/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is Mozilla Communicator client code, released
* March 31, 1998.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-1999 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*/
/*
* code that is shared by two or more of the LDAP command line tools
*/
#include "ldaptool.h"
#include "fileurl.h"
#ifdef SOLARIS_LDAP_CMD
#include "solaris-int.h"
#include <ldap.h>
#include <locale.h>
#include <libgen.h>
#include <limits.h>
#endif /* SOLARIS_LDAP_CMD */
#ifdef LDAP_TOOL_ARGPIN
#include "argpin.h"
#include "ntuserpin.h"
#endif /* LDAP_TOOL_ARGPIN */
#ifndef SOLARIS_LDAP_CMD
#include <nspr.h> /* for PR_Cleanup() */
#endif /* SOLARIS_LDAP_CMD */
#include <stdlib.h>
#include <time.h> /* for time() and ctime() */
#ifdef HAVE_SASL_OPTIONS
#ifdef SOLARIS_LDAP_CMD
#else
#include <sasl.h>
#endif /* SOLARIS_LDAP_CMD */
#include "ldaptool-sasl.h"
#endif /* HAVE_SASL_OPTIONS */
#ifndef SOLARIS_LDAP_CMD
#define gettext(s) s
#endif
#ifdef SOLARIS_LDAP_CMD
#endif
char *msg );
#ifdef LDAPTOOL_DEBUG_MEMORY
static void ldaptool_debug_free( void *ptr );
#endif /* LDAPTOOL_DEBUG_MEMORY */
#if defined(NET_SSL)
static char *certpath2keypath( char *certdbpath );
#ifdef FORTEZZA
static int ldaptool_fortezza_init( int exit_on_error );
static void * ldaptool_fortezza_getpin( char **passwordp );
static char * ldaptool_fortezza_err2string( int err );
#endif /* FORTEZZA */
#endif
#ifdef HAVE_SASL_OPTIONS
static int saslSetParam(char *saslarg);
#endif /* HAVE_SASL_OPTIONS */
/*
* display usage for common options with one exception: -f is not included
* since the description tends to be tool-specific.
*
* As of 1-Jul-1998, of the characters in the set [A-Za-z] the following are
* not currently used by any of the tools: EJgjqr
*/
void
{
if ( two_hosts ) {
fprintf( stderr, gettext(" -h host\tLDAP server1 name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST );
fprintf( stderr, gettext(" -h host\tLDAP server2 name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST );
} else {
fprintf( stderr, gettext(" -h host\tLDAP server name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST );
}
gettext(" -V n\tLDAP protocol version number (%d or %d; default: %d)\n"),
#if defined(NET_SSL)
fprintf( stderr, gettext(" -P pathname\tpath to SSL certificate database (default: current directory)\n") );
#ifndef SOLARIS_LDAP_CMD
fprintf( stderr, gettext(" -K pathname\tpath to key database to use for SSL client authentication\n") );
fprintf( stderr, gettext(" \t\t(default: path to certificate database provided with -P option)\n") );
#endif /* SOLARIS_LDAP_CMD */
#ifdef LDAP_TOOL_PKCS11
#endif /* LDAP_TOOL_PKCS11 */
#ifndef SOLARIS_LDAP_CMD
#endif /* SOLARIS_LDAP_CMD */
#ifdef LDAP_TOOL_PKCS11
/* fprintf( stderr, " -X pathname\tFORTEZZA compromised key list (CKL)\n" ); */
#endif /* LDAP_TOOL_PKCS11 */
#endif /* NET_SSL */
#ifdef LDAP_DEBUG
#endif
fprintf( stderr, gettext(" -O limit\tmaximum number of referral hops to traverse (default: %d)\n"), LDAPTOOL_DEFREFHOPLIMIT );
#ifndef SOLARIS_LDAP_CMD
#endif /* SOLARIS_LDAP_CMD */
#ifndef NO_LIBLCACHE
#endif
fprintf( stderr, gettext(" -i charset\tcharacter set for command line input (default taken from locale)\n") );
#if 0
/*
* Suppress usage for -y (old proxied authorization control) even though
* we still support it. We want to encourage people to use -Y instead (the
* new proxied authorization control).
*/
#endif
#ifdef SOLARIS_LDAP_CMD
#endif /* SOLARIS_LDAP_CMD */
#ifdef HAVE_SASL_OPTIONS
fprintf( stderr, gettext(" -o attrName=attrVal\tSASL options which are described in the man page\n"));
#endif /* HAVE_SASL_OPTIONS */
}
/* globals */
int ldaptool_verbose = 0;
int ldaptool_not = 0;
#ifdef SOLARIS_LDAP_CMD
#endif /* SOLARIS_LDAP_CMD */
#ifdef LDAP_DEBUG
int ldaptool_dbg_lvl = 0;
#endif /* LDAP_DEBUG */
/* statics */
static int send_auth_response_ctrl = 0;
static int user_specified_port = 0;
static int user_specified_port2 = 0;
static int send_manage_dsait_ctrl = 0;
static int prompt_password = 0;
#ifdef HAVE_SASL_OPTIONS
#endif /* HAVE_SASL_OPTIONS */
#ifndef NO_LIBLCACHE
#endif /* !NO_LIBLCACHE */
#if defined(NET_SSL)
static int secure = 0;
static int isZ = 0;
static int isN = 0;
static int isW = 0;
static int isw = 0;
static int isD = 0;
static int isj = 0;
#ifdef SOLARIS_LDAP_CMD
#endif
#ifdef LDAP_TOOL_PKCS11
#if 0
#endif
#ifdef FORTEZZA
#endif /* FORTEZZA */
#endif /* LDAP_TOOL_PKCS11 */
#endif /* NET_SSL */
/*
* Handle general initialization and options that are common to all of
* the LDAP tools.
* Handle options that are common to all of the LDAP tools.
* Note the the H option is included here but handled via the
* extra_opt_callback function (along with any "extra_opts" ).
*
* Return: final value for optind or -1 if usage should be displayed (for
* some fatal errors, we call exit here).
*/
int
{
extern char *optarg;
extern int optind;
#ifdef SOLARIS_LDAP_CMD
#endif
/*
* Set program name global based on argv[0].
*/
ldaptool_progname = argv[ 0 ];
} else {
}
#ifdef LDAPTOOL_DEBUG_MEMORY
{
};
}
#endif /* LDAPTOOL_DEBUG_MEMORY */
#ifdef LDAP_DEBUG
i = LDAP_DEBUG_ANY;
#endif
/*
* Perform a sanity check on the revision of the LDAP API library to
* make sure it is at least as new as the one we were compiled against.
* If the API implementation is from the same vendor as we were compiled
* against, we also check to make sure the vendor version is at least
* as new as the library we were compiled against.
*
* Version differences are fatal unless the -0 option is passed on the
* tool command line (that's a zero, not an oh). We check for the
* presence of -0 in a crude way to it must appear by itself in argv.
*/
for ( i = 1; i < argc; ++i ) {
break;
}
}
" information;\n\tthis program requires an LDAP library that"
" implements revision\n\t%d or greater of the LDAP API.\n"),
if ( lib_version_mismatch_is_fatal ) {
exit( LDAP_LOCAL_ERROR );
}
" implements revision\n\t%d or greater of the LDAP API;"
" running with revision %d.\n"),
if ( lib_version_mismatch_is_fatal ) {
exit( LDAP_LOCAL_ERROR );
}
"\tlibrary version %2.2f or greater; running with\n"
"\t%s's version %2.2f.\n"),
(float)LDAP_VENDOR_VERSION / 100,
if ( lib_version_mismatch_is_fatal ) {
exit( LDAP_LOCAL_ERROR );
}
"\tlibrary version %2.2f or greater; running with"
" version %2.2f.\n"),
(float)LDAP_VENDOR_VERSION / 100,
if ( lib_version_mismatch_is_fatal ) {
exit( LDAP_LOCAL_ERROR );
}
}
/*
* Process command line options.
*/
if ( extra_opts == NULL ) {
extra_opts = "";
}
#ifdef HAVE_SASL_OPTIONS
#ifdef SOLARIS_LDAP_CMD
common_opts = "nvEMRH?Zd:D:f:h:j:N:O:o:P:p:W:w:V:i:k:y:Y:J:";
#else
common_opts = "nvEMRHZ03d:D:f:h:j:I:K:N:O:o:P:p:Q:W:w:V:X:m:i:k:y:Y:J:";
#endif /* SOLARIS_LDAP_CMD */
#else
common_opts = "nvEMRHZ03d:D:f:h:j:I:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y:J:";
#endif /* HAVE_SASL_OPTIONS */
/* note: optstring must include room for liblcache "C:" option */
+ 3 )) == NULL ) {
perror( "malloc" );
exit( LDAP_NO_MEMORY );
}
#ifdef NO_LIBLCACHE
#else
#endif
hostnum = 0;
switch( i ) {
case 'n': /* do Not do any LDAP operations */
++ldaptool_not;
break;
case 'v': /* verbose mode */
break;
case 'd':
#ifdef LDAP_DEBUG
#ifdef SOLARIS_LDAP_CMD
(void *)&ldaptool_dbg_lvl);
#else
(void *)&ldaptool_dbg_lvl);
#endif /* SOLARIS_LDAP_CMD */
(void *)&ldaptool_dbg_lvl);
#else /* LDAP_DEBUG */
#endif /* LDAP_DEBUG */
break;
case 'R': /* don't automatically chase referrals */
chase_referrals = 0;
break;
#ifndef NO_LIBLCACHE
case 'C': /* search local database */
break;
#endif
case 'f': /* input file */
ldaptool_fp = stdin;
exit( LDAP_PARAM_ERROR );
}
break;
case 'h': /* ldap host */
if ( hostnum == 0 ) {
} else {
}
++hostnum;
break;
case 'D': /* bind DN */
isD = 1;
break;
case 'E': /* expose bind identity via auth. response control */
break;
case 'p': /* ldap port */
if ( !user_specified_port ) {
} else {
}
break;
#if defined(NET_SSL)
case 'P': /* path to security database */
#ifndef SOLARIS_LDAP_CMD
if (NULL == ssl_certdbpath) {
perror("malloc");
exit( LDAP_NO_MEMORY );
}
#else
/*
* Verify whether it's a base directory or a cert db file.
* If it is not a directory, truncate the file name as
* the revised NSS_Init() doesn't take file name any longer.
*/
"long\n"));
}
perror("stat");
"invalid\n"));
} else {
/* redir to a regular file's dir name */
} else
}
#endif /* SOLARIS_LDAP_CMD */
break;
case 'Z': /* do SSL encryption */
secure = 1;
isZ = 1;
break;
case 'N': /* nickname of cert. to use for client auth. */
if (NULL == ssl_certname)
{
perror("malloc");
exit( LDAP_NO_MEMORY );
}
isN = 1;
break;
#ifndef SOLARIS_LDAP_CMD
case 'K': /* location of key database */
if (NULL == ssl_keydbpath)
{
perror("malloc");
exit( LDAP_NO_MEMORY );
}
break;
#endif /* SOLARIS_LDAP_CMD */
case 'W': /* SSL key password */
if (NULL == ssl_passwd)
{
perror("malloc");
exit( LDAP_NO_MEMORY );
}
isW = 1;
break;
#ifndef SOLARIS_LDAP_CMD
case '3': /* check hostnames in SSL certificates ("no third") */
break;
#endif /* SOLARIS_LDAP_CMD */
#ifdef LDAP_TOOL_PKCS11
case 'm': /* SSL secmod path */
if (NULL == ssl_secmodpath)
{
perror("malloc");
exit( LDAP_NO_MEMORY );
}
break;
case 'Q': /* FORTEZZA [card][:personality] */
if (NULL == pkcs_token)
{
perror("malloc");
exit( LDAP_NO_MEMORY );
}
break;
/* This option removed to prevent interference
with the getEffectiveRights option, also -X
case 'X': * path to FORTEZZA CKL file *
fortezza_krlfile = strdup( optarg );
break;
*/
case 'I': /* FORTEZZA PIN (password file) */
break;
#endif /* LDAP_TOOL_PKCS11 */
#endif /* NET_SSL */
case 'w': /* bind password */
isw = 1;
prompt_password = 1;
else
break;
case 'j': /* bind password or SSL key password from file */
isj = 1;
exit( LDAP_PARAM_ERROR );
}
break;
case 'O': /* referral hop limit */
break;
case 'V': /* protocol version */
"supported (use -V%d or -V%d)\n"),
exit( LDAP_PARAM_ERROR );
}
break;
case 'M': /* send a manageDsaIT control */
break;
case 'i': /* character set specified */
if (NULL == ldaptool_charset)
{
perror( "malloc" );
exit( LDAP_NO_MEMORY );
}
break;
case 'k': /* conversion directory */
if (NULL == ldaptool_convdir)
{
perror( "malloc" );
exit( LDAP_NO_MEMORY );
}
break;
case 'y': /* old (version 1) proxied authorization control */
proxyauth_version = 1;
case 'Y': /* new (version 2 ) proxied authorization control */
/*FALLTHRU*/
if (NULL == proxyauth_id)
{
perror( "malloc" );
exit( LDAP_NO_MEMORY );
}
break;
#ifndef SOLARIS_LDAP_CMD
case '0': /* zero -- override LDAP library version check */
break; /* already handled above */
#endif /* SOLARIS_LDAP_CMD */
case 'J': /* send an arbitrary control */
perror ("strdup");
}
return (-1);
}
if (ctrl_value) {
1 /* recognize file URLs */,
0 /* always try file */,
1 /* report errors */ );
return (-1);
}
}
break;
#ifdef HAVE_SASL_OPTIONS
case 'o': /* attribute assignment */
return (-1);
}
break;
#endif /* HAVE_SASL_OPTIONS */
default:
(*extra_opt_callback)( i, optarg );
}
}
/* If '-Z' is specified, check if '-P' is specified too. */
if ( !isZ ) {
return (-1);
}
}
/* if '-N' is specified, -W is needed too */
return (-1);
}
#ifdef SOLARIS_LDAP_CMD
fprintf(stderr, gettext("%s: -j and -w or -W options cannot be specified simultaneously\n\n"), ldaptool_progname );
#else
fprintf(stderr, gettext("%s: -j and -w options cannot be specified simultaneously\n\n"), ldaptool_progname );
#endif /* SOLARIS_LDAP_CMD */
return (-1);
}
/* complain if -j or -w does not also have -D, unless using SASL */
#ifdef HAVE_SASL_OPTIONS
#else
#endif
return (-1);
}
/* use default key and cert DB paths if not set on the command line */
if ( NULL == ssl_keydbpath ) {
if ( NULL == ssl_certdbpath ) {
} else {
}
}
if ( NULL == ssl_certdbpath ) {
}
if (prompt_password != 0) {
#if defined(_WIN32)
} else {
char *tmp;
}
#else
#if defined(SOLARIS)
/* 256 characters on Solaris */
#else
/* limited to 16 chars on Tru64, 32 on AIX */
#endif
#endif
} else if (password_fp != NULL) {
int increment = 0;
int c, index;
/* allocate initial block of memory */
fprintf( stderr, gettext("%s: not enough memory to read password from file\n"), ldaptool_progname );
exit( LDAP_NO_MEMORY );
}
increment++;
index = 0;
/* check if we will overflow the buffer */
/* if we did, add another BUFSIZ worth of bytes */
if ((linep = (char *)
fprintf( stderr, gettext("%s: not enough memory to read password from file\n"), ldaptool_progname );
exit( LDAP_NO_MEMORY );
}
increment++;
}
}
}
#ifdef SOLARIS_LDAP_CMD
}
#ifdef HAVE_SASL_OPTIONS
if (ldapauth == LDAP_AUTH_SASL) {
/* BindDN not required for SASL */
}
#endif /* HAVE_SASL_OPTIONS */
#ifdef NET_SSL
if (secure == 1) {
/* BindDN not required for SSL */
}
#endif /* NET_SSL */
gettext("%s: DN and Bind Password are required.\n"),
exit(1);
}
#endif /* SOLARIS_LDAP_CMD */
/*
* If verbose (-v) flag was passed in, display program name and start time.
* If the verbose flag was passed at least twice (-vv), also display
* information about the API library we are running with.
*/
if ( ldaptool_verbose ) {
if ( ldaptool_verbose > 1 ) {
}
}
#ifdef LDAP_TOOL_PKCS11
char *result;
free( ssl_certname );
}
}
#endif /* LDAP_TOOL_PKCS11 */
/*
* Clean up and return index of first non-option argument.
*/
}
}
#ifdef HAVE_SASL_OPTIONS
return (-1);
}
#endif /* HAVE_SASL_OPTIONS */
return( optind );
}
/*
* Write detailed information about the API library we are running with to fp.
*/
static void
{
int i;
" Highest supported protocol version: %d\n"
" LDAP API revision: %d\n"
" API vendor name: %s\n"
" Vendor-specific version: %.2f\n"),
fi.ldapaif_version = 0;
!= 0 ) {
" LDAP_OPT_API_FEATURE_INFO, ... ) for %s failed"
" (Feature Info version: %d)\n"), ldaptool_progname,
} else {
}
}
}
}
#ifdef LDAP_TOOL_ARGPIN
static int PinArgRegistration( void )
{
/* pkcs_init was successful register the pin args */
char *tokenName;
#ifndef _WIN32
#else
int err;
#endif
char *pin;
char *filename;
/* Create and register the pin object for PKCS 11 */
#ifndef _WIN32
"(%d)"), PR_GetError());
return -1;
}
{
}
else
{
}
#else
{
"(%d)"), PR_GetError());
exit( LDAP_LOCAL_ERROR );
}
{
"(%d)"), PR_GetError());
return -1;
}
}
else
{
"(%d)"), PR_GetError());
return -1;
}
{
"(%d)"), PR_GetError());
return -1;
}
"(%d)"), PR_GetError());
return -1;
}
}
else
{
}
}
#endif
return LDAP_SUCCESS;
}
#endif /* LDAP_TOOL_ARGPIN */
/*
* initialize and return an LDAP session handle.
* if errors occur, we exit here.
*/
LDAP *
{
char *host;
if ( ldaptool_not ) {
return( NULL );
}
if ( second_host ) {
} else {
}
if ( ldaptool_verbose ) {
}
#if defined(NET_SSL)
/*
* Initialize security libraries and databases and LDAP session. If
* ssl_certname is not NULL, then we will attempt to use client auth.
* if the server supports it.
*/
#ifdef LDAP_TOOL_PKCS11
if ( !second_host && secure
/* secure connection requested -- fail if no SSL */
#ifndef SOLARIS_LDAP_CMD
rc = PORT_GetError();
#endif /* SOLARIS_LDAP_CMD */
exit( LDAP_LOCAL_ERROR );
}
#ifdef LDAP_TOOL_ARGPIN
if (secure) {
if (PinArgRegistration( )) {
}
}
#endif /* LDAP_TOOL_ARGPIN */
#else /* LDAP_TOOL_PKCS11 */
if ( !second_host && secure
/* secure connection requested -- fail if no SSL */
#ifndef SOLARIS_LDAP_CMD
rc = PORT_GetError();
#endif /* SOLARIS_LDAP_CMD */
exit( LDAP_LOCAL_ERROR );
}
#endif /* LDAP_TOOL_PKCS11 */
/* set the default SSL strength (used for all future ld's we create) */
perror( "ldapssl_set_strength" );
exit( LDAP_LOCAL_ERROR );
}
if (secure) {
if ( !user_port ) {
port = LDAPS_PORT;
}
ssl_certname ) != 0 ) {
}
} else {
/* In order to support IPv6, we use NSPR I/O */
#ifdef SOLARIS_LDAP_CMD
#else
#endif /* SOLARIS_LDAP_CMD */
}
#else /* NET_SSL */
/* In order to support IPv6, we use NSPR I/O */
#ifdef SOLARIS_LDAP_CMD
#else
#endif /* SOLARIS_LDAP_CMD */
#endif /* NET_SSL */
perror( "ldap_init" );
exit( LDAP_LOCAL_ERROR );
}
#ifndef NO_LIBLCACHE
if ( cache_config_file != NULL ) {
int opt;
}
opt = 1;
}
}
#endif
LDAP_OPT_OFF );
if ( chase_referrals ) {
}
}
return( ld );
}
/*
* perform a bind to the LDAP server if needed.
* if an error occurs, we exit here.
*/
void
{
int rc;
char *conv;
#ifdef HAVE_SASL_OPTIONS
void *defaults;
#endif
if ( ldaptool_not ) {
return;
}
if ( send_auth_response_ctrl ) {
ctrl_array[0] = &auth_resp_ctrl;
} else {
}
/*
* if using LDAPv3 and not using client auth., omit NULL bind for
* efficiency.
*/
&& ssl_certname == NULL ) {
#ifdef HAVE_SASL_OPTIONS
if ( ldapauth != LDAP_AUTH_SASL ) {
return;
}
#else
return;
#endif
}
/*
* do the bind, backing off one LDAP version if necessary
*/
#ifdef HAVE_SASL_OPTIONS
if ( ldapauth == LDAP_AUTH_SASL) {
"using SASL options\n"));
return;
}
if ( sasl_secprops != NULL) {
(void *) sasl_secprops );
if ( rc != LDAP_SUCCESS ) {
return;
}
}
defaults = ldaptool_set_sasl_defaults( ld, sasl_mech, sasl_authid, sasl_username, passwd, sasl_realm );
perror ("malloc");
}
if (rc != LDAP_SUCCESS ) {
}
} else
#endif /* HAVE_SASL_OPTIONS */
/*
* if using LDAPv3 and client auth., try a SASL EXTERNAL bind
*/
&& ssl_certname != NULL ) {
}
else {
"ldap_simple_bind" );
}
if ( rc == LDAP_SUCCESS ) {
}
return; /* success */
}
#ifdef HAVE_SASL_OPTIONS
if (ldapauth != LDAP_AUTH_SASL) {
#endif /* HAVE_SASL_OPTIONS */
/*
* try again, backing off one LDAP version
* this is okay even for client auth. because the way to achieve
* client auth. with LDAPv2 is to perform a NULL simple bind.
*/
--ldversion;
" trying LDAPv%d instead...\n"), ldaptool_progname,
return; /* a qualified success */
}
}
#ifdef HAVE_SASL_OPTIONS
}
#endif /* HAVE_SASL_OPTIONS */
}
/*
* bind(s) failed -- fatal error
*/
ldap_unbind( ld );
}
/*
* close open files, unbind, etc.
*/
void
{
ldap_unbind( ld );
}
fclose( ldaptool_fp );
ldaptool_fp = NULL;
}
}
/*
* Retrieve and print an LDAP error message. Returns the LDAP error code.
*/
int
{
#ifndef SOLARIS_LDAP_CMD
if ( check4ssl == LDAPTOOL_CHECK4SSL_ALWAYS
|| ( lderr == LDAP_SERVER_DOWN )) {
ldapssl_err2string( sslerr ));
}
}
#endif /* SOLARIS_LDAP_CMD */
return( lderr );
}
/*
* print referrals to stderr
*/
void
{
int i;
}
}
}
/*
* print contents of an extended response to stderr
* this is mainly to support unsolicited notifications
* Returns an LDAP error code (from the extended result).
*/
int
{
char *oid;
!= LDAP_SUCCESS ) {
} else {
} else {
}
ldap_memfree( oid );
} else {
}
#if 0
/* XXXmcs: maybe we should display the actual data? */
#endif
ber_bvfree( data );
}
}
}
/*
* Like ldap_sasl_bind_s() but calls wait4result() to display
* any referrals returned and report errors in a consistent way.
*/
int
{
if ( servercredp != NULL ) {
*servercredp = NULL;
}
} else {
}
return( rc );
}
/*
* Like ldap_simple_bind_s() but calls wait4result() to display
* any referrals returned and report errors in a consistent way.
*/
int
{
}
/*
* Like ldap_add_ext_s() but calls wait4result() to display
* any referrals returned and report errors in a consistent way.
*/
int
{
!= LDAP_SUCCESS ) {
} else {
/*
* 25-April-2000 Note: the next line used to read:
* rc = wait4result( ld, msgid, NULL, msg );
* 'msgid' it was changed to 'LDAP_RES_ANY' in order to receive
* unsolicited notifications.
*/
}
return( rc );
}
/*
* Like ldap_modify_ext_s() but calls wait4result() to display
* any referrals returned and report errors in a consistent way.
*/
int
{
&msgid )) != LDAP_SUCCESS ) {
} else {
}
return( rc );
}
/*
* Like ldap_delete_ext_s() but calls wait4result() to display
* any referrals returned and report errors in a consistent way.
*/
int
{
!= LDAP_SUCCESS ) {
} else {
}
return( rc );
}
/*
* Like ldap_compare_ext_s() but calls wait4result() to display
* any referrals returned and report errors in a consistent way.
*/
{
} else {
}
return( rc );
}
/*
* Like ldap_rename_s() but calls wait4result() to display
* any referrals returned and report errors in a consistent way.
*/
int
{
} else {
}
return( rc );
}
/*
* Wait for a result, check for and display errors and referrals.
* Also recognize and display "Unsolicited notification" messages.
* Returns an LDAP error code.
*/
static int
{
while ( received_only_unsolicited ) {
== -1 ) {
}
/*
* Special handling for unsolicited notifications:
* 1. Parse and display contents.
* 2. go back and wait for another (real) result.
*/
if ( rc == LDAP_RES_EXTENDED
"Unsolicited response" );
} else {
received_only_unsolicited = 0; /* we're done */
}
}
return( rc );
}
static int
{
&ctrls, 0 )) != LDAP_SUCCESS ) {
ldap_msgfree( res );
return( rc );
}
/* check for authentication response control & PWPOLICY control*/
int i;
char *s;
if ( NULL == s ) {
s = "Null";
} else if ( *s == '\0' ) {
s = "Anonymous";
}
}
/* Warn the user his passwd is to expire */
errno = 0;
if ( pw_secs > 86400 ) {
}
if ( pw_secs > 3600 ) {
}
if ( pw_secs > 60 ) {
}
if ( pw_days ) {
}
if ( pw_hrs ) {
}
if ( pw_mins ) {
}
}
}
}
}
servercredp, 0 )) != LDAP_SUCCESS ) {
ldap_msgfree( res );
return( rc );
}
if ( freeit ) {
ldap_msgfree( res );
}
if ( LDAPTOOL_RESULT_IS_AN_ERROR( lderr )) {
}
ldap_value_free( refs );
}
return( lderr );
}
/*
* if -M was passed on the command line, create and return a "Manage DSA IT"
* LDAPv3 control. If not, return NULL.
*/
{
if ( !send_manage_dsait_ctrl ) {
return( NULL );
}
perror( "calloc" );
exit( LDAP_NO_MEMORY );
}
return( ctl );
}
/*
* if -y "dn" was supplied on the command line, create the control
*/
{
int rc;
if ( !proxyauth_id)
return( NULL );
if ( 2 == proxyauth_version ) {
} else {
}
if ( rc != LDAP_SUCCESS)
{
if (ctl)
return NULL;
}
return( ctl );
}
#ifndef SOLARIS_LDAP_CMD
const char **attrlist)
{
int rc;
&ctl);
if ( rc != LDAP_SUCCESS)
{
if (ctl)
return NULL;
}
return( ctl );
}
#endif /* SOLARIS_LDAP_CMD */
void
{
int i;
for (i=0; i< CONTROL_REQUESTS; i++)
{
{
return ;
}
}
}
/*
* Dispose of all controls in array and prepare array for reuse.
