3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
11 #include <ac/stdlib.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
16 #include <ac/unistd.h>
23 #ifdef HAVE_SYS_TYPES_H
24 #include <sys/types.h>
33 #include "ldap_defaults.h"
39 usage( const char *s )
42 "usage: %s [options] filter [attributes...]\nwhere:\n"
43 " filter\tRFC-1558 compliant LDAP search filter\n"
44 " attributes\twhitespace-separated list of attributes to retrieve\n"
45 "\t\t1.1 -- no attributes\n"
46 "\t\t* -- all user attributes\n"
47 "\t\t+ -- all operational attributes\n"
48 "\t\tempty list -- all non-operational attributes\n"
50 " -a deref\tone of `never', `always', `search', or `find' (alias\n"
52 " -A\t\tretrieve attribute names only (no values)\n"
53 " -b basedn\tbase dn for search\n"
54 " -B\t\tdo not suppress printing of binary values\n"
55 " -d level\tset LDAP debugging level to `level'\n"
56 " -D binddn\tbind DN\n"
57 " -E\t\trequest SASL privacy (-EE to make it critical)\n"
58 " -f file\t\tperform sequence of searches listed in `file'\n"
59 " -F sep\t\tprint `sep' instead of `=' between attribute names and\n"
61 " -h host\t\tLDAP server\n"
62 " -I\t\trequest SASL integrity checking (-II to make it\n"
64 " -k\t\tuse Kerberos authentication\n"
65 " -K\t\tlike -k, but do only step 1 of the Kerberos bind\n"
66 " -l limit\ttime limit (in seconds) for search\n"
67 " -L\t\tprint entries in LDIF format (implies -B)\n"
68 " -LL\t\tprint entries in LDIF format without comments\n"
69 " -LLL\t\tprint entries in LDIF format without comments and\n"
71 " -M\t\tenable Manage DSA IT control (-MM to make critical)\n"
72 " -n\t\tshow what would be done but don't actually search\n"
73 " -p port\t\tport on LDAP server\n"
74 " -P version\tprocotol version (2 or 3)\n"
75 " -R\t\tdo not automatically follow referrals\n"
76 " -s scope\tone of base, one, or sub (search scope)\n"
77 " -S attr\t\tsort the results by attribute `attr'\n"
78 " -t\t\twrite binary values to files in TMPDIR\n"
79 " -tt\t\twrite all values to files in TMPDIR\n"
80 " -T path\t\twrite files to directory specified by path (default:\n"
82 " -u\t\tinclude User Friendly entry names in the output\n"
83 " -U user\t\tSASL authentication identity (username)\n"
84 " -v\t\trun in verbose mode (diagnostics to standard output)\n"
85 " -V prefix\tURL prefix for files (default: \"file://tmp/\")\n"
86 " -w passwd\tbind passwd (for simple authentication)\n"
87 " -W\t\tprompt for bind passwd\n"
88 " -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
89 " -Y mech\t\tSASL mechanism\n"
90 " -z limit\tsize limit (in entries) for search\n"
91 " -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
97 static void print_entry LDAP_P((
102 static int write_ldif LDAP_P((
108 static int dosearch LDAP_P((
117 #define TMPDIR "/tmp"
118 #define URLPRE "file:/tmp/"
120 static char *tmpdir = NULL;
121 static char *urlpre = NULL;
123 static char *binddn = NULL;
124 static struct berval passwd = { 0, NULL };
125 static char *base = NULL;
126 static char *ldaphost = NULL;
127 static int ldapport = 0;
128 #ifdef HAVE_CYRUS_SASL
129 static char *sasl_authc_id = NULL;
130 static char *sasl_authz_id = NULL;
131 static char *sasl_mech = NULL;
132 static int sasl_integrity = 0;
133 static int sasl_privacy = 0;
135 static int use_tls = 0;
