not contain a domain and a url was given then try it */ hostname=strstr(margs->lurl,"://")+3; ssl=strstr(margs->lurl,"ldaps://"); if (ssl) { if (margs->debug) fprintf(stderr, "%s| %s: Enable SSL to ldap servers\n",LogTime(), PROGRAM); } if (margs->debug) fprintf(stderr, "%s| %s: Canonicalise ldap server name %s\n",LogTime(), PROGRAM,hostname); /* * Loop over list of ldap servers */ host=strdup(hostname); port=389; if ((p=strchr(host,':'))) { *p=''; p++; port=atoi(p); } nhosts=get_hostname_list(margs,&hlist,0,host); if (host) free(host); host=NULL; for (i=0;i<nhosts;i++) { ld = tool_ldap_open(margs,hlist[i].host,port,ssl); if (!ld) continue; /* * ldap bind with username/password authentication */ if (margs->debug) fprintf(stderr, "%s| %s: Bind to ldap server with Username/Password\n",LogTime(), PROGRAM); rc = ldap_simple_bind_s(ld, margs->luser, margs->lpass); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while binding to ldap server with Username/Password: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; continue; } lcreds=malloc(sizeof(struct ldap_creds)); lcreds->dn = strdup(margs->luser); lcreds->pw = strdup(margs->lpass); ldap_set_rebind_proc(ld, ldap_simple_rebind,(char *)lcreds); if (margs->debug) fprintf(stderr, "%s| %s: %s set up %sconnection to ldap server %s:%d\n",LogTime(), PROGRAM, ld?"Successfully":"Failed to",ssl?"SSL protected ":"",hlist[i].host,port); break; } free_hostname_list(&hlist,nhosts); if (bindp) free(bindp); if (margs->lbind) { bindp=strdup(margs->lbind); } else { bindp=convert_domain_to_bind_path(domain); } } if ( ld == NULL ) { if (margs->debug) fprintf(stderr, "%s| %s: Error during initialisation of ldap connection: %s\n",LogTime(), PROGRAM,strerror(errno)); retval=0; goto cleanup; } /* * ldap search for user */ /* * Check if server is AD by querying for attribute samaccountname */ margs->AD=0; rc = check_AD(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error determining ldap server type: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; retval=0; goto cleanup; } if (margs->AD) filter=(char *)FILTER_AD; else filter=(char *)FILTER; ldap_filter_esc = escape_filter(user); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free (ldap_filter_esc); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter : %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error searching ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; retval=0; goto cleanup; } if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); if (ldap_count_entries( ld, res)!=0 ) { if (margs->AD) max_attr = get_attributes(margs,ld,res,ATTRIBUTE_AD,&attr_value); else { max_attr = get_attributes(margs,ld,res,ATTRIBUTE,&attr_value); } /* * Compare group names */ retval=0; for (j=0;j<max_attr;j++) { /* Compare first CN= value assuming it is the same as the group name itself */ av=attr_value[j]; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) { int n; fprintf(stderr, "%s| %s: Entry %d \"%s\" in hex UTF-8 is ",LogTime(), PROGRAM, j+1, av); for (n=0; av[n] != ''; n++) fprintf(stderr, "%02x",(unsigned char)av[n]); fprintf(stderr, "\n"); } if (!strcasecmp(group,av)) { retval=1; if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" matches group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); else break; } else { if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" does not match group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); } } /* * Do recursive group search for AD only since posixgroups can not contain other groups */ if (!retval && margs->AD) { if (margs->debug && max_attr > 0) fprintf(stderr, "%s| %s: Perform recursive group search\n",LogTime(), PROGRAM); for (j=0;j<max_attr;j++) { av=attr_value[j]; if (search_group_tree(margs,ld,bindp,av,group,1)) { retval=1; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) fprintf(stderr, "%s| %s: Entry %d group \"%s\" is (in)direct member of group \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); else break; } } } /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } ldap_msgfree(res); } else if (ldap_count_entries( ld, res)==0 && margs->AD) { ldap_msgfree(res); ldap_unbind(ld); ld=NULL; retval=0; goto cleanup; } else { ldap_msgfree(res); retval=0; } if (!margs->AD && retval == 0) { /* * Check for primary Group membership */ if (margs->debug) fprintf(stderr, "%s| %s: Search for primary group membership: \"%s\"\n",LogTime(), PROGRAM,group); filter=(char *)FILTER_UID; ldap_filter_esc = escape_filter(user); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free(ldap_filter_esc); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter: %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Search returned with error %s\n",LogTime(), PROGRAM, ldap_err2string(rc)); goto cleanup; } if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); max_attr = get_attributes(margs,ld,res,ATTRIBUTE_GID,&attr_value); if (max_attr==1) { char **attr_value_2=NULL; int max_attr_2=0; ldap_msgfree(res); filter=(char *)FILTER_GID; ldap_filter_esc = escape_filter(attr_value[0]); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free(ldap_filter_esc); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter: %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Search returned with error %s\n",LogTime(), PROGRAM, ldap_err2string(rc)); goto cleanup; } max_attr_2 = get_attributes(margs,ld,res,ATTRIBUTE,&attr_value_2); /* * Compare group names */ retval=0; if(max_attr_2==1) { /* Compare first CN= value assuming it is the same as the group name itself */ av=attr_value_2[0]; if (!strcasecmp(group,av)) { retval=1; if (margs->debug) fprintf(stderr, "%s| %s: \"%s\" matches group name \"%s\"\n",LogTime(), PROGRAM, av, group); } else { if (margs->debug) fprintf(stderr, "%s| %s: \"%s\" does not match group name \"%s\"\n",LogTime(), PROGRAM, av, group); } } /* * Cleanup */ if (attr_value_2){ for (j=0;j<max_attr_2;j++) { free(attr_value_2[j]); } free(attr_value_2); attr_value_2=NULL; } ldap_msgfree(res); if (margs->debug) fprintf(stderr, "%s| %s: Users primary group %s %s\n",LogTime(), PROGRAM, retval?"matches":"does not match", group); } else { if (margs->debug) fprintf(stderr, "%s| %s: Did not find ldap entry for group %s\n",LogTime(), PROGRAM, group); } /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } } rc = ldap_unbind(ld); ld=NULL; if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error unbind ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); } if (margs->debug) fprintf(stderr, "%s| %s: Unbind ldap server\n",LogTime(), PROGRAM); cleanup: #ifdef HAVE_KRB5_H if (domain) krb5_cleanup(); #endif if (lcreds) { if (lcreds->dn) free(lcreds->dn); if (lcreds->pw) free(lcreds->pw); free(lcreds); } if (bindp) free(bindp); bindp=NULL; return(retval); }Que ao compilar ocorre o seguinte erro:rootmsolbhzvpx01:~/squid_kerb_ldap-1.2.1a# gcc -c support_ldap.csupport_ldap.c:33:39: erro: unknown type name âLDAPâsupport_ldap.c:34:48: erro: unknown type name âLDAPâsupport_ldap.c:36:1: erro: unknown type name âLDAPâsupport_ldap.c:50:45: erro: unknown type name âLDAPâsupport_ldap.c:50:55: erro: unknown type name âLDAPMessageâsupport_ldap.c:51:47: erro: unknown type name âLDAPâsupport_ldap.c:170:3: erro: #error "No rebind functione defined"support_ldap.c:277:39: erro: unknown type name âLDAPâsupport_ldap.c:328:47: erro: unknown type name âLDAPâsupport_ldap.c:454:48: erro: unknown type name âLDAPâsupport_ldap.c: Na função âldap_set_ssl_defaultsâ:support_ldap.c:558:10: erro: âLDAP_SUCCESSâ undeclared (first use in this functi on)support_ldap.c:558:10: nota: each undeclared identifier is reported only once fo r each function it appears insupport_ldap.c: No nivel superior:support_ldap.c:561:44: erro: unknown type name âLDAPâsupport_ldap.c:561:53: erro: unknown type name âLDAPMessageâsupport_ldap.c:648:1: erro: unknown type name âLDAPâsupport_ldap.c: Na função âtool_ldap_openâ:support_ldap.c:649:5: erro: unknown type name âLDAPâsupport_ldap.c:705:10: aviso: assignment makes pointer from integer without a ca st [habilitado por padrão]support_ldap.c:708:17: erro: âLDAP_SUCCESSâ undeclared (first use in this functi on)support_ldap.c:709:9: aviso: formato â%sâ expects argument of type âchar *â, but argument 5 has type âintâ [-Wformat]support_ldap.c:723:11: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]support_ldap.c: Na função âget_memberofâ:support_ldap.c:811:3: erro: unknown type name âLDAPâsupport_ldap.c:812:3: erro: unknown type name âLDAPMessageâsupport_ldap.c:972:17: erro: âLDAP_SUCCESSâ undeclared (first use in this functi on)support_ldap.c:973:2: aviso: formato â%sâ expects argument of type âchar *â, but argument 5 has type âintâ [-Wformat]support_ldap.c:981:32: erro: âldap_simple_rebindâ undeclared (first use in this function)support_ldap.c:1013:5: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]support_ldap.c:1035:37: erro: âLDAP_SCOPE_SUBTREEâ undeclared (first use in this function)support_ldap.c:1042:5: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]support_ldap.c:1245:5: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]Como posso resolver? Citar Link para o comentário Compartilhar em outros sites More sharing options...
Pergunta
RafaelMagalhaes82
Estou com esse código fonte:
/* * ----------------------------------------------------------------------------- * * Author: Markus Moeller * * Copyright © 2007 Markus Moeller. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. * * ----------------------------------------------------------------------------- */ #include <netdb.h> #include <ctype.h> #include <errno.h> #include "support.h" char *convert_domain_to_bind_path(char *domain); char *escape_filter(char *filter); int check_AD(struct main_args *margs, LDAP *ld); int ldap_set_defaults(struct main_args *margs, LDAP *ld); int ldap_set_ssl_defaults(struct main_args *margs); LDAP *tool_ldap_open(struct main_args *margs, char* host, int port, char *ssl); #define CONNECT_TIMEOUT 2 #define SEARCH_TIMEOUT 30 #define FILTER "(memberuid=%s)" #define ATTRIBUTE "cn" #define FILTER_UID "(uid=%s)" #define FILTER_GID "(&(gidNumber=%s)(objectclass=posixgroup))" #define ATTRIBUTE_GID "gidNumber" #define FILTER_AD "(samaccountname=%s)" #define ATTRIBUTE_AD "memberof" int get_attributes(struct main_args *margs, LDAP *ld, LDAPMessage *res, const char *attribute /* IN */, char ***out_val /* OUT (caller frees) */); int search_group_tree(struct main_args *margs,LDAP *ld, char *bindp, char *ldap_group,char *group, int depth); #ifdef HAVE_SUN_LDAP_SDK #ifdef HAVE_LDAP_REBINDPROC_CALLBACK #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBINDPROC_CALLBACK ldap_sasl_rebind; static int LDAP_CALL LDAP_CALLBACK ldap_sasl_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return tool_sasl_bind(ld,cp->dn,cp->pw); } #endif static LDAP_REBINDPROC_CALLBACK ldap_simple_rebind; static int LDAP_CALL LDAP_CALLBACK ldap_simple_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #elif defined(HAVE_LDAP_REBIND_PROC) #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBIND_PROC ldap_sasl_rebind; static int ldap_sasl_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return tool_sasl_bind(ld, cp->dn, cp->pw); } #endif static LDAP_REBIND_PROC ldap_simple_rebind; static int ldap_simple_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #elif defined(HAVE_LDAP_REBIND_FUNCTION) #ifndef LDAP_REFERRALS #define LDAP_REFERRALS #endif #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBIND_FUNCTION ldap_sasl_rebind; static int ldap_sasl_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return tool_sasl_bind(ld,cp->dn,cp->pw); } #endif static LDAP_REBIND_FUNCTION ldap_simple_rebind; static int ldap_simple_rebind( LDAP *ld, char **whop, char **credp, int *methodp, int freeit, void *params) { struct ldap_creds *cp = (struct ldap_creds *)params; whop = whop; credp = credp; methodp = methodp; freeit = freeit; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #else # error "No rebind functione defined" #endif #else /* HAVE_SUN_LDAP_SDK */ #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) static LDAP_REBIND_PROC ldap_sasl_rebind; static int ldap_sasl_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params ) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return tool_sasl_bind(ld,cp->dn,cp->pw); } #endif static LDAP_REBIND_PROC ldap_simple_rebind; static int ldap_simple_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params ) { struct ldap_creds *cp = (struct ldap_creds *)params; url = url; request = request; msgid = msgid; return ldap_bind_s( ld, cp->dn , cp->pw , LDAP_AUTH_SIMPLE ); } #endif char *convert_domain_to_bind_path(char *domain) { char *dp,*bindp=NULL,*bp=NULL; int i=0; if (!domain) return NULL; for (dp=domain; *dp; dp++) { if ( *dp == '.' ) i++; } /* * add dc= and * replace . with ,dc= => new length = old length + #dots * 3 + 3 */ bindp=malloc(strlen(domain)+3+i*3+1); bp=bindp; strcpy(bp,"dc="); bp +=3; for (dp=domain; *dp; dp++) { if ( *dp == '.' ) { strcpy(bp,",dc="); bp+=4; } else *bp++ = *dp; } *bp=''; return bindp; } char *escape_filter(char *filter) { int i; char *ldap_filter_esc,*ldf; i=0; for (ldap_filter_esc=filter; *ldap_filter_esc; ldap_filter_esc++) { if ( (*ldap_filter_esc== '*') || (*ldap_filter_esc== '(') || (*ldap_filter_esc== ')') || (*ldap_filter_esc== '\\') ) i=i+3; } ldap_filter_esc=calloc(strlen(filter)+i+1,sizeof(char)); ldf = ldap_filter_esc; for (; *filter; filter++) { if ( *filter == '*') { strcpy(ldf,"\\2a"); ldf = ldf + 3; } else if (*filter == '(') { strcpy(ldf,"\\28"); ldf = ldf + 3; } else if (*filter == ')') { strcpy(ldf,"\\29"); ldf = ldf + 3; } else if (*filter == '\\') { strcpy(ldf,"\\5c"); ldf = ldf + 3; } else { *ldf=*filter; ldf++; } } *ldf=''; return ldap_filter_esc; }; int check_AD(struct main_args *margs, LDAP *ld) { LDAPMessage *res; char **attr_value=NULL; struct timeval searchtime; int max_attr=0; int j,rc=0; #define FILTER_SCHEMA "(objectclass=*)" #define ATTRIBUTE_SCHEMA "schemaNamingContext" #define FILTER_SAM "(ldapdisplayname=samaccountname)" searchtime.tv_sec = SEARCH_TIMEOUT; searchtime.tv_usec = 0; if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path \"\" and filter: %s\n",LogTime(), PROGRAM,FILTER_SCHEMA); rc = ldap_search_ext_s(ld, (char *)"", LDAP_SCOPE_BASE, (char *)FILTER_SCHEMA, NULL, 0, NULL, NULL, &searchtime, 0, &res); if ( rc == LDAP_SUCCESS ) max_attr = get_attributes(margs,ld,res,ATTRIBUTE_SCHEMA,&attr_value); if (max_attr==1) { ldap_msgfree(res); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter: %s\n",LogTime(), PROGRAM,attr_value[0],FILTER_SAM); rc = ldap_search_ext_s(ld, attr_value[0], LDAP_SCOPE_SUBTREE, (char *)FILTER_SAM, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); if (ldap_count_entries( ld, res) > 0) margs->AD=1; } else { if (margs->debug) fprintf(stderr, "%s| %s: Did not find ldap entry for subschemasubentry\n",LogTime(), PROGRAM); } if (margs->debug) fprintf(stderr, "%s| %s: Determined ldap server %sas an Active Directory server\n",LogTime(), PROGRAM,margs->AD?"":"not "); /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } ldap_msgfree(res); return rc; } int search_group_tree(struct main_args *margs,LDAP *ld, char* bindp, char *ldap_group,char *group, int depth) { LDAPMessage *res=NULL; char **attr_value=NULL; int max_attr=0; char *filter=NULL; char *search_exp=NULL; int j,rc=0,retval=0; char *av=NULL,*avp=NULL; int ldepth; char *ldap_filter_esc=NULL; struct timeval searchtime; #define FILTER_GROUP_AD "(&(%s)(objectclass=group))" #define FILTER_GROUP "(&(memberuid=%s)(objectclass=posixgroup))" searchtime.tv_sec = SEARCH_TIMEOUT; searchtime.tv_usec = 0; if (margs->AD) filter=(char *)FILTER_GROUP_AD; else filter=(char *)FILTER_GROUP; ldap_filter_esc = escape_filter(ldap_group); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free(ldap_filter_esc); if (depth > margs->mdepth) { if (margs->debug) fprintf(stderr, "%s| %s: Max search depth reached %d>%d\n",LogTime(), PROGRAM,depth,margs->mdepth); return 0; } if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter : %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error searching ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind_s(ld); return 0; } if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); if (margs->AD) max_attr = get_attributes(margs,ld,res,ATTRIBUTE_AD,&attr_value); else max_attr = get_attributes(margs,ld,res,ATTRIBUTE,&attr_value); /* * Compare group names */ retval=0; ldepth = depth+1; for (j=0;j<max_attr;j++) { /* Compare first CN= value assuming it is the same as the group name itself */ av=attr_value[j]; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) { int n; fprintf(stderr, "%s| %s: Entry %d \"%s\" in hex UTF-8 is ",LogTime(), PROGRAM, j+1, av); for (n=0; av[n] != ''; n++) fprintf(stderr, "%02x",(unsigned char)av[n]); fprintf(stderr, "\n"); } if (!strcasecmp(group,av)) { retval=1; if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" matches group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); break; } else { if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" does not match group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); } /* * Do recursive group search */ if (margs->debug) fprintf(stderr, "%s| %s: Perform recursive group search for group \"%s\"\n",LogTime(), PROGRAM,av); av=attr_value[j]; if (search_group_tree(margs,ld,bindp,av,group,ldepth)) { retval=1; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" is member of group named \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); else break; } } /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } ldap_msgfree(res); return retval; } int ldap_set_defaults(struct main_args *margs, LDAP *ld) { int val,rc=0; #ifdef LDAP_OPT_NETWORK_TIMEOUT struct timeval tv; #endif val = LDAP_VERSION3; rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &val); if ( rc != LDAP_SUCCESS ) { if(margs->debug) fprintf(stderr, "%s| %s: Error while setting protocol version: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } rc = ldap_set_option(ld, LDAP_OPT_REFERRALS , LDAP_OPT_OFF); if ( rc != LDAP_SUCCESS ) { if(margs->debug) fprintf(stderr, "%s| %s: Error while setting referrals off: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } #ifdef LDAP_OPT_NETWORK_TIMEOUT tv.tv_sec = CONNECT_TIMEOUT; tv.tv_usec = 0; rc = ldap_set_option (ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); if ( rc != LDAP_SUCCESS ) { if(margs->debug) fprintf(stderr, "%s| %s: Error while setting network timeout: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } #endif /* LDAP_OPT_NETWORK_TIMEOUT */ return LDAP_SUCCESS; } int ldap_set_ssl_defaults(struct main_args *margs) { #if defined(HAVE_OPENLDAP) || defined(HAVE_LDAPSSL_CLIENT_INIT) int rc=0; #endif #ifdef HAVE_OPENLDAP int val; char *ssl_cacertfile=NULL; int free_path; #elif defined(HAVE_LDAPSSL_CLIENT_INIT) char *ssl_certdbpath=NULL; #endif #ifdef HAVE_OPENLDAP if (!margs->rc_allow) { ssl_cacertfile=getenv("TLS_CACERTFILE"); free_path=0; if (!ssl_cacertfile) { ssl_cacertfile=strdup("/etc/ssl/certs/cert.pem"); free_path=1; } if (margs->debug) fprintf(stderr, "%s| %s: Set certificate file for ldap server to %s.(Changeable through setting environment variable TLS_CACERTFILE)\n",LogTime(), PROGRAM,ssl_cacertfile); rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ssl_cacertfile); if (ssl_cacertfile && free_path) { free(ssl_cacertfile); ssl_cacertfile=NULL; } if ( rc != LDAP_OPT_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting LDAP_OPT_X_TLS_CACERTFILE for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } } else { if (margs->debug) fprintf(stderr, "%s| %s: Disable server certificate check for ldap server.\n",LogTime(), PROGRAM); val = LDAP_OPT_X_TLS_ALLOW; rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &val); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting LDAP_OPT_X_TLS_REQUIRE_CERT ALLOW for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); return rc; } } #elif defined(HAVE_LDAPSSL_CLIENT_INIT) /* * Solaris SSL ldap calls require path to certificate database */ /* rc = ldapssl_client_init( ssl_certdbpath, NULL ); rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 2); */ ssl_certdbpath=getenv("SSL_CERTDBPATH"); if (!ssl_certdbpath) { ssl_certdbpath=strdup("/etc/certs"); } if (margs->debug) fprintf(stderr, "%s| %s: Set certificate database path for ldap server to %s.(Changeable through setting environment variable SSL_CERTDBPATH)\n",LogTime(), PROGRAM,ssl_certdbpath); if (!margs->rc_allow) { rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 2); } else { rc = ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 0); if (margs->debug) fprintf(stderr, "%s| %s: Disable server certificate check for ldap server.\n",LogTime(), PROGRAM); } if (ssl_certdbpath) { free(ssl_certdbpath); ssl_certdbpath=NULL; } if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting SSL for ldap server: %s\n",LogTime(), PROGRAM,ldapssl_err2string(rc)); return rc; } #else fprintf(stderr, "%s| %s: SSL not supported by ldap library\n",LogTime(), PROGRAM); #endif return LDAP_SUCCESS; } int get_attributes(struct main_args *margs,LDAP *ld,LDAPMessage *res, const char *attribute, char ***ret_value) { /* Part of this work is from OpenLDAP Software. * * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * */ LDAPMessage *msg; char **attr_value=NULL; int max_attr=0; attr_value=*ret_value; /* * loop over attributes */ if (margs->debug) fprintf(stderr, "%s| %s: Search ldap entries for attribute : %s\n",LogTime(), PROGRAM,attribute); for (msg = ldap_first_entry (ld, res); msg; msg = ldap_next_entry (ld, msg)) { BerElement *b; char *attr; switch (ldap_msgtype( msg )) { case LDAP_RES_SEARCH_ENTRY: for (attr = ldap_first_attribute (ld, msg, &b); attr; attr = ldap_next_attribute (ld, msg, B)) { if (strcasecmp (attr, attribute) == 0) { struct berval **values; int il; if ( (values = ldap_get_values_len (ld, msg, attr)) != NULL ) { for (il = 0; values[il] != NULL; il++) { attr_value= realloc (attr_value,(il+1)*sizeof(char *)); if ( !attr_value) break; attr_value[il] = malloc (values[il]->bv_len + 1); memcpy(attr_value[il],values[il]->bv_val,values[il]->bv_len); attr_value[il][values[il]->bv_len]=0; } max_attr=il; } ber_bvecfree(values); } ldap_memfree (attr); } ber_free (b, 0); break; case LDAP_RES_SEARCH_REFERENCE: if (margs->debug) fprintf(stderr, "%s| %s: Received a search reference message\n",LogTime(), PROGRAM); break; case LDAP_RES_SEARCH_RESULT: if (margs->debug) fprintf(stderr, "%s| %s: Received a search result message\n",LogTime(), PROGRAM); break; default: break; } } if (margs->debug) fprintf(stderr, "%s| %s: %d ldap entr%s found with attribute : %s\n",LogTime(), PROGRAM,max_attr,max_attr>1||max_attr==0?"ies":"y",attribute); *ret_value=attr_value; return max_attr; } /* * call to open ldap server with or without SSL */ LDAP *tool_ldap_open(struct main_args *margs, char* host, int port, char *ssl) { LDAP *ld; #ifdef HAVE_OPENLDAP LDAPURLDesc *url=NULL; char *ldapuri=NULL; #endif int rc=0; /* * Use ldap open here to check if TCP connection is possible. If possible use it. * (Not sure if this is the best way) */ #ifdef HAVE_OPENLDAP url = malloc(sizeof(*url)); memset( url, 0, sizeof(*url)); #ifdef HAVE_LDAP_URL_LUD_SCHEME if (ssl) url->lud_scheme = (char *)"ldaps"; else url->lud_scheme = (char *)"ldap"; #endif url->lud_host = host; url->lud_port = port; #ifdef HAVE_LDAP_SCOPE_DEFAULT url->lud_scope = LDAP_SCOPE_DEFAULT; #else url->lud_scope = LDAP_SCOPE_SUBTREE; #endif #ifdef HAVE_LDAP_URL_DESC2STR ldapuri = ldap_url_desc2str( url ); #elif defined(HAVE_LDAP_URL_PARSE) rc = ldap_url_parse(ldapuri, &url); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while parsing url: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); if (ldapuri) free(ldapuri); if (url) free(url); return NULL; } #else #error "No URL parsing function" #endif if (url) { free(url); url=NULL; } rc = ldap_initialize(&ld, ldapuri); if (ldapuri) free(ldapuri); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while initialising connection to ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } #else ld = ldap_init(host,port); #endif rc = ldap_set_defaults(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } if (ssl) { /* * Try Start TLS first */ if (margs->debug) fprintf(stderr, "%s| %s: Set SSL defaults\n",LogTime(), PROGRAM); rc = ldap_set_ssl_defaults(margs); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting SSL default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } #ifdef HAVE_OPENLDAP /* * Use tls if possible */ rc = ldap_start_tls_s(ld, NULL, NULL); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Error while setting start_tls for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; url = malloc(sizeof(*url)); memset( url, 0, sizeof(*url)); #ifdef HAVE_LDAP_URL_LUD_SCHEME url->lud_scheme = (char *)"ldaps"; #endif url->lud_host = host; url->lud_port = port; #ifdef HAVE_LDAP_SCOPE_DEFAULT url->lud_scope = LDAP_SCOPE_DEFAULT; #else url->lud_scope = LDAP_SCOPE_SUBTREE; #endif #ifdef HAVE_LDAP_URL_DESC2STR ldapuri = ldap_url_desc2str( url ); #elif defined(HAVE_LDAP_URL_PARSE) rc = ldap_url_parse(ldapuri, &url); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while parsing url: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); if (ldapuri) free(ldapuri); if (url) free(url); return NULL; } #else #error "No URL parsing function" #endif if (url) { free(url); url=NULL; } rc = ldap_initialize(&ld, ldapuri); if (ldapuri) free(ldapuri); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while initialising connection to ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } rc = ldap_set_defaults(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } } #elif defined(HAVE_LDAPSSL_CLIENT_INIT) ld = ldapssl_init(host,port,1); if (!ld) { fprintf(stderr, "%s| %s: Error while setting SSL for ldap server: %s\n",LogTime(), PROGRAM,ldapssl_err2string(rc)); ldap_unbind(ld); ld=NULL; return NULL; } rc = ldap_set_defaults(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while setting default options for ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld = NULL; return NULL; } #else fprintf(stderr, "%s| %s: SSL not supported by ldap library\n",LogTime(), PROGRAM); #endif } return ld; } /* * ldap calls to get attribute from Ldap Directory Server */ int get_memberof(struct main_args *margs,char* user,char* domain,char *group) { LDAP *ld=NULL; LDAPMessage *res; #ifndef HAVE_SUN_LDAP_SDK int ldap_debug=0; #endif struct ldap_creds *lcreds=NULL; char *bindp=NULL; char *filter=NULL; char *search_exp; struct timeval searchtime; int i,j,rc=0,kc=1; int retval; char **attr_value=NULL; char *av=NULL,*avp=NULL; int max_attr=0; struct hstruct *hlist=NULL; int nhosts=0; char *hostname; char *host; int port; char *ssl=NULL; char* p; char* ldap_filter_esc=NULL; searchtime.tv_sec = SEARCH_TIMEOUT; searchtime.tv_usec = 0; /* * Fill Kerberos memory cache with credential from keytab for SASL/GSSAPI */ if (domain) { if (margs->debug) fprintf(stderr, "%s| %s: Setup Kerberos credential cache\n",LogTime(), PROGRAM); #ifdef HAVE_KRB5_H kc = krb5_create_cache(margs,domain); if (kc) { fprintf(stderr, "%s| %s: Error during setup of Kerberos credential cache\n",LogTime(), PROGRAM); } #endif } if (kc && (!margs->lurl || !margs->luser | !margs->lpass )) { /* * If Kerberos fails and no url given exit here */ retval=0; goto cleanup; } #ifndef HAVE_SUN_LDAP_SDK /* * Initialise ldap */ ldap_debug = 127 /* LDAP_DEBUG_TRACE */; ldap_debug = -1 /* LDAP_DEBUG_ANY */; ldap_debug = 0; (void) ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug); #endif if (margs->debug) fprintf(stderr, "%s| %s: Initialise ldap connection\n",LogTime(), PROGRAM); if (domain && !kc) { if (margs->ssl) { if (margs->debug) fprintf(stderr, "%s| %s: Enable SSL to ldap servers\n",LogTime(), PROGRAM); } if (margs->debug) fprintf(stderr, "%s| %s: Canonicalise ldap server name for domain %s\n",LogTime(), PROGRAM,domain); /* * Loop over list of ldap servers of users domain */ nhosts=get_ldap_hostname_list(margs,&hlist,0,domain); for (i=0;i<nhosts;i++) { port=389; if (hlist[i].port != -1) port=hlist[i].port; if (margs->debug) fprintf(stderr, "%s| %s: Setting up connection to ldap server %s:%d\n",LogTime(), PROGRAM, hlist[i].host,port); ld = tool_ldap_open(margs,hlist[i].host,port,margs->ssl); if (!ld) continue; /* * ldap bind with SASL/GSSAPI authentication (only possible if a domain was part of the username) */ #if defined(HAVE_SASL_H) || defined(HAVE_SASL_SASL_H) || defined(HAVE_SASL_DARWIN) if (margs->debug) fprintf(stderr, "%s| %s: Bind to ldap server with SASL/GSSAPI\n",LogTime(), PROGRAM); rc = tool_sasl_bind(ld, bindp, margs->ssl); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while binding to ldap server with SASL/GSSAPI: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; continue; } lcreds=malloc(sizeof(struct ldap_creds)); lcreds->dn = bindp?strdup(bindp):NULL; lcreds->pw = margs->ssl?strdup(margs->ssl):NULL; ldap_set_rebind_proc(ld, ldap_sasl_rebind,(char *)lcreds); if ( ld != NULL ) { if (margs->debug) fprintf(stderr, "%s| %s: %s initialised %sconnection to ldap server %s:%d\n",LogTime(), PROGRAM, ld?"Successfully":"Failed to",margs->ssl?"SSL protected ":"",hlist[i].host,port); break; } #else ldap_unbind(ld); ld=NULL; fprintf(stderr, "%s| %s: SASL not supported on system\n",LogTime(), PROGRAM); continue; #endif } free_hostname_list(&hlist,nhosts); if ( ld == NULL ) { if (margs->debug) fprintf(stderr, "%s| %s: Error during initialisation of ldap connection: %s\n",LogTime(), PROGRAM,strerror(errno)); } bindp=convert_domain_to_bind_path(domain); } if ((!domain || !ld) && margs->lurl && strstr(margs->lurl,"://") ) { /* * If username does not contain a domain and a url was given then try it */ hostname=strstr(margs->lurl,"://")+3; ssl=strstr(margs->lurl,"ldaps://"); if (ssl) { if (margs->debug) fprintf(stderr, "%s| %s: Enable SSL to ldap servers\n",LogTime(), PROGRAM); } if (margs->debug) fprintf(stderr, "%s| %s: Canonicalise ldap server name %s\n",LogTime(), PROGRAM,hostname); /* * Loop over list of ldap servers */ host=strdup(hostname); port=389; if ((p=strchr(host,':'))) { *p=''; p++; port=atoi(p); } nhosts=get_hostname_list(margs,&hlist,0,host); if (host) free(host); host=NULL; for (i=0;i<nhosts;i++) { ld = tool_ldap_open(margs,hlist[i].host,port,ssl); if (!ld) continue; /* * ldap bind with username/password authentication */ if (margs->debug) fprintf(stderr, "%s| %s: Bind to ldap server with Username/Password\n",LogTime(), PROGRAM); rc = ldap_simple_bind_s(ld, margs->luser, margs->lpass); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error while binding to ldap server with Username/Password: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; continue; } lcreds=malloc(sizeof(struct ldap_creds)); lcreds->dn = strdup(margs->luser); lcreds->pw = strdup(margs->lpass); ldap_set_rebind_proc(ld, ldap_simple_rebind,(char *)lcreds); if (margs->debug) fprintf(stderr, "%s| %s: %s set up %sconnection to ldap server %s:%d\n",LogTime(), PROGRAM, ld?"Successfully":"Failed to",ssl?"SSL protected ":"",hlist[i].host,port); break; } free_hostname_list(&hlist,nhosts); if (bindp) free(bindp); if (margs->lbind) { bindp=strdup(margs->lbind); } else { bindp=convert_domain_to_bind_path(domain); } } if ( ld == NULL ) { if (margs->debug) fprintf(stderr, "%s| %s: Error during initialisation of ldap connection: %s\n",LogTime(), PROGRAM,strerror(errno)); retval=0; goto cleanup; } /* * ldap search for user */ /* * Check if server is AD by querying for attribute samaccountname */ margs->AD=0; rc = check_AD(margs,ld); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error determining ldap server type: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; retval=0; goto cleanup; } if (margs->AD) filter=(char *)FILTER_AD; else filter=(char *)FILTER; ldap_filter_esc = escape_filter(user); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free (ldap_filter_esc); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter : %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error searching ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); ldap_unbind(ld); ld=NULL; retval=0; goto cleanup; } if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); if (ldap_count_entries( ld, res)!=0 ) { if (margs->AD) max_attr = get_attributes(margs,ld,res,ATTRIBUTE_AD,&attr_value); else { max_attr = get_attributes(margs,ld,res,ATTRIBUTE,&attr_value); } /* * Compare group names */ retval=0; for (j=0;j<max_attr;j++) { /* Compare first CN= value assuming it is the same as the group name itself */ av=attr_value[j]; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) { int n; fprintf(stderr, "%s| %s: Entry %d \"%s\" in hex UTF-8 is ",LogTime(), PROGRAM, j+1, av); for (n=0; av[n] != ''; n++) fprintf(stderr, "%02x",(unsigned char)av[n]); fprintf(stderr, "\n"); } if (!strcasecmp(group,av)) { retval=1; if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" matches group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); else break; } else { if (margs->debug) fprintf(stderr, "%s| %s: Entry %d \"%s\" does not match group name \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); } } /* * Do recursive group search for AD only since posixgroups can not contain other groups */ if (!retval && margs->AD) { if (margs->debug && max_attr > 0) fprintf(stderr, "%s| %s: Perform recursive group search\n",LogTime(), PROGRAM); for (j=0;j<max_attr;j++) { av=attr_value[j]; if (search_group_tree(margs,ld,bindp,av,group,1)) { retval=1; if (!strncasecmp("CN=",av,3)) { av+=3; if ((avp=strchr(av,','))) { *avp=''; } } if (margs->debug) fprintf(stderr, "%s| %s: Entry %d group \"%s\" is (in)direct member of group \"%s\"\n",LogTime(), PROGRAM, j+1, av, group); else break; } } } /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } ldap_msgfree(res); } else if (ldap_count_entries( ld, res)==0 && margs->AD) { ldap_msgfree(res); ldap_unbind(ld); ld=NULL; retval=0; goto cleanup; } else { ldap_msgfree(res); retval=0; } if (!margs->AD && retval == 0) { /* * Check for primary Group membership */ if (margs->debug) fprintf(stderr, "%s| %s: Search for primary group membership: \"%s\"\n",LogTime(), PROGRAM,group); filter=(char *)FILTER_UID; ldap_filter_esc = escape_filter(user); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free(ldap_filter_esc); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter: %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Search returned with error %s\n",LogTime(), PROGRAM, ldap_err2string(rc)); goto cleanup; } if (margs->debug) fprintf(stderr, "%s| %s: Found %d ldap entr%s\n",LogTime(), PROGRAM, ldap_count_entries( ld, res),ldap_count_entries( ld, res)>1||ldap_count_entries( ld, res)==0?"ies":"y"); max_attr = get_attributes(margs,ld,res,ATTRIBUTE_GID,&attr_value); if (max_attr==1) { char **attr_value_2=NULL; int max_attr_2=0; ldap_msgfree(res); filter=(char *)FILTER_GID; ldap_filter_esc = escape_filter(attr_value[0]); search_exp=malloc(strlen(filter)+strlen(ldap_filter_esc)+1); snprintf(search_exp,strlen(filter)+strlen(ldap_filter_esc)+1, filter, ldap_filter_esc); if (ldap_filter_esc) free(ldap_filter_esc); if (margs->debug) fprintf(stderr, "%s| %s: Search ldap server with bind path %s and filter: %s\n",LogTime(), PROGRAM,bindp,search_exp); rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE, search_exp, NULL, 0, NULL, NULL, &searchtime, 0, &res); if (search_exp) free(search_exp); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "%s| %s: Search returned with error %s\n",LogTime(), PROGRAM, ldap_err2string(rc)); goto cleanup; } max_attr_2 = get_attributes(margs,ld,res,ATTRIBUTE,&attr_value_2); /* * Compare group names */ retval=0; if(max_attr_2==1) { /* Compare first CN= value assuming it is the same as the group name itself */ av=attr_value_2[0]; if (!strcasecmp(group,av)) { retval=1; if (margs->debug) fprintf(stderr, "%s| %s: \"%s\" matches group name \"%s\"\n",LogTime(), PROGRAM, av, group); } else { if (margs->debug) fprintf(stderr, "%s| %s: \"%s\" does not match group name \"%s\"\n",LogTime(), PROGRAM, av, group); } } /* * Cleanup */ if (attr_value_2){ for (j=0;j<max_attr_2;j++) { free(attr_value_2[j]); } free(attr_value_2); attr_value_2=NULL; } ldap_msgfree(res); if (margs->debug) fprintf(stderr, "%s| %s: Users primary group %s %s\n",LogTime(), PROGRAM, retval?"matches":"does not match", group); } else { if (margs->debug) fprintf(stderr, "%s| %s: Did not find ldap entry for group %s\n",LogTime(), PROGRAM, group); } /* * Cleanup */ if (attr_value){ for (j=0;j<max_attr;j++) { free(attr_value[j]); } free(attr_value); attr_value=NULL; } } rc = ldap_unbind(ld); ld=NULL; if (rc != LDAP_SUCCESS) { fprintf(stderr, "%s| %s: Error unbind ldap server: %s\n",LogTime(), PROGRAM,ldap_err2string(rc)); } if (margs->debug) fprintf(stderr, "%s| %s: Unbind ldap server\n",LogTime(), PROGRAM); cleanup: #ifdef HAVE_KRB5_H if (domain) krb5_cleanup(); #endif if (lcreds) { if (lcreds->dn) free(lcreds->dn); if (lcreds->pw) free(lcreds->pw); free(lcreds); } if (bindp) free(bindp); bindp=NULL; return(retval); }Que ao compilar ocorre o seguinte erro:
rootmsolbhzvpx01:~/squid_kerb_ldap-1.2.1a# gcc -c support_ldap.c
support_ldap.c:33:39: erro: unknown type name âLDAPâ
support_ldap.c:34:48: erro: unknown type name âLDAPâ
support_ldap.c:36:1: erro: unknown type name âLDAPâ
support_ldap.c:50:45: erro: unknown type name âLDAPâ
support_ldap.c:50:55: erro: unknown type name âLDAPMessageâ
support_ldap.c:51:47: erro: unknown type name âLDAPâ
support_ldap.c:170:3: erro: #error "No rebind functione defined"
support_ldap.c:277:39: erro: unknown type name âLDAPâ
support_ldap.c:328:47: erro: unknown type name âLDAPâ
support_ldap.c:454:48: erro: unknown type name âLDAPâ
support_ldap.c: Na função âldap_set_ssl_defaultsâ:
support_ldap.c:558:10: erro: âLDAP_SUCCESSâ undeclared (first use in this functi on)
support_ldap.c:558:10: nota: each undeclared identifier is reported only once fo r each function it appears in
support_ldap.c: No nivel superior:
support_ldap.c:561:44: erro: unknown type name âLDAPâ
support_ldap.c:561:53: erro: unknown type name âLDAPMessageâ
support_ldap.c:648:1: erro: unknown type name âLDAPâ
support_ldap.c: Na função âtool_ldap_openâ:
support_ldap.c:649:5: erro: unknown type name âLDAPâ
support_ldap.c:705:10: aviso: assignment makes pointer from integer without a ca st [habilitado por padrão]
support_ldap.c:708:17: erro: âLDAP_SUCCESSâ undeclared (first use in this functi on)
support_ldap.c:709:9: aviso: formato â%sâ expects argument of type âchar *â, but argument 5 has type âintâ [-Wformat]
support_ldap.c:723:11: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]
support_ldap.c: Na função âget_memberofâ:
support_ldap.c:811:3: erro: unknown type name âLDAPâ
support_ldap.c:812:3: erro: unknown type name âLDAPMessageâ
support_ldap.c:972:17: erro: âLDAP_SUCCESSâ undeclared (first use in this functi on)
support_ldap.c:973:2: aviso: formato â%sâ expects argument of type âchar *â, but argument 5 has type âintâ [-Wformat]
support_ldap.c:981:32: erro: âldap_simple_rebindâ undeclared (first use in this function)
support_ldap.c:1013:5: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]
support_ldap.c:1035:37: erro: âLDAP_SCOPE_SUBTREEâ undeclared (first use in this function)
support_ldap.c:1042:5: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]
support_ldap.c:1245:5: aviso: formato â%sâ expects argument of type âchar *â, bu t argument 5 has type âintâ [-Wformat]
Como posso resolver?
Link para o comentário
Compartilhar em outros sites
0 respostass a esta questão
Posts Recomendados
Participe da discussão
Você pode postar agora e se registrar depois. Se você já tem uma conta, acesse agora para postar com sua conta.