*/
void
{
int i;
for ( i = 0; i < CONTROL_REQUESTS; i++ ) {
ldap_control_free( array[i] );
}
}
}
/*
* This function calculates control value and its length. *value can
* be pointing to plain value, ":b64encoded value" or "<fileurl".
*/
static int
char **ctrl_value, int *vlen)
{
int b64;
if (*value == ':') {
value++;
b64 = 1;
} else {
b64 = 0;
}
*ctrl_value = (char *)value;
if ( b64 ) {
(unsigned char *)value )) < 0 ) {
return( -1 );
}
} else {
}
return( 0 );
}
/*
* Parse the optarg from -J option of ldapsearch
* and within LDIFfile for ldapmodify. Take ctrl_arg
* (the whole string) and divide it into oid, criticality
* and value. This function breaks down original ctrl_arg
* with '\0' in places. Also, calculate length of valuestring.
*/
int
char **ctrl_oid, int *ctrl_criticality,
char **ctrl_value, int *vlen)
{
char *s, *p;
int strict;
/* Initialize passed variables with default values */
*ctrl_criticality = 0;
*vlen = 0;
/* Possible values of ctrl_arg are
* oid[:value|::b64value|:<fileurl] within LDIF, i.e. sep=' '
* oid from command line option, i.e. sep=':'
*/
if (sep == ' ') {
}
else {
/* ctrl_arg is of oid:[value|:b64value|<fileurl]
* form in the LDIF record. So, grab the oid and then
* jump to continue the parsing of ctrl_arg.
* 's' is pointing just after oid ends.
*/
*s++ = '\0';
}
} else {
/* oid - from command line option, i.e. sep=':' */
}
}
else {
/* Possible values of ctrl_arg are
* oid:criticality[:value|::b64value|:<fileurl] - command line
* oid criticality[:value|::b64value|:<fileurl] - LDIF
* And 's' is pointing just after oid ends.
*/
if (*(s+1) == '\0') {
return( -1 );
}
*s = '\0';
p = ++s;
if(!(s=strchr(p, ':'))) {
== -1 ) {
return( -1 );
}
}
else {
if (*(s+1) == '\0') {
return ( -1 );
}
*s++ = '\0';
== -1 ) {
return ( -1 );
}
}
}
return( 0 );
}
/*
* callback function for LDAP bind credentials
*/
static int
{
if ( !freeit ) {
}
return( LDAP_SUCCESS );
}
/*
* return pointer to pathname to temporary directory.
* First we see if the environment variable "TEMP" is set and use it.
* Then we see if the environment variable "TMP" is set and use it.
* If this fails, we use "/tmp" on UNIX and fail on Windows.
*/
char *
ldaptool_get_tmp_dir( void )
{
char *p;
int offset;
#ifdef _WINDOWS
exit( LDAP_LOCAL_ERROR );
#else
return( "/tmp" ); /* last resort on UNIX */
#endif
}
/*
* remove trailing slash if present
*/
if ( p[offset] == '/'
#ifdef _WINDOWS
|| p[offset] == '\\'
#endif
) {
perror( "strdup" );
exit( LDAP_NO_MEMORY );
}
p[offset] = '\0';
}
return( p );
}
int
{
unsigned long j;
is_ascii = 0;
break;
}
}
return( is_ascii );
}
#ifdef LDAP_DEBUG_MEMORY
static void *
{
int *statusp;
void *systemptr;
} else {
}
return( NULL );
}
return( (char *)statusp + sizeof(int));
}
static void *
{
void *p;
if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) {
}
if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) {
}
return( p );
}
static void *
{
void *p;
if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) {
}
if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) {
}
return( p );
}
static void *
{
void *p;
if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) {
}
}
if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) {
}
return( p );
}
static void
{
if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) {
}
} else if ( *statusp != LDAPTOOL_ALLOC_INUSE ) {
" (block not in use; status is %d)\n"),
} else {
}
}
#endif /* LDAP_DEBUG_MEMORY */
#if defined(NET_SSL)
/*
* Derive key database path from certificate database path and return a
* malloc'd string.
*
* We just return an exact copy of "certdbpath" unless it ends in "cert.db",
* "cert5.db", or "cert7.db". In those cases we strip off everything from
* "cert" on and append "key.db", "key5.db", or "key3.db" as appropriate.
* Strangely enough cert7.db and key3.db go together.
*/
static char *
{
if ( certdbpath == NULL ) {
return( NULL );
}
perror( "strdup" );
exit( LDAP_NO_MEMORY );
}
if ( len > 7 &&
striplen = 7;
appendstr = "key.db";
} else if ( len > 8 &&
striplen = 8;
appendstr = "key5.db";
} else if ( len > 8 &&
striplen = 8;
appendstr = "key3.db";
} else {
striplen = 0;
}
if ( striplen > 0 ) {
/*
* The following code assumes that strlen( appendstr ) < striplen!
