[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6409) ldap_init_fd and LDAPS
Full_Name: Vitaly Kroivets
Version: 2.4.20
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.115.180.11)
It seems that function ldap_init_fd can not be used in LDAPS connection .
I tried LDAP over SSL (without start-tls), but maybe with start-tls will be
same..
I copied here my program.
Use it this way :
a.out -H ldaps://{IP}:636 -i {your src IP} -D {user} -w {password}
Thanks!
======
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <ldap.h>
char* url = NULL;
char* host_uri = NULL;
char* bind_dn = NULL;
char* password = NULL;
char* out_file = NULL;
LDAP* server = NULL;
LDAPURLDesc* ludp = NULL;
char* attribute = NULL;
char* dn = NULL;
BerElement* ber = NULL;
LDAPMessage* result;
void OnExitHandler();
void PrintUsage();
char src_ip [64];
int main(int argc, char* argv[])
{
atexit(OnExitHandler);
char c;
while ((c = getopt(argc, argv, "H:w:D:o:i:")) != EOF) {
switch (c) {
case 'H': {
url = (char*)calloc(strlen(optarg), sizeof(char));
strcpy(url, optarg);
break;
}
case 'D': {
bind_dn = (char*)calloc(strlen(optarg), sizeof(char));
strcpy(bind_dn, optarg);
break;
}
case 'w': {
password = (char*)calloc(strlen(optarg), sizeof(char));
strcpy(password, optarg);
break;
}
case 'o': {
out_file = (char*)calloc(strlen(optarg), sizeof(char));
strcpy(out_file, optarg);
break;
}
case 'i': {
strncpy(src_ip, optarg, sizeof (src_ip));
break;
}
default: {
PrintUsage();
return 1;
break;
}
}
}
if (url == NULL ||
(bind_dn == NULL && password != NULL)) {
PrintUsage();
return 1;
}
int rc = ldap_url_parse(url, &ludp);
if (rc != 0) {
fprintf(stderr, "ldap_url_parse: %s\n", ldap_err2string(rc));
return 1;
}
// server = ldap_init(ludp->lud_host, ludp->lud_port);
// ldap_initialize is undocumented call we use instead of ldap_init
// it allows to work over TLS secured connection, i.e. using ldaps://
int host_uri_len = strlen(ludp->lud_scheme) + strlen(ludp->lud_host) + 16;
host_uri = (char*)malloc(sizeof(char) * host_uri_len);
sprintf(host_uri, "%s://%s:%d", ludp->lud_scheme, ludp->lud_host, ludp->
lud_port);
int sockfd ;
printf ("%s;\n",ludp->lud_host);
{
// struct hostent *gethostbyname(const char *name);
struct hostent *he;
struct sockaddr_in their_addr; // connector's address information
if (
(he=gethostbyname( ludp->lud_host )) == NULL
) { // get the host info
herror("gethostbyname");
exit(1);
}
if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket");
exit(1);
}
their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(ludp->
lud_port);
their_addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(their_addr.sin_zero, '\0', sizeof their_addr.sin_zero);
//
{
struct sockaddr_in my_addr; // my address information
my_addr.sin_family = AF_INET; // host byte order
my_addr.sin_port = 0; // short, network byte order
my_addr.sin_addr.s_addr = inet_addr(src_ip);
memset(my_addr.sin_zero, '\0', sizeof my_addr.sin_zero);
if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof my_addr) == -1)
{
perror("bind");
exit(1);
}
}
//
if (connect(sockfd, (struct sockaddr *)&their_addr,
sizeof their_addr) == -1) {
perror("connect");
exit(1);
}
//connect mysock...
printf ("init=%d\n",
ldap_init_fd (sockfd , 1 ,host_uri , &server));
}
/*
// rc = ldap_initialize(&server, host_uri);
if (rc != 0) {
fprintf(stderr, "ldap_initialize: %s", (*ldap_err2string)(rc));
return 1;
}
*/
//server->ld_conns->lconn_server = 0;//ldap_url_dup ( ludp );
rc = ldap_simple_bind_s(server, bind_dn, password);
if (rc != 0) {
fprintf(stderr, "ldap_simple_bind_s: %s", (*ldap_err2string)(rc));
return 1;
}
rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
ludp->lud_filter, ludp->lud_attrs, 0, &result);
if (rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
fprintf(stderr, "ldap_search_s: %s\n", (*ldap_err2string)(rc));
return 1;
}
int num = ldap_count_entries(server, result);
fprintf(stderr, "Number of messages: %d\n", ldap_count_messages(server,
result));
if (num == 0) {
fprintf(stderr, "ldap_count_entries: no entries received\n");
return 1;
}
else if (num > 1) {
fprintf(stderr, "ldap_count_entries: more than one entry received\n");
return 1;
}
LDAPMessage* entryIterator = ldap_first_entry(server, result);
dn = ldap_get_dn(server, entryIterator);
attribute = ldap_first_attribute(server, entryIterator, &ber);
if (attribute == NULL) {
fprintf(stderr, "ldap_first_attribute: no attriubutes received\n");
return 1;
}
else if (ldap_next_attribute(server, entryIterator, ber)) {
fprintf(stderr,
"ldap_first_attribute: more than one attriubute received\n");
return 1;
}
else {
BerValue** vals = ldap_get_values_len(server, entryIterator,
attribute);
num = ldap_count_values_len(vals);
if (vals == NULL || num == 0) {
fprintf(stderr, "ldap_count_values_len :no values received\n");
return 1;
}
else if (num > 1) {
fprintf(stderr,
"ldap_count_values_len :more than one value received\n");
return 1;
}
FILE* fo = NULL;
if (out_file) {
fo = fopen(out_file, "wb");
}
else {
fo = stdout;
}
fwrite(vals[0]->bv_val, 1, vals[0]->bv_len, fo);
fflush(fo);
fprintf(stderr, "Responce received from '%s'\n", url);
if (out_file)
fprintf(stderr, "Stored into %s\n", out_file);
/* Free memory used to store values */
ldap_value_free_len(vals);
}
return 0;
}
void OnExitHandler()
{
if (result) {
ldap_msgfree(result);
}
if (dn)
ldap_memfree(dn);
if (attribute)
ldap_memfree(attribute);
if (ber)
ber_free(ber, 0);
if (ludp)
ldap_free_urldesc(ludp);
if (server)
ldap_unbind_s(server);
if (url)
free(url);
if (host_uri)
free(host_uri);
if (bind_dn)
free(bind_dn);
if (password)
free(password);
if (out_file)
free(out_file);
}
void PrintUsage()
{
fprintf(stderr,
"Usage: ldapget -H <LDAP URI> [-o <output_file>] [-D user [-w
password]]
[-i src_ip_addr ] \n");
}