3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
11 #include <ac/stdlib.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
16 #include <ac/unistd.h>
23 #ifdef HAVE_SYS_TYPES_H
24 #include <sys/types.h>
33 #include "ldap_defaults.h"
38 usage( const char *s )
41 "usage: %s [options] filter [attributes...]\nwhere:\n"
42 " filter\tRFC-1558 compliant LDAP search filter\n"
43 " attributes\twhitespace-separated list of attributes to retrieve\n"
44 "\t\t1.1 -- no attributes\n"
45 "\t\t* -- all user attributes\n"
46 "\t\t+ -- all operational attributes\n"
47 "\t\tempty list -- all non-operational attributes\n"
49 " -a deref\tone of `never', `always', `search', or `find' (alias\n"
51 " -A\t\tretrieve attribute names only (no values)\n"
52 " -b basedn\tbase dn for search\n"
53 " -B\t\tdo not suppress printing of binary values\n"
54 " -d level\tset LDAP debugging level to `level'\n"
55 " -D binddn\tbind DN\n"
56 " -E\t\trequest SASL privacy (-EE to make it critical)\n"
57 " -f file\t\tperform sequence of searches listed in `file'\n"
58 " -F sep\t\tprint `sep' instead of `=' between attribute names and\n"
60 " -h host\t\tLDAP server\n"
61 " -I\t\trequest SASL integrity checking (-II to make it\n"
63 " -k\t\tuse Kerberos authentication\n"
64 " -K\t\tlike -k, but do only step 1 of the Kerberos bind\n"
65 " -l limit\ttime limit (in seconds) for search\n"
66 " -L\t\tprint entries in LDIF format (implies -B)\n"
67 " -LL\t\tprint entries in LDIF format without comments\n"
68 " -LLL\t\tprint entries in LDIF format without comments and\n"
70 " -M\t\tenable Manage DSA IT control (-MM to make critical)\n"
71 " -n\t\tshow what would be done but don't actually search\n"
72 " -p port\t\tport on LDAP server\n"
73 " -P version\tprocotol version (2 or 3)\n"
74 " -R\t\tdo not automatically follow referrals\n"
75 " -s scope\tone of base, one, or sub (search scope)\n"
76 " -S attr\t\tsort the results by attribute `attr'\n"
77 " -t\t\twrite binary values to files in TMPDIR\n"
78 " -tt\t\twrite all values to files in TMPDIR\n"
79 " -T path\t\twrite files to directory specified by path (default:\n"
81 " -u\t\tinclude User Friendly entry names in the output\n"
82 " -U user\t\tSASL authentication identity (username)\n"
83 " -v\t\trun in verbose mode (diagnostics to standard output)\n"
84 " -V prefix\tURL prefix for files (default: \"file://tmp/\")\n"
85 " -w passwd\tbind passwd (for simple authentication)\n"
86 " -W\t\tprompt for bind passwd\n"
87 " -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
88 " -Y mech\t\tSASL mechanism\n"
89 " -z limit\tsize limit (in entries) for search\n"
90 " -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
96 static void print_entry LDAP_P((
101 static int write_ldif LDAP_P((
107 static int dosearch LDAP_P((
116 #define TMPDIR "/tmp"
117 #define URLPRE "file:/tmp/"
119 static char *tmpdir = NULL;
120 static char *urlpre = NULL;
122 static char *binddn = NULL;
123 static struct berval passwd = { 0, NULL };
124 static char *base = NULL;
125 static char *ldaphost = NULL;
126 static int ldapport = 0;
127 #ifdef HAVE_CYRUS_SASL
128 static char *sasl_authc_id = NULL;
129 static char *sasl_authz_id = NULL;
130 static char *sasl_mech = NULL;
131 static int sasl_integrity = 0;
132 static int sasl_privacy = 0;
134 static int use_tls = 0;
