17c478bd9Sstevel@tonic-gate /* 2*a506a34cSth160488 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 77c478bd9Sstevel@tonic-gate 87c478bd9Sstevel@tonic-gate /* 97c478bd9Sstevel@tonic-gate * The contents of this file are subject to the Netscape Public 107c478bd9Sstevel@tonic-gate * License Version 1.1 (the "License"); you may not use this file 117c478bd9Sstevel@tonic-gate * except in compliance with the License. You may obtain a copy of 127c478bd9Sstevel@tonic-gate * the License at http://www.mozilla.org/NPL/ 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * Software distributed under the License is distributed on an "AS 157c478bd9Sstevel@tonic-gate * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 167c478bd9Sstevel@tonic-gate * implied. See the License for the specific language governing 177c478bd9Sstevel@tonic-gate * rights and limitations under the License. 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * The Original Code is Mozilla Communicator client code, released 207c478bd9Sstevel@tonic-gate * March 31, 1998. 217c478bd9Sstevel@tonic-gate * 227c478bd9Sstevel@tonic-gate * The Initial Developer of the Original Code is Netscape 237c478bd9Sstevel@tonic-gate * Communications Corporation. Portions created by Netscape are 247c478bd9Sstevel@tonic-gate * Copyright (C) 1998-1999 Netscape Communications Corporation. All 257c478bd9Sstevel@tonic-gate * Rights Reserved. 267c478bd9Sstevel@tonic-gate * 277c478bd9Sstevel@tonic-gate * Contributor(s): 287c478bd9Sstevel@tonic-gate */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate /* 317c478bd9Sstevel@tonic-gate * code that is shared by two or more of the LDAP command line tools 327c478bd9Sstevel@tonic-gate */ 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate #include "ldaptool.h" 357c478bd9Sstevel@tonic-gate #include "fileurl.h" 367c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 377c478bd9Sstevel@tonic-gate #include "solaris-int.h" 387c478bd9Sstevel@tonic-gate #include <ldap.h> 397c478bd9Sstevel@tonic-gate #include <locale.h> 407c478bd9Sstevel@tonic-gate #include <libgen.h> 417c478bd9Sstevel@tonic-gate #include <sys/types.h> 427c478bd9Sstevel@tonic-gate #include <sys/stat.h> 437c478bd9Sstevel@tonic-gate #include <limits.h> 447c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_ARGPIN 477c478bd9Sstevel@tonic-gate #include "argpin.h" 487c478bd9Sstevel@tonic-gate #include "ntuserpin.h" 497c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_ARGPIN */ 507c478bd9Sstevel@tonic-gate 517c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 527c478bd9Sstevel@tonic-gate #include <nspr.h> /* for PR_Cleanup() */ 537c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 547c478bd9Sstevel@tonic-gate #include <stdlib.h> 557c478bd9Sstevel@tonic-gate #include <time.h> /* for time() and ctime() */ 567c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 577c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 587c478bd9Sstevel@tonic-gate #include <sasl/sasl.h> 597c478bd9Sstevel@tonic-gate #else 607c478bd9Sstevel@tonic-gate #include <sasl.h> 617c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 627c478bd9Sstevel@tonic-gate #include "ldaptool-sasl.h" 637c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 647c478bd9Sstevel@tonic-gate 657c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 667c478bd9Sstevel@tonic-gate #define gettext(s) s 677c478bd9Sstevel@tonic-gate #endif 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 707c478bd9Sstevel@tonic-gate #define PATH_BUF_SIZE (PATH_MAX + 1) 717c478bd9Sstevel@tonic-gate #endif 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate static LDAP_REBINDPROC_CALLBACK get_rebind_credentials; 747c478bd9Sstevel@tonic-gate static void print_library_info( const LDAPAPIInfo *aip, FILE *fp ); 757c478bd9Sstevel@tonic-gate static int wait4result( LDAP *ld, int msgid, struct berval **servercredp, 767c478bd9Sstevel@tonic-gate char *msg ); 777c478bd9Sstevel@tonic-gate static int parse_result( LDAP *ld, LDAPMessage *res, 787c478bd9Sstevel@tonic-gate struct berval **servercredp, char *msg, int freeit ); 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate #ifdef LDAPTOOL_DEBUG_MEMORY 817c478bd9Sstevel@tonic-gate static void *ldaptool_debug_malloc( size_t size ); 827c478bd9Sstevel@tonic-gate static void *ldaptool_debug_calloc( size_t nelem, size_t elsize ); 837c478bd9Sstevel@tonic-gate static void *ldaptool_debug_realloc( void *ptr, size_t size ); 847c478bd9Sstevel@tonic-gate static void ldaptool_debug_free( void *ptr ); 857c478bd9Sstevel@tonic-gate #endif /* LDAPTOOL_DEBUG_MEMORY */ 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 887c478bd9Sstevel@tonic-gate static char *certpath2keypath( char *certdbpath ); 897c478bd9Sstevel@tonic-gate static int ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns); 907c478bd9Sstevel@tonic-gate static char * buildTokenCertName( const char *tokenName, const char *certName); 917c478bd9Sstevel@tonic-gate #ifdef FORTEZZA 927c478bd9Sstevel@tonic-gate static int ldaptool_fortezza_init( int exit_on_error ); 937c478bd9Sstevel@tonic-gate static int ldaptool_fortezza_alert( void *arg, PRBool onOpen, 947c478bd9Sstevel@tonic-gate char *string, int value1, void *value2 ); 957c478bd9Sstevel@tonic-gate static void * ldaptool_fortezza_getpin( char **passwordp ); 967c478bd9Sstevel@tonic-gate static char * ldaptool_fortezza_err2string( int err ); 977c478bd9Sstevel@tonic-gate #endif /* FORTEZZA */ 987c478bd9Sstevel@tonic-gate #endif 997c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 1007c478bd9Sstevel@tonic-gate static int saslSetParam(char *saslarg); 1017c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 1027c478bd9Sstevel@tonic-gate 1037c478bd9Sstevel@tonic-gate /* 1047c478bd9Sstevel@tonic-gate * display usage for common options with one exception: -f is not included 1057c478bd9Sstevel@tonic-gate * since the description tends to be tool-specific. 1067c478bd9Sstevel@tonic-gate * 1077c478bd9Sstevel@tonic-gate * As of 1-Jul-1998, of the characters in the set [A-Za-z] the following are 1087c478bd9Sstevel@tonic-gate * not currently used by any of the tools: EJgjqr 1097c478bd9Sstevel@tonic-gate */ 1107c478bd9Sstevel@tonic-gate void 1117c478bd9Sstevel@tonic-gate ldaptool_common_usage( int two_hosts ) 1127c478bd9Sstevel@tonic-gate { 1137c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -n\t\tshow what would be done but don't actually do it\n") ); 1147c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -v\t\trun in verbose mode (diagnostics to standard output)\n") ); 1157c478bd9Sstevel@tonic-gate if ( two_hosts ) { 1167c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -h host\tLDAP server1 name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST ); 1177c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -p port\tLDAP server1 TCP port number (default: %d)\n"), LDAP_PORT ); 1187c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -h host\tLDAP server2 name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST ); 1197c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -p port\tLDAP server2 TCP port number (default: %d)\n"), LDAP_PORT ); 1207c478bd9Sstevel@tonic-gate } else { 1217c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -h host\tLDAP server name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST ); 1227c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -p port\tLDAP server TCP port number (default: %d)\n"), LDAP_PORT ); 1237c478bd9Sstevel@tonic-gate } 1247c478bd9Sstevel@tonic-gate fprintf( stderr, 1257c478bd9Sstevel@tonic-gate gettext(" -V n\tLDAP protocol version number (%d or %d; default: %d)\n"), 1267c478bd9Sstevel@tonic-gate LDAP_VERSION2, LDAP_VERSION3, LDAP_VERSION3 ); 1277c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 1287c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -Z\t\tmake an SSL-encrypted connection\n") ); 1297c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -P pathname\tpath to SSL certificate database (default: current directory)\n") ); 1307c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -N\t\tname of certificate to use for SSL client authentication\n") ); 1317c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 1327c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -K pathname\tpath to key database to use for SSL client authentication\n") ); 1337c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" \t\t(default: path to certificate database provided with -P option)\n") ); 1347c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 1357c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 1367c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -m pathname\tpath to security module database\n")); 1377c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 1387c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -W\t\tSSL key password\n") ); 1397c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 1407c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -3\t\tcheck hostnames in SSL certificates\n") ); 141*a506a34cSth160488 #endif /* SOLARIS_LDAP_CMD */ 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 1447c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -Q [token][:certificate name]\tPKCS 11\n") ); 1457c478bd9Sstevel@tonic-gate /* fprintf( stderr, " -X pathname\tFORTEZZA compromised key list (CKL)\n" ); */ 1467c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -I pin\tcard password file\n") ); 1477c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 1487c478bd9Sstevel@tonic-gate 1497c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 1507c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -D binddn\tbind dn\n") ); 1517c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -w passwd\tbind passwd (for simple authentication)\n") ); 1527c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -w - \tprompt for bind passwd (for simple authentication)\n") ); 1537c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -j file\tread bind passwd (for simple authentication)\n") ); 1547c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" \t\tor SSL key password from 'file'\n") ); 1557c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -E\t\task server to expose (report) bind identity\n") ); 1567c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 1577c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -d level\tset LDAP debugging level to `level'\n") ); 1587c478bd9Sstevel@tonic-gate #endif 1597c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -R\t\tdo not automatically follow referrals\n") ); 1607c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -O limit\tmaximum number of referral hops to traverse (default: %d)\n"), LDAPTOOL_DEFREFHOPLIMIT ); 1617c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -M\t\tmanage references (treat them as regular entries)\n") ); 1627c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 1637c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -0\t\tignore LDAP library version mismatches\n") ); 1647c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 1657c478bd9Sstevel@tonic-gate 1667c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 1677c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -C cfgfile\tuse local database described by cfgfile\n") ); 1687c478bd9Sstevel@tonic-gate #endif 1697c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -i charset\tcharacter set for command line input (default taken from locale)\n") ); 1707c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -k dir\tconversion routine directory (default: current directory)\n") ); 1717c478bd9Sstevel@tonic-gate #if 0 1727c478bd9Sstevel@tonic-gate /* 1737c478bd9Sstevel@tonic-gate * Suppress usage for -y (old proxied authorization control) even though 1747c478bd9Sstevel@tonic-gate * we still support it. We want to encourage people to use -Y instead (the 1757c478bd9Sstevel@tonic-gate * new proxied authorization control). 1767c478bd9Sstevel@tonic-gate */ 1777c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -y proxydn\tDN used for proxy authorization\n") ); 1787c478bd9Sstevel@tonic-gate #endif 1797c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -Y proxyid\tproxied authorization id,\n") ); 1807c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" \te.g, dn:uid=bjensen,dc=example,dc=com\n") ); 1817c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -H\t\tdisplay usage information\n") ); 1827c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 1837c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -?\t\tdisplay usage information\n") ); 1847c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 1857c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -J controloid[:criticality[:value|::b64value|:<fileurl]]\n") ); 1867c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("\t\tcriticality is a boolean value (default is false)\n") ); 1877c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 1887c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -o attrName=attrVal\tSASL options which are described in the man page\n")); 1897c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 1907c478bd9Sstevel@tonic-gate } 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate /* globals */ 1937c478bd9Sstevel@tonic-gate char *ldaptool_charset = ""; 1947c478bd9Sstevel@tonic-gate char *ldaptool_host = LDAPTOOL_DEFHOST; 1957c478bd9Sstevel@tonic-gate char *ldaptool_host2 = LDAPTOOL_DEFHOST; 1967c478bd9Sstevel@tonic-gate int ldaptool_port = LDAP_PORT; 1977c478bd9Sstevel@tonic-gate int ldaptool_port2 = LDAP_PORT; 1987c478bd9Sstevel@tonic-gate int ldaptool_verbose = 0; 1997c478bd9Sstevel@tonic-gate int ldaptool_not = 0; 2007c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 2017c478bd9Sstevel@tonic-gate int ldaptool_require_binddn = 1; 2027c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 2037c478bd9Sstevel@tonic-gate FILE *ldaptool_fp = NULL; 2047c478bd9Sstevel@tonic-gate FILE *password_fp = NULL; 2057c478bd9Sstevel@tonic-gate char *ldaptool_progname = ""; 2067c478bd9Sstevel@tonic-gate char *ldaptool_nls_lang = NULL; 2077c478bd9Sstevel@tonic-gate char *proxyauth_id = NULL; 2087c478bd9Sstevel@tonic-gate int proxyauth_version = 2; /* use newer proxy control */ 2097c478bd9Sstevel@tonic-gate LDAPControl *ldaptool_request_ctrls[CONTROL_REQUESTS] = {0}; 2107c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 2117c478bd9Sstevel@tonic-gate int ldaptool_dbg_lvl = 0; 2127c478bd9Sstevel@tonic-gate #endif /* LDAP_DEBUG */ 2137c478bd9Sstevel@tonic-gate 2147c478bd9Sstevel@tonic-gate /* statics */ 2157c478bd9Sstevel@tonic-gate static char *binddn = NULL; 2167c478bd9Sstevel@tonic-gate static char *passwd = NULL; 2177c478bd9Sstevel@tonic-gate static int send_auth_response_ctrl = 0; 2187c478bd9Sstevel@tonic-gate static int user_specified_port = 0; 2197c478bd9Sstevel@tonic-gate static int user_specified_port2 = 0; 2207c478bd9Sstevel@tonic-gate static int chase_referrals = 1; 2217c478bd9Sstevel@tonic-gate static int lib_version_mismatch_is_fatal = 1; 2227c478bd9Sstevel@tonic-gate static int ldversion = -1; /* use default */ 2237c478bd9Sstevel@tonic-gate static int refhoplim = LDAPTOOL_DEFREFHOPLIMIT; 2247c478bd9Sstevel@tonic-gate static int send_manage_dsait_ctrl = 0; 2257c478bd9Sstevel@tonic-gate static int prompt_password = 0; 2267c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 2277c478bd9Sstevel@tonic-gate static unsigned sasl_flags = LDAP_SASL_INTERACTIVE; 2287c478bd9Sstevel@tonic-gate static char *sasl_mech = NULL; 2297c478bd9Sstevel@tonic-gate static char *sasl_authid = NULL; 2307c478bd9Sstevel@tonic-gate static char *sasl_mode = NULL; 2317c478bd9Sstevel@tonic-gate static char *sasl_realm = NULL; 2327c478bd9Sstevel@tonic-gate static char *sasl_username = NULL; 2337c478bd9Sstevel@tonic-gate static char *sasl_secprops = NULL; 2347c478bd9Sstevel@tonic-gate static int ldapauth = -1; 2357c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 2367c478bd9Sstevel@tonic-gate 2377c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 2387c478bd9Sstevel@tonic-gate static char *cache_config_file = NULL; 2397c478bd9Sstevel@tonic-gate #endif /* !NO_LIBLCACHE */ 2407c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 2417c478bd9Sstevel@tonic-gate static int secure = 0; 2427c478bd9Sstevel@tonic-gate static int isZ = 0; 2437c478bd9Sstevel@tonic-gate static int isN = 0; 2447c478bd9Sstevel@tonic-gate static int isW = 0; 2457c478bd9Sstevel@tonic-gate static int isw = 0; 2467c478bd9Sstevel@tonic-gate static int isD = 0; 2477c478bd9Sstevel@tonic-gate static int isj = 0; 2487c478bd9Sstevel@tonic-gate static int ssl_strength = LDAPTOOL_DEFSSLSTRENGTH; 2497c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 2507c478bd9Sstevel@tonic-gate static char pathname[PATH_BUF_SIZE]; 2517c478bd9Sstevel@tonic-gate #endif 2527c478bd9Sstevel@tonic-gate static char *ssl_certdbpath = NULL; 2537c478bd9Sstevel@tonic-gate static char *ssl_keydbpath = NULL; 2547c478bd9Sstevel@tonic-gate static char *ssl_keyname = NULL; 2557c478bd9Sstevel@tonic-gate static char *ssl_certname = NULL; 2567c478bd9Sstevel@tonic-gate static char *ssl_passwd = NULL; 2577c478bd9Sstevel@tonic-gate 2587c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 2597c478bd9Sstevel@tonic-gate static char *ssl_secmodpath = NULL; 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate static char *pkcs_token = NULL; 2627c478bd9Sstevel@tonic-gate 2637c478bd9Sstevel@tonic-gate static char *ssl_donglefile = NULL; 2647c478bd9Sstevel@tonic-gate 2657c478bd9Sstevel@tonic-gate #if 0 2667c478bd9Sstevel@tonic-gate static char *pkcs_pin = NULL; 2677c478bd9Sstevel@tonic-gate #endif 2687c478bd9Sstevel@tonic-gate static struct ldapssl_pkcs_fns local_pkcs_fns = 2697c478bd9Sstevel@tonic-gate {0,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL }; 2707c478bd9Sstevel@tonic-gate 2717c478bd9Sstevel@tonic-gate #ifdef FORTEZZA 2727c478bd9Sstevel@tonic-gate static uint32 fortezza_cardmask = 0; 2737c478bd9Sstevel@tonic-gate static char *fortezza_personality = NULL; 2747c478bd9Sstevel@tonic-gate static char *fortezza_krlfile = NULL; 2757c478bd9Sstevel@tonic-gate static char *fortezza_pin = NULL; 2767c478bd9Sstevel@tonic-gate #endif /* FORTEZZA */ 2777c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 2787c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gate /* 2817c478bd9Sstevel@tonic-gate * Handle general initialization and options that are common to all of 2827c478bd9Sstevel@tonic-gate * the LDAP tools. 2837c478bd9Sstevel@tonic-gate * Handle options that are common to all of the LDAP tools. 2847c478bd9Sstevel@tonic-gate * Note the the H option is included here but handled via the 2857c478bd9Sstevel@tonic-gate * extra_opt_callback function (along with any "extra_opts" ). 2867c478bd9Sstevel@tonic-gate * 2877c478bd9Sstevel@tonic-gate * Return: final value for optind or -1 if usage should be displayed (for 2887c478bd9Sstevel@tonic-gate * some fatal errors, we call exit here). 2897c478bd9Sstevel@tonic-gate */ 2907c478bd9Sstevel@tonic-gate int 2917c478bd9Sstevel@tonic-gate ldaptool_process_args( int argc, char **argv, char *extra_opts, 2927c478bd9Sstevel@tonic-gate int two_hosts, void (*extra_opt_callback)( int option, char *optarg )) 2937c478bd9Sstevel@tonic-gate { 2947c478bd9Sstevel@tonic-gate int rc, i, hostnum; 2957c478bd9Sstevel@tonic-gate char *optstring, *common_opts; 2967c478bd9Sstevel@tonic-gate extern char *optarg; 2977c478bd9Sstevel@tonic-gate extern int optind; 2987c478bd9Sstevel@tonic-gate LDAPAPIInfo ldai; 2997c478bd9Sstevel@tonic-gate char *ctrl_arg, *ctrl_oid=NULL, *ctrl_value=NULL; 3007c478bd9Sstevel@tonic-gate int ctrl_criticality=0, vlen; 3017c478bd9Sstevel@tonic-gate LDAPControl *ldctrl; 3027c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 3037c478bd9Sstevel@tonic-gate struct stat st; 3047c478bd9Sstevel@tonic-gate #endif 3057c478bd9Sstevel@tonic-gate 3067c478bd9Sstevel@tonic-gate 3077c478bd9Sstevel@tonic-gate /* 3087c478bd9Sstevel@tonic-gate * Set program name global based on argv[0]. 3097c478bd9Sstevel@tonic-gate */ 3107c478bd9Sstevel@tonic-gate if (( ldaptool_progname = strrchr( argv[ 0 ], '/' )) == NULL ) { 3117c478bd9Sstevel@tonic-gate ldaptool_progname = argv[ 0 ]; 3127c478bd9Sstevel@tonic-gate } else { 3137c478bd9Sstevel@tonic-gate ++ldaptool_progname; 3147c478bd9Sstevel@tonic-gate } 3157c478bd9Sstevel@tonic-gate 3167c478bd9Sstevel@tonic-gate #ifdef LDAPTOOL_DEBUG_MEMORY 3177c478bd9Sstevel@tonic-gate { 3187c478bd9Sstevel@tonic-gate struct ldap_memalloc_fns mafns = { 3197c478bd9Sstevel@tonic-gate ldaptool_debug_malloc, 3207c478bd9Sstevel@tonic-gate ldaptool_debug_calloc, 3217c478bd9Sstevel@tonic-gate ldaptool_debug_realloc, 3227c478bd9Sstevel@tonic-gate ldaptool_debug_free 3237c478bd9Sstevel@tonic-gate }; 3247c478bd9Sstevel@tonic-gate 3257c478bd9Sstevel@tonic-gate ldap_set_option( NULL, LDAP_OPT_MEMALLOC_FN_PTRS, &mafns ); 3267c478bd9Sstevel@tonic-gate } 3277c478bd9Sstevel@tonic-gate #endif /* LDAPTOOL_DEBUG_MEMORY */ 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 3307c478bd9Sstevel@tonic-gate i = LDAP_DEBUG_ANY; 3317c478bd9Sstevel@tonic-gate ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, (void *) &i); 3327c478bd9Sstevel@tonic-gate #endif 3337c478bd9Sstevel@tonic-gate 3347c478bd9Sstevel@tonic-gate /* 3357c478bd9Sstevel@tonic-gate * Perform a sanity check on the revision of the LDAP API library to 3367c478bd9Sstevel@tonic-gate * make sure it is at least as new as the one we were compiled against. 3377c478bd9Sstevel@tonic-gate * If the API implementation is from the same vendor as we were compiled 3387c478bd9Sstevel@tonic-gate * against, we also check to make sure the vendor version is at least 3397c478bd9Sstevel@tonic-gate * as new as the library we were compiled against. 3407c478bd9Sstevel@tonic-gate * 3417c478bd9Sstevel@tonic-gate * Version differences are fatal unless the -0 option is passed on the 3427c478bd9Sstevel@tonic-gate * tool command line (that's a zero, not an oh). We check for the 3437c478bd9Sstevel@tonic-gate * presence of -0 in a crude way to it must appear by itself in argv. 3447c478bd9Sstevel@tonic-gate */ 3457c478bd9Sstevel@tonic-gate for ( i = 1; i < argc; ++i ) { 3467c478bd9Sstevel@tonic-gate if ( strcmp( argv[i], "-0" ) == 0 ) { 3477c478bd9Sstevel@tonic-gate lib_version_mismatch_is_fatal = 0; 3487c478bd9Sstevel@tonic-gate break; 3497c478bd9Sstevel@tonic-gate } 3507c478bd9Sstevel@tonic-gate } 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate memset( &ldai, 0, sizeof(ldai)); 3537c478bd9Sstevel@tonic-gate ldai.ldapai_info_version = LDAP_API_INFO_VERSION; 3547c478bd9Sstevel@tonic-gate if (( rc = ldap_get_option( NULL, LDAP_OPT_API_INFO, &ldai )) != 0 ) { 3557c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: unable to retrieve LDAP library version" 3567c478bd9Sstevel@tonic-gate " information;\n\tthis program requires an LDAP library that" 3577c478bd9Sstevel@tonic-gate " implements revision\n\t%d or greater of the LDAP API.\n"), 3587c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_API_VERSION ); 3597c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3607c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3617c478bd9Sstevel@tonic-gate } 3627c478bd9Sstevel@tonic-gate } else if ( ldai.ldapai_api_version < LDAP_API_VERSION ) { 3637c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: this program requires an LDAP library that" 3647c478bd9Sstevel@tonic-gate " implements revision\n\t%d or greater of the LDAP API;" 3657c478bd9Sstevel@tonic-gate " running with revision %d.\n"), 3667c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_API_VERSION, ldai.ldapai_api_version ); 3677c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3687c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3697c478bd9Sstevel@tonic-gate } 3707c478bd9Sstevel@tonic-gate } else if ( strcmp( ldai.ldapai_vendor_name, LDAP_VENDOR_NAME ) != 0) { 3717c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: this program requires %s's LDAP\n" 3727c478bd9Sstevel@tonic-gate "\tlibrary version %2.2f or greater; running with\n" 3737c478bd9Sstevel@tonic-gate "\t%s's version %2.2f.\n"), 3747c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_VENDOR_NAME, 3757c478bd9Sstevel@tonic-gate (float)LDAP_VENDOR_VERSION / 100, 3767c478bd9Sstevel@tonic-gate ldai.ldapai_vendor_name, 3777c478bd9Sstevel@tonic-gate (float)ldai.ldapai_vendor_version / 100 ); 3787c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3797c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3807c478bd9Sstevel@tonic-gate } 3817c478bd9Sstevel@tonic-gate } else if (ldai.ldapai_vendor_version < LDAP_VENDOR_VERSION ) { 3827c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: this program requires %s's LDAP\n" 3837c478bd9Sstevel@tonic-gate "\tlibrary version %2.2f or greater; running with" 3847c478bd9Sstevel@tonic-gate " version %2.2f.\n"), 3857c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_VENDOR_NAME, 3867c478bd9Sstevel@tonic-gate (float)LDAP_VENDOR_VERSION / 100, 3877c478bd9Sstevel@tonic-gate (float)ldai.ldapai_vendor_version / 100 ); 3887c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3897c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3907c478bd9Sstevel@tonic-gate } 3917c478bd9Sstevel@tonic-gate } 3927c478bd9Sstevel@tonic-gate 3937c478bd9Sstevel@tonic-gate /* 3947c478bd9Sstevel@tonic-gate * Process command line options. 3957c478bd9Sstevel@tonic-gate */ 3967c478bd9Sstevel@tonic-gate if ( extra_opts == NULL ) { 3977c478bd9Sstevel@tonic-gate extra_opts = ""; 3987c478bd9Sstevel@tonic-gate } 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 4017c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 4027c478bd9Sstevel@tonic-gate common_opts = "nvEMRH?Zd:D:f:h:j:N:O:o:P:p:W:w:V:i:k:y:Y:J:"; 4037c478bd9Sstevel@tonic-gate #else 4047c478bd9Sstevel@tonic-gate common_opts = "nvEMRHZ03d:D:f:h:j:I:K:N:O:o:P:p:Q:W:w:V:X:m:i:k:y:Y:J:"; 4057c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 4067c478bd9Sstevel@tonic-gate #else 4077c478bd9Sstevel@tonic-gate common_opts = "nvEMRHZ03d:D:f:h:j:I:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y:J:"; 4087c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 4097c478bd9Sstevel@tonic-gate 4107c478bd9Sstevel@tonic-gate /* note: optstring must include room for liblcache "C:" option */ 4117c478bd9Sstevel@tonic-gate if (( optstring = (char *) malloc( strlen( extra_opts ) + strlen( common_opts ) 4127c478bd9Sstevel@tonic-gate + 3 )) == NULL ) { 4137c478bd9Sstevel@tonic-gate perror( "malloc" ); 4147c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 4157c478bd9Sstevel@tonic-gate } 4167c478bd9Sstevel@tonic-gate 4177c478bd9Sstevel@tonic-gate #ifdef NO_LIBLCACHE 4187c478bd9Sstevel@tonic-gate sprintf( optstring, "%s%s", common_opts, extra_opts ); 4197c478bd9Sstevel@tonic-gate #else 4207c478bd9Sstevel@tonic-gate sprintf( optstring, "%s%sC:", common_opts, extra_opts ); 4217c478bd9Sstevel@tonic-gate #endif 4227c478bd9Sstevel@tonic-gate 4237c478bd9Sstevel@tonic-gate hostnum = 0; 4247c478bd9Sstevel@tonic-gate while ( (i = getopt( argc, argv, optstring )) != EOF ) { 4257c478bd9Sstevel@tonic-gate switch( i ) { 4267c478bd9Sstevel@tonic-gate case 'n': /* do Not do any LDAP operations */ 4277c478bd9Sstevel@tonic-gate ++ldaptool_not; 4287c478bd9Sstevel@tonic-gate break; 4297c478bd9Sstevel@tonic-gate case 'v': /* verbose mode */ 4307c478bd9Sstevel@tonic-gate ++ldaptool_verbose; 4317c478bd9Sstevel@tonic-gate break; 4327c478bd9Sstevel@tonic-gate case 'd': 4337c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 4347c478bd9Sstevel@tonic-gate ldaptool_dbg_lvl = atoi( optarg ); /* */ 4357c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 4367c478bd9Sstevel@tonic-gate ldap_set_option(NULL, LBER_OPT_DEBUG_LEVEL, 4377c478bd9Sstevel@tonic-gate (void *)&ldaptool_dbg_lvl); 4387c478bd9Sstevel@tonic-gate #else 4397c478bd9Sstevel@tonic-gate ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, 4407c478bd9Sstevel@tonic-gate (void *)&ldaptool_dbg_lvl); 4417c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 4427c478bd9Sstevel@tonic-gate ldaptool_dbg_lvl |= LDAP_DEBUG_ANY; 4437c478bd9Sstevel@tonic-gate ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, 4447c478bd9Sstevel@tonic-gate (void *)&ldaptool_dbg_lvl); 4457c478bd9Sstevel@tonic-gate #else /* LDAP_DEBUG */ 4467c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("compile with -DLDAP_DEBUG for debugging\n") ); 4477c478bd9Sstevel@tonic-gate #endif /* LDAP_DEBUG */ 4487c478bd9Sstevel@tonic-gate break; 4497c478bd9Sstevel@tonic-gate case 'R': /* don't automatically chase referrals */ 4507c478bd9Sstevel@tonic-gate chase_referrals = 0; 4517c478bd9Sstevel@tonic-gate break; 4527c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 4537c478bd9Sstevel@tonic-gate case 'C': /* search local database */ 4547c478bd9Sstevel@tonic-gate cache_config_file = strdup( optarg ); 4557c478bd9Sstevel@tonic-gate break; 4567c478bd9Sstevel@tonic-gate #endif 4577c478bd9Sstevel@tonic-gate case 'f': /* input file */ 4587c478bd9Sstevel@tonic-gate if ( optarg[0] == '-' && optarg[1] == '\0' ) { 4597c478bd9Sstevel@tonic-gate ldaptool_fp = stdin; 4607c478bd9Sstevel@tonic-gate } else if (( ldaptool_fp = ldaptool_open_file( optarg, "r" )) == NULL ) { 4617c478bd9Sstevel@tonic-gate perror( optarg ); 4627c478bd9Sstevel@tonic-gate exit( LDAP_PARAM_ERROR ); 4637c478bd9Sstevel@tonic-gate } 4647c478bd9Sstevel@tonic-gate break; 4657c478bd9Sstevel@tonic-gate case 'h': /* ldap host */ 4667c478bd9Sstevel@tonic-gate if ( hostnum == 0 ) { 4677c478bd9Sstevel@tonic-gate ldaptool_host = strdup( optarg ); 4687c478bd9Sstevel@tonic-gate } else { 4697c478bd9Sstevel@tonic-gate ldaptool_host2 = strdup( optarg ); 4707c478bd9Sstevel@tonic-gate } 4717c478bd9Sstevel@tonic-gate ++hostnum; 4727c478bd9Sstevel@tonic-gate break; 4737c478bd9Sstevel@tonic-gate case 'D': /* bind DN */ 4747c478bd9Sstevel@tonic-gate isD = 1; 4757c478bd9Sstevel@tonic-gate binddn = strdup( optarg ); 4767c478bd9Sstevel@tonic-gate break; 4777c478bd9Sstevel@tonic-gate case 'E': /* expose bind identity via auth. response control */ 4787c478bd9Sstevel@tonic-gate ++send_auth_response_ctrl; 4797c478bd9Sstevel@tonic-gate break; 4807c478bd9Sstevel@tonic-gate 4817c478bd9Sstevel@tonic-gate case 'p': /* ldap port */ 4827c478bd9Sstevel@tonic-gate if ( !user_specified_port ) { 4837c478bd9Sstevel@tonic-gate ++user_specified_port; 4847c478bd9Sstevel@tonic-gate ldaptool_port = atoi( optarg ); 4857c478bd9Sstevel@tonic-gate } else { 4867c478bd9Sstevel@tonic-gate ++user_specified_port2; 4877c478bd9Sstevel@tonic-gate ldaptool_port2 = atoi( optarg ); 4887c478bd9Sstevel@tonic-gate } 4897c478bd9Sstevel@tonic-gate break; 4907c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 4917c478bd9Sstevel@tonic-gate case 'P': /* path to security database */ 4927c478bd9Sstevel@tonic-gate secure = 1; /* do SSL encryption */ 4937c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 4947c478bd9Sstevel@tonic-gate ssl_certdbpath = strdup(optarg); 4957c478bd9Sstevel@tonic-gate if (NULL == ssl_certdbpath) { 4967c478bd9Sstevel@tonic-gate perror("malloc"); 4977c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 4987c478bd9Sstevel@tonic-gate } 4997c478bd9Sstevel@tonic-gate #else 5007c478bd9Sstevel@tonic-gate /* 5017c478bd9Sstevel@tonic-gate * Verify whether it's a base directory or a cert db file. 5027c478bd9Sstevel@tonic-gate * If it is not a directory, truncate the file name as 5037c478bd9Sstevel@tonic-gate * the revised NSS_Init() doesn't take file name any longer. 5047c478bd9Sstevel@tonic-gate */ 5057c478bd9Sstevel@tonic-gate if (strlcpy(pathname, optarg, PATH_BUF_SIZE) >= PATH_BUF_SIZE) { 5067c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("\"-P\": Path name is too " 5077c478bd9Sstevel@tonic-gate "long\n")); 5087c478bd9Sstevel@tonic-gate exit(LDAP_PARAM_ERROR); 5097c478bd9Sstevel@tonic-gate } 5107c478bd9Sstevel@tonic-gate 5117c478bd9Sstevel@tonic-gate if (stat(pathname, &st) != 0) { 5127c478bd9Sstevel@tonic-gate perror("stat"); 5137c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("\"-P\": Path name is " 5147c478bd9Sstevel@tonic-gate "invalid\n")); 5157c478bd9Sstevel@tonic-gate exit(LDAP_PARAM_ERROR); 5167c478bd9Sstevel@tonic-gate } else { 5177c478bd9Sstevel@tonic-gate if (S_ISREG(st.st_mode)) { 5187c478bd9Sstevel@tonic-gate /* redir to a regular file's dir name */ 5197c478bd9Sstevel@tonic-gate ssl_certdbpath = dirname(pathname); 5207c478bd9Sstevel@tonic-gate } else 5217c478bd9Sstevel@tonic-gate ssl_certdbpath = pathname; 5227c478bd9Sstevel@tonic-gate } 5237c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 5247c478bd9Sstevel@tonic-gate break; 5257c478bd9Sstevel@tonic-gate case 'Z': /* do SSL encryption */ 5267c478bd9Sstevel@tonic-gate secure = 1; 5277c478bd9Sstevel@tonic-gate isZ = 1; 5287c478bd9Sstevel@tonic-gate break; 5297c478bd9Sstevel@tonic-gate case 'N': /* nickname of cert. to use for client auth. */ 5307c478bd9Sstevel@tonic-gate ssl_certname = strdup( optarg ); 5317c478bd9Sstevel@tonic-gate if (NULL == ssl_certname) 5327c478bd9Sstevel@tonic-gate { 5337c478bd9Sstevel@tonic-gate perror("malloc"); 5347c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5357c478bd9Sstevel@tonic-gate } 5367c478bd9Sstevel@tonic-gate isN = 1; 5377c478bd9Sstevel@tonic-gate break; 5387c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 5397c478bd9Sstevel@tonic-gate case 'K': /* location of key database */ 5407c478bd9Sstevel@tonic-gate ssl_keydbpath = strdup( optarg ); 5417c478bd9Sstevel@tonic-gate if (NULL == ssl_keydbpath) 5427c478bd9Sstevel@tonic-gate { 5437c478bd9Sstevel@tonic-gate perror("malloc"); 5447c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5457c478bd9Sstevel@tonic-gate } 5467c478bd9Sstevel@tonic-gate break; 5477c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 5487c478bd9Sstevel@tonic-gate 5497c478bd9Sstevel@tonic-gate case 'W': /* SSL key password */ 5507c478bd9Sstevel@tonic-gate ssl_passwd = strdup( optarg ); 5517c478bd9Sstevel@tonic-gate if (NULL == ssl_passwd) 5527c478bd9Sstevel@tonic-gate { 5537c478bd9Sstevel@tonic-gate perror("malloc"); 5547c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5557c478bd9Sstevel@tonic-gate } 5567c478bd9Sstevel@tonic-gate isW = 1; 5577c478bd9Sstevel@tonic-gate break; 5587c478bd9Sstevel@tonic-gate 5597c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 5607c478bd9Sstevel@tonic-gate case '3': /* check hostnames in SSL certificates ("no third") */ 5617c478bd9Sstevel@tonic-gate ssl_strength = LDAPSSL_AUTH_CNCHECK; 5627c478bd9Sstevel@tonic-gate break; 5637c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 5647c478bd9Sstevel@tonic-gate 5657c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 5667c478bd9Sstevel@tonic-gate case 'm': /* SSL secmod path */ 5677c478bd9Sstevel@tonic-gate ssl_secmodpath = strdup( optarg); 5687c478bd9Sstevel@tonic-gate if (NULL == ssl_secmodpath) 5697c478bd9Sstevel@tonic-gate { 5707c478bd9Sstevel@tonic-gate perror("malloc"); 5717c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5727c478bd9Sstevel@tonic-gate } 5737c478bd9Sstevel@tonic-gate break; 5747c478bd9Sstevel@tonic-gate 5757c478bd9Sstevel@tonic-gate case 'Q': /* FORTEZZA [card][:personality] */ 5767c478bd9Sstevel@tonic-gate pkcs_token = strdup(optarg); 5777c478bd9Sstevel@tonic-gate if (NULL == pkcs_token) 5787c478bd9Sstevel@tonic-gate { 5797c478bd9Sstevel@tonic-gate perror("malloc"); 5807c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5817c478bd9Sstevel@tonic-gate } 5827c478bd9Sstevel@tonic-gate 5837c478bd9Sstevel@tonic-gate break; 5847c478bd9Sstevel@tonic-gate /* This option removed to prevent interference 5857c478bd9Sstevel@tonic-gate with the getEffectiveRights option, also -X 5867c478bd9Sstevel@tonic-gate case 'X': * path to FORTEZZA CKL file * 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate fortezza_krlfile = strdup( optarg ); 5897c478bd9Sstevel@tonic-gate 5907c478bd9Sstevel@tonic-gate 5917c478bd9Sstevel@tonic-gate break; 5927c478bd9Sstevel@tonic-gate */ 5937c478bd9Sstevel@tonic-gate case 'I': /* FORTEZZA PIN (password file) */ 5947c478bd9Sstevel@tonic-gate ssl_donglefile = strdup( optarg ); 5957c478bd9Sstevel@tonic-gate 5967c478bd9Sstevel@tonic-gate break; 5977c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 6007c478bd9Sstevel@tonic-gate case 'w': /* bind password */ 6017c478bd9Sstevel@tonic-gate isw = 1; 6027c478bd9Sstevel@tonic-gate if ( optarg[0] == '-' && optarg[1] == '\0' ) 6037c478bd9Sstevel@tonic-gate prompt_password = 1; 6047c478bd9Sstevel@tonic-gate else 6057c478bd9Sstevel@tonic-gate passwd = strdup( optarg ); 6067c478bd9Sstevel@tonic-gate break; 6077c478bd9Sstevel@tonic-gate case 'j': /* bind password or SSL key password from file */ 6087c478bd9Sstevel@tonic-gate isj = 1; 6097c478bd9Sstevel@tonic-gate if ((password_fp = fopen( optarg, "r" )) == NULL ) { 6107c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: Unable to open '%s' file\n"), 6117c478bd9Sstevel@tonic-gate ldaptool_progname, optarg); 6127c478bd9Sstevel@tonic-gate exit( LDAP_PARAM_ERROR ); 6137c478bd9Sstevel@tonic-gate } 6147c478bd9Sstevel@tonic-gate break; 6157c478bd9Sstevel@tonic-gate case 'O': /* referral hop limit */ 6167c478bd9Sstevel@tonic-gate refhoplim = atoi( optarg ); 6177c478bd9Sstevel@tonic-gate break; 6187c478bd9Sstevel@tonic-gate case 'V': /* protocol version */ 6197c478bd9Sstevel@tonic-gate ldversion = atoi (optarg); 6207c478bd9Sstevel@tonic-gate if ( ldversion != LDAP_VERSION2 && ldversion != LDAP_VERSION3 ) { 6217c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: LDAP protocol version %d is not " 6227c478bd9Sstevel@tonic-gate "supported (use -V%d or -V%d)\n"), 6237c478bd9Sstevel@tonic-gate ldaptool_progname, ldversion, LDAP_VERSION2, 6247c478bd9Sstevel@tonic-gate LDAP_VERSION3 ); 6257c478bd9Sstevel@tonic-gate exit( LDAP_PARAM_ERROR ); 6267c478bd9Sstevel@tonic-gate } 6277c478bd9Sstevel@tonic-gate break; 6287c478bd9Sstevel@tonic-gate case 'M': /* send a manageDsaIT control */ 6297c478bd9Sstevel@tonic-gate send_manage_dsait_ctrl = 1; 6307c478bd9Sstevel@tonic-gate break; 6317c478bd9Sstevel@tonic-gate 6327c478bd9Sstevel@tonic-gate case 'i': /* character set specified */ 6337c478bd9Sstevel@tonic-gate ldaptool_charset = strdup( optarg ); 6347c478bd9Sstevel@tonic-gate if (NULL == ldaptool_charset) 6357c478bd9Sstevel@tonic-gate { 6367c478bd9Sstevel@tonic-gate perror( "malloc" ); 6377c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 6387c478bd9Sstevel@tonic-gate } 6397c478bd9Sstevel@tonic-gate 6407c478bd9Sstevel@tonic-gate break; 6417c478bd9Sstevel@tonic-gate case 'k': /* conversion directory */ 6427c478bd9Sstevel@tonic-gate ldaptool_convdir = strdup( optarg ); 6437c478bd9Sstevel@tonic-gate if (NULL == ldaptool_convdir) 6447c478bd9Sstevel@tonic-gate { 6457c478bd9Sstevel@tonic-gate perror( "malloc" ); 6467c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 6477c478bd9Sstevel@tonic-gate } 6487c478bd9Sstevel@tonic-gate break; 6497c478bd9Sstevel@tonic-gate case 'y': /* old (version 1) proxied authorization control */ 6507c478bd9Sstevel@tonic-gate proxyauth_version = 1; 6517c478bd9Sstevel@tonic-gate case 'Y': /* new (version 2 ) proxied authorization control */ 6527c478bd9Sstevel@tonic-gate /*FALLTHRU*/ 6537c478bd9Sstevel@tonic-gate proxyauth_id = strdup(optarg); 6547c478bd9Sstevel@tonic-gate if (NULL == proxyauth_id) 6557c478bd9Sstevel@tonic-gate { 6567c478bd9Sstevel@tonic-gate perror( "malloc" ); 6577c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 6587c478bd9Sstevel@tonic-gate } 6597c478bd9Sstevel@tonic-gate 6607c478bd9Sstevel@tonic-gate break; 6617c478bd9Sstevel@tonic-gate 6627c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 6637c478bd9Sstevel@tonic-gate case '0': /* zero -- override LDAP library version check */ 6647c478bd9Sstevel@tonic-gate break; /* already handled above */ 6657c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 6667c478bd9Sstevel@tonic-gate case 'J': /* send an arbitrary control */ 6677c478bd9Sstevel@tonic-gate if ( (ctrl_arg = strdup( optarg)) == NULL ) { 6687c478bd9Sstevel@tonic-gate perror ("strdup"); 6697c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 6707c478bd9Sstevel@tonic-gate } 6717c478bd9Sstevel@tonic-gate if (ldaptool_parse_ctrl_arg(ctrl_arg, ':', &ctrl_oid, 6727c478bd9Sstevel@tonic-gate &ctrl_criticality, &ctrl_value, &vlen)) { 6737c478bd9Sstevel@tonic-gate return (-1); 6747c478bd9Sstevel@tonic-gate } 6757c478bd9Sstevel@tonic-gate ldctrl = calloc(1,sizeof(LDAPControl)); 6767c478bd9Sstevel@tonic-gate if (ctrl_value) { 6777c478bd9Sstevel@tonic-gate rc = ldaptool_berval_from_ldif_value( ctrl_value, 6787c478bd9Sstevel@tonic-gate vlen, &(ldctrl->ldctl_value), 6797c478bd9Sstevel@tonic-gate 1 /* recognize file URLs */, 6807c478bd9Sstevel@tonic-gate 0 /* always try file */, 6817c478bd9Sstevel@tonic-gate 1 /* report errors */ ); 6827c478bd9Sstevel@tonic-gate if ((rc = ldaptool_fileurlerr2ldaperr( rc )) != LDAP_SUCCESS) { 6837c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Unable to parse %s\n"), ctrl_value); 6847c478bd9Sstevel@tonic-gate return (-1); 6857c478bd9Sstevel@tonic-gate } 6867c478bd9Sstevel@tonic-gate } 6877c478bd9Sstevel@tonic-gate ldctrl->ldctl_oid = ctrl_oid; 6887c478bd9Sstevel@tonic-gate ldctrl->ldctl_iscritical = ctrl_criticality; 6897c478bd9Sstevel@tonic-gate ldaptool_add_control_to_array(ldctrl, ldaptool_request_ctrls); 6907c478bd9Sstevel@tonic-gate break; 6917c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 6927c478bd9Sstevel@tonic-gate case 'o': /* attribute assignment */ 6937c478bd9Sstevel@tonic-gate if ((rc = saslSetParam(optarg)) == -1) { 6947c478bd9Sstevel@tonic-gate return (-1); 6957c478bd9Sstevel@tonic-gate } 6967c478bd9Sstevel@tonic-gate ldapauth = LDAP_AUTH_SASL; 6977c478bd9Sstevel@tonic-gate ldversion = LDAP_VERSION3; 6987c478bd9Sstevel@tonic-gate break; 6997c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 7007c478bd9Sstevel@tonic-gate default: 7017c478bd9Sstevel@tonic-gate (*extra_opt_callback)( i, optarg ); 7027c478bd9Sstevel@tonic-gate } 7037c478bd9Sstevel@tonic-gate } 7047c478bd9Sstevel@tonic-gate 7057c478bd9Sstevel@tonic-gate 7067c478bd9Sstevel@tonic-gate /* If '-Z' is specified, check if '-P' is specified too. */ 7077c478bd9Sstevel@tonic-gate if ( isN || isW ) { 7087c478bd9Sstevel@tonic-gate if ( !isZ ) { 7097c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: with -N, -W options, please specify -Z\n\n"), ldaptool_progname ); 7107c478bd9Sstevel@tonic-gate return (-1); 7117c478bd9Sstevel@tonic-gate } 7127c478bd9Sstevel@tonic-gate } 7137c478bd9Sstevel@tonic-gate 7147c478bd9Sstevel@tonic-gate /* if '-N' is specified, -W is needed too */ 7157c478bd9Sstevel@tonic-gate if ( isN && NULL == ssl_passwd ) { 7167c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: with the -N option, please specify -W also\n\n"), 7177c478bd9Sstevel@tonic-gate ldaptool_progname ); 7187c478bd9Sstevel@tonic-gate return (-1); 7197c478bd9Sstevel@tonic-gate } 7207c478bd9Sstevel@tonic-gate 7217c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 7227c478bd9Sstevel@tonic-gate if ( isj && ( isw || isW )) { 7237c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: -j and -w or -W options cannot be specified simultaneously\n\n"), ldaptool_progname ); 7247c478bd9Sstevel@tonic-gate #else 7257c478bd9Sstevel@tonic-gate if ( isj && isw ) { 7267c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: -j and -w options cannot be specified simultaneously\n\n"), ldaptool_progname ); 7277c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 7287c478bd9Sstevel@tonic-gate return (-1); 7297c478bd9Sstevel@tonic-gate } 7307c478bd9Sstevel@tonic-gate 7317c478bd9Sstevel@tonic-gate /* complain if -j or -w does not also have -D, unless using SASL */ 7327c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 7337c478bd9Sstevel@tonic-gate if ( (isj || isw) && !isD && ( ldapauth != LDAP_AUTH_SASL ) ) { 7347c478bd9Sstevel@tonic-gate #else 7357c478bd9Sstevel@tonic-gate if ( (isj || isw) && !isD ) { 7367c478bd9Sstevel@tonic-gate #endif 7377c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: with -j, -w options, please specify -D\n\n"), ldaptool_progname ); 7387c478bd9Sstevel@tonic-gate return (-1); 7397c478bd9Sstevel@tonic-gate } 7407c478bd9Sstevel@tonic-gate 7417c478bd9Sstevel@tonic-gate /* use default key and cert DB paths if not set on the command line */ 7427c478bd9Sstevel@tonic-gate if ( NULL == ssl_keydbpath ) { 7437c478bd9Sstevel@tonic-gate if ( NULL == ssl_certdbpath ) { 7447c478bd9Sstevel@tonic-gate ssl_keydbpath = LDAPTOOL_DEFKEYDBPATH; 7457c478bd9Sstevel@tonic-gate } else { 7467c478bd9Sstevel@tonic-gate ssl_keydbpath = certpath2keypath( ssl_certdbpath ); 7477c478bd9Sstevel@tonic-gate } 7487c478bd9Sstevel@tonic-gate } 7497c478bd9Sstevel@tonic-gate if ( NULL == ssl_certdbpath ) { 7507c478bd9Sstevel@tonic-gate ssl_certdbpath = LDAPTOOL_DEFCERTDBPATH; 7517c478bd9Sstevel@tonic-gate } 7527c478bd9Sstevel@tonic-gate 7537c478bd9Sstevel@tonic-gate if (prompt_password != 0) { 7547c478bd9Sstevel@tonic-gate char *password_string = "Enter bind password: "; 7557c478bd9Sstevel@tonic-gate 7567c478bd9Sstevel@tonic-gate #if defined(_WIN32) 7577c478bd9Sstevel@tonic-gate char pbuf[257]; 7587c478bd9Sstevel@tonic-gate fputs(password_string,stdout); 7597c478bd9Sstevel@tonic-gate fflush(stdout); 7607c478bd9Sstevel@tonic-gate if (fgets(pbuf,256,stdin) == NULL) { 7617c478bd9Sstevel@tonic-gate passwd = NULL; 7627c478bd9Sstevel@tonic-gate } else { 7637c478bd9Sstevel@tonic-gate char *tmp; 7647c478bd9Sstevel@tonic-gate 7657c478bd9Sstevel@tonic-gate tmp = strchr(pbuf,'\n'); 7667c478bd9Sstevel@tonic-gate if (tmp) *tmp = '\0'; 7677c478bd9Sstevel@tonic-gate tmp = strchr(pbuf,'\r'); 7687c478bd9Sstevel@tonic-gate if (tmp) *tmp = '\0'; 7697c478bd9Sstevel@tonic-gate passwd = strdup(pbuf); 7707c478bd9Sstevel@tonic-gate } 7717c478bd9Sstevel@tonic-gate #else 7727c478bd9Sstevel@tonic-gate #if defined(SOLARIS) 7737c478bd9Sstevel@tonic-gate /* 256 characters on Solaris */ 7747c478bd9Sstevel@tonic-gate passwd = getpassphrase(password_string); 7757c478bd9Sstevel@tonic-gate #else 7767c478bd9Sstevel@tonic-gate /* limited to 16 chars on Tru64, 32 on AIX */ 7777c478bd9Sstevel@tonic-gate passwd = getpass(password_string); 7787c478bd9Sstevel@tonic-gate #endif 7797c478bd9Sstevel@tonic-gate #endif 7807c478bd9Sstevel@tonic-gate 7817c478bd9Sstevel@tonic-gate } else if (password_fp != NULL) { 7827c478bd9Sstevel@tonic-gate char *linep = NULL; 7837c478bd9Sstevel@tonic-gate int increment = 0; 7847c478bd9Sstevel@tonic-gate int c, index; 7857c478bd9Sstevel@tonic-gate 7867c478bd9Sstevel@tonic-gate /* allocate initial block of memory */ 7877c478bd9Sstevel@tonic-gate if ((linep = (char *)malloc(BUFSIZ)) == NULL) { 7887c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: not enough memory to read password from file\n"), ldaptool_progname ); 7897c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 7907c478bd9Sstevel@tonic-gate } 7917c478bd9Sstevel@tonic-gate increment++; 7927c478bd9Sstevel@tonic-gate index = 0; 7937c478bd9Sstevel@tonic-gate while ((c = fgetc( password_fp )) != '\n' && c != EOF) { 7947c478bd9Sstevel@tonic-gate 7957c478bd9Sstevel@tonic-gate /* check if we will overflow the buffer */ 7967c478bd9Sstevel@tonic-gate if ((c != EOF) && (index == ((increment * BUFSIZ) -1))) { 7977c478bd9Sstevel@tonic-gate 7987c478bd9Sstevel@tonic-gate /* if we did, add another BUFSIZ worth of bytes */ 7997c478bd9Sstevel@tonic-gate if ((linep = (char *) 8007c478bd9Sstevel@tonic-gate realloc(linep, (increment + 1) * BUFSIZ)) == NULL) { 8017c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: not enough memory to read password from file\n"), ldaptool_progname ); 8027c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 8037c478bd9Sstevel@tonic-gate } 8047c478bd9Sstevel@tonic-gate increment++; 8057c478bd9Sstevel@tonic-gate } 8067c478bd9Sstevel@tonic-gate linep[index++] = c; 8077c478bd9Sstevel@tonic-gate } 8087c478bd9Sstevel@tonic-gate linep[index] = '\0'; 8097c478bd9Sstevel@tonic-gate passwd = linep; 8107c478bd9Sstevel@tonic-gate } 8117c478bd9Sstevel@tonic-gate 8127c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 8137c478bd9Sstevel@tonic-gate if (binddn != NULL && passwd == NULL) { 8147c478bd9Sstevel@tonic-gate char *password_string = gettext("Enter bind password: "); 8157c478bd9Sstevel@tonic-gate passwd = getpassphrase(password_string); 8167c478bd9Sstevel@tonic-gate } 8177c478bd9Sstevel@tonic-gate 8187c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 8197c478bd9Sstevel@tonic-gate if (ldapauth == LDAP_AUTH_SASL) { 8207c478bd9Sstevel@tonic-gate /* BindDN not required for SASL */ 8217c478bd9Sstevel@tonic-gate ldaptool_require_binddn = 0; 8227c478bd9Sstevel@tonic-gate } 8237c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 8247c478bd9Sstevel@tonic-gate 8257c478bd9Sstevel@tonic-gate #ifdef NET_SSL 8267c478bd9Sstevel@tonic-gate if (secure == 1) { 8277c478bd9Sstevel@tonic-gate /* BindDN not required for SSL */ 8287c478bd9Sstevel@tonic-gate ldaptool_require_binddn = 0; 8297c478bd9Sstevel@tonic-gate } 8307c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 8317c478bd9Sstevel@tonic-gate 8327c478bd9Sstevel@tonic-gate if (ldaptool_require_binddn && binddn == NULL && passwd == NULL) { 8337c478bd9Sstevel@tonic-gate fprintf(stderr, 8347c478bd9Sstevel@tonic-gate gettext("%s: DN and Bind Password are required.\n"), 8357c478bd9Sstevel@tonic-gate ldaptool_progname ); 8367c478bd9Sstevel@tonic-gate exit(1); 8377c478bd9Sstevel@tonic-gate } 8387c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 8397c478bd9Sstevel@tonic-gate 8407c478bd9Sstevel@tonic-gate /* 8417c478bd9Sstevel@tonic-gate * If verbose (-v) flag was passed in, display program name and start time. 8427c478bd9Sstevel@tonic-gate * If the verbose flag was passed at least twice (-vv), also display 8437c478bd9Sstevel@tonic-gate * information about the API library we are running with. 8447c478bd9Sstevel@tonic-gate */ 8457c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 8467c478bd9Sstevel@tonic-gate time_t curtime; 8477c478bd9Sstevel@tonic-gate 8487c478bd9Sstevel@tonic-gate curtime = time( NULL ); 8497c478bd9Sstevel@tonic-gate printf( gettext("%s: started %s\n"), ldaptool_progname, ctime( &curtime )); 8507c478bd9Sstevel@tonic-gate if ( ldaptool_verbose > 1 ) { 8517c478bd9Sstevel@tonic-gate print_library_info( &ldai, stdout ); 8527c478bd9Sstevel@tonic-gate } 8537c478bd9Sstevel@tonic-gate } 8547c478bd9Sstevel@tonic-gate 8557c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 8567c478bd9Sstevel@tonic-gate if ((NULL != pkcs_token) && (NULL != ssl_certname)) { 8577c478bd9Sstevel@tonic-gate char *result; 8587c478bd9Sstevel@tonic-gate 8597c478bd9Sstevel@tonic-gate if ( (result = buildTokenCertName( pkcs_token, ssl_certname)) != NULL){ 8607c478bd9Sstevel@tonic-gate free( ssl_certname ); 8617c478bd9Sstevel@tonic-gate ssl_certname = result; 8627c478bd9Sstevel@tonic-gate } 8637c478bd9Sstevel@tonic-gate } 8647c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 8657c478bd9Sstevel@tonic-gate 8667c478bd9Sstevel@tonic-gate free( optstring ); 8677c478bd9Sstevel@tonic-gate 8687c478bd9Sstevel@tonic-gate /* 8697c478bd9Sstevel@tonic-gate * Clean up and return index of first non-option argument. 8707c478bd9Sstevel@tonic-gate */ 8717c478bd9Sstevel@tonic-gate if ( ldai.ldapai_extensions != NULL ) { 8727c478bd9Sstevel@tonic-gate ldap_value_free( ldai.ldapai_extensions ); 8737c478bd9Sstevel@tonic-gate } 8747c478bd9Sstevel@tonic-gate if ( ldai.ldapai_vendor_name != NULL ) { 8757c478bd9Sstevel@tonic-gate ldap_memfree( ldai.ldapai_vendor_name ); 8767c478bd9Sstevel@tonic-gate } 8777c478bd9Sstevel@tonic-gate 8787c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 8797c478bd9Sstevel@tonic-gate if (ldversion == LDAP_VERSION2 && ldapauth == LDAP_AUTH_SASL) { 8807c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Incompatible with version %d\n"), ldversion); 8817c478bd9Sstevel@tonic-gate return (-1); 8827c478bd9Sstevel@tonic-gate } 8837c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 8847c478bd9Sstevel@tonic-gate return( optind ); 8857c478bd9Sstevel@tonic-gate } 8867c478bd9Sstevel@tonic-gate 8877c478bd9Sstevel@tonic-gate 8887c478bd9Sstevel@tonic-gate /* 8897c478bd9Sstevel@tonic-gate * Write detailed information about the API library we are running with to fp. 8907c478bd9Sstevel@tonic-gate */ 8917c478bd9Sstevel@tonic-gate static void 8927c478bd9Sstevel@tonic-gate print_library_info( const LDAPAPIInfo *aip, FILE *fp ) 8937c478bd9Sstevel@tonic-gate { 8947c478bd9Sstevel@tonic-gate int i; 8957c478bd9Sstevel@tonic-gate LDAPAPIFeatureInfo fi; 8967c478bd9Sstevel@tonic-gate 8977c478bd9Sstevel@tonic-gate fprintf( fp, gettext("LDAP Library Information -\n" 8987c478bd9Sstevel@tonic-gate " Highest supported protocol version: %d\n" 8997c478bd9Sstevel@tonic-gate " LDAP API revision: %d\n" 9007c478bd9Sstevel@tonic-gate " API vendor name: %s\n" 9017c478bd9Sstevel@tonic-gate " Vendor-specific version: %.2f\n"), 9027c478bd9Sstevel@tonic-gate aip->ldapai_protocol_version, aip->ldapai_api_version, 9037c478bd9Sstevel@tonic-gate aip->ldapai_vendor_name, 9047c478bd9Sstevel@tonic-gate (float)aip->ldapai_vendor_version / 100.0 ); 9057c478bd9Sstevel@tonic-gate 9067c478bd9Sstevel@tonic-gate if ( aip->ldapai_extensions != NULL ) { 9077c478bd9Sstevel@tonic-gate fputs( gettext(" LDAP API Extensions:\n"), fp ); 9087c478bd9Sstevel@tonic-gate 9097c478bd9Sstevel@tonic-gate for ( i = 0; aip->ldapai_extensions[i] != NULL; i++ ) { 9107c478bd9Sstevel@tonic-gate fprintf( fp, gettext(" %s"), aip->ldapai_extensions[i] ); 9117c478bd9Sstevel@tonic-gate fi.ldapaif_info_version = LDAP_FEATURE_INFO_VERSION; 9127c478bd9Sstevel@tonic-gate fi.ldapaif_name = aip->ldapai_extensions[i]; 9137c478bd9Sstevel@tonic-gate fi.ldapaif_version = 0; 9147c478bd9Sstevel@tonic-gate 9157c478bd9Sstevel@tonic-gate if ( ldap_get_option( NULL, LDAP_OPT_API_FEATURE_INFO, &fi ) 9167c478bd9Sstevel@tonic-gate != 0 ) { 9177c478bd9Sstevel@tonic-gate fprintf( fp, gettext(" %s: ldap_get_option( NULL," 9187c478bd9Sstevel@tonic-gate " LDAP_OPT_API_FEATURE_INFO, ... ) for %s failed" 9197c478bd9Sstevel@tonic-gate " (Feature Info version: %d)\n"), ldaptool_progname, 9207c478bd9Sstevel@tonic-gate fi.ldapaif_name, fi.ldapaif_info_version ); 9217c478bd9Sstevel@tonic-gate } else { 9227c478bd9Sstevel@tonic-gate fprintf( fp, gettext(" (revision %d)\n"), fi.ldapaif_version); 9237c478bd9Sstevel@tonic-gate } 9247c478bd9Sstevel@tonic-gate } 9257c478bd9Sstevel@tonic-gate } 9267c478bd9Sstevel@tonic-gate fputc( '\n', fp ); 9277c478bd9Sstevel@tonic-gate } 9287c478bd9Sstevel@tonic-gate 9297c478bd9Sstevel@tonic-gate 9307c478bd9Sstevel@tonic-gate 9317c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_ARGPIN 9327c478bd9Sstevel@tonic-gate static int PinArgRegistration( void ) 9337c478bd9Sstevel@tonic-gate { 9347c478bd9Sstevel@tonic-gate 9357c478bd9Sstevel@tonic-gate /* pkcs_init was successful register the pin args */ 9367c478bd9Sstevel@tonic-gate 9377c478bd9Sstevel@tonic-gate SVRCOREArgPinObj *ArgPinObj; 9387c478bd9Sstevel@tonic-gate char *tokenName; 9397c478bd9Sstevel@tonic-gate #ifndef _WIN32 9407c478bd9Sstevel@tonic-gate SVRCOREStdPinObj *StdPinObj; 9417c478bd9Sstevel@tonic-gate #else 9427c478bd9Sstevel@tonic-gate SVRCOREFilePinObj *FilePinObj; 9437c478bd9Sstevel@tonic-gate SVRCOREAltPinObj *AltPinObj; 9447c478bd9Sstevel@tonic-gate SVRCORENTUserPinObj *NTUserPinObj; 9457c478bd9Sstevel@tonic-gate int err; 9467c478bd9Sstevel@tonic-gate #endif 9477c478bd9Sstevel@tonic-gate char *pin; 9487c478bd9Sstevel@tonic-gate char *filename; 9497c478bd9Sstevel@tonic-gate /* Create and register the pin object for PKCS 11 */ 9507c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_getdonglefilename(NULL, &filename); 9517c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_getpin(NULL, "", &pin); 9527c478bd9Sstevel@tonic-gate #ifndef _WIN32 9537c478bd9Sstevel@tonic-gate if ( SVRCORE_CreateStdPinObj(&StdPinObj, filename, PR_TRUE) != 9547c478bd9Sstevel@tonic-gate SVRCORE_Success) { 9557c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create PinObj " 9567c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9577c478bd9Sstevel@tonic-gate return -1; 9587c478bd9Sstevel@tonic-gate } 9597c478bd9Sstevel@tonic-gate if (pin != NULL) 9607c478bd9Sstevel@tonic-gate { 9617c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_gettokenname(NULL, &tokenName); 9627c478bd9Sstevel@tonic-gate SVRCORE_CreateArgPinObj(&ArgPinObj, tokenName, pin, (SVRCOREPinObj *)StdPinObj); 9637c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)ArgPinObj); 9647c478bd9Sstevel@tonic-gate } 9657c478bd9Sstevel@tonic-gate else 9667c478bd9Sstevel@tonic-gate { 9677c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)StdPinObj); 9687c478bd9Sstevel@tonic-gate } 9697c478bd9Sstevel@tonic-gate #else 9707c478bd9Sstevel@tonic-gate if (NULL != pin) 9717c478bd9Sstevel@tonic-gate { 9727c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_gettokenname(NULL, &tokenName); 9737c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateNTUserPinObj(&NTUserPinObj)) != SVRCORE_Success){ 9747c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create NTUserPinObj " 9757c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9767c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 9777c478bd9Sstevel@tonic-gate } 9787c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateArgPinObj(&ArgPinObj, tokenName, pin, 9797c478bd9Sstevel@tonic-gate (SVRCOREPinObj *)NTUserPinObj)) != SVRCORE_Success) 9807c478bd9Sstevel@tonic-gate { 9817c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create ArgPinObj " 9827c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9837c478bd9Sstevel@tonic-gate return -1; 9847c478bd9Sstevel@tonic-gate 9857c478bd9Sstevel@tonic-gate } 9867c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)ArgPinObj); 9877c478bd9Sstevel@tonic-gate 9887c478bd9Sstevel@tonic-gate } 9897c478bd9Sstevel@tonic-gate else 9907c478bd9Sstevel@tonic-gate { 9917c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateNTUserPinObj(&NTUserPinObj)) != SVRCORE_Success){ 9927c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create NTUserPinObj " 9937c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9947c478bd9Sstevel@tonic-gate return -1; 9957c478bd9Sstevel@tonic-gate } 9967c478bd9Sstevel@tonic-gate if (filename && *filename) 9977c478bd9Sstevel@tonic-gate { 9987c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateFilePinObj(&FilePinObj, filename)) != 9997c478bd9Sstevel@tonic-gate SVRCORE_Success) { 10007c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create FilePinObj " 10017c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 10027c478bd9Sstevel@tonic-gate return -1; 10037c478bd9Sstevel@tonic-gate 10047c478bd9Sstevel@tonic-gate } 10057c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateAltPinObj(&AltPinObj, (SVRCOREPinObj *)FilePinObj, 10067c478bd9Sstevel@tonic-gate (SVRCOREPinObj *)NTUserPinObj)) != SVRCORE_Success) { 10077c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create AltPinObj " 10087c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 10097c478bd9Sstevel@tonic-gate return -1; 10107c478bd9Sstevel@tonic-gate } 10117c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)AltPinObj); 10127c478bd9Sstevel@tonic-gate } 10137c478bd9Sstevel@tonic-gate else 10147c478bd9Sstevel@tonic-gate { 10157c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)NTUserPinObj); 10167c478bd9Sstevel@tonic-gate } 10177c478bd9Sstevel@tonic-gate } 10187c478bd9Sstevel@tonic-gate #endif 10197c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 10207c478bd9Sstevel@tonic-gate 10217c478bd9Sstevel@tonic-gate } 10227c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_ARGPIN */ 10237c478bd9Sstevel@tonic-gate 10247c478bd9Sstevel@tonic-gate 10257c478bd9Sstevel@tonic-gate /* 10267c478bd9Sstevel@tonic-gate * initialize and return an LDAP session handle. 10277c478bd9Sstevel@tonic-gate * if errors occur, we exit here. 10287c478bd9Sstevel@tonic-gate */ 10297c478bd9Sstevel@tonic-gate LDAP * 10307c478bd9Sstevel@tonic-gate ldaptool_ldap_init( int second_host ) 10317c478bd9Sstevel@tonic-gate { 10327c478bd9Sstevel@tonic-gate LDAP *ld = NULL; 10337c478bd9Sstevel@tonic-gate char *host; 10347c478bd9Sstevel@tonic-gate int port, rc, user_port; 10357c478bd9Sstevel@tonic-gate 10367c478bd9Sstevel@tonic-gate if ( ldaptool_not ) { 10377c478bd9Sstevel@tonic-gate return( NULL ); 10387c478bd9Sstevel@tonic-gate } 10397c478bd9Sstevel@tonic-gate 10407c478bd9Sstevel@tonic-gate if ( second_host ) { 10417c478bd9Sstevel@tonic-gate host = ldaptool_host2; 10427c478bd9Sstevel@tonic-gate port = ldaptool_port2; 10437c478bd9Sstevel@tonic-gate user_port = user_specified_port2; 10447c478bd9Sstevel@tonic-gate } else { 10457c478bd9Sstevel@tonic-gate host = ldaptool_host; 10467c478bd9Sstevel@tonic-gate port = ldaptool_port; 10477c478bd9Sstevel@tonic-gate user_port = user_specified_port; 10487c478bd9Sstevel@tonic-gate } 10497c478bd9Sstevel@tonic-gate 10507c478bd9Sstevel@tonic-gate 10517c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 10527c478bd9Sstevel@tonic-gate printf( gettext("ldap_init( %s, %d )\n"), host, port ); 10537c478bd9Sstevel@tonic-gate } 10547c478bd9Sstevel@tonic-gate 10557c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 10567c478bd9Sstevel@tonic-gate /* 10577c478bd9Sstevel@tonic-gate * Initialize security libraries and databases and LDAP session. If 10587c478bd9Sstevel@tonic-gate * ssl_certname is not NULL, then we will attempt to use client auth. 10597c478bd9Sstevel@tonic-gate * if the server supports it. 10607c478bd9Sstevel@tonic-gate */ 10617c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 10627c478bd9Sstevel@tonic-gate ldaptool_setcallbacks( &local_pkcs_fns ); 10637c478bd9Sstevel@tonic-gate 10647c478bd9Sstevel@tonic-gate if ( !second_host && secure 10657c478bd9Sstevel@tonic-gate &&(rc = ldapssl_pkcs_init( &local_pkcs_fns)) < 0) { 10667c478bd9Sstevel@tonic-gate /* secure connection requested -- fail if no SSL */ 10677c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 10687c478bd9Sstevel@tonic-gate rc = PORT_GetError(); 10697c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 10707c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("SSL initialization failed: error %d (%s)\n"), 10717c478bd9Sstevel@tonic-gate rc, ldapssl_err2string( rc )); 10727c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 10737c478bd9Sstevel@tonic-gate } 10747c478bd9Sstevel@tonic-gate 10757c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_ARGPIN 10767c478bd9Sstevel@tonic-gate if (secure) { 10777c478bd9Sstevel@tonic-gate if (PinArgRegistration( )) { 10787c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR); 10797c478bd9Sstevel@tonic-gate } 10807c478bd9Sstevel@tonic-gate } 10817c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_ARGPIN */ 10827c478bd9Sstevel@tonic-gate 10837c478bd9Sstevel@tonic-gate #else /* LDAP_TOOL_PKCS11 */ 10847c478bd9Sstevel@tonic-gate if ( !second_host && secure 10857c478bd9Sstevel@tonic-gate &&(rc = ldapssl_client_init( ssl_certdbpath, NULL )) < 0) { 10867c478bd9Sstevel@tonic-gate /* secure connection requested -- fail if no SSL */ 10877c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 10887c478bd9Sstevel@tonic-gate rc = PORT_GetError(); 10897c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 10907c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("SSL initialization failed: error %d (%s)\n"), 10917c478bd9Sstevel@tonic-gate rc, ldapssl_err2string( rc )); 10927c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 10937c478bd9Sstevel@tonic-gate } 10947c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 10957c478bd9Sstevel@tonic-gate 10967c478bd9Sstevel@tonic-gate /* set the default SSL strength (used for all future ld's we create) */ 10977c478bd9Sstevel@tonic-gate if ( ldapssl_set_strength( NULL, ssl_strength ) < 0 ) { 10987c478bd9Sstevel@tonic-gate perror( "ldapssl_set_strength" ); 10997c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 11007c478bd9Sstevel@tonic-gate } 11017c478bd9Sstevel@tonic-gate 11027c478bd9Sstevel@tonic-gate 11037c478bd9Sstevel@tonic-gate if (secure) { 11047c478bd9Sstevel@tonic-gate if ( !user_port ) { 11057c478bd9Sstevel@tonic-gate port = LDAPS_PORT; 11067c478bd9Sstevel@tonic-gate } 11077c478bd9Sstevel@tonic-gate 11087c478bd9Sstevel@tonic-gate if (( ld = ldapssl_init( host, port, 11097c478bd9Sstevel@tonic-gate secure )) != NULL && ssl_certname != NULL ) 11107c478bd9Sstevel@tonic-gate if (ldapssl_enable_clientauth( ld, ssl_keydbpath, ssl_passwd, 11117c478bd9Sstevel@tonic-gate ssl_certname ) != 0 ) { 11127c478bd9Sstevel@tonic-gate exit ( ldaptool_print_lderror( ld, "ldapssl_enable_clientauth", 11137c478bd9Sstevel@tonic-gate LDAPTOOL_CHECK4SSL_ALWAYS )); 11147c478bd9Sstevel@tonic-gate } 11157c478bd9Sstevel@tonic-gate } else { 11167c478bd9Sstevel@tonic-gate /* In order to support IPv6, we use NSPR I/O */ 11177c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 11187c478bd9Sstevel@tonic-gate ld = ldap_init( host, port ); 11197c478bd9Sstevel@tonic-gate #else 11207c478bd9Sstevel@tonic-gate ld = prldap_init( host, port, 0 /* not shared across threads */ ); 11217c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 11227c478bd9Sstevel@tonic-gate } 11237c478bd9Sstevel@tonic-gate 11247c478bd9Sstevel@tonic-gate #else /* NET_SSL */ 11257c478bd9Sstevel@tonic-gate /* In order to support IPv6, we use NSPR I/O */ 11267c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 11277c478bd9Sstevel@tonic-gate ld = ldap_init( host, port ); 11287c478bd9Sstevel@tonic-gate #else 11297c478bd9Sstevel@tonic-gate ld = prldap_init( host, port, 0 /* not shared across threads */ ); 11307c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 11317c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 11327c478bd9Sstevel@tonic-gate 11337c478bd9Sstevel@tonic-gate if ( ld == NULL ) { 11347c478bd9Sstevel@tonic-gate perror( "ldap_init" ); 11357c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 11367c478bd9Sstevel@tonic-gate } 11377c478bd9Sstevel@tonic-gate 11387c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 11397c478bd9Sstevel@tonic-gate if ( cache_config_file != NULL ) { 11407c478bd9Sstevel@tonic-gate int opt; 11417c478bd9Sstevel@tonic-gate 11427c478bd9Sstevel@tonic-gate if ( lcache_init( ld, cache_config_file ) != 0 ) { 11437c478bd9Sstevