1 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3 * Copyright 2004 The OpenLDAP Foundation.
4 * Portions Copyright 2004 Pierangelo Masarati.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
16 * This work was initially developed by Pierangelo Masarati for inclusion
17 * in OpenLDAP Software.
24 #include <ac/stdlib.h>
27 #include <ac/string.h>
28 #include <ac/socket.h>
29 #include <ac/unistd.h>
35 #include "slapcommon.h"
38 do_check( Connection *c, Operation *op, struct berval *id )
40 struct berval authcdn;
43 rc = slap_sasl_getdn( c, op, id, NULL, &authcdn, SLAP_GETDN_AUTHCID );
44 if ( rc != LDAP_SUCCESS ) {
45 fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
47 ldap_err2string( rc ) );
51 if ( !BER_BVISNULL( &authzID ) ) {
52 rc = slap_sasl_authorized( op, &authcdn, &authzID );
62 rc == LDAP_SUCCESS ? "OK" : "failed" );
65 fprintf( stderr, "ID: <%s> check succeeded\n"
69 op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx );
78 slapauth( int argc, char **argv )
80 int rc = EXIT_SUCCESS;
81 const char *progname = "slapauth";
82 Connection conn = {0};
83 char opbuf[OPERATION_BUFFER_SIZE];
86 slap_tool_init( progname, SLAPAUTH, argc, argv );
88 argv = &argv[ optind ];
91 op = (Operation *)opbuf;
92 connection_fake_init( &conn, op, &conn );
94 if ( !BER_BVISNULL( &authzID ) ) {
95 struct berval authzdn;
97 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
99 if ( rc != LDAP_SUCCESS ) {
100 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
102 ldap_err2string( rc ) );
104 BER_BVZERO( &authzID );
112 if ( !BER_BVISNULL( &authcID ) ) {
113 if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
114 rc = do_check( &conn, op, &authcID );
118 for ( ; argc--; argv++ ) {
119 struct berval authzdn;
121 ber_str2bv( argv[ 0 ], 0, 0, &authzID );
123 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
124 SLAP_GETDN_AUTHZID );
125 if ( rc != LDAP_SUCCESS ) {
126 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
128 ldap_err2string( rc ) );
130 BER_BVZERO( &authzID );
131 if ( !continuemode ) {
138 rc = do_check( &conn, op, &authcID );
140 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
141 BER_BVZERO( &authzID );
143 if ( rc && !continuemode ) {
151 for ( ; argc--; argv++ ) {
154 ber_str2bv( argv[ 0 ], 0, 0, &id );
156 rc = do_check( &conn, op, &id );
158 if ( rc && !continuemode ) {
164 if ( !BER_BVISNULL( &authzID ) ) {
165 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );