Hello,
I have a little with this very simple program :
#include <iostream> #include <stdlib.h> #define LDAP_DEPRECATED 1 #include <ldap.h>
using namespace std;
const char* server = "ldap://ldap.xxxx.fr"; const char* cacert_file = "cacert.pem"; const char* root_dn = "cn=replicator,ou=DSA,dc=xxxx,dc=fr"; const char* root_pw = "xxxx"; const char* aliased_people_dn ="ou=AliasedPeople,dc=xxxx,dc=fr";
int main(int argc, char *argv[]) { if (argc != 3) { cerr << "Usage: " << argv[0] << " username password" << endl; return 1; }
LDAP *ld; int version = LDAP_VERSION3; int rc;
if ((rc = ldap_initialize(&ld, server)) != LDAP_SUCCESS) { cerr << "ldap_initialize: " << server << endl; return EXIT_FAILURE; }
if ((rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS) { cerr << "ldap_set_option error: " << ldap_err2string(rc) << endl; return EXIT_FAILURE; }
if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, cacert_file)) != LDAP_OPT_SUCCESS ) { cerr << "ldap_set_option error: " << ldap_err2string(rc) << endl; return EXIT_FAILURE; }
if ((rc = ldap_start_tls_s(ld, NULL, NULL)) != LDAP_SUCCESS) { cerr << "ldap_start_tls_s error: " << ldap_err2string(rc) << endl; return EXIT_FAILURE; }
if ((rc = ldap_bind_s(ld, root_dn, root_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) { cerr << "ldap_bind_s: " << ldap_err2string(rc) << endl; return EXIT_FAILURE; }
cout << "user replicator authenticated :)." << endl;
LDAPMessage *pResult; struct berval cred; char *pDN;
std::string filter("uid=" + string(argv[1]));
rc = ldap_search_ext_s(ld, aliased_people_dn, LDAP_SCOPE_SUBTREE, filter.c_str(), NULL, 0, NULL, NULL, NULL, LDAP_NO_LIMIT, &pResult);
if (rc != LDAP_SUCCESS) { cerr << "ldap_search_ext_s error: " << ldap_err2string(rc) << endl; ldap_unbind_s(ld); return EXIT_FAILURE; }
struct berval **vals; LDAPMessage *pEntry; string user_dn;
if (ldap_count_entries(ld, pResult) == 1) { pEntry = ldap_first_entry(ld, pResult); pDN = ldap_get_dn(ld, pEntry); vals = ldap_get_values_len(ld, pEntry, "aliasedObjectName");
if (vals) { user_dn = vals[0]->bv_val; ldap_value_free_len(vals); } ldap_memfree(pDN); } else { cout << "aliasedObjectName attribute not found" << endl; ldap_unbind_s(ld); return EXIT_FAILURE; }
ldap_memfree(pResult);
if ((rc = ldap_bind_s(ld, user_dn.c_str(), argv[2], LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) { cerr << "user " << argv[1] << " not authenticated" << endl; ldap_unbind_s(ld); return EXIT_FAILURE; }
cout << "user " << argv[1] << " (" << user_dn << ") authenticated" << endl;
ldap_unbind_s(ld);
return EXIT_SUCCESS; }
My program works fine but, if I use valgrind, I have memory leaks :
valgrind --leak-check=full ./ldapauth.exe toto secret ==13616== Memcheck, a memory error detector ==13616== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==13616== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==13616== Command: ./ldapauth.exe toto secret ==13616== user replicator authenticated :). user toto (uid=toto,ou=People,ou=17,dc=xxxx,dc=fr) authenticated ==13616== Warning: invalid file descriptor -1 in syscall write() ==13616== ==13616== HEAP SUMMARY: ==13616== in use at exit: 260,453 bytes in 1,157 blocks ==13616== total heap usage: 13,835 allocs, 12,678 frees, 2,138,249 bytes allocated ==13616== ==13616== 149 (56 direct, 93 indirect) bytes in 1 blocks are definitely lost in loss record 65 of 84 ==13616== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13616== by 0x596E604: ber_memcalloc_x (in /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2.8.3) ==13616== by 0x4E48687: ldap_result (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3) ==13616== by 0x4E4ACA6: ldap_pvt_search_s (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3) ==13616== by 0x4E4AD4F: ldap_search_ext_s (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3) ==13616== by 0x4016D4: main (ldapauth.cpp:72) ==13616== ==13616== 271 (80 direct, 191 indirect) bytes in 1 blocks are definitely lost in loss record 69 of 84 ==13616== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13616== by 0x596E604: ber_memcalloc_x (in /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2.8.3) ==13616== by 0x596D031: ber_alloc_t (in /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2.8.3) ==13616== by 0x4E5AA22: ldap_alloc_ber_with_options (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3) ==13616== by 0x4E48BB7: ldap_result (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3) ==13616== by 0x4E4ACA6: ldap_pvt_search_s (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3) ==13616== by 0x4E4AD4F: ldap_search_ext_s (in /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.8.3) ==13616== by 0x4016D4: main (ldapauth.cpp:72) ==13616== ==13616== LEAK SUMMARY: ==13616== definitely lost: 136 bytes in 2 blocks ==13616== indirectly lost: 284 bytes in 3 blocks ==13616== possibly lost: 0 bytes in 0 blocks ==13616== still reachable: 260,033 bytes in 1,152 blocks ==13616== suppressed: 0 bytes in 0 blocks ==13616== Reachable blocks (those to which a pointer was found) are not shown. ==13616== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==13616== ==13616== For counts of detected and suppressed errors, rerun with: -v ==13616== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
I don't understand why. Do you have a idea ?
I work on Ubuntu 14.04. The OpenLDAP version is 2.4.31.
Thanks,
Jean-Marc.