Commit bf9231ac authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Round 2 of tools work.

-R now ignored
-C added to chase.  No rebind proc yet, no checking of appropriate authentication.
complain if non-critical TLS was not started.
Fail if requested version is not supported.
ldapdelete:
  deletechildren modified to use ldap_search_ext_s()
  fixed deletechildren dn memory leak
ldapsearch:
  modified to use ldap_search_ext()
parent 6f44bf3e
......@@ -35,11 +35,12 @@ static int not, verbose, contoper;
static LDAP *ld;
static int dodelete LDAP_P((
LDAP *ld,
char *dn));
LDAP *ld,
const char *dn));
static int deletechildren LDAP_P(( LDAP *ld,
char *dn ));
static int deletechildren LDAP_P((
LDAP *ld,
const char *dn ));
static void
usage( const char *s )
......@@ -51,6 +52,7 @@ usage( const char *s )
" or from the file specified with \"-f file\".\n"
"options:\n"
" -c\t\tcontinuous operation mode (do not stop on errors)\n"
" -C\t\tchase referrals\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
......@@ -83,14 +85,14 @@ main( int argc, char **argv )
{
char buf[ 4096 ];
FILE *fp;
int i, rc, authmethod, want_bindpw, version, debug, manageDSAit;
int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit;
not = verbose = contoper = want_bindpw = debug = manageDSAit = 0;
not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0;
fp = NULL;
authmethod = LDAP_AUTH_SIMPLE;
version = -1;
while (( i = getopt( argc, argv, "cD:d:Ef:h:IKkMnP:p:rU:vWw:X:Y:Z" )) != EOF ) {
while (( i = getopt( argc, argv, "cCD:d:Ef:h:IKMnP:p:rU:vWw:X:Y:Z" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
......@@ -111,6 +113,9 @@ main( int argc, char **argv )
case 'c': /* continuous operation mode */
++contoper;
break;
case 'C':
referrals++;
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
......@@ -290,18 +295,24 @@ main( int argc, char **argv )
#endif
if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
perror( "ldap_init" );
return( EXIT_FAILURE );
perror( "ldap_init" );
return( EXIT_FAILURE );
}
{
/* this seems prudent */
/* this seems prudent for searches below */
int deref = LDAP_DEREF_NEVER;
ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
/* chase referrals */
if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
if (version == -1 ) {
version = 3;
......@@ -312,13 +323,15 @@ main( int argc, char **argv )
{
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
version );
return EXIT_FAILURE;
}
if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
if ( use_tls > 1 ) {
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
return EXIT_FAILURE;
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
......@@ -390,7 +403,8 @@ main( int argc, char **argv )
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
......@@ -419,83 +433,105 @@ main( int argc, char **argv )
static int dodelete(
LDAP *ld,
char *dn)
const char *dn)
{
int rc;
int rc;
if ( verbose ) {
printf( "%sdeleting entry \"%s\"\n",
(not ? "!" : ""), dn );
}
if ( not ) {
rc = LDAP_SUCCESS;
} else {
/* If prune is on, remove a whole subtree. Delete the children of the
* DN recursively, then the DN requested.
*/
if ( prune ) deletechildren( ld, dn );
if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_delete" );
} else if ( verbose ) {
printf( "\tremoved\n" );
if ( verbose ) {
printf( "%sdeleting entry \"%s\"\n",
(not ? "!" : ""), dn );
}
}
return( rc );
if ( not ) {
return LDAP_SUCCESS;
}
/* If prune is on, remove a whole subtree. Delete the children of the
* DN recursively, then the DN requested.
*/
if ( prune ) deletechildren( ld, dn );
rc = ldap_delete_s( ld, dn );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_delete" );
}
if ( verbose ) {
printf( "\tremoved\n" );
}
return rc;
}
/*
* Delete all the children of an entry recursively until leaf nodes are reached.
