]> git.sur5r.net Git - openldap/blob - clients/tools/ldapdelete.c
f08bdba11faca5f167bdf55debd9e8e24f12260e
[openldap] / clients / tools / ldapdelete.c
1 /* ldapdelete.c - simple program to delete an entry using LDAP */
2 /* $OpenLDAP$ */
3 /*
4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
6  */
7
8 #include "portable.h"
9
10 #include <stdio.h>
11
12 #include <ac/stdlib.h>
13 #include <ac/ctype.h>
14
15 #include <ac/signal.h>
16 #include <ac/string.h>
17 #include <ac/unistd.h>
18
19 #include <ldap.h>
20 #include "lutil.h"
21 #include "lutil_ldap.h"
22 #include "ldap_defaults.h"
23
24 static char     *prog;
25 static char     *binddn = NULL;
26 static struct berval passwd = { 0, NULL };
27 static char *ldapuri = NULL;
28 static char     *ldaphost = NULL;
29 static int      ldapport = 0;
30 static int      prune = 0;
31 #ifdef HAVE_CYRUS_SASL
32 static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
33 static char     *sasl_mech = NULL;
34 static char *sasl_realm = NULL;
35 static char     *sasl_authc_id = NULL;
36 static char     *sasl_authz_id = NULL;
37 static char     *sasl_secprops = NULL;
38 #endif
39 static int      use_tls = 0;
40 static int      not, verbose, contoper;
41 static LDAP     *ld = NULL;
42
43 static int dodelete LDAP_P((
44     LDAP *ld,
45     const char *dn));
46
47 static int deletechildren LDAP_P((
48         LDAP *ld,
49         const char *dn ));
50
51 static void
52 usage( const char *s )
53 {
54         fprintf( stderr,
55 "Delete entries from an LDAP server\n\n"
56 "usage: %s [options] [dn]...\n"
57 "       dn: list of DNs to delete. If not given, it will be readed from stdin\n"
58 "           or from the file specified with \"-f file\".\n"
59 "Delete Options:\n"
60 "  -r         delete recursively\n"
61
62 "Common options:\n"
63 "  -d level   set LDAP debugging level to `level'\n"
64 "  -D binddn  bind DN\n"
65 "  -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
66 "             [!]manageDSAit   (alternate form, see -M)\n"
67 "             [!]noop\n"
68 "  -f file    read operations from `file'\n"
69 "  -h host    LDAP server\n"
70 "  -H URI     LDAP Uniform Resource Indentifier(s)\n"
71 "  -I         use SASL Interactive mode\n"
72 "  -k         use Kerberos authentication\n"
73 "  -K         like -k, but do only step 1 of the Kerberos bind\n"
74 "  -M         enable Manage DSA IT control (-MM to make critical)\n"
75 "  -n         show what would be done but don't actually do it\n"
76 "  -O props   SASL security properties\n"
77 "  -p port    port on LDAP server\n"
78 "  -P version procotol version (default: 3)\n"
79 "  -Q         use SASL Quiet mode\n"
80 "  -R realm   SASL realm\n"
81 "  -U authcid SASL authentication identity\n"
82 "  -v         run in verbose mode (diagnostics to standard output)\n"
83 "  -w passwd  bind passwd (for simple authentication)\n"
84 "  -W         prompt for bind passwd\n"
85 "  -x         Simple authentication\n"
86 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
87 "  -y file    Read passwd from file\n"
88 "  -Y mech    SASL mechanism\n"
89 "  -Z         Start TLS request (-ZZ to require successful response)\n"
90 ,               s );
91
92         exit( EXIT_FAILURE );
93 }
94
95
96 int
97 main( int argc, char **argv )
98 {
99         char            buf[ 4096 ];
100         FILE            *fp;
101         int             i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit, noop, crit;
102         char    *pw_file;
103         char    *control, *cvalue;
104
105     not = verbose = contoper = want_bindpw = debug
106                 = manageDSAit = noop = referrals = 0;
107     fp = NULL;
108     authmethod = -1;
109         version = -1;
110         pw_file = NULL;
111
112     prog = lutil_progname( "ldapdelete", argc, argv );
113
114     while (( i = getopt( argc, argv, "cf:r"
115                 "Cd:D:e:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF )
116         {
117         switch( i ) {
118         /* Delete Specific Options */
119         case 'c':       /* continuous operation mode */
120             ++contoper;
121             break;
122         case 'E': /* delete controls */
123                 if( version == LDAP_VERSION2 ) {
124                         fprintf( stderr, "%s: -E incompatible with LDAPv%d\n",
125                                 prog, version );
126                         return EXIT_FAILURE;
127                 }
128
129                 /* should be extended to support comma separated list of
130                  *      [!]key[=value] parameters, e.g.  -E !foo,bar=567
131                  */
132
133                 crit = 0;
134                 cvalue = NULL;
135                 if( optarg[0] == '!' ) {
136                         crit = 1;
137                         optarg++;
138                 }
139
140                 control = strdup( optarg );
141                 if ( (cvalue = strchr( control, '=' )) != NULL ) {
142                         *cvalue++ = '\0';
143                 }
144                 fprintf( stderr, "Invalid delete control name: %s\n", control );
145                 usage(prog);
146                 return EXIT_FAILURE;
147         case 'f':       /* read DNs from a file */
148                 if( fp != NULL ) {
149                         fprintf( stderr, "%s: -f previously specified\n", prog );
150                         return EXIT_FAILURE;
151                 }
152             if (( fp = fopen( optarg, "r" )) == NULL ) {
153                 perror( optarg );
154                 exit( EXIT_FAILURE );
155             }
156             break;
157         case 'r':
158                 prune = 1;
159                 break;
160
161         /* Common Options */
162         case 'C':
163                 referrals++;
164                 break;
165         case 'd':
166             debug |= atoi( optarg );
167             break;
168         case 'D':       /* bind DN */
169                 if( binddn != NULL ) {
170                         fprintf( stderr, "%s: -D previously specified\n", prog );
171                         return EXIT_FAILURE;
172                 }
173             binddn = strdup( optarg );
174             break;
175         case 'e': /* general controls */
176                 if( version == LDAP_VERSION2 ) {
177                         fprintf( stderr, "%s: -e incompatible with LDAPv%d\n",
178                                 prog, version );
179                         return EXIT_FAILURE;
180                 }
181
182                 /* should be extended to support comma separated list of
183                  *      [!]key[=value] parameters, e.g.  -e !foo,bar=567
184                  */
185
186                 crit = 0;
187                 cvalue = NULL;
188                 if( optarg[0] == '!' ) {
189                         crit = 1;
190                         optarg++;
191                 }
192
193                 control = strdup( optarg );
194                 if ( (cvalue = strchr( control, '=' )) != NULL ) {
195                         *cvalue++ = '\0';
196                 }
197
198                 if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
199                         if( cvalue != NULL ) {
200                                 fprintf( stderr, "manageDSAit: no control value expected" );
201                                 usage(prog);
202                                 return EXIT_FAILURE;
203                         }
204
205                         manageDSAit = 1 + crit;
206                         free( control );
207                         break;
208                         
209                 } else if ( strcasecmp( control, "noop" ) == 0 ) {
210                         if( cvalue != NULL ) {
211                                 fprintf( stderr, "noop: no control value expected" );
212                                 usage(prog);
213                                 return EXIT_FAILURE;
214                         }
215
216                         noop = 1 + crit;
217                         free( control );
218                         break;
219
220                 } else {
221                         fprintf( stderr, "Invalid general control name: %s\n", control );
222                         usage(prog);
223                         return EXIT_FAILURE;
224                 }
225         case 'h':       /* ldap host */
226                 if( ldapuri != NULL ) {
227                         fprintf( stderr, "%s: -h incompatible with -H\n", prog );
228                         return EXIT_FAILURE;
229                 }
230                 if( ldaphost != NULL ) {
231                         fprintf( stderr, "%s: -h previously specified\n", prog );
232                         return EXIT_FAILURE;
233                 }
234             ldaphost = strdup( optarg );
235             break;
236         case 'H':       /* ldap URI */
237                 if( ldaphost != NULL ) {
238                         fprintf( stderr, "%s: -H incompatible with -h\n", prog );
239                         return EXIT_FAILURE;
240                 }
241                 if( ldapport ) {
242                         fprintf( stderr, "%s: -H incompatible with -p\n", prog );
243                         return EXIT_FAILURE;
244                 }
245                 if( ldapuri != NULL ) {
246                         fprintf( stderr, "%s: -H previously specified\n", prog );
247                         return EXIT_FAILURE;
248                 }
249             ldapuri = strdup( optarg );
250             break;
251         case 'I':
252 #ifdef HAVE_CYRUS_SASL
253                 if( version == LDAP_VERSION2 ) {
254                         fprintf( stderr, "%s: -I incompatible with version %d\n",
255                                 prog, version );
256                         return EXIT_FAILURE;
257                 }
258                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
259                         fprintf( stderr, "%s: incompatible previous "
260                                 "authentication choice\n",
261                                 prog );
262                         return EXIT_FAILURE;
263                 }
264                 authmethod = LDAP_AUTH_SASL;
265                 version = LDAP_VERSION3;
266                 sasl_flags = LDAP_SASL_INTERACTIVE;
267                 break;
268 #else
269                 fprintf( stderr, "%s: was not compiled with SASL support\n",
270                         prog );
