]> git.sur5r.net Git - openldap/blob - servers/slapd/slapauth.c
Merge remote-tracking branch 'origin/mdb.RE/0.9'
[openldap] / servers / slapd / slapauth.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 2004-2015 The OpenLDAP Foundation.
5  * Portions Copyright 2004 Pierangelo Masarati.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was initially developed by Pierangelo Masarati for inclusion
18  * in OpenLDAP Software.
19  */
20
21 #include "portable.h"
22
23 #include <stdio.h>
24
25 #include <ac/stdlib.h>
26
27 #include <ac/ctype.h>
28 #include <ac/string.h>
29 #include <ac/socket.h>
30 #include <ac/unistd.h>
31
32 #include <lber.h>
33 #include <ldif.h>
34 #include <lutil.h>
35
36 #include "slapcommon.h"
37
38 static int
39 do_check( Connection *c, Operation *op, struct berval *id )
40 {
41         struct berval   authcdn;
42         int             rc;
43
44         rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID );
45         if ( rc != LDAP_SUCCESS ) {
46                 fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
47                                 id->bv_val, rc,
48                                 ldap_err2string( rc ) );
49                 rc = 1;
50                         
51         } else {
52                 if ( !BER_BVISNULL( &authzID ) ) {
53                         rc = slap_sasl_authorized( op, &authcdn, &authzID );
54
55                         fprintf( stderr,
56                                         "ID:      <%s>\n"
57                                         "authcDN: <%s>\n"
58                                         "authzDN: <%s>\n"
59                                         "authorization %s\n",
60                                         id->bv_val,
61                                         authcdn.bv_val,
62                                         authzID.bv_val,
63                                         rc == LDAP_SUCCESS ? "OK" : "failed" );
64
65                 } else {
66                         fprintf( stderr, "ID: <%s> check succeeded\n"
67                                         "authcID:     <%s>\n",
68                                         id->bv_val,
69                                         authcdn.bv_val );
70                         op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx );
71                 }
72                 rc = 0;
73         }
74
75         return rc;
76 }
77
78 int
79 slapauth( int argc, char **argv )
80 {
81         int                     rc = EXIT_SUCCESS;
82         const char              *progname = "slapauth";
83         Connection              conn = {0};
84         OperationBuffer opbuf;
85         Operation               *op;
86         void                    *thrctx;
87
88         slap_tool_init( progname, SLAPAUTH, argc, argv );
89
90         argv = &argv[ optind ];
91         argc -= optind;
92
93         thrctx = ldap_pvt_thread_pool_context();
94         connection_fake_init( &conn, &opbuf, thrctx );
95         op = &opbuf.ob_op;
96
97         conn.c_sasl_bind_mech = mech;
98
99         if ( !BER_BVISNULL( &authzID ) ) {
100                 struct berval   authzdn;
101                 
102                 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
103                                 SLAP_GETDN_AUTHZID );
104                 if ( rc != LDAP_SUCCESS ) {
105                         fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
106                                         authzID.bv_val, rc,
107                                         ldap_err2string( rc ) );
108                         rc = 1;
109                         BER_BVZERO( &authzID );
110                         goto destroy;
111                 } 
112
113                 authzID = authzdn;
114         }
115
116
117         if ( !BER_BVISNULL( &authcID ) ) {
118                 if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
119                         rc = do_check( &conn, op, &authcID );
120                         goto destroy;
121                 }
122
123                 for ( ; argc--; argv++ ) {
124                         struct berval   authzdn;
125                 
126                         ber_str2bv( argv[ 0 ], 0, 0, &authzID );
127
128                         rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
129                                         SLAP_GETDN_AUTHZID );
130                         if ( rc != LDAP_SUCCESS ) {
131                                 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
132                                                 authzID.bv_val, rc,
133                                                 ldap_err2string( rc ) );
134                                 rc = -1;
135                                 BER_BVZERO( &authzID );
136                                 if ( !continuemode ) {
137                                         goto destroy;
138                                 }
139                         }
140
141                         authzID = authzdn;
142
143                         rc = do_check( &conn, op, &authcID );
144
145                         op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
146                         BER_BVZERO( &authzID );
147
148                         if ( rc && !continuemode ) {
149                                 goto destroy;
150                         }
151                 }
152
153                 goto destroy;
154         }
155
156         for ( ; argc--; argv++ ) {
157                 struct berval   id;
158
159                 ber_str2bv( argv[ 0 ], 0, 0, &id );
160
161                 rc = do_check( &conn, op, &id );
162
163                 if ( rc && !continuemode ) {
164                         goto destroy;
165                 }
166         }
167
168 destroy:;
169         if ( !BER_BVISNULL( &authzID ) ) {
170                 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
171         }
172         if ( slap_tool_destroy())
173                 rc = EXIT_FAILURE;
174
175         return rc;
176 }
177