|
InfoDirectory使用手引書
|
目次
索引
 
|
5.5.3.12 証明書認証を行う非同期型エントリ検索
証明書認証を行うエントリ検索のサンプルプログラムを以下に示します。
このサンプルプログラムでは、証明書認証を行う場合の検索です。
[search_sasl.c]
/*
* Copyright (c) 2001. Fujitsu Limited. All rights reserved.
*
* SASL Bind and Search the directory for all entry.
*
*/
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if defined(_WIN32)
#include <winsock.h>
#endif
#include "examples.h"
unsigned long global_counter = 0;
char *host = "localhost";
int port = LDAP_SSL_PORT;
char *s_base = "o=Fujitsu,c=JP";
int scope = LDAP_SCOPE_SUBTREE;
char *filter = "(objectclass=*)";
/*-------------------------------------------------------------*/
/*
* Perform other work while polling for results. This doesn't do anything
* useful, but it could.
*/
static void do_other_work()
{
extern unsigned long global_counter;
global_counter++;
}
/*-------------------------------------------------------------*/
/*
* main program
*/
void main(
int argc,
char *argv[]
)
{
LDAP *ld;
int msgid;
LDAPMessage *result;
int rtn;
int optdata;
struct timeval zerotime;
int finished;
int errcode;
char *errmsg;
char *mached;
int num_entries;
SSLENV sslenv;
extern char *host;
extern int port;
extern char *binddn;
extern char *passwd;
extern char *s_base;
extern int scope;
extern char *filter;
/*----------------------------------------------------------*/
printf( "%s is start\n", argv[0] );
memset( &sslenv, '\0', sizeof( sslenv ) );
sslenv.ssl_version = 3;
/* sslenv.ssl_verify = 0; */
sslenv.crypt = "RSA-3DES-SHA:RSA-DES-SHA";
#if defined(unix)
sslenv.slot_path = "/usr/sslenv/slot/";
#elif defined(_WIN32)
sslenv.slot_path = "c:\\usr\\sslenv\\slot\\";
#endif
sslenv.tkn_lbl = "token1";
sslenv.tkn_pwd = "slot123";
#if defined(unix)
sslenv.cert_path = (unsigned char *)"/usr/sslenv/sslcert/";
#elif defined(_WIN32)
sslenv.cert_path = (unsigned char *)"c:\\usr\\sslenv\\sslcert\\";
#endif
sslenv.user_cert = (unsigned char *)"client_cert";
sslenv.ssl_timer = 30;
printf( "%s: ldapssl_init( \"%s\", %d )\n", argv[0], host, port );
ld = ldapssl_init( host, port, &sslenv );
if ( ld == NULL ) {
perror( "ldapssl_init" );
printf( "%s is abnormal end\n", argv[0] );
exit( 1 );
}
/* set option ( LDAP_OPT_OFF ) */
optdata = LDAP_OPT_OFF;
printf( "%s: ldap_set_option( LDAP_OPT_REFERRALS, %d )\n", argv[0], optdata );
rtn = ldap_set_option(ld, LDAP_OPT_REFERRALS, (void *)(&optdata));
if ( rtn != 0 ) {
do_error_msg( "ldap_set_option", rtn, NULL, NULL );
do_unbind( ld, argv );
printf( "%s is abnormal end\n", argv[0] );
exit( 1 );
}
/* set option ( LDAP_DEREF_ALWAYS ) */
optdata = LDAP_DEREF_ALWAYS;
printf( "%s: ldap_set_option( LDAP_OPT_DEREF, %d )\n", argv[0], optdata );
rtn = ldap_set_option(ld, LDAP_OPT_DEREF, (void *)(&optdata));
if (rtn != 0 ) {
do_error_msg( "ldap_set_option", rtn, NULL, NULL );
do_unbind( ld, argv );
printf( "%s is abnormal end\n", argv[0] );
exit( 1 );
}
/* set option ( LDAP_VERSION3 ) */
optdata = LDAP_VERSION3;
printf( "%s: ldap_set_option( LDAP_OPT_PROTOCOL_VERSION, %d )\n", argv[0], optdata );
rtn = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void *)(&optdata));
if ( rtn != 0 ) {
do_error_msg( "ldap_set_option", rtn, NULL, NULL );
do_unbind( ld, argv );
printf( "%s is abnormal end\n", argv[0] );
exit( 1 );
}
/* simple authenticate */
printf( "%s: ldap_sasl_bind_s( \"%s\", \"******\" )\n", argv[0], "EXTERNAL" );
rtn = ldap_sasl_bind_s( ld, NULL, LDAP_SASL_EXTERNAL,NULL,NULL,NULL,NULL );
if ( rtn != LDAP_SUCCESS ) {
do_error_msg( "ldap_sasl_bind_s", rtn, NULL, NULL );
do_unbind( ld, argv );
printf( "%s is abnormal end\n", argv[0] );
exit( 1 );
}
printf( "%s: ldap_search( \"%s\", %d, \"%s\" )\n", argv[0], s_base, scope, filter );
msgid = ldap_search( ld, s_base, scope, filter, NULL, 0 );
if ( msgid < 0 ) {
do_get_ldaperror( ld, &errcode, &errmsg );
do_error_msg( "ldap_search", errcode, NULL, errmsg );
do_unbind( ld, argv );
printf( "%s is abnormal end\n", argv[0] );
exit( 1 );
}
/* Poll for the result */
finished = 0;
while ( finished == 0 ) {
printf( "%s: ldap_result( )\n", argv[0] );
result = NULL;
zerotime.tv_sec = 30L;
zerotime.tv_usec = 0L;
rtn = ldap_result( ld, msgid, LDAP_MSG_ALL, &zerotime, &result );
switch ( rtn ) {
case -1:
/* some error occurred */
if ( result != NULL ) {
errcode = 0;
mached = NULL;
errmsg = NULL;
ldap_parse_result( ld, result, &errcode, &mached, &errmsg, 0, 0, 0 );
do_error_msg( "ldap_result", errcode, mached, errmsg );
}
printf( "%s: Entry search error.\n", argv[0] );
do_unbind( ld, argv );
printf( "%s is abnormal end\n", argv[0] );
exit( 1 );
case 0:
/* Timeout was exceeded.
No entries are ready for retrieval */
#if defined(unix)
sleep(1);
#elif defined(_WIN32)
Sleep(1*1000);
#endif
break;
default:
/* Should be finished here */
finished = 1;
errcode = 0;
mached = NULL;
errmsg = NULL;
ldap_parse_result( ld, result, &errcode, &mached, &errmsg, 0, 0, 0 );
if ( errcode == LDAP_SUCCESS ) {
printf( "%s: Entry search successfully. I counted to %ld while waiting.\n", argv[0], global_counter );
} else {
printf( "%s: Error while searching entry\n", argv[0] );
do_error_msg( "ldap_result", errcode, mached, errmsg );
}
}
do_other_work();
}
num_entries = print_entry( ld, result, 1 );
printf( "%s: %d entries retrieved. I counted to %ld while I was waiting.\n", argv[0], num_entries, global_counter );
do_unbind( ld, argv );
printf( "%s is normal end\n", argv[0] );
exit( 0 );
}
All Rights Reserved, Copyright(C) 富士通株式会社 2005