*/
}
return( keydbpath );
}
#ifdef LDAP_TOOL_PKCS11
static
char *
{
char *result;
++tokenlen;
} else {
perror("malloc");
exit( LDAP_NO_MEMORY );
}
return result;
}
static
int
{
if ( ldaptool_verbose ) {
if (ssl_certdbpath)
{
}
else
{
}
}
return LDAP_SUCCESS;
}
int
{
if ( ldaptool_verbose ) {
if (ssl_certname)
{
}
else
{
}
}
return LDAP_SUCCESS;
}
int
{
*keylocp = ssl_keydbpath;
if ( ldaptool_verbose ) {
if (ssl_keydbpath)
{
}
else
{
}
}
return LDAP_SUCCESS;
}
int
{
*tokennamep = pkcs_token;
if ( ldaptool_verbose ) {
if (pkcs_token)
{
}
else
{
}
}
return LDAP_SUCCESS;
}
int
{
#if 0
char *localtoken;
#endif
/* XXXceb this stuff is removed for the time being.
* This function should return the pin from ssl_password
*/
*tokenpinp = ssl_passwd;
return LDAP_SUCCESS;
#if 0
else
if ( ldaptool_verbose ) {
if (pkcs_pin)
{
}
else
{
}
}
return LDAP_SUCCESS;
#endif
}
int
{
if ( ldaptool_verbose ) {
if (ssl_secmodpath)
{
}
else
{
}
}
return LDAP_SUCCESS;
}
int
{
if ( ldaptool_verbose ) {
if (ssl_donglefile)
{
}
else
{
}
}
return LDAP_SUCCESS;
}
static int
{
return LDAP_SUCCESS;
}
#ifdef FORTEZZA
static int
{
return( 0 );
}
fortezza_krlfile )) < 0 ) {
"%s: FORTEZZA initialization failed (error %d - %s)\n",
if ( exit_on_error ) {
exit( LDAP_LOCAL_ERROR );
}
return( -1 );
}
return( 0 );
}
static int
{
return( 1 );
}
static void *
{
return( *passwordp );
}
/*
* convert a Fortezza error code (as returned by FortezzaConfigureServer()
* into a human-readable string.
*
* Error strings are intentionally similar to those found in
*/
static char *
{
char *s;
switch( err ) {
case FORTEZZA_BADPASSWD:
s = "invalid pin number";
break;
case FORTEZZA_BADCARD:
s = "bad or missing card";
break;
case FORTEZZA_MISSING_KRL:
s = "bad or missing compromised key list";
break;
case FORTEZZA_CERT_INIT_ERROR:
s = "unable to initialize certificate cache. either a cert on "
"the card is bad, or an old FORTEZZA certificate is in a"
"readonly database";
break;
case FORTEZZA_EXPIRED_CERT:
s = "unable to verify certificate";
break;
default:
s = "unknown error";
}
return( s );
}
#endif /* FORTEZZA */
#endif /* LDAP_TOOL_PKCS11 */
#endif /* NET_SSL */
int
{
if (strict) {
return 1;
}
return 0;
}
else {
return (-1);
}
}
else {
return (1);
}
return (0);
}
else {
return (-1);
}
}
}
FILE *
{
#ifdef _LARGEFILE64_SOURCE
#else
#endif
}
#ifdef later
/* Functions for list in ldapdelete.c */
{
if(list)
{
}
}
{
return;
{
}
else
{
}
}
{
return;
{
{
{
}
{
}
{
}
{
}
return;
}
else /* traverse != node */
{
}
}
}
#endif
#ifdef HAVE_SASL_OPTIONS
/*
* Function checks for valid args, returns an error if not found
* and sets SASL params from command line
*/
static int
{
return (-1);
}
*attr = '\0';
attr++;
if ( sasl_secprops != NULL ) {
return (-1);
}
perror ("malloc");
}
if ( sasl_realm != NULL ) {
return (-1);
}
perror ("malloc");
}
if (sasl_username != NULL) {
return (-1);
}
perror ("malloc");
}
if ( sasl_authid != NULL ) {
return (-1);
}
perror ("malloc");
}
return (-1);
}
perror ("malloc");
}
} else {
return (-1);
}
return 0;
}
#endif /* HAVE_SASL_OPTIONS */
/*
* check for and report input or output error on named stream
* return ldap_err or ferror() (ldap_err takes precedence)
* assume that fflush() already has been called if needed.
* don't want to fflush() an input stream.
*/
int
{
int err = 0;
}
/*
* reporting LDAP error code is more important than
* reporting errors from ferror()
*/
if (ldap_err == LDAP_SUCCESS) {
return(err);
} else {
return(ldap_err);
}
}