X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldapsearch.c;h=9b349da6b09289d11aa0943742b4933ee13b62f7;hb=78f6d75586381f3cfa0af8a7e3e72e862a76a730;hp=01f0510584a35ff1415a75ba9e1833920ef3d916;hpb=95eea5acccaffb85ee2ac4ffcf4cd45dbb0fc4a0;p=openldap diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 01f0510584..9b349da6b0 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -39,55 +39,55 @@ usage( const char *s ) { fprintf( stderr, "usage: %s [options] [filter [attributes...]]\nwhere:\n" -"\tfilter\tRFC-2254 compliant LDAP search filter\n" -"\tattributes\twhitespace-separated list of attribute descriptions\n" -"\t which may include:\n" -"\t\t1.1 -- no attributes\n" -"\t\t* -- all user attributes\n" -"\t\t+ -- all operational attributes\n" +" filter\tRFC-2254 compliant LDAP search filter\n" +" attributes\twhitespace-separated list of attribute descriptions\n" +" which may include:\n" +" 1.1 no attributes\n" +" * all user attributes\n" +" + all operational attributes\n" "Search options:\n" -"\t-a deref\tdereference aliases: never (default), always, search, or find\n" -"\t-A\t\tretrieve attribute names only (no values)\n" -"\t-b basedn\tbase dn for search\n" -"\t-l limit\ttime limit (in seconds) for search\n" -"\t-L\t\tprint responses in LDIFv1 format\n" -"\t-LL\t\tprint responses in LDIF format without comments\n" -"\t-LLL\t\tprint responses in LDIF format without comments\n" -"\t\t\tand version\n" -"\t-s scope\tone of base, one, or sub (search scope)\n" -"\t-S attr\t\tsort the results by attribute `attr'\n" -"\t-t\t\twrite binary values to files in temporary directory\n" -"\t-tt\t\twrite all values to files in temporary directory\n" -"\t-T path\t\twrite files to directory specified by path (default:\n" -"\t\t\t\"" LDAP_TMPDIR "\")\n" -"\t-u\t\tinclude User Friendly entry names in the output\n" +" -a deref one of never (default), always, search, or find\n" +" -A retrieve attribute names only (no values)\n" +" -b basedn base dn for search\n" +" -l limit time limit (in seconds) for search\n" +" -L print responses in LDIFv1 format\n" +" -LL print responses in LDIF format without comments\n" +" -LLL print responses in LDIF format without comments\n" +" and version\n" +" -s scope one of base, one, or sub (search scope)\n" +" -S attr sort the results by attribute `attr'\n" +" -t write binary values to files in temporary directory\n" +" -tt write all values to files in temporary directory\n" +" -T path write files to directory specified by path (default:\n" +" " LDAP_TMPDIR ")\n" +" -u include User Friendly entry names in the output\n" +" -V prefix URL prefix for files (default: \"" LDAP_FILE_URI_PREFIX ")\n" +" -z limit size limit (in entries) for search\n" "Common options:\n" -"\t-d level\tset LDAP debugging level to `level'\n" -"\t-D binddn\tbind DN\n" -"\t-f file\t\tread operations from `file'\n" -"\t-h host\t\tLDAP server\n" -"\t-I\t\tuse SASL Interactive mode\n" -"\t-k\t\tuse Kerberos authentication\n" -"\t-K\t\tlike -k, but do only step 1 of the Kerberos bind\n" -"\t-M\t\tenable Manage DSA IT control (-MM to make critical)\n" -"\t-n\t\tshow what would be done but don't actually search\n" -"\t-O secprops\tSASL security properties\n" -"\t-p port\t\tport on LDAP server\n" -"\t-P version\tprocotol version (default: 3)\n" -"\t-Q\t\tuse SASL Quiet mode\n" -"\t-R realm\tSASL realm\n" -"\t-U user\t\tSASL authentication identity (username)\n" -"\t-v\t\trun in verbose mode (diagnostics to standard output)\n" -"\t-V prefix\tURL prefix for files (default: \"" LDAP_FILE_URI_PREFIX ")\n" -"\t-w passwd\tbind passwd (for simple authentication)\n" -"\t-W\t\tprompt for bind passwd\n" -"\t-x\t\tSimple authentication\n" -"\t-X id\t\tSASL authorization identity (\"dn:\" or \"u:\")\n" -"\t-Y mech\t\tSASL mechanism\n" -"\t-z limit\tsize limit (in entries) for search\n" -"\t-Z\t\tissue Start TLS request (-ZZ to require successful response)\n" +" -d level set LDAP debugging level to `level'\n" +" -D binddn bind DN\n" +" -f file read operations from `file'\n" +" -h host LDAP server\n" +" -I use SASL Interactive mode\n" +" -k use Kerberos authentication\n" +" -K like -k, but do only step 1 of the Kerberos bind\n" +" -M enable Manage DSA IT control (-MM to make critical)\n" +" -n show what would be done but don't actually search\n" +" -O props SASL security properties\n" +" -p port port on LDAP server\n" +" -P version procotol version (default: 3)\n" +" -Q use SASL Quiet mode\n" +" -R realm SASL realm\n" +" -U user SASL authentication identity (username)\n" +" -v run in verbose mode (diagnostics to standard output)\n" +" -w passwd bind passwd (for simple authentication)\n" +" -W prompt for bind passwd\n" +" -x Simple authentication\n" +" -X id SASL authorization identity (\"dn:\" or \"u:\")\n" +" -Y mech SASL mechanism\n" +" -Z Start TLS request (-ZZ to require successful response)\n" , s ); exit( EXIT_FAILURE ); @@ -140,13 +140,15 @@ static int dosearch LDAP_P(( static char *tmpdir = NULL; static char *urlpre = NULL; +static char *prog = NULL; static char *binddn = NULL; static struct berval passwd = { 0, NULL }; static char *base = NULL; static char *ldaphost = NULL; +static char *ldapuri = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL -static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC; +static unsigned sasl_flags = LDAP_SASL_AUTOMATIC; static char *sasl_realm = NULL; static char *sasl_authc_id = NULL; static char *sasl_authz_id = NULL; @@ -160,12 +162,12 @@ static int verbose, not, includeufn, vals2tmp, ldif; int main( int argc, char **argv ) { - char *prog, *infile, *filtpattern, **attrs, line[BUFSIZ]; + char *infile, *filtpattern, **attrs, line[BUFSIZ]; FILE *fp = NULL; int rc, i, first, scope, deref, attrsonly, manageDSAit; int referrals, timelimit, sizelimit, debug; int authmethod, version, want_bindpw; - LDAP *ld; + LDAP *ld = NULL; infile = NULL; debug = verbose = not = vals2tmp = referrals = @@ -176,10 +178,10 @@ main( int argc, char **argv ) scope = LDAP_SCOPE_SUBTREE; authmethod = -1; - prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : ++prog; + prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1; while (( i = getopt( argc, argv, - "Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF ) + "Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF ) { switch( i ) { /* Search Options */ @@ -264,12 +266,53 @@ main( int argc, char **argv ) binddn = strdup( optarg ); break; case 'h': /* ldap host */ + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -h incompatible with -H\n" ); + return EXIT_FAILURE; + } if( ldaphost != NULL ) { fprintf( stderr, "%s: -h previously specified\n" ); return EXIT_FAILURE; } ldaphost = strdup( optarg ); break; + case 'H': /* ldap URI */ + if( ldaphost != NULL ) { + fprintf( stderr, "%s: -H incompatible with -h\n" ); + return EXIT_FAILURE; + } + if( ldapport ) { + fprintf( stderr, "%s: -H incompatible with -p\n" ); + return EXIT_FAILURE; + } + if( ldapuri != NULL ) { + fprintf( stderr, "%s: -H previously specified\n" ); + return EXIT_FAILURE; + } + ldapuri = strdup( optarg ); + break; + case 'I': +#ifdef HAVE_CYRUS_SASL + if( version == LDAP_VERSION2 ) { + fprintf( stderr, "%s: -I incompatible with version %d\n", + prog, version ); + return EXIT_FAILURE; + } + if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) { + fprintf( stderr, "%s: incompatible previous " + "authentication choice\n", + prog ); + return EXIT_FAILURE; + } + authmethod = LDAP_AUTH_SASL; + version = LDAP_VERSION3; + sasl_flags = LDAP_SASL_INTERACTIVE; + break; +#else + fprintf( stderr, "%s: was not compiled with SASL support\n", + prog ); + return( EXIT_FAILURE ); +#endif case 'k': /* kerberos bind */ #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if( version > LDAP_VERSION2 ) { @@ -393,9 +436,10 @@ main( int argc, char **argv ) } authmethod = LDAP_AUTH_SASL; version = LDAP_VERSION3; - sasl_flags = LUTIL_SASL_QUIET; + sasl_flags = LDAP_SASL_QUIET; + break; #else - fprintf( stderr, "%s: was not compiled with SASL support\n", + fprintf( stderr, "%s: not compiled