Fix interactive and automatic modes. Quiet needs work.
static int ldapport = 0;
static int prune = 0;
#ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_mech = NULL;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
}
ldaphost = strdup( optarg );
break;
+ case 'I':
+#ifdef HAVE_CYRUS_SASL
+ if( version == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -I incompatible with version %d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ return EXIT_FAILURE;
+ }
+ authmethod = LDAP_AUTH_SASL;
+ version = LDAP_VERSION3;
+ sasl_flags = LDAP_SASL_INTERACTIVE;
+ break;
+#else
+ fprintf( stderr, "%s: was not compiled with SASL support\n",
+ prog );
+ return( EXIT_FAILURE );
+#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
- sasl_flags = LUTIL_SASL_QUIET;
+ sasl_flags = LDAP_SASL_QUIET;
+ break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
}
}
- defaults = lutil_sasl_defaults( ld, sasl_flags,
+ defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
- lutil_sasl_interact, defaults );
+ sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
static char *sasl_authz_id = NULL;
}
ldaphost = strdup( optarg );
break;
+ case 'I':
+#ifdef HAVE_CYRUS_SASL
+ if( version == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -I incompatible with version %d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ return EXIT_FAILURE;
+ }
+ authmethod = LDAP_AUTH_SASL;
+ version = LDAP_VERSION3;
+ sasl_flags = LDAP_SASL_INTERACTIVE;
+ break;
+#else
+ fprintf( stderr, "%s: was not compiled with SASL support\n",
+ prog );
+ return( EXIT_FAILURE );
+#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
- sasl_flags = LUTIL_SASL_QUIET;
+ sasl_flags = LDAP_SASL_QUIET;
+ break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
}
}
- defaults = lutil_sasl_defaults( ld, sasl_flags,
+ defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
- lutil_sasl_interact, defaults );
+ sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
static char *sasl_authz_id = NULL;
}
ldaphost = strdup( optarg );
break;
+ case 'I':
+#ifdef HAVE_CYRUS_SASL
+ if( version == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -I incompatible with version %d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ return EXIT_FAILURE;
+ }
+ authmethod = LDAP_AUTH_SASL;
+ version = LDAP_VERSION3;
+ sasl_flags = LDAP_SASL_INTERACTIVE;
+ break;
+#else
+ fprintf( stderr, "%s: was not compiled with SASL support\n",
+ prog );
+ return( EXIT_FAILURE );
+#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
- sasl_flags = LUTIL_SASL_QUIET;
+ sasl_flags = LDAP_SASL_QUIET;
+ break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
}
}
- defaults = lutil_sasl_defaults( ld, sasl_flags,
+ defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
- lutil_sasl_interact, defaults );
+ sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
int authmethod = -1;
int manageDSAit = 0;
#ifdef HAVE_CYRUS_SASL
- unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+ unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
char *sasl_realm = NULL;
char *sasl_authc_id = NULL;
char *sasl_authz_id = NULL;
}
ldaphost = strdup( optarg );
break;
+ case 'I':
+#ifdef HAVE_CYRUS_SASL
+ if( version == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -I incompatible with version %d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ return EXIT_FAILURE;
+ }
+ authmethod = LDAP_AUTH_SASL;
+ version = LDAP_VERSION3;
+ sasl_flags = LDAP_SASL_INTERACTIVE;
+ break;
+#else
+ fprintf( stderr, "%s: was not compiled with SASL support\n",
+ prog );
+ return( EXIT_FAILURE );
+#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
- sasl_flags = LUTIL_SASL_QUIET;
+ sasl_flags = LDAP_SASL_QUIET;
+ break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
}
}
- defaults = lutil_sasl_defaults( ld, sasl_flags,
+ defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
- lutil_sasl_interact, defaults );
+ sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
"\t\t+ -- all operational attributes\n"
"Search options:\n"
-"\t-a deref\tdereference aliases: never (default), always, search, or find\n"
+"\t-a deref\tone of never (default), always, search, or find\n"
"\t-A\t\tretrieve attribute names only (no values)\n"
"\t-b basedn\tbase dn for search\n"
"\t-l limit\ttime limit (in seconds) for search\n"
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
-static unsigned sasl_flags = LUTIL_SASL_AUTOMATIC;
+static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
static char *sasl_realm = NULL;
static char *sasl_authc_id = NULL;
static char *sasl_authz_id = NULL;
}
ldaphost = strdup( optarg );
break;
+ case 'I':
+#ifdef HAVE_CYRUS_SASL
+ if( version == LDAP_VERSION2 ) {
+ fprintf( stderr, "%s: -I incompatible with version %d\n",
+ prog, version );
+ return EXIT_FAILURE;
+ }
+ if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
+ fprintf( stderr, "%s: incompatible previous "
+ "authentication choice\n",
+ prog );
+ return EXIT_FAILURE;
+ }
+ authmethod = LDAP_AUTH_SASL;
+ version = LDAP_VERSION3;
+ sasl_flags = LDAP_SASL_INTERACTIVE;
+ break;
+#else
+ fprintf( stderr, "%s: was not compiled with SASL support\n",
+ prog );
+ return( EXIT_FAILURE );
+#endif
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if( version > LDAP_VERSION2 ) {
}
authmethod = LDAP_AUTH_SASL;
version = LDAP_VERSION3;
- sasl_flags = LUTIL_SASL_QUIET;
+ sasl_flags = LDAP_SASL_QUIET;
+ break;
#else
fprintf( stderr, "%s: was not compiled with SASL support\n",
prog );
}
}
- defaults = lutil_sasl_defaults( ld, sasl_flags,
+ defaults = lutil_sasl_defaults( ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
rc = ldap_sasl_interactive_bind_s( ld, binddn,
sasl_mech, NULL, NULL,
- lutil_sasl_interact, defaults );
+ sasl_flags, lutil_sasl_interact, defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
LDAPControl **clientctrls,
int *msgidp ));
-/* V3 SASL Interaction Function Callback Prototype */
-/* when using Cyrus SASL, interact is pointer to sasl_interact_t */
+/* Interaction flags (should be passed about in a control)
+ * Automatic (default): use defaults, prompt otherwise
+ * Interactive: prompt always
+ * Quiet: never prompt
+ */
+#define LDAP_SASL_AUTOMATIC 0U
+#define LDAP_SASL_INTERACTIVE 1U
+#define LDAP_SASL_QUIET 2U
+
+/*
+ * V3 SASL Interaction Function Callback Prototype
+ * when using Cyrus SASL, interact is pointer to sasl_interact_t
+ * should likely passed in a control (and provided controls)
+ */
typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
- LDAP *ld, void* defaults, void *interact ));
+ LDAP *ld, unsigned flags, void* defaults, void *interact ));
LDAP_F( int )
ldap_sasl_interactive_bind_s LDAP_P((
LDAP_CONST char *saslMechanism,
LDAPControl **serverControls,
LDAPControl **clientControls,
+
+ /* should be client controls */
+ unsigned flags,
LDAP_SASL_INTERACT_PROC *proc,
void *defaults ));
LDAP_BEGIN_DECL
-/*
- * Automatic (default): use defaults, prompt otherwise
- * Interactive: prompt always
- * Quiet: never prompt
- */
-#define LUTIL_SASL_AUTOMATIC 0U
-#define LUTIL_SASL_INTERACTIVE 1U
-#define LUTIL_SASL_QUIET 2U
-
LDAP_LUTIL_F( void * )
lutil_sasl_defaults LDAP_P((
LDAP *ld,
- unsigned flags,
char *mech,
char *realm,
char *authcid,
LDAP_LUTIL_F( int )
lutil_sasl_interact LDAP_P((
- LDAP *ld, void *defaults, void *p ));
+ LDAP *ld, unsigned flags, void *defaults, void *p ));
LDAP_END_DECL
