X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldapsearch.c;h=da6831074139dffcfe6e7859ac642aa9407b9cee;hb=8045b54124f0365b3d34d9d3220256f052f2b76b;hp=18ea706c0b4ada4fd7fa27b421ec4edd1598973c;hpb=a8f7f0b3c7e58302cc847f9bfa5e4ace5db4e85f;p=openldap diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index 18ea706c0b..da68310741 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -1,504 +1,888 @@ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + #include "portable.h" #include -#include + +#include #include +#include #include #include +#include +#include -#include -#include -#include +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_IO_H +#include +#endif -#define DEFSEP "=" +#include -#ifdef LDAP_DEBUG -extern int ldap_debug, lber_debug; -#endif /* LDAP_DEBUG */ +#include "ldif.h" +#include "ldap_defaults.h" +#define DEFSEP "=" -static void usage( s ) -char *s; +static void +usage( const char *s ) { - fprintf( stderr, "usage: %s [options] filter [attributes...]\nwhere:\n", s ); - fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" ); - fprintf( stderr, " attributes\twhitespace-separated list of attributes to retrieve\n" ); - fprintf( stderr, "\t\t(if no attribute list is given, all are retrieved)\n" ); - fprintf( stderr, "options:\n" ); - fprintf( stderr, " -n\t\tshow what would be done but don't actually search\n" ); - fprintf( stderr, " -v\t\trun in verbose mode (diagnostics to standard output)\n" ); - fprintf( stderr, " -t\t\twrite values to files in /tmp\n" ); - fprintf( stderr, " -u\t\tinclude User Friendly entry names in the output\n" ); - fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" ); - fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" ); - fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" ); -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS - fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" ); -#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS */ - fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" ); - fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" ); - fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" ); - fprintf( stderr, " -f file\tperform sequence of searches listed in `file'\n" ); - fprintf( stderr, " -b basedn\tbase dn for search\n" ); - fprintf( stderr, " -s scope\tone of base, one, or sub (search scope)\n" ); - fprintf( stderr, " -a deref\tone of never, always, search, or find (alias dereferencing)\n" ); - fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" ); - fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" ); - fprintf( stderr, " -D binddn\tbind dn\n" ); - fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" ); -#ifdef HAVE_KERBEROS - fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" ); -#endif - fprintf( stderr, " -h host\tldap server\n" ); - fprintf( stderr, " -p port\tport on ldap server\n" ); - exit( 1 ); + fprintf( stderr, +"usage: %s [options] filter [attributes...]\nwhere:\n" +" filter\tRFC-1558 compliant LDAP search filter\n" +" attributes\twhitespace-separated list of attributes to retrieve\n" +"\t\t1.1 -- no attributes\n" +"\t\t* -- all user attributes\n" +"\t\t+ -- all operational attributes\n" +"\t\tempty list -- all non-operational attributes\n" +"options:\n" +" -a deref\tone of `never', `always', `search', or `find' (alias\n" +" \tdereferencing)\n" +" -A\t\tretrieve attribute names only (no values)\n" +" -b basedn\tbase dn for search\n" +" -B\t\tdo not suppress printing of binary values\n" +" -d level\tset LDAP debugging level to `level'\n" +" -D binddn\tbind DN\n" +" -E\t\trequest SASL privacy (-EE to make it critical)\n" +" -f file\t\tperform sequence of searches listed in `file'\n" +" -F sep\t\tprint `sep' instead of `=' between attribute names and\n" +" \tvalues\n" +" -h host\t\tLDAP server\n" +" -I\t\trequest SASL integrity checking (-II to make it\n" +" \tcritical)\n" +" -k\t\tuse Kerberos authentication\n" +" -K\t\tlike -k, but do only step 1 of the Kerberos bind\n" +" -l limit\ttime limit (in seconds) for search\n" +" -L\t\tprint entries in LDIF format (implies -B)\n" +" -LL\t\tprint entries in LDIF format without comments\n" +" -LLL\t\tprint entries in LDIF format without comments and\n" +" \tversion\n" +" -M\t\tenable Manage DSA IT control (-MM to make critical)\n" +" -n\t\tshow what would be done but don't actually search\n" +" -p port\t\tport on LDAP server\n" +" -P version\tprocotol version (2 or 3)\n" +" -R\t\tdo not automatically follow referrals\n" +" -s scope\tone of base, one, or sub (search scope)\n" +" -S attr\t\tsort the results by attribute `attr'\n" +" -t\t\twrite binary values to files in TMPDIR\n" +" -tt\t\twrite all values to files in TMPDIR\n" +" -T path\t\twrite files to directory specified by path (default:\n" +" \t\"/tmp\")\n" +" -u\t\tinclude User Friendly entry names in the output\n" +" -U user\t\tSASL authentication identity (username)\n" +" -v\t\trun in verbose mode (diagnostics to standard output)\n" +" -V prefix\tURL prefix for files (default: \"file://tmp/\")\n" +" -w passwd\tbind passwd (for simple authentication)\n" +" -W\t\tprompt for bind passwd\n" +" -X id\t\tSASL authorization identity (\"dn:\" or \"u:\")\n" +" -Y mech\t\tSASL mechanism\n" +" -z limit\tsize limit (in entries) for search\n" +" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n" +, s ); + + exit( EXIT_FAILURE ); } static void print_entry LDAP_P(( - LDAP *ld, - LDAPMessage *entry, - int attrsonly)); + LDAP *ld, + LDAPMessage *entry, + int attrsonly)); -static int write_ldif_value LDAP_P(( - char *type, +static int write_ldif LDAP_P(( + int type, + char *name, char *value, - unsigned long vallen )); + ber_len_t vallen )); static int dosearch LDAP_P(( LDAP *ld, - char *base, - int scope, - char **attrs, - int attrsonly, - char *filtpatt, - char *value)); + char *base, + int scope, + char **attrs, + int attrsonly, + char *filtpatt, + char *value)); + +#define TMPDIR "/tmp" +#define URLPRE "file:/tmp/" + +static char *tmpdir = NULL; +static char *urlpre = NULL; static char *binddn = NULL; -static char *passwd = NULL; +static struct berval passwd = { 0, NULL }; static char *base = NULL; static char *ldaphost = NULL; static int ldapport = 0; +#ifdef HAVE_CYRUS_SASL +static char *sasl_authc_id = NULL; +static char *sasl_authz_id = NULL; +static char *sasl_mech = NULL; +static int sasl_integrity = 0; +static int sasl_privacy = 0; +#endif +static int use_tls = 0; static char *sep = DEFSEP; static char *sortattr = NULL; static int skipsortattr = 0; -static int verbose, not, includeufn, allow_binary, vals2tmp, ldif; +static int verbose, not, includeufn, binary, vals2tmp, ldif; int -main( argc, argv ) -int argc; -char **argv; +main( int argc, char **argv ) { - char *infile, *filtpattern, **attrs, line[ BUFSIZ ]; - FILE *fp; - int rc, i, first, scope, kerberos, deref, attrsonly; - int referrals, timelimit, sizelimit, authmethod; - LDAP *ld; - extern char *optarg; - extern int optind; - - infile = NULL; - deref = verbose = allow_binary = not = kerberos = vals2tmp = - attrsonly = ldif = 0; - referrals = (int) LDAP_OPT_ON; - sizelimit = timelimit = 0; - scope = LDAP_SCOPE_SUBTREE; - - while (( i = getopt( argc, argv, -#ifdef HAVE_KERBEROS - "KknuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" -#else - "nuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" -#endif - )) != EOF ) { + char *infile, *filtpattern, **attrs, line[ BUFSIZ ]; + FILE *fp = NULL; + int