135 static char *sep = DEFSEP;
136 static char *sortattr = NULL;
137 static int skipsortattr = 0;
138 static int verbose, not, includeufn, binary, vals2tmp, ldif;
141 main( int argc, char **argv )
143 char *infile, *filtpattern, **attrs, line[ BUFSIZ ];
145 int rc, i, first, scope, deref, attrsonly, manageDSAit;
146 int referrals, timelimit, sizelimit, debug;
147 int authmethod, version, want_bindpw;
151 debug = verbose = binary = not = vals2tmp =
152 attrsonly = manageDSAit = ldif = want_bindpw = 0;
154 deref = referrals = sizelimit = timelimit = version = -1;
156 scope = LDAP_SCOPE_SUBTREE;
157 authmethod = LDAP_AUTH_SIMPLE;
159 while (( i = getopt( argc, argv,
160 "Aa:Bb:D:d:EF:f:h:IKkLl:MnP:p:RS:s:T:tU:uV:vWw:X:Y:Zz:")) != EOF )
163 case 'n': /* do Not do any searches */
166 case 'v': /* verbose mode */
170 debug |= atoi( optarg );
172 case 'k': /* use kerberos bind */
173 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
174 authmethod = LDAP_AUTH_KRBV4;
176 fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] );
177 return( EXIT_FAILURE );
180 case 'K': /* use kerberos bind, 1st part only */
181 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
182 authmethod = LDAP_AUTH_KRBV41;
184 fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] );
185 return( EXIT_FAILURE );
189 case 'u': /* include UFN */
192 case 't': /* write attribute values to /tmp files */
196 /* enable Manage DSA IT */
199 case 'R': /* don't automatically chase referrals */
200 referrals = (int) LDAP_OPT_OFF;
202 case 'A': /* retrieve attribute names only -- no values */
205 case 'L': /* print entries in LDIF format */
207 /* fall through -- always allow binary when outputting LDIF */
208 case 'B': /* allow binary values to be printed */
211 case 's': /* search scope */
212 if ( strcasecmp( optarg, "base" ) == 0 ) {
213 scope = LDAP_SCOPE_BASE;
214 } else if ( strcasecmp( optarg, "one" ) == 0 ) {
215 scope = LDAP_SCOPE_ONELEVEL;
216 } else if ( strcasecmp( optarg, "sub" ) == 0 ) {
217 scope = LDAP_SCOPE_SUBTREE;
219 fprintf( stderr, "scope should be base, one, or sub\n" );
224 case 'a': /* set alias deref option */
225 if ( strcasecmp( optarg, "never" ) == 0 ) {
226 deref = LDAP_DEREF_NEVER;
227 } else if ( strcasecmp( optarg, "search" ) == 0 ) {
228 deref = LDAP_DEREF_SEARCHING;
229 } else if ( strcasecmp( optarg, "find" ) == 0 ) {
230 deref = LDAP_DEREF_FINDING;
231 } else if ( strcasecmp( optarg, "always" ) == 0 ) {
232 deref = LDAP_DEREF_ALWAYS;
234 fprintf( stderr, "alias deref should be never, search, find, or always\n" );
239 case 'T': /* field separator */
240 if( tmpdir ) free( tmpdir );
241 tmpdir = strdup( optarg );
243 case 'V': /* field separator */
244 if( urlpre ) free( urlpre );
245 urlpre = strdup( optarg );
247 case 'F': /* field separator */
248 sep = strdup( optarg );
250 case 'f': /* input file */
251 infile = strdup( optarg );
253 case 'h': /* ldap host */
254 ldaphost = strdup( optarg );
256 case 'b': /* searchbase */
257 base = strdup( optarg );
259 case 'D': /* bind DN */
260 binddn = strdup( optarg );
262 case 'p': /* ldap port */
263 ldapport = atoi( optarg );
265 case 'w': /* bind password */
266 passwd.bv_val = strdup( optarg );
270 for( p = optarg; *p == '\0'; p++ ) {
274 passwd.bv_len = strlen( passwd.bv_val );
276 case 'l': /* time limit */
