![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ldap_fetcher.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / ldap|
Return to ldap_fetcher.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / ldap |
1.1 misho 1: /*
2: * Copyright (C) 2008 Martin Willi
3: * Copyright (C) 2007 Andreas Steffen
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #ifndef LDAP_DEPRECATED
18: #define LDAP_DEPRECATED 1
19: #endif /* LDAP_DEPRECATED */
20: #include <ldap.h>
21:
22: #include <errno.h>
23:
24: #include <library.h>
25: #include <utils/debug.h>
26:
27: #include "ldap_fetcher.h"
28:
29: #define DEFAULT_TIMEOUT 10
30:
31: typedef struct private_ldap_fetcher_t private_ldap_fetcher_t;
32:
33: /**
34: * Private Data of a ldap_fetcher_t object.
35: */
36: struct private_ldap_fetcher_t {
37: /**
38: * Public data
39: */
40: ldap_fetcher_t public;
41:
42: /**
43: * timeout to use for fetches
44: */
45: u_int timeout;
46: };
47:
48: /**
49: * Parses the result returned by an ldap query
50: */
51: static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response)
52: {
53: LDAPMessage *entry = ldap_first_entry(ldap, result);
54: bool success = FALSE;
55:
56: if (entry)
57: {
58: BerElement *ber = NULL;
59: char *attr;
60:
61: attr = ldap_first_attribute(ldap, entry, &ber);
62: if (attr)
63: {
64: struct berval **values = ldap_get_values_len(ldap, entry, attr);
65:
66: if (values)
67: {
68: if (values[0])
69: {
70: *response = chunk_alloc(values[0]->bv_len);
71: memcpy(response->ptr, values[0]->bv_val, response->len);
72: success = TRUE;
73: }
74: else
75: {
76: DBG1(DBG_LIB, "LDAP response contains no values");
77: }
78: ldap_value_free_len(values);
79: }
80: else
81: {
82: DBG1(DBG_LIB, "getting LDAP values failed: %s",
83: ldap_err2string(ldap_result2error(ldap, entry, 0)));
84: }
85: ldap_memfree(attr);
86: }
87: else
88: {
89: DBG1(DBG_LIB, "finding LDAP attributes failed: %s",
90: ldap_err2string(ldap_result2error(ldap, entry, 0)));
91: }
92: ber_free(ber, 0);
93: }
94: else
95: {
96: DBG1(DBG_LIB, "finding first LDAP entry failed");
97: }
98: return success;
99: }
100:
101:
102: METHOD(fetcher_t, fetch, status_t,
103: private_ldap_fetcher_t *this, char *url, void *userdata)
104: {
105: LDAP *ldap;
106: LDAPURLDesc *lurl;
107: LDAPMessage *msg;
108: int res;
109: int ldap_version = LDAP_VERSION3;
110: struct timeval timeout;
111: status_t status = FAILED;
112: chunk_t *result = userdata;
113:
114: if (!strpfx(url, "ldap"))
115: {
116: return NOT_SUPPORTED;
117: }
118: if (ldap_url_parse(url, &lurl) != LDAP_SUCCESS)
119: {
120: return NOT_SUPPORTED;
121: }
122: ldap = ldap_init(lurl->lud_host, lurl->lud_port);
123: if (ldap == NULL)
124: {
125: DBG1(DBG_LIB, "LDAP initialization failed: %s", strerror(errno));
126: ldap_free_urldesc(lurl);
127: return FAILED;
128: }
129:
130: timeout.tv_sec = this->timeout;
131: timeout.tv_usec = 0;
132:
133: ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
134: ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
135:
136: DBG2(DBG_LIB, "sending LDAP request to '%s'...", url);
137:
138: res = ldap_simple_bind_s(ldap, NULL, NULL);
139: if (res == LDAP_SUCCESS)
140: {
141: res = ldap_search_st(ldap, lurl->lud_dn, lurl->lud_scope,
142: lurl->lud_filter, lurl->lud_attrs,
143: 0, &timeout, &msg);
144:
145: if (res == LDAP_SUCCESS)
146: {
147: if (parse(ldap, msg, result))
148: {
149: status = SUCCESS;
150: }
151: ldap_msgfree(msg);
152: }
153: else
154: {
155: DBG1(DBG_LIB, "LDAP search failed: %s", ldap_err2string(res));
156: }
157: }
158: else
159: {
160: DBG1(DBG_LIB, "LDAP bind to '%s' failed: %s", url,
161: ldap_err2string(res));
162: }
163: ldap_unbind_s(ldap);
164: ldap_free_urldesc(lurl);
165: return status;
166: }
167:
168:
169: METHOD(fetcher_t, set_option, bool,
170: private_ldap_fetcher_t *this, fetcher_option_t option, ...)
171: {
172: va_list args;
173:
174: va_start(args, option);
175: switch (option)
176: {
177: case FETCH_TIMEOUT:
178: this->timeout = va_arg(args, u_int);
179: break;
180: default:
181: va_end(args);
182: return FALSE;
183: }
184: va_end(args);
185: return TRUE;
186: }
187:
188: METHOD(fetcher_t, destroy, void,
189: private_ldap_fetcher_t *this)
190: {
191: free(this);
192: }
193:
194: /*
195: * Described in header.
196: */
197: ldap_fetcher_t *ldap_fetcher_create()
198: {
199: private_ldap_fetcher_t *this;
200:
201: INIT(this,
202: .public = {
203: .interface = {
204: .fetch = _fetch,
205: .set_option = _set_option,
206: .destroy = _destroy,
207: },
208: },
209: .timeout = DEFAULT_TIMEOUT,
210: );
211:
212: return &this->public;
213: }
214: