3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1996 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
19 * ldap_op.c - routines to perform LDAP operations
26 #include <ac/stdlib.h>
29 #include <ac/string.h>
32 #include <ac/unistd.h>
35 #include "lutil_ldap.h"
38 /* Forward references */
39 static struct berval **make_singlevalued_berval LDAP_P(( char *, int ));
40 static int op_ldap_add LDAP_P(( Ri *, Re *, char **, int * ));
41 static int op_ldap_modify LDAP_P(( Ri *, Re *, char **, int * ));
42 static int op_ldap_delete LDAP_P(( Ri *, Re *, char **, int * ));
43 static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char **, int * ));
44 static LDAPMod *alloc_ldapmod LDAP_P(( void ));
45 static void free_ldapmod LDAP_P(( LDAPMod * ));
46 static void free_ldmarr LDAP_P(( LDAPMod ** ));
47 static int getmodtype LDAP_P(( char * ));
48 static void dump_ldm_array LDAP_P(( LDAPMod ** ));
49 static int do_bind LDAP_P(( Ri *, int * ));
50 static int do_unbind LDAP_P(( Ri * ));
54 * Determine the type of ldap operation being performed and call the
55 * appropriate routine.
56 * - If successful, returns DO_LDAP_OK
57 * - If a retryable error occurs, ERR_DO_LDAP_RETRYABLE is returned.
58 * The caller should wait a while and retry the operation.
59 * - If a fatal error occurs, ERR_DO_LDAP_FATAL is returned. The caller
60 * should reject the operation and continue with the next replication
77 if ( ri->ri_ldp == NULL ) {
78 lderr = do_bind( ri, &lderr );
80 if ( lderr != BIND_OK ) {
81 return DO_LDAP_ERR_RETRYABLE;
85 switch ( re->re_changetype ) {
87 lderr = op_ldap_add( ri, re, errmsg, errfree );
88 if ( lderr != LDAP_SUCCESS ) {
90 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
91 "Error: ldap_add_s failed adding \"%s\": %s\n",
92 *errmsg ? *errmsg : ldap_err2string( lderr ),
95 Debug( LDAP_DEBUG_ANY,
96 "Error: ldap_add_s failed adding \"%s\": %s\n",
97 *errmsg ? *errmsg : ldap_err2string( lderr ),
104 lderr = op_ldap_modify( ri, re, errmsg, errfree );
105 if ( lderr != LDAP_SUCCESS ) {
107 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
108 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
109 *errmsg ? *errmsg : ldap_err2string( lderr ),
112 Debug( LDAP_DEBUG_ANY,
113 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
114 *errmsg ? *errmsg : ldap_err2string( lderr ),
121 lderr = op_ldap_delete( ri, re, errmsg, errfree );
122 if ( lderr != LDAP_SUCCESS ) {
124 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
125 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
126 *errmsg ? *errmsg : ldap_err2string( lderr ),
129 Debug( LDAP_DEBUG_ANY,
130 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
131 *errmsg ? *errmsg : ldap_err2string( lderr ),
138 lderr = op_ldap_modrdn( ri, re, errmsg, errfree );
139 if ( lderr != LDAP_SUCCESS ) {
141 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
142 "Error: ldap_modrdn_s failed modifying %s: %s\n",
143 *errmsg ? *errmsg : ldap_err2string( lderr ),
146 Debug( LDAP_DEBUG_ANY,
147 "Error: ldap_modrdn_s failed modifying %s: %s\n",
148 *errmsg ? *errmsg : ldap_err2string( lderr ),
156 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
157 "Error: bad op \"%d\", dn = \"%s\"\n",
158 re->re_changetype, re->re_dn, 0 );
160 Debug( LDAP_DEBUG_ANY,
161 "Error: do_ldap: bad op \"%d\", dn = \"%s\"\n",
162 re->re_changetype, re->re_dn, 0 );
164 return DO_LDAP_ERR_FATAL;
168 * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
169 * we may have been idle long enough that the remote slapd timed
170 * us out. Rebind and try again.
177 return DO_LDAP_ERR_FATAL;
179 case LDAP_SERVER_DOWN: /* server went down */
180 (void) do_unbind( ri );
183 } while ( retry > 0 );
185 return DO_LDAP_ERR_RETRYABLE;
191 * Perform an ldap add operation.
202 int nattrs, rc = 0, i;
203 LDAPMod *ldm, **ldmarr;
210 * Construct a null-terminated array of LDAPMod structs.
213 while ( mi[ i ].mi_type != NULL ) {
214 ldm = alloc_ldapmod();
215 ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr,
216 ( nattrs + 2 ) * sizeof( LDAPMod * ));
217 ldmarr[ nattrs ] = ldm;
218 ldm->mod_op = LDAP_MOD_BVALUES;
219 ldm->mod_type = mi[ i ].mi_type;
221 make_singlevalued_berval( mi[ i ].mi_val, mi[ i ].mi_len );
226 if ( ldmarr != NULL ) {
227 ldmarr[ nattrs ] = NULL;
229 /* Perform the operation */
231 LDAP_LOG ( OPERATION, ARGS,
232 "op_ldap_add: replica %s:%d - add dn \"%s\"\n",
233 ri->ri_hostname, ri->ri_port, re->re_dn );
235 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - add dn \"%s\"\n",
236 ri->ri_hostname, ri->ri_port, re->re_dn );
238 rc = ldap_add_s( ri->ri_ldp, re->re_dn, ldmarr );
240 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
241 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
245 *errmsg = "No modifications to do";
247 LDAP_LOG ( OPERATION, ERR,
248 "op_ldap_add: Error: no mods to do (%s)!\n", re->re_dn, 0, 0 );
250 Debug( LDAP_DEBUG_ANY,
251 "Error: op_ldap_add: no mods to do (%s)!\n", re->re_dn, 0, 0 );
254 free_ldmarr( ldmarr );
262 * Perform an ldap modify operation.
264 #define AWAITING_OP -1
274 int state; /* This code is a simple-minded state machine */
275 int nvals; /* Number of values we're modifying */
276 int nops; /* Number of LDAPMod structs in ldmarr */
277 LDAPMod *ldm = NULL, **ldmarr;
287 if ( re->re_mods == NULL ) {
288 *errmsg = "No arguments given";
290 LDAP_LOG ( OPERATION, ERR,
291 "op_ldap_modify: Error: no arguments\n" , 0, 0, 0 );
293 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modify: no arguments\n",
300 * Construct a null-terminated array of LDAPMod structs.
302 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
303 type = mi[ i ].mi_type;
304 value = mi[ i ].mi_val;
305 len = mi[ i ].mi_len;
306 switch ( getmodtype( type )) {
308 state = T_MODSEP; /* Got a separator line "-\n" */
312 ldmarr = ( LDAPMod ** )
313 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
314 ldmarr[ nops ] = ldm = alloc_ldapmod();
315 ldm->mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
316 ldm->mod_type = value;
321 state = T_MODOPREPLACE;
322 ldmarr = ( LDAPMod ** )
323 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
324 ldmarr[ nops ] = ldm = alloc_ldapmod();
325 ldm->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
326 ldm->mod_type = value;
331 state = T_MODOPDELETE;
332 ldmarr = ( LDAPMod ** )
333 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
334 ldmarr[ nops ] = ldm = alloc_ldapmod();
335 ldm->mod_op = LDAP_MOD_DELETE | LDAP_MOD_BVALUES;
336 ldm->mod_type = value;
340 case T_MODOPINCREMENT:
341 state = T_MODOPINCREMENT;
342 ldmarr = ( LDAPMod ** )
343 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
344 ldmarr[ nops ] = ldm = alloc_ldapmod();
345 ldm->mod_op = LDAP_MOD_INCREMENT | LDAP_MOD_BVALUES;
346 ldm->mod_type = value;
351 if ( state == AWAITING_OP ) {
353 LDAP_LOG ( OPERATION, ERR,
354 "op_ldap_modify: Error: unknown mod type \"%s\"\n", type, 0, 0 );
356 Debug( LDAP_DEBUG_ANY,
357 "Error: op_ldap_modify: unknown mod type \"%s\"\n",
366 * We should have an attribute: value pair here.
367 * Construct the mod_bvalues part of the ldapmod struct.
369 if ( strcasecmp( type, ldm->mod_type )) {
371 LDAP_LOG ( OPERATION, ERR,
372 "op_ldap_modify: Error: "
373 "malformed modify op, %s: %s (expecting \"%s\")\n",
374 type, value, ldm->mod_type );
376 Debug( LDAP_DEBUG_ANY,
377 "Error: malformed modify op, %s: %s (expecting %s:)\n",
378 type, value, ldm->mod_type );
382 ldm->mod_bvalues = ( struct berval ** )
383 ch_realloc( ldm->mod_bvalues,
384 ( nvals + 2 ) * sizeof( struct berval * ));
385 ldm->mod_bvalues[ nvals + 1 ] = NULL;
386 ldm->mod_bvalues[ nvals ] = ( struct berval * )
387 ch_malloc( sizeof( struct berval ));
388 ldm->mod_bvalues[ nvals ]->bv_val = value;
389 ldm->mod_bvalues[ nvals ]->bv_len = len;
393 ldmarr[ nops ] = NULL;
396 /* Actually perform the LDAP operation */
398 LDAP_LOG ( OPERATION, DETAIL1,
399 "op_ldap_modify: replica %s:%d - modify dn \"%s\"\n",
400 ri->ri_hostname, ri->ri_port, re->re_dn );
402 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - modify dn \"%s\"\n",
403 ri->ri_hostname, ri->ri_port, re->re_dn );
405 rc = ldap_modify_s( ri->ri_ldp, re->re_dn, ldmarr );
406 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
409 free_ldmarr( ldmarr );
417 * Perform an ldap delete operation.
430 LDAP_LOG ( OPERATION, ARGS,
431 "op_ldap_delete: replica %s:%d - delete dn \"%s\"\n",
432 ri->ri_hostname, ri->ri_port, re->re_dn );
434 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - delete dn \"%s\"\n",
435 ri->ri_hostname, ri->ri_port, re->re_dn );
437 rc = ldap_delete_s( ri->ri_ldp, re->re_dn );
438 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
448 * Perform an ldap modrdn operation.
450 #define GOT_NEWRDN 0x1
451 #define GOT_DELOLDRDN 0x2
452 #define GOT_NEWSUP 0x4
454 #define GOT_MODDN_REQ (GOT_NEWRDN|GOT_DELOLDRDN)
455 #define GOT_ALL_MODDN(f) (((f) & GOT_MODDN_REQ) == GOT_MODDN_REQ)
473 if ( re->re_mods == NULL ) {
474 *errmsg = "No arguments given";
476 LDAP_LOG ( OPERATION, ERR,
477 "op_ldap_modrdn: Error: no arguments\n" , 0, 0, 0 );
479 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: no arguments\n",
486 * Get the arguments: should see newrdn: and deleteoldrdn: args.
488 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
489 if ( !strcmp( mi[ i ].mi_type, T_NEWRDNSTR )) {
490 if( state & GOT_NEWRDN ) {
492 LDAP_LOG ( OPERATION, ERR,
493 "op_ldap_modrdn: Error: multiple newrdn arg \"%s\"\n",
494 mi[ i ].mi_val, 0, 0 );
496 Debug( LDAP_DEBUG_ANY,
497 "Error: op_ldap_modrdn: multiple newrdn arg \"%s\"\n",
498 mi[ i ].mi_val, 0, 0 );
500 *errmsg = "Multiple newrdn argument";
504 newrdn = mi[ i ].mi_val;
507 } else if ( !strcmp( mi[ i ].mi_type, T_DELOLDRDNSTR )) {
508 if( state & GOT_DELOLDRDN ) {
510 LDAP_LOG ( OPERATION, ERR,
511 "op_ldap_modrdn: Error: multiple deleteoldrdn arg \"%s\"\n",
512 mi[ i ].mi_val, 0, 0 );
514 Debug( LDAP_DEBUG_ANY,
515 "Error: op_ldap_modrdn: multiple deleteoldrdn arg \"%s\"\n",
516 mi[ i ].mi_val, 0, 0 );
518 *errmsg = "Multiple newrdn argument";
522 state |= GOT_DELOLDRDN;
523 if ( !strcmp( mi[ i ].mi_val, "0" )) {
525 } else if ( !strcmp( mi[ i ].mi_val, "1" )) {
529 LDAP_LOG ( OPERATION, ERR,
530 "op_ldap_modrdn: Error: bad deleteoldrdn arg \"%s\"\n",
531 mi[ i ].mi_val, 0, 0 );
533 Debug( LDAP_DEBUG_ANY,
534 "Error: op_ldap_modrdn: bad deleteoldrdn arg \"%s\"\n",
535 mi[ i ].mi_val, 0, 0 );
537 *errmsg = "Incorrect argument to deleteoldrdn";
541 } else if ( !strcmp( mi[ i ].mi_type, T_NEWSUPSTR )) {
542 if( state & GOT_NEWSUP ) {
544 LDAP_LOG ( OPERATION, ERR,
545 "op_ldap_modrdn: Error: multiple newsuperior arg \"%s\"\n",
546 mi[ i ].mi_val, 0, 0 );
548 Debug( LDAP_DEBUG_ANY,
549 "Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
550 mi[ i ].mi_val, 0, 0 );
552 *errmsg = "Multiple newsuperior argument";
556 newsup = mi[ i ].mi_val;
561 LDAP_LOG ( OPERATION, ERR,
562 "op_ldap_modrdn: Error: bad type \"%s\"\n",
563 mi[ i ].mi_type, 0, 0 );
565 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: bad type \"%s\"\n",
566 mi[ i ].mi_type, 0, 0 );
568 *errmsg = "Bad value in replication log entry";
574 * Punt if we don't have all the args.
576 if ( !GOT_ALL_MODDN(state) ) {
578 LDAP_LOG ( OPERATION, ERR,
579 "op_ldap_modrdn: Error: missing arguments\n" , 0, 0, 0 );
581 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
584 *errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
589 if ( ldap_debug & LDAP_DEBUG_ARGS ) {
592 int buf2len = strlen( re->re_dn ) + strlen( mi->mi_val ) + 11;
594 snprintf( buf, sizeof(buf), "%s:%d", ri->ri_hostname, ri->ri_port );
596 buf2 = (char *) ch_malloc( buf2len );
597 snprintf( buf2, buf2len, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
600 LDAP_LOG ( OPERATION, ARGS,
601 "op_ldap_modrdn: replica %s - modify rdn %s (flag: %d)\n",
602 buf, buf2, drdnflag );
604 Debug( LDAP_DEBUG_ARGS,
605 "replica %s - modify rdn %s (flag: %d)\n",
606 buf, buf2, drdnflag );
610 #endif /* LDAP_DEBUG */
615 rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, newrdn, newsup, drdnflag );
617 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
618 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
626 * Allocate and initialize an ldapmod struct.
629 alloc_ldapmod( void )
633 ldm = ( struct ldapmod * ) ch_malloc( sizeof ( struct ldapmod ));
634 ldm->mod_type = NULL;
635 ldm->mod_bvalues = ( struct berval ** ) NULL;
642 * Free an ldapmod struct associated mod_bvalues. NOTE - it is assumed
643 * that mod_bvalues and mod_type contain pointers to the same block of memory
644 * pointed to by the repl struct. Therefore, it's not freed here.
655 if ( ldm->mod_bvalues != NULL ) {
656 for ( i = 0; ldm->mod_bvalues[ i ] != NULL; i++ ) {
657 free( ldm->mod_bvalues[ i ] );
659 free( ldm->mod_bvalues );
667 * Free an an array of LDAPMod pointers and the LDAPMod structs they point
676 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
677 free_ldapmod( ldmarr[ i ] );
684 * Create a berval with a single value.
686 static struct berval **
687 make_singlevalued_berval(
693 p = ( struct berval ** ) ch_malloc( 2 * sizeof( struct berval * ));
694 p[ 0 ] = ( struct berval * ) ch_malloc( sizeof( struct berval ));
696 p[ 0 ]->bv_val = value;
697 p[ 0 ]->bv_len = len;
703 * Given a modification type (string), return an enumerated type.
704 * Avoids ugly copy in op_ldap_modify - lets us use a switch statement
711 if ( !strcmp( type, T_MODSEPSTR )) {
714 if ( !strcmp( type, T_MODOPADDSTR )) {
715 return( T_MODOPADD );
717 if ( !strcmp( type, T_MODOPREPLACESTR )) {
718 return( T_MODOPREPLACE );
720 if ( !strcmp( type, T_MODOPDELETESTR )) {
721 return( T_MODOPDELETE );
723 if ( !strcmp( type, T_MODOPINCREMENTSTR )) {
724 return( T_MODOPINCREMENT );
731 * Perform an LDAP unbind operation. If replica is NULL, or the
732 * repl_ldp is NULL, just return LDAP_SUCCESS. Otherwise, unbind,
733 * set the ldp to NULL, and return the result of the unbind call.
740 int rc = LDAP_SUCCESS;
742 if (( ri != NULL ) && ( ri->ri_ldp != NULL )) {
743 rc = ldap_unbind( ri->ri_ldp );
744 if ( rc != LDAP_SUCCESS ) {
746 LDAP_LOG ( OPERATION, ERR,
747 "do_unbind: ldap_unbind failed for %s:%d: %s\n",
748 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
750 Debug( LDAP_DEBUG_ANY,
751 "Error: do_unbind: ldap_unbind failed for %s:%d: %s\n",
752 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
763 * Perform an LDAP bind operation to the replication site given
764 * by replica. If replica->repl_ldp is non-NULL, then we unbind
765 * from the replica before rebinding. It should be safe to call
766 * this to re-connect if the replica's connection goes away
769 * Returns 0 on success, -1 if an LDAP error occurred, and a return
770 * code > 0 if some other error occurred, e.g. invalid bind method.
771 * If an LDAP error occurs, the LDAP error is returned in lderr.
780 int do_tls = ri->ri_tls;
786 LDAP_LOG ( OPERATION, ERR, "do_bind: null ri ptr\n" , 0, 0, 0 );
788 Debug( LDAP_DEBUG_ANY, "Error: do_bind: null ri ptr\n", 0, 0, 0 );
790 return( BIND_ERR_BADRI );
794 if ( ri->ri_ldp != NULL ) {
795 ldrc = ldap_unbind( ri->ri_ldp );
796 if ( ldrc != LDAP_SUCCESS ) {
798 LDAP_LOG ( OPERATION, ERR,
799 "do_bind: ldap_unbind failed: %s\n", ldap_err2string( ldrc ), 0, 0 );
801 Debug( LDAP_DEBUG_ANY,
802 "Error: do_bind: ldap_unbind failed: %s\n",
803 ldap_err2string( ldrc ), 0, 0 );
809 if ( ri->ri_uri != NULL ) { /* new URI style */
811 LDAP_LOG ( OPERATION, ARGS,
812 "do_bind: Initializing session to %s\n",
815 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s\n",
819 ldrc = ldap_initialize( &(ri->ri_ldp), ri->ri_uri);
821 if (ldrc != LDAP_SUCCESS) {
823 LDAP_LOG ( OPERATION, ERR,
824 "do_bind: ldap_initalize (0, %s) failed: %s\n",
825 ri->ri_uri, ldap_err2string(ldrc), 0 );
827 Debug( LDAP_DEBUG_ANY, "Error: ldap_initialize(0, %s) failed: %s\n",
828 ri->ri_uri, ldap_err2string(ldrc), 0 );
830 return( BIND_ERR_OPEN );
832 } else { /* old HOST style */
834 LDAP_LOG ( OPERATION, ARGS,
835 "do_bind: Initializing session to %s:%d\n",
836 ri->ri_hostname, ri->ri_port, 0 );
838 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s:%d\n",
839 ri->ri_hostname, ri->ri_port, 0 );
842 ri->ri_ldp = ldap_init( ri->ri_hostname, ri->ri_port );
843 if ( ri->ri_ldp == NULL ) {
845 LDAP_LOG ( OPERATION, ERR,
846 "do_bind: ldap_init (%s, %d) failed: %s\n",
847 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
849 Debug( LDAP_DEBUG_ANY, "Error: ldap_init(%s, %d) failed: %s\n",
850 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
852 return( BIND_ERR_OPEN );
856 { /* set version 3 */
857 int err, version = 3;
858 err = ldap_set_option(ri->ri_ldp,
859 LDAP_OPT_PROTOCOL_VERSION, &version);
861 if( err != LDAP_OPT_SUCCESS ) {
863 LDAP_LOG ( OPERATION, ERR, "do_bind: "
864 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
865 ri->ri_hostname, 0, 0 );
867 Debug( LDAP_DEBUG_ANY,
868 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
869 ri->ri_hostname, NULL, NULL );
872 ldap_unbind( ri->ri_ldp );
874 return BIND_ERR_VERSION;
879 * Set ldap library options to (1) not follow referrals, and
880 * (2) restart the select() system call.
884 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
886 if( err != LDAP_OPT_SUCCESS ) {
888 LDAP_LOG ( OPERATION, ERR, "do_bind: "
889 "Error: ldap_set_option(%s, REFERRALS, OFF) failed!\n",
890 ri->ri_hostname, 0, 0 );
892 Debug( LDAP_DEBUG_ANY,
893 "Error: ldap_set_option(%s,REFERRALS, OFF) failed!\n",
894 ri->ri_hostname, NULL, NULL );
896 ldap_unbind( ri->ri_ldp );
898 return BIND_ERR_REFERRALS;
901 ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
904 int err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
906 if( err != LDAP_SUCCESS ) {
908 LDAP_LOG ( OPERATION, ERR, "do_bind: "
909 "%s: ldap_start_tls failed: %s (%d)\n",
910 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
911 ldap_err2string( err ), err );
913 Debug( LDAP_DEBUG_ANY,
914 "%s: ldap_start_tls failed: %s (%d)\n",
915 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
916 ldap_err2string( err ), err );
919 if( ri->ri_tls == TLS_CRITICAL ) {
921 ldap_unbind( ri->ri_ldp );
923 return BIND_ERR_TLS_FAILED;
930 switch ( ri->ri_bind_method ) {
931 case LDAP_AUTH_SIMPLE:
933 * Bind with a plaintext password.
936 LDAP_LOG ( OPERATION, ARGS,
937 "do_bind: bind to %s:%d as %s (simple)\n",
938 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
940 Debug( LDAP_DEBUG_ARGS, "bind to %s:%d as %s (simple)\n",
941 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
943 ldrc = ldap_simple_bind_s( ri->ri_ldp, ri->ri_bind_dn,
945 if ( ldrc != LDAP_SUCCESS ) {
947 LDAP_LOG ( OPERATION, ERR, "do_bind: "
948 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
949 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
951 Debug( LDAP_DEBUG_ANY,
952 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
953 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
956 ldap_unbind( ri->ri_ldp );
958 return( BIND_ERR_SIMPLE_FAILED );
964 LDAP_LOG ( OPERATION, ARGS,
965 "do_bind: bind to %s as %s via %s (SASL)\n",
967 ri->ri_authcId ? ri->ri_authcId : "-",
970 Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
972 ri->ri_authcId ? ri->ri_authcId : "-",
976 #ifdef HAVE_CYRUS_SASL
977 if( ri->ri_secprops != NULL ) {
978 int err = ldap_set_option(ri->ri_ldp,
979 LDAP_OPT_X_SASL_SECPROPS, ri->ri_secprops);
981 if( err != LDAP_OPT_SUCCESS ) {
983 LDAP_LOG ( OPERATION, ERR, "do_bind: "
984 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
985 ri->ri_hostname, ri->ri_secprops, 0 );
987 Debug( LDAP_DEBUG_ANY,
988 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
989 ri->ri_hostname, ri->ri_secprops, NULL );
991 ldap_unbind( ri->ri_ldp );
993 return BIND_ERR_SASL_FAILED;
998 void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
999 ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
1001 ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
1002 ri->ri_saslmech, NULL, NULL,
1003 LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
1005 lutil_sasl_freedefs( defaults );
1006 if ( ldrc != LDAP_SUCCESS ) {
1008 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1009 "Error: LDAP SASL for %s:%d failed: %s\n",
1010 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
1012 Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
1013 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
1016 ldap_unbind( ri->ri_ldp );
1018 return( BIND_ERR_SASL_FAILED );
1024 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1025 "Error: do_bind: SASL not supported %s:%d\n",
1026 ri->ri_hostname, ri->ri_port, 0 );
1028 Debug( LDAP_DEBUG_ANY,
1029 "Error: do_bind: SASL not supported %s:%d\n",
1030 ri->ri_hostname, ri->ri_port, NULL );
1032 ldap_unbind( ri->ri_ldp );
1034 return( BIND_ERR_BAD_ATYPE );
1039 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1040 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1041 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1043 Debug( LDAP_DEBUG_ANY,
1044 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1045 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1047 ldap_unbind( ri->ri_ldp );
1049 return( BIND_ERR_BAD_ATYPE );
1055 LDAPControl *ctrls[2];
1059 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
1060 c.ldctl_value.bv_val = NULL;
1061 c.ldctl_value.bv_len = 0;
1062 c.ldctl_iscritical = 0;
1064 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_SERVER_CONTROLS, &ctrls);
1066 if( err != LDAP_OPT_SUCCESS ) {
1068 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1069 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1070 ri->ri_hostname, 0, 0 );
1072 Debug( LDAP_DEBUG_ANY, "Error: "
1073 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1074 ri->ri_hostname, NULL, NULL );
1076 ldap_unbind( ri->ri_ldp );
1078 return BIND_ERR_MANAGEDSAIT;
1090 * For debugging. Print the contents of an ldmarr array.
1102 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
1105 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1106 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1107 (long) getpid(), i, 0 );
1108 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1109 "Trace (%ld): *** ldm->mod_op: %d\n",
1110 (long) getpid(), ldm->mod_op, 0 );
1111 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1112 "Trace (%ld): *** ldm->mod_type: %s\n",
1113 (long) getpid(), ldm->mod_type, 0 );
1115 Debug( LDAP_DEBUG_TRACE,
1116 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1117 (long) getpid(), i, 0 );
1118 Debug( LDAP_DEBUG_TRACE,
1119 "Trace (%ld): *** ldm->mod_op: %d\n",
1120 (long) getpid(), ldm->mod_op, 0 );
1121 Debug( LDAP_DEBUG_TRACE,
1122 "Trace (%ld): *** ldm->mod_type: %s\n",
1123 (long) getpid(), ldm->mod_type, 0 );
1125 if ( ldm->mod_bvalues != NULL ) {
1126 for ( j = 0; ( b = ldm->mod_bvalues[ j ] ) != NULL; j++ ) {
1127 msgbuf = ch_malloc( b->bv_len + 512 );
1128 sprintf( msgbuf, "***** bv[ %d ] len = %ld, val = <%s>",
1129 j, b->bv_len, b->bv_val );
1131 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1132 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
1134 Debug( LDAP_DEBUG_TRACE,
1135 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
projects / openldap / blob