#include <stdio.h>
#include <stdlib.h>
#include <ldap_ssl.h>
#if defined(N_PLAT_NLM) && defined(LIBC)
#include <screen.h>
#endif
static char usage[] =
"\n Usage: sslbindi <host name> <port number> <login dn> <password> "
"\n"
"\n Example: sslbindi Acme.com 636 cn=admin,o=Acme secret\n";
int LIBCALL cert_callback
(
void *pHandle
);
int main(int argc, char *argv[])
{
int rc = 0;
int version = LDAP_VERSION3;
int ldapPort = 0;
char answer[256];
char extraChar = '\n';
char *ldapHost = NULL;
char *loginDN = NULL;
char *password = NULL;
LDAP *ld = NULL;
struct timeval timeOut = {10,0};
#if defined(N_PLAT_NLM) && defined(LIBC)
setscreenmode(SCR_NO_MODE);
#endif
if (5 != argc)
{
printf("%s", usage);
exit(1);
}
ldapHost = argv[1];
ldapPort = atoi(argv[2]);
loginDN = argv[3];
password = argv[4];
version = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
ldap_set_option( NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeOut);
rc = ldapssl_client_init( NULL,
NULL );
if (rc != LDAP_SUCCESS)
{
printf("ldapssl_client_init error: %d\n", rc);
exit(1);
}
rc = ldapssl_set_verify_callback(cert_callback);
if (rc != LDAP_SUCCESS)
{
printf("ldapssl_set_verify_callback error: %d\n", rc);
ldapssl_client_deinit();
exit(1);
}
do
{
ld = ldapssl_init( ldapHost,
ldapPort,
1 );
if (ld == NULL )
{
printf("ldapssl_init error\n" );
ldapssl_client_deinit();
exit(1);
}
rc = ldap_simple_bind_s( ld, loginDN, password);
if (rc != LDAP_SUCCESS )
{
printf("ldap_simple_bind_s error: %d, %s\n", rc, ldap_err2string( rc ));
ldap_unbind_s( ld );
ldapssl_client_deinit();
exit(1);
}
printf("SSL bind successful\n");
ldap_unbind_s( ld );
printf("\nWould you like bind again? (Y/N): ");
gets(answer);
} while (answer[0] == 'Y' || answer[0] == 'y');
ldapssl_client_deinit();
return 0;
}
int LIBCALL cert_callback
(
void *pHandle
)
{
int rc = 0;
int callbackRc = LDAPSSL_CERT_REJECT;
int length = 0;
int certStatus = 0;
char answer[256];
char *value = NULL;
LDAPSSL_Cert cert;
LDAPSSL_Cert_Validity_Period certPeriod;
cert.data = NULL;
cert.length = 0;
printf("\n");
printf("Certificate received.\n");
printf("Certificate Information:\n");
length = sizeof(certStatus);
rc = ldapssl_get_cert_attribute( pHandle,
LDAPSSL_CERT_GET_STATUS,
&certStatus,
&length );
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert_attribute LDAPSSL_CERT_GET_STATUS failed\n");
goto err;
}
printf(" Status: ");
switch (certStatus)
{
case UNABLE_TO_GET_ISSUER_CERT:
printf("unable to get issuer certificate\n");
break;
case UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
printf("unable to decode issuer public key\n");
break;
case CERT_SIGNATURE_FAILURE:
printf("certificate signature failure\n");
break;
case CERT_NOT_YET_VALID:
printf("certificate is not yet valid\n");
break;
case CERT_HAS_EXPIRED:
printf("Certificate has expired\n");
break;
case ERROR_IN_CERT_NOT_BEFORE_FIELD:
printf("format error in certificate's notBefore field\n");
break;
case ERROR_IN_CERT_NOT_AFTER_FIELD:
printf("format error in certificate's notAfter field\n");
break;
case DEPTH_ZERO_SELF_SIGNED_CERT:
printf("self signed certificate\n");
break;
case SELF_SIGNED_CERT_IN_CHAIN:
printf("self signed certificate in certificate chain\n");
break;
case UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
printf("unable to get local issuer certificate\n");
break;
case UNABLE_TO_VERIFY_LEAF_SIGNATURE:
printf("unable to verify the first certificate\n");
break;
case INVALID_CA:
printf("invalid CA certificate\n");
break;
case PATH_LENGTH_EXCEEDED:
printf("path length constraint exceeded\n");
break;
case INVALID_PURPOSE:
printf("unsupported certificate purpose\n");
break;
case CERT_UNTRUSTED:
printf("certificate not trusted\n");
break;
case CERT_REJECTED:
printf("certificate rejected\n");
break;
default:
printf(" number %d\n",certStatus);
break;
}
rc = ldapssl_get_cert_attribute( pHandle,
LDAPSSL_CERT_ATTR_ISSUER,
NULL,
&length );
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert_attribute LDAPSSL_CERT_ATTR_ISSUER length failed\n");
goto err;
}
length += 1;
value = (char *)malloc(length);
if(NULL == value)
{
printf("Could not allocate LDAPSSL_CERT_ATTR_ISSUER buffer!\n");
goto err;
}
rc = ldapssl_get_cert_attribute( pHandle,
LDAPSSL_CERT_ATTR_ISSUER,
value,
&length );
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert_attribute LDAPSSL_CERT_ATTR_ISSUER failed\n");
goto err;
}
printf(" Issuer: %s\n", value);
free(value);
value = NULL;
rc = ldapssl_get_cert_attribute( pHandle,
LDAPSSL_CERT_ATTR_SUBJECT,
NULL,
&length );
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert_attribute LDAPSSL_CERT_ATTR_SUBJECT length failed\n");
goto err;
}
length += 1;
value = (char *)malloc(length);
if(NULL == value)
{
printf("Could not allocate LDAPSSL_CERT_ATTR_SUBJECT buffer!\n");
goto err;
}
rc = ldapssl_get_cert_attribute( pHandle,
LDAPSSL_CERT_ATTR_SUBJECT,
value,
&length );
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert_attribute LDAPSSL_CERT_ATTR_SUBJECT failed\n");
goto err;
}
printf(" Subject: %s\n", value);
free(value);
value = NULL;
rc = ldapssl_get_cert_attribute( pHandle,
LDAPSSL_CERT_ATTR_VALIDITY_PERIOD,
&certPeriod,
&length );
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert_attribute LDAPSSL_CERT_ATTR_VALIDITY_PERIOD failed\n");
goto err;
}
printf(" Not Before Time: %s Type: %s\n",
certPeriod.notBeforeTime,
(certPeriod.notBeforeType == LDAPSSL_CERT_UTC_TIME) ?
"UTC Time" : "Generalized Time");
printf(" Not After Time: %s Type: %s\n",
certPeriod.notAfterTime,
(certPeriod.notAfterType == LDAPSSL_CERT_UTC_TIME) ?
"UTC Time" : "Generalized Time");
cert.data = NULL;
rc = ldapssl_get_cert( pHandle,
LDAPSSL_CERT_BUFFTYPE_DER,
&cert);
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert length failed\n");
goto err;
}
cert.data = (void *)malloc(cert.length);
if(NULL == cert.data)
{
printf("Could not allocate buffer!\n");
goto err;
}
rc = ldapssl_get_cert( pHandle,
LDAPSSL_CERT_BUFFTYPE_DER,
&cert);
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_get_cert failed\n");
goto err;
}
printf("\nWould you like to accept the certificate? (Y/N): ");
gets(answer);
if (answer[0] == 'Y' || answer[0] == 'y')
{
callbackRc = LDAPSSL_CERT_ACCEPT;
rc = ldapssl_add_trusted_cert( &cert, LDAPSSL_CERT_BUFFTYPE_DER );
if (LDAPSSL_SUCCESS != rc)
{
printf("ldapssl_add_trusted_cert failed\n");
}
}
else
callbackRc = LDAPSSL_CERT_REJECT;
err:
fflush(stdin);
if(NULL != cert.data)
free(cert.data);
if(NULL != value)
free(value);
return(callbackRc);
}