rc, i, first, scope, deref, attrsonly, manageDSAit; + int referrals, timelimit, sizelimit, debug; + int authmethod, version, want_bindpw; + LDAP *ld; + + infile = NULL; + debug = verbose = binary = not = vals2tmp = + attrsonly = manageDSAit = ldif = want_bindpw = 0; + + deref = referrals = sizelimit = timelimit = version = -1; + + scope = LDAP_SCOPE_SUBTREE; + authmethod = LDAP_AUTH_SIMPLE; + + while (( i = getopt( argc, argv, + "Aa:Bb:D:d:EF:f:h:IKkLl:MnP:p:RS:s:T:tU:uV:vWw:X:Y:Zz:")) != EOF ) + { switch( i ) { case 'n': /* do Not do any searches */ - ++not; - break; + ++not; + break; case 'v': /* verbose mode */ - ++verbose; - break; + ++verbose; + break; case 'd': -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi( optarg ); /* */ -#else /* LDAP_DEBUG */ - fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); -#endif /* LDAP_DEBUG */ - break; -#ifdef HAVE_KERBEROS + debug |= atoi( optarg ); + break; case 'k': /* use kerberos bind */ - kerberos = 2; - break; +#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND + authmethod = LDAP_AUTH_KRBV4; +#else + fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] ); + return( EXIT_FAILURE ); +#endif + break; case 'K': /* use kerberos bind, 1st part only */ - kerberos = 1; - break; +#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND + authmethod = LDAP_AUTH_KRBV41; +#else + fprintf( stderr, "%s was not compiled with Kerberos support\n", argv[0] ); + return( EXIT_FAILURE ); #endif + break; + break; case 'u': /* include UFN */ - ++includeufn; - break; + ++includeufn; + break; case 't': /* write attribute values to /tmp files */ - ++vals2tmp; - break; + ++vals2tmp; + break; + case 'M': + /* enable Manage DSA IT */ + manageDSAit++; + break; case 'R': /* don't automatically chase referrals */ referrals = (int) LDAP_OPT_OFF; - break; + break; case 'A': /* retrieve attribute names only -- no values */ - ++attrsonly; - break; + ++attrsonly; + break; case 'L': /* print entries in LDIF format */ - ++ldif; - /* fall through -- always allow binary when outputting LDIF */ + ++ldif; + /* fall through -- always allow binary when outputting LDIF */ case 'B': /* allow binary values to be printed */ - ++allow_binary; - break; + ++binary; + break; case 's': /* search scope */ - if ( strncasecmp( optarg, "base", 4 ) == 0 ) { + if ( strcasecmp( optarg, "base" ) == 0 ) { scope = LDAP_SCOPE_BASE; - } else if ( strncasecmp( optarg, "one", 3 ) == 0 ) { + } else if ( strcasecmp( optarg, "one" ) == 0 ) { scope = LDAP_SCOPE_ONELEVEL; - } else if ( strncasecmp( optarg, "sub", 3 ) == 0 ) { + } else if ( strcasecmp( optarg, "sub" ) == 0 ) { scope = LDAP_SCOPE_SUBTREE; - } else { + } else { fprintf( stderr, "scope should be base, one, or sub\n" ); usage( argv[ 0 ] ); - } - break; + } + break; case 'a': /* set alias deref option */ - if ( strncasecmp( optarg, "never", 5 ) == 0 ) { + if ( strcasecmp( optarg, "never" ) == 0 ) { deref = LDAP_DEREF_NEVER; - } else if ( strncasecmp( optarg, "search", 5 ) == 0 ) { + } else if ( strcasecmp( optarg, "search" ) == 0 ) { deref = LDAP_DEREF_SEARCHING; - } else if ( strncasecmp( optarg, "find", 4 ) == 0 ) { + } else if ( strcasecmp( optarg, "find" ) == 0 ) { deref = LDAP_DEREF_FINDING; - } else if ( strncasecmp( optarg, "always", 6 ) == 0 ) { + } else if ( strcasecmp( optarg, "always" ) == 0 ) { deref = LDAP_DEREF_ALWAYS; - } else { + } else { fprintf( stderr, "alias deref should be never, search, find, or always\n" ); usage( argv[ 0 ] ); - } - break; - + } + break; + + case 'T': /* field separator */ + if( tmpdir ) free( tmpdir ); + tmpdir = strdup( optarg ); + break; + case 'V': /* field separator */ + if( urlpre ) free( urlpre ); + urlpre = strdup( optarg ); + break; case 'F': /* field separator */ - sep = strdup( optarg ); - break; + sep = strdup( optarg ); + break; case 'f': /* input file */ - infile = strdup( optarg ); - break; + infile = strdup( optarg ); + break; case 'h': /* ldap host */ - ldaphost = strdup( optarg ); - break; + ldaphost = strdup( optarg ); + break; case 'b': /* searchbase */ - base = strdup( optarg ); - break; + base = strdup( optarg ); + break; case 'D': /* bind DN */ - binddn = strdup( optarg ); - break; + binddn = strdup( optarg ); + break; case 'p': /* ldap port */ - ldapport = atoi( optarg ); - break; + ldapport = atoi( optarg ); + break; case 'w': /* bind password */ - passwd = strdup( optarg ); - break; + passwd.bv_val = strdup( optarg ); + { + char* p; + + for( p = optarg; *p == '\0'; p++ ) { + *p = '*'; + } + } + passwd.bv_len = strlen( passwd.bv_val ); + break; case 'l': /* time limit */ - timelimit = atoi( optarg ); - break; + timelimit = atoi( optarg ); + break; case 'z': /* size limit */ - sizelimit = atoi( optarg ); - break; + sizelimit = atoi( optarg ); + break; case 'S': /* sort attribute */ - sortattr = strdup( optarg ); - break; + sortattr = strdup( optarg ); + break; + case 'W': + want_bindpw++; + break; + case 'P': + switch( atoi( optarg ) ) + { + case 2: + version = LDAP_VERSION2; + break; + case 3: + version = LDAP_VERSION3; + break; + default: + fprintf( stderr, "protocol version should be 2 or 3\n" ); + usage( argv[0] ); + } + break; + case 'I': +#ifdef HAVE_CYRUS_SASL + sasl_integrity++; + authmethod = LDAP_AUTH_SASL; +#else + fprintf( stderr, "%s was not compiled with SASL support\n", + argv[0] ); + return( EXIT_FAILURE ); +#endif + break; + case 'E': +#ifdef HAVE_CYRUS_SASL + sasl_privacy++; + authmethod = LDAP_AUTH_SASL; +#else + fprintf( stderr, "%s was not compiled with SASL support\n", + argv[0] ); + return( EXIT_FAILURE ); +#endif + break; + case 'Y': +#ifdef HAVE_CYRUS_SASL + if ( strcasecmp( optarg, "any" ) && strcmp( optarg, "*" ) ) { + sasl_mech = strdup( optarg ); + } + authmethod = LDAP_AUTH_SASL; +#else + fprintf( stderr, "%s was not compiled with SASL support\n", + argv[0] ); + return( EXIT_FAILURE ); +#endif + break; + case 'U': +#ifdef HAVE_CYRUS_SASL + sasl_authc_id = strdup( optarg ); + authmethod = LDAP_AUTH_SASL; +#else + fprintf( stderr, "%s was not compiled with SASL support\n", + argv[0] ); + return( EXIT_FAILURE ); +#endif + break; + case 'X': +#ifdef HAVE_CYRUS_SASL + sasl_authz_id = strdup( optarg ); + authmethod = LDAP_AUTH_SASL; +#else + fprintf( stderr, "%s was not compiled with SASL support\n", + argv[0] ); + return( EXIT_FAILURE ); +#endif + break; + case 'Z': +#ifdef HAVE_TLS + use_tls++; +#else + fprintf( stderr, "%s was not compiled with TLS support\n", + argv[0] ); + return( EXIT_FAILURE ); +#endif + break; default: - usage( argv[0] ); - } - } - - if ( argc - optind < 1 ) { - usage( argv[ 0 ] ); - } - filtpattern = strdup( argv[ optind ] ); - if ( argv[ optind + 1 ] == NULL ) { - attrs = NULL; - } else if ( sortattr == NULL || *sortattr == '\0' ) { - attrs = &argv[ optind + 1 ]; - } else { - for ( i = optind + 1; i < argc; i++ ) { - if ( strcasecmp( argv[ i ], sortattr ) == 0 ) { - break; - } - } - if ( i == argc ) { - skipsortattr = 1; - argv[ optind ] = sortattr; + usage( argv[0] ); + } + } + +#ifdef LDAP_LDIF + /* no alternative format */ + if( ldif < 1 ) ldif = 1; +#endif + + if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod == + LDAP_AUTH_KRBV41 ) ) { + if( version > LDAP_VERSION2 ) { + fprintf( stderr, "Kerberos requires LDAPv2\n" ); + return( EXIT_FAILURE ); + } + version = LDAP_VERSION2; + } + else if ( authmethod == LDAP_AUTH_SASL ) { + if( version != -1 && version != LDAP_VERSION3 ) { + fprintf( stderr, "SASL requires LDAPv3\n" ); + return( EXIT_FAILURE ); + } + version = LDAP_VERSION3; + } + + if( manageDSAit ) { + if( version != -1 && version != LDAP_VERSION3 ) { + fprintf(stderr, "manage DSA control requires LDAPv3\n"); + return EXIT_FAILURE; + } + version = LDAP_VERSION3; + } + + if( use_tls ) { + if( version != -1 && version != LDAP_VERSION3 ) { + fprintf(stderr, "Start TLS requires LDAPv3\n"); + return EXIT_FAILURE; + } + version = LDAP_VERSION3; + } + + if ( argc - optind < 1 ) { + usage( argv[ 0 ] ); + } + + filtpattern = strdup( argv[ optind ] ); + + if ( argv[ optind + 1 ] == NULL ) { + attrs = NULL; + } else if ( sortattr == NULL || *sortattr == '\0' ) { + attrs = &argv[ optind + 1 ]; } else { - optind++; + for ( i = optind + 1; i < argc; i++ ) { + if ( strcasecmp( argv[ i ], sortattr ) == 0 ) { + break; + } + } + if ( i == argc ) { + skipsortattr = 1; + argv[ optind ] = sortattr; + } else { + optind++; + } + attrs = &argv[ optind ]; } - attrs = &argv[ optind ]; - } - if ( infile != NULL ) { - if ( infile[0] == '-' && infile[1] == '\0' ) { - fp = stdin; - } else if (( fp = fopen( infile, "r" )) == NULL ) { - perror( infile ); - exit( 1 ); + if ( infile != NULL ) { + if ( infile[0] == '-' && infile[1] == '\0' ) { + fp = stdin; + } else if (( fp = fopen( infile, "r" )) == NULL ) { + perror( infile ); + return EXIT_FAILURE; + } } - } - if ( verbose ) { - printf( "ldap_open( %s, %d )\n", ldaphost, ldapport ); - } + if( tmpdir == NULL + && (tmpdir = getenv("TMPDIR")) == NULL + && (tmpdir = getenv("TMP")) == NULL + && (tmpdir = getenv("TEMP")) == NULL ) + { + tmpdir = "/tmp"; + } + + if( urlpre == NULL ) { + urlpre = malloc( sizeof("file:////") + strlen(tmpdir) ); - if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { - perror( ldaphost ); - exit( 1 ); - } + if( urlpre == NULL ) { + perror( "malloc" ); + return EXIT_FAILURE; + } - if (ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) == -1 ) { - /* set option error */ + sprintf( urlpre, "file:///%s/", + tmpdir[0] == '/' ? &tmpdir[1] : tmpdir ); + + /* urlpre should be URLized.... */ } - if (ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) == -1 ) { - /* set option error */ + + if ( debug ) { + if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); + } + if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug ); + } + ldif_debug = debug; } - if (ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) == -1 ) { - /* set option error */ + +#ifdef SIGPIPE + (void) SIGNAL( SIGPIPE, SIG_IGN ); +#endif + + if ( verbose ) { + fprintf( stderr, + (ldapport ? "ldap_init( %s, %d )\n" : "ldap_init( %s, )\n"), + (ldaphost != NULL) ? ldaphost : "", + ldapport ); } - if (ldap_set_option( ld, LDAP_OPT_REFERRALS, (void *) referrals ) == -1 ) { - /* set option error */ + + if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { + perror( "ldap_init" ); + return( EXIT_FAILURE ); } - if ( !kerberos ) { - authmethod = LDAP_AUTH_SIMPLE; - } else if ( kerberos == 1 ) { - authmethod = LDAP_AUTH_KRBV41; - } else { - authmethod = LDAP_AUTH_KRBV4; - } - if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_bind" ); - exit( 1 ); - } - - if ( verbose ) { - printf( "filter pattern: %s\nreturning: ", filtpattern ); - if ( attrs == NULL ) { - printf( "ALL" ); - } else { - for ( i = 0; attrs[ i ] != NULL; ++i ) { - printf( "%s ", attrs[ i ] ); - } + if (deref != -1 && + ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref ); + } + if (timelimit != -1 && + ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit ); + } + if (sizelimit != -1 && + ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit ); + } + if (referrals != -1 && + ldap_set_option( ld, LDAP_OPT_REFERRALS, + (referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n", + referrals ? "on" : "off" ); } - putchar( '\n' ); - } - if ( infile == NULL ) { - rc = dosearch( ld, base, scope, attrs, attrsonly, filtpattern, "" ); - } else { - rc = 0; - first = 1; - while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) { - line[ strlen( line ) - 1 ] = '\0'; - if ( !first ) { - putchar( '\n' ); - } else { - first = 0; - } - rc = dosearch( ld, base, scope, attrs, attrsonly, filtpattern, - line ); + if (version != -1 && + ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); + } + + if ( use_tls && ldap_start_tls( ld, NULL, NULL ) != LDAP_SUCCESS ) { + if ( use_tls > 1 ) { + ldap_perror( ld, "ldap_start_tls" ); + return( EXIT_FAILURE ); + } + } + + if (want_bindpw) { + passwd.bv_val = getpassphrase("Enter LDAP Password: "); + passwd.bv_len = strlen( passwd.bv_val ); + } + + if ( authmethod == LDAP_AUTH_SASL ) { +#ifdef HAVE_CYRUS_SASL + int minssf = 0, maxssf = 0; + + if ( sasl_integrity > 0 ) + maxssf = 1; + if ( sasl_integrity > 1 ) + minssf = 1; + if ( sasl_privacy > 0 ) + maxssf = 100000; /* Something big value */ + if ( sasl_privacy > 1 ) + minssf = 56; + + if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MINSSF, + (void *)&minssf ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MINSSF" + "%d\n", minssf); + return( EXIT_FAILURE ); + } + if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MAXSSF, + (void *)&maxssf ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MAXSSF" + "%d\n", maxssf); + return( EXIT_FAILURE ); + } + + rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, + sasl_authz_id, sasl_mech, + passwd.bv_len ? &passwd : NULL, + NULL, NULL ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_negotiated_sasl_bind_s" ); + return( EXIT_FAILURE ); + } +#else + fprintf( stderr, "%s was not compiled with SASL support\n", + argv[0] ); + return( EXIT_FAILURE ); +#endif + } + else { + if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod ) + != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_bind" ); + return( EXIT_FAILURE ); + } + } + + if ( manageDSAit ) { + int err; + LDAPControl c; + LDAPControl *ctrls[2]; + ctrls[0] = &c; + ctrls[1] = NULL; + + c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; + c.ldctl_iscritical = manageDSAit > 1; + + err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls ); + + if( err != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set Manage DSA IT Control\n" ); + if( c.ldctl_iscritical ) { + exit( EXIT_FAILURE ); + } + } + } + + if ( verbose ) { + fprintf( stderr, "filter%s: %s\nreturning: ", + infile != NULL ? " pattern" : "", + filtpattern ); + + if ( attrs == NULL ) { + fprintf( stderr, "ALL" ); + } else { + for ( i = 0; attrs[ i ] != NULL; ++i ) { + fprintf( stderr, "%s ", attrs[ i ] ); + } + } + fprintf( stderr, "\n" ); } - if ( fp != stdin ) { - fclose( fp ); + + if ( ldif ) { + if (ldif < 3 ) { + printf( "version: 1\n\n"); + } + + if (ldif < 2 ) { + printf( "#\n# filter%s: %s\n# returning: ", + infile != NULL ? " pattern" : "", + filtpattern ); + + if ( attrs == NULL ) { + printf( "ALL" ); + } else { + for ( i = 0; attrs[ i ] != NULL; ++i ) { + printf( "%s ", attrs[ i ] ); + } + } + printf( "\n#\n\n" ); + } } - } - ldap_unbind( ld ); - exit( rc ); + if ( infile == NULL ) { + rc = dosearch( ld, base, scope, attrs, attrsonly, NULL, filtpattern ); - /* UNREACHABLE */ - return(0); + } else { + rc = 0; + first = 1; + while ( rc == 0 && fgets( line, sizeof( line ), fp ) != NULL ) { + line[ strlen( line ) - 1 ] = '\0'; + if ( !first ) { + putchar( '\n' ); + } else { + first = 0; + } + rc = dosearch( ld, base, scope, attrs, attrsonly, + filtpattern, line ); + } + if ( fp != stdin ) { + fclose( fp ); + } + } + + ldap_unbind( ld ); + return( rc ); } static int dosearch( LDAP *ld, - char *base, - int scope, - char **attrs, - int attrsonly, - char *filtpatt, - char *value) + char *base, + int scope, + char **attrs, + int attrsonly, + char *filtpatt, + char *value) { - char filter[ BUFSIZ ]; - int rc, first, matches; - LDAPMessage *res, *e; + char filter[ BUFSIZ ]; + int rc, first, matches; + LDAPMessage *res, *e; - sprintf( filter, filtpatt, value ); + if( filtpatt != NULL ) { + sprintf( filter, filtpatt, value ); - if ( verbose ) { - printf( "filter is: (%s)\n", filter ); - } + if ( verbose ) { + fprintf( stderr, "filter is: (%s)\n", filter ); + } + + if( ldif == 1 ) { + printf( "#\n# filter: %s\n#\n", filter ); + } + + } else { + sprintf( filter, "%s", value ); + } - if ( not ) { - return( LDAP_SUCCESS ); - } + if ( not ) { + return( LDAP_SUCCESS ); + } - if ( ldap_search( ld, base, scope, filter, attrs, attrsonly ) == -1 ) { + if ( ldap_search( ld, base, scope, filter, attrs, attrsonly ) == -1 ) { int ld_errno; ldap_perror( ld, "ldap_search" ); ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ld_errno); return( ld_errno ); - } + } - matches = 0; - first = 1; - while ( (rc = ldap_result( ld, LDAP_RES_ANY, sortattr ? 1 : 0, NULL, &res )) - == LDAP_RES_SEARCH_ENTRY ) { + matches = 0; + first = 1; + res = NULL; + while ( (rc = ldap_result( ld, LDAP_RES_ANY, sortattr ? 1 : 0, NULL, &res )) + == LDAP_RES_SEARCH_ENTRY ) { matches++; e = ldap_first_entry( ld, res ); if ( !first ) { - putchar( '\n' ); + putchar( '\n' ); } else { - first = 0; + first = 0; } print_entry( ld, e, attrsonly ); ldap_msgfree( res ); - } - if ( rc == -1 ) { + res = NULL; + } + if ( rc == -1 ) { ldap_perror( ld, "ldap_result" ); return( rc ); - } - if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_search" ); - } - if ( sortattr != NULL ) { - extern int strcasecmp(); - - (void) ldap_sort_entries( ld, &res, - ( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp ); - matches = 0; - first = 1; - for ( e = ldap_first_entry( ld, res ); e != NULLMSG; - e = ldap_next_entry( ld, e ) ) { + } + if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_search" ); + } + if ( sortattr != NULL ) { + (void) ldap_sort_entries( ld, &res, + ( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp ); + matches = 0; + first = 1; + for ( e = ldap_first_entry( ld, res ); e != NULL; + e = ldap_next_entry( ld, e ) ) { matches++; if ( !first ) { - putchar( '\n' ); + putchar( '\n' ); } else { - first = 0; + first = 0; } print_entry( ld, e, attrsonly ); - } - } + } + } - if ( verbose ) { - printf( "%d matches\n", matches ); - } + if ( verbose ) { + printf( "%d matches\n", matches ); + } - ldap_msgfree( res ); - return( rc ); + ldap_msgfree( res ); + return( rc ); } -void print_entry( - LDAP *ld, - LDAPMessage *entry, - int attrsonly) +static void +print_entry( + LDAP *ld, + LDAPMessage *entry, + int attrsonly) { - char *a, *dn, *ufn, tmpfname[ 64 ]; - int i, j, notascii; - BerElement *ber; - struct berval **bvals; - FILE *tmpfp; - extern char *mktemp(); - - dn = ldap_get_dn( ld, entry ); - if ( ldif ) { - write_ldif_value( "dn", dn, strlen( dn )); - } else { - printf( "%s\n", dn ); - } - if ( includeufn ) { - ufn = ldap_dn2ufn( dn ); + char *a, *dn, *ufn; + char tmpfname[ 256 ]; + char url[ 256 ]; + int i; + BerElement *ber = NULL; + struct berval **bvals; + FILE *tmpfp; + + dn = ldap_get_dn( ld, entry ); + ufn = NULL; + + if ( ldif == 1 ) { + ufn = ldap_dn2ufn( dn ); + write_ldif( LDIF_PUT_COMMENT, NULL, ufn, strlen( ufn )); + } if ( ldif ) { - write_ldif_value( "ufn", ufn, strlen( ufn )); + write_ldif( LDIF_PUT_VALUE, "dn", dn, strlen( dn )); } else { - printf( "%s\n", ufn ); - } - free( ufn ); - } - free( dn ); - - for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL; - a = ldap_next_attribute( ld, entry, ber ) ) { - if ( skipsortattr && strcasecmp( a, sortattr ) == 0 ) { - continue; - } - if ( attrsonly ) { - if ( ldif ) { - write_ldif_value( a, "", 0 ); - } else { - printf( "%s\n", a ); - } - } else if (( bvals = ldap_get_values_len( ld, entry, a )) != NULL ) { - for ( i = 0; bvals[i] != NULL; i++ ) { - if ( vals2tmp ) { - sprintf( tmpfname, "/tmp/ldapsearch-%s-XXXXXX", a ); - tmpfp = NULL; - - if ( mktemp( tmpfname ) == NULL ) { - perror( tmpfname ); - } else if (( tmpfp = fopen( tmpfname, "w")) == NULL ) { - perror( tmpfname ); - } else if ( fwrite( bvals[ i ]->bv_val, - bvals[ i ]->bv_len, 1, tmpfp ) == 0 ) { - perror( tmpfname ); - } else if ( ldif ) { - write_ldif_value( a, tmpfname, strlen( tmpfname )); - } else { - printf( "%s%s%s\n", a, sep, tmpfname ); - } - - if ( tmpfp != NULL ) { - fclose( tmpfp ); - } + printf( "%s\n", dn ); + } + + if ( includeufn ) { + if( ufn == NULL ) { + ufn = ldap_dn2ufn( dn ); + } + if ( ldif ) { + write_ldif( LDIF_PUT_VALUE, "ufn", ufn, strlen( ufn )); } else { - notascii = 0; - if ( !allow_binary ) { - for ( j = 0; (unsigned long) j < bvals[ i ]->bv_len; ++j ) { - if ( !isascii( bvals[ i ]->bv_val[ j ] )) { - notascii = 1; - break; - } + printf( "%s\n", ufn ); + } + } + + if( ufn != NULL ) ldap_memfree( ufn ); + ldap_memfree( dn ); + + for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL; + a = ldap_next_attribute( ld, entry, ber ) ) + { + if ( skipsortattr && strcasecmp( a, sortattr ) == 0 ) { + continue; + } + + if ( attrsonly ) { + if ( ldif ) { + write_ldif( LDIF_PUT_NOVALUE, a, NULL, 0 ); + } else { + printf( "%s\n", a ); } - } - if ( ldif ) { - write_ldif_value( a, bvals[ i ]->bv_val, - bvals[ i ]->bv_len ); - } else { - printf( "%s%s%s\n", a, sep, - notascii ? "NOT ASCII" : bvals[ i ]->bv_val ); - } + } else if (( bvals = ldap_get_values_len( ld, entry, a )) != NULL ) { + for ( i = 0; bvals[i] != NULL; i++ ) { + if ( vals2tmp > 1 || ( vals2tmp + && ldif_is_not_printable( bvals[i]->bv_val, bvals[i]->bv_len ) )) + { + int tmpfd; + /* write value to file */ + sprintf( tmpfname, "%s" LDAP_DIRSEP "ldapsearch-%s-XXXXXX", + tmpdir, a ); + tmpfp = NULL; + + if ( mktemp( tmpfname ) == NULL ) { + perror( tmpfname ); + continue; + } + + if (( tmpfd = open( tmpfname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) == -1 ) { + perror( tmpfname ); + continue; + } + + if (( tmpfp = fdopen( tmpfd, "w")) == NULL ) { + perror( tmpfname ); + continue; + } + + if ( fwrite( bvals[ i ]->bv_val, + bvals[ i ]->bv_len, 1, tmpfp ) == 0 ) + { + perror( tmpfname ); + fclose( tmpfp ); + continue; + } + + fclose( tmpfp ); + + sprintf( url, "%s%s", urlpre, + &tmpfname[strlen(tmpdir) + sizeof(LDAP_DIRSEP) - 1] ); + + if ( ldif ) { + write_ldif( LDIF_PUT_URL, a, url, strlen( url )); + } else { + printf( "%s%s%s\n", a, sep, url ); + } + + + } else { + if ( ldif ) { + write_ldif( LDIF_PUT_VALUE, a, + bvals[ i ]->bv_val, bvals[ i ]->bv_len ); + + } else { + int notprint = !binary && !vals2tmp + && ldif_is_not_printable( bvals[i]->bv_val, + bvals[i]->bv_len ); + printf( "%s%s", a, sep ); + puts( notprint ? "NOT PRINTABLE" : bvals[ i ]->bv_val ); + } + } + } + ber_bvecfree( bvals ); } - } - ber_bvecfree( bvals ); } - } + + if( ber != NULL ) { + ber_free( ber, 0 ); + } } -int -write_ldif_value( char *type, char *value, unsigned long vallen ) +static int +write_ldif( int type, char *name, char *value, ber_len_t vallen ) { - char *ldif; + char *ldif; - if (( ldif = ldif_type_and_value( type, value, (int)vallen )) == NULL ) { - return( -1 ); - } + if (( ldif = ldif_put( type, name, value, vallen )) == NULL ) { + return( -1 ); + } - fputs( ldif, stdout ); - free( ldif ); + fputs( ldif, stdout ); + ber_memfree( ldif ); - return( 0 ); + return( 0 ); }