Back to index

lightning-sunbird  0.9+nobinonly
ppolicy.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is Mozilla Communicator client code, released
00015  * March 31, 1998.
00016  *
00017  * The Initial Developer of the Original Code is
00018  * Netscape Communications Corporation.
00019  * Portions created by the Initial Developer are Copyright (C) 1998-1999
00020  * the Initial Developer. All Rights Reserved.
00021  *
00022  * Contributor(s):
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 
00038 /*
00039  * Attempt to bind to the directory, and report back any password
00040  * expiration information received.
00041  */
00042 #include "examples.h"
00043 
00044 #define NO_PASSWORD_CONTROLS 0
00045 #define PASSWORD_EXPIRED -1
00046 
00047 static void doUsage() {
00048        printf( "Usage: ppolicy HOST PORT DN PASSWORD\n" );
00049 }
00050 
00051 static int
00052 check_controls( LDAPControl **ctrls ) {
00053        int           i;
00054        char buf[256];
00055        int status = NO_PASSWORD_CONTROLS;
00056 
00057        if ( ctrls == NULL ) {
00058               return NO_PASSWORD_CONTROLS;
00059        }
00060 
00061        for ( i = 0; ctrls[ i ] != NULL; ++i ) {
00062               memcpy( buf, ctrls[ i ]->ldctl_value.bv_val,
00063                             ctrls[ i ]->ldctl_value.bv_len );
00064               buf[ctrls[ i ]->ldctl_value.bv_len] = 0;
00065               if( !strcmp( LDAP_CONTROL_PWEXPIRED, ctrls[ i ]->ldctl_oid ) ) {
00066                      status = PASSWORD_EXPIRED;
00067               } else if ( !strcmp( LDAP_CONTROL_PWEXPIRING,
00068                                                   ctrls[ i ]->ldctl_oid ) ) {
00069                      status = atoi( buf );
00070               }
00071        }
00072 
00073        return status;
00074 }
00075 
00076 static void
00077 process_other_errors( int lderr ) {
00078        fprintf( stderr, "ldap_parse_result: %s",
00079                       ldap_err2string( lderr ));
00080        if ( LDAP_CONNECT_ERROR == lderr ) {
00081               perror( " - " );
00082        } else {
00083               fputc( '\n', stderr );
00084        }
00085 }
00086 
00087 static void
00088 process_other_messages( char *errmsg ) {
00089        if ( errmsg != NULL ) {
00090               if ( *errmsg != '\0' ) {
00091                      fprintf( stderr, "Additional info: %s\n",
00092                                     errmsg );
00093               }
00094               ldap_memfree( errmsg );
00095        }
00096 }
00097 
00098 
00099 int
00100 main( int argc, char **argv ) {
00101     LDAP             *ld;
00102     char             *dn;
00103        char            *password;
00104        char            *host;
00105        int             port;
00106     int                     rc = 0;
00107     int             version = LDAP_VERSION3;
00108        int             msgid;
00109        LDAPMessage     *result;
00110        LDAPControl       **ctrls;
00111        int                   lderr;
00112        int             password_status = 0;
00113        char              *matcheddn, *errmsg, **refs;
00114 
00115        if ( argc == 1 ) {
00116               host = MY_HOST;
00117               port = MY_PORT;
00118               dn = USER_DN;
00119               password = USER_PW;
00120        } else if ( argc == 5 ) {
00121               host = argv[1];
00122               port = atoi( argv[2] );
00123               dn = argv[3];
00124               password = argv[4];
00125        } else {
00126               doUsage();
00127               return( 1 );
00128        }
00129 
00130     /* get a handle to an LDAP connection */
00131     if ( (ld = ldap_init( host, port )) == NULL ) {
00132               perror( "ldap_init" );
00133               return( 1 );
00134     }
00135     
00136     if (ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != 0) {
00137               ldap_perror( ld, "ldap_set_option");
00138               return ( 1 );
00139     }
00140 
00141     /* authenticate to the directory */
00142 #ifdef SYNCHRONOUS_BIND
00143        /* Synchronous bind */
00144        ldap_simple_bind_s( ld, dn, password );
00145        lderr = ldap_get_lderrno( ld, NULL, &errmsg );
00146        if ( LDAP_SUCCESS == lderr ) {
00147               printf( "Authentication successful\n" );
00148        } else {
00149               rc = -1;
00150               if ( LDAP_INVALID_CREDENTIALS == lderr ) {
00151                      fprintf( stderr, "Invalid credentials\n" );
00152               } else {
00153                      process_other_errors( lderr );
00154               }
00155               if ( errmsg != NULL ) {
00156                      if ( strstr( errmsg, "password expired" ) != NULL ) {
00157                             fprintf( stderr, "Password expired\n" );
00158                      } else {
00159                             fprintf( stderr, "Additional info: %s\n",
00160                                            errmsg );
00161                      }
00162                      ldap_memfree( errmsg );
00163               }
00164        }
00165        /* You can't get the controls with a synchronous bind, so we
00166           can't report if the password is about to expire */
00167 
00168 #else
00169        /* Asynchronous bind */
00170        if ( msgid = ldap_simple_bind( ld, dn, password ) < 0 ) {
00171               ldap_perror( ld, "ldap_simple_bind" );
00172               rc = -1;
00173        } else {
00174               rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ONE,
00175                             (struct timeval *)NULL, &result );
00176               if ( rc == LDAP_RES_BIND ) {
00177                      if ( ldap_parse_result( ld, result, &lderr, &matcheddn, &errmsg,
00178                                                                &refs, &ctrls, 0 ) != LDAP_SUCCESS ) {
00179                             ldap_perror( ld, "ldap_parse_result" );
00180                      } else {
00181                             if ( LDAP_SUCCESS == lderr ) {
00182                                    printf( "Authentication successful\n" );
00183                             } else {
00184                                    if ( LDAP_INVALID_CREDENTIALS == lderr ) {
00185                                           fprintf( stderr, "Invalid credentials\n" );
00186                                    } else {
00187                                           process_other_errors( lderr );
00188                                    }
00189                                    if ( errmsg != NULL ) {
00190                                           if ( strstr( errmsg, "password expired" ) != NULL ) {
00191                                                  fprintf( stderr, "Password expired\n" );
00192                                           } else {
00193                                                  fprintf( stderr, "Additional info: %s\n",
00194                                                                 errmsg );
00195                                           }
00196                                           ldap_memfree( errmsg );
00197                                    }
00198                             }
00199 
00200                             password_status = check_controls( ctrls );
00201                             ldap_controls_free( ctrls );
00202                             if ( password_status == PASSWORD_EXPIRED ) {
00203                                    fprintf( stderr,
00204                                                   "Password expired and must be reset\n" );
00205                             } else if ( password_status > 0 ) {
00206                                    fprintf( stderr,
00207                                                   "Password will expire in %d seconds\n",
00208                                                   password_status );
00209                             }
00210                             rc = 0;
00211                      }
00212               } else {
00213                      fprintf( stderr, "ldap_result returned %d\n", rc );
00214                      ldap_perror( ld, "ldap_result" );
00215                      rc = -1;
00216               }
00217        }
00218 #endif
00219 
00220        if ( LDAP_SUCCESS == lderr ) {
00221               ldap_unbind( ld );
00222        }
00223 
00224     return rc;
00225 }