*
*/
static int deletechildren( LDAP *ld,
char *dn )
static int deletechildren(
LDAP *ld,
const char *dn )
{
LDAPMessage *res, *e;
int entries;
int rc;
int timeout = 30 * 10000;
ldap_set_option( ld, LDAP_OPT_TIMEOUT, &timeout );
if ( verbose ) printf ( "deleting children of: %s\n", dn );
/*
* Do a one level search at dn for children. For each, delete its children.
*/
if ( ldap_search_s( ld, dn, LDAP_SCOPE_ONELEVEL, NULL, NULL, 0, &res ) == -1 )
{
ldap_perror( ld, "ldap_search" );
ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
return( rc );
}
LDAPMessage *res, *e;
int entries;
int rc;
static char *attrs[] = { "1.1", NULL };
if ( verbose ) printf ( "deleting children of: %s\n", dn );
/*
* Do a one level search at dn for children. For each, delete its children.
*/
rc = ldap_search_ext_s( ld, dn, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
NULL, NULL, NULL, -1, &res );
if ( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_search" );
return( rc );
}
entries = ldap_count_entries( ld, res );
if ( entries > 0 )
{
int i;
for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
e = ldap_next_entry( ld, e ), i++ )
{
if ( (rc = deletechildren( ld, ldap_get_dn( ld, e) )) == -1 )
{
ldap_perror( ld, "ldap_prune" );
return rc;
}
if ( verbose )
{
printf( "\tremoving %s\n", ldap_get_dn( ld, e ) );
}
if ( ( rc = ldap_delete_s( ld, ldap_get_dn( ld, e ) ) ) == -1 )
{
ldap_perror( ld, "ldap_delete" );
return rc;
}
else if ( verbose )
{
printf( "\t%s removed\n", ldap_get_dn( ld, e ) );
}
}
}
ldap_msgfree( res );
return rc;
entries = ldap_count_entries( ld, res );
if ( entries > 0 ) {
int i;
for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
e = ldap_next_entry( ld, e ), i++ )
{
char *dn = ldap_get_dn( ld, e );
if( dn == NULL ) {
ldap_perror( ld, "ldap_prune" );
ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &rc );
ber_memfree( dn );
return rc;
}
rc = deletechildren( ld, dn );
if ( rc == -1 ) {
ldap_perror( ld, "ldap_prune" );
ber_memfree( dn );
return rc;
}
if ( verbose ) {
printf( "\tremoving %s\n", dn );
}
rc = ldap_delete_s( ld, dn );
if ( rc == -1 ) {
ldap_perror( ld, "ldap_delete" );
ber_memfree( dn );
return rc;
}
if ( verbose ) {
printf( "\t%s removed\n", dn );
}
ber_memfree( dn );
}
}
ldap_msgfree( res );
return rc;
}
......@@ -91,6 +91,7 @@ usage( const char *prog )
" -a\t\tadd values (default%s)\n"
" -b\t\tread values from files (for binary attributes)\n"
" -c\t\tcontinuous operation\n"
" -C\t\tchase referrals\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D dn\t\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
......@@ -121,7 +122,7 @@ main( int argc, char **argv )
{
char *infile, *rbuf, *start;
FILE *fp;
int rc, i, authmethod, version, want_bindpw, debug, manageDSAit;
int rc, i, authmethod, version, want_bindpw, debug, manageDSAit, referrals;
int count;
if (( prog = strrchr( argv[ 0 ], *LDAP_DIRSEP )) == NULL ) {
......@@ -136,11 +137,11 @@ main( int argc, char **argv )
ldapadd = ( strcmp( prog, "ldapadd" ) == 0 );
infile = NULL;
not = verbose = want_bindpw = debug = manageDSAit = 0;
not = verbose = want_bindpw = debug = manageDSAit = referrals = 0;
authmethod = LDAP_AUTH_SIMPLE;
version = -1;
while (( i = getopt( argc, argv, "acD:d:EFf:h:IKkMnP:p:rtU:vWw:X:Y:Z" )) != EOF ) {
while (( i = getopt( argc, argv, "acCD:d:EFf:h:IKkMnP:p:rtU:vWw:X:Y:Z" )) != EOF ) {
switch( i ) {
case 'a': /* add */
ldapadd = 1;
......@@ -148,6 +149,9 @@ main( int argc, char **argv )
case 'c': /* continuous operation */
contoper = 1;
break;
case 'C':
referrals++;
break;
case 'r': /* default is to replace rather than add values */
replace = 1;
break;
......@@ -353,8 +357,15 @@ main( int argc, char **argv )
return( EXIT_FAILURE );
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
/* referrals */
if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
if (version == -1 ) {
version = 3;
......@@ -372,6 +383,7 @@ main( int argc, char **argv )
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
......@@ -447,7 +459,8 @@ main( int argc, char **argv )
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
......
