Full_Name: Vitaly Kroivets Version: 2.4.20 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (192.115.180.11)
It seems that function ldap_init_fd can not be used in LDAPS connection . I tried LDAP over SSL (without start-tls), but maybe with start-tls will be same..
I copied here my program. Use it this way : a.out -H ldaps://{IP}:636 -i {your src IP} -D {user} -w {password}
Thanks!
======
#include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h>
#include <ldap.h>
char* url = NULL; char* host_uri = NULL; char* bind_dn = NULL; char* password = NULL;
char* out_file = NULL;
LDAP* server = NULL; LDAPURLDesc* ludp = NULL; char* attribute = NULL; char* dn = NULL; BerElement* ber = NULL;
LDAPMessage* result;
void OnExitHandler(); void PrintUsage();
char src_ip [64];
int main(int argc, char* argv[]) { atexit(OnExitHandler);
char c; while ((c = getopt(argc, argv, "H:w:D:o:i:")) != EOF) { switch (c) { case 'H': { url = (char*)calloc(strlen(optarg), sizeof(char)); strcpy(url, optarg); break; }
case 'D': { bind_dn = (char*)calloc(strlen(optarg), sizeof(char)); strcpy(bind_dn, optarg); break; }
case 'w': { password = (char*)calloc(strlen(optarg), sizeof(char)); strcpy(password, optarg); break; }
case 'o': { out_file = (char*)calloc(strlen(optarg), sizeof(char)); strcpy(out_file, optarg); break; }
case 'i': { strncpy(src_ip, optarg, sizeof (src_ip)); break; }
default: { PrintUsage(); return 1;
break; } } } if (url == NULL || (bind_dn == NULL && password != NULL)) { PrintUsage(); return 1; }
int rc = ldap_url_parse(url, &ludp);
if (rc != 0) { fprintf(stderr, "ldap_url_parse: %s\n", ldap_err2string(rc)); return 1; }
// server = ldap_init(ludp->lud_host, ludp->lud_port);
// ldap_initialize is undocumented call we use instead of ldap_init // it allows to work over TLS secured connection, i.e. using ldaps:// int host_uri_len = strlen(ludp->lud_scheme) + strlen(ludp->lud_host) + 16; host_uri = (char*)malloc(sizeof(char) * host_uri_len); sprintf(host_uri, "%s://%s:%d", ludp->lud_scheme, ludp->lud_host, ludp-> lud_port);
int sockfd ;
printf ("%s;\n",ludp->lud_host); { // struct hostent *gethostbyname(const char *name); struct hostent *he; struct sockaddr_in their_addr; // connector's address information if ( (he=gethostbyname( ludp->lud_host )) == NULL ) { // get the host info herror("gethostbyname"); exit(1); }
if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); exit(1); }
their_addr.sin_family = AF_INET; their_addr.sin_port = htons(ludp-> lud_port);
their_addr.sin_addr = *((struct in_addr *)he->h_addr); memset(their_addr.sin_zero, '\0', sizeof their_addr.sin_zero);
// { struct sockaddr_in my_addr; // my address information
my_addr.sin_family = AF_INET; // host byte order my_addr.sin_port = 0; // short, network byte order
my_addr.sin_addr.s_addr = inet_addr(src_ip);
memset(my_addr.sin_zero, '\0', sizeof my_addr.sin_zero);
if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof my_addr) == -1) { perror("bind"); exit(1); }
}
//
if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof their_addr) == -1) { perror("connect"); exit(1); }
//connect mysock... printf ("init=%d\n",
ldap_init_fd (sockfd , 1 ,host_uri , &server)); }
/* // rc = ldap_initialize(&server, host_uri); if (rc != 0) { fprintf(stderr, "ldap_initialize: %s", (*ldap_err2string)(rc)); return 1; } */
//server->ld_conns->lconn_server = 0;//ldap_url_dup ( ludp );
rc = ldap_simple_bind_s(server, bind_dn, password); if (rc != 0) { fprintf(stderr, "ldap_simple_bind_s: %s", (*ldap_err2string)(rc)); return 1; }
rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope, ludp->lud_filter, ludp->lud_attrs, 0, &result);
if (rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) { fprintf(stderr, "ldap_search_s: %s\n", (*ldap_err2string)(rc)); return 1; }
int num = ldap_count_entries(server, result); fprintf(stderr, "Number of messages: %d\n", ldap_count_messages(server, result)); if (num == 0) { fprintf(stderr, "ldap_count_entries: no entries received\n"); return 1; } else if (num > 1) { fprintf(stderr, "ldap_count_entries: more than one entry received\n"); return 1; } LDAPMessage* entryIterator = ldap_first_entry(server, result); dn = ldap_get_dn(server, entryIterator); attribute = ldap_first_attribute(server, entryIterator, &ber); if (attribute == NULL) { fprintf(stderr, "ldap_first_attribute: no attriubutes received\n"); return 1; } else if (ldap_next_attribute(server, entryIterator, ber)) { fprintf(stderr, "ldap_first_attribute: more than one attriubute received\n"); return 1; } else { BerValue** vals = ldap_get_values_len(server, entryIterator, attribute); num = ldap_count_values_len(vals); if (vals == NULL || num == 0) { fprintf(stderr, "ldap_count_values_len :no values received\n"); return 1; } else if (num > 1) { fprintf(stderr, "ldap_count_values_len :more than one value received\n"); return 1; } FILE* fo = NULL; if (out_file) { fo = fopen(out_file, "wb"); } else { fo = stdout; }
fwrite(vals[0]->bv_val, 1, vals[0]->bv_len, fo); fflush(fo); fprintf(stderr, "Responce received from '%s'\n", url); if (out_file) fprintf(stderr, "Stored into %s\n", out_file); /* Free memory used to store values */ ldap_value_free_len(vals); }
return 0; }
void OnExitHandler() { if (result) { ldap_msgfree(result); } if (dn) ldap_memfree(dn); if (attribute) ldap_memfree(attribute); if (ber) ber_free(ber, 0); if (ludp) ldap_free_urldesc(ludp); if (server) ldap_unbind_s(server); if (url) free(url); if (host_uri) free(host_uri); if (bind_dn) free(bind_dn); if (password) free(password); if (out_file) free(out_file); }
void PrintUsage() { fprintf(stderr, "Usage: ldapget -H <LDAP URI> [-o <output_file>] [-D user [-w password]] [-i src_ip_addr ] \n"); }