|
|
@ -49,7 +49,7 @@ oal_ldap_escape(char *dst, size_t size, const char *src) |
|
|
|
* @returns 1 on success, 0 on error and fills config->error |
|
|
|
* @returns 1 on success, 0 on error and fills config->error |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
int |
|
|
|
int |
|
|
|
oal_connect(LDAP * ld, |
|
|
|
oal_connect(LDAP ** ld, |
|
|
|
oal_config_t * const config, |
|
|
|
oal_config_t * const config, |
|
|
|
const char * const binddn, |
|
|
|
const char * const binddn, |
|
|
|
const char * const bindpass) |
|
|
|
const char * const bindpass) |
|
|
@ -59,7 +59,7 @@ oal_connect(LDAP * ld, |
|
|
|
struct timeval tv = { 30, 0 }; |
|
|
|
struct timeval tv = { 30, 0 }; |
|
|
|
int rc = 0; |
|
|
|
int rc = 0; |
|
|
|
|
|
|
|
|
|
|
|
if ((rc = ldap_initialize(&ld, config->bindurls)) != LDAP_SUCCESS) { |
|
|
|
if ((rc = ldap_initialize(ld, config->bindurls)) != LDAP_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't connnect to ldap server(s): %s", strerror(errno)); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't connnect to ldap server(s): %s", strerror(errno)); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
@ -68,35 +68,35 @@ oal_connect(LDAP * ld, |
|
|
|
tv.tv_sec = config->bindtimeout; |
|
|
|
tv.tv_sec = config->bindtimeout; |
|
|
|
|
|
|
|
|
|
|
|
/* hardcoded options */ |
|
|
|
/* hardcoded options */ |
|
|
|
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapver) != LDAP_OPT_SUCCESS) { |
|
|
|
if (ldap_set_option(*ld, LDAP_OPT_PROTOCOL_VERSION, &ldapver) != LDAP_OPT_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set ldap protocol version"); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set ldap protocol version"); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
|
if (ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit) != LDAP_OPT_SUCCESS) { |
|
|
|
if (ldap_set_option(*ld, LDAP_OPT_SIZELIMIT, &sizelimit) != LDAP_OPT_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set max results limit"); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set max results limit"); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
|
/* timeouts */ |
|
|
|
/* timeouts */ |
|
|
|
if (ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv) != LDAP_OPT_SUCCESS) { |
|
|
|
if (ldap_set_option(*ld, LDAP_OPT_NETWORK_TIMEOUT, &tv) != LDAP_OPT_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set network timeout: %d", config->bindtimeout); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set network timeout: %d", config->bindtimeout); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
|
if (ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv) != LDAP_OPT_SUCCESS) { |
|
|
|
if (ldap_set_option(*ld, LDAP_OPT_TIMEOUT, &tv) != LDAP_OPT_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set search timeout: %d", config->bindtimeout); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set search timeout: %d", config->bindtimeout); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
|
/* TODO: hardcoded */ |
|
|
|
/* TODO: hardcoded */ |
|
|
|
if (ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_OPT_SUCCESS) { |
|
|
|
if (ldap_set_option(*ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_OPT_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set follow referrals to 'off'"); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set follow referrals to 'off'"); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
|
/* required */ |
|
|
|
/* required */ |
|
|
|
if (ldap_set_option(ld, LDAP_OPT_DEFBASE, config->basedn) != LDAP_OPT_SUCCESS) { |
|
|
|
if (ldap_set_option(*ld, LDAP_OPT_DEFBASE, config->basedn) != LDAP_OPT_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set searchbase: %s", config->basedn); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't set searchbase: %s", config->basedn); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if ((rc = ldap_simple_bind_s(ld, binddn, bindpass)) != LDAP_SUCCESS) { |
|
|
|
if ((rc = ldap_simple_bind_s(*ld, binddn, bindpass)) != LDAP_SUCCESS) { |
|
|
|
snprintf(config->error, sizeof(config->error), "can't bind to ldap server: %s", ldap_err2string(rc)); |
|
|
|
snprintf(config->error, sizeof(config->error), "can't bind to ldap server: %s", ldap_err2string(rc)); |
|
|
|
return 1; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
} |
|
|
@ -152,7 +152,7 @@ oal_check_cred(oal_config_t * const config, |
|
|
|
goto cleanup; |
|
|
|
goto cleanup; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (oal_connect(ald, config, udn, password) == 0) { |
|
|
|
if (oal_connect(&ald, config, udn, password) == 0) { |
|
|
|
rc = 1; |
|
|
|
rc = 1; |
|
|
|
ldap_unbind(ald); |
|
|
|
ldap_unbind(ald); |
|
|
|
goto cleanup; |
|
|
|
goto cleanup; |
|
|
|