From 3ce7fe1694bf734be49e9cfaac0693449abcc208 Mon Sep 17 00:00:00 2001 From: "anton.bobrov%sun.com" Date: Wed, 10 Jan 2007 15:54:50 +0000 Subject: [PATCH] Bug 364812 merging Sun and Mozilla ldap tools --- .../c-sdk/ldap/clients/tools/Options.txt | 22 +- directory/c-sdk/ldap/clients/tools/common.c | 216 +++++------------- .../c-sdk/ldap/clients/tools/convutf8.cpp | 4 + directory/c-sdk/ldap/clients/tools/fileurl.c | 12 +- directory/c-sdk/ldap/clients/tools/ldapcmp.c | 2 + .../c-sdk/ldap/clients/tools/ldapcompare.c | 4 + .../c-sdk/ldap/clients/tools/ldapmodrdn.c | 4 +- .../c-sdk/ldap/clients/tools/ldapsearch.c | 97 +++++++- directory/c-sdk/ldap/clients/tools/ldaptool.h | 9 +- 9 files changed, 168 insertions(+), 202 deletions(-) diff --git a/directory/c-sdk/ldap/clients/tools/Options.txt b/directory/c-sdk/ldap/clients/tools/Options.txt index e3faa2ac3df..439b9409566 100644 --- a/directory/c-sdk/ldap/clients/tools/Options.txt +++ b/directory/c-sdk/ldap/clients/tools/Options.txt @@ -55,42 +55,42 @@ The "avail" lists included options that are available for use. common.c (supported by all of the tools): - raw: gnvEMRHZ02:3d:D:f:h:I:j:K:N:O:o:P:p:Q:W:w:V:X:m:i:k:y:Y:J: - sorted: 023 DEHIJKMNOPQRVWXYZ dfghijkmnopvwy + raw: gnvEMRHZ02:3d:D:f:h:I:j:K:N:O:o:P:p:Q:W:w:V:m:i:k:y:Y:J: + sorted: 023 DEHIJKMNOPQRVWYZ dfghijkmnopvwy avail: [4-9] (not used by any of the tools) ldapcmp.c: raw: Bb:l:s:z: sorted: B blsz - all: 023 BDEHIJKMNOPQRVWXYZ bdfghijklmnopsvwyz + all: 023 BDEHIJKMNOPQRVWYZ bdfghijklmnopsvwyz avail: 1 [4-9] ACFGLSTU aceqrtux ldapcompare.c: raw: cq sorted: cq - all: 023 DEHIJKMNOPQRVWXYZ cdfghijkmnopqvwy + all: 023 DEHIJKMNOPQRVWYZ cdfghijkmnopqvwy avail: 1 [4-9] ABCFGLSTU abelrstuxz ldapdelete.c (deprecated) raw: c sorted: c - all: 023 DEHIJKMNOPQRVWXYZ cdfghijkmnopvwy + all: 023 DEHIJKMNOPQRVWYZ cdfghijkmnopvwy avail: 1 [4-9] ABCFGLSTU abelqrstuxz ldapmodify.c raw: aAbcFe:B:q sorted: ABF abceq - all: 023 ABDEFHIJKMNOPQRVWXYZ abcdefghijkmnopqvwy + all: 023 ABDEFHIJKMNOPQRVWYZ abcdefghijkmnopqvwy avail: 1 [4-9] CGLSTU lrstuxz ldapmodrdn.c (deprecated) raw: cr sorted: cr - all: 023 DEHIJKMNOPQRVWXYZ cdfghijklmnoprvwy + all: 023 DEHIJKMNOPQRVWYZ cdfghijklmnoprvwy avail: 1 [4-9] ABCFGLSTU abelqstuxz ldapsearch.c - raw: ABLTU1eortuxa:b:F:G:l:S:s:z:C: - sorted: 1 ABCFGLSTU abeorstuxz - all: 0123 ABCDEFGHIJKLMNOPQRSTUVWXYZ abdefghijklmnoprstuvwxyz - avail: [4-9] cq + raw: ABLTU1eortuxa:b:F:G:l:S:s:z:C:c:X: + sorted: 1 ABCFGLSTUX abceorstuxz + all: 0123 ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnoprstuvwxyz + avail: [4-9] q diff --git a/directory/c-sdk/ldap/clients/tools/common.c b/directory/c-sdk/ldap/clients/tools/common.c index 7c105c2e677..7314509d1ee 100644 --- a/directory/c-sdk/ldap/clients/tools/common.c +++ b/directory/c-sdk/ldap/clients/tools/common.c @@ -78,13 +78,6 @@ static void ldaptool_debug_free( void *ptr ); #if defined(NET_SSL) && defined(LDAP_TOOL_PKCS11) static void ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns); static char * buildTokenCertName( const char *tokenName, const char *certName); -#ifdef FORTEZZA -static int ldaptool_fortezza_init( int exit_on_error ); -static int ldaptool_fortezza_alert( void *arg, PRBool onOpen, - char *string, int value1, void *value2 ); -static void * ldaptool_fortezza_getpin( char **passwordp ); -static char * ldaptool_fortezza_err2string( int err ); -#endif /* FORTEZZA */ #endif #ifdef HAVE_SASL_OPTIONS static int saslSetParam(char *saslarg); @@ -132,14 +125,12 @@ ldaptool_common_usage( int two_hosts ) fprintf( stderr, " -m pathname\tpath to security module database\n"); #endif /* LDAP_TOOL_PKCS11 */ fprintf( stderr, " -W\t\tSSL key password\n" ); - fprintf( stderr, " -3\t\tcheck hostnames in SSL certificates\n" ); - + fprintf( stderr, " -W - \tprompt for SSL key password\n" ); #ifdef LDAP_TOOL_PKCS11 + fprintf( stderr, " -I file\tSSL key password 'file' containing token:password pair/s\n" ); fprintf( stderr, " -Q [token][:certificate name]\tPKCS 11\n" ); - fprintf( stderr, " -X pathname\tFORTEZZA compromised key list (CKL)\n" ); - fprintf( stderr, " -I pin\tcard password file\n" ); #endif /* LDAP_TOOL_PKCS11 */ - + fprintf( stderr, " -3\t\tcheck hostnames in SSL certificates\n" ); #endif /* NET_SSL */ fprintf( stderr, " -D binddn\tbind dn\n" ); fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" ); @@ -154,11 +145,8 @@ ldaptool_common_usage( int two_hosts ) fprintf( stderr, " -O limit\tmaximum number of referral hops to traverse (default: %d)\n", LDAPTOOL_DEFREFHOPLIMIT ); fprintf( stderr, " -M\t\tmanage references (treat them as regular entries)\n" ); fprintf( stderr, " -0\t\tignore LDAP library version mismatches\n" ); - -#ifndef NO_LIBLCACHE - fprintf( stderr, " -C cfgfile\tuse local database described by cfgfile\n" ); -#endif fprintf( stderr, " -i charset\tcharacter set for command line input (default taken from locale)\n" ); + fprintf( stderr, " \t\tuse '-i 0' to override locale settings and bypass any conversions\n" ); fprintf( stderr, " -k do not convert password to utf8 (use default from locale)\n" ); #if 0 /* @@ -211,6 +199,7 @@ static int ldversion = -1; /* use default */ static int refhoplim = LDAPTOOL_DEFREFHOPLIMIT; static int send_manage_dsait_ctrl = 0; static int prompt_password = 0; +static int prompt_sslpassword = 0; static FILE *password_fp = NULL; static char *proxyauth_id = NULL; static int proxyauth_version = 2; /* use newer proxy control */ @@ -225,9 +214,6 @@ static char *sasl_secprops = NULL; static int ldapauth = -1; #endif /* HAVE_SASL_OPTIONS */ -#ifndef NO_LIBLCACHE -static char *cache_config_file = NULL; -#endif /* !NO_LIBLCACHE */ #if defined(NET_SSL) static int secure = 0; static int isZ = 0; @@ -258,12 +244,6 @@ static char *pkcs_pin = NULL; static struct ldapssl_pkcs_fns local_pkcs_fns = {0,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL }; -#ifdef FORTEZZA -static uint32 fortezza_cardmask = 0; -static char *fortezza_personality = NULL; -static char *fortezza_krlfile = NULL; -static char *fortezza_pin = NULL; -#endif /* FORTEZZA */ #endif /* LDAP_TOOL_PKCS11 */ #endif /* NET_SSL */ @@ -387,26 +367,29 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, #ifdef HAVE_SASL_OPTIONS #ifdef HAVE_SASL_OPTIONS_2 - common_opts = "kgnvEMRHZ02:3d:D:f:h:j:I:K:N:O:P:p:W:w:V:X:m:i:y:Y:J:"; + common_opts = "kgnvEMRHZ02:3d:D:f:h:j:I:K:N:O:P:p:W:w:V:m:i:y:Y:J:"; #else - common_opts = "kgnvEMRHZ03d:D:f:h:j:I:K:N:O:o:P:p:W:w:V:X:m:i:y:Y:J:"; + common_opts = "kgnvEMRHZ03d:D:f:h:j:I:K:N:O:o:P:p:W:w:V:m:i:y:Y:J:"; #endif #else - common_opts = "kgnvEMRHZ03d:D:f:h:j:I:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y:J:"; + common_opts = "kgnvEMRHZ03d:D:f:h:j:I:K:N:O:P:p:Q:W:w:V:m:i:k:y:Y:J:"; #endif /* HAVE_SASL_OPTIONS */ - /* note: optstring must include room for liblcache "C:" option */ if (( optstring = (char *) malloc( strlen( extra_opts ) + strlen( common_opts ) - + 3 )) == NULL ) { + + 1 )) == NULL ) { perror( "malloc" ); exit( LDAP_NO_MEMORY ); } -#ifdef NO_LIBLCACHE sprintf( optstring, "%s%s", common_opts, extra_opts ); -#else - sprintf( optstring, "%s%sC:", common_opts, extra_opts ); -#endif + + if ( argc == 2 ) { + if ( ((strncmp( argv[1], "/?", strlen("/?") + 1 )) == 0 ) || + ((strncmp( argv[1], "-help", strlen("-help") + 1 )) == 0 ) || + ((strncmp( argv[1], "--help", strlen("--help") + 1 )) == 0 ) ) { + return( -1 ); + } + } hostnum = 0; while ( (i = getopt( argc, argv, optstring )) != EOF ) { @@ -432,11 +415,6 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, case 'R': /* don't automatically chase referrals */ chase_referrals = 0; break; -#ifndef NO_LIBLCACHE - case 'C': /* search local database */ - cache_config_file = strdup( optarg ); - break; -#endif case 'f': /* input file */ if ( optarg[0] == '-' && optarg[1] == '\0' ) { ldaptool_fp = stdin; @@ -526,11 +504,15 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, } break; case 'W': /* SSL key password */ - ssl_passwd = strdup( optarg ); - if (NULL == ssl_passwd) - { - perror("malloc"); - exit( LDAP_NO_MEMORY ); + if ( optarg[0] == '-' && optarg[1] == '\0' ) { + prompt_sslpassword = 1; + } else { + ssl_passwd = strdup( optarg ); + if (NULL == ssl_passwd) + { + perror("malloc"); + exit( LDAP_NO_MEMORY ); + } } isW = 1; break; @@ -549,7 +531,7 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, } break; - case 'Q': /* FORTEZZA [card][:personality] */ + case 'Q': /* [token][:certificate name] */ pkcs_token = strdup(optarg); if (NULL == pkcs_token) { @@ -558,13 +540,8 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, } break; - case 'X': /* path to FORTEZZA CKL file */ - /* - fortezza_krlfile = strdup( optarg ); - */ - break; - case 'I': /* FORTEZZA PIN (password file) */ + case 'I': /* PIN (password file) */ ssl_donglefile = strdup( optarg ); break; @@ -686,10 +663,10 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, } } - /* if '-N' is specified, -W is needed too */ - if ( isN && NULL == ssl_passwd ) { - fprintf( stderr, "%s: with the -N option, please specify -W also\n\n", ldaptool_progname ); - return (-1); + /* if '-N' is specified, -W or -I is needed too */ + if ( isN && NULL == ssl_passwd && 0 == prompt_sslpassword && NULL == ssl_donglefile ) { + fprintf( stderr, "%s: with the -N option, please specify -W or -I also\n\n", ldaptool_progname ); + return (-1); } if ( isj && isw ) { @@ -1044,25 +1021,6 @@ ldaptool_ldap_init( int second_host ) exit( LDAP_LOCAL_ERROR ); } -#ifndef NO_LIBLCACHE - if ( cache_config_file != NULL ) { - int opt; - - if ( lcache_init( ld, cache_config_file ) != 0 ) { - exit( ldaptool_print_lderror( ld, cache_config_file, - LDAPTOOL_CHECK4SSL_NEVER )); - } - opt = 1; - (void) ldap_set_option( ld, LDAP_OPT_CACHE_ENABLE, &opt ); - opt = LDAP_CACHE_LOCALDB; - (void) ldap_set_option( ld, LDAP_OPT_CACHE_STRATEGY, &opt ); - if ( ldversion == -1 ) { /* not set with -V */ - ldversion = LDAP_VERSION2; /* local db only supports v2 */ - } - } -#endif - - ldap_set_option( ld, LDAP_OPT_REFERRALS, chase_referrals ? LDAP_OPT_ON: LDAP_OPT_OFF ); if ( chase_referrals ) { @@ -1810,6 +1768,26 @@ ldaptool_create_proxyauth_control( LDAP *ld ) return( ctl ); } +/* Effective Rights control */ +LDAPControl * +ldaptool_create_geteffectiveRights_control ( LDAP *ld, const char *authzid, + const char **attrlist) +{ + LDAPControl *ctl = NULL; + int rc; + + rc = ldap_create_geteffectiveRights_control( ld, authzid, attrlist, 1, + &ctl); + + if ( rc != LDAP_SUCCESS) + { + if (ctl) + ldap_control_free( ctl); + return NULL; + } + return( ctl ); +} + void ldaptool_add_control_to_array( LDAPControl *ctrl, LDAPControl **array) { @@ -2368,96 +2346,6 @@ ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns) pfns->local_structure_id=PKCS_STRUCTURE_ID; } - - -#ifdef FORTEZZA -static int -ldaptool_fortezza_init( int exit_on_error ) -{ - int rc, errcode; - - if ( fortezza_personality == NULL && fortezza_cardmask == 0 ) { /* no FORTEZZA desired */ - SSL_EnableGroup( SSL_GroupFortezza, DSFalse ); /* disable FORTEZZA */ - return( 0 ); - } - - if (( rc = FortezzaConfigureServer( ldaptool_fortezza_getpin, fortezza_cardmask, - fortezza_personality, ldaptool_fortezza_alert, NULL, &errcode, - fortezza_krlfile )) < 0 ) { - fprintf( stderr, - "%s: FORTEZZA initialization failed (error %d - %s)\n", - ldaptool_progname, errcode, - ldaptool_fortezza_err2string( errcode )); - if ( exit_on_error ) { - exit( LDAP_LOCAL_ERROR ); - } - - SSL_EnableGroup( SSL_GroupFortezza, DSFalse ); /* disable FORTEZZA */ - return( -1 ); - } - - SSL_EnableGroup( SSL_GroupFortezza, DSTrue ); /* enable FORTEZZA */ - return( 0 ); -} - - -static int -ldaptool_fortezza_alert( void *arg, PRBool onOpen, char *string, - int value1, void *value2 ) -{ - fprintf( stderr, "%s: FORTEZZA alert: ", ldaptool_progname ); - fprintf( stderr, string, value1, value2 ); - fprintf( stderr, "\n" ); - return( 1 ); -} - - -static void * -ldaptool_fortezza_getpin( char **passwordp ) -{ - *passwordp = fortezza_pin; - return( *passwordp ); -} - - -/* - * convert a Fortezza error code (as returned by FortezzaConfigureServer() - * into a human-readable string. - * - * Error strings are intentionally similar to those found in - * ns/netsite/lib/libadmin/httpcon.c - */ -static char * -ldaptool_fortezza_err2string( int err ) -{ - char *s; - - switch( err ) { - case FORTEZZA_BADPASSWD: - s = "invalid pin number"; - break; - case FORTEZZA_BADCARD: - s = "bad or missing card"; - break; - case FORTEZZA_MISSING_KRL: - s = "bad or missing compromised key list"; - break; - case FORTEZZA_CERT_INIT_ERROR: - s = "unable to initialize certificate cache. either a cert on " - "the card is bad, or an old FORTEZZA certificate is in a" - "readonly database"; - break; - case FORTEZZA_EXPIRED_CERT: - s = "unable to verify certificate"; - break; - default: - s = "unknown error"; - } - - return( s ); -} - -#endif /* FORTEZZA */ #endif /* LDAP_TOOL_PKCS11 */ #endif /* NET_SSL */ diff --git a/directory/c-sdk/ldap/clients/tools/convutf8.cpp b/directory/c-sdk/ldap/clients/tools/convutf8.cpp index e2580b271d3..188fa8061eb 100644 --- a/directory/c-sdk/ldap/clients/tools/convutf8.cpp +++ b/directory/c-sdk/ldap/clients/tools/convutf8.cpp @@ -118,6 +118,10 @@ ldaptool_local2UTF8( const char *src, const char *desc ) } else if ( *src == '\0' ) { /* trivial case # 2 */ utf8 = strdup( "" ); } else { + /* check for bypass option */ + if ( NULL != ldaptool_charset && 0 == strcmp(ldaptool_charset, "0") ) { + return strdup( src ); + } /* Determine the source charset if not already done */ if ( NULL == src_charset ) { if ( NULL != ldaptool_charset diff --git a/directory/c-sdk/ldap/clients/tools/fileurl.c b/directory/c-sdk/ldap/clients/tools/fileurl.c index 422c6f5ef1c..698edc0fff8 100644 --- a/directory/c-sdk/ldap/clients/tools/fileurl.c +++ b/directory/c-sdk/ldap/clients/tools/fileurl.c @@ -247,10 +247,10 @@ ldaptool_berval_from_ldif_value( const char *value, int vlen, } if (strlen(url) < 6 || strncasecmp(url, "file:/", 6) != 0) { - /* - * We only support file:/ URLs for now. - */ - url = NULL; + /* + * We only support file:// like URLs for now. + */ + url = NULL; } } @@ -261,7 +261,7 @@ ldaptool_berval_from_ldif_value( const char *value, int vlen, switch( rc ) { case LDAPTOOL_FILEURL_NOTAFILEURL: if ( reporterrs ) fprintf( stderr, "%s: unsupported URL \"%s\";" - " use a file:/ URL instead.\n", ldaptool_progname, url ); + " use a file:// URL instead.\n", ldaptool_progname, url ); break; case LDAPTOOL_FILEURL_MISSINGPATH: @@ -273,7 +273,7 @@ ldaptool_berval_from_ldif_value( const char *value, int vlen, case LDAPTOOL_FILEURL_NONLOCAL: if ( reporterrs ) fprintf( stderr, "%s: unable to process URL \"%s\" -- only" - " local file:/ URLs are supported.\n", + " local file:// URLs are supported.\n", ldaptool_progname, url ); break; diff --git a/directory/c-sdk/ldap/clients/tools/ldapcmp.c b/directory/c-sdk/ldap/clients/tools/ldapcmp.c index da3193f2944..2000d391271 100644 --- a/directory/c-sdk/ldap/clients/tools/ldapcmp.c +++ b/directory/c-sdk/ldap/clients/tools/ldapcmp.c @@ -69,6 +69,8 @@ usage( void ) fprintf( stderr, "\t\tthen the -b flag is not required)\n" ); fprintf( stderr, "options:\n" ); fprintf( stderr, " -s scope\tone of base, one, or sub (default is sub)\n" ); + fprintf( stderr, " -l timelim\ttime limit (in seconds) for search (default is no limit)\n" ); + fprintf( stderr, " -z sizelim\tsize limit (in entries) for search (default is no limit)\n" ); ldaptool_common_usage( 1 ); exit( LDAP_PARAM_ERROR ); } diff --git a/directory/c-sdk/ldap/clients/tools/ldapcompare.c b/directory/c-sdk/ldap/clients/tools/ldapcompare.c index 7c410414025..32aa0f2525e 100644 --- a/directory/c-sdk/ldap/clients/tools/ldapcompare.c +++ b/directory/c-sdk/ldap/clients/tools/ldapcompare.c @@ -85,6 +85,10 @@ main( int argc, char **argv ) #endif optind = ldaptool_process_args( argc, argv, "cq", 0, options_callback ); + + if ( optind == -1 ) { + usage ( LDAP_PARAM_ERROR ); + } if ( ldaptool_fp == NULL && optind >= argc ) { ldaptool_fp = stdin; diff --git a/directory/c-sdk/ldap/clients/tools/ldapmodrdn.c b/directory/c-sdk/ldap/clients/tools/ldapmodrdn.c index 89f46407ef8..e27fb642b7e 100644 --- a/directory/c-sdk/ldap/clients/tools/ldapmodrdn.c +++ b/directory/c-sdk/ldap/clients/tools/ldapmodrdn.c @@ -60,9 +60,7 @@ usage( void ) } -main( argc, argv ) - int argc; - char **argv; +int main( int argc, char **argv ) { char *entrydn, *rdn, buf[ 4096 ]; int rc, havedn, deref, optind; diff --git a/directory/c-sdk/ldap/clients/tools/ldapsearch.c b/directory/c-sdk/ldap/clients/tools/ldapsearch.c index 4d26f028277..776edb50882 100644 --- a/directory/c-sdk/ldap/clients/tools/ldapsearch.c +++ b/directory/c-sdk/ldap/clients/tools/ldapsearch.c @@ -56,6 +56,7 @@ static void parse_and_display_reference( LDAP *ld, LDAPMessage *ref ); static char *sortresult2string(ber_int_t result); static char *changetype_num2string( ber_int_t chgtype ); static char *msgtype2str( int msgtype ); +static char **get_effectiverights_attrlist(char * optarg); /* * Prefix used in names of pseudo attributes added to the entry LDIF @@ -94,13 +95,13 @@ usage( void ) fprintf( stderr, " -B\t\tprint non-ASCII values and use old output format (attr=value)\n" ); fprintf( stderr, " -x\t\tperforming sorting on server\n" ); fprintf( stderr, " -F sep\tprint `sep' instead of `%s' between attribute names\n", LDAPTOOL_DEFSEP ); - fprintf( stderr, " \tand values\n" ); + fprintf( stderr, " \tand values in old output format (attr=value)\n" ); fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" ); fprintf( stderr, " -s scope\tone of base, one, or sub (default is sub)\n" ); fprintf( stderr, " -a deref\tone of never, always, search, or find (default: never)\n" ); fprintf( stderr, " \t(alias dereferencing)\n" ); - fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" ); - fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" ); + fprintf( stderr, " -l time lim\ttime limit (in seconds) for search (default is no limit)\n" ); + fprintf( stderr, " -z size lim\tsize limit (in entries) for search (default is no limit)\n" ); fprintf( stderr, " -C PS:changetype[:changesonly[:entrychgcontrols]]\n" ); fprintf( stderr, "\t\tchangetypes are add,delete,modify,moddn,any\n" ); fprintf( stderr, "\t\tchangesonly and entrychgcontrols are boolean values\n" ); @@ -108,6 +109,13 @@ usage( void ) fprintf( stderr, " -G before%cafter%cindex%ccount | before%cafter%cvalue where 'before' and\n", VLV_PARAM_SEP, VLV_PARAM_SEP, VLV_PARAM_SEP, VLV_PARAM_SEP, VLV_PARAM_SEP ); fprintf( stderr, "\t\t'after' are the number of entries surrounding 'index.'\n"); fprintf( stderr, "\t\t'count' is the content count, 'value' is the search value.\n"); + fprintf( stderr, " -c authzid\tspecifies the getEffectiveRights control authzid\n"); + fprintf( stderr, "\t\t eg. dn:uid=bjensen,dc=example,dc=com\n"); + fprintf( stderr, "\t\t A value of \"\" means \"the authorization id for the operation\".\n"); + fprintf( stderr, "\t\t A value of \"dn:\" means \"anonymous\"\n"); + fprintf( stderr, "\t\t (The aclRights operational attribute must be requested)\n"); + fprintf( stderr, " -X attrlist\tspecifies the getEffectiveRights control specific attribute list,\n"); + fprintf( stderr, "\t\t where attributes are space separated eg. \"nsroledn userPassword\"\n"); exit( LDAP_PARAM_ERROR ); } @@ -125,6 +133,9 @@ static int use_vlv = 0, vlv_before, vlv_after, vlv_index, vlv_count; static int use_psearch=0; static int flush_after_each_entry=0; static int write_ldif_version = 1; +static char *get_effectiverights_control_target_dn = NULL; /* -c */ +static char **get_effectiverights_control_attrlist = NULL; /* -X */ +static int do_effective_rights_control = 0; /* Persistent search variables */ static int chgtype=0, changesonly=1, return_echg_ctls=1; @@ -133,7 +144,9 @@ static int chgtype=0, changesonly=1, return_echg_ctls=1; int main( int argc, char **argv ) { - char *filtpattern, **attrs; + char *filtpattern = NULL; + int free_filtpattern = 0; + char **attrs; int rc, optind, i, first; LDAP *ld; @@ -158,15 +171,15 @@ main( int argc, char **argv ) ldaptool_reset_control_array( ldaptool_request_ctrls ); #ifdef HAVE_SASL_OPTIONS #ifdef HAVE_SASL_OPTIONS_2 - optind = ldaptool_process_args( argc, argv, "ABLTU1eortuxa:b:F:G:l:S:s:z:C:", + optind = ldaptool_process_args( argc, argv, "ABLTU1eortuxa:b:F:G:l:S:s:z:C:c:X:", 0, options_callback ); #else - optind = ldaptool_process_args( argc, argv, "ABLTU1ertuxa:b:F:G:l:S:s:z:C:", + optind = ldaptool_process_args( argc, argv, "ABLTU1ertuxa:b:F:G:l:S:s:z:C:c:X:", 0, options_callback ); #endif #else optind = ldaptool_process_args( argc, argv, - "ABLTU1eortuxa:b:F:G:l:S:s:z:C:", 0, options_callback ); + "ABLTU1eortuxa:b:F:G:l:S:s:z:C:c:X:", 0, options_callback ); #endif /* HAVE_SASL_OPTIONS */ if ( optind == -1 ) { @@ -202,6 +215,7 @@ main( int argc, char **argv ) } else { /* there are additional args (filter + attrs) */ if ( ldaptool_fp == NULL || strstr( argv[ optind ], "%s" ) != NULL ) { filtpattern = ldaptool_local2UTF8( argv[ optind ], "filter" ); + free_filtpattern = 1; ++optind; } else { filtpattern = "%s"; @@ -256,7 +270,7 @@ main( int argc, char **argv ) } if ( ldaptool_fp == NULL ) { - char *conv; + char *conv = NULL; conv = ldaptool_local2UTF8( base, "base DN" ); rc = dosearch( ld, conv, scope, attrs, attrsonly, filtpattern, "" ); @@ -314,6 +328,9 @@ main( int argc, char **argv ) } ldaptool_cleanup( ld ); + if ( (free_filtpattern != 0) && (filtpattern != NULL) ) { + free (filtpattern); + } return( rc ); } @@ -383,6 +400,26 @@ options_callback( int option, char *optarg ) case 'F': /* field separator */ sep = strdup( optarg ); break; + case 'c': /* getEffectiveRights control authzid */ + if ( optarg && optarg[0] == '\0' ) { + /* -c "" + means "This user" + */ + get_effectiverights_control_target_dn = NULL; + do_effective_rights_control = 1; + }else if ( strlen(optarg) < 3 || (strncasecmp(optarg, "dn:", 3) != 0) ) { + fprintf(stderr,"-c wrong format--should be \"\" or \"dn:...