Updated Kerberos code, password prompting, detailed usage(). <dave@tamos.net>

84c77485 · Dave Storey · 5da5771b · 84c77485
Commit 84c77485 authored 26 years ago by Dave Storey
--- a/clients/tools/ldapdelete.c
+++ b/clients/tools/ldapdelete.c
@@ -12,17 +12,32 @@
 #include <lber.h>
 #include <ldap.h>

-static char	*binddn = NULL;
-static char	*passwd = NULL;
-static char	*base = NULL;
-static char	*ldaphost = NULL;
-static int	ldapport = 0;
 static int	not, verbose, contoper;
-static LDAP	*ld;

 #define safe_realloc( ptr, size )	( ptr == NULL ? malloc( size ) : \
 					 realloc( ptr, size ))

+static void
+usage(char *s)
+{
+    fprintf(stderr, "Usage: %s [options] [dn]...", s);
+    fprintf(stderr, "  -c\t\tcontinuous operation mode\n");
+    fprintf(stderr, "  -D bindnd\tbind dn\n");
+    fprintf(stderr, "  -d level\tdebugging level\n");
+    fprintf(stderr, "  -f file\t\t\n");
+    fprintf(stderr, "  -h host\tldap sever\n");
+#ifdef HAVE_KERBEROS
+    fprintf(stderr, "  -K\t\tuse Kerberos step 1\n");
+    fprintf(stderr, "  -k\t\tuse Kerberos instead of Simple Password authentication\n");
+#endif
+    fprintf(stderr, "  -n\t\t make no modifications\n");
+    fprintf(stderr, "  -p port\tldap port\n");
+    fprintf(stderr, "  -v\t\tverbose\n");
+    fprintf(stderr, "  -W\t\tprompt for bind password\n");
+    fprintf(stderr, "  -w passwd\tbind password (for simple authentication)\n");
+    exit(1);
+}
+
 static int dodelete LDAP_P((
    LDAP	*ld,
    char	*dn));
@@ -30,132 +45,146 @@ static int dodelete LDAP_P((
 int
 main( int argc, char **argv )
 {
-    char		*usage = "usage: %s [-n] [-v] [-k] [-d debug-level] [-f file] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [dn]...\n";
-    char		buf[ 4096 ];
-    FILE		*fp;
-    int			i, rc, kerberos, authmethod;
-
-    kerberos = not = verbose = contoper = 0;
-    fp = NULL;
-
-    while (( i = getopt( argc, argv, "nvkKch:p:D:w:d:f:" )) != EOF ) {
-	switch( i ) {
-	case 'k':	/* kerberos bind */
-	    kerberos = 2;
-	    break;
-	case 'K':	/* kerberos bind, part one only */
-	    kerberos = 1;
-	    break;
+    FILE	*fp = NULL;
+    LDAP	*ld = NULL;
+    char	buf[4096];
+    char	*binddn = NULL;
+    char	*passwd = NULL;
+    char	*ldaphost = NULL;
+    int         authmethod = LDAP_AUTH_SIMPLE;
+    int         deref = LDAP_DEREF_NEVER;
+    int		i, rc, want_passwd;
+    int         ldapport = LDAP_PORT;
+
+    rc = not = verbose = contoper = want_passwd = 0;
+
+    while ((i = getopt( argc, argv, "cD:d:f:h:Kknp:vWw:")) != EOF )
+    {
+        switch(i)
+        {
 	case 'c':	/* continuous operation mode */
-	    ++contoper;
+	    contoper++;
 	    break;
-	case 'h':	/* ldap host */
-	    ldaphost = strdup( optarg );
-	    break;
-	case 'D':	/* bind DN */
-	    binddn = strdup( optarg );
+
+        case 'D':	/* bind DN */
+	    binddn = strdup(optarg);
 	    break;
-	case 'w':	/* password */
-	    passwd = strdup( optarg );
+
+        case 'd':
+#ifdef LDAP_DEBUG
+	    ldap_debug = lber_debug = atoi(optarg);
+#else
+	    fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" );
+#endif
 	    break;
-	case 'f':	/* read DNs from a file */
-	    if (( fp = fopen( optarg, "r" )) == NULL ) {
-		perror( optarg );
-		exit( 1 );
+
+        case 'f':	/* read DNs from a file */
+            if ((fp = fopen(optarg, "r")) == NULL)
+            {
+		perror(optarg);
+		return(1);
 	    }
 	    break;
-	case 'd':
-#ifdef LDAP_DEBUG
-	    ldap_debug = lber_debug = atoi( optarg );	/* */
-#else /* LDAP_DEBUG */
-	    fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" );
-#endif /* LDAP_DEBUG */
+
+        case 'h':	/* ldap host */
+	    ldaphost = strdup(optarg);
 	    break;
-	case 'p':
-	    ldapport = atoi( optarg );
+
+        case 'K':	/* kerberos bind, part one only */
+#ifdef HAVE_KERBEROS
+            authmethod = LDAP_AUTH_KRBV41;
+#else
+            fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
+#endif
 	    break;
-	case 'n':	/* print deletes, don't actually do them */
-	    ++not;
+
+        case 'k':	/* kerberos bind */
+#ifdef HAVE_KERBEROS
+            authmethod = LDAP_AUTH_KRBV4;
+#else
+            fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
+#endif
+            break;
+
+        case 'n':	/* print deletes, don't actually do them */
+	    not++;
+	    break;
+
+        case 'p':
+	    ldapport = atoi( optarg );
 	    break;
-	case 'v':	/* verbose mode */
+
+        case 'v':	/* verbose mode */
 	    verbose++;
 	    break;
-	default:
-	    fprintf( stderr, usage, argv[0] );
-	    exit( 1 );
-	}
-    }

-    if ( fp == NULL ) {
-	if ( optind >= argc ) {
-	    fp = stdin;
+        case 'W':
+            want_passwd++;
+            break;
+
+        case 'w':	/* password */
+	    passwd = strdup(optarg);
+	    break;
+
+        default:
+            usage(argv[0]);
 	}
    }

-    if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) {
-	perror( "ldap_open" );
-	exit( 1 );
-    }
+    if (want_passwd && !passwd)
+        passwd = strdup(getpass("Enter LDAP Password: "));

-	{
-		/* this seems prudent */
-		int deref = LDAP_DEREF_NEVER;
-		ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
-	}
+    if (fp == NULL && optind >= argc)
+        fp = stdin;

-    if ( !kerberos ) {
-	authmethod = LDAP_AUTH_SIMPLE;
-    } else if ( kerberos == 1 ) {
-	authmethod = LDAP_AUTH_KRBV41;
-    } else {
-	authmethod = LDAP_AUTH_KRBV4;
+    if ((ld = ldap_open(ldaphost, ldapport)) == NULL) {
+	perror("ldap_open");
+	return(1);
    }
-    if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
-	ldap_perror( ld, "ldap_bind" );
-	exit( 1 );
+
+    /* this seems prudent */
+    ldap_set_option(ld, LDAP_OPT_DEREF, &deref);
+
+    if (ldap_bind_s(ld, binddn, passwd, authmethod) != LDAP_SUCCESS) {
+	ldap_perror(ld, "ldap_bind");
+	return(1);
    }

-    if ( fp == NULL ) {
-	for ( ; optind < argc; ++optind ) {
-	    rc = dodelete( ld, argv[ optind ] );
-	}
+    if (fp == NULL) {
+	for (; optind < argc; ++optind)
+	    rc = dodelete(ld, argv[optind]);
    } else {
 	rc = 0;
 	while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
-	    buf[ strlen( buf ) - 1 ] = '\0';	/* remove trailing newline */
-	    if ( *buf != '\0' ) {
-		rc = dodelete( ld, buf );
-	    }
+	    buf[strlen(buf) - 1] = '\0';	/* remove trailing newline */
+	    if ( *buf != '\0' )
+                rc = dodelete( ld, buf );
 	}
    }

-    ldap_unbind( ld );
-
-    exit( rc );
+    ldap_unbind(ld);

-	/* UNREACHABLE */
-	return(0);
+    return(rc);
 }

-
-static int dodelete(
+static int
+dodelete(
    LDAP	*ld,
    char	*dn)
 {
    int	rc;

-    if ( verbose ) {
+    if (verbose)
 	printf( "%sdeleting entry %s\n", not ? "!" : "", dn );
-    }
-    if ( not ) {
+
+    if (not)
 	rc = LDAP_SUCCESS;
-    } else {
-	if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) {
-	    ldap_perror( ld, "ldap_delete" );
-	} else if ( verbose ) {
-	    printf( "entry removed\n" );
-	}
+    else {
+        if ((rc = ldap_delete_s(ld, dn)) != LDAP_SUCCESS)
+            ldap_perror(ld, "ldap_delete");
+        else if (verbose)
+            printf("entry removed\n");
    }

-    return( rc );
+    return(rc);
 }