const char *mechs,
LDAPControl **sctrls,
LDAPControl **cctrls,
+ unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void * defaults )
{
if( pmech == NULL && mech != NULL ) {
pmech = mech;
- fprintf(stderr,
- "SASL/%s authentication started\n",
- pmech );
+ if( flags != LDAP_SASL_QUIET ) {
+ fprintf(stderr,
+ "SASL/%s authentication started\n",
+ pmech );
+ }
}
if( saslrc == SASL_INTERACT ) {
if( !interact ) break;
- rc = (interact)( ld, defaults, prompts );
+ rc = (interact)( ld, flags, defaults, prompts );
if( rc != LDAP_SUCCESS ) {
break;
}
if( saslrc == SASL_INTERACT ) {
int res;
if( !interact ) break;
- res = (interact)( ld, defaults, prompts );
+ rc = (interact)( ld, flags, defaults, prompts );
if( res != LDAP_SUCCESS ) {
break;
}
/* likely should add a quiet option */
- saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data );
- if( saslrc == SASL_OK ) {
- fprintf( stderr, "SASL username: %s\n", data );
- }
+ if( flags != LDAP_SASL_QUIET ) {
+ saslrc = sasl_getprop( ctx, SASL_USERNAME, (void **) &data );
+ if( saslrc == SASL_OK ) {
+ fprintf( stderr, "SASL username: %s\n", data );
+ }
- saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data );
- if( saslrc == SASL_OK ) {
- fprintf( stderr, "SASL realm: %s\n", data );
+ saslrc = sasl_getprop( ctx, SASL_REALM, (void **) &data );
+ if( saslrc == SASL_OK ) {
+ fprintf( stderr, "SASL realm: %s\n", data );
+ }
}
saslrc = sasl_getprop( ctx, SASL_SSF, (void **) &ssf );
if( saslrc == SASL_OK ) {
- fprintf( stderr, "SASL SSF: %lu\n",
- (unsigned long) *ssf );
+ if( flags != LDAP_SASL_QUIET ) {
+ fprintf( stderr, "SASL SSF: %lu\n",
+ (unsigned long) *ssf );
+ }
#ifdef LDAP_SASL_SECURITY_LAYER
if( ssf && *ssf ) {
- fprintf( stderr, "SASL installing layers\n" );
+ if( flags != LDAP_SASL_QUIET ) {
+ fprintf( stderr, "SASL installing layers\n" );
+ }
ldap_pvt_sasl_install( ld->ld_sb, ctx );
}
#endif
const char *,
const char *,
LDAPControl **, LDAPControl **,
+
+ /* should be passed in client controls */
+ unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
- void *defaults));
+ void *defaults ));
/*
* in tls.c
LDAP_CONST char *mechs,
LDAPControl **serverControls,
LDAPControl **clientControls,
+ unsigned flags,
LDAP_SASL_INTERACT_PROC *interact,
void *defaults )
{
rc = ldap_int_sasl_bind( ld, dn, mechs,
serverControls, clientControls,
- interact, defaults );
+ flags, interact, defaults );
return rc;
}
typedef struct lutil_sasl_defaults_s {
- unsigned flags;
char *mech;
char *realm;
char *authcid;
void *
lutil_sasl_defaults(
LDAP *ld,
- unsigned flags,
char *mech,
char *realm,
char *authcid,
if( defaults == NULL ) return NULL;
- defaults->flags = flags;
defaults->mech = mech;
defaults->realm = realm;
defaults->authcid = authcid;
}
static int interaction(
- sasl_interact_t *interact, lutilSASLdefaults *defaults )
+ unsigned flags,
+ sasl_interact_t *interact,
+ lutilSASLdefaults *defaults )
{
- unsigned flags = defaults ? defaults->flags : 0;
const char *dflt = interact->defresult;
char input[1024];
if( dflt && !*dflt ) dflt = NULL;
- if( flags != LUTIL_SASL_INTERACTIVE && dflt ) {
+ if( flags != LDAP_SASL_INTERACTIVE && dflt ) {
goto use_default;
}
- if( flags == LUTIL_SASL_QUIET ) {
+ if( flags == LDAP_SASL_QUIET ) {
/* don't prompt */
return LDAP_OTHER;
}
int lutil_sasl_interact(
LDAP *ld,
+ unsigned flags,
void *defaults,
void *in )
{
sasl_interact_t *interact = in;
- fputs( "SASL Interaction\n", stderr );
+ if( flags != LDAP_SASL_QUIET ) {
+ fputs( "SASL Interaction\n", stderr );
+ }
while( interact->id != SASL_CB_LIST_END ) {
- int rc = interaction( interact, defaults );
+ int rc = interaction( flags, interact, defaults );
if( rc ) return rc;
interact++;