*
* To contact Novell about this file by physical or electronic mail, you may
* find current contact information at www.novell.com.
- */
+ */
#include "digest_common.h"
#define NMAS_E_BASE (-1600)
#define NMAS_SUCCESS 0
-#define NMAS_E_SUCCESS NMAS_SUCCESS /* Alias */
-#define NMAS_OK NMAS_SUCCESS /* Alias */
+#define NMAS_E_SUCCESS NMAS_SUCCESS /* Alias */
+#define NMAS_OK NMAS_SUCCESS /* Alias */
-#define NMAS_E_FRAG_FAILURE (NMAS_E_BASE-31) /* -1631 0xFFFFF9A1 */
-#define NMAS_E_BUFFER_OVERFLOW (NMAS_E_BASE-33) /* -1633 0xFFFFF99F */
-#define NMAS_E_SYSTEM_RESOURCES (NMAS_E_BASE-34) /* -1634 0xFFFFF99E */
-#define NMAS_E_INSUFFICIENT_MEMORY (NMAS_E_BASE-35) /* -1635 0xFFFFF99D */
-#define NMAS_E_NOT_SUPPORTED (NMAS_E_BASE-36) /* -1636 0xFFFFF99C */
-#define NMAS_E_INVALID_PARAMETER (NMAS_E_BASE-43) /* -1643 0xFFFFF995 */
-#define NMAS_E_INVALID_VERSION (NMAS_E_BASE-52) /* -1652 0xFFFFF98C */
+#define NMAS_E_FRAG_FAILURE (NMAS_E_BASE-31) /* -1631 0xFFFFF9A1 */
+#define NMAS_E_BUFFER_OVERFLOW (NMAS_E_BASE-33) /* -1633 0xFFFFF99F */
+#define NMAS_E_SYSTEM_RESOURCES (NMAS_E_BASE-34) /* -1634 0xFFFFF99E */
+#define NMAS_E_INSUFFICIENT_MEMORY (NMAS_E_BASE-35) /* -1635 0xFFFFF99D */
+#define NMAS_E_NOT_SUPPORTED (NMAS_E_BASE-36) /* -1636 0xFFFFF99C */
+#define NMAS_E_INVALID_PARAMETER (NMAS_E_BASE-43) /* -1643 0xFFFFF995 */
+#define NMAS_E_INVALID_VERSION (NMAS_E_BASE-52) /* -1652 0xFFFFF98C */
/* OID of LDAP extenstion calls to read Universal Password */
#define NMASLDAP_GET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.13"
/* ------------------------------------------------------------------------
- * berEncodePasswordData
- * ==============================
- * RequestBer contents:
- * clientVersion INTEGER
- * targetObjectDN OCTET STRING
- * password1 OCTET STRING
- * password2 OCTET STRING
+ * berEncodePasswordData
+ * ==============================
+ * RequestBer contents:
+ * clientVersion INTEGER
+ * targetObjectDN OCTET STRING
+ * password1 OCTET STRING
+ * password2 OCTET STRING
*
- * Description:
- * This function takes the request BER value and input data items
- * and BER encodes the data into the BER value
+ * Description:
+ * This function takes the request BER value and input data items
+ * and BER encodes the data into the BER value
*
* ------------------------------------------------------------------------ */
-int berEncodePasswordData(
- struct berval **requestBV,
- char *objectDN,
- char *password,
- char *password2)
+int
+berEncodePasswordData(
+ struct berval **requestBV,
+ char *objectDN,
+ char *password,
+ char *password2)
{
- int err = 0, rc=0;
- BerElement *requestBer = NULL;
-
- char * utf8ObjPtr = NULL;
- int utf8ObjSize = 0;
- char * utf8PwdPtr = NULL;
- int utf8PwdSize = 0;
- char * utf8Pwd2Ptr = NULL;
- int utf8Pwd2Size = 0;
-
-
- utf8ObjSize = strlen(objectDN)+1;
- utf8ObjPtr = objectDN;
-
- if (password != NULL)
- {
- utf8PwdSize = strlen(password)+1;
- utf8PwdPtr = password;
- }
-
- if (password2 != NULL)
- {
- utf8Pwd2Size = strlen(password2)+1;
- utf8Pwd2Ptr = password2;
- }
-
- /* Allocate a BerElement for the request parameters.*/
- if((requestBer = ber_alloc()) == NULL)
- {
- err = NMAS_E_FRAG_FAILURE;
- goto Cleanup;
- }
-
- if (password != NULL && password2 != NULL)
- {
- /* BER encode the NMAS Version, the objectDN, and the password */
- rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size);
- }
- else if (password != NULL)
- {
- /* BER encode the NMAS Version, the objectDN, and the password */
- rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize);
- }
- else
- {
- /* BER encode the NMAS Version and the objectDN */
- rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize);
- }
-
- if (rc < 0)
- {
- err = NMAS_E_FRAG_FAILURE;
- goto Cleanup;
- }
- else
- {
- err = 0;
- }
-
- /*
- * Convert the BER we just built to a berval that we'll send with the extended request.
- */
- if(ber_flatten(requestBer, requestBV) == LBER_ERROR)
- {
- err = NMAS_E_FRAG_FAILURE;
- goto Cleanup;
- }
-
-Cleanup:
-
- if(requestBer)
- {
- ber_free(requestBer, 1);
- }
-
- return err;
-} /* End of berEncodePasswordData */
+ int err = 0, rc = 0;
+ BerElement *requestBer = NULL;
+
+ char *utf8ObjPtr = NULL;
+ int utf8ObjSize = 0;
+ char *utf8PwdPtr = NULL;
+ int utf8PwdSize = 0;
+ char *utf8Pwd2Ptr = NULL;
+ int utf8Pwd2Size = 0;
+
+
+ utf8ObjSize = strlen(objectDN) + 1;
+ utf8ObjPtr = objectDN;
+
+ if (password != NULL) {
+ utf8PwdSize = strlen(password) + 1;
+ utf8PwdPtr = password;
+ }
+ if (password2 != NULL) {
+ utf8Pwd2Size = strlen(password2) + 1;
+ utf8Pwd2Ptr = password2;
+ }
+ /* Allocate a BerElement for the request parameters. */
+ if ((requestBer = ber_alloc()) == NULL) {
+ err = NMAS_E_FRAG_FAILURE;
+ goto Cleanup;
+ }
+ if (password != NULL && password2 != NULL) {
+ /* BER encode the NMAS Version, the objectDN, and the password */
+ rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size);
+ } else if (password != NULL) {
+ /* BER encode the NMAS Version, the objectDN, and the password */
+ rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize);
+ } else {
+ /* BER encode the NMAS Version and the objectDN */
+ rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize);
+ }
+
+ if (rc < 0) {
+ err = NMAS_E_FRAG_FAILURE;
+ goto Cleanup;
+ } else {
+ err = 0;
+ }
+
+ /*
+ * Convert the BER we just built to a berval that we'll send with the extended request.
+ */
+ if (ber_flatten(requestBer, requestBV) == LBER_ERROR) {
+ err = NMAS_E_FRAG_FAILURE;
+ goto Cleanup;
+ }
+ Cleanup:
+
+ if (requestBer) {
+ ber_free(requestBer, 1);
+ }
+ return err;
+} /* End of berEncodePasswordData */
/* ------------------------------------------------------------------------
- * berDecodeLoginData()
- * ==============================
- * ResponseBer contents:
- * serverVersion INTEGER
- * error INTEGER
- * data OCTET STRING
+ * berDecodeLoginData()
+ * ==============================
+ * ResponseBer contents:
+ * serverVersion INTEGER
+ * error INTEGER
+ * data OCTET STRING
*
- * Description:
- * This function takes the reply BER Value and decodes the
- * NMAS server version and return code and if a non null retData
- * buffer was supplied, tries to decode the the return data and length
+ * Description:
+ * This function takes the reply BER Value and decodes the
+ * NMAS server version and return code and if a non null retData
+ * buffer was supplied, tries to decode the the return data and length
*
* ------------------------------------------------------------------------ */
-int berDecodeLoginData(
- struct berval *replyBV,
- int *serverVersion,
- size_t *retDataLen,
- void *retData )
+int
+berDecodeLoginData(
+ struct berval *replyBV,
+ int *serverVersion,
+ size_t * retDataLen,
+ void *retData)
{
- int rc=0, err = 0;
- BerElement *replyBer = NULL;
- char *retOctStr = NULL;
- size_t retOctStrLen = 0;
-
- if((replyBer = ber_init(replyBV)) == NULL)
- {
- err = NMAS_E_SYSTEM_RESOURCES;
- goto Cleanup;
+ int rc = 0, err = 0;
+ BerElement *replyBer = NULL;
+ char *retOctStr = NULL;
+ size_t retOctStrLen = 0;
+
+ if ((replyBer = ber_init(replyBV)) == NULL) {
+ err = NMAS_E_SYSTEM_RESOURCES;
+ goto Cleanup;
+ }
+ if (retData) {
+ retOctStrLen = *retDataLen + 1;
+ retOctStr = (char *) malloc(retOctStrLen);
+ if (!retOctStr) {
+ err = NMAS_E_SYSTEM_RESOURCES;
+ goto Cleanup;
}
-
- if(retData)
- {
- retOctStrLen = *retDataLen + 1;
- retOctStr = (char *)malloc(retOctStrLen);
- if(!retOctStr)
- {
- err = NMAS_E_SYSTEM_RESOURCES;
- goto Cleanup;
- }
-
- if( (rc = ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen)) != -1)
- {
- if (*retDataLen >= retOctStrLen)
- {
- memcpy(retData, retOctStr, retOctStrLen);
- }
- else if (!err)
- {
- err = NMAS_E_BUFFER_OVERFLOW;
- }
-
- *retDataLen = retOctStrLen;
- }
- else if (!err)
- {
- err = NMAS_E_FRAG_FAILURE;
- }
+ if ((rc = ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen)) != -1) {
+ if (*retDataLen >= retOctStrLen) {
+ memcpy(retData, retOctStr, retOctStrLen);
+ } else if (!err) {
+ err = NMAS_E_BUFFER_OVERFLOW;
+ }
+ *retDataLen = retOctStrLen;
+ } else if (!err) {
+ err = NMAS_E_FRAG_FAILURE;
}
- else
- {
- if( (rc = ber_scanf(replyBer, "{ii}", serverVersion, &err)) == -1)
- {
- if (!err)
- {
- err = NMAS_E_FRAG_FAILURE;
- }
- }
- }
-
-Cleanup:
-
- if(replyBer)
- {
- ber_free(replyBer, 1);
+ } else {
+ if ((rc = ber_scanf(replyBer, "{ii}", serverVersion, &err)) == -1) {
+ if (!err) {
+ err = NMAS_E_FRAG_FAILURE;
+ }
}
+ }
- if (retOctStr != NULL)
- {
- memset(retOctStr, 0, retOctStrLen);
- free(retOctStr);
- }
+ Cleanup:
- return err;
-} /* End of berDecodeLoginData */
+ if (replyBer) {
+ ber_free(replyBer, 1);
+ }
+ if (retOctStr != NULL) {
+ memset(retOctStr, 0, retOctStrLen);
+ free(retOctStr);
+ }
+ return err;
+} /* End of berDecodeLoginData */
/* -----------------------------------------------------------------------
- * nmasldap_get_password()
- * ==============================
+ * nmasldap_get_password()
+ * ==============================
*
- * Description:
- * This API attempts to get the universal password
+ * Description:
+ * This API attempts to get the universal password
*
* ------------------------------------------------------------------------ */
-int nmasldap_get_password(
- LDAP *ld,
- char *objectDN,
- size_t *pwdSize, // in bytes
- char *pwd )
+int
+nmasldap_get_password(
+ LDAP * ld,
+ char *objectDN,
+ size_t * pwdSize, // in bytes
+ char *pwd)
{
- int err = 0;
+ int err = 0;
- struct berval *requestBV = NULL;
- char *replyOID = NULL;
- struct berval *replyBV = NULL;
- int serverVersion;
- char *pwdBuf;
- size_t pwdBufLen, bufferLen;
+ struct berval *requestBV = NULL;
+ char *replyOID = NULL;
+ struct berval *replyBV = NULL;
+ int serverVersion;
+ char *pwdBuf;
+ size_t pwdBufLen, bufferLen;
#ifdef NOT_N_PLAT_NLM
- int currentThreadGroupID;