\".\n" + "\"dn:\" means anonymous user."); + usage(); + } else { + get_effectiverights_control_target_dn = strdup(optarg); + do_effective_rights_control = 1; + } + break; + case 'X': /* getEffectiveRights control attr list */ + get_effectiverights_control_attrlist = get_effectiverights_attrlist(optarg); + do_effective_rights_control = 1; + break; case 'b': /* searchbase */ base = strdup( optarg ); break; @@ -602,7 +639,15 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value ) if ((ldctrl = ldaptool_create_proxyauth_control(ld)) !=NULL) { ldaptool_add_control_to_array(ldctrl, ldaptool_request_ctrls); } - + + if ( do_effective_rights_control ) { + if ((ldctrl = ldaptool_create_geteffectiveRights_control(ld, + get_effectiverights_control_target_dn, + (const char**) get_effectiverights_control_attrlist)) != NULL) { + ldaptool_add_control_to_array(ldctrl, ldaptool_request_ctrls); + } + } + if (use_psearch) { if ( ldap_create_persistentsearch_control( ld, chgtype, changesonly, return_echg_ctls, @@ -1181,8 +1226,8 @@ static struct ldapsearch_type2str ldapsearch_msgtypes[] = { /* -* Return a descriptive string given an LDAP result message type (tag). -*/ + * Return a descriptive string given an LDAP result message type (tag). + */ static char * msgtype2str( int msgtype ) { @@ -1224,3 +1269,33 @@ changetype_num2string( ber_int_t chgtype ) return( s ); } + +/* returns a null teminated charrary */ +static char **get_effectiverights_attrlist(char * optarg) +{ + int i = 0; + char ** retArray = NULL; + char * tmp_str = strdup(optarg); + + if ( tmp_str == NULL ) { + perror("strdup"); + exit(LDAP_NO_MEMORY); + } + + retArray = ldap_str2charray( tmp_str, " "); /* takes copies */ + if ( retArray == NULL ) { + fprintf( stderr, "%s: not enough memory\n", ldaptool_progname ); + exit( LDAP_NO_MEMORY ); + } + + free(tmp_str); + + while( retArray[i] != NULL ) { + + fprintf(stderr,"%s ", retArray[i]); + i++; + } + fprintf(stderr, "\n"); + + return(retArray); +} diff --git a/directory/c-sdk/ldap/clients/tools/ldaptool.h b/directory/c-sdk/ldap/clients/tools/ldaptool.h index cdc12bd607f..e85c4d0fce8 100644 --- a/directory/c-sdk/ldap/clients/tools/ldaptool.h +++ b/directory/c-sdk/ldap/clients/tools/ldaptool.h @@ -95,14 +95,8 @@ extern int getopt (int argc, char *const *argv, const char *optstring); #include #endif - #include - #include -#ifndef NO_LIBLCACHE -#include -#endif - #include #include @@ -116,7 +110,6 @@ extern int getopt (int argc, char *const *argv, const char *optstring); extern "C" { #endif - /* * shared macros, structures, etc. */ @@ -176,6 +169,8 @@ LDAPControl *ldaptool_create_manage_dsait_control( void ); void ldaptool_print_referrals( char **refs ); int ldaptool_print_extended_response( LDAP *ld, LDAPMessage *res, char *msg ); LDAPControl *ldaptool_create_proxyauth_control( LDAP *ld ); +LDAPControl *ldaptool_create_geteffectiveRights_control ( LDAP *ld, + const char *authzid, const char **attrlist ); void ldaptool_add_control_to_array( LDAPControl *ctrl, LDAPControl **array); void ldaptool_reset_control_array( LDAPControl **array ); char *ldaptool_get_tmp_dir( void );