/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
* Portions Copyright 2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
int debug = 0;
char *infile = NULL;
int dont = 0;
+int nocanon = 0;
int referrals = 0;
int verbose = 0;
int ldif = 0;
static int sessionTracking = 0;
struct berval stValue;
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+ber_int_t vlvPos;
+ber_int_t vlvCount;
+struct berval *vlvContext;
LDAPControl *unknown_ctrls = NULL;
int unknown_ctrls_num = 0;
static int print_ppolicy( LDAP *ld, LDAPControl *ctrl );
#endif
static int print_sss( LDAP *ld, LDAPControl *ctrl );
+static int print_vlv( LDAP *ld, LDAPControl *ctrl );
#ifdef LDAP_CONTROL_X_DEREF
static int print_deref( LDAP *ld, LDAPControl *ctrl );
#endif
+#ifdef LDAP_CONTROL_X_WHATFAILED
+static int print_whatfailed( LDAP *ld, LDAPControl *ctrl );
+#endif
static struct tool_ctrls_t {
const char *oid;
{ LDAP_CONTROL_PASSWORDPOLICYRESPONSE, TOOL_ALL, print_ppolicy },
#endif
{ LDAP_CONTROL_SORTRESPONSE, TOOL_SEARCH, print_sss },
+ { LDAP_CONTROL_VLVRESPONSE, TOOL_SEARCH, print_vlv },
#ifdef LDAP_CONTROL_X_DEREF
{ LDAP_CONTROL_X_DEREF, TOOL_SEARCH, print_deref },
+#endif
+#ifdef LDAP_CONTROL_X_WHATFAILED
+ { LDAP_CONTROL_X_WHATFAILED, TOOL_ALL, print_whatfailed },
#endif
{ NULL, 0, NULL }
};
pr_cookie.bv_val = NULL;
pr_cookie.bv_len = 0;
}
+
+ if ( binddn != NULL ) {
+ ber_memfree( binddn );
+ }
+
+#if 0 /* not yet */
+ if ( passwd.bv_val != NULL ) {
+ ber_memfree( passwd.bv_val );
+ }
+#endif
}
void
tool_common_usage( void )
{
static const char *const descriptions[] = {
-N_(" -c continuous operation mode (do not stop on errors)\n"),
N_(" -d level set LDAP debugging level to `level'\n"),
N_(" -D binddn bind DN\n"),
N_(" -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
N_(" abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
" or ignores response; if critical, doesn't wait for SIGINT.\n"
" not really controls)\n")
-N_(" -f file read operations from `file'\n"),
N_(" -h host LDAP server\n"),
N_(" -H URI LDAP Uniform Resource Identifier(s)\n"),
N_(" -I use SASL Interactive mode\n"),
-N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
N_(" -n show what would be done but don't actually do it\n"),
+N_(" -N do not use reverse DNS to canonicalize SASL host name\n"),
N_(" -O props SASL security properties\n"),
N_(" -o <opt>[=<optparam] general options\n"),
N_(" nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
N_(" -p port port on LDAP server\n"),
-N_(" -P version protocol version (default: 3)\n"),
N_(" -Q use SASL Quiet mode\n"),
N_(" -R realm SASL realm\n"),
N_(" -U authcid SASL authentication identity\n"),
} else if ( tool_is_oid( control ) ) {
LDAPControl *tmpctrls, ctrl;
- tmpctrls = (LDAPControl *)realloc( unknown_ctrls,
+ tmpctrls = (LDAPControl *)ber_memrealloc( unknown_ctrls,
(unknown_ctrls_num + 1)*sizeof( LDAPControl ) );
if ( tmpctrls == NULL ) {
fprintf( stderr, "%s: no memory?\n", prog );
case 'n': /* print operations, don't actually do them */
dont++;
break;
+ case 'N':
+ nocanon++;
+ break;
case 'o':
control = ber_strdup( optarg );
if ( (cvalue = strchr( control, '=' )) != NULL ) {
for ( i = 0; hosts[ i ] != NULL; i++ )
/* count'em */ ;
- tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
+ tmp = (char **)ber_memrealloc( urls, sizeof( char * ) * ( nurls + i + 1 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
ber_memfree( domain );
} else {
- tmp = (char **)realloc( urls, sizeof( char * ) * ( nurls + 2 ) );
+ tmp = (char **)ber_memrealloc( urls, sizeof( char * ) * ( nurls + 2 ) );
if ( tmp == NULL ) {
fprintf( stderr,
"DNS SRV: out of memory?\n" );
exit( EXIT_FAILURE );
}
+#ifdef HAVE_CYRUS_SASL
+ /* canon */
+ if( ldap_set_option( ld, LDAP_OPT_X_SASL_NOCANON,
+ nocanon ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_X_SASL_NOCANON %s\n",
+ nocanon ? "on" : "off" );
+ exit( EXIT_FAILURE );
+ }
+#endif
if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol )
!= LDAP_OPT_SUCCESS )
{
if ( use_tls ) {
rc = ldap_start_tls_s( ld, NULL, NULL );
if ( rc != LDAP_SUCCESS ) {
- tool_perror( "ldap_start_tls", rc, NULL, NULL, NULL, NULL );
+ char *msg=NULL;
+ ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
+ tool_perror( "ldap_start_tls", rc, NULL, NULL, msg, NULL );
+ ldap_memfree(msg);
if ( use_tls > 1 ) {
exit( EXIT_FAILURE );
}
lutil_sasl_freedefs( defaults );
if( rc != LDAP_SUCCESS ) {
+ char *msg=NULL;
+ ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
tool_perror( "ldap_sasl_interactive_bind_s",
- rc, NULL, NULL, NULL, NULL );
+ rc, NULL, NULL, msg, NULL );
+ ldap_memfree(msg);
exit( rc );
}
#else
}
}
- if ( ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result ) == -1 ) {
+ rc = ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result );
+ if ( rc == -1 ) {
tool_perror( "ldap_result", -1, NULL, NULL, NULL, NULL );
exit( LDAP_LOCAL_ERROR );
}
+ if ( rc == 0 ) {
+ tool_perror( "ldap_result", LDAP_TIMEOUT, NULL, NULL, NULL, NULL );
+ exit( LDAP_LOCAL_ERROR );
+ }
+
rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
&ctrls, 1 );
if ( rc != LDAP_SUCCESS ) {
#endif
if ( preread ) {
- char berbuf[LBER_ELEMENT_SIZEOF];
- BerElement *ber = (BerElement *)berbuf;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
char **attrs = NULL;
if( preread_attrs ) {
}
if ( postread ) {
- char berbuf[LBER_ELEMENT_SIZEOF];
- BerElement *ber = (BerElement *)berbuf;
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
char **attrs = NULL;
if( postread_attrs ) {
rc = ldap_parse_sortresponse_control( ld, ctrl, &err, &attr );
if ( rc == LDAP_SUCCESS ) {
char buf[ BUFSIZ ];
- rc = snprintf( buf, sizeof(buf), "(%d) %s %s",
- err, ldap_err2string(err), attr ? attr : "" );
+ rc = snprintf( buf, sizeof(buf), "(%d) %s%s%s",
+ err, ldap_err2string(err), attr ? " " : "", attr ? attr : "" );
tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
"sortResult", buf, rc );
return rc;
}
+static int
+print_vlv( LDAP *ld, LDAPControl *ctrl )
+{
+ int rc;
+ ber_int_t err;
+ struct berval bv;
+
+ rc = ldap_parse_vlvresponse_control( ld, ctrl, &vlvPos, &vlvCount,
+ &vlvContext, &err );
+ if ( rc == LDAP_SUCCESS ) {
+ char buf[ BUFSIZ ];
+
+ if ( vlvContext && vlvContext->bv_len > 0 ) {
+ bv.bv_len = LUTIL_BASE64_ENCODE_LEN(
+ vlvContext->bv_len ) + 1;
+ bv.bv_val = ber_memalloc( bv.bv_len + 1 );
+
+ bv.bv_len = lutil_b64_ntop(
+ (unsigned char *) vlvContext->bv_val,
+ vlvContext->bv_len,
+ bv.bv_val, bv.bv_len );
+ } else {
+ bv.bv_val = "";
+ bv.bv_len = 0;
+ }
+
+ rc = snprintf( buf, sizeof(buf), "pos=%d count=%d context=%s (%d) %s",
+ vlvPos, vlvCount, bv.bv_val,
+ err, ldap_err2string(err));
+
+ if ( bv.bv_len )
+ ber_memfree( bv.bv_val );
+
+ tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
+ "vlvResult", buf, rc );
+ }
+
+ return rc;
+}
+
#ifdef LDAP_CONTROL_X_DEREF
static int
print_deref( LDAP *ld, LDAPControl *ctrl )
ber_len_t tlen = strlen(dv->type);
for ( j = 0; dv->vals[ j ].bv_val != NULL; j++ ) {
- len += STRLENOF("<=>;") + tlen + dv->vals[ j ].bv_len;
+ len += STRLENOF("<:=>;") + tlen + 4*((dv->vals[ j ].bv_len - 1)/3 + 1);
}
}
}
- len += dr->derefVal.bv_len;
+ len += dr->derefVal.bv_len + STRLENOF("\n");
buf = ldap_memalloc( len + 1 );
if ( buf == NULL ) {
rc = LDAP_NO_MEMORY;
if ( dv->vals != NULL ) {
int j;
for ( j = 0; dv->vals[ j ].bv_val != NULL; j++ ) {
+ int k = ldif_is_not_printable( dv->vals[ j ].bv_val, dv->vals[ j ].bv_len );
+
*ptr++ = '<';
ptr = lutil_strcopy( ptr, dv->type );
+ if ( k ) {
+ *ptr++ = ':';
+ }
*ptr++ = '=';
- ptr = lutil_strncopy( ptr, dv->vals[ j ].bv_val, dv->vals[ j ].bv_len );
+ if ( k ) {
+ k = lutil_b64_ntop(
+ (unsigned char *) dv->vals[ j ].bv_val,
+ dv->vals[ j ].bv_len,
+ ptr, buf + len - ptr );
+ assert( k >= 0 );
+ ptr += k;
+
+ } else {
+ ptr = lutil_memcopy( ptr, dv->vals[ j ].bv_val, dv->vals[ j ].bv_len );
+ }
*ptr++ = '>';
*ptr++ = ';';
}
}
}
ptr = lutil_strncopy( ptr, dr->derefVal.bv_val, dr->derefVal.bv_len );
- *ptr++ = '\0';
+ *ptr++ = '\n';
+ *ptr = '\0';
+ assert( ptr <= buf + len );
- tool_write_ldif( LDIF_PUT_COMMENT, NULL, buf, len );
+ tool_write_ldif( LDIF_PUT_COMMENT, NULL, buf, ptr - buf);
ldap_memfree( buf );
}
}
#endif
+#ifdef LDAP_CONTROL_X_WHATFAILED
+static int
+print_whatfailed( LDAP *ld, LDAPControl *ctrl )
+{
+ BerElement *ber;
+ ber_tag_t tag;
+ ber_len_t siz;
+ BerVarray bva = NULL;
+
+ /* Create a BerElement from the berval returned in the control. */
+ ber = ber_init( &ctrl->ldctl_value );
+
+ if ( ber == NULL ) {
+ return LDAP_NO_MEMORY;
+ }
+
+ siz = sizeof(struct berval);
+ tag = ber_scanf( ber, "[M]", &bva, &siz, 0 );
+ if ( tag != LBER_ERROR ) {
+ int i;
+
+ tool_write_ldif( LDIF_PUT_COMMENT, " what failed:", NULL, 0 );
+
+ for ( i = 0; bva[i].bv_val != NULL; i++ ) {
+ tool_write_ldif( LDIF_PUT_COMMENT, NULL, bva[i].bv_val, bva[i].bv_len );
+ }
+
+ ldap_memfree( bva );
+ }
+
+ ber_free( ber, 1 );
+
+
+ return 0;
+}
+#endif
+
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
static int
print_ppolicy( LDAP *ld, LDAPControl *ctrl )