136 static char *sep = DEFSEP;
137 static char *sortattr = NULL;
138 static int skipsortattr = 0;
139 static int verbose, not, includeufn, binary, vals2tmp, ldif;
142 main( int argc, char **argv )
144 char *infile, *filtpattern, **attrs, line[ BUFSIZ ];
146 int rc, i, first, scope, deref, attrsonly, manageDSAit;
147 int referrals, timelimit, sizelimit, debug;
148 int authmethod, version, want_bindpw;
152 debug = verbose = binary = not = vals2tmp =
153 attrsonly = manageDSAit = ldif = want_bindpw = 0;
155 deref = sizelimit = timelimit = version = -1;
157 /* default should be off */
160 scope = LDAP_SCOPE_SUBTREE;
161 authmethod = LDAP_AUTH_SIMPLE;
163 while (( i = getopt( argc, argv,
164 "Aa:Bb:D:d:EF:f:h:IKkLl:MnP:p:RS:s:T:tU:uV:vWw:X:Y:Zz:")) != EOF )
167 case 'n': /* do Not do any searches */
170 case 'v': /* verbose mode */
174 debug |= atoi( optarg );
176 case 'k': /* use kerberos bind */
177 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
178 authmethod = LDAP_AUTH_KRBV4;
180 fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] );
181 return( EXIT_FAILURE );
184 case 'K': /* use kerberos bind, 1st part only */
185 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
186 authmethod = LDAP_AUTH_KRBV41;
188 fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] );
189 return( EXIT_FAILURE );
193 case 'u': /* include UFN */
196 case 't': /* write attribute values to /tmp files */
200 /* enable Manage DSA IT */
203 case 'R': /* don't automatically chase referrals */
206 case 'A': /* retrieve attribute names only -- no values */
209 case 'L': /* print entries in LDIF format */
211 /* fall through -- always allow binary when outputting LDIF */
212 case 'B': /* allow binary values to be printed */
215 case 's': /* search scope */
216 if ( strcasecmp( optarg, "base" ) == 0 ) {
217 scope = LDAP_SCOPE_BASE;
218 } else if ( strcasecmp( optarg, "one" ) == 0 ) {
219 scope = LDAP_SCOPE_ONELEVEL;
220 } else if ( strcasecmp( optarg, "sub" ) == 0 ) {
221 scope = LDAP_SCOPE_SUBTREE;
223 fprintf( stderr, "scope should be base, one, or sub\n" );
228 case 'a': /* set alias deref option */
229 if ( strcasecmp( optarg, "never" ) == 0 ) {
230 deref = LDAP_DEREF_NEVER;
231 } else if ( strcasecmp( optarg, "search" ) == 0 ) {
232 deref = LDAP_DEREF_SEARCHING;
233 } else if ( strcasecmp( optarg, "find" ) == 0 ) {
234 deref = LDAP_DEREF_FINDING;
235 } else if ( strcasecmp( optarg, "always" ) == 0 ) {
236 deref = LDAP_DEREF_ALWAYS;
238 fprintf( stderr, "alias deref should be never, search, find, or always\n" );
243 case 'T': /* field separator */
244 if( tmpdir ) free( tmpdir );
245 tmpdir = strdup( optarg );
247 case 'V': /* field separator */
248 if( urlpre ) free( urlpre );
249 urlpre = strdup( optarg );
251 case 'F': /* field separator */
252 sep = strdup( optarg );
254 case 'f': /* input file */
255 infile = strdup( optarg );
257 case 'h': /* ldap host */
258 ldaphost = strdup( optarg );
260 case 'b': /* searchbase */
261 base = strdup( optarg );
263 case 'D': /* bind DN */
264 binddn = strdup( optarg );
266 case 'p': /* ldap port */
267 ldapport = atoi( optarg );
269 case 'w': /* bind password */
270 passwd.bv_val = strdup( optarg );
274 for( p = optarg; *p == '\0'; p++ ) {
278 passwd.bv_len = strlen( passwd.bv_val );
280 case 'l': /* time limit */
281 timelimit = atoi( optarg );
283 case 'z': /* size limit */
284 sizelimit = atoi( optarg );
286 case 'S': /* sort attribute */
287 sortattr = strdup( optarg );
293 switch( atoi( optarg ) )
296 version = LDAP_VERSION2;
299 version = LDAP_VERSION3;
302 fprintf( stderr, "protocol version should be 2 or 3\n" );
307 #ifdef HAVE_CYRUS_SASL
309 authmethod = LDAP_AUTH_SASL;
311 fprintf( stderr, "%s was not compiled with SASL support\n",
313 return( EXIT_FAILURE );
317 #ifdef HAVE_CYRUS_SASL
319 authmethod = LDAP_AUTH_SASL;
321 fprintf( stderr, "%s was not compiled with SASL support\n",
323 return( EXIT_FAILURE );
327 #ifdef HAVE_CYRUS_SASL
328 if ( strcasecmp( optarg, "any" ) && strcmp( optarg, "*" ) ) {
329 sasl_mech = strdup( optarg );
331 authmethod = LDAP_AUTH_SASL;
333 fprintf( stderr, "%s was not compiled with SASL support\n",
335 return( EXIT_FAILURE );
339 #ifdef HAVE_CYRUS_SASL
340 sasl_authc_id = strdup( optarg );
341 authmethod = LDAP_AUTH_SASL;
343 fprintf( stderr, "%s was not compiled with SASL support\n",
345 return( EXIT_FAILURE );
349 #ifdef HAVE_CYRUS_SASL
350 sasl_authz_id = strdup( optarg );
351 authmethod = LDAP_AUTH_SASL;
353 fprintf( stderr, "%s was not compiled with SASL support\n",
355 return( EXIT_FAILURE );
362 fprintf( stderr, "%s was not compiled with TLS support\n",
364 return( EXIT_FAILURE );
373 /* no alternative format */
374 if( ldif < 1 ) ldif = 1;
377 if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
378 LDAP_AUTH_KRBV41 ) ) {
379 if( version > LDAP_VERSION2 ) {
380 fprintf( stderr, "Kerberos requires LDAPv2\n" );
381 return( EXIT_FAILURE );
383 version = LDAP_VERSION2;
385 else if ( authmethod == LDAP_AUTH_SASL ) {
386 if( version != -1 && version != LDAP_VERSION3 ) {
387 fprintf( stderr, "SASL requires LDAPv3\n" );
388 return( EXIT_FAILURE );
390 version = LDAP_VERSION3;
394 if( version != -1 && version != LDAP_VERSION3 ) {
395 fprintf(stderr, "manage DSA control requires LDAPv3\n");
398 version = LDAP_VERSION3;
402 if( version != -1 && version != LDAP_VERSION3 ) {
403 fprintf(stderr, "Start TLS requires LDAPv3\n");
406 version = LDAP_VERSION3;
409 if ( argc - optind < 1 ) {
413 filtpattern = strdup( argv[ optind ] );
415 if ( argv[ optind + 1 ] == NULL ) {
417 } else if ( sortattr == NULL || *sortattr == '\0' ) {
418 attrs = &argv[ optind + 1 ];
420 for ( i = optind + 1; i < argc; i++ ) {
421 if ( strcasecmp( argv[ i ], sortattr ) == 0 ) {
427 argv[ optind ] = sortattr;
431 attrs = &argv[ optind ];
434 if ( infile != NULL ) {
435 if ( infile[0] == '-' && infile[1] == '\0' ) {
437 } else if (( fp = fopen( infile, "r" )) == NULL ) {
444 && (tmpdir = getenv("TMPDIR")) == NULL
445 && (tmpdir = getenv("TMP")) == NULL
446 && (tmpdir = getenv("TEMP")) == NULL )
451 if( urlpre == NULL ) {
452 urlpre = malloc( sizeof("file:////") + strlen(tmpdir) );
454 if( urlpre == NULL ) {
459 sprintf( urlpre, "file:///%s/",
460 tmpdir[0] == '/' ? &tmpdir[1] : tmpdir );
462 /* urlpre should be URLized.... */
466 if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
467 fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
469 if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) {
470 fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
476 (void) SIGNAL( SIGPIPE, SIG_IGN );
481 (ldapport ? "ldap_init( %s, %d )\n" : "ldap_init( %s, <DEFAULT> )\n"),
482 (ldaphost != NULL) ? ldaphost : "<DEFAULT>",
486 if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
487 perror( "ldap_init" );
488 return( EXIT_FAILURE );
492 ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS )
494 fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref );
496 if (timelimit != -1 &&
497 ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS )
499 fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit );
501 if (sizelimit != -1 &&
502 ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS )
504 fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit );
506 if (referrals != -1 &&
507 ldap_set_option( ld, LDAP_OPT_REFERRALS,
508 (referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) ) != LDAP_OPT_SUCCESS )
510 fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
511 referrals ? "on" : "off" );
515 ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS )
517 fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
520 if ( use_tls && ldap_start_tls( ld, NULL, NULL ) != LDAP_SUCCESS ) {
522 ldap_perror( ld, "ldap_start_tls" );
523 return( EXIT_FAILURE );
528 passwd.bv_val = getpassphrase("Enter LDAP Password: ");
529 passwd.bv_len = strlen( passwd.bv_val );
532 if ( authmethod == LDAP_AUTH_SASL ) {
533 #ifdef HAVE_CYRUS_SASL
534 int minssf = 0, maxssf = 0;
536 if ( sasl_integrity > 0 )
538 if ( sasl_integrity > 1 )
540 if ( sasl_privacy > 0 )
541 maxssf = 100000; /* Something big value */
542 if ( sasl_privacy > 1 )
545 if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MINSSF,
546 (void *)&minssf ) != LDAP_OPT_SUCCESS ) {
547 fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MINSSF"
549 return( EXIT_FAILURE );
551 if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MAXSSF,
552 (void *)&maxssf ) != LDAP_OPT_SUCCESS ) {
553 fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MAXSSF"
555 return( EXIT_FAILURE );
558 rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
559 sasl_authz_id, sasl_mech,
560 passwd.bv_len ? &passwd : NULL,
563 if( rc != LDAP_SUCCESS ) {
564 ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
565 return( EXIT_FAILURE );
568 fprintf( stderr, "%s was not compiled with SASL support\n",
570 return( EXIT_FAILURE );
574 if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
576 ldap_perror( ld, "ldap_bind" );
577 return( EXIT_FAILURE );
584 LDAPControl *ctrls[2];
588 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
589 c.ldctl_value.bv_val = NULL;
590 c.ldctl_value.bv_len = 0;
591 c.ldctl_iscritical = manageDSAit > 1;
593 err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
595 if( err != LDAP_OPT_SUCCESS ) {
596 fprintf( stderr, "Could not set Manage DSA IT Control\n" );
597 if( c.ldctl_iscritical ) {
598 exit( EXIT_FAILURE );
604 fprintf( stderr, "filter%s: %s\nreturning: ",
605 infile != NULL ? " pattern" : "",
608 if ( attrs == NULL ) {
609 fprintf( stderr, "ALL" );
611 for ( i = 0; attrs[ i ] != NULL; ++i ) {
612 fprintf( stderr, "%s ", attrs[ i ] );
615 fprintf( stderr, "\n" );
620 printf( "version: 1\n\n");
624 printf( "#\n# filter%s: %s\n# returning: ",
625 infile != NULL ? " pattern" : "",
628 if ( attrs == NULL ) {
631 for ( i = 0; attrs[ i ] != NULL; ++i ) {
632 printf( "%s ", attrs[ i ] );
639 if ( infile == NULL ) {
