X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldapwhoami.c;h=17d48b28e3981ac4abd6dd5867afc192778a3959;hb=9bc2cd3987b0bf5b86c2b9be417d7119f2e9d623;hp=666f2acc774a38b7e9585da10687fba0fa039f74;hpb=5fe7d38e1c3d6d477fd9b0565570a658bf20270d;p=openldap

diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c
index 666f2acc77..17d48b28e3 100644
--- a/clients/tools/ldapwhoami.c
+++ b/clients/tools/ldapwhoami.c
@@ -1,7 +1,34 @@
+/* ldapwhoami.c -- a tool for asking the directory "Who Am I?" */
 /* $OpenLDAP$ */
-/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ * Portions Copyright 1998-2001 Net Boolean Incorporated.
+ * Portions Copyright 2001-2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.  This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Kurt D. Zeilenga for inclusion
+ * in OpenLDAP Software based, in part, on other client tools.
  */
 
 #include "portable.h"
@@ -11,7 +38,6 @@
 #include <ac/stdlib.h>
 
 #include <ac/ctype.h>
-#include <ac/signal.h>
 #include <ac/socket.h>
 #include <ac/string.h>
 #include <ac/time.h>
@@ -22,101 +48,34 @@
 #include "lutil_ldap.h"
 #include "ldap_defaults.h"
 
-static int	verbose = 0;
+#include "common.h"
 
-static void
-usage(const char *s)
-{
-	fprintf(stderr,
-"Issue LDAP Who am I? operation to request user's authzid\n\n"
-"usage: %s [options]\n"
-
-"Common options:\n"
-"  -d level   set LDAP debugging level to `level'\n"
-"  -D binddn  bind DN\n"
-"  -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
-"             [!]authzid=<authzid> (\"dn:<dn>\" or \"u:<user>\")\n"
-"             [!]manageDSAit   (alternate form, see -M)\n"
-"             [!]noop\n"
-"  -f file    read operations from `file'\n"
-"  -h host    LDAP server(s)\n"
-"  -H URI     LDAP Uniform Resource Indentifier(s)\n"
-"  -I         use SASL Interactive mode\n"
-"  -n         show what would be done but don't actually do it\n"
-"  -O props   SASL security properties\n"
-"  -p port    port on LDAP server\n"
-"  -Q         use SASL Quiet mode\n"
-"  -R realm   SASL realm\n"
-"  -U authcid SASL authentication identity\n"
-"  -v         run in verbose mode (diagnostics to standard output)\n"
-"  -w passwd  bind passwd (for simple authentication)\n"
-"  -W         prompt for bind passwd\n"
-"  -x         Simple authentication\n"
-"  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
-"  -y file    Read passwd from file\n"
-"  -Y mech    SASL mechanism\n"
-"  -Z         Start TLS request (-ZZ to require successful response)\n"
-		, s );
 
+void
+usage( void )
+{
+	fprintf( stderr, _("Issue LDAP Who am I? operation to request user's authzid\n\n"));
+	fprintf( stderr, _("usage: %s [options]\n"), prog);
+	tool_common_usage();
 	exit( EXIT_FAILURE );
 }
 
-int
-main( int argc, char *argv[] )
-{
-	int rc;
-	char	*prog = NULL;
-	char	*ldaphost = NULL;
-	char	*ldapuri = NULL;
-
-	char	*user = NULL;
-	char	*binddn = NULL;
-
-	struct berval passwd = { 0, NULL };
-
-	char	*pw_file = NULL;
-	int		want_bindpw = 0;
-
-	int		not = 0;
-	int		i;
-	int		ldapport = 0;
-	int		debug = 0;
-	int		version = -1;
-	int		authmethod = -1;
-#ifdef HAVE_CYRUS_SASL
-	unsigned	sasl_flags = LDAP_SASL_AUTOMATIC;
-	char		*sasl_realm = NULL;
-	char		*sasl_authc_id = NULL;
-	char		*sasl_authz_id = NULL;
-	char		*sasl_mech = NULL;
-	char		*sasl_secprops = NULL;
-#endif
-	int		use_tls = 0;
-	int		referrals = 0;
-	LDAP	       *ld = NULL;
-	int	manageDSAit=0;
-	int noop=0;
-	char *authzid = NULL;
-	char	*control, *cvalue;
-	int		crit;
-
-	int id, code = LDAP_OTHER;
-	LDAPMessage *res;
-	char *matcheddn = NULL, *text = NULL, **refs = NULL;
-	char	*retoid = NULL;
-	struct berval *retdata = NULL;
 
-	prog = lutil_progname( "ldapwhoami", argc, argv );
+const char options[] = ""
+	"d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
 
-	while( (i = getopt( argc, argv, 
-		"Cd:D:e:h:H:InO:p:QR:U:vw:WxX:y:Y:Z" )) != EOF )
-	{
-		switch (i) {
-	case 'E': /* whoami controls */
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -E incompatible with LDAPv%d\n",
-				prog, version );
-			return EXIT_FAILURE;
+int
+handle_private_option( int i )
+{
+	switch ( i ) {
+#if 0
+		char	*control, *cvalue;
+		int		crit;
+	case 'E': /* whoami extension */
+		if( protocol == LDAP_VERSION2 ) {
+			fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
+				prog, protocol );
+			exit( EXIT_FAILURE );
 		}
 
 		/* should be extended to support comma separated list of
@@ -130,415 +89,46 @@ main( int argc, char *argv[] )
 			optarg++;
 		}
 
-		control = strdup( optarg );
-		if ( (cvalue = strchr( control, '=' )) != NULL ) {
-			*cvalue++ = '\0';
-		}
-		fprintf( stderr, "Invalid whoami control name: %s\n", control );
-		usage(prog);
-		return EXIT_FAILURE;
-
-	/* Common Options (including options we don't use) */
-	case 'C':
-		referrals++;
-		break;
-	case 'd':
-	    debug |= atoi( optarg );
-	    break;
-	case 'D':	/* bind DN */
-		if( binddn != NULL ) {
-			fprintf( stderr, "%s: -D previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-	    binddn = strdup( optarg );
-	    break;
-	case 'e': /* general controls */
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -e incompatible with LDAPv%d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-
-		/* should be extended to support comma separated list of
-		 *	[!]key[=value] parameters, e.g.  -e !foo,bar=567
-		 */
-
-		crit = 0;
-		cvalue = NULL;
-		if( optarg[0] == '!' ) {
-			crit = 1;
-			optarg++;
-		}
-
 		control = strdup( optarg );
 		if ( (cvalue = strchr( control, '=' )) != NULL ) {
 			*cvalue++ = '\0';
 		}
 
-		if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
-			if( manageDSAit ) {
-				fprintf( stderr, "manageDSAit control previously specified");
-				return EXIT_FAILURE;
-			}
-			if( cvalue != NULL ) {
-				fprintf( stderr, "manageDSAit: no control value expected" );
-				usage(prog);
-				return EXIT_FAILURE;
-			}
+		fprintf( stderr, _("Invalid whoami extension name: %s\n"), control );
+		usage();
+#endif
 
-			manageDSAit = 1 + crit;
-			break;
-			
-		} else if ( strcasecmp( control, "noop" ) == 0 ) {
-			if( noop ) {
-				fprintf( stderr, "noop control previously specified");
-				return EXIT_FAILURE;
-			}
-			if( cvalue != NULL ) {
-				fprintf( stderr, "noop: no control value expected" );
-				usage(prog);
-				return EXIT_FAILURE;
-			}
+	default:
+		return 0;
+	}
+	return 1;
+}
 
-			noop = 1 + crit;
-			break;
 
