Return to ldap_fetcher.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / ldap |
1.1 misho 1: /* 2: * Copyright (C) 2008 Martin Willi 3: * Copyright (C) 2007 Andreas Steffen 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: #ifndef LDAP_DEPRECATED 18: #define LDAP_DEPRECATED 1 19: #endif /* LDAP_DEPRECATED */ 20: #include <ldap.h> 21: 22: #include <errno.h> 23: 24: #include <library.h> 25: #include <utils/debug.h> 26: 27: #include "ldap_fetcher.h" 28: 29: #define DEFAULT_TIMEOUT 10 30: 31: typedef struct private_ldap_fetcher_t private_ldap_fetcher_t; 32: 33: /** 34: * Private Data of a ldap_fetcher_t object. 35: */ 36: struct private_ldap_fetcher_t { 37: /** 38: * Public data 39: */ 40: ldap_fetcher_t public; 41: 42: /** 43: * timeout to use for fetches 44: */ 45: u_int timeout; 46: }; 47: 48: /** 49: * Parses the result returned by an ldap query 50: */ 51: static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) 52: { 53: LDAPMessage *entry = ldap_first_entry(ldap, result); 54: bool success = FALSE; 55: 56: if (entry) 57: { 58: BerElement *ber = NULL; 59: char *attr; 60: 61: attr = ldap_first_attribute(ldap, entry, &ber); 62: if (attr) 63: { 64: struct berval **values = ldap_get_values_len(ldap, entry, attr); 65: 66: if (values) 67: { 68: if (values[0]) 69: { 70: *response = chunk_alloc(values[0]->bv_len); 71: memcpy(response->ptr, values[0]->bv_val, response->len); 72: success = TRUE; 73: } 74: else 75: { 76: DBG1(DBG_LIB, "LDAP response contains no values"); 77: } 78: ldap_value_free_len(values); 79: } 80: else 81: { 82: DBG1(DBG_LIB, "getting LDAP values failed: %s", 83: ldap_err2string(ldap_result2error(ldap, entry, 0))); 84: } 85: ldap_memfree(attr); 86: } 87: else 88: { 89: DBG1(DBG_LIB, "finding LDAP attributes failed: %s", 90: ldap_err2string(ldap_result2error(ldap, entry, 0))); 91: } 92: ber_free(ber, 0); 93: } 94: else 95: { 96: DBG1(DBG_LIB, "finding first LDAP entry failed"); 97: } 98: return success; 99: } 100: 101: 102: METHOD(fetcher_t, fetch, status_t, 103: private_ldap_fetcher_t *this, char *url, void *userdata) 104: { 105: LDAP *ldap; 106: LDAPURLDesc *lurl; 107: LDAPMessage *msg; 108: int res; 109: int ldap_version = LDAP_VERSION3; 110: struct timeval timeout; 111: status_t status = FAILED; 112: chunk_t *result = userdata; 113: 114: if (!strpfx(url, "ldap")) 115: { 116: return NOT_SUPPORTED; 117: } 118: if (ldap_url_parse(url, &lurl) != LDAP_SUCCESS) 119: { 120: return NOT_SUPPORTED; 121: } 122: ldap = ldap_init(lurl->lud_host, lurl->lud_port); 123: if (ldap == NULL) 124: { 125: DBG1(DBG_LIB, "LDAP initialization failed: %s", strerror(errno)); 126: ldap_free_urldesc(lurl); 127: return FAILED; 128: } 129: 130: timeout.tv_sec = this->timeout; 131: timeout.tv_usec = 0; 132: 133: ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); 134: ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout); 135: 136: DBG2(DBG_LIB, "sending LDAP request to '%s'...", url); 137: 138: res = ldap_simple_bind_s(ldap, NULL, NULL); 139: if (res == LDAP_SUCCESS) 140: { 141: res = ldap_search_st(ldap, lurl->lud_dn, lurl->lud_scope, 142: lurl->lud_filter, lurl->lud_attrs, 143: 0, &timeout, &msg); 144: 145: if (res == LDAP_SUCCESS) 146: { 147: if (parse(ldap, msg, result)) 148: { 149: status = SUCCESS; 150: } 151: ldap_msgfree(msg); 152: } 153: else 154: { 155: DBG1(DBG_LIB, "LDAP search failed: %s", ldap_err2string(res)); 156: } 157: } 158: else 159: { 160: DBG1(DBG_LIB, "LDAP bind to '%s' failed: %s", url, 161: ldap_err2string(res)); 162: } 163: ldap_unbind_s(ldap); 164: ldap_free_urldesc(lurl); 165: return status; 166: } 167: 168: 169: METHOD(fetcher_t, set_option, bool, 170: private_ldap_fetcher_t *this, fetcher_option_t option, ...) 171: { 172: va_list args; 173: 174: va_start(args, option); 175: switch (option) 176: { 177: case FETCH_TIMEOUT: 178: this->timeout = va_arg(args, u_int); 179: break; 180: default: 181: va_end(args); 182: return FALSE; 183: } 184: va_end(args); 185: return TRUE; 186: } 187: 188: METHOD(fetcher_t, destroy, void, 189: private_ldap_fetcher_t *this) 190: { 191: free(this); 192: } 193: 194: /* 195: * Described in header. 196: */ 197: ldap_fetcher_t *ldap_fetcher_create() 198: { 199: private_ldap_fetcher_t *this; 200: 201: INIT(this, 202: .public = { 203: .interface = { 204: .fetch = _fetch, 205: .set_option = _set_option, 206: .destroy = _destroy, 207: }, 208: }, 209: .timeout = DEFAULT_TIMEOUT, 210: ); 211: 212: return &this->public; 213: } 214: