common.c 56.2 KB
Newer Older
1
/* common.c - common routines for the ldap client tools */
2
/* $OpenLDAP$ */
3
4
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
Kurt Zeilenga's avatar
Kurt Zeilenga committed
5
 * Copyright 1998-2010 The OpenLDAP Foundation.
6
7
8
9
10
11
12
13
14
15
16
17
 * Portions Copyright 2003 Kurt D. Zeilenga.
 * Portions Copyright 2003 IBM Corporation.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
18
19
/* ACKNOWLEDGEMENTS:
 * This file was initially created by Hallvard B. Furuseth based (in
20
21
22
 * part) upon argument parsing code for individual tools located in
 * this directory.   Additional contributors include:
 *   Kurt D. Zeilenga (additional common argument and control support)
23
24
25
26
27
28
29
30
31
 */

#include "portable.h"

#include <stdio.h>

#include <ac/stdlib.h>
#include <ac/signal.h>
#include <ac/string.h>
32
#include <ac/ctype.h>
33
34
#include <ac/unistd.h>
#include <ac/errno.h>
Howard Chu's avatar
Howard Chu committed
35
#include <ac/time.h>
36
#include <ac/socket.h>
37

38
#ifdef HAVE_CYRUS_SASL
Pierangelo Masarati's avatar
Pierangelo Masarati committed
39
40
41
42
43
#ifdef HAVE_SASL_SASL_H
#include <sasl/sasl.h>
#else
#include <sasl.h>
#endif
44
#endif
Pierangelo Masarati's avatar
Pierangelo Masarati committed
45

46
47
#include <ldap.h>

48
49
#include "ldif.h"
#include "lutil.h"
50
#include "lutil_ldap.h"
51
#include "ldap_defaults.h"
52
#include "ldap_pvt.h"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
53
#include "lber_pvt.h"
54
55
56

#include "common.h"

57
58
59
60
61
62
63
64
/* input-related vars */

/* misc. parameters */
tool_type_t	tool_type;
int		contoper = 0;
int		debug = 0;
char		*infile = NULL;
int		dont = 0;
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
65
int		nocanon = 0;
66
67
68
int		referrals = 0;
int		verbose = 0;
int		ldif = 0;
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
69
ber_len_t	ldif_wrap = LDIF_LINE_WIDTH;
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
char		*prog = NULL;

/* connection */
char		*ldapuri = NULL;
char		*ldaphost = NULL;
int  		ldapport = 0;
int		use_tls = 0;
int		protocol = -1;
int		version = 0;

/* authc/authz */
int		authmethod = -1;
char		*binddn = NULL;
int		want_bindpw = 0;
struct berval	passwd = { 0, NULL };
char		*pw_file = NULL;
86
#ifdef HAVE_CYRUS_SASL
87
88
89
90
91
92
unsigned	sasl_flags = LDAP_SASL_AUTOMATIC;
char		*sasl_realm = NULL;
char		*sasl_authc_id = NULL;
char		*sasl_authz_id = NULL;
char		*sasl_mech = NULL;
char		*sasl_secprops = NULL;
93
94
#endif

95
96
97
/* controls */
int		assertctl;
char		*assertion = NULL;
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
98
struct berval	assertionvalue = BER_BVNULL;
99
char		*authzid = NULL;
100
101
102
103
104
/* support deprecated early version of proxyAuthz */
#define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ	"2.16.840.1.113730.3.4.12"
#ifdef LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ
char		*proxydn = NULL;
#endif /* LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ */
105
106
107
108
109
110
111
112
113
114
int		manageDIT = 0;
int		manageDSAit = 0;
int		noop = 0;
int		ppolicy = 0;
int		preread = 0;
static char	*preread_attrs = NULL;
int		postread = 0;
static char	*postread_attrs = NULL;
ber_int_t	pr_morePagedResults = 1;
struct berval	pr_cookie = { 0, NULL };
115
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
116
117
118
int		chaining = 0;
static int	chainingResolve = -1;
static int	chainingContinuation = -1;
119
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
120
121
122
123
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
static int	sessionTracking = 0;
struct berval	stValue;
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
124
125
126
ber_int_t vlvPos;
ber_int_t vlvCount;
struct berval *vlvContext;
127
128
129

LDAPControl	*unknown_ctrls = NULL;
int		unknown_ctrls_num = 0;
130

131
132
133
/* options */
struct timeval	nettimeout = { -1 , 0 };

134
135
136
137
138
139
140
141
typedef int (*print_ctrl_fn)( LDAP *ld, LDAPControl *ctrl );

static int print_preread( LDAP *ld, LDAPControl *ctrl );
static int print_postread( LDAP *ld, LDAPControl *ctrl );
static int print_paged_results( LDAP *ld, LDAPControl *ctrl );
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
static int print_ppolicy( LDAP *ld, LDAPControl *ctrl );
#endif
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
142
static int print_sss( LDAP *ld, LDAPControl *ctrl );
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
143
static int print_vlv( LDAP *ld, LDAPControl *ctrl );
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
144
145
146
#ifdef LDAP_CONTROL_X_DEREF
static int print_deref( LDAP *ld, LDAPControl *ctrl );
#endif
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
147
148
149
#ifdef LDAP_CONTROL_X_WHATFAILED
static int print_whatfailed( LDAP *ld, LDAPControl *ctrl );
#endif
150
151
152
153
154
155
156
157
158
159
160
161

static struct tool_ctrls_t {
	const char	*oid;
	unsigned	mask;
	print_ctrl_fn	func;
} tool_ctrl_response[] = {
	{ LDAP_CONTROL_PRE_READ,			TOOL_ALL,	print_preread },
	{ LDAP_CONTROL_POST_READ,			TOOL_ALL,	print_postread },
	{ LDAP_CONTROL_PAGEDRESULTS,			TOOL_SEARCH,	print_paged_results },
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
	{ LDAP_CONTROL_PASSWORDPOLICYRESPONSE,		TOOL_ALL,	print_ppolicy },
#endif
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
162
	{ LDAP_CONTROL_SORTRESPONSE,	TOOL_SEARCH,	print_sss },
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
163
	{ LDAP_CONTROL_VLVRESPONSE,		TOOL_SEARCH,	print_vlv },
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
164
165
#ifdef LDAP_CONTROL_X_DEREF
	{ LDAP_CONTROL_X_DEREF,				TOOL_SEARCH,	print_deref },
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
166
167
168
#endif
#ifdef LDAP_CONTROL_X_WHATFAILED
	{ LDAP_CONTROL_X_WHATFAILED,			TOOL_ALL,	print_whatfailed },
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
169
#endif
170
171
172
173
	{ NULL,						0,		NULL }
};

/* "features" */
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
174
175
enum { Intr_None = 0, Intr_Abandon, Intr_Cancel, Intr_Ignore }; 
static volatile sig_atomic_t	gotintr, abcan;
176

177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

#ifdef LDAP_CONTROL_X_SESSION_TRACKING
static int
st_value( LDAP *ld, struct berval *value )
{
	char		*ip = NULL, *name = NULL;
	struct berval	id = { 0 };
	char		namebuf[ MAXHOSTNAMELEN ];

	if ( gethostname( namebuf, sizeof( namebuf ) ) == 0 ) {
		struct hostent	*h;
		struct in_addr	addr;

		name = namebuf;

		h = gethostbyname( name );
		if ( h != NULL ) {
			AC_MEMCPY( &addr, h->h_addr, sizeof( addr ) );
			ip = inet_ntoa( addr );
		}
	}

#ifdef HAVE_CYRUS_SASL
	if ( sasl_authz_id != NULL ) {
		ber_str2bv( sasl_authz_id, 0, 0, &id );

	} else if ( sasl_authc_id != NULL ) {
		ber_str2bv( sasl_authc_id, 0, 0, &id );

	} else 
#endif /* HAVE_CYRUS_SASL */
	if ( binddn != NULL ) {
		ber_str2bv( binddn, 0, 0, &id );
	}

	if ( ldap_create_session_tracking_value( ld,
		ip, name, LDAP_CONTROL_X_SESSION_TRACKING_USERNAME,
		&id, &stValue ) )
	{
		fprintf( stderr, _("Session tracking control encoding error!\n") );
		return -1;
	}

	return 0;
}
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */

224
225
226
227
228
229
RETSIGTYPE
do_sig( int sig )
{
	gotintr = abcan;
}

230
void
231
tool_init( tool_type_t type )
232
{
233
	tool_type = type;
234
235
236
	ldap_pvt_setlocale(LC_MESSAGES, "");
	ldap_pvt_bindtextdomain(OPENLDAP_PACKAGE, LDAP_LOCALEDIR);
	ldap_pvt_textdomain(OPENLDAP_PACKAGE);
237
238
}

239
240
241
242
243
244
245
246
247
void
tool_destroy( void )
{
#ifdef HAVE_CYRUS_SASL
	sasl_done();
#endif
#ifdef HAVE_TLS
	ldap_pvt_tls_destroy();
#endif
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
248
249
250
251
252
253
254
255
256
257
258

	if ( ldapuri != NULL ) {
		ber_memfree( ldapuri );
		ldapuri = NULL;
	}

	if ( pr_cookie.bv_val != NULL ) {
		ber_memfree( pr_cookie.bv_val );
		pr_cookie.bv_val = NULL;
		pr_cookie.bv_len = 0;
	}
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
259
260
261
262
263
264
265
266

	if ( binddn != NULL ) {
		ber_memfree( binddn );
	}

	if ( passwd.bv_val != NULL ) {
		ber_memfree( passwd.bv_val );
	}
267
268
269
270

	if ( infile != NULL ) {
		ber_memfree( infile );
	}
271
272
}

273
274
275
276
void
tool_common_usage( void )
{
	static const char *const descriptions[] = {
277
278
N_("  -d level   set LDAP debugging level to `level'\n"),
N_("  -D binddn  bind DN\n"),
279
N_("  -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
280
281
N_("             [!]assert=<filter>     (RFC 4528; a RFC 4515 Filter string)\n")
N_("             [!]authzid=<authzid>   (RFC 4370; \"dn:<dn>\" or \"u:<user>\")\n")
282
283
284
#ifdef LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ
#if 0
                 /* non-advertized support for proxyDN */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
285
N_("             [!]proxydn=<dn>        (a RFC 4514 DN string)\n")
286
287
#endif
#endif
288
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
Pierangelo Masarati's avatar
Pierangelo Masarati committed
289
N_("             [!]chaining[=<resolveBehavior>[/<continuationBehavior>]]\n")
290
291
292
N_("                     one of \"chainingPreferred\", \"chainingRequired\",\n")
N_("                     \"referralsPreferred\", \"referralsRequired\"\n")
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
293
N_("             [!]manageDSAit         (RFC 3296)\n")
294
295
296
297
N_("             [!]noop\n")
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
N_("             ppolicy\n")
#endif
298
299
N_("             [!]postread[=<attrs>]  (RFC 4527; comma-separated attr list)\n")
N_("             [!]preread[=<attrs>]   (RFC 4527; comma-separated attr list)\n")
Kurt Zeilenga's avatar
Kurt Zeilenga committed
300
N_("             [!]relax\n")
301
302
303
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
N_("             [!]sessiontracking\n")
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
304
305
306
N_("             abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
   "             or ignores response; if critical, doesn't wait for SIGINT.\n"
   "             not really controls)\n")
307
N_("  -h host    LDAP server\n"),
308
N_("  -H URI     LDAP Uniform Resource Identifier(s)\n"),
309
310
N_("  -I         use SASL Interactive mode\n"),
N_("  -n         show what would be done but don't actually do it\n"),
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
311
N_("  -N         do not use reverse DNS to canonicalize SASL host name\n"),
312
N_("  -O props   SASL security properties\n"),
313
314
N_("  -o <opt>[=<optparam] general options\n"),
N_("             nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
315
N_("             ldif-wrap=<width> (in columns, or \"no\" for no wrapping)\n"),
316
317
318
319
320
321
322
323
324
325
326
327
328
N_("  -p port    port on LDAP server\n"),
N_("  -Q         use SASL Quiet mode\n"),
N_("  -R realm   SASL realm\n"),
N_("  -U authcid SASL authentication identity\n"),
N_("  -v         run in verbose mode (diagnostics to standard output)\n"),
N_("  -V         print version info (-VV only)\n"),
N_("  -w passwd  bind password (for simple authentication)\n"),
N_("  -W         prompt for bind password\n"),
N_("  -x         Simple authentication\n"),
N_("  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"),
N_("  -y file    Read password from file\n"),
N_("  -Y mech    SASL mechanism\n"),
N_("  -Z         Start TLS request (-ZZ to require successful response)\n"),
329
330
NULL
	};
331
	const char *const *cpp;
332

333
	fputs( _("Common options:\n"), stderr );
334
	for( cpp = descriptions; *cpp != NULL; cpp++ ) {
335
		if( strchr( options, (*cpp)[3] ) || (*cpp)[3] == ' ' ) {
336
			fputs( _(*cpp), stderr );
337
338
		}
	}
339
340
}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
341
void tool_perror(
342
	const char *func,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
343
	int err,
344
345
346
	const char *extra,
	const char *matched,
	const char *info,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
347
348
	char **refs )
{
349
350
	fprintf( stderr, "%s: %s (%d)%s\n",
		func, ldap_err2string( err ), err, extra ? extra : "" );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368

	if ( matched && *matched ) {
		fprintf( stderr, _("\tmatched DN: %s\n"), matched );
	}

	if ( info && *info ) {
		fprintf( stderr, _("\tadditional info: %s\n"), info );
	}

	if ( refs && *refs ) {
		int i;
		fprintf( stderr, _("\treferrals:\n") );
		for( i=0; refs[i]; i++ ) {
			fprintf( stderr, "\t\t%s\n", refs[i] );
		}
	}
}

369
370
371
372
373

void
tool_args( int argc, char **argv )
{
	int i;
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
374
375

	while (( i = getopt( argc, argv, options )) != EOF ) {
376
377
		int crit, ival;
		char *control, *cvalue, *next;
378
379
		switch( i ) {
		case 'c':	/* continuous operation mode */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
380
			contoper++;
381
382
			break;
		case 'C':
Kurt Zeilenga's avatar
Kurt Zeilenga committed
383
			referrals++;
384
385
			break;
		case 'd':
386
387
388
389
390
391
			ival = strtol( optarg, &next, 10 );
			if (next == NULL || next[0] != '\0') {
				fprintf( stderr, "%s: unable to parse debug value \"%s\"\n", prog, optarg);
				exit(EXIT_FAILURE);
			}
			debug |= ival;
392
393
394
395
396
397
398
399
			break;
		case 'D':	/* bind DN */
			if( binddn != NULL ) {
				fprintf( stderr, "%s: -D previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			binddn = ber_strdup( optarg );
			break;
400
		case 'e':	/* general extensions (controls and such) */
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
			/* should be extended to support comma separated list of
			 *	[!]key[=value] parameters, e.g.  -e !foo,bar=567
			 */

			crit = 0;
			cvalue = NULL;
			if( optarg[0] == '!' ) {
				crit = 1;
				optarg++;
			}

			control = ber_strdup( optarg );
			if ( (cvalue = strchr( control, '=' )) != NULL ) {
				*cvalue++ = '\0';
			}

417
			if ( strcasecmp( control, "assert" ) == 0 ) {
418
				if( assertctl ) {
419
420
421
422
423
424
425
426
					fprintf( stderr, "assert control previously specified\n");
					exit( EXIT_FAILURE );
				}
				if( cvalue == NULL ) {
					fprintf( stderr, "assert: control value expected\n" );
					usage();
				}

427
428
				assertctl = 1 + crit;

429
430
431
432
				assert( assertion == NULL );
				assertion = cvalue;

			} else if ( strcasecmp( control, "authzid" ) == 0 ) {
433
434
435
436
				if( authzid != NULL ) {
					fprintf( stderr, "authzid control previously specified\n");
					exit( EXIT_FAILURE );
				}
437
438
439
440
441
442
#ifdef LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ
				if( proxydn != NULL ) {
					fprintf( stderr, "authzid control incompatible with proxydn\n");
					exit( EXIT_FAILURE );
				}
#endif /* LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ */
443
444
445
446
447
448
449
450
451
452
453
454
				if( cvalue == NULL ) {
					fprintf( stderr, "authzid: control value expected\n" );
					usage();
				}
				if( !crit ) {
					fprintf( stderr, "authzid: must be marked critical\n" );
					usage();
				}

				assert( authzid == NULL );
				authzid = cvalue;

455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
#ifdef LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ
			} else if ( strcasecmp( control, "proxydn" ) == 0 ) {
				if( proxydn != NULL ) {
					fprintf( stderr, "proxydn control previously specified\n");
					exit( EXIT_FAILURE );
				}
				if( authzid != NULL ) {
					fprintf( stderr, "proxydn control incompatible with authzid\n");
					exit( EXIT_FAILURE );
				}
				if( cvalue == NULL ) {
					fprintf( stderr, "proxydn: control value expected\n" );
					usage();
				}
				if( !crit ) {
					fprintf( stderr, "proxydn: must be marked critical\n" );
					usage();
				}

				assert( proxydn == NULL );
				proxydn = cvalue;
#endif /* LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
478
479
480
			} else if ( ( strcasecmp( control, "relax" ) == 0 ) ||
				( strcasecmp( control, "manageDIT" ) == 0 ) )
			{
481
482
				if( manageDIT ) {
					fprintf( stderr,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
483
						"relax control previously specified\n");
484
485
486
487
					exit( EXIT_FAILURE );
				}
				if( cvalue != NULL ) {
					fprintf( stderr,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
488
						"relax: no control value expected\n" );
489
490
491
492
493
					usage();
				}

				manageDIT = 1 + crit;

494
495
496
			} else if ( strcasecmp( control, "manageDSAit" ) == 0 ) {
				if( manageDSAit ) {
					fprintf( stderr,
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
497
						"manageDSAit control previously specified\n");
498
499
500
501
					exit( EXIT_FAILURE );
				}
				if( cvalue != NULL ) {
					fprintf( stderr,
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
502
						"manageDSAit: no control value expected\n" );
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
					usage();
				}

				manageDSAit = 1 + crit;

			} else if ( strcasecmp( control, "noop" ) == 0 ) {
				if( noop ) {
					fprintf( stderr, "noop control previously specified\n");
					exit( EXIT_FAILURE );
				}
				if( cvalue != NULL ) {
					fprintf( stderr, "noop: no control value expected\n" );
					usage();
				}

				noop = 1 + crit;

520
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
Howard Chu's avatar
Howard Chu committed
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
			} else if ( strcasecmp( control, "ppolicy" ) == 0 ) {
				if( ppolicy ) {
					fprintf( stderr, "ppolicy control previously specified\n");
					exit( EXIT_FAILURE );
				}
				if( cvalue != NULL ) {
					fprintf( stderr, "ppolicy: no control value expected\n" );
					usage();
				}
				if( crit ) {
					fprintf( stderr, "ppolicy: critical flag not allowed\n" );
					usage();
				}

				ppolicy = 1;
536
#endif
Howard Chu's avatar
Howard Chu committed
537

538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
			} else if ( strcasecmp( control, "preread" ) == 0 ) {
				if( preread ) {
					fprintf( stderr, "preread control previously specified\n");
					exit( EXIT_FAILURE );
				}

				preread = 1 + crit;
				preread_attrs = cvalue;

			} else if ( strcasecmp( control, "postread" ) == 0 ) {
				if( postread ) {
					fprintf( stderr, "postread control previously specified\n");
					exit( EXIT_FAILURE );
				}

				postread = 1 + crit;
				postread_attrs = cvalue;

556
557
558
559
560
561
562
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
			} else if ( strcasecmp( control, "chaining" ) == 0 ) {
				chaining = 1 + crit;

				if ( cvalue != NULL ) {
					char	*continuation;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
563
					continuation = strchr( cvalue, '/' );
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
					if ( continuation ) {
						/* FIXME: this makes sense only in searches */
						*continuation++ = '\0';
						if ( strcasecmp( continuation, "chainingPreferred" ) == 0 ) {
							chainingContinuation = LDAP_CHAINING_PREFERRED;
						} else if ( strcasecmp( continuation, "chainingRequired" ) == 0 ) {
							chainingContinuation = LDAP_CHAINING_REQUIRED;
						} else if ( strcasecmp( continuation, "referralsPreferred" ) == 0 ) {
							chainingContinuation = LDAP_REFERRALS_PREFERRED;
						} else if ( strcasecmp( continuation, "referralsRequired" ) == 0 ) {
							chainingContinuation = LDAP_REFERRALS_REQUIRED;
						} else {
							fprintf( stderr,
								"chaining behavior control "
								"continuation value \"%s\" invalid\n",
								continuation );
							exit( EXIT_FAILURE );
						}
					}
	
					if ( strcasecmp( cvalue, "chainingPreferred" ) == 0 ) {
						chainingResolve = LDAP_CHAINING_PREFERRED;
					} else if ( strcasecmp( cvalue, "chainingRequired" ) == 0 ) {
						chainingResolve = LDAP_CHAINING_REQUIRED;
					} else if ( strcasecmp( cvalue, "referralsPreferred" ) == 0 ) {
						chainingResolve = LDAP_REFERRALS_PREFERRED;
					} else if ( strcasecmp( cvalue, "referralsRequired" ) == 0 ) {
						chainingResolve = LDAP_REFERRALS_REQUIRED;
					} else {
						fprintf( stderr,
							"chaining behavior control "
							"resolve value \"%s\" invalid\n",
							cvalue);
						exit( EXIT_FAILURE );
					}
				}
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */

602
603
			/* this shouldn't go here, really; but it's a feature... */
			} else if ( strcasecmp( control, "abandon" ) == 0 ) {
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
604
				abcan = Intr_Abandon;
605
606
607
				if ( crit ) {
					gotintr = abcan;
				}
608
609

			} else if ( strcasecmp( control, "cancel" ) == 0 ) {
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
610
				abcan = Intr_Cancel;
611
612
613
614
615
				if ( crit ) {
					gotintr = abcan;
				}

			} else if ( strcasecmp( control, "ignore" ) == 0 ) {
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
616
				abcan = Intr_Ignore;
617
618
619
				if ( crit ) {
					gotintr = abcan;
				}
620

621
622
623
624
625
626
627
628
629
630
631
632
#ifdef LDAP_CONTROL_X_SESSION_TRACKING
			} else if ( strcasecmp( control, "sessiontracking" ) == 0 ) {
				if ( sessionTracking ) {
					fprintf( stderr, "%s: session tracking can be only specified once\n", prog );
					exit( EXIT_FAILURE );
				}
				sessionTracking = 1;
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */

			} else if ( tool_is_oid( control ) ) {
				LDAPControl	*tmpctrls, ctrl;

Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
633
				tmpctrls = (LDAPControl *)ber_memrealloc( unknown_ctrls,
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
					(unknown_ctrls_num + 1)*sizeof( LDAPControl ) );
				if ( tmpctrls == NULL ) {
					fprintf( stderr, "%s: no memory?\n", prog );
					exit( EXIT_FAILURE );
				}
				unknown_ctrls = tmpctrls;
				ctrl.ldctl_oid = control;
				ctrl.ldctl_value.bv_val = NULL;
				ctrl.ldctl_value.bv_len = 0;
				ctrl.ldctl_iscritical = crit;

				if ( cvalue != NULL ) {
					struct berval	bv;
					size_t		len = strlen( cvalue );
					int		retcode;

					bv.bv_len = LUTIL_BASE64_DECODE_LEN( len );
					bv.bv_val = ber_memalloc( bv.bv_len + 1 );

					retcode = lutil_b64_pton( cvalue,
						(unsigned char *)bv.bv_val,
						bv.bv_len );

Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
657
					if ( retcode == -1 || (unsigned) retcode > bv.bv_len ) {
658
659
660
661
662
663
664
665
666
667
668
669
						fprintf( stderr, "Unable to parse value of general control %s\n",
							control );
						usage();
					}

					bv.bv_len = retcode;
					ctrl.ldctl_value = bv;
				}

				unknown_ctrls[ unknown_ctrls_num ] = ctrl;
				unknown_ctrls_num++;

670
671
			} else {
				fprintf( stderr, "Invalid general control name: %s\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
672
					control );
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
				usage();
			}
			break;
		case 'f':	/* read from file */
			if( infile != NULL ) {
				fprintf( stderr, "%s: -f previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			infile = ber_strdup( optarg );
			break;
		case 'h':	/* ldap host */
			if( ldaphost != NULL ) {
				fprintf( stderr, "%s: -h previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			ldaphost = ber_strdup( optarg );
			break;
		case 'H':	/* ldap URI */
			if( ldapuri != NULL ) {
				fprintf( stderr, "%s: -H previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			ldapuri = ber_strdup( optarg );
			break;
		case 'I':
#ifdef HAVE_CYRUS_SASL
			if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
				fprintf( stderr, "%s: incompatible previous "
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
701
702
					"authentication choice\n",
					prog );
703
704
705
706
707
708
709
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SASL;
			sasl_flags = LDAP_SASL_INTERACTIVE;
			break;
#else
			fprintf( stderr, "%s: was not compiled with SASL support\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
710
				prog );
711
712
713
714
			exit( EXIT_FAILURE );
#endif
		case 'M':
			/* enable Manage DSA IT */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
715
			manageDSAit++;
716
717
			break;
		case 'n':	/* print operations, don't actually do them */
718
			dont++;
719
			break;
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
720
721
722
		case 'N':
			nocanon++;
			break;
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
		case 'o':
			control = ber_strdup( optarg );
			if ( (cvalue = strchr( control, '=' )) != NULL ) {
				*cvalue++ = '\0';
			}

			if ( strcasecmp( control, "nettimeout" ) == 0 ) {
				if( nettimeout.tv_sec != -1 ) {
					fprintf( stderr, "nettimeout option previously specified\n");
					exit( EXIT_FAILURE );
				}
				if( cvalue == NULL || cvalue[0] == '\0' ) {
					fprintf( stderr, "nettimeout: option value expected\n" );
					usage();
				}
		 		if ( strcasecmp( cvalue, "none" ) == 0 ) {
		 			nettimeout.tv_sec = 0;
		 		} else if ( strcasecmp( cvalue, "max" ) == 0 ) {
		 			nettimeout.tv_sec = LDAP_MAXINT;
		 		} else {
		 			ival = strtol( cvalue, &next, 10 );
		 			if ( next == NULL || next[0] != '\0' ) {
		 				fprintf( stderr,
		 					_("Unable to parse network timeout \"%s\"\n"), cvalue );
		 				exit( EXIT_FAILURE );
		 			}
		 			nettimeout.tv_sec = ival;
		 		}
		 		if( nettimeout.tv_sec < 0 || nettimeout.tv_sec > LDAP_MAXINT ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
752
753
		 			fprintf( stderr, _("%s: invalid network timeout (%ld) specified\n"),
		 				prog, (long)nettimeout.tv_sec );
754
755
	 				exit( EXIT_FAILURE );
 				}
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773

			} else if ( strcasecmp( control, "ldif-wrap" ) == 0 ) {
				if ( cvalue == 0 ) {
					ldif_wrap = LDIF_LINE_WIDTH;

				} else if ( strcasecmp( cvalue, "no" ) == 0 ) {
					ldif_wrap = LDIF_LINE_WIDTH_MAX;

				} else {
					unsigned int u;
					if ( lutil_atou( &u, cvalue ) ) {
						fprintf( stderr,
							_("Unable to parse ldif-wrap=\"%s\"\n"), cvalue );
		 				exit( EXIT_FAILURE );
					}
					ldif_wrap = (ber_len_t)u;
				}

774
775
776
777
778
			} else {
				fprintf( stderr, "Invalid general option name: %s\n",
					control );
				usage();
			}
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
779
			ber_memfree(control);
780
			break;
781
782
783
784
785
786
787
788
		case 'O':
#ifdef HAVE_CYRUS_SASL
			if( sasl_secprops != NULL ) {
				fprintf( stderr, "%s: -O previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
				fprintf( stderr, "%s: incompatible previous "
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
789
					"authentication choice\n", prog );
790
791
792
793
794
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SASL;
			sasl_secprops = ber_strdup( optarg );
#else
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
795
			fprintf( stderr, "%s: not compiled with SASL support\n", prog );
796
797
798
799
800
801
802
803
			exit( EXIT_FAILURE );
#endif
			break;
		case 'p':
			if( ldapport ) {
				fprintf( stderr, "%s: -p previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
804
805
806
807
808
809
			ival = strtol( optarg, &next, 10 );
			if ( next == NULL || next[0] != '\0' ) {
				fprintf( stderr, "%s: unable to parse port number \"%s\"\n", prog, optarg );
				exit( EXIT_FAILURE );
			}
			ldapport = ival;
810
811
			break;
		case 'P':
812
813
			ival = strtol( optarg, &next, 10 );
			if ( next == NULL || next[0] != '\0' ) {
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
814
				fprintf( stderr, "%s: unable to parse protocol version \"%s\"\n", prog, optarg );
815
816
817
				exit( EXIT_FAILURE );
			}
			switch( ival ) {
818
			case 2:
819
				if( protocol == LDAP_VERSION3 ) {
820
					fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
821
						prog, protocol );
822
823
					exit( EXIT_FAILURE );
				}
824
				protocol = LDAP_VERSION2;
825
826
				break;
			case 3:
827
				if( protocol == LDAP_VERSION2 ) {
828
					fprintf( stderr, "%s: -P 2 incompatible with version %d\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
829
						prog, protocol );
830
831
					exit( EXIT_FAILURE );
				}
832
				protocol = LDAP_VERSION3;
833
834
835
				break;
			default:
				fprintf( stderr, "%s: protocol version should be 2 or 3\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
836
					prog );
837
838
839
840
841
842
843
				usage();
			}
			break;
		case 'Q':
#ifdef HAVE_CYRUS_SASL
			if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
				fprintf( stderr, "%s: incompatible previous "
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
844
845
					"authentication choice\n",
					prog );
846
847
848
849
850
851
852
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SASL;
			sasl_flags = LDAP_SASL_QUIET;
			break;
#else
			fprintf( stderr, "%s: not compiled with SASL support\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
853
				prog );
854
855
856
857
858
859
860
861
862
863
			exit( EXIT_FAILURE );
#endif
		case 'R':
#ifdef HAVE_CYRUS_SASL
			if( sasl_realm != NULL ) {
				fprintf( stderr, "%s: -R previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
				fprintf( stderr, "%s: incompatible previous "
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
864
865
					"authentication choice\n",
					prog );
866
867
868
869
870
871
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SASL;
			sasl_realm = ber_strdup( optarg );
#else
			fprintf( stderr, "%s: not compiled with SASL support\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
872
				prog );
873
874
875
876
877
878
879
880
881
882
883
			exit( EXIT_FAILURE );
#endif
			break;
		case 'U':
#ifdef HAVE_CYRUS_SASL
			if( sasl_authc_id != NULL ) {
				fprintf( stderr, "%s: -U previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
				fprintf( stderr, "%s: incompatible previous "
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
884
885
					"authentication choice\n",
					prog );
886
887
888
889
890
891
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SASL;
			sasl_authc_id = ber_strdup( optarg );
#else
			fprintf( stderr, "%s: not compiled with SASL support\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
892
				prog );
893
894
895
896
			exit( EXIT_FAILURE );
#endif
			break;
		case 'v':	/* verbose mode */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
897
			verbose++;
898
			break;
899
900
901
		case 'V':	/* version */
			version++;
			break;
902
903
904
905
906
907
908
909
910
911
912
913
		case 'w':	/* password */
			passwd.bv_val = ber_strdup( optarg );
			{
				char* p;

				for( p = optarg; *p != '\0'; p++ ) {
					*p = '\0';
				}
			}
			passwd.bv_len = strlen( passwd.bv_val );
			break;
		case 'W':
Kurt Zeilenga's avatar
Kurt Zeilenga committed
914
			want_bindpw++;
915
916
917
918
919
920
921
922
923
924
925
			break;
		case 'y':
			pw_file = optarg;
			break;
		case 'Y':
#ifdef HAVE_CYRUS_SASL
			if( sasl_mech != NULL ) {
				fprintf( stderr, "%s: -Y previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
926
927
				fprintf( stderr,
					"%s: incompatible with authentication choice\n", prog );
928
929
930
931
932
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SASL;
			sasl_mech = ber_strdup( optarg );
#else
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
933
			fprintf( stderr, "%s: not compiled with SASL support\n", prog );
934
935
936
937
938
939
			exit( EXIT_FAILURE );
#endif
			break;
		case 'x':
			if( authmethod != -1 && authmethod != LDAP_AUTH_SIMPLE ) {
				fprintf( stderr, "%s: incompatible with previous "
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
940
					"authentication choice\n", prog );
941
942
943
944
945
946
947
948
949
950
951
952
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SIMPLE;
			break;
		case 'X':
#ifdef HAVE_CYRUS_SASL
			if( sasl_authz_id != NULL ) {
				fprintf( stderr, "%s: -X previously specified\n", prog );
				exit( EXIT_FAILURE );
			}
			if( authmethod != -1 && authmethod != LDAP_AUTH_SASL ) {
				fprintf( stderr, "%s: -X incompatible with "
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
953
					"authentication choice\n", prog );
954
955
956
957
958
959
960
961
962
963
964
				exit( EXIT_FAILURE );
			}
			authmethod = LDAP_AUTH_SASL;
			sasl_authz_id = ber_strdup( optarg );
#else
			fprintf( stderr, "%s: not compiled with SASL support\n", prog );
			exit( EXIT_FAILURE );
#endif
			break;
		case 'Z':
#ifdef HAVE_TLS
965
			use_tls++;
966
967
968
969
970
971
#else
			fprintf( stderr, "%s: not compiled with TLS support\n", prog );
			exit( EXIT_FAILURE );
#endif
			break;
		default:
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
972
			if( handle_private_option( i ) ) break;
973
			fprintf( stderr, "%s: unrecognized option -%c\n",
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
974
				prog, optopt );
975
976
			usage();
		}
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
977
	}
978

979
980
981
982
983
	{
		/* prevent bad linking */
		LDAPAPIInfo api;
		api.ldapai_info_version = LDAP_API_INFO_VERSION;

984
985
986
		if ( ldap_get_option(NULL, LDAP_OPT_API_INFO, &api)
			!= LDAP_OPT_SUCCESS )
		{
987
988
989
990
991
992
			fprintf( stderr, "%s: ldap_get_option(API_INFO) failed\n", prog );
			exit( EXIT_FAILURE );
		}

		if (api.ldapai_info_version != LDAP_API_INFO_VERSION) {
			fprintf( stderr, "LDAP APIInfo version mismatch: "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
993
				"library %d, header %d\n",
994
995
				api.ldapai_info_version, LDAP_API_INFO_VERSION );
			exit( EXIT_FAILURE );
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
996
		}
997
998
999

		if( api.ldapai_api_version != LDAP_API_VERSION ) {
			fprintf( stderr, "LDAP API version mismatch: "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1000
				"library %d, header %d\n",