X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldapcompare.c;h=c940dfcaffe34044f66351ddfd63b8aa1b01dcb6;hb=5a1eb936bc8286ef74110d3601601ba874fe03d5;hp=3b731f9346cc5e7aaf23a2ad2c0ec7321d582daf;hpb=d8929296b801999f7679fd86e1e526a59d08e608;p=openldap diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c index 3b731f9346..c940dfcaff 100644 --- a/clients/tools/ldapcompare.c +++ b/clients/tools/ldapcompare.c @@ -1,7 +1,8 @@ /* - * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ +/* $OpenLDAP$ */ #include "portable.h" @@ -10,7 +11,6 @@ #include #include -#include #include #include #include @@ -33,8 +33,17 @@ #include "lutil_ldap.h" #include "ldap_defaults.h" -static void -usage( const char *s ) +#include "common.h" + +#define _OLV_APP "ldapcompare" +#define _OLV_STATIC +#include "ol_version.h" + +static int quiet = 0; + + +void +usage( void ) { fprintf( stderr, "usage: %s [options] DN \n" @@ -44,32 +53,10 @@ usage( const char *s ) " value\tassertion value\n" " b64value\tbase64 encoding of assertion value\n" -"Common options:\n" -" -d level set LDAP debugging level to `level'\n" -" -D binddn bind DN\n" -" -h host LDAP server\n" -" -H URI LDAP Uniform Resource Indentifier(s)\n" -" -I use SASL Interactive mode\n" -" -k use Kerberos authentication\n" -" -K like -k, but do only step 1 of the Kerberos bind\n" -" -M enable Manage DSA IT control (-MM to make critical)\n" -" -n show what would be done but don't actually compare\n" -" -O props SASL security properties\n" -" -p port port on LDAP server\n" -" -P version procotol version (default: 3)\n" +"Compare options:\n" " -z Quiet mode, don't print anything, use return values\n" -" -Q use SASL Quiet mode\n" -" -R realm SASL realm\n" -" -U authcid SASL authentication identity\n" -" -v run in verbose mode (diagnostics to standard output)\n" -" -w passwd bind passwd (for simple authentication)\n" -" -W prompt for bind passwd\n" -" -x Simple authentication\n" -" -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" -" -Y mech SASL mechanism\n" -" -Z Start TLS request (-ZZ to require successful response)\n" -, s ); - + , prog ); + tool_common_usage(); exit( EXIT_FAILURE ); } @@ -82,404 +69,69 @@ static int docompare LDAP_P(( LDAPControl **sctrls, LDAPControl **cctrls)); -static char *prog = NULL; -static char *binddn = NULL; -static struct berval passwd = { 0, NULL }; -static char *ldaphost = NULL; -static char *ldapuri = NULL; -static int ldapport = 0; -#ifdef HAVE_CYRUS_SASL -static unsigned sasl_flags = LDAP_SASL_AUTOMATIC; -static char *sasl_realm = NULL; -static char *sasl_authc_id = NULL; -static char *sasl_authz_id = NULL; -static char *sasl_mech = NULL; -static char *sasl_secprops = NULL; + +const char options[] = "z" + "Cd:D:e:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z"; + +int +handle_private_option( int i ) +{ + switch ( i ) { +#if 0 + char *control, *cvalue; + int crit; + case 'E': /* compare controls */ + if( protocol == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -E incompatible with LDAPv%d\n", + prog, protocol ); + exit( EXIT_FAILURE ); + } + + /* should be extended to support comma separated list of + * [!]key[=value] parameters, e.g. -E !foo,bar=567 + */ + + crit = 0; + cvalue = NULL; + if( optarg[0] == '!' ) { + crit = 1; + optarg++; + } + + control = strdup( optarg ); + if ( (cvalue = strchr( control, '=' )) != NULL ) { + *cvalue++ = '\0'; + } + fprintf( stderr, "Invalid compare control name: %s\n", control ); + usage(); #endif -static int use_tls = 0; -static int verbose, not; + + case 'z': + quiet = 1; + break; + + default: + return 0; + } + return 1; +} + int main( int argc, char **argv ) { char *compdn = NULL, *attrs = NULL; char *sep; - int rc, i, manageDSAit, quiet; - int referrals, debug; - int authmethod, version, want_bindpw; + int rc; LDAP *ld = NULL; struct berval bvalue = { 0, NULL }; - debug = verbose = not = referrals = - manageDSAit = want_bindpw = quiet = 0; - - version = -1; - - authmethod = -1; - prog = lutil_progname( "ldapcompare", argc, argv ); - while (( i = getopt( argc, argv, - "Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:Y:zZ")) != EOF ) - { - switch( i ) { - - /* Common Options */ - case 'C': - referrals++; - break; - case 'd': - debug |= atoi( optarg ); - break; - case 'D': /* bind DN */ - if( binddn != NULL ) { - fprintf( stderr, "%s: -D previously specified\n", prog ); - return EXIT_FAILURE; - } - binddn = strdup( optarg ); - break; - case 'h': /* ldap host */ - if( ldapuri != NULL ) { - fprintf( stderr, "%s: -h incompatible with -H\n", prog ); - return EXIT_FAILURE; - } - if( ldaphost != NULL ) { - fprintf( stderr, "%s: -h previously specified\n", prog ); - return EXIT_FAILURE; - } - ldaphost = strdup( optarg ); - break; - case 'H': /* ldap URI */ - if( ldaphost != NULL ) { - fprintf( stderr, "%s: -H incompatible with -h\n", prog ); - return EXIT_FAILURE; - } - if( ldapport ) { - fprintf( stderr, "%s: -H incompatible with -p\n", prog ); - return EXIT_FAILURE; - } - if( ldapuri != NULL ) { - fprintf( stderr, "%s: -H previously specified\n", prog ); - return EXIT_FAILURE; - } - ldapuri = strdup( optarg ); - break; - case 'I': -#ifdef HAVE_CYRUS_SASL - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -I incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: incompatible previous " - "authentication choice\n", - prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SASL; - version = LDAP_VERSION3; - sasl_flags = LDAP_SASL_INTERACTIVE; - break; -#else - fprintf( stderr, "%s: was not compiled with SASL support\n", - prog ); - return( EXIT_FAILURE ); -#endif - case 'k': /* kerberos bind */ -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - if( version > LDAP_VERSION2 ) { - fprintf( stderr, "%s: -k incompatible with LDAPv%d\n", - prog, version ); - return EXIT_FAILURE; - } - - if( authmethod != -1 ) { - fprintf( stderr, "%s: -k incompatible with previous " - "authentication choice\n", prog ); - return EXIT_FAILURE; - } - - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf( stderr, "%s: not compiled with Kerberos support\n", prog ); - return EXIT_FAILURE; -#endif - break; - case 'K': /* kerberos bind, part one only */ -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - if( version > LDAP_VERSION2 ) { - fprintf( stderr, "%s: -k incompatible with LDAPv%d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 ) { - fprintf( stderr, "%s: incompatible with previous " - "authentication choice\n", prog ); - return EXIT_FAILURE; - } - - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf( stderr, "%s: not compiled with Kerberos support\n", prog ); - return( EXIT_FAILURE ); -#endif - break; - case 'M': - /* enable Manage DSA IT */ - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -M incompatible with LDAPv%d\n", - prog, version ); - return EXIT_FAILURE; - } - manageDSAit++; - version = LDAP_VERSION3; - break; - case 'n': /* print compares, don't actually do them */ - ++not; - break; - case 'O': -#ifdef HAVE_CYRUS_SASL - if( sasl_secprops != NULL ) { - fprintf( stderr, "%s: -O previously specified\n", prog ); - return EXIT_FAILURE; - } - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -O incompatible with LDAPv%d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: incompatible previous " - "authentication choice\n", prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SASL; - version = LDAP_VERSION3; - sasl_secprops = strdup( optarg ); -#else - fprintf( stderr, "%s: not compiled with SASL support\n", - prog ); - return( EXIT_FAILURE ); -#endif - break; - case 'p': - if( ldapport ) { - fprintf( stderr, "%s: -p previously specified\n", prog ); - return EXIT_FAILURE; - } - ldapport = atoi( optarg ); - break; - case 'P': - switch( atoi(optarg) ) { - case 2: - if( version == LDAP_VERSION3 ) { - fprintf( stderr, "%s: -P 2 incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - version = LDAP_VERSION2; - break; - case 3: - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -P 2 incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - version = LDAP_VERSION3; - break; - default: - fprintf( stderr, "%s: protocol version should be 2 or 3\n", - prog ); - usage( prog ); - return( EXIT_FAILURE ); - } break; - case 'Q': -#ifdef HAVE_CYRUS_SASL - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -Q incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: incompatible previous " - "authentication choice\n", - prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SASL; - version = LDAP_VERSION3; - sasl_flags = LDAP_SASL_QUIET; - break; -#else - fprintf( stderr, "%s: not compiled with SASL support\n", - prog ); - return( EXIT_FAILURE ); -#endif - case 'R': -#ifdef HAVE_CYRUS_SASL - if( sasl_realm != NULL ) { - fprintf( stderr, "%s: -R previously specified\n", prog ); - return EXIT_FAILURE; - } - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -R incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: incompatible previous " - "authentication choice\n", - prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SASL; - version = LDAP_VERSION3; - sasl_realm = strdup( optarg ); -#else - fprintf( stderr, "%s: not compiled with SASL support\n", - prog ); - return( EXIT_FAILURE ); -#endif - break; - case 'U': -#ifdef HAVE_CYRUS_SASL - if( sasl_authc_id != NULL ) { - fprintf( stderr, "%s: -U previously specified\n", prog ); - return EXIT_FAILURE; - } - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -U incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: incompatible previous " - "authentication choice\n", - prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SASL; - version = LDAP_VERSION3; - sasl_authc_id = strdup( optarg ); -#else - fprintf( stderr, "%s: not compiled with SASL support\n", - prog ); - return( EXIT_FAILURE ); -#endif - break; - case 'v': /* verbose mode */ - verbose++; - break; - case 'w': /* password */ - passwd.bv_val = strdup( optarg ); - { - char* p; - - for( p = optarg; *p != '\0'; p++ ) { - *p = '\0'; - } - } - passwd.bv_len = strlen( passwd.bv_val ); - break; - case 'W': - want_bindpw++; - break; - case 'Y': -#ifdef HAVE_CYRUS_SASL - if( sasl_mech != NULL ) { - fprintf( stderr, "%s: -Y previously specified\n", prog ); - return EXIT_FAILURE; - } - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -Y incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: incompatible with authentication choice\n", prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SASL; - version = LDAP_VERSION3; - sasl_mech = strdup( optarg ); -#else - fprintf( stderr, "%s: not compiled with SASL support\n", - prog ); - return( EXIT_FAILURE ); -#endif - break; - case 'x': - if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) { - fprintf( stderr, "%s: incompatible with previous " - "authentication choice\n", prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SIMPLE; - break; - case 'X': -#ifdef HAVE_CYRUS_SASL - if( sasl_authz_id != NULL ) { - fprintf( stderr, "%s: -X previously specified\n", prog ); - return EXIT_FAILURE; - } - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -X incompatible with LDAPv%d\n", - prog, version ); - return EXIT_FAILURE; - } - if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: -X incompatible with " - "authentication choice\n", prog ); - return EXIT_FAILURE; - } - authmethod = LDAP_AUTH_SASL; - version = LDAP_VERSION3; - sasl_authz_id = strdup( optarg ); -#else - fprintf( stderr, "%s: not compiled with SASL support\n", - prog ); - return( EXIT_FAILURE ); -#endif - break; - case 'z': - quiet++; - break; - case 'Z': -#ifdef HAVE_TLS - if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s: -Z incompatible with version %d\n", - prog, version ); - return EXIT_FAILURE; - } - version = LDAP_VERSION3; - use_tls++; -#else - fprintf( stderr, "%s: not compiled with TLS support\n", - prog ); - return( EXIT_FAILURE ); -#endif - break; - default: - fprintf( stderr, "%s: unrecognized option -%c\n", - prog, optopt ); - usage( argv[0] ); - } - } - - if (version == -1) { - version = LDAP_VERSION3; - } - if (authmethod == -1 && version > LDAP_VERSION2) { -#ifdef HAVE_CYRUS_SASL - authmethod = LDAP_AUTH_SASL; -#else - authmethod = LDAP_AUTH_SIMPLE; -#endif - } + tool_args( argc, argv ); if ( argc - optind != 2 ) { - usage( argv[ 0 ] ); + usage(); } compdn = argv[optind++]; @@ -490,7 +142,7 @@ main( int argc, char **argv ) */ sep = strchr(attrs, ':'); if (!sep) { - usage( argv[ 0 ] ); + usage(); } *sep++='\0'; @@ -504,160 +156,31 @@ main( int argc, char **argv ) bvalue.bv_len = lutil_b64_pton( &sep[1], bvalue.bv_val, strlen( &sep[1] )); - if (bvalue.bv_len == -1) { + if (bvalue.bv_len == (ber_len_t)-1) { fprintf(stderr, "base64 decode error\n"); exit(-1); } } - if ( debug ) { - if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) - != LBER_OPT_SUCCESS ) - { - fprintf( stderr, - "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); - } - if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) - != LDAP_OPT_SUCCESS ) - { - fprintf( stderr, - "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug ); - } + if ( debug ) ldif_debug = debug; - } - -#ifdef SIGPIPE - (void) SIGNAL( SIGPIPE, SIG_IGN ); -#endif - - if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) { - if ( verbose ) { - fprintf( stderr, "ldap_init( %s, %d )\n", - ldaphost != NULL ? ldaphost : "", - ldapport ); - } - - ld = ldap_init( ldaphost, ldapport ); - if( ld == NULL ) { - perror("ldapcompare: ldap_init"); - return EXIT_FAILURE; - } - - } else { - if ( verbose ) { - fprintf( stderr, "ldap_initialize( %s )\n", - ldapuri != NULL ? ldapuri : "" ); - } - - rc = ldap_initialize( &ld, ldapuri ); - if( rc != LDAP_SUCCESS ) { - fprintf( stderr, - "Could not create LDAP session handle (%d): %s\n", - rc, ldap_err2string(rc) ); - return EXIT_FAILURE; - } - } - - - /* referrals */ - if (ldap_set_option( ld, LDAP_OPT_REFERRALS, - referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS ) - { - fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n", - referrals ? "on" : "off" ); - return EXIT_FAILURE; - } - if (version == -1 ) { - version = LDAP_VERSION3; - } - - if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) - != LDAP_OPT_SUCCESS ) - { - fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", - version ); - return EXIT_FAILURE; - } + ld = tool_conn_setup( 0, 0 ); - if ( use_tls && ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) { - ldap_perror( ld, "ldap_start_tls" ); - if ( use_tls > 1 ) { - return EXIT_FAILURE; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; } } - if (want_bindpw) { - passwd.bv_val = getpassphrase("Enter LDAP Password: "); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; - } - - if ( authmethod == LDAP_AUTH_SASL ) { -#ifdef HAVE_CYRUS_SASL - void *defaults; - - if( sasl_secprops != NULL ) { - rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS, - (void *) sasl_secprops ); - - if( rc != LDAP_OPT_SUCCESS ) { - fprintf( stderr, - "Could not set LDAP_OPT_X_SASL_SECPROPS: %s\n", - sasl_secprops ); - return EXIT_FAILURE; - } - } - - defaults = lutil_sasl_defaults( ld, - sasl_mech, - sasl_realm, - sasl_authc_id, - passwd.bv_val, - sasl_authz_id ); + tool_bind( ld ); - rc = ldap_sasl_interactive_bind_s( ld, binddn, - sasl_mech, NULL, NULL, - sasl_flags, lutil_sasl_interact, defaults ); - - if( rc != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); - return EXIT_FAILURE; - } -#else - fprintf( stderr, "%s: not compiled with SASL support\n", - prog, argv[0] ); - return EXIT_FAILURE; -#endif - } else { - if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod ) - != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_bind" ); - return EXIT_FAILURE; - } - } - - if ( manageDSAit ) { - int err; - LDAPControl c; - LDAPControl *ctrls[2]; - ctrls[0] = &c; - ctrls[1] = NULL; - - c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c.ldctl_value.bv_val = NULL; - c.ldctl_value.bv_len = 0; - c.ldctl_iscritical = manageDSAit > 1; - - err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); - - if( err != LDAP_OPT_SUCCESS ) { - fprintf( stderr, "Could not set ManageDSAit %scontrol\n", - c.ldctl_iscritical ? "critical " : "" ); - if( c.ldctl_iscritical ) { - return EXIT_FAILURE; - } - } - } + if ( authzid || manageDSAit || noop ) + tool_server_controls( ld, NULL, 0 ); if ( verbose ) { fprintf( stderr, "DN:%s, attr:%s, value:%s\n",