-		} else {
-			fprintf( stderr, "Invalid general control name: %s\n", control );
-			usage(prog);
-			return EXIT_FAILURE;
-		}
-	case 'h':	/* ldap host */
-		if( ldapuri != NULL ) {
-			fprintf( stderr, "%s: -h incompatible with -H\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( ldaphost != NULL ) {
-			fprintf( stderr, "%s: -h previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-	    ldaphost = strdup( optarg );
-	    break;
-	case 'H':	/* ldap URI */
-		if( ldaphost != NULL ) {
-			fprintf( stderr, "%s: -H incompatible with -h\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( ldapport ) {
-			fprintf( stderr, "%s: -H incompatible with -p\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( ldapuri != NULL ) {
-			fprintf( stderr, "%s: -H previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-	    ldapuri = strdup( optarg );
-	    break;
-	case 'I':
-#ifdef HAVE_CYRUS_SASL
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -I incompatible with version %d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
-			fprintf( stderr, "%s: incompatible previous "
-				"authentication choice\n",
-				prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SASL;
-		version = LDAP_VERSION3;
-		sasl_flags = LDAP_SASL_INTERACTIVE;
-		break;
-#else
-		fprintf( stderr, "%s: was not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-	case 'k':	/* kerberos bind */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-		if( version > LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
+int
+main( int argc, char *argv[] )
+{
+	int		rc;
+	char		*user = NULL;
 
-		if( authmethod != -1 ) {
-			fprintf( stderr, "%s: -k incompatible with previous "
-				"authentication choice\n", prog );
-			return EXIT_FAILURE;
-		}
-			
-		authmethod = LDAP_AUTH_KRBV4;
-#else
-		fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
-		return EXIT_FAILURE;
-#endif
-	    break;
-	case 'K':	/* kerberos bind, part one only */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-		if( version > LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -k incompatible with LDAPv%d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 ) {
-			fprintf( stderr, "%s: incompatible with previous "
-				"authentication choice\n", prog );
-			return EXIT_FAILURE;
-		}
+	LDAP		*ld = NULL;
 
-		authmethod = LDAP_AUTH_KRBV41;
-#else
-		fprintf( stderr, "%s: not compiled with Kerberos support\n", prog );
-		return( EXIT_FAILURE );
-#endif
-	    break;
-	case 'n':	/* print deletes, don't actually do them */
-	    ++not;
-	    break;
-	case 'O':
-#ifdef HAVE_CYRUS_SASL
-		if( sasl_secprops != NULL ) {
-			fprintf( stderr, "%s: -O previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -O incompatible with LDAPv%d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
-			fprintf( stderr, "%s: incompatible previous "
-				"authentication choice\n", prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SASL;
-		version = LDAP_VERSION3;
-		sasl_secprops = strdup( optarg );
-#else
-		fprintf( stderr, "%s: not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-		break;
-	case 'p':
-		if( ldapport ) {
-			fprintf( stderr, "%s: -p previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-	    ldapport = atoi( optarg );
-	    break;
-	case 'P':
-		switch( atoi(optarg) ) {
-		case 2:
-			if( version == LDAP_VERSION3 ) {
-				fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
-					prog, version );
-				return EXIT_FAILURE;
-			}
-			version = LDAP_VERSION2;
-			break;
-		case 3:
-			if( version == LDAP_VERSION2 ) {
-				fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
-					prog, version );
-				return EXIT_FAILURE;
-			}
-			version = LDAP_VERSION3;
-			break;
-		default:
-			fprintf( stderr, "%s: protocol version should be 2 or 3\n",
-				prog );
-			usage( prog );
-			return( EXIT_FAILURE );
-		} break;
-	case 'Q':
-#ifdef HAVE_CYRUS_SASL
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -Q incompatible with version %d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
-			fprintf( stderr, "%s: incompatible previous "
-				"authentication choice\n",
-				prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SASL;
-		version = LDAP_VERSION3;
-		sasl_flags = LDAP_SASL_QUIET;
-		break;
-#else
-		fprintf( stderr, "%s: not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-	case 'R':
-#ifdef HAVE_CYRUS_SASL
-		if( sasl_realm != NULL ) {
-			fprintf( stderr, "%s: -R previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -R incompatible with version %d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
-			fprintf( stderr, "%s: incompatible previous "
-				"authentication choice\n",
-				prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SASL;
-		version = LDAP_VERSION3;
-		sasl_realm = strdup( optarg );
-#else
-		fprintf( stderr, "%s: not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-		break;
-	case 'U':
-#ifdef HAVE_CYRUS_SASL
-		if( sasl_authc_id != NULL ) {
-			fprintf( stderr, "%s: -U previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -U incompatible with version %d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
-			fprintf( stderr, "%s: incompatible previous "
-				"authentication choice\n",
-				prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SASL;
-		version = LDAP_VERSION3;
-		sasl_authc_id = strdup( optarg );
-#else
-		fprintf( stderr, "%s: not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-		break;
-	case 'v':	/* verbose mode */
-	    verbose++;
-	    break;
-	case 'w':	/* password */
-	    passwd.bv_val = strdup( optarg );
-		{
-			char* p;
-
-			for( p = optarg; *p != '\0'; p++ ) {
-				*p = '\0';
-			}
-		}
-		passwd.bv_len = strlen( passwd.bv_val );
-	    break;
-	case 'W':
-		want_bindpw++;
-		break;
-	case 'y':
-		pw_file = optarg;
-		break;
-	case 'Y':
-#ifdef HAVE_CYRUS_SASL
-		if( sasl_mech != NULL ) {
-			fprintf( stderr, "%s: -Y previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -Y incompatible with version %d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
-			fprintf( stderr, "%s: incompatible with authentication choice\n", prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SASL;
-		version = LDAP_VERSION3;
-		sasl_mech = strdup( optarg );
-#else
-		fprintf( stderr, "%s: not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-		break;
-	case 'x':
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
-			fprintf( stderr, "%s: incompatible with previous "
-				"authentication choice\n", prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SIMPLE;
-		break;
-	case 'X':
-#ifdef HAVE_CYRUS_SASL
-		if( sasl_authz_id != NULL ) {
-			fprintf( stderr, "%s: -X previously specified\n", prog );
-			return EXIT_FAILURE;
-		}
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -X incompatible with LDAPv%d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
-			fprintf( stderr, "%s: -X incompatible with "
-				"authentication choice\n", prog );
-			return EXIT_FAILURE;
-		}
-		authmethod = LDAP_AUTH_SASL;
-		version = LDAP_VERSION3;
-		sasl_authz_id = strdup( optarg );
-#else
-		fprintf( stderr, "%s: not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-		break;
-	case 'Z':
-#ifdef HAVE_TLS
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -Z incompatible with version %d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		version = LDAP_VERSION3;
-		use_tls++;
-#else
-		fprintf( stderr, "%s: not compiled with TLS support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-		break;
+	char		*matcheddn = NULL, *text = NULL, **refs = NULL;
+	char		*retoid = NULL;
+	struct berval	*retdata = NULL;
+	int		id, code = 0;
+	LDAPMessage	*res;
 
+	tool_init( TOOL_WHOAMI );
+	prog = lutil_progname( "ldapwhoami", argc, argv );
 
-		default:
-			fprintf( stderr, "%s: unrecognized option -%c\n",
-				prog, optopt );
-			usage (prog);
-		}
-	}
+	/* LDAPv3 only */
+	protocol = LDAP_VERSION3;
 
-	if (authmethod == -1) {
-#ifdef HAVE_CYRUS_SASL
-		authmethod = LDAP_AUTH_SASL;
-#else
-		authmethod = LDAP_AUTH_SIMPLE;
-#endif
-	}
+	tool_args( argc, argv );
 
 	if( argc - optind > 1 ) {
-		usage( prog );
+		usage();
 	} else if ( argc - optind == 1 ) {
 		user = strdup( argv[optind] );
 	} else {
@@ -550,234 +140,95 @@ main( int argc, char *argv[] )
 			rc = lutil_get_filed_password( pw_file, &passwd );
 			if( rc ) return EXIT_FAILURE;
 		} else {
-			passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+			passwd.bv_val = getpassphrase( _("Enter LDAP Password: ") );
 			passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
 		}
 	}
 