......@@ -63,6 +63,7 @@ usage( const char *s )
" from the file specified by \"-f file\" (see man page).\n"
"options:\n"
" -c\t\tcontinuous operation mode (do not stop on errors)\n"
" -C\t\tchase referrals\n"
" -d level\tset LDAP debugging level to `level'\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
......@@ -96,16 +97,18 @@ main(int argc, char **argv)
char *myname,*infile, *entrydn = NULL, *rdn = NULL, buf[ 4096 ];
FILE *fp;
int rc, i, remove, havedn, authmethod, version, want_bindpw, debug, manageDSAit;
int referrals;
char *newSuperior=NULL;
infile = NULL;
not = contoper = verbose = remove = want_bindpw = debug = manageDSAit = 0;
not = contoper = verbose = remove = want_bindpw =
debug = manageDSAit = referrals = 0;
authmethod = LDAP_AUTH_SIMPLE;
version = -1;
myname = (myname = strrchr(argv[0], '/')) == NULL ? argv[0] : ++myname;
while (( i = getopt( argc, argv, "cD:d:Ef:h:IKkMnP:p:rs:U:vWw:X:Y:Z" )) != EOF ) {
while (( i = getopt( argc, argv, "cCD:d:Ef:h:IKkMnP:p:rs:U:vWw:X:Y:Z" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
......@@ -126,6 +129,9 @@ main(int argc, char **argv)
case 'c': /* continuous operation mode */
++contoper;
break;
case 'C':
referrals++;
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
......@@ -341,8 +347,14 @@ main(int argc, char **argv)
return( EXIT_FAILURE );
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
/* referrals */
if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
if (version == -1 ) {
version = 3;
......@@ -360,6 +372,7 @@ main(int argc, char **argv)
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
......@@ -431,7 +444,8 @@ main(int argc, char **argv)
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
......
......@@ -34,6 +34,7 @@ usage(const char *s)
" -a secret\told password\n"
" -A\t\tprompt for old password\n"
" -d level\tdebugging level\n"
" -C\t\tchase referrals\n"
" -D binddn\tbind DN\n"
" -E\t\trequest SASL privacy (-EE to make it critical)\n"
" -h host\t\tLDAP server (default: localhost)\n"
......@@ -86,6 +87,7 @@ main( int argc, char *argv[] )
int sasl_privacy = 0;
#endif
int use_tls = 0;
int referrals = 0;
LDAP *ld;
struct berval *bv = NULL;
......@@ -96,7 +98,7 @@ main( int argc, char *argv[] )
usage (argv[0]);
while( (i = getopt( argc, argv,
"Aa:D:d:EIh:np:Ss:U:vWw:X:Y:Z" )) != EOF )
"Aa:CD:d:EIh:np:Ss:U:vWw:X:Y:Z" )) != EOF )
{
switch (i) {
case 'A': /* prompt for oldr password */
......@@ -113,6 +115,9 @@ main( int argc, char *argv[] )
}
}
break;
case 'C':
referrals++;
break;
case 'D': /* bind distinguished name */
binddn = strdup (optarg);
break;
......@@ -139,7 +144,6 @@ main( int argc, char *argv[] )
case 's': /* new password (secret) */
newpw = strdup (optarg);
{
char* p;
......@@ -307,8 +311,14 @@ main( int argc, char *argv[] )
return EXIT_FAILURE;
}
/* don't chase referrals */
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
/* referrals */
if (ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
/* LDAPv3 only */
version = 3;
......@@ -323,6 +333,7 @@ main( int argc, char *argv[] )
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if ( authmethod == LDAP_AUTH_SASL ) {
......
