From: Kurt Zeilenga Date: Thu, 15 Jul 1999 03:33:53 +0000 (+0000) Subject: Add -M[M] to enable manageDSAit control. X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5653eb2749672835dbc79bfd288297fb046d1440;p=openldap Add -M[M] to enable manageDSAit control. --- diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index 3054cfb54f..ddd80e399b 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -1,52 +1,63 @@ /* ldapdelete.c - simple program to delete an entry using LDAP */ +#include "portable.h" + #include -#include -#include -#include + +#include +#include + +#include +#include +#include + #include #include -#include "ldapconfig.h" - -static char *binddn = LDAPDELETE_BINDDN; -static char *base = LDAPDELETE_BASE; +static char *binddn = NULL; static char *passwd = NULL; -static char *ldaphost = LDAPHOST; -static int ldapport = LDAP_PORT; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; static int not, verbose, contoper; static LDAP *ld; -#ifdef LDAP_DEBUG -extern int ldap_debug, lber_debug; -#endif /* LDAP_DEBUG */ +static int dodelete LDAP_P(( + LDAP *ld, + char *dn)); -#define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ - realloc( ptr, size )) - - -main( argc, argv ) - int argc; - char **argv; +int +main( int argc, char **argv ) { - char *usage = "usage: %s [-n] [-v] [-k] [-d debug-level] [-f file] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [dn]...\n"; - char *p, buf[ 4096 ]; + char *usage = "usage: %s [-n] [-v] [-k] [-W] [-M[M]] [-d debug-level] [-f file] [-h ldaphost] [-P version] [-p ldapport] [-D binddn] [-w passwd] [dn]...\n"; + char buf[ 4096 ]; FILE *fp; - int i, rc, kerberos, linenum, authmethod; - - extern char *optarg; - extern int optind; + int i, rc, authmethod, want_bindpw, version, debug, manageDSAit; - kerberos = not = verbose = contoper = 0; + not = verbose = contoper = want_bindpw = debug = manageDSAit = 0; fp = NULL; + authmethod = LDAP_AUTH_SIMPLE; + version = -1; - while (( i = getopt( argc, argv, "nvkKch:p:D:w:d:f:" )) != EOF ) { + while (( i = getopt( argc, argv, "WMnvkKch:P:p:D:w:d:f:" )) != EOF ) { switch( i ) { case 'k': /* kerberos bind */ - kerberos = 2; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV4; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + fprintf( stderr, usage, argv[0] ); + return( EXIT_FAILURE ); +#endif break; case 'K': /* kerberos bind, part one only */ - kerberos = 1; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV41; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + fprintf( stderr, usage, argv[0] ); + return( EXIT_FAILURE ); +#endif break; case 'c': /* continuous operation mode */ ++contoper; @@ -59,6 +70,13 @@ main( argc, argv ) break; case 'w': /* password */ passwd = strdup( optarg ); + { + char* p; + + for( p = optarg; *p == '\0'; p++ ) { + *p = '*'; + } + } break; case 'f': /* read DNs from a file */ if (( fp = fopen( optarg, "r" )) == NULL ) { @@ -67,11 +85,7 @@ main( argc, argv ) } break; case 'd': -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi( optarg ); /* */ -#else /* LDAP_DEBUG */ - fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); -#endif /* LDAP_DEBUG */ + debug |= atoi( optarg ); break; case 'p': ldapport = atoi( optarg ); @@ -82,9 +96,31 @@ main( argc, argv ) case 'v': /* verbose mode */ verbose++; break; + case 'M': + /* enable Manage DSA IT */ + manageDSAit++; + break; + case 'W': + want_bindpw++; + break; + case 'P': + switch( atoi(optarg) ) + { + case 2: + version = LDAP_VERSION2; + break; + case 3: + version = LDAP_VERSION3; + break; + default: + fprintf( stderr, "protocol version should be 2 or 3\n" ); + fprintf( stderr, usage, argv[0] ); + return( EXIT_FAILURE ); + } + break; default: fprintf( stderr, usage, argv[0] ); - exit( 1 ); + return( EXIT_FAILURE ); } } @@ -94,25 +130,66 @@ main( argc, argv ) } } - if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { - perror( "ldap_open" ); - exit( 1 ); - } + if ( debug ) { + if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); + } + if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug ); + } + } - ld->ld_deref = LDAP_DEREF_NEVER; /* prudent, but probably unnecessary */ +#ifdef SIGPIPE + (void) SIGNAL( SIGPIPE, SIG_IGN ); +#endif - if ( !kerberos ) { - authmethod = LDAP_AUTH_SIMPLE; - } else if ( kerberos == 1 ) { - authmethod = LDAP_AUTH_KRBV41; - } else { - authmethod = LDAP_AUTH_KRBV4; + if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { + perror( "ldap_init" ); + return( EXIT_FAILURE ); } + + { + /* this seems prudent */ + int deref = LDAP_DEREF_NEVER; + ldap_set_option( ld, LDAP_OPT_DEREF, &deref ); + } + + if (want_bindpw) + passwd = getpass("Enter LDAP Password: "); + + if (version != -1 && + ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS) + { + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); + } + if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); - exit( 1 ); + return( EXIT_FAILURE ); } + if ( manageDSAit ) { + int err; + LDAPControl c; + LDAPControl *ctrls[2]; + ctrls[0] = &c; + ctrls[1] = NULL; + + c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; + c.ldctl_iscritical = manageDSAit > 1; + + err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls ); + + if( err != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set Manage DSA IT Control\n" ); + if( c.ldctl_iscritical ) { + exit( EXIT_FAILURE ); + } + } + } + if ( fp == NULL ) { for ( ; optind < argc; ++optind ) { rc = dodelete( ld, argv[ optind ] ); @@ -129,18 +206,19 @@ main( argc, argv ) ldap_unbind( ld ); - exit( rc ); + return( rc ); } -dodelete( ld, dn ) - LDAP *ld; - char *dn; +static int dodelete( + LDAP *ld, + char *dn) { int rc; if ( verbose ) { - printf( "%sdeleting entry %s\n", not ? "!" : "", dn ); + printf( "%sdeleting entry \"%s\"\n", + (not ? "!" : ""), dn ); } if ( not ) { rc = LDAP_SUCCESS; @@ -148,7 +226,7 @@ dodelete( ld, dn ) if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_delete" ); } else if ( verbose ) { - printf( "entry removed\n" ); + printf( "\tremoved\n" ); } } diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index d09b9ad839..b85239b5bd 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -1,37 +1,43 @@ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ /* ldapmodify.c - generic program to modify or add entries using LDAP */ +#include "portable.h" + #include -#include -#include -#include -#include + +#include + +#include +#include +#include +#include + #include + +#ifdef HAVE_SYS_FILE_H #include +#endif +#ifdef HAVE_FCNTL_H #include -#ifndef VMS -#include -#endif /* VMS */ +#endif + #include #include #include -#include "ldapconfig.h" +#include static char *prog; -static char *binddn = LDAPMODIFY_BINDDN; +static char *binddn = NULL; static char *passwd = NULL; -static char *ldaphost = LDAPHOST; -static int ldapport = LDAP_PORT; +static char *ldaphost = NULL; +static int ldapport = 0; static int new, replace, not, verbose, contoper, force, valsfromfiles; static LDAP *ld; -#ifdef LDAP_DEBUG -extern int ldap_debug, lber_debug; -#endif /* LDAP_DEBUG */ - -#define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ - realloc( ptr, size )) - #define LDAPMOD_MAXLINE 4096 /* strings found in replog/LDIF entries (mostly lifted from slurpd/slurp.h) */ @@ -50,53 +56,68 @@ extern int ldap_debug, lber_debug; #define T_DELETEOLDRDNSTR "deleteoldrdn" -#ifdef NEEDPROTOS -static int process_ldapmod_rec( char *rbuf ); -static int process_ldif_rec( char *rbuf ); -static void addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, - char *value, int vlen ); -static int domodify( char *dn, LDAPMod **pmods, int newentry ); -static int dodelete( char *dn ); -static int domodrdn( char *dn, char *newrdn, int deleteoldrdn ); -static void freepmods( LDAPMod **pmods ); -static int fromfile( char *path, struct berval *bv ); -static char *read_one_record( FILE *fp ); -#else /* NEEDPROTOS */ -static int process_ldapmod_rec(); -static int process_ldif_rec(); -static void addmodifyop(); -static int domodify(); -static int dodelete(); -static int domodrdn(); -static void freepmods(); -static int fromfile(); -static char *read_one_record(); -#endif /* NEEDPROTOS */ - - -main( argc, argv ) - int argc; - char **argv; +static void usage LDAP_P(( const char *prog )); +static int process_ldapmod_rec LDAP_P(( char *rbuf )); +static int process_ldif_rec LDAP_P(( char *rbuf )); +static void addmodifyop LDAP_P(( LDAPMod ***pmodsp, int modop, char *attr, + char *value, int vlen )); +static int domodify LDAP_P(( char *dn, LDAPMod **pmods, int newentry )); +static int dodelete LDAP_P(( char *dn )); +static int domodrdn LDAP_P(( char *dn, char *newrdn, int deleteoldrdn )); +static int fromfile LDAP_P(( char *path, struct berval *bv )); +static char *read_one_record LDAP_P(( FILE *fp )); + +static void +usage( const char *prog ) +{ + fprintf( stderr, + "Add or modify entries from an LDAP server\n\n" + "usage: %s [-abcknrvFM] [-d debug-level] [-P version] [-h ldaphost]\n" + " [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile ]\n" + " a - add values (default%s)\n" + " b - read values from files (for binary attributes)\n" + " c - continuous operation\n" + " D - bind DN\n" + " M - enable Manage DSA IT control (-MM for critical)\n" + " d - debug level\n" + " f - read from file\n" + " F - force all changes records to be used\n" + " h - ldap host\n" + " n - print adds, don't actually do them\n" + " p - LDAP port\n" + " r - replace values\n" + " v - verbose mode\n" + " w - password\n" + , prog, (strcmp( prog, "ldapadd" ) ? " is to replace" : "") ); + exit( EXIT_FAILURE ); +} + + +int +main( int argc, char **argv ) { char *infile, *rbuf, *start, *p, *q; FILE *fp; - int rc, i, kerberos, use_ldif, authmethod; - char *usage = "usage: %s [-abcknrvF] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile ]\n"; - - extern char *optarg; - extern int optind; + int rc, i, use_ldif, authmethod, version, want_bindpw, debug, manageDSAit; - if (( prog = strrchr( argv[ 0 ], '/' )) == NULL ) { + if (( prog = strrchr( argv[ 0 ], *LDAP_DIRSEP )) == NULL ) { prog = argv[ 0 ]; } else { ++prog; } + + /* Print usage when no parameters */ + if( argc < 2 ) + usage( prog ); + new = ( strcmp( prog, "ldapadd" ) == 0 ); infile = NULL; - kerberos = not = verbose = valsfromfiles = 0; + not = verbose = valsfromfiles = want_bindpw = debug = manageDSAit = 0; + authmethod = LDAP_AUTH_SIMPLE; + version = -1; - while (( i = getopt( argc, argv, "FabckKnrtvh:p:D:w:d:f:" )) != EOF ) { + while (( i = getopt( argc, argv, "WFMabckKnrtvh:p:D:w:d:f:P:" )) != EOF ) { switch( i ) { case 'a': /* add */ new = 1; @@ -111,10 +132,22 @@ main( argc, argv ) replace = 1; break; case 'k': /* kerberos bind */ - kerberos = 2; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV4; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + usage( argv[0] ); + return( EXIT_FAILURE ); +#endif break; case 'K': /* kerberos bind, part 1 only */ - kerberos = 1; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV41; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + usage( argv[0] ); + return( EXIT_FAILURE ); +#endif break; case 'F': /* force all changes records to be used */ force = 1; @@ -127,14 +160,16 @@ main( argc, argv ) break; case 'w': /* password */ passwd = strdup( optarg ); + { + char* p; + + for( p = optarg; *p == '\0'; p++ ) { + *p = '*'; + } + } break; case 'd': -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi( optarg ); /* */ -#else /* LDAP_DEBUG */ - fprintf( stderr, "%s: compile with -DLDAP_DEBUG for debugging\n", - prog ); -#endif /* LDAP_DEBUG */ + debug |= atoi( optarg ); break; case 'f': /* read from file */ infile = strdup( optarg ); @@ -148,50 +183,109 @@ main( argc, argv ) case 'v': /* verbose mode */ verbose++; break; + case 'M': + /* enable Manage DSA IT */ + manageDSAit++; + break; + case 'W': + want_bindpw++; + break; + case 'P': + switch( atoi(optarg) ) + { + case 2: + version = LDAP_VERSION2; + break; + case 3: + version = LDAP_VERSION3; + break; + default: + fprintf( stderr, "protocol version should be 2 or 3\n" ); + usage( argv[0] ); + } + break; default: - fprintf( stderr, usage, prog ); - exit( 1 ); + usage( prog ); } } - if ( argc - optind != 0 ) { - fprintf( stderr, usage, prog ); - exit( 1 ); - } + if ( argc != optind ) + usage( prog ); if ( infile != NULL ) { if (( fp = fopen( infile, "r" )) == NULL ) { perror( infile ); - exit( 1 ); + return( EXIT_FAILURE ); } } else { fp = stdin; } + if ( debug ) { + if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); + } + if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug ); + } + ldif_debug = debug; + } + +#ifdef SIGPIPE + (void) SIGNAL( SIGPIPE, SIG_IGN ); +#endif if ( !not ) { - if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { - perror( "ldap_open" ); - exit( 1 ); + if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { + perror( "ldap_init" ); + return( EXIT_FAILURE ); } - ld->ld_deref = LDAP_DEREF_NEVER; /* this seems prudent */ + /* this seems prudent */ + { + int deref = LDAP_DEREF_NEVER; + ldap_set_option( ld, LDAP_OPT_DEREF, &deref); + } - if ( !kerberos ) { - authmethod = LDAP_AUTH_SIMPLE; - } else if ( kerberos == 1 ) { - authmethod = LDAP_AUTH_KRBV41; - } else { - authmethod = LDAP_AUTH_KRBV4; + if (want_bindpw) + passwd = getpass("Enter LDAP Password: "); + + if (version != -1 && + ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS) + { + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); } + if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); - exit( 1 ); + return( EXIT_FAILURE ); } } rc = 0; + if ( manageDSAit ) { + int err; + LDAPControl c; + LDAPControl *ctrls[2]; + ctrls[0] = &c; + ctrls[1] = NULL; + + c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; + c.ldctl_iscritical = manageDSAit > 1; + + err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls ); + + if( err != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set Manage DSA IT Control\n" ); + if( c.ldctl_iscritical ) { + exit( EXIT_FAILURE ); + } + } + } + while (( rc == 0 || contoper ) && ( rbuf = read_one_record( fp )) != NULL ) { /* @@ -207,7 +301,7 @@ main( argc, argv ) if ( !use_ldif && ( q = strchr( rbuf, '\n' )) != NULL ) { for ( p = rbuf; p < q; ++p ) { - if ( !isdigit( *p )) { + if ( !isdigit( (unsigned char) *p )) { break; } } @@ -223,6 +317,10 @@ main( argc, argv ) rc = process_ldapmod_rec( start ); } + if( rc ) + fprintf( stderr, "%s() = %d\n", + use_ldif ? "ldif_rec" : "ldapmod_rec" , rc ); + free( rbuf ); } @@ -230,7 +328,7 @@ main( argc, argv ) ldap_unbind( ld ); } - exit( rc ); + return( rc ); } @@ -254,7 +352,7 @@ process_ldif_rec( char *rbuf ) pmods = NULL; dn = newrdn = NULL; - while ( rc == 0 && ( line = str_getline( &rbuf )) != NULL ) { + while ( rc == 0 && ( line = ldif_getline( &rbuf )) != NULL ) { ++linenum; if ( expect_sep && strcasecmp( line, T_MODSEPSTR ) == 0 ) { expect_sep = 0; @@ -262,7 +360,7 @@ process_ldif_rec( char *rbuf ) continue; } - if ( str_parse_line( line, &type, &value, &vlen ) < 0 ) { + if ( ldif_parse_line( line, &type, &value, &vlen ) < 0 ) { fprintf( stderr, "%s: invalid format (line %d of entry: %s\n", prog, linenum, dn == NULL ? "" : dn ); rc = LDAP_PARAM_ERROR; @@ -273,7 +371,7 @@ process_ldif_rec( char *rbuf ) if ( !use_record && strcasecmp( type, T_REPLICA_STR ) == 0 ) { ++saw_replica; if (( p = strchr( value, ':' )) == NULL ) { - replicaport = LDAP_PORT; + replicaport = 0; } else { *p++ = '\0'; replicaport = atoi( p ); @@ -397,7 +495,7 @@ process_ldif_rec( char *rbuf ) free( newrdn ); } if ( pmods != NULL ) { - freepmods( pmods ); + ldap_mods_free( pmods, 1 ); } return( rc ); @@ -423,7 +521,7 @@ process_ldapmod_rec( char *rbuf ) rbuf = NULL; } else { if ( *(p-1) == '\\' ) { /* lines ending in '\' are continued */ - strcpy( p - 1, p ); + SAFEMEMCPY( p - 1, p, strlen( p ) + 1 ); rbuf = p; continue; } @@ -445,20 +543,21 @@ process_ldapmod_rec( char *rbuf ) value = p; } - for ( attr = line; *attr != '\0' && isspace( *attr ); ++attr ) { + for ( attr = line; + *attr != '\0' && isspace( (unsigned char) *attr ); ++attr ) { ; /* skip attribute leading white space */ } - for ( q = p - 1; q > attr && isspace( *q ); --q ) { + for ( q = p - 1; q > attr && isspace( (unsigned char) *q ); --q ) { *q = '\0'; /* remove attribute trailing white space */ } if ( value != NULL ) { - while ( isspace( *value )) { + while ( isspace( (unsigned char) *value )) { ++value; /* skip value leading white space */ } for ( q = value + strlen( value ) - 1; q > value && - isspace( *q ); --q ) { + isspace( (unsigned char) *q ); --q ) { *q = '\0'; /* remove value trailing white space */ } if ( *value == '\0' ) { @@ -502,7 +601,7 @@ process_ldapmod_rec( char *rbuf ) } if ( pmods != NULL ) { - freepmods( pmods ); + ldap_mods_free( pmods, 1 ); } if ( dn != NULL ) { free( dn ); @@ -533,20 +632,20 @@ addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen ) } if ( pmods == NULL || pmods[ i ] == NULL ) { - if (( pmods = (LDAPMod **)safe_realloc( pmods, (i + 2) * + if (( pmods = (LDAPMod **)ber_memrealloc( pmods, (i + 2) * sizeof( LDAPMod * ))) == NULL ) { - perror( "safe_realloc" ); + perror( "realloc" ); exit( 1 ); } *pmodsp = pmods; pmods[ i + 1 ] = NULL; - if (( pmods[ i ] = (LDAPMod *)calloc( 1, sizeof( LDAPMod ))) + if (( pmods[ i ] = (LDAPMod *)ber_memcalloc( 1, sizeof( LDAPMod ))) == NULL ) { perror( "calloc" ); exit( 1 ); } pmods[ i ]->mod_op = modop; - if (( pmods[ i ]->mod_type = strdup( attr )) == NULL ) { + if (( pmods[ i ]->mod_type = ber_strdup( attr )) == NULL ) { perror( "strdup" ); exit( 1 ); } @@ -560,15 +659,15 @@ addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen ) } } if (( pmods[ i ]->mod_bvalues = - (struct berval **)safe_realloc( pmods[ i ]->mod_bvalues, + (struct berval **)ber_memrealloc( pmods[ i ]->mod_bvalues, (j + 2) * sizeof( struct berval * ))) == NULL ) { - perror( "safe_realloc" ); + perror( "ber_realloc" ); exit( 1 ); } pmods[ i ]->mod_bvalues[ j + 1 ] = NULL; - if (( bvp = (struct berval *)malloc( sizeof( struct berval ))) + if (( bvp = (struct berval *)ber_memalloc( sizeof( struct berval ))) == NULL ) { - perror( "malloc" ); + perror( "ber_memalloc" ); exit( 1 ); } pmods[ i ]->mod_bvalues[ j ] = bvp; @@ -579,7 +678,7 @@ addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen ) } } else { bvp->bv_len = vlen; - if (( bvp->bv_val = (char *)malloc( vlen + 1 )) == NULL ) { + if (( bvp->bv_val = (char *)ber_memalloc( vlen + 1 )) == NULL ) { perror( "malloc" ); exit( 1 ); } @@ -612,7 +711,7 @@ domodify( char *dn, LDAPMod **pmods, int newentry ) for ( j = 0; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) { bvp = pmods[ i ]->mod_bvalues[ j ]; notascii = 0; - for ( k = 0; k < bvp->bv_len; ++k ) { + for ( k = 0; (unsigned long) k < bvp->bv_len; ++k ) { if ( !isascii( bvp->bv_val[ k ] )) { notascii = 1; break; @@ -705,25 +804,6 @@ domodrdn( char *dn, char *newrdn, int deleteoldrdn ) } - -static void -freepmods( LDAPMod **pmods ) -{ - int i; - - for ( i = 0; pmods[ i ] != NULL; ++i ) { - if ( pmods[ i ]->mod_bvalues != NULL ) { - ber_bvecfree( pmods[ i ]->mod_bvalues ); - } - if ( pmods[ i ]->mod_type != NULL ) { - free( pmods[ i ]->mod_type ); - } - free( pmods[ i ] ); - } - free( pmods ); -} - - static int fromfile( char *path, struct berval *bv ) { @@ -744,7 +824,7 @@ fromfile( char *path, struct berval *bv ) bv->bv_len = ftell( fp ); - if (( bv->bv_val = (char *)malloc( bv->bv_len )) == NULL ) { + if (( bv->bv_val = (char *)ber_memalloc( bv->bv_len )) == NULL ) { perror( "malloc" ); fclose( fp ); return( -1 ); @@ -753,6 +833,8 @@ fromfile( char *path, struct berval *bv ) if ( fseek( fp, 0L, SEEK_SET ) != 0 ) { perror( path ); fclose( fp ); + ber_memfree( bv->bv_val ); + bv->bv_val = NULL; return( -1 ); } @@ -760,9 +842,10 @@ fromfile( char *path, struct berval *bv ) eof = feof( fp ); fclose( fp ); - if ( rlen != bv->bv_len ) { + if ( (unsigned long) rlen != bv->bv_len ) { perror( path ); - free( bv->bv_val ); + ber_memfree( bv->bv_val ); + bv->bv_val = NULL; return( -1 ); } @@ -785,8 +868,8 @@ read_one_record( FILE *fp ) if ( lcur + len + 1 > lmax ) { lmax = LDAPMOD_MAXLINE * (( lcur + len + 1 ) / LDAPMOD_MAXLINE + 1 ); - if (( buf = (char *)safe_realloc( buf, lmax )) == NULL ) { - perror( "safe_realloc" ); + if (( buf = (char *)realloc( buf, lmax )) == NULL ) { + perror( "realloc" ); exit( 1 ); } } diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 69d99e7f5a..d7c98d3854 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -1,55 +1,79 @@ -/* ldapmodrdn.c - generic program to modify an entry's RDN using LDAP */ +/* ldapmodrdn.c - generic program to modify an entry's RDN using LDAP. + * + * Support for MODIFYDN REQUEST V3 (newSuperior) by: + * + * Copyright 1999, Juan C. Gomez, All rights reserved. + * This software is not subject to any license of Silicon Graphics + * Inc. or Purdue University. + * + * Redistribution and use in source and binary forms are permitted + * without restriction or fee of any kind as long as this notice + * is preserved. + * + */ + +#include "portable.h" #include -#include -#include -#include + +#include + +#include +#include +#include +#include + #include #include -#include "ldapconfig.h" - -static char *binddn = LDAPMODRDN_BINDDN; -static char *base = LDAPMODRDN_BASE; +static char *binddn = NULL; static char *passwd = NULL; -static char *ldaphost = LDAPHOST; -static int ldapport = LDAP_PORT; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; static int not, verbose, contoper; static LDAP *ld; -#ifdef LDAP_DEBUG -extern int ldap_debug, lber_debug; -#endif /* LDAP_DEBUG */ - -#define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ - realloc( ptr, size )) +static int domodrdn LDAP_P(( + LDAP *ld, + char *dn, + char *rdn, + int remove, /* flag: remove old RDN */ + char *newSuperior)); - -main( argc, argv ) - int argc; - char **argv; +int +main(int argc, char **argv) { - char *usage = "usage: %s [-nvkc] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile | dn newrdn ]\n"; - char *myname,*infile, *p, *entrydn, *rdn, buf[ 4096 ]; + char *usage = "usage: %s [-nvkWc] [-M[M]] [-d debug-level] [-h ldaphost] [-P version] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile | dn newrdn ] [-s newSuperior]\n"; + char *myname,*infile, *entrydn, *rdn, buf[ 4096 ]; FILE *fp; - int rc, i, kerberos, remove, havedn, authmethod; - LDAPMod **pmods; - - extern char *optarg; - extern int optind; + int rc, i, remove, havedn, authmethod, version, want_bindpw, debug, manageDSAit; + char *newSuperior=NULL; infile = NULL; - kerberos = not = contoper = verbose = remove = 0; + not = contoper = verbose = remove = want_bindpw = debug = manageDSAit = 0; + authmethod = LDAP_AUTH_SIMPLE; + version = -1; myname = (myname = strrchr(argv[0], '/')) == NULL ? argv[0] : ++myname; - while (( i = getopt( argc, argv, "kKcnvrh:p:D:w:d:f:" )) != EOF ) { + while (( i = getopt( argc, argv, "WkKMcnvrh:P:p:D:w:d:f:s:" )) != EOF ) { switch( i ) { case 'k': /* kerberos bind */ - kerberos = 2; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV4; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + return( EXIT_FAILURE ); +#endif break; case 'K': /* kerberos bind, part one only */ - kerberos = 1; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV41; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + return( EXIT_FAILURE ); +#endif break; case 'c': /* continuous operation mode */ ++contoper; @@ -60,15 +84,22 @@ main( argc, argv ) case 'D': /* bind DN */ binddn = strdup( optarg ); break; + case 's': /* newSuperior */ + newSuperior = strdup( optarg ); + version = LDAP_VERSION3; /* This option => force V3 */ + break; case 'w': /* password */ passwd = strdup( optarg ); + { + char* p; + + for( p = optarg; *p == '\0'; p++ ) { + *p = '*'; + } + } break; case 'd': -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi( optarg ); /* */ -#else /* LDAP_DEBUG */ - fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); -#endif /* LDAP_DEBUG */ + debug |= atoi( optarg ); break; case 'f': /* read from file */ infile = strdup( optarg ); @@ -85,60 +116,136 @@ main( argc, argv ) case 'r': /* remove old RDN */ remove++; break; + case 'M': + /* enable Manage DSA IT */ + manageDSAit++; + break; + case 'W': + want_bindpw++; + break; + case 'P': + switch( atoi(optarg) ) + { + case 2: + version = LDAP_VERSION2; + break; + case 3: + version = LDAP_VERSION3; + break; + default: + fprintf( stderr, "protocol version should be 2 or 3\n" ); + fprintf( stderr, usage, argv[0] ); + return( EXIT_FAILURE ); + } + break; default: fprintf( stderr, usage, argv[0] ); - exit( 1 ); + return( EXIT_FAILURE ); } } + if (newSuperior != NULL) { + if (version == LDAP_VERSION2) { + fprintf( stderr, + "%s: version conflict!, -s newSuperior requires LDAPv3\n", + myname); + fprintf( stderr, usage, argv[0] ); + return( EXIT_FAILURE ); + } + + /* promote to LDAPv3 */ + version = LDAP_VERSION3; + } + havedn = 0; if (argc - optind == 2) { if (( rdn = strdup( argv[argc - 1] )) == NULL ) { perror( "strdup" ); - exit( 1 ); + return( EXIT_FAILURE ); } if (( entrydn = strdup( argv[argc - 2] )) == NULL ) { perror( "strdup" ); - exit( 1 ); + return( EXIT_FAILURE ); } ++havedn; } else if ( argc - optind != 0 ) { fprintf( stderr, "%s: invalid number of arguments, only two allowed\n", myname); fprintf( stderr, usage, argv[0] ); - exit( 1 ); + return( EXIT_FAILURE ); } if ( infile != NULL ) { if (( fp = fopen( infile, "r" )) == NULL ) { perror( infile ); - exit( 1 ); + return( EXIT_FAILURE ); } } else { fp = stdin; } - if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { - perror( "ldap_open" ); - exit( 1 ); - } + if ( debug ) { + if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); + } + if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug ); + } + } - ld->ld_deref = LDAP_DEREF_NEVER; /* this seems prudent */ +#ifdef SIGPIPE + (void) SIGNAL( SIGPIPE, SIG_IGN ); +#endif - if ( !kerberos ) { - authmethod = LDAP_AUTH_SIMPLE; - } else if ( kerberos == 1 ) { - authmethod = LDAP_AUTH_KRBV41; - } else { - authmethod = LDAP_AUTH_KRBV4; + if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { + perror( "ldap_init" ); + return( EXIT_FAILURE ); } + + /* this seems prudent */ + { + int deref = LDAP_DEREF_NEVER; + ldap_set_option( ld, LDAP_OPT_DEREF, &deref); + } + + if (want_bindpw) + passwd = getpass("Enter LDAP Password: "); + + if (version != -1 && + ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS) + { + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); + } + if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); - exit( 1 ); + return( EXIT_FAILURE ); } + if ( manageDSAit ) { + int err; + LDAPControl c; + LDAPControl *ctrls[2]; + ctrls[0] = &c; + ctrls[1] = NULL; + + c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; + c.ldctl_iscritical = manageDSAit > 1; + + err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls ); + + if( err != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set Manage DSA IT Control\n" ); + if( c.ldctl_iscritical ) { + exit( EXIT_FAILURE ); + } + } + } + rc = 0; if (havedn) - rc = domodrdn(ld, entrydn, rdn, remove); + rc = domodrdn(ld, entrydn, rdn, remove, newSuperior); else while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) { if ( *buf != '\0' ) { /* blank lines optional, skip */ buf[ strlen( buf ) - 1 ] = '\0'; /* remove nl */ @@ -146,14 +253,14 @@ main( argc, argv ) if ( havedn ) { /* have DN, get RDN */ if (( rdn = strdup( buf )) == NULL ) { perror( "strdup" ); - exit( 1 ); + return( EXIT_FAILURE ); } - rc = domodrdn(ld, entrydn, rdn, remove); + rc = domodrdn(ld, entrydn, rdn, remove, newSuperior); havedn = 0; } else if ( !havedn ) { /* don't have DN yet */ if (( entrydn = strdup( buf )) == NULL ) { perror( "strdup" ); - exit( 1 ); + return( EXIT_FAILURE ); } ++havedn; } @@ -162,14 +269,16 @@ main( argc, argv ) ldap_unbind( ld ); - exit( rc ); + /* UNREACHABLE */ + return( rc ); } -domodrdn( ld, dn, rdn, remove ) - LDAP *ld; - char *dn; - char *rdn; - int remove; /* flag: remove old RDN */ +static int domodrdn( + LDAP *ld, + char *dn, + char *rdn, + int remove, /* flag: remove old RDN */ + char *newSuperior) { int i; @@ -179,12 +288,14 @@ domodrdn( ld, dn, rdn, remove ) printf("removing old RDN\n"); else printf("keeping old RDN\n"); + if(newSuperior!=NULL) + printf("placing node under a new parent = %s\n", newSuperior); } if ( !not ) { - i = ldap_modrdn2_s( ld, dn, rdn, remove ); + i = ldap_rename2_s( ld, dn, rdn, remove, newSuperior ); if ( i != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_modrdn2_s" ); + ldap_perror( ld, "ldap_rename2_s" ); } else if ( verbose ) { printf( "modrdn complete\n" ); } diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index d96aff1317..42b8e1f196 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -1,21 +1,23 @@ +#include "portable.h" + #include -#include -#include + +#include + +#include +#include +#include +#include + #include #include #include -#include "ldapconfig.h" - #define DEFSEP "=" -#ifdef LDAP_DEBUG -extern int ldap_debug, lber_debug; -#endif /* LDAP_DEBUG */ - -usage( s ) -char *s; +static void +usage( char *s ) { fprintf( stderr, "usage: %s [options] filter [attributes...]\nwhere:\n", s ); fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" ); @@ -29,9 +31,8 @@ char *s; fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" ); fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" ); fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" ); -#ifdef LDAP_REFERRALS + fprintf( stderr, " -M\t\tenable Manage DSA IT control (-MM implies critical)\n" ); fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" ); -#endif /* LDAP_REFERRALS */ fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" ); fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" ); fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" ); @@ -43,54 +44,65 @@ char *s; fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" ); fprintf( stderr, " -D binddn\tbind dn\n" ); fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" ); -#ifdef KERBEROS + fprintf( stderr, " -W\t\tprompt for bind passwd\n" ); +#ifdef HAVE_KERBEROS fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" ); #endif fprintf( stderr, " -h host\tldap server\n" ); fprintf( stderr, " -p port\tport on ldap server\n" ); - exit( 1 ); + fprintf( stderr, " -P version\tprocotol version (2 or 3)\n" ); + exit( EXIT_FAILURE ); } -static char *binddn = LDAPSEARCH_BINDDN; +static void print_entry LDAP_P(( + LDAP *ld, + LDAPMessage *entry, + int attrsonly)); + +static int write_ldif_value LDAP_P(( + char *type, + char *value, + unsigned long vallen )); + +static int dosearch LDAP_P(( + LDAP *ld, + char *base, + int scope, + char **attrs, + int attrsonly, + char *filtpatt, + char *value)); + +static char *binddn = NULL; static char *passwd = NULL; -static char *base = LDAPSEARCH_BASE; -static char *ldaphost = LDAPHOST; -static int ldapport = LDAP_PORT; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; static char *sep = DEFSEP; static char *sortattr = NULL; static int skipsortattr = 0; static int verbose, not, includeufn, allow_binary, vals2tmp, ldif; -main( argc, argv ) -int argc; -char **argv; +int +main( int argc, char **argv ) { char *infile, *filtpattern, **attrs, line[ BUFSIZ ]; FILE *fp; - int rc, i, first, scope, kerberos, deref, attrsonly; - int ldap_options, timelimit, sizelimit, authmethod; + int rc, i, first, scope, deref, attrsonly, manageDSAit; + int referrals, timelimit, sizelimit, debug; + int authmethod, version, want_bindpw; LDAP *ld; - extern char *optarg; - extern int optind; infile = NULL; - deref = verbose = allow_binary = not = kerberos = vals2tmp = - attrsonly = ldif = 0; -#ifdef LDAP_REFERRALS - ldap_options = LDAP_OPT_REFERRALS; -#else /* LDAP_REFERRALS */ - ldap_options = 0; -#endif /* LDAP_REFERRALS */ - sizelimit = timelimit = 0; - scope = LDAP_SCOPE_SUBTREE; - - while (( i = getopt( argc, argv, -#ifdef KERBEROS - "KknuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" -#else - "nuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" -#endif - )) != EOF ) { + debug = verbose = allow_binary = not = vals2tmp = + attrsonly = manageDSAit = ldif = want_bindpw = 0; + + deref = referrals = sizelimit = timelimit = version = -1; + + scope = LDAP_SCOPE_SUBTREE; + authmethod = LDAP_AUTH_SIMPLE; + + while (( i = getopt( argc, argv, "WKknuvtMRABLD:s:f:h:b:d:P:p:F:a:w:l:z:S:")) != EOF ) { switch( i ) { case 'n': /* do Not do any searches */ ++not; @@ -99,33 +111,34 @@ char **argv; ++verbose; break; case 'd': -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi( optarg ); /* */ -#else /* LDAP_DEBUG */ - fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); -#endif /* LDAP_DEBUG */ + debug |= atoi( optarg ); break; -#ifdef KERBEROS case 'k': /* use kerberos bind */ - kerberos = 2; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV4; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); +#endif break; case 'K': /* use kerberos bind, 1st part only */ - kerberos = 1; - break; +#ifdef HAVE_KERBEROS + authmethod = LDAP_AUTH_KRBV41; +#else + fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); #endif + break; case 'u': /* include UFN */ ++includeufn; break; case 't': /* write attribute values to /tmp files */ ++vals2tmp; break; + case 'M': + /* enable Manage DSA IT */ + manageDSAit++; + break; case 'R': /* don't automatically chase referrals */ -#ifdef LDAP_REFERRALS - ldap_options &= ~LDAP_OPT_REFERRALS; -#else /* LDAP_REFERRALS */ - fprintf( stderr, - "compile with -DLDAP_REFERRALS for referral support\n" ); -#endif /* LDAP_REFERRALS */ + referrals = (int) LDAP_OPT_OFF; break; case 'A': /* retrieve attribute names only -- no values */ ++attrsonly; @@ -137,11 +150,11 @@ char **argv; ++allow_binary; break; case 's': /* search scope */ - if ( strncasecmp( optarg, "base", 4 ) == 0 ) { + if ( strcasecmp( optarg, "base" ) == 0 ) { scope = LDAP_SCOPE_BASE; - } else if ( strncasecmp( optarg, "one", 3 ) == 0 ) { + } else if ( strcasecmp( optarg, "one" ) == 0 ) { scope = LDAP_SCOPE_ONELEVEL; - } else if ( strncasecmp( optarg, "sub", 3 ) == 0 ) { + } else if ( strcasecmp( optarg, "sub" ) == 0 ) { scope = LDAP_SCOPE_SUBTREE; } else { fprintf( stderr, "scope should be base, one, or sub\n" ); @@ -150,13 +163,13 @@ char **argv; break; case 'a': /* set alias deref option */ - if ( strncasecmp( optarg, "never", 5 ) == 0 ) { + if ( strcasecmp( optarg, "never" ) == 0 ) { deref = LDAP_DEREF_NEVER; - } else if ( strncasecmp( optarg, "search", 5 ) == 0 ) { + } else if ( strcasecmp( optarg, "search" ) == 0 ) { deref = LDAP_DEREF_SEARCHING; - } else if ( strncasecmp( optarg, "find", 4 ) == 0 ) { + } else if ( strcasecmp( optarg, "find" ) == 0 ) { deref = LDAP_DEREF_FINDING; - } else if ( strncasecmp( optarg, "always", 6 ) == 0 ) { + } else if ( strcasecmp( optarg, "always" ) == 0 ) { deref = LDAP_DEREF_ALWAYS; } else { fprintf( stderr, "alias deref should be never, search, find, or always\n" ); @@ -184,6 +197,13 @@ char **argv; break; case 'w': /* bind password */ passwd = strdup( optarg ); + { + char* p; + + for( p = optarg; *p == '\0'; p++ ) { + *p = '*'; + } + } break; case 'l': /* time limit */ timelimit = atoi( optarg ); @@ -194,6 +214,23 @@ char **argv; case 'S': /* sort attribute */ sortattr = strdup( optarg ); break; + case 'W': + want_bindpw++; + break; + case 'P': + switch( atoi( optarg ) ) + { + case 2: + version = LDAP_VERSION2; + break; + case 3: + version = LDAP_VERSION3; + break; + default: + fprintf( stderr, "protocol version should be 2 or 3\n" ); + usage( argv[0] ); + } + break; default: usage( argv[0] ); } @@ -227,48 +264,106 @@ char **argv; fp = stdin; } else if (( fp = fopen( infile, "r" )) == NULL ) { perror( infile ); - exit( 1 ); + return( EXIT_FAILURE ); } } + if ( debug ) { + if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); + } + if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug ); + } + ldif_debug = debug; + } + +#ifdef SIGPIPE + (void) SIGNAL( SIGPIPE, SIG_IGN ); +#endif + if ( verbose ) { - printf( "ldap_open( %s, %d )\n", ldaphost, ldapport ); + fprintf( stderr, "ldap_init( %s, %d )\n", + (ldaphost != NULL) ? ldaphost : "", + ldapport ); } - if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { - perror( ldaphost ); - exit( 1 ); + if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) { + perror( "ldap_init" ); + return( EXIT_FAILURE ); } - ld->ld_deref = deref; - ld->ld_timelimit = timelimit; - ld->ld_sizelimit = sizelimit; - ld->ld_options = ldap_options; + if (deref != -1 && + ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref ); + } + if (timelimit != -1 && + ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit ); + } + if (sizelimit != -1 && + ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit ); + } + if (referrals != -1 && + ldap_set_option( ld, LDAP_OPT_REFERRALS, + (referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n", + referrals ? "on" : "off" ); + } + + if (version != -1 && + ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); + } + + if (want_bindpw) + passwd = getpass("Enter LDAP Password: "); - if ( !kerberos ) { - authmethod = LDAP_AUTH_SIMPLE; - } else if ( kerberos == 1 ) { - authmethod = LDAP_AUTH_KRBV41; - } else { - authmethod = LDAP_AUTH_KRBV4; - } if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); - exit( 1 ); + return( EXIT_FAILURE ); } if ( verbose ) { - printf( "filter pattern: %s\nreturning: ", filtpattern ); + fprintf( stderr, "filter pattern: %s\nreturning: ", filtpattern ); if ( attrs == NULL ) { printf( "ALL" ); } else { for ( i = 0; attrs[ i ] != NULL; ++i ) { - printf( "%s ", attrs[ i ] ); + fprintf( stderr, "%s ", attrs[ i ] ); } } - putchar( '\n' ); + fprintf( stderr, "\n" ); } + if ( manageDSAit ) { + int err; + LDAPControl c; + LDAPControl *ctrls[2]; + ctrls[0] = &c; + ctrls[1] = NULL; + + c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; + c.ldctl_iscritical = manageDSAit > 1; + + err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls ); + + if( err != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set Manage DSA IT Control\n" ); + if( c.ldctl_iscritical ) { + exit( EXIT_FAILURE ); + } + } + } + if ( infile == NULL ) { rc = dosearch( ld, base, scope, attrs, attrsonly, filtpattern, "" ); } else { @@ -290,27 +385,29 @@ char **argv; } ldap_unbind( ld ); - exit( rc ); + + + return( rc ); } -dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value ) - LDAP *ld; - char *base; - int scope; - char **attrs; - int attrsonly; - char *filtpatt; - char *value; +static int dosearch( + LDAP *ld, + char *base, + int scope, + char **attrs, + int attrsonly, + char *filtpatt, + char *value) { - char filter[ BUFSIZ ], **val; + char filter[ BUFSIZ ]; int rc, first, matches; LDAPMessage *res, *e; sprintf( filter, filtpatt, value ); if ( verbose ) { - printf( "filter is: (%s)\n", filter ); + fprintf( stderr, "filter is: (%s)\n", filter ); } if ( not ) { @@ -318,12 +415,16 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value ) } if ( ldap_search( ld, base, scope, filter, attrs, attrsonly ) == -1 ) { - ldap_perror( ld, "ldap_search" ); - return( ld->ld_errno ); + int ld_errno; + ldap_perror( ld, "ldap_search" ); + + ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ld_errno); + return( ld_errno ); } matches = 0; first = 1; + res = NULL; while ( (rc = ldap_result( ld, LDAP_RES_ANY, sortattr ? 1 : 0, NULL, &res )) == LDAP_RES_SEARCH_ENTRY ) { matches++; @@ -335,6 +436,7 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value ) } print_entry( ld, e, attrsonly ); ldap_msgfree( res ); + res = NULL; } if ( rc == -1 ) { ldap_perror( ld, "ldap_result" ); @@ -344,13 +446,11 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value ) ldap_perror( ld, "ldap_search" ); } if ( sortattr != NULL ) { - extern int strcasecmp(); - (void) ldap_sort_entries( ld, &res, ( *sortattr == '\0' ) ? NULL : sortattr, strcasecmp ); matches = 0; first = 1; - for ( e = ldap_first_entry( ld, res ); e != NULLMSG; + for ( e = ldap_first_entry( ld, res ); e != NULL; e = ldap_next_entry( ld, e ) ) { matches++; if ( !first ) { @@ -371,17 +471,16 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value ) } -print_entry( ld, entry, attrsonly ) - LDAP *ld; - LDAPMessage *entry; - int attrsonly; +void print_entry( + LDAP *ld, + LDAPMessage *entry, + int attrsonly) { char *a, *dn, *ufn, tmpfname[ 64 ]; int i, j, notascii; - BerElement *ber; + BerElement *ber = NULL; struct berval **bvals; FILE *tmpfp; - extern char *mktemp(); dn = ldap_get_dn( ld, entry ); if ( ldif ) { @@ -396,9 +495,9 @@ print_entry( ld, entry, attrsonly ) } else { printf( "%s\n", ufn ); } - free( ufn ); + ldap_memfree( ufn ); } - free( dn ); + ldap_memfree( dn ); for ( a = ldap_first_attribute( ld, entry, &ber ); a != NULL; a = ldap_next_attribute( ld, entry, ber ) ) { @@ -436,7 +535,7 @@ print_entry( ld, entry, attrsonly ) } else { notascii = 0; if ( !allow_binary ) { - for ( j = 0; j < bvals[ i ]->bv_len; ++j ) { + for ( j = 0; (unsigned long) j < bvals[ i ]->bv_len; ++j ) { if ( !isascii( bvals[ i ]->bv_val[ j ] )) { notascii = 1; break; @@ -456,6 +555,10 @@ print_entry( ld, entry, attrsonly ) ber_bvecfree( bvals ); } } + + if( ber != NULL ) { + ber_free( ber, 0 ); + } } @@ -469,7 +572,7 @@ write_ldif_value( char *type, char *value, unsigned long vallen ) } fputs( ldif, stdout ); - free( ldif ); + ber_memfree( ldif ); return( 0 ); }