git.sur5r.net Git - openldap/blob - servers/slapd/slapauth.c

   1 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   2  *
   3  * Copyright 2004 The OpenLDAP Foundation.
   4  * Portions Copyright 2004 Pierangelo Masarati.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted only as authorized by the OpenLDAP
   9  * Public License.
  10  *
  11  * A copy of this license is available in file LICENSE in the
  12  * top-level directory of the distribution or, alternatively, at
  13  * <http://www.OpenLDAP.org/license.html>.
  14  */
  15 /* ACKNOWLEDGEMENTS:
  16  * This work was initially developed by Pierangelo Masarati for inclusion
  17  * in OpenLDAP Software.
  18  */
  19
  20 #include "portable.h"
  21
  22 #include <stdio.h>
  23
  24 #include <ac/stdlib.h>
  25
  26 #include <ac/ctype.h>
  27 #include <ac/string.h>
  28 #include <ac/socket.h>
  29 #include <ac/unistd.h>
  30
  31 #include <lber.h>
  32 #include <ldif.h>
  33 #include <lutil.h>
  34
  35 #include "slapcommon.h"
  36
  37 static int
  38 do_check( Connection *c, Operation *op, struct berval *id )
  39 {
  40         struct berval   authcDN;
  41         int             rc;
  42
  43         rc = slap_sasl_getdn( c, op, id, NULL, &authcDN, SLAP_GETDN_AUTHCID );
  44         if ( rc != LDAP_SUCCESS ) {
  45                 fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
  46                                 id->bv_val, rc,
  47                                 ldap_err2string( rc ) );
  48                 rc = 1;
  49
  50         } else {
  51                 if ( !BER_BVISNULL( &authzID ) ) {
  52                         rc = slap_sasl_authorized( op, &authcDN, &authzID );
  53
  54                         fprintf( stderr,
  55                                         "ID:      <%s>\n"
  56                                         "authcDN: <%s>\n"
  57                                         "authzDN: <%s>\n"
  58                                         "authorization %s\n",
  59                                         id->bv_val,
  60                                         authcDN.bv_val,
  61                                         authzID.bv_val,
  62                                         rc == LDAP_SUCCESS ? "OK" : "failed" );
  63
  64                 } else {
  65                         fprintf( stderr, "ID: <%s> check succeeded\n"
  66                                         "authcID:     <%s>\n",
  67                                         id->bv_val,
  68                                         authcDN.bv_val );
  69                         op->o_tmpfree( authcDN.bv_val, op->o_tmpmemctx );
  70                 }
  71                 rc = 0;
  72         }
  73
  74         return rc;
  75 }
  76
  77 int
  78 slapauth( int argc, char **argv )
  79 {
  80         int                     rc = EXIT_SUCCESS;
  81         const char              *progname = "slapauth";
  82         Connection              conn;
  83         Operation               op;
  84
  85 #ifdef NEW_LOGGING
  86         lutil_log_initialize( argc, argv );
  87 #endif
  88         slap_tool_init( progname, SLAPAUTH, argc, argv );
  89
  90         argv = &argv[ optind ];
  91         argc -= optind;
  92
  93         memset( &conn, 0, sizeof( Connection ) );
  94         memset( &op, 0, sizeof( Operation ) );
  95
  96         connection_fake_init( &conn, &op, &conn );
  97
  98         if ( !BER_BVISNULL( &authzID ) ) {
  99                 struct berval   authzDN;
 100
 101                 rc = slap_sasl_getdn( &conn, &op, &authzID, NULL, &authzDN,
 102                                 SLAP_GETDN_AUTHZID );
 103                 if ( rc != LDAP_SUCCESS ) {
 104                         fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
 105                                         authzID.bv_val, rc,
 106                                         ldap_err2string( rc ) );
 107                         rc = 1;
 108                         BER_BVZERO( &authzID );
 109                         goto destroy;
 110                 }
 111
 112                 authzID = authzDN;
 113         }
 114
 115
 116         if ( !BER_BVISNULL( &authcID ) ) {
 117                 if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
 118                         rc = do_check( &conn, &op, &authcID );
 119                         goto destroy;
 120                 }
 121
 122                 for ( ; argc--; argv++ ) {
 123                         struct berval   authzDN;
 124
 125                         ber_str2bv( argv[ 0 ], 0, 0, &authzID );
 126
 127                         rc = slap_sasl_getdn( &conn, &op, &authzID, NULL, &authzDN,
 128                                         SLAP_GETDN_AUTHZID );
 129                         if ( rc != LDAP_SUCCESS ) {
 130                                 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
 131                                                 authzID.bv_val, rc,
 132                                                 ldap_err2string( rc ) );
 133                                 rc = 1;
 134                                 BER_BVZERO( &authzID );
 135                                 goto destroy;
 136                         }
 137
 138                         authzID = authzDN;
 139
 140                         rc = do_check( &conn, &op, &authcID );
 141
 142                         op.o_tmpfree( authzID.bv_val, op.o_tmpmemctx );
 143                         BER_BVZERO( &authzID );
 144
 145                         if ( rc ) {
 146                                 goto destroy;
 147                         }
 148                 }
 149
 150                 goto destroy;
 151         }
 152
 153         for ( ; argc--; argv++ ) {
 154                 struct berval   id;
 155
 156                 ber_str2bv( argv[ 0 ], 0, 0, &id );
 157
 158                 rc = do_check( &conn, &op, &id );
 159
 160                 if ( rc ) {
 161                         goto destroy;
 162                 }
 163         }
 164
 165 destroy:;
 166         if ( !BER_BVISNULL( &authzID ) ) {
 167                 op.o_tmpfree( authzID.bv_val, op.o_tmpmemctx );
 168         }
 169         slap_tool_destroy();
 170
 171         return rc;
 172 }
 173