2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 2004-2008 The OpenLDAP Foundation.
5 * Portions Copyright 2004 Pierangelo Masarati.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by Pierangelo Masarati for inclusion
18 * in OpenLDAP Software.
25 #include <ac/stdlib.h>
28 #include <ac/string.h>
29 #include <ac/socket.h>
30 #include <ac/unistd.h>
36 #include "slapcommon.h"
39 do_check( Connection *c, Operation *op, struct berval *id )
41 struct berval authcdn;
44 rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID );
45 if ( rc != LDAP_SUCCESS ) {
46 fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
48 ldap_err2string( rc ) );
52 if ( !BER_BVISNULL( &authzID ) ) {
53 rc = slap_sasl_authorized( op, &authcdn, &authzID );
63 rc == LDAP_SUCCESS ? "OK" : "failed" );
66 fprintf( stderr, "ID: <%s> check succeeded\n"
70 op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx );
79 slapauth( int argc, char **argv )
81 int rc = EXIT_SUCCESS;
82 const char *progname = "slapauth";
83 Connection conn = {0};
84 OperationBuffer opbuf;
87 slap_tool_init( progname, SLAPAUTH, argc, argv );
89 argv = &argv[ optind ];
92 connection_fake_init( &conn, &opbuf, &conn );
95 conn.c_sasl_bind_mech = mech;
97 if ( !BER_BVISNULL( &authzID ) ) {
98 struct berval authzdn;
100 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
101 SLAP_GETDN_AUTHZID );
102 if ( rc != LDAP_SUCCESS ) {
103 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
105 ldap_err2string( rc ) );
107 BER_BVZERO( &authzID );
115 if ( !BER_BVISNULL( &authcID ) ) {
116 if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
117 rc = do_check( &conn, op, &authcID );
121 for ( ; argc--; argv++ ) {
122 struct berval authzdn;
124 ber_str2bv( argv[ 0 ], 0, 0, &authzID );
126 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
127 SLAP_GETDN_AUTHZID );
128 if ( rc != LDAP_SUCCESS ) {
129 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
131 ldap_err2string( rc ) );
133 BER_BVZERO( &authzID );
134 if ( !continuemode ) {
141 rc = do_check( &conn, op, &authcID );
143 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
144 BER_BVZERO( &authzID );
146 if ( rc && !continuemode ) {
154 for ( ; argc--; argv++ ) {
157 ber_str2bv( argv[ 0 ], 0, 0, &id );
159 rc = do_check( &conn, op, &id );
161 if ( rc && !continuemode ) {
167 if ( !BER_BVISNULL( &authzID ) ) {
168 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
170 if ( slap_tool_destroy())