X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldapdelete.c;h=bc9d057dda9af71130307bbf8f2eb6b4a79d3aeb;hb=10a194feb5f227369c11317c0ab9988231593784;hp=13230f5f78f57722686f4d206323d100a5a3337c;hpb=ac6df28e7d771daa13d0b34f69b57fd1f09cf47b;p=openldap diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index 13230f5f78..bc9d057dda 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -17,6 +17,7 @@ #include #include +#include "lutil.h" #include "lutil_ldap.h" #include "ldap_defaults.h" @@ -61,6 +62,9 @@ usage( const char *s ) "Common options:\n" " -d level set LDAP debugging level to `level'\n" " -D binddn bind DN\n" +" -e [!][=] general controls (! indicates criticality)\n" +" [!]manageDSAit (alternate form, see -M)\n" +" [!]noop\n" " -f file read operations from `file'\n" " -h host LDAP server\n" " -H URI LDAP Uniform Resource Indentifier(s)\n" @@ -80,6 +84,7 @@ usage( const char *s ) " -W prompt for bind passwd\n" " -x Simple authentication\n" " -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" +" -y file Read passwd from file\n" " -Y mech SASL mechanism\n" " -Z Start TLS request (-ZZ to require successful response)\n" , s ); @@ -93,23 +98,52 @@ main( int argc, char **argv ) { char buf[ 4096 ]; FILE *fp; - int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit; + int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit, noop, crit; + char *pw_file; + char *control, *cvalue; - not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0; + not = verbose = contoper = want_bindpw = debug + = manageDSAit = noop = referrals = 0; fp = NULL; authmethod = -1; version = -1; + pw_file = NULL; - prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1; + prog = lutil_progname( "ldapdelete", argc, argv ); while (( i = getopt( argc, argv, "cf:r" - "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF ) + "Cd:D:e:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF ) { switch( i ) { /* Delete Specific Options */ case 'c': /* continuous operation mode */ ++contoper; break; + case 'E': /* delete controls */ + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -E incompatible with LDAPv%d\n", + prog, version ); + return EXIT_FAILURE; + } + + /* should be extended to support comma separated list of + * [!]key[=value] parameters, e.g. -E !foo,bar=567 + */ + + crit = 0; + cvalue = NULL; + if( optarg[0] == '!' ) { + crit = 1; + optarg++; + } + + control = strdup( optarg ); + if ( (cvalue = strchr( control, '=' )) != NULL ) { + *cvalue++ = '\0'; + } + fprintf( stderr, "Invalid delete control name: %s\n", control ); + usage(prog); + return EXIT_FAILURE; case 'f': /* read DNs from a file */ if( fp != NULL ) { fprintf( stderr, "%s: -f previously specified\n", prog ); @@ -138,6 +172,64 @@ main( int argc, char **argv ) } binddn = strdup( optarg ); break; + case 'e': /* general controls */ + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -e incompatible with LDAPv%d\n", + prog, version ); + return EXIT_FAILURE; + } + + /* should be extended to support comma separated list of + * [!]key[=value] parameters, e.g. -e !foo,bar=567 + */ + + crit = 0; + cvalue = NULL; + if( optarg[0] == '!' ) { + crit = 1; + optarg++; + } + + control = strdup( optarg ); + if ( (cvalue = strchr( control, '=' )) != NULL ) { + *cvalue++ = '\0'; + } + + if ( strcasecmp( control, "manageDSAit" ) == 0 ) { + if( manageDSAit ) { + fprintf( stderr, "manageDSAit control previously specified"); + return EXIT_FAILURE; + } + if( cvalue != NULL ) { + fprintf( stderr, "manageDSAit: no control value expected" ); + usage(prog); + return EXIT_FAILURE; + } + + manageDSAit = 1 + crit; + free( control ); + break; + + } else if ( strcasecmp( control, "noop" ) == 0 ) { + if( noop ) { + fprintf( stderr, "noop control previously specified"); + return EXIT_FAILURE; + } + if( cvalue != NULL ) { + fprintf( stderr, "noop: no control value expected" ); + usage(prog); + return EXIT_FAILURE; + } + + noop = 1 + crit; + free( control ); + break; + + } else { + fprintf( stderr, "Invalid general control name: %s\n", control ); + usage(prog); + return EXIT_FAILURE; + } case 'h': /* ldap host */ if( ldapuri != NULL ) { fprintf( stderr, "%s: -h incompatible with -H\n", prog ); @@ -385,6 +477,9 @@ main( int argc, char **argv ) case 'W': want_bindpw++; break; + case 'y': + pw_file = optarg; + break; case 'Y': #ifdef HAVE_CYRUS_SASL if( sasl_mech != NULL ) { @@ -552,9 +647,14 @@ main( int argc, char **argv ) } } - if (want_bindpw) { - passwd.bv_val = getpassphrase("Enter LDAP Password: "); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + } } if ( authmethod == LDAP_AUTH_SASL ) { @@ -602,25 +702,38 @@ main( int argc, char **argv ) } } - if ( manageDSAit ) { - int err; - LDAPControl c; - LDAPControl *ctrls[2]; - ctrls[0] = &c; - ctrls[1] = NULL; + if ( manageDSAit || noop ) { + int err, i = 0; + LDAPControl c1, c2; + LDAPControl *ctrls[3]; + + if ( manageDSAit ) { + ctrls[i++] = &c1; + ctrls[i] = NULL; + c1.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c1.ldctl_value.bv_val = NULL; + c1.ldctl_value.bv_len = 0; + c1.ldctl_iscritical = manageDSAit > 1; + } - c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; - c.ldctl_value.bv_val = NULL; - c.ldctl_value.bv_len = 0; - c.ldctl_iscritical = manageDSAit > 1; + if ( noop ) { + ctrls[i++] = &c2; + ctrls[i] = NULL; + c2.ldctl_oid = LDAP_CONTROL_NOOP; + c2.ldctl_value.bv_val = NULL; + c2.ldctl_value.bv_len = 0; + c2.ldctl_iscritical = noop > 1; + } + err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { - fprintf( stderr, "Could not set ManageDSAit %scontrol\n", - c.ldctl_iscritical ? "critical " : "" ); - if( c.ldctl_iscritical ) { - exit( EXIT_FAILURE ); + fprintf( stderr, "Could not set %scontrols\n", + (c1.ldctl_iscritical || c2.ldctl_iscritical) + ? "critical " : "" ); + if ( c1.ldctl_iscritical && c2.ldctl_iscritical ) { + return EXIT_FAILURE; } } }