-	if ( debug ) {
-		if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
-			fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
-		}
-		if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) {
-			fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
-		}
-	}
-
-#ifdef SIGPIPE
-	(void) SIGNAL( SIGPIPE, SIG_IGN );
-#endif
-
-	/* connect to server */
-	if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
-		if ( verbose ) {
-			fprintf( stderr, "ldap_init( %s, %d )\n",
-				ldaphost != NULL ? ldaphost : "<DEFAULT>",
-				ldapport );
-		}
+	ld = tool_conn_setup( 0, 0 );
 
-		ld = ldap_init( ldaphost, ldapport );
-		if( ld == NULL ) {
-			perror("ldapwhoami: ldap_init");
-			return EXIT_FAILURE;
-		}
-
-	} else {
-		if ( verbose ) {
-			fprintf( stderr, "ldap_initialize( %s )\n",
-				ldapuri != NULL ? ldapuri : "<DEFAULT>" );
-		}
+	tool_bind( ld );
 
-		rc = ldap_initialize( &ld, ldapuri );
-		if( rc != LDAP_SUCCESS ) {
-			fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
-				rc, ldap_err2string(rc) );
-			return EXIT_FAILURE;
-		}
-	}
-
-	/* referrals */
-	if (ldap_set_option( ld, LDAP_OPT_REFERRALS,
-		referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
-	{
-		fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
-			referrals ? "on" : "off" );
-		return EXIT_FAILURE;
-	}
-
-	/* LDAPv3 only */
-	version = LDAP_VERSION3;
-	rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
-
-	if(rc != LDAP_OPT_SUCCESS ) {
-		fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
-		return EXIT_FAILURE;
+	if ( dont ) {
+		rc = LDAP_SUCCESS;
+		goto skip;
 	}
 
-	if ( use_tls && ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) {
-		ldap_perror( ld, "ldap_start_tls" );
-		if ( use_tls > 1 ) {
-			return( EXIT_FAILURE );
-		}
-	}
+	tool_server_controls( ld, NULL, 0 );
 
-	if ( authmethod == LDAP_AUTH_SASL ) {
-#ifdef HAVE_CYRUS_SASL
-		void *defaults;
-
-		if( sasl_secprops != NULL ) {
-			rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS,
-				(void *) sasl_secprops );
-			
-			if( rc != LDAP_OPT_SUCCESS ) {
-				fprintf( stderr,
-					"Could not set LDAP_OPT_X_SASL_SECPROPS: %s\n",
-					sasl_secprops );
-				return( EXIT_FAILURE );
-			}
-		}
-		
-		defaults = lutil_sasl_defaults( ld,
-			sasl_mech,
-			sasl_realm,
-			sasl_authc_id,
-			passwd.bv_val,
-			sasl_authz_id );
-
-		rc = ldap_sasl_interactive_bind_s( ld, binddn,
-			sasl_mech, NULL, NULL,
-			sasl_flags, lutil_sasl_interact, defaults );
-
-		if( rc != LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
-			return( EXIT_FAILURE );
-		}
-#else
-		fprintf( stderr, "%s: not compiled with SASL support\n",
-			prog );
-		return( EXIT_FAILURE );
-#endif
-	}
-	else {
-		if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
-				!= LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_bind" );
-			return( EXIT_FAILURE );
-		}
-	}
+	rc = ldap_whoami( ld, NULL, NULL, &id ); 
 
-	if ( not ) {
-		rc = LDAP_SUCCESS;
+	if( rc != LDAP_SUCCESS ) {
+		tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL );
+		rc = EXIT_FAILURE;
 		goto skip;
 	}
 
-	if ( authzid || manageDSAit || noop ) {
-		int err, crit=0, i=0;
-		LDAPControl c[3];
-		LDAPControl *ctrls[4];
-
-		if ( authzid ) {
-			c[i].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
-			c[i].ldctl_value.bv_val = authzid;
-			c[i].ldctl_value.bv_len = strlen( authzid );
-			c[i].ldctl_iscritical = 1;
+	for ( ; ; ) {
+		struct timeval	tv;
 
-			if( c[i].ldctl_iscritical ) crit++;
-			ctrls[i] = &c[i];
-			ctrls[++i] = NULL;
+		if ( tool_check_abandon( ld, id ) ) {
+			return LDAP_CANCELLED;
 		}
 
-		if ( manageDSAit ) {
-			c[i].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
-			c[i].ldctl_value.bv_val = NULL;
-			c[i].ldctl_value.bv_len = 0;
-			c[i].ldctl_iscritical = manageDSAit > 1;
+		tv.tv_sec = 0;
+		tv.tv_usec = 100000;
 
-			if( c[i].ldctl_iscritical ) crit++;
-			ctrls[i] = &c[i];
-			ctrls[++i] = NULL;
+		rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
+		if ( rc < 0 ) {
+			tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
+			return rc;
 		}
 
-		if ( noop ) {
-			c[i].ldctl_oid = LDAP_CONTROL_NOOP;
-			c[i].ldctl_value.bv_val = NULL;
-			c[i].ldctl_value.bv_len = 0;
-			c[i].ldctl_iscritical = noop > 1;
-
-			if( c[i].ldctl_iscritical ) crit++;
-			ctrls[i] = &c[i];
-			ctrls[++i] = NULL;
-		}
-	
-		err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, ctrls );
-
-		if( err != LDAP_OPT_SUCCESS ) {
-			fprintf( stderr, "Could not set %scontrols\n",
-				crit ? "critical " : "" );
-			if ( crit ) {
-				return EXIT_FAILURE;
-			}
+		if ( rc != 0 ) {
+			break;
 		}
 	}
 
-#if 0
-	rc = ldap_whoami_s( ld, &retdata, NULL, NULL ); 
-
-#else
-	rc = ldap_extended_operation( ld,
-		LDAP_EXOP_X_WHO_AM_I, NULL, 
-		NULL, NULL, &id );
+	rc = ldap_parse_result( ld, res,
+		&code, &matcheddn, &text, &refs, NULL, 0 );
 
-	if( rc != LDAP_SUCCESS ) {
-		ldap_perror( ld, "ldap_extended_operation" );
-		ldap_unbind( ld );
-		return EXIT_FAILURE;
-	}
-
-	rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res );
-	if ( rc < 0 ) {
-		ldap_perror( ld, "ldappasswd: ldap_result" );
-		return rc;
+	if ( rc == LDAP_SUCCESS ) {
+		rc = code;
 	}
 
-	rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 );
-
-	if( rc != LDAP_SUCCESS ) {
-		ldap_perror( ld, "ldap_parse_result" );
-		return rc;
+	if ( rc != LDAP_SUCCESS ) {
+		tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs );
+		rc = EXIT_FAILURE;
+		goto skip;
 	}
 
 	rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 );
-#endif
 
 	if( rc != LDAP_SUCCESS ) {
-		ldap_perror( ld, "ldap_parse_result" );
-		return rc;
+		tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL );
+		rc = EXIT_FAILURE;
+		goto skip;
 	}
 
 	if( retdata != NULL ) {
 		if( retdata->bv_len == 0 ) {
-			printf("anonymous\n" );
+			printf(_("anonymous\n") );
 		} else {
 			printf("%s\n", retdata->bv_val );
 		}
 	}
 
 	if( verbose || ( code != LDAP_SUCCESS ) || matcheddn || text || refs ) {
-		printf( "Result: %s (%d)\n", ldap_err2string( code ), code );
+		printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code );
 
 		if( text && *text ) {
-			printf( "Additional info: %s\n", text );
+			printf( _("Additional info: %s\n"), text );
 		}
 
 		if( matcheddn && *matcheddn ) {
-			printf( "Matched DN: %s\n", matcheddn );
+			printf( _("Matched DN: %s\n"), matcheddn );
 		}
 
 		if( refs ) {
 			int i;
 			for( i=0; refs[i]; i++ ) {
-				printf("Referral: %s\n", refs[i] );
+				printf(_("Referral: %s\n"), refs[i] );
 			}
 		}
 	}
@@ -790,7 +241,8 @@ main( int argc, char *argv[] )
 
 skip:
 	/* disconnect from server */
-	ldap_unbind (ld);
+	tool_unbind( ld );
+	tool_destroy();
 
 	return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
 }