2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2018 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
16 * This work was initially developed by Howard Chu for inclusion
17 * in OpenLDAP Software.
24 #include "ac/stdlib.h"
25 #include "ac/unistd.h"
26 #include "ac/string.h"
32 #include "lutil_ldap.h"
34 #include "slapd-common.h"
40 static char progname[ BUFSIZ ];
44 * ignore_count[] is indexed by result code:
45 * negative for OpenLDAP client-side errors, positive for protocol codes.
47 #define TESTER_CLIENT_FIRST LDAP_REFERRAL_LIMIT_EXCEEDED /* negative */
48 #define TESTER_SERVER_LAST LDAP_OTHER
49 static int ignore_base [ -TESTER_CLIENT_FIRST + TESTER_SERVER_LAST + 1 ];
50 #define ignore_count (ignore_base - TESTER_CLIENT_FIRST)
55 } ignore_str2err[] = {
56 { "OPERATIONS_ERROR", LDAP_OPERATIONS_ERROR },
57 { "PROTOCOL_ERROR", LDAP_PROTOCOL_ERROR },
58 { "TIMELIMIT_EXCEEDED", LDAP_TIMELIMIT_EXCEEDED },
59 { "SIZELIMIT_EXCEEDED", LDAP_SIZELIMIT_EXCEEDED },
60 { "COMPARE_FALSE", LDAP_COMPARE_FALSE },
61 { "COMPARE_TRUE", LDAP_COMPARE_TRUE },
62 { "AUTH_METHOD_NOT_SUPPORTED", LDAP_AUTH_METHOD_NOT_SUPPORTED },
63 { "STRONG_AUTH_NOT_SUPPORTED", LDAP_STRONG_AUTH_NOT_SUPPORTED },
64 { "STRONG_AUTH_REQUIRED", LDAP_STRONG_AUTH_REQUIRED },
65 { "STRONGER_AUTH_REQUIRED", LDAP_STRONGER_AUTH_REQUIRED },
66 { "PARTIAL_RESULTS", LDAP_PARTIAL_RESULTS },
68 { "REFERRAL", LDAP_REFERRAL },
69 { "ADMINLIMIT_EXCEEDED", LDAP_ADMINLIMIT_EXCEEDED },
70 { "UNAVAILABLE_CRITICAL_EXTENSION", LDAP_UNAVAILABLE_CRITICAL_EXTENSION },
71 { "CONFIDENTIALITY_REQUIRED", LDAP_CONFIDENTIALITY_REQUIRED },
72 { "SASL_BIND_IN_PROGRESS", LDAP_SASL_BIND_IN_PROGRESS },
74 { "NO_SUCH_ATTRIBUTE", LDAP_NO_SUCH_ATTRIBUTE },
75 { "UNDEFINED_TYPE", LDAP_UNDEFINED_TYPE },
76 { "INAPPROPRIATE_MATCHING", LDAP_INAPPROPRIATE_MATCHING },
77 { "CONSTRAINT_VIOLATION", LDAP_CONSTRAINT_VIOLATION },
78 { "TYPE_OR_VALUE_EXISTS", LDAP_TYPE_OR_VALUE_EXISTS },
79 { "INVALID_SYNTAX", LDAP_INVALID_SYNTAX },
81 { "NO_SUCH_OBJECT", LDAP_NO_SUCH_OBJECT },
82 { "ALIAS_PROBLEM", LDAP_ALIAS_PROBLEM },
83 { "INVALID_DN_SYNTAX", LDAP_INVALID_DN_SYNTAX },
84 { "IS_LEAF", LDAP_IS_LEAF },
85 { "ALIAS_DEREF_PROBLEM", LDAP_ALIAS_DEREF_PROBLEM },
88 { "PROXY_AUTHZ_FAILURE", LDAP_X_PROXY_AUTHZ_FAILURE },
89 { "INAPPROPRIATE_AUTH", LDAP_INAPPROPRIATE_AUTH },
90 { "INVALID_CREDENTIALS", LDAP_INVALID_CREDENTIALS },
91 { "INSUFFICIENT_ACCESS", LDAP_INSUFFICIENT_ACCESS },
93 { "BUSY", LDAP_BUSY },
94 { "UNAVAILABLE", LDAP_UNAVAILABLE },
95 { "UNWILLING_TO_PERFORM", LDAP_UNWILLING_TO_PERFORM },
96 { "LOOP_DETECT", LDAP_LOOP_DETECT },
98 { "NAMING_VIOLATION", LDAP_NAMING_VIOLATION },
99 { "OBJECT_CLASS_VIOLATION", LDAP_OBJECT_CLASS_VIOLATION },
100 { "NOT_ALLOWED_ON_NONLEAF", LDAP_NOT_ALLOWED_ON_NONLEAF },
101 { "NOT_ALLOWED_ON_RDN", LDAP_NOT_ALLOWED_ON_RDN },
102 { "ALREADY_EXISTS", LDAP_ALREADY_EXISTS },
103 { "NO_OBJECT_CLASS_MODS", LDAP_NO_OBJECT_CLASS_MODS },
104 { "RESULTS_TOO_LARGE", LDAP_RESULTS_TOO_LARGE },
105 { "AFFECTS_MULTIPLE_DSAS", LDAP_AFFECTS_MULTIPLE_DSAS },
107 { "OTHER", LDAP_OTHER },
109 { "SERVER_DOWN", LDAP_SERVER_DOWN },
110 { "LOCAL_ERROR", LDAP_LOCAL_ERROR },
111 { "ENCODING_ERROR", LDAP_ENCODING_ERROR },
112 { "DECODING_ERROR", LDAP_DECODING_ERROR },
113 { "TIMEOUT", LDAP_TIMEOUT },
114 { "AUTH_UNKNOWN", LDAP_AUTH_UNKNOWN },
115 { "FILTER_ERROR", LDAP_FILTER_ERROR },
116 { "USER_CANCELLED", LDAP_USER_CANCELLED },
117 { "PARAM_ERROR", LDAP_PARAM_ERROR },
118 { "NO_MEMORY", LDAP_NO_MEMORY },
119 { "CONNECT_ERROR", LDAP_CONNECT_ERROR },
120 { "NOT_SUPPORTED", LDAP_NOT_SUPPORTED },