with SASL support\n", prog ); return( EXIT_FAILURE ); #endif @@ -420,7 +464,7 @@ main( int argc, char **argv ) version = LDAP_VERSION3; sasl_realm = strdup( optarg ); #else - fprintf( stderr, "%s: was not compiled with SASL support\n", + fprintf( stderr, "%s: not compiled with SASL support\n", prog ); return( EXIT_FAILURE ); #endif @@ -446,7 +490,7 @@ main( int argc, char **argv ) version = LDAP_VERSION3; sasl_authc_id = strdup( optarg ); #else - fprintf( stderr, "%s: was not compiled with SASL support\n", + fprintf( stderr, "%s: not compiled with SASL support\n", prog ); return( EXIT_FAILURE ); #endif @@ -487,7 +531,7 @@ main( int argc, char **argv ) version = LDAP_VERSION3; sasl_mech = strdup( optarg ); #else - fprintf( stderr, "%s: was not compiled with SASL support\n", + fprintf( stderr, "%s: not compiled with SASL support\n", prog ); return( EXIT_FAILURE ); #endif @@ -528,7 +572,7 @@ main( int argc, char **argv ) case 'Z': #ifdef HAVE_TLS if( version == LDAP_VERSION2 ) { - fprintf( stderr, "%s -Z incompatible with version %d\n", + fprintf( stderr, "%s: -Z incompatible with version %d\n", prog, version ); return EXIT_FAILURE; } @@ -559,7 +603,8 @@ main( int argc, char **argv ) } if (( argc - optind < 1 ) || - ( strchr( argv[optind], '=' ) == NULL ) ) + ( *argv[optind] != '(' /*')'*/ && + ( strchr( argv[optind], '=' ) == NULL ) ) ) { filtpattern = "(objectclass=*)"; } else { @@ -617,15 +662,26 @@ main( int argc, char **argv ) (void) SIGNAL( SIGPIPE, SIG_IGN ); #endif - if ( verbose ) { - fprintf( stderr, - (ldapport ? "ldap_init( %s, %d )\n" : "ldap_init( %s, )\n"), - (ldaphost != NULL) ? ldaphost : "", - ldapport ); + + if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) { + if ( verbose ) { + fprintf( stderr, "ldap_init( %s, %d )\n", + ldaphost != NULL ? ldaphost : "", + ldapport ); + } + ld = ldap_init( ldaphost, ldapport ); + + } else { + if ( verbose ) { + fprintf( stderr, "ldap_initialize( %s )\n", + ldapuri != NULL ? ldapuri : "" ); + } + (void) ldap_initialize( &ld, ldapuri ); } - if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { - perror( "ldap_init" ); + if( ld == NULL ) { + fprintf( stderr, "Could not create LDAP session handle (%d): %s\n", + rc, ldap_err2string(rc) ); return EXIT_FAILURE; } @@ -669,9 +725,13 @@ main( int argc, char **argv ) return EXIT_FAILURE; } - if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { - if ( use_tls > 1 ) { + if ( use_tls ) { + rc = ldap_start_tls_s( ld, NULL, NULL ); + + if ( rc != LDAP_SUCCESS && use_tls > 1 ) { ldap_perror( ld, "ldap_start_tls" ); + fprintf( stderr, "Could not start TLS %d: %s\n", + rc, ldap_err2string( rc ) ); return EXIT_FAILURE; } fprintf( stderr, "WARNING: could not start TLS\n" ); @@ -698,7 +758,7 @@ main( int argc, char **argv ) } } - defaults = lutil_sasl_defaults( ld, sasl_flags, + defaults = lutil_sasl_defaults( ld, sasl_mech, sasl_realm, sasl_authc_id, @@ -707,15 +767,15 @@ main( int argc, char **argv ) rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, - lutil_sasl_interact, defaults ); + sasl_flags, lutil_sasl_interact, defaults ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); return( EXIT_FAILURE ); } #else - fprintf( stderr, "%s was not compiled with SASL support\n", - argv[0] ); + fprintf( stderr, "%s: not compiled with SASL support\n", + prog, argv[0] ); return( EXIT_FAILURE ); #endif } else { @@ -738,7 +798,7 @@ main( int argc, char **argv ) c.ldctl_value.bv_len = 0; c.ldctl_iscritical = manageDSAit > 1; - err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls ); + err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls ); if( err != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set ManageDSAit %scontrol\n", @@ -862,8 +922,8 @@ static int dosearch( sctrls, cctrls, timelimit, sizelimit, &msgid ); if( rc != LDAP_SUCCESS ) { - fprintf( stderr, "ldapsearch: ldap_search_ext: %s (%d)\n", - ldap_err2string( rc ), rc ); + fprintf( stderr, "%s: ldap_search_ext: %s (%d)\n", + prog, ldap_err2string( rc ), rc ); return( rc ); }