......@@ -66,7 +66,6 @@ usage( const char *s )
"\t-n\t\tshow what would be done but don't actually search\n"
"\t-p port\t\tport on LDAP server\n"
"\t-P version\tprocotol version (default: 3)\n"
"\t-R\t\tdo not automatically follow referrals\n"
"\t-s scope\tone of base, one, or sub (search scope)\n"
"\t-S attr\t\tsort the results by attribute `attr'\n"
"\t-t\t\twrite binary values to files in temporary directory\n"
......@@ -123,10 +122,14 @@ static int dosearch LDAP_P((
LDAP *ld,
char *base,
int scope,
char *filtpatt,
char *value,
char **attrs,
int attrsonly,
char *filtpatt,
char *value));
LDAPControl **sctrls,
LDAPControl **cctrls,
struct timeval *timelimit,
int sizelimit ));
static char *tmpdir = NULL;
static char *urlpre = NULL;
......@@ -158,19 +161,16 @@ main( int argc, char **argv )
LDAP *ld;
infile = NULL;
debug = verbose = not = vals2tmp =
debug = verbose = not = vals2tmp = referrals =
attrsonly = manageDSAit = ldif = want_bindpw = 0;
deref = sizelimit = timelimit = version = -1;
/* default should be off */
referrals = 1;
scope = LDAP_SCOPE_SUBTREE;
authmethod = LDAP_AUTH_SIMPLE;
while (( i = getopt( argc, argv,
"Aa:b:D:d:Ef:h:IKkLl:MnP:p:RS:s:T:tU:uV:vWw:X:Y:Zz:")) != EOF )
"Aa:b:CD:d:Ef:h:IKkLl:MnP:p:RS:s:T:tU:uV:vWw:X:Y:Zz:")) != EOF )
{
switch( i ) {
case 'n': /* do nothing */
......@@ -209,8 +209,10 @@ main( int argc, char **argv )
/* enable Manage DSA IT */
manageDSAit++;
break;
case 'R': /* don't automatically chase referrals */
referrals = 0;
case 'C':
referrals++;
break;
case 'R': /* ignore */
break;
case 'A': /* retrieve attribute names only -- no values */
++attrsonly;
......@@ -471,30 +473,35 @@ main( int argc, char **argv )
if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
perror( "ldap_init" );
return( EXIT_FAILURE );
return EXIT_FAILURE;
}
if (deref != -1 &&
ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref );
return EXIT_FAILURE;
}
if (timelimit != -1 &&
ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit );
return EXIT_FAILURE;
}
if (sizelimit != -1 &&
ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit );
return EXIT_FAILURE;
}
if (referrals != -1 &&
ldap_set_option( ld, LDAP_OPT_REFERRALS,
(referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) ) != LDAP_OPT_SUCCESS )
/* referrals */
if (ldap_set_option( ld, LDAP_OPT_REFERRALS,
referrals ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
{
fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
referrals ? "on" : "off" );
return EXIT_FAILURE;
}
if (version == -1 ) {
......@@ -506,13 +513,15 @@ main( int argc, char **argv )
{
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
version );
return EXIT_FAILURE;
}
if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
if ( use_tls > 1 ) {
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
return EXIT_FAILURE;
}
fprintf( stderr, "WARNING: could not start TLS\n" );
}
if (want_bindpw) {
......@@ -583,7 +592,8 @@ main( int argc, char **argv )
err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
if( err != LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set Manage DSA IT Control\n" );
fprintf( stderr, "Could not set ManageDSAit %scontrol\n",
c.ldctl_iscritical ? "critical " : "" );
if( c.ldctl_iscritical ) {
exit( EXIT_FAILURE );
}
......@@ -631,7 +641,8 @@ main( int argc, char **argv )
}
if ( infile == NULL ) {
rc = dosearch( ld, base, scope, attrs, at