271                 return( EXIT_FAILURE );
272 #endif
273         case 'k':       /* kerberos bind */
274 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
275                 if( version > LDAP_VERSION2 ) {
276                         fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
277                                 prog, version );
278                         return EXIT_FAILURE;
279                 }
280
281                 if( authmethod != -1 ) {
282                         fprintf( stderr, "%s: -k incompatible with previous "
283                                 "authentication choice\n", prog );
284                         return EXIT_FAILURE;
285                 }
286                         
287                 authmethod = LDAP_AUTH_KRBV4;
288 #else
289                 fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
290                 return EXIT_FAILURE;
291 #endif
292             break;
293         case 'K':       /* kerberos bind, part one only */
294 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
295                 if( version > LDAP_VERSION2 ) {
296                         fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
297                                 prog, version );
298                         return EXIT_FAILURE;
299                 }
300                 if( authmethod != -1 ) {
301                         fprintf( stderr, "%s: incompatible with previous "
302                                 "authentication choice\n", prog );
303                         return EXIT_FAILURE;
304                 }
305
306                 authmethod = LDAP_AUTH_KRBV41;
307 #else
308                 fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
309                 return( EXIT_FAILURE );
310 #endif
311             break;
312         case 'M':
313                 /* enable Manage DSA IT */
314                 if( version == LDAP_VERSION2 ) {
315                         fprintf( stderr, "%s: -M incompatible with LDAPv%d\n",
316                                 prog, version );
317                         return EXIT_FAILURE;
318                 }
319                 manageDSAit++;
320                 version = LDAP_VERSION3;
321                 break;
322         case 'n':       /* print deletes, don't actually do them */
323             ++not;
324             break;
325         case 'O':
326 #ifdef HAVE_CYRUS_SASL
327                 if( sasl_secprops != NULL ) {
328                         fprintf( stderr, "%s: -O previously specified\n", prog );
329                         return EXIT_FAILURE;
330                 }
331                 if( version == LDAP_VERSION2 ) {
332                         fprintf( stderr, "%s: -O incompatible with LDAPv%d\n",
333                                 prog, version );
334                         return EXIT_FAILURE;
335                 }
336                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
337                         fprintf( stderr, "%s: incompatible previous "
338                                 "authentication choice\n", prog );
339                         return EXIT_FAILURE;
340                 }
341                 authmethod = LDAP_AUTH_SASL;
342                 version = LDAP_VERSION3;
343                 sasl_secprops = strdup( optarg );
344 #else
345                 fprintf( stderr, "%s: not compiled with SASL support\n",
346                         prog );
347                 return( EXIT_FAILURE );
348 #endif
349                 break;
350         case 'p':
351                 if( ldapport ) {
352                         fprintf( stderr, "%s: -p previously specified\n", prog );
353                         return EXIT_FAILURE;
354                 }
355             ldapport = atoi( optarg );
356             break;
357         case 'P':
358                 switch( atoi(optarg) ) {
359                 case 2:
360                         if( version == LDAP_VERSION3 ) {
361                                 fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
362                                         prog, version );
363                                 return EXIT_FAILURE;
364                         }
365                         version = LDAP_VERSION2;
366                         break;
367                 case 3:
368                         if( version == LDAP_VERSION2 ) {
369                                 fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
370                                         prog, version );
371                                 return EXIT_FAILURE;
372                         }
373                         version = LDAP_VERSION3;
374                         break;
375                 default:
376                         fprintf( stderr, "%s: protocol version should be 2 or 3\n",
377                                 prog );
378                         usage( prog );
379                         return( EXIT_FAILURE );
380                 } break;
381         case 'Q':
382 #ifdef HAVE_CYRUS_SASL
383                 if( version == LDAP_VERSION2 ) {
384                         fprintf( stderr, "%s: -Q incompatible with version %d\n",
385                                 prog, version );
386                         return EXIT_FAILURE;
387                 }
388                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
389                         fprintf( stderr, "%s: incompatible previous "
390                                 "authentication choice\n",
391                                 prog );
392                         return EXIT_FAILURE;
393                 }
394                 authmethod = LDAP_AUTH_SASL;
395                 version = LDAP_VERSION3;
396                 sasl_flags = LDAP_SASL_QUIET;
397                 break;
398 #else
399                 fprintf( stderr, "%s: not compiled with SASL support\n",
400                         prog );
401                 return( EXIT_FAILURE );
402 #endif
403         case 'R':
404 #ifdef HAVE_CYRUS_SASL
405                 if( sasl_realm != NULL ) {
406                         fprintf( stderr, "%s: -R previously specified\n", prog );
407                         return EXIT_FAILURE;
408                 }
409                 if( version == LDAP_VERSION2 ) {
410                         fprintf( stderr, "%s: -R incompatible with version %d\n",
411                                 prog, version );
412                         return EXIT_FAILURE;
413                 }
414                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
415                         fprintf( stderr, "%s: incompatible previous "
416                                 "authentication choice\n",
417                                 prog );
418                         return EXIT_FAILURE;
419                 }
420                 authmethod = LDAP_AUTH_SASL;
421                 version = LDAP_VERSION3;
422                 sasl_realm = strdup( optarg );
423 #else
424                 fprintf( stderr, "%s: not compiled with SASL support\n",
425                         prog );
426                 return( EXIT_FAILURE );
427 #endif
428                 break;
429         case 'U':
430 #ifdef HAVE_CYRUS_SASL
431                 if( sasl_authc_id != NULL ) {
432                         fprintf( stderr, "%s: -U previously specified\n", prog );
433                         return EXIT_FAILURE;
434                 }
435                 if( version == LDAP_VERSION2 ) {
436                         fprintf( stderr, "%s: -U incompatible with version %d\n",
437                                 prog, version );
438                         return EXIT_FAILURE;
439                 }
440                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
441                         fprintf( stderr, "%s: incompatible previous "
442                                 "authentication choice\n",
443                                 prog );
444                         return EXIT_FAILURE;
445                 }
446                 authmethod = LDAP_AUTH_SASL;
447                 version = LDAP_VERSION3;
448                 sasl_authc_id = strdup( optarg );
449 #else
450                 fprintf( stderr, "%s: not compiled with SASL support\n",
451                         prog );
452                 return( EXIT_FAILURE );
453 #endif
454                 break;
455         case 'v':       /* verbose mode */
456             verbose++;
457             break;
458         case 'w':       /* password */
459             passwd.bv_val = strdup( optarg );
460                 {
461                         char* p;
462
463                         for( p = optarg; *p != '\0'; p++ ) {
464                                 *p = '\0';
465                         }
466                 }
467                 passwd.bv_len = strlen( passwd.bv_val );
468             break;
469         case 'W':
470                 want_bindpw++;
471                 break;
472         case 'y':
473                 pw_file = optarg;
474                 break;
475         case 'Y':
476 #ifdef HAVE_CYRUS_SASL
477                 if( sasl_mech != NULL ) {
478                         fprintf( stderr, "%s: -Y previously specified\n", prog );
479                         return EXIT_FAILURE;
480                 }
481                 if( version == LDAP_VERSION2 ) {
482                         fprintf( stderr, "%s: -Y incompatible with version %d\n",
483                                 prog, version );
484                         return EXIT_FAILURE;
485                 }
486                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
487                         fprintf( stderr, "%s: incompatible with authentication choice\n", prog );
488                         return EXIT_FAILURE;
489                 }
490                 authmethod = LDAP_AUTH_SASL;
491                 version = LDAP_VERSION3;
492                 sasl_mech = strdup( optarg );
493 #else
494                 fprintf( stderr, "%s: not compiled with SASL support\n",
495                         prog );
496                 return( EXIT_FAILURE );
497 #endif
498                 break;
499         case 'x':
500                 if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
501                         fprintf( stderr, "%s: incompatible with previous "
502                                 "authentication choice\n", prog );
503                         return EXIT_FAILURE;
504                 }
505                 authmethod = LDAP_AUTH_SIMPLE;
506                 break;
