2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2003 The OpenLDAP Foundation.
5 * Portions Copyright 2003 Mark Benson.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1996 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
27 * This work was originally developed by the University of Michigan
28 * (as part of U-MICH LDAP). Additional significant contributors
34 * ldap_op.c - routines to perform LDAP operations
41 #include <ac/stdlib.h>
44 #include <ac/string.h>
47 #include <ac/unistd.h>
50 #include "lutil_ldap.h"
53 /* Forward references */
54 static struct berval **make_singlevalued_berval LDAP_P(( char *, int ));
55 static int op_ldap_add LDAP_P(( Ri *, Re *, char **, int * ));
56 static int op_ldap_modify LDAP_P(( Ri *, Re *, char **, int * ));
57 static int op_ldap_delete LDAP_P(( Ri *, Re *, char **, int * ));
58 static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char **, int * ));
59 static LDAPMod *alloc_ldapmod LDAP_P(( void ));
60 static void free_ldapmod LDAP_P(( LDAPMod * ));
61 static void free_ldmarr LDAP_P(( LDAPMod ** ));
62 static int getmodtype LDAP_P(( char * ));
63 static void dump_ldm_array LDAP_P(( LDAPMod ** ));
64 static int do_bind LDAP_P(( Ri *, int * ));
65 static int do_unbind LDAP_P(( Ri * ));
69 * Determine the type of ldap operation being performed and call the
70 * appropriate routine.
71 * - If successful, returns DO_LDAP_OK
72 * - If a retryable error occurs, ERR_DO_LDAP_RETRYABLE is returned.
73 * The caller should wait a while and retry the operation.
74 * - If a fatal error occurs, ERR_DO_LDAP_FATAL is returned. The caller
75 * should reject the operation and continue with the next replication
92 if ( ri->ri_ldp == NULL ) {
93 lderr = do_bind( ri, &lderr );
95 if ( lderr != BIND_OK ) {
96 return DO_LDAP_ERR_RETRYABLE;
100 switch ( re->re_changetype ) {
102 lderr = op_ldap_add( ri, re, errmsg, errfree );
103 if ( lderr != LDAP_SUCCESS ) {
105 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
106 "Error: ldap_add_s failed adding \"%s\": %s\n",
107 *errmsg ? *errmsg : ldap_err2string( lderr ),
110 Debug( LDAP_DEBUG_ANY,
111 "Error: ldap_add_s failed adding \"%s\": %s\n",
112 *errmsg ? *errmsg : ldap_err2string( lderr ),
119 lderr = op_ldap_modify( ri, re, errmsg, errfree );
120 if ( lderr != LDAP_SUCCESS ) {
122 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
123 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
124 *errmsg ? *errmsg : ldap_err2string( lderr ),
127 Debug( LDAP_DEBUG_ANY,
128 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
129 *errmsg ? *errmsg : ldap_err2string( lderr ),
136 lderr = op_ldap_delete( ri, re, errmsg, errfree );
137 if ( lderr != LDAP_SUCCESS ) {
139 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
140 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
141 *errmsg ? *errmsg : ldap_err2string( lderr ),
144 Debug( LDAP_DEBUG_ANY,
145 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
146 *errmsg ? *errmsg : ldap_err2string( lderr ),
153 lderr = op_ldap_modrdn( ri, re, errmsg, errfree );
154 if ( lderr != LDAP_SUCCESS ) {
156 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
157 "Error: ldap_modrdn_s failed modifying %s: %s\n",
158 *errmsg ? *errmsg : ldap_err2string( lderr ),
161 Debug( LDAP_DEBUG_ANY,
162 "Error: ldap_modrdn_s failed modifying %s: %s\n",
163 *errmsg ? *errmsg : ldap_err2string( lderr ),
171 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
172 "Error: bad op \"%d\", dn = \"%s\"\n",
173 re->re_changetype, re->re_dn, 0 );
175 Debug( LDAP_DEBUG_ANY,
176 "Error: do_ldap: bad op \"%d\", dn = \"%s\"\n",
177 re->re_changetype, re->re_dn, 0 );
179 return DO_LDAP_ERR_FATAL;
183 * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
184 * we may have been idle long enough that the remote slapd timed
185 * us out. Rebind and try again.
192 return DO_LDAP_ERR_FATAL;
194 case LDAP_SERVER_DOWN: /* server went down */
195 (void) do_unbind( ri );
198 } while ( retry > 0 );
200 return DO_LDAP_ERR_RETRYABLE;
206 * Perform an ldap add operation.
217 int nattrs, rc = 0, i;
218 LDAPMod *ldm, **ldmarr;
225 * Construct a null-terminated array of LDAPMod structs.
228 while ( mi[ i ].mi_type != NULL ) {
229 ldm = alloc_ldapmod();
230 ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr,
231 ( nattrs + 2 ) * sizeof( LDAPMod * ));
232 ldmarr[ nattrs ] = ldm;
233 ldm->mod_op = LDAP_MOD_BVALUES;
234 ldm->mod_type = mi[ i ].mi_type;
236 make_singlevalued_berval( mi[ i ].mi_val, mi[ i ].mi_len );
241 if ( ldmarr != NULL ) {
242 ldmarr[ nattrs ] = NULL;
244 /* Perform the operation */
246 LDAP_LOG ( OPERATION, ARGS,
247 "op_ldap_add: replica %s:%d - add dn \"%s\"\n",
248 ri->ri_hostname, ri->ri_port, re->re_dn );
250 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - add dn \"%s\"\n",
251 ri->ri_hostname, ri->ri_port, re->re_dn );
253 rc = ldap_add_s( ri->ri_ldp, re->re_dn, ldmarr );
255 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
256 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
260 *errmsg = "No modifications to do";
262 LDAP_LOG ( OPERATION, ERR,
263 "op_ldap_add: Error: no mods to do (%s)!\n", re->re_dn, 0, 0 );
265 Debug( LDAP_DEBUG_ANY,
266 "Error: op_ldap_add: no mods to do (%s)!\n", re->re_dn, 0, 0 );
269 free_ldmarr( ldmarr );
277 * Perform an ldap modify operation.
279 #define AWAITING_OP -1
289 int state; /* This code is a simple-minded state machine */
290 int nvals; /* Number of values we're modifying */
291 int nops; /* Number of LDAPMod structs in ldmarr */
292 LDAPMod *ldm = NULL, **ldmarr;
302 if ( re->re_mods == NULL ) {
303 *errmsg = "No arguments given";
305 LDAP_LOG ( OPERATION, ERR,
306 "op_ldap_modify: Error: no arguments\n" , 0, 0, 0 );
308 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modify: no arguments\n",
315 * Construct a null-terminated array of LDAPMod structs.
317 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
318 type = mi[ i ].mi_type;
319 value = mi[ i ].mi_val;
320 len = mi[ i ].mi_len;
321 switch ( getmodtype( type )) {
323 state = T_MODSEP; /* Got a separator line "-\n" */
327 ldmarr = ( LDAPMod ** )
328 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
329 ldmarr[ nops ] = ldm = alloc_ldapmod();
330 ldm->mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
331 ldm->mod_type = value;
336 state = T_MODOPREPLACE;
337 ldmarr = ( LDAPMod ** )
338 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
339 ldmarr[ nops ] = ldm = alloc_ldapmod();
340 ldm->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
341 ldm->mod_type = value;
346 state = T_MODOPDELETE;
347 ldmarr = ( LDAPMod ** )
348 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
349 ldmarr[ nops ] = ldm = alloc_ldapmod();
350 ldm->mod_op = LDAP_MOD_DELETE | LDAP_MOD_BVALUES;
351 ldm->mod_type = value;
355 case T_MODOPINCREMENT:
356 state = T_MODOPINCREMENT;
357 ldmarr = ( LDAPMod ** )
358 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
359 ldmarr[ nops ] = ldm = alloc_ldapmod();
360 ldm->mod_op = LDAP_MOD_INCREMENT | LDAP_MOD_BVALUES;
361 ldm->mod_type = value;
366 if ( state == AWAITING_OP ) {
368 LDAP_LOG ( OPERATION, ERR,
369 "op_ldap_modify: Error: unknown mod type \"%s\"\n", type, 0, 0 );
371 Debug( LDAP_DEBUG_ANY,
372 "Error: op_ldap_modify: unknown mod type \"%s\"\n",
381 * We should have an attribute: value pair here.
382 * Construct the mod_bvalues part of the ldapmod struct.
384 if ( strcasecmp( type, ldm->mod_type )) {
386 LDAP_LOG ( OPERATION, ERR,
387 "op_ldap_modify: Error: "
388 "malformed modify op, %s: %s (expecting \"%s\")\n",
389 type, value, ldm->mod_type );
391 Debug( LDAP_DEBUG_ANY,
392 "Error: malformed modify op, %s: %s (expecting %s:)\n",
393 type, value, ldm->mod_type );
397 ldm->mod_bvalues = ( struct berval ** )
398 ch_realloc( ldm->mod_bvalues,
399 ( nvals + 2 ) * sizeof( struct berval * ));
400 ldm->mod_bvalues[ nvals + 1 ] = NULL;
401 ldm->mod_bvalues[ nvals ] = ( struct berval * )
402 ch_malloc( sizeof( struct berval ));
403 ldm->mod_bvalues[ nvals ]->bv_val = value;
404 ldm->mod_bvalues[ nvals ]->bv_len = len;
408 ldmarr[ nops ] = NULL;
411 /* Actually perform the LDAP operation */
413 LDAP_LOG ( OPERATION, DETAIL1,
414 "op_ldap_modify: replica %s:%d - modify dn \"%s\"\n",
415 ri->ri_hostname, ri->ri_port, re->re_dn );
417 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - modify dn \"%s\"\n",
418 ri->ri_hostname, ri->ri_port, re->re_dn );
420 rc = ldap_modify_s( ri->ri_ldp, re->re_dn, ldmarr );
421 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
424 free_ldmarr( ldmarr );
432 * Perform an ldap delete operation.
445 LDAP_LOG ( OPERATION, ARGS,
446 "op_ldap_delete: replica %s:%d - delete dn \"%s\"\n",
447 ri->ri_hostname, ri->ri_port, re->re_dn );
449 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - delete dn \"%s\"\n",
450 ri->ri_hostname, ri->ri_port, re->re_dn );
452 rc = ldap_delete_s( ri->ri_ldp, re->re_dn );
453 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
463 * Perform an ldap modrdn operation.
465 #define GOT_NEWRDN 0x1
466 #define GOT_DELOLDRDN 0x2
467 #define GOT_NEWSUP 0x4
469 #define GOT_MODDN_REQ (GOT_NEWRDN|GOT_DELOLDRDN)
470 #define GOT_ALL_MODDN(f) (((f) & GOT_MODDN_REQ) == GOT_MODDN_REQ)
488 if ( re->re_mods == NULL ) {
489 *errmsg = "No arguments given";
491 LDAP_LOG ( OPERATION, ERR,
492 "op_ldap_modrdn: Error: no arguments\n" , 0, 0, 0 );
494 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: no arguments\n",
501 * Get the arguments: should see newrdn: and deleteoldrdn: args.
503 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
504 if ( !strcmp( mi[ i ].mi_type, T_NEWRDNSTR )) {
505 if( state & GOT_NEWRDN ) {
507 LDAP_LOG ( OPERATION, ERR,
508 "op_ldap_modrdn: Error: multiple newrdn arg \"%s\"\n",
509 mi[ i ].mi_val, 0, 0 );
511 Debug( LDAP_DEBUG_ANY,
512 "Error: op_ldap_modrdn: multiple newrdn arg \"%s\"\n",
513 mi[ i ].mi_val, 0, 0 );
515 *errmsg = "Multiple newrdn argument";
519 newrdn = mi[ i ].mi_val;
522 } else if ( !strcmp( mi[ i ].mi_type, T_DELOLDRDNSTR )) {
523 if( state & GOT_DELOLDRDN ) {
525 LDAP_LOG ( OPERATION, ERR,
526 "op_ldap_modrdn: Error: multiple deleteoldrdn arg \"%s\"\n",
527 mi[ i ].mi_val, 0, 0 );
529 Debug( LDAP_DEBUG_ANY,
530 "Error: op_ldap_modrdn: multiple deleteoldrdn arg \"%s\"\n",
531 mi[ i ].mi_val, 0, 0 );
533 *errmsg = "Multiple newrdn argument";
537 state |= GOT_DELOLDRDN;
538 if ( !strcmp( mi[ i ].mi_val, "0" )) {
540 } else if ( !strcmp( mi[ i ].mi_val, "1" )) {
544 LDAP_LOG ( OPERATION, ERR,
545 "op_ldap_modrdn: Error: bad deleteoldrdn arg \"%s\"\n",
546 mi[ i ].mi_val, 0, 0 );
548 Debug( LDAP_DEBUG_ANY,
549 "Error: op_ldap_modrdn: bad deleteoldrdn arg \"%s\"\n",
550 mi[ i ].mi_val, 0, 0 );
552 *errmsg = "Incorrect argument to deleteoldrdn";
556 } else if ( !strcmp( mi[ i ].mi_type, T_NEWSUPSTR )) {
557 if( state & GOT_NEWSUP ) {
559 LDAP_LOG ( OPERATION, ERR,
560 "op_ldap_modrdn: Error: multiple newsuperior arg \"%s\"\n",
561 mi[ i ].mi_val, 0, 0 );
563 Debug( LDAP_DEBUG_ANY,
564 "Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
565 mi[ i ].mi_val, 0, 0 );
567 *errmsg = "Multiple newsuperior argument";
571 newsup = mi[ i ].mi_val;
576 LDAP_LOG ( OPERATION, ERR,
577 "op_ldap_modrdn: Error: bad type \"%s\"\n",
578 mi[ i ].mi_type, 0, 0 );
580 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: bad type \"%s\"\n",
581 mi[ i ].mi_type, 0, 0 );
583 *errmsg = "Bad value in replication log entry";
589 * Punt if we don't have all the args.
591 if ( !GOT_ALL_MODDN(state) ) {
593 LDAP_LOG ( OPERATION, ERR,
594 "op_ldap_modrdn: Error: missing arguments\n" , 0, 0, 0 );
596 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
599 *errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
604 if ( ldap_debug & LDAP_DEBUG_ARGS ) {
607 int buf2len = strlen( re->re_dn ) + strlen( mi->mi_val ) + 11;
609 snprintf( buf, sizeof(buf), "%s:%d", ri->ri_hostname, ri->ri_port );
611 buf2 = (char *) ch_malloc( buf2len );
612 snprintf( buf2, buf2len, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
615 LDAP_LOG ( OPERATION, ARGS,
616 "op_ldap_modrdn: replica %s - modify rdn %s (flag: %d)\n",
617 buf, buf2, drdnflag );
619 Debug( LDAP_DEBUG_ARGS,
620 "replica %s - modify rdn %s (flag: %d)\n",
621 buf, buf2, drdnflag );
625 #endif /* LDAP_DEBUG */
630 rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, newrdn, newsup, drdnflag );
632 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
633 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
641 * Allocate and initialize an ldapmod struct.
644 alloc_ldapmod( void )
648 ldm = ( struct ldapmod * ) ch_malloc( sizeof ( struct ldapmod ));
649 ldm->mod_type = NULL;
650 ldm->mod_bvalues = ( struct berval ** ) NULL;
657 * Free an ldapmod struct associated mod_bvalues. NOTE - it is assumed
658 * that mod_bvalues and mod_type contain pointers to the same block of memory
659 * pointed to by the repl struct. Therefore, it's not freed here.
670 if ( ldm->mod_bvalues != NULL ) {
671 for ( i = 0; ldm->mod_bvalues[ i ] != NULL; i++ ) {
672 free( ldm->mod_bvalues[ i ] );
674 free( ldm->mod_bvalues );
682 * Free an an array of LDAPMod pointers and the LDAPMod structs they point
691 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
692 free_ldapmod( ldmarr[ i ] );
699 * Create a berval with a single value.
701 static struct berval **
702 make_singlevalued_berval(
708 p = ( struct berval ** ) ch_malloc( 2 * sizeof( struct berval * ));
709 p[ 0 ] = ( struct berval * ) ch_malloc( sizeof( struct berval ));
711 p[ 0 ]->bv_val = value;
712 p[ 0 ]->bv_len = len;
718 * Given a modification type (string), return an enumerated type.
719 * Avoids ugly copy in op_ldap_modify - lets us use a switch statement
726 if ( !strcmp( type, T_MODSEPSTR )) {
729 if ( !strcmp( type, T_MODOPADDSTR )) {
730 return( T_MODOPADD );
732 if ( !strcmp( type, T_MODOPREPLACESTR )) {
733 return( T_MODOPREPLACE );
735 if ( !strcmp( type, T_MODOPDELETESTR )) {
736 return( T_MODOPDELETE );
738 if ( !strcmp( type, T_MODOPINCREMENTSTR )) {
739 return( T_MODOPINCREMENT );
746 * Perform an LDAP unbind operation. If replica is NULL, or the
747 * repl_ldp is NULL, just return LDAP_SUCCESS. Otherwise, unbind,
748 * set the ldp to NULL, and return the result of the unbind call.
755 int rc = LDAP_SUCCESS;
757 if (( ri != NULL ) && ( ri->ri_ldp != NULL )) {
758 rc = ldap_unbind( ri->ri_ldp );
759 if ( rc != LDAP_SUCCESS ) {
761 LDAP_LOG ( OPERATION, ERR,
762 "do_unbind: ldap_unbind failed for %s:%d: %s\n",
763 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
765 Debug( LDAP_DEBUG_ANY,
766 "Error: do_unbind: ldap_unbind failed for %s:%d: %s\n",
767 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
778 * Perform an LDAP bind operation to the replication site given
779 * by replica. If replica->repl_ldp is non-NULL, then we unbind
780 * from the replica before rebinding. It should be safe to call
781 * this to re-connect if the replica's connection goes away
784 * Returns 0 on success, -1 if an LDAP error occurred, and a return
785 * code > 0 if some other error occurred, e.g. invalid bind method.
786 * If an LDAP error occurs, the LDAP error is returned in lderr.
795 int do_tls = ri->ri_tls;
801 LDAP_LOG ( OPERATION, ERR, "do_bind: null ri ptr\n" , 0, 0, 0 );
803 Debug( LDAP_DEBUG_ANY, "Error: do_bind: null ri ptr\n", 0, 0, 0 );
805 return( BIND_ERR_BADRI );
809 if ( ri->ri_ldp != NULL ) {
810 ldrc = ldap_unbind( ri->ri_ldp );
811 if ( ldrc != LDAP_SUCCESS ) {
813 LDAP_LOG ( OPERATION, ERR,
814 "do_bind: ldap_unbind failed: %s\n", ldap_err2string( ldrc ), 0, 0 );
816 Debug( LDAP_DEBUG_ANY,
817 "Error: do_bind: ldap_unbind failed: %s\n",
818 ldap_err2string( ldrc ), 0, 0 );
824 if ( ri->ri_uri != NULL ) { /* new URI style */
826 LDAP_LOG ( OPERATION, ARGS,
827 "do_bind: Initializing session to %s\n",
830 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s\n",
834 ldrc = ldap_initialize( &(ri->ri_ldp), ri->ri_uri);
836 if (ldrc != LDAP_SUCCESS) {
838 LDAP_LOG ( OPERATION, ERR,
839 "do_bind: ldap_initalize (0, %s) failed: %s\n",
840 ri->ri_uri, ldap_err2string(ldrc), 0 );
842 Debug( LDAP_DEBUG_ANY, "Error: ldap_initialize(0, %s) failed: %s\n",
843 ri->ri_uri, ldap_err2string(ldrc), 0 );
845 return( BIND_ERR_OPEN );
847 } else { /* old HOST style */
849 LDAP_LOG ( OPERATION, ARGS,
850 "do_bind: Initializing session to %s:%d\n",
851 ri->ri_hostname, ri->ri_port, 0 );
853 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s:%d\n",
854 ri->ri_hostname, ri->ri_port, 0 );
857 ri->ri_ldp = ldap_init( ri->ri_hostname, ri->ri_port );
858 if ( ri->ri_ldp == NULL ) {
860 LDAP_LOG ( OPERATION, ERR,
861 "do_bind: ldap_init (%s, %d) failed: %s\n",
862 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
864 Debug( LDAP_DEBUG_ANY, "Error: ldap_init(%s, %d) failed: %s\n",
865 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
867 return( BIND_ERR_OPEN );
871 { /* set version 3 */
872 int err, version = 3;
873 err = ldap_set_option(ri->ri_ldp,
874 LDAP_OPT_PROTOCOL_VERSION, &version);
876 if( err != LDAP_OPT_SUCCESS ) {
878 LDAP_LOG ( OPERATION, ERR, "do_bind: "
879 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
880 ri->ri_hostname, 0, 0 );
882 Debug( LDAP_DEBUG_ANY,
883 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
884 ri->ri_hostname, NULL, NULL );
887 ldap_unbind( ri->ri_ldp );
889 return BIND_ERR_VERSION;
894 * Set ldap library options to (1) not follow referrals, and
895 * (2) restart the select() system call.
899 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
901 if( err != LDAP_OPT_SUCCESS ) {
903 LDAP_LOG ( OPERATION, ERR, "do_bind: "
904 "Error: ldap_set_option(%s, REFERRALS, OFF) failed!\n",
905 ri->ri_hostname, 0, 0 );
907 Debug( LDAP_DEBUG_ANY,
908 "Error: ldap_set_option(%s,REFERRALS, OFF) failed!\n",
909 ri->ri_hostname, NULL, NULL );
911 ldap_unbind( ri->ri_ldp );
913 return BIND_ERR_REFERRALS;
916 ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
919 int err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
921 if( err != LDAP_SUCCESS ) {
923 LDAP_LOG ( OPERATION, ERR, "do_bind: "
924 "%s: ldap_start_tls failed: %s (%d)\n",
925 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
926 ldap_err2string( err ), err );
928 Debug( LDAP_DEBUG_ANY,
929 "%s: ldap_start_tls failed: %s (%d)\n",
930 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
931 ldap_err2string( err ), err );
934 if( ri->ri_tls == TLS_CRITICAL ) {
936 ldap_unbind( ri->ri_ldp );
938 return BIND_ERR_TLS_FAILED;
945 switch ( ri->ri_bind_method ) {
946 case LDAP_AUTH_SIMPLE:
948 * Bind with a plaintext password.
951 LDAP_LOG ( OPERATION, ARGS,
952 "do_bind: bind to %s:%d as %s (simple)\n",
953 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
955 Debug( LDAP_DEBUG_ARGS, "bind to %s:%d as %s (simple)\n",
956 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
958 ldrc = ldap_simple_bind_s( ri->ri_ldp, ri->ri_bind_dn,
960 if ( ldrc != LDAP_SUCCESS ) {
962 LDAP_LOG ( OPERATION, ERR, "do_bind: "
963 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
964 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
966 Debug( LDAP_DEBUG_ANY,
967 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
968 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
971 ldap_unbind( ri->ri_ldp );
973 return( BIND_ERR_SIMPLE_FAILED );
979 LDAP_LOG ( OPERATION, ARGS,
980 "do_bind: bind to %s as %s via %s (SASL)\n",
982 ri->ri_authcId ? ri->ri_authcId : "-",
985 Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
987 ri->ri_authcId ? ri->ri_authcId : "-",
991 #ifdef HAVE_CYRUS_SASL
992 if( ri->ri_secprops != NULL ) {
993 int err = ldap_set_option(ri->ri_ldp,
994 LDAP_OPT_X_SASL_SECPROPS, ri->ri_secprops);
996 if( err != LDAP_OPT_SUCCESS ) {
998 LDAP_LOG ( OPERATION, ERR, "do_bind: "
999 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
1000 ri->ri_hostname, ri->ri_secprops, 0 );
1002 Debug( LDAP_DEBUG_ANY,
1003 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
1004 ri->ri_hostname, ri->ri_secprops, NULL );
1006 ldap_unbind( ri->ri_ldp );
1008 return BIND_ERR_SASL_FAILED;
1013 void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
1014 ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
1016 ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
1017 ri->ri_saslmech, NULL, NULL,
1018 LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
1020 lutil_sasl_freedefs( defaults );
1021 if ( ldrc != LDAP_SUCCESS ) {
1023 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1024 "Error: LDAP SASL for %s:%d failed: %s\n",
1025 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
1027 Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
1028 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
1031 ldap_unbind( ri->ri_ldp );
1033 return( BIND_ERR_SASL_FAILED );
1039 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1040 "Error: do_bind: SASL not supported %s:%d\n",
1041 ri->ri_hostname, ri->ri_port, 0 );
1043 Debug( LDAP_DEBUG_ANY,
1044 "Error: do_bind: SASL not supported %s:%d\n",
1045 ri->ri_hostname, ri->ri_port, NULL );
1047 ldap_unbind( ri->ri_ldp );
1049 return( BIND_ERR_BAD_ATYPE );
1054 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1055 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1056 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1058 Debug( LDAP_DEBUG_ANY,
1059 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1060 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1062 ldap_unbind( ri->ri_ldp );
1064 return( BIND_ERR_BAD_ATYPE );
1070 LDAPControl *ctrls[2];
1074 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
1075 c.ldctl_value.bv_val = NULL;
1076 c.ldctl_value.bv_len = 0;
1077 c.ldctl_iscritical = 0;
1079 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_SERVER_CONTROLS, &ctrls);
1081 if( err != LDAP_OPT_SUCCESS ) {
1083 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1084 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1085 ri->ri_hostname, 0, 0 );
1087 Debug( LDAP_DEBUG_ANY, "Error: "
1088 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1089 ri->ri_hostname, NULL, NULL );
1091 ldap_unbind( ri->ri_ldp );
1093 return BIND_ERR_MANAGEDSAIT;
1105 * For debugging. Print the contents of an ldmarr array.
1117 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
1120 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1121 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1122 (long) getpid(), i, 0 );
1123 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1124 "Trace (%ld): *** ldm->mod_op: %d\n",
1125 (long) getpid(), ldm->mod_op, 0 );
1126 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1127 "Trace (%ld): *** ldm->mod_type: %s\n",
1128 (long) getpid(), ldm->mod_type, 0 );
1130 Debug( LDAP_DEBUG_TRACE,
1131 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1132 (long) getpid(), i, 0 );
1133 Debug( LDAP_DEBUG_TRACE,
1134 "Trace (%ld): *** ldm->mod_op: %d\n",
1135 (long) getpid(), ldm->mod_op, 0 );
1136 Debug( LDAP_DEBUG_TRACE,
1137 "Trace (%ld): *** ldm->mod_type: %s\n",
1138 (long) getpid(), ldm->mod_type, 0 );
1140 if ( ldm->mod_bvalues != NULL ) {
1141 for ( j = 0; ( b = ldm->mod_bvalues[ j ] ) != NULL; j++ ) {
1142 msgbuf = ch_malloc( b->bv_len + 512 );
1143 sprintf( msgbuf, "***** bv[ %d ] len = %ld, val = <%s>",
1144 j, b->bv_len, b->bv_val );
1146 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1147 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
1149 Debug( LDAP_DEBUG_TRACE,
1150 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
projects / openldap / blob