+ int currentThreadGroupID;
#endif
- /* Validate char parameters. */
- if(objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL)
- {
- return NMAS_E_INVALID_PARAMETER;
- }
-
- bufferLen = pwdBufLen = *pwdSize;
- pwdBuf = (char *)malloc(pwdBufLen+2);
- if(pwdBuf == NULL)
- {
- return NMAS_E_INSUFFICIENT_MEMORY;
- }
-
+ /* Validate char parameters. */
+ if (objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL) {
+ return NMAS_E_INVALID_PARAMETER;
+ }
+ bufferLen = pwdBufLen = *pwdSize;
+ pwdBuf = (char *) malloc(pwdBufLen + 2);
+ if (pwdBuf == NULL) {
+ return NMAS_E_INSUFFICIENT_MEMORY;
+ }
#ifdef NOT_N_PLAT_NLM
- currentThreadGroupID = SetThreadGroupID(nmasLDAPThreadGroupID);
+ currentThreadGroupID = SetThreadGroupID(nmasLDAPThreadGroupID);
#endif
- err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL);
- if(err)
- {
- goto Cleanup;
- }
-
- /* Call the ldap_extended_operation (synchronously) */
- if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV)))
- {
- goto Cleanup;
- }
-
- /* Make sure there is a return OID */
- if(!replyOID)
- {
- err = NMAS_E_NOT_SUPPORTED;
- goto Cleanup;
- }
-
- /* Is this what we were expecting to get back. */
- if(strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE))
- {
- err = NMAS_E_NOT_SUPPORTED;
- goto Cleanup;
- }
-
- /* Do we have a good returned berval? */
- if(!replyBV)
- {
- /*
- * No; returned berval means we experienced a rather drastic error.
- * Return operations error.
- */
- err = NMAS_E_SYSTEM_RESOURCES;
- goto Cleanup;
- }
-
- err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf);
-
- if(serverVersion != NMAS_LDAP_EXT_VERSION)
- {
- err = NMAS_E_INVALID_VERSION;
- goto Cleanup;
- }
-
- if (!err && pwdBufLen != 0)
- {
- if (*pwdSize >= pwdBufLen+1 && pwd != NULL)
- {
- memcpy(pwd, pwdBuf, pwdBufLen);
- pwd[pwdBufLen] = 0; /* add null termination */
- }
- *pwdSize = pwdBufLen; /* does not include null termination */
- }
-
-Cleanup:
-
- if(replyBV)
- {
- ber_bvfree(replyBV);
- }
-
- /* Free the return OID string if one was returned. */
- if(replyOID)
- {
- ldap_memfree(replyOID);
- }
-
- /* Free memory allocated while building the request ber and berval. */
- if(requestBV)
- {
- ber_bvfree(requestBV);
- }
-
- if (pwdBuf != NULL)
- {
- memset(pwdBuf, 0, bufferLen);
- free(pwdBuf);
+ err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL);
+ if (err) {
+ goto Cleanup;
+ }
+ /* Call the ldap_extended_operation (synchronously) */
+ if ((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV))) {
+ goto Cleanup;
+ }
+ /* Make sure there is a return OID */
+ if (!replyOID) {
+ err = NMAS_E_NOT_SUPPORTED;
+ goto Cleanup;
+ }
+ /* Is this what we were expecting to get back. */
+ if (strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE)) {
+ err = NMAS_E_NOT_SUPPORTED;
+ goto Cleanup;
+ }
+ /* Do we have a good returned berval? */
+ if (!replyBV) {
+ /*
+ * No; returned berval means we experienced a rather drastic error.
+ * Return operations error.
+ */
+ err = NMAS_E_SYSTEM_RESOURCES;
+ goto Cleanup;
+ }
+ err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf);
+
+ if (serverVersion != NMAS_LDAP_EXT_VERSION) {
+ err = NMAS_E_INVALID_VERSION;
+ goto Cleanup;
+ }
+ if (!err && pwdBufLen != 0) {
+ if (*pwdSize >= pwdBufLen + 1 && pwd != NULL) {
+ memcpy(pwd, pwdBuf, pwdBufLen);
+ pwd[pwdBufLen] = 0; /* add null termination */
}
-
+ *pwdSize = pwdBufLen; /* does not include null termination */
+ }
+ Cleanup:
+
+ if (replyBV) {
+ ber_bvfree(replyBV);
+ }
+ /* Free the return OID string if one was returned. */
+ if (replyOID) {
+ ldap_memfree(replyOID);
+ }
+ /* Free memory allocated while building the request ber and berval. */
+ if (requestBV) {
+ ber_bvfree(requestBV);
+ }
+ if (pwdBuf != NULL) {
+ memset(pwdBuf, 0, bufferLen);
+ free(pwdBuf);
+ }
#ifdef NOT_N_PLAT_NLM
- SetThreadGroupID(currentThreadGroupID);
+ SetThreadGroupID(currentThreadGroupID);
#endif
- /* Return the appropriate error/success code. */
- return err;
-} /* end of nmasldap_get_password */
+ /* Return the appropriate error/success code. */
+ return err;
+} /* end of nmasldap_get_password */
if (rc == LDAP_SUCCESS) {
entry = ldap_first_entry(ld, res);
if (entry) {
- if (debug)
- printf("ldap dn: %s\n", ldap_get_dn(ld, entry));
- if (edir_universal_passwd) {
-
- /* allocate some memory for the universal password returned by NMAS */
- universal_password = malloc(universal_password_len);
- memset(universal_password, 0, universal_password_len);
- values = malloc(sizeof(char *));
-
- /* actually talk to NMAS to get a password */
- nmas_res = nmasldap_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password);
- if (nmas_res == NMAS_SUCCESS && universal_password) {
- if (debug)
- printf("NMAS returned value %s\n", universal_password);
- values[0] = universal_password;
- } else {
- if (debug)
- printf("Error reading Universal Password: %d = %s\n", nmas_res, ldap_err2string(nmas_res));
- }
- } else {
- values = ldap_get_values(ld, entry, passattr);
- }
+ if (debug)
+ printf("ldap dn: %s\n", ldap_get_dn(ld, entry));
+ if (edir_universal_passwd) {
+
+ /* allocate some memory for the universal password returned by NMAS */
+ universal_password = malloc(universal_password_len);
+ memset(universal_password, 0, universal_password_len);
+ values = malloc(sizeof(char *));
+
+ /* actually talk to NMAS to get a password */
+ nmas_res = nmasldap_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password);
+ if (nmas_res == NMAS_SUCCESS && universal_password) {
+ if (debug)
+ printf("NMAS returned value %s\n", universal_password);
+ values[0] = universal_password;
+ } else {
+ if (debug)
+ printf("Error reading Universal Password: %d = %s\n", nmas_res, ldap_err2string(nmas_res));
+ }
+ } else {
+ values = ldap_get_values(ld, entry, passattr);
+ }
} else {
ldap_msgfree(res);
return NULL;
if (!values) {
if (debug)
printf("No attribute value found\n");
- if (edir_universal_passwd)
- free(universal_password);
+ if (edir_universal_passwd)
+ free(universal_password);
ldap_msgfree(res);
return NULL;
}
printf("password: %s\n", password);
if (password)
password = strdup(password);
- if (edir_universal_passwd) {
- free(values);
- free(universal_password);
- } else {
- ldap_value_free(values);
- }
+ if (edir_universal_passwd) {
+ free(values);
+ free(universal_password);
+ } else {
+ ldap_value_free(values);
+ }
ldap_msgfree(res);
return password;
} else {
case 'g':
case 'e':
case 'S':
- case 'n':
- case 'd':
+ case 'n':
+ case 'd':
break;
default:
if (strlen(argv[1]) > 2) {
}
if (!ldapServer)
- ldapServer = (char *)"localhost";
+ ldapServer = (char *) "localhost";
if (!userbasedn || !((passattr != NULL) || (edir_universal_passwd && usersearchfilter && version == LDAP_VERSION3 && use_tls))) {
fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn -f filter [options] ldap_server_name\n\n");
if (!bindpasswd) {
fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n");
}
-
fclose(f);
return 0;