277 timelimit = atoi( optarg );
279 case 'z': /* size limit */
280 sizelimit = atoi( optarg );
282 case 'S': /* sort attribute */
283 sortattr = strdup( optarg );
289 switch( atoi( optarg ) )
292 version = LDAP_VERSION2;
295 version = LDAP_VERSION3;
298 fprintf( stderr, "protocol version should be 2 or 3\n" );
303 #ifdef HAVE_CYRUS_SASL
305 authmethod = LDAP_AUTH_SASL;
307 fprintf( stderr, "%s was not compiled with SASL support\n",
309 return( EXIT_FAILURE );
313 #ifdef HAVE_CYRUS_SASL
315 authmethod = LDAP_AUTH_SASL;
317 fprintf( stderr, "%s was not compiled with SASL support\n",
319 return( EXIT_FAILURE );
323 #ifdef HAVE_CYRUS_SASL
324 if ( strcasecmp( optarg, "any" ) && strcmp( optarg, "*" ) ) {
325 sasl_mech = strdup( optarg );
327 authmethod = LDAP_AUTH_SASL;
329 fprintf( stderr, "%s was not compiled with SASL support\n",
331 return( EXIT_FAILURE );
335 #ifdef HAVE_CYRUS_SASL
336 sasl_authc_id = strdup( optarg );
337 authmethod = LDAP_AUTH_SASL;
339 fprintf( stderr, "%s was not compiled with SASL support\n",
341 return( EXIT_FAILURE );
345 #ifdef HAVE_CYRUS_SASL
346 sasl_authz_id = strdup( optarg );
347 authmethod = LDAP_AUTH_SASL;
349 fprintf( stderr, "%s was not compiled with SASL support\n",
351 return( EXIT_FAILURE );
358 fprintf( stderr, "%s was not compiled with TLS support\n",
360 return( EXIT_FAILURE );
369 /* no alternative format */
370 if( ldif < 1 ) ldif = 1;
373 if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
374 LDAP_AUTH_KRBV41 ) ) {
375 if( version > LDAP_VERSION2 ) {
376 fprintf( stderr, "Kerberos requires LDAPv2\n" );
377 return( EXIT_FAILURE );
379 version = LDAP_VERSION2;
381 else if ( authmethod == LDAP_AUTH_SASL ) {
382 if( version != -1 && version != LDAP_VERSION3 ) {
383 fprintf( stderr, "SASL requires LDAPv3\n" );
384 return( EXIT_FAILURE );
386 version = LDAP_VERSION3;
390 if( version != -1 && version != LDAP_VERSION3 ) {
391 fprintf(stderr, "manage DSA control requires LDAPv3\n");
394 version = LDAP_VERSION3;
398 if( version != -1 && version != LDAP_VERSION3 ) {
399 fprintf(stderr, "Start TLS requires LDAPv3\n");
402 version = LDAP_VERSION3;
405 if ( argc - optind < 1 ) {
409 filtpattern = strdup( argv[ optind ] );
411 if ( argv[ optind + 1 ] == NULL ) {
413 } else if ( sortattr == NULL || *sortattr == '\0' ) {
414 attrs = &argv[ optind + 1 ];
416 for ( i = optind + 1; i < argc; i++ ) {
417 if ( strcasecmp( argv[ i ], sortattr ) == 0 ) {
423 argv[ optind ] = sortattr;
427 attrs = &argv[ optind ];
430 if ( infile != NULL ) {
431 if ( infile[0] == '-' && infile[1] == '\0' ) {
433 } else if (( fp = fopen( infile, "r" )) == NULL ) {
440 && (tmpdir = getenv("TMPDIR")) == NULL
441 && (tmpdir = getenv("TMP")) == NULL
442 && (tmpdir = getenv("TEMP")) == NULL )
447 if( urlpre == NULL ) {
448 urlpre = malloc( sizeof("file:////") + strlen(tmpdir) );
450 if( urlpre == NULL ) {
455 sprintf( urlpre, "file:///%s/",
456 tmpdir[0] == '/' ? &tmpdir[1] : tmpdir );
458 /* urlpre should be URLized.... */
462 if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
463 fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
465 if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) {
466 fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
472 (void) SIGNAL( SIGPIPE, SIG_IGN );
477 (ldapport ? "ldap_init( %s, %d )\n" : "ldap_init( %s, <DEFAULT> )\n"),
478 (ldaphost != NULL) ? ldaphost : "<DEFAULT>",
482 if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
483 perror( "ldap_init" );
484 return( EXIT_FAILURE );
488 ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS )
490 fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref );
492 if (timelimit != -1 &&
493 ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS )
495 fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit );
497 if (sizelimit != -1 &&
498 ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS )
500 fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit );
502 if (referrals != -1 &&
503 ldap_set_option( ld, LDAP_OPT_REFERRALS,
504 (referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) ) != LDAP_OPT_SUCCESS )
506 fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
507 referrals ? "on" : "off" );
511 ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS )
513 fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
516 if ( use_tls && ldap_start_tls( ld, NULL, NULL ) != LDAP_SUCCESS ) {
518 ldap_perror( ld, "ldap_start_tls" );
519 return( EXIT_FAILURE );
524 passwd.bv_val = getpassphrase("Enter LDAP Password: ");
525 passwd.bv_len = strlen( passwd.bv_val );
528 if ( authmethod == LDAP_AUTH_SASL ) {
529 #ifdef HAVE_CYRUS_SASL
530 int minssf = 0, maxssf = 0;
532 if ( sasl_integrity > 0 )
534 if ( sasl_integrity > 1 )
536 if ( sasl_privacy > 0 )
537 maxssf = 100000; /* Something big value */
538 if ( sasl_privacy > 1 )
541 if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MINSSF,
542 (void *)&minssf ) != LDAP_OPT_SUCCESS ) {
543 fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MINSSF"
545 return( EXIT_FAILURE );
547 if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MAXSSF,
548 (void *)&maxssf ) != LDAP_OPT_SUCCESS ) {
549 fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MAXSSF"
551 return( EXIT_FAILURE );
554 rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
555 sasl_authz_id, sasl_mech,
556 passwd.bv_len ? &passwd : NULL,
559 if( rc != LDAP_SUCCESS ) {
560 ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
561 return( EXIT_FAILURE );
564 fprintf( stderr, "%s was not compiled with SASL support\n",
566 return( EXIT_FAILURE );
570 if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
572 ldap_perror( ld, "ldap_bind" );
573 return( EXIT_FAILURE );
580 LDAPControl *ctrls[2];
584 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
585 c.ldctl_value.bv_val = NULL;
586 c.ldctl_value.bv_len = 0;
587 c.ldctl_iscritical = manageDSAit > 1;
589 err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
591 if( err != LDAP_OPT_SUCCESS ) {
592 fprintf( stderr, "Could not set Manage DSA IT Control\n" );
593 if( c.ldctl_iscritical ) {
594 exit( EXIT_FAILURE );
600 fprintf( stderr, "filter%s: %s\nreturning: ",
601 infile != NULL ? " pattern" : "",
604 if ( attrs == NULL ) {
605 fprintf( stderr, "ALL" );
607 for ( i = 0; attrs[ i ] != NULL; ++i ) {
608 fprintf( stderr, "%s ", attrs[ i ] );
611 fprintf( stderr, "\n" );
616 printf( "version: 1\n\n");
620 printf( "#\n# filter%s: %s\n# returning: ",
621 infile != NULL ? " pattern" : "",
624 if ( attrs == NULL ) {
627 for ( i = 0; attrs[ i ] != NULL; ++i ) {
628 printf( "%s ", attrs[ i ] );
635 if ( infile == NULL ) {
636 rc = dosearch( ld, base, scope, attrs, attrsonly, NULL, filtpattern );
641 while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) {
642 line[ strlen( line ) - 1 ] = '\0';
648 rc = dosearch( ld, base, scope, attrs, attrsonly,
670 char filter[ BUFSIZ ];
671 int rc, first, matches;
672 LDAPMessage *res, *e;
674 if( filtpatt != NULL ) {
675 sprintf( filter, filtpatt, value );
678 fprintf( stderr, "filter is: (%s)\n", filter );
682 printf( "#\n# filter: %s\n#\n", filter );
686 sprintf( filter, "%s", value );
690 return( LDAP_SUCCESS );
693 if ( ldap_search( ld, base, scope, filter, attrs, attrsonly ) == -1 ) {
695 ldap_perror( ld, "ldap_search" );
697 ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ld_errno);
704 while ( (rc = ldap_result( ld, LDAP_RES_ANY, sortattr ? 1 : 0, NULL, &res ))
705 == LDAP_RES_SEARCH_ENTRY ) {
707 e = ldap_first_entry( ld, res );
713 print_entry( ld, e, attrsonly );
718 ldap_perror( ld, "ldap_result" );
721 if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) {
722 ldap_perror( ld, "ldap_search" );
724 if ( sortattr != NULL ) {
725 (void) ldap_sort_entries( ld, &res,
726 ( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp );
729 for ( e = ldap_first_entry( ld, res ); e != NULL;
730 e = ldap_next_entry( ld, e ) ) {
737 print_entry( ld, e, attrsonly );
742 printf( "%d matches\n", matches );
757 char tmpfname[ 256 ];
760 BerElement *ber = NULL;
761 struct berval **bvals;
764 dn = ldap_get_dn( ld, entry );
768 ufn = ldap_dn2ufn( dn );
769 write_ldif( LDIF_PUT_COMMENT, NULL, ufn, strlen( ufn ));
772 write_ldif( LDIF_PUT_VALUE, "dn", dn, strlen( dn ));
774 printf( "%s\n", dn );
779 ufn = ldap_dn2ufn( dn );
782 write_ldif( LDIF_PUT_VALUE, "ufn", ufn, strlen( ufn ));
784 printf( "%s\n", ufn );
788 if( ufn != NULL ) ldap_memfree( ufn );
791 for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL;
792 a = ldap_next_attribute( ld, entry, ber ) )
794 if ( skipsortattr && strcasecmp( a, sortattr ) == 0 ) {
800 write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 );
805 } else if (( bvals = ldap_get_values_len( ld, entry, a )) != NULL ) {
806 for ( i = 0; bvals[i] != NULL; i++ ) {
807 if ( vals2tmp > 1 || ( vals2tmp
808 && ldif_is_not_printable( bvals[i]->bv_val, bvals[i]->bv_len ) ))
811 /* write value to file */
812 sprintf( tmpfname, "%s" LDAP_DIRSEP "ldapsearch-%s-XXXXXX",
816 if ( mktemp( tmpfname ) == NULL ) {
821 if (( tmpfd = open( tmpfname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) == -1 ) {
826 if (( tmpfp = fdopen( tmpfd, "w")) == NULL ) {
831 if ( fwrite( bvals[ i ]->bv_val,
832 bvals[ i ]->bv_len, 1, tmpfp ) == 0 )
841 sprintf( url, "%s%s", urlpre,
842 &tmpfname[strlen(tmpdir) + sizeof(LDAP_DIRSEP) - 1] );
845 write_ldif( LDIF_PUT_URL, a, url, strlen( url ));
847 printf( "%s%s%s\n", a, sep, url );
853 write_ldif( LDIF_PUT_VALUE, a,
854 bvals[ i ]->bv_val, bvals[ i ]->bv_len );
857 int notprint = !binary && !vals2tmp
858 && ldif_is_not_printable( bvals[i]->bv_val,
860 printf( "%s%s", a, sep );
861 puts( notprint ? "NOT PRINTABLE" : bvals[ i ]->bv_val );
865 ber_bvecfree( bvals );
876 write_ldif( int type, char *name, char *value, ber_len_t vallen )
880 if (( ldif = ldif_put( type, name, value, vallen )) == NULL ) {
884 fputs( ldif, stdout );
projects / openldap / blob