507         case 'X':
508 #ifdef HAVE_CYRUS_SASL
509                 if( sasl_authz_id != NULL ) {
510                         fprintf( stderr, "%s: -X previously specified\n", prog );
511                         return EXIT_FAILURE;
512                 }
513                 if( version == LDAP_VERSION2 ) {
514                         fprintf( stderr, "%s: -X incompatible with LDAPv%d\n",
515                                 prog, version );
516                         return EXIT_FAILURE;
517                 }
518                 if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
519                         fprintf( stderr, "%s: -X incompatible with "
520                                 "authentication choice\n", prog );
521                         return EXIT_FAILURE;
522                 }
523                 authmethod = LDAP_AUTH_SASL;
524                 version = LDAP_VERSION3;
525                 sasl_authz_id = strdup( optarg );
526 #else
527                 fprintf( stderr, "%s: not compiled with SASL support\n",
528                         prog );
529                 return( EXIT_FAILURE );
530 #endif
531                 break;
532         case 'Z':
533 #ifdef HAVE_TLS
534                 if( version == LDAP_VERSION2 ) {
535                         fprintf( stderr, "%s: -Z incompatible with version %d\n",
536                                 prog, version );
537                         return EXIT_FAILURE;
538                 }
539                 version = LDAP_VERSION3;
540                 use_tls++;
541 #else
542                 fprintf( stderr, "%s: not compiled with TLS support\n",
543                         prog );
544                 return( EXIT_FAILURE );
545 #endif
546                 break;
547         default:
548                 fprintf( stderr, "%s: unrecognized option -%c\n",
549                         prog, optopt );
550                 usage( prog );
551                 return( EXIT_FAILURE );
552         }
553     }
554
555         if (version == -1) {
556                 version = LDAP_VERSION3;
557         }
558         if (authmethod == -1 && version > LDAP_VERSION2) {
559 #ifdef HAVE_CYRUS_SASL
560                 authmethod = LDAP_AUTH_SASL;
561 #else
562                 authmethod = LDAP_AUTH_SIMPLE;
563 #endif
564         }
565
566     if ( fp == NULL ) {
567         if ( optind >= argc ) {
568             fp = stdin;
569         }
570     }
571
572         if ( debug ) {
573                 if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
574                         fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
575                 }
576                 if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) {
577                         fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
578                 }
579         }
580
581 #ifdef SIGPIPE
582         (void) SIGNAL( SIGPIPE, SIG_IGN );
583 #endif
584
585         if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
586                 if ( verbose ) {
587                         fprintf( stderr, "ldap_init( %s, %d )\n",
588                                 ldaphost != NULL ? ldaphost : "<DEFAULT>",
589                                 ldapport );
590                 }
591
592                 ld = ldap_init( ldaphost, ldapport );
593                 if( ld == NULL ) {
594                         perror("ldapdelete: ldap_init");
595                         return EXIT_FAILURE;
596                 }
597
598         } else {
599                 if ( verbose ) {
600                         fprintf( stderr, "ldap_initialize( %s )\n",
601                                 ldapuri != NULL ? ldapuri : "<DEFAULT>" );
602                 }
603
604                 rc = ldap_initialize( &ld, ldapuri );
605                 if( rc != LDAP_SUCCESS ) {
606                         fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
607                                 rc, ldap_err2string(rc) );
608                         return EXIT_FAILURE;
609                 }
610         }
611
612         {
613                 /* this seems prudent for searches below */
614                 int deref = LDAP_DEREF_NEVER;
615                 ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
616         }
617
618         /* chase referrals */
619         if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
620                 referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
621         {
622                 fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
623                         referrals ? "on" : "off" );
624                 return EXIT_FAILURE;
625         }
626
627         if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
628                 != LDAP_OPT_SUCCESS )
629         {
630                 fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
631                         version );
632                 return EXIT_FAILURE;
633         }
634
635         if ( use_tls && ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) {
636                 ldap_perror( ld, "ldap_start_tls" );
637                 if ( use_tls > 1 ) {
638                         return EXIT_FAILURE;
639                 }
640         }
641
642         if ( pw_file || want_bindpw ) {
643                 if ( pw_file ) {
644                         rc = lutil_get_filed_password( pw_file, &passwd );
645                         if( rc ) return EXIT_FAILURE;
646                 } else {
647                         passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
648                         passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
649                 }
650         }
651
652         if ( authmethod == LDAP_AUTH_SASL ) {
653 #ifdef HAVE_CYRUS_SASL
654                 void *defaults;
655
656                 if( sasl_secprops != NULL ) {
657                         rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS,
658                                 (void *) sasl_secprops );
659                         
660                         if( rc != LDAP_OPT_SUCCESS ) {
661                                 fprintf( stderr,
662                                         "Could not set LDAP_OPT_X_SASL_SECPROPS: %s\n",
663                                         sasl_secprops );
664                                 return( EXIT_FAILURE );
665                         }
666                 }
667                 
668                 defaults = lutil_sasl_defaults( ld,
669                         sasl_mech,
670                         sasl_realm,
671                         sasl_authc_id,
672                         passwd.bv_val,
673                         sasl_authz_id );
674
675                 rc = ldap_sasl_interactive_bind_s( ld, binddn,
676                         sasl_mech, NULL, NULL,
677                         sasl_flags, lutil_sasl_interact, defaults );
678
679                 if( rc != LDAP_SUCCESS ) {
680                         ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
681                         return( EXIT_FAILURE );
682                 }
683 #else
684                 fprintf( stderr, "%s: not compiled with SASL support\n",
685                         prog );
686                 return( EXIT_FAILURE );
687 #endif
688         }
689         else {
690                 if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
691                                 != LDAP_SUCCESS ) {
692                         ldap_perror( ld, "ldap_bind" );
693                         return( EXIT_FAILURE );
694                 }
695         }
696
697         if ( manageDSAit || noop ) {
698                 int err, i = 0;
699                 LDAPControl c1, c2;
700                 LDAPControl *ctrls[3];
701
702                 if ( manageDSAit ) {
703                         ctrls[i++] = &c1;
704                         ctrls[i] = NULL;
705                         c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
706                         c1.ldctl_value.bv_val = NULL;
707                         c1.ldctl_value.bv_len = 0;
708                         c1.ldctl_iscritical = manageDSAit > 1;
709                 }
710
711                 if ( noop ) {
712                         ctrls[i++] = &c2;
713                         ctrls[i] = NULL;
714
715                         c2.ldctl_oid = LDAP_CONTROL_NOOP;
716                         c2.ldctl_value.bv_val = NULL;
717                         c2.ldctl_value.bv_len = 0;
718                         c2.ldctl_iscritical = noop > 1;
719                 }
720         
721                 err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
722
723                 if( err != LDAP_OPT_SUCCESS ) {
724                         fprintf( stderr, "Could not set %scontrols\n",
725                                 (c1.ldctl_iscritical || c2.ldctl_iscritical)
726                                 ? "critical " : "" );
727                         if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) {
728                                 return EXIT_FAILURE;
729                         }
730                 }
731         }
732
733         rc = 0;
734
735     if ( fp == NULL ) {
736                 for ( ; optind < argc; ++optind ) {
737                         rc = dodelete( ld, argv[ optind ] );
738
739                         /* Stop on error and no -c option */
740                         if( rc != 0 && contoper == 0) break;
741                 }
742         } else {
743                 while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
744                         buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */
745
746                         if ( *buf != '\0' ) {
747                                 rc = dodelete( ld, buf );
748                         }
749                 }
750         }
751
752     ldap_unbind( ld );
753
754         return( rc );
755 }
756
757
758 static int dodelete(
759     LDAP        *ld,
760     const char  *dn)
761 {
762         int id;
763         int     rc, code;
764         char *matcheddn = NULL, *text = NULL, **refs = NULL;
765         LDAPMessage *res;
766
767         if ( verbose ) {
768                 printf( "%sdeleting entry \"%s\"\n",
769                         (not ? "!" : ""), dn );
770         }
771
772         if ( not ) {
773                 return LDAP_SUCCESS;
774         }
775
776         /* If prune is on, remove a whole subtree.  Delete the children of the
777          * DN recursively, then the DN requested.
778          */
779         if ( prune ) deletechildren( ld, dn );
780
781         rc = ldap_delete_ext( ld, dn, NULL, NULL, &id );
782         if ( rc != LDAP_SUCCESS ) {
783                 fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
784                         prog, ldap_err2string( rc ), rc );
785                 return rc;
786         }
787
788         rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
789         if ( rc < 0 ) {
790                 ldap_perror( ld, "ldapdelete: ldap_result" );
791                 return rc;
792         }
793
794         rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 1 );
795
796         if( rc != LDAP_SUCCESS ) {
797                 fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
798                         prog, ldap_err2string( rc ), rc );
799                 return rc;
800         }
801
802         if( verbose || code != LDAP_SUCCESS ||
803                 (matcheddn && *matcheddn) || (text && *text) || (refs && *refs) )
804         {
805                 printf( "Delete Result: %s (%d)\n", ldap_err2string( code ), code );
806
807                 if( text && *text ) {
808                         printf( "Additional info: %s\n", text );
809                 }
810
811                 if( matcheddn && *matcheddn ) {
812                         printf( "Matched DN: %s\n", matcheddn );
813                 }
814
815                 if( refs ) {
816                         int i;
817                         for( i=0; refs[i]; i++ ) {
818                                 printf("Referral: %s\n", refs[i] );
819                         }
820                 }
821         }
822
823         ber_memfree( text );
824         ber_memfree( matcheddn );
825         ber_memvfree( (void **) refs );
826
827         return code;
828 }
829
830 /*
831  * Delete all the children of an entry recursively until leaf nodes are reached.
832  *
833  */
834 static int deletechildren(
835         LDAP *ld,
836         const char *dn )
837 {
838         LDAPMessage *res, *e;
839         int entries;
840         int rc;
841         static char *attrs[] = { "1.1", NULL };
842
843         if ( verbose ) printf ( "deleting children of: %s\n", dn );
844         /*
845          * Do a one level search at dn for children.  For each, delete its children.
846          */
847
848         rc = ldap_search_ext_s( ld, dn, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
849                 NULL, NULL, NULL, -1, &res );
850         if ( rc != LDAP_SUCCESS ) {
851                 ldap_perror( ld, "ldap_search" );
852                 return( rc );
853         }
854
855         entries = ldap_count_entries( ld, res );
856
857         if ( entries > 0 ) {
858                 int i;
859
860                 for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
861                         e = ldap_next_entry( ld, e ), i++ )
862                 {
863                         char *dn = ldap_get_dn( ld, e );
864
865                         if( dn == NULL ) {
866                                 ldap_perror( ld, "ldap_prune" );
867                                 ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
868                                 ber_memfree( dn );
869                                 return rc;
870                         }
871
872                         rc = deletechildren( ld, dn );
873                         if ( rc == -1 ) {
874                                 ldap_perror( ld, "ldap_prune" );
875                                 ber_memfree( dn );
876                                 return rc;
877                         }
878
879                         if ( verbose ) {
880                                 printf( "\tremoving %s\n", dn );
881                         }
882
883                         rc = ldap_delete_s( ld, dn );
884                         if ( rc == -1 ) {
885                                 ldap_perror( ld, "ldap_delete" );
886                                 ber_memfree( dn );
887                                 return rc;
888
889                         }
890                         
891                         if ( verbose ) {
892                                 printf( "\t%s removed\n", dn );
893                         }
894
895                         ber_memfree( dn );
896                 }
897         }
898
899         ldap_msgfree( res );
900         return rc;
901 }