640 rc = dosearch( ld, base, scope, attrs, attrsonly, NULL, filtpattern );
645 while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) {
646 line[ strlen( line ) - 1 ] = '\0';
652 rc = dosearch( ld, base, scope, attrs, attrsonly,
674 char filter[ BUFSIZ ];
675 int rc, first, matches;
676 LDAPMessage *res, *e;
678 if( filtpatt != NULL ) {
679 sprintf( filter, filtpatt, value );
682 fprintf( stderr, "filter is: (%s)\n", filter );
686 printf( "#\n# filter: %s\n#\n", filter );
690 sprintf( filter, "%s", value );
694 return( LDAP_SUCCESS );
697 if ( ldap_search( ld, base, scope, filter, attrs, attrsonly ) == -1 ) {
699 ldap_perror( ld, "ldap_search" );
701 ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ld_errno);
708 while ( (rc = ldap_result( ld, LDAP_RES_ANY, sortattr ? 1 : 0, NULL, &res ))
709 == LDAP_RES_SEARCH_ENTRY ) {
711 e = ldap_first_entry( ld, res );
717 print_entry( ld, e, attrsonly );
722 ldap_perror( ld, "ldap_result" );
725 if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) {
726 ldap_perror( ld, "ldap_search" );
728 if ( sortattr != NULL ) {
729 (void) ldap_sort_entries( ld, &res,
730 ( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp );
733 for ( e = ldap_first_entry( ld, res ); e != NULL;
734 e = ldap_next_entry( ld, e ) ) {
741 print_entry( ld, e, attrsonly );
746 printf( "%d matches\n", matches );
761 char tmpfname[ 256 ];
764 BerElement *ber = NULL;
765 struct berval **bvals;
768 dn = ldap_get_dn( ld, entry );
772 ufn = ldap_dn2ufn( dn );
773 write_ldif( LDIF_PUT_COMMENT, NULL, ufn, strlen( ufn ));
776 write_ldif( LDIF_PUT_VALUE, "dn", dn, strlen( dn ));
778 printf( "%s\n", dn );
783 ufn = ldap_dn2ufn( dn );
786 write_ldif( LDIF_PUT_VALUE, "ufn", ufn, strlen( ufn ));
788 printf( "%s\n", ufn );
792 if( ufn != NULL ) ldap_memfree( ufn );
795 for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL;
796 a = ldap_next_attribute( ld, entry, ber ) )
798 if ( skipsortattr && strcasecmp( a, sortattr ) == 0 ) {
804 write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 );
809 } else if (( bvals = ldap_get_values_len( ld, entry, a )) != NULL ) {
810 for ( i = 0; bvals[i] != NULL; i++ ) {
811 if ( vals2tmp > 1 || ( vals2tmp
812 && ldif_is_not_printable( bvals[i]->bv_val, bvals[i]->bv_len ) ))
815 /* write value to file */
816 sprintf( tmpfname, "%s" LDAP_DIRSEP "ldapsearch-%s-XXXXXX",
820 if ( mktemp( tmpfname ) == NULL ) {
825 if (( tmpfd = open( tmpfname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) == -1 ) {
830 if (( tmpfp = fdopen( tmpfd, "w")) == NULL ) {
835 if ( fwrite( bvals[ i ]->bv_val,
836 bvals[ i ]->bv_len, 1, tmpfp ) == 0 )
845 sprintf( url, "%s%s", urlpre,
846 &tmpfname[strlen(tmpdir) + sizeof(LDAP_DIRSEP) - 1] );
849 write_ldif( LDIF_PUT_URL, a, url, strlen( url ));
851 printf( "%s%s%s\n", a, sep, url );
857 write_ldif( LDIF_PUT_VALUE, a,
858 bvals[ i ]->bv_val, bvals[ i ]->bv_len );
861 int notprint = !binary && !vals2tmp
862 && ldif_is_not_printable( bvals[i]->bv_val,
864 printf( "%s%s", a, sep );
865 puts( notprint ? "NOT PRINTABLE" : bvals[ i ]->bv_val );
869 ber_bvecfree( bvals );
880 write_ldif( int type, char *name, char *value, ber_len_t vallen )
884 if (( ldif = ldif_put( type, name, value, vallen )) == NULL ) {
888 fputs( ldif, stdout );
projects / openldap / blob