121 { "CONTROL_NOT_FOUND", LDAP_CONTROL_NOT_FOUND },
122 { "NO_RESULTS_RETURNED", LDAP_NO_RESULTS_RETURNED },
123 { "MORE_RESULTS_TO_RETURN", LDAP_MORE_RESULTS_TO_RETURN },
124 { "CLIENT_LOOP", LDAP_CLIENT_LOOP },
125 { "REFERRAL_LIMIT_EXCEEDED", LDAP_REFERRAL_LIMIT_EXCEEDED },
130 #define UNKNOWN_ERR (1234567890)
136 tester_ignore_str2err( const char *err )
140 if ( strcmp( err, "ALL" ) == 0 ) {
141 for ( i = 0; ignore_str2err[ i ].name != NULL; i++ ) {
142 ignore_count[ ignore_str2err[ i ].err ] = 1;
144 ignore_count[ LDAP_SUCCESS ] = 0;
149 if ( err[ 0 ] == '!' ) {
153 } else if ( err[ 0 ] == '*' ) {
158 for ( i = 0; ignore_str2err[ i ].name != NULL; i++ ) {
159 if ( strcmp( err, ignore_str2err[ i ].name ) == 0 ) {
160 int err = ignore_str2err[ i ].err;
162 if ( err != LDAP_SUCCESS ) {
163 ignore_count[ err ] = ignore;
174 tester_ignore_str2errlist( const char *err )
177 char **errs = ldap_str2charray( err, "," );
179 for ( i = 0; errs[ i ] != NULL; i++ ) {
180 /* TODO: allow <err>:<prog> to ignore <err> only when <prog> */
181 (void)tester_ignore_str2err( errs[ i ] );
184 ldap_charray_free( errs );
190 tester_ignore_err( int err )
194 if ( err && TESTER_CLIENT_FIRST <= err && err <= TESTER_SERVER_LAST ) {
195 rc = ignore_count[ err ];
197 ignore_count[ err ] = rc + (rc > 0 ? 1 : -1);
201 /* SUCCESS is always "ignored" */
205 struct tester_conn_args *
206 tester_init( const char *pname, tester_t ptype )
208 static struct tester_conn_args config = {
221 snprintf( progname, sizeof( progname ), "%s PID=%d", pname, pid );
228 tester_ldap_error( LDAP *ld, const char *fname, const char *msg )
232 LDAPControl **ctrls = NULL;
234 ldap_get_option( ld, LDAP_OPT_RESULT_CODE, (void *)&err );
235 if ( err != LDAP_SUCCESS ) {
236 ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&text );
239 fprintf( stderr, "%s: %s: %s (%d) %s %s\n",
240 progname, fname, ldap_err2string( err ), err,
241 text == NULL ? "" : text,
245 ldap_memfree( text );
249 ldap_get_option( ld, LDAP_OPT_MATCHED_DN, (void *)&text );
250 if ( text != NULL ) {
251 if ( text[ 0 ] != '\0' ) {
252 fprintf( stderr, "\tmatched: %s\n", text );
254 ldap_memfree( text );
258 ldap_get_option( ld, LDAP_OPT_SERVER_CONTROLS, (void *)&ctrls );
259 if ( ctrls != NULL ) {
262 fprintf( stderr, "\tcontrols:\n" );
263 for ( i = 0; ctrls[ i ] != NULL; i++ ) {
264 fprintf( stderr, "\t\t%s\n", ctrls[ i ]->ldctl_oid );
266 ldap_controls_free( ctrls );
270 if ( err == LDAP_REFERRAL ) {
273 ldap_get_option( ld, LDAP_OPT_REFERRAL_URLS, (void *)&refs );
278 fprintf( stderr, "\treferral:\n" );
279 for ( i = 0; refs[ i ] != NULL; i++ ) {
280 fprintf( stderr, "\t\t%s\n", refs[ i ] );
283 ber_memvfree( (void **)refs );
289 tester_perror( const char *fname, const char *msg )
291 int save_errno = errno;
294 fprintf( stderr, "%s: %s: (%d) %s %s\n",
295 progname, fname, save_errno,
296 AC_STRERROR_R( save_errno, buf, sizeof( buf ) ),
301 tester_config_opt( struct tester_conn_args *config, char opt, char *optarg )
309 config->binddn = strdup( optarg );
315 if ( lutil_atoi( &debug, optarg ) != 0 ) {
319 if ( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug )
320 != LBER_OPT_SUCCESS )
323 "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
326 if ( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug )
327 != LDAP_OPT_SUCCESS )
330 "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
336 config->uri = strdup( optarg );
340 config->host = strdup( optarg );
344 tester_ignore_str2errlist( optarg );
348 if ( lutil_atoi( &config->outerloops, optarg ) != 0 ) {
354 if ( lutil_atoi( &config->loops, optarg ) != 0 ) {
359 #ifdef HAVE_CYRUS_SASL
361 if ( config->secprops != NULL ) {
364 if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
367 config->authmethod = LDAP_AUTH_SASL;
368 config->secprops = ber_strdup( optarg );
372 if ( config->realm != NULL ) {
375 if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
378 config->authmethod = LDAP_AUTH_SASL;
379 config->realm = ber_strdup( optarg );
383 if ( config->authc_id != NULL ) {
386 if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
389 config->authmethod = LDAP_AUTH_SASL;
390 config->authc_id = ber_strdup( optarg );
394 if ( config->authz_id != NULL ) {
397 if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
400 config->authmethod = LDAP_AUTH_SASL;
401 config->authz_id = ber_strdup( optarg );
405 if ( config->mech != NULL ) {
408 if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
411 config->authmethod = LDAP_AUTH_SASL;
412 config->mech = ber_strdup( optarg );
417 if ( lutil_atoi( &config->port, optarg ) != 0 ) {
423 if ( lutil_atoi( &config->retries, optarg ) != 0 ) {
429 if ( lutil_atoi( &config->delay, optarg ) != 0 ) {
435 config->pass.bv_val = strdup( optarg );
436 config->pass.bv_len = strlen( optarg );
437 memset( optarg, '*', config->pass.bv_len );
441 if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SIMPLE ) {
444 config->authmethod = LDAP_AUTH_SIMPLE;
455 tester_config_finish( struct tester_conn_args *config )
457 if ( !config->uri ) {
458 static char uribuf[ BUFSIZ ];
460 config->uri = uribuf;
461 snprintf( uribuf, sizeof( uribuf ), "ldap://%s:%d",
462 config->host, config->port );
465 if ( config->authmethod == -1 ) {
466 #ifdef HAVE_CYRUS_SASL
467 if ( config->binddn != NULL ) {
468 config->authmethod = LDAP_AUTH_SIMPLE;
470 config->authmethod = LDAP_AUTH_SASL;
473 config->authmethod = LDAP_AUTH_SIMPLE;
477 #ifdef HAVE_CYRUS_SASL
478 if ( config->authmethod == LDAP_AUTH_SASL ) {
479 config->defaults = lutil_sasl_defaults( NULL,
486 if ( config->defaults == NULL ) {
487 tester_error( "unable to prepare SASL defaults" );
488 exit( EXIT_FAILURE );
495 tester_init_ld( LDAP **ldp, struct tester_conn_args *config, int flags )
498 int rc, do_retry = config->retries;
499 int version = LDAP_VERSION3;
502 ldap_initialize( &ld, config->uri );
504 tester_perror( "ldap_initialize", NULL );
505 exit( EXIT_FAILURE );
508 (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
509 (void) ldap_set_option( ld, LDAP_OPT_REFERRALS,
510 config->chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF );
512 if ( !( flags & TESTER_INIT_ONLY ) ) {
513 if ( config->authmethod == LDAP_AUTH_SASL ) {
514 #ifdef HAVE_CYRUS_SASL
515 if ( config->secprops != NULL ) {
516 rc = ldap_set_option( ld,
517 LDAP_OPT_X_SASL_SECPROPS, config->secprops );
519 if ( rc != LDAP_OPT_SUCCESS ) {
520 tester_ldap_error( ld, "ldap_set_option(SECPROPS)", NULL );
521 exit( EXIT_FAILURE );
525 rc = ldap_sasl_interactive_bind_s( ld,
532 #else /* HAVE_CYRUS_SASL */
533 /* caller shouldn't have allowed this */
536 } else if ( config->authmethod == LDAP_AUTH_SIMPLE ) {
537 rc = ldap_sasl_bind_s( ld,
538 config->binddn, LDAP_SASL_SIMPLE,
539 &config->pass, NULL, NULL, NULL );
542 if ( rc != LDAP_SUCCESS ) {
543 tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
546 case LDAP_UNAVAILABLE:
547 if ( do_retry > 0 ) {
549 if ( config->delay > 0 ) {
550 sleep( config->delay );
555 tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
556 exit( EXIT_FAILURE );
564 tester_error( const char *msg )
566 fprintf( stderr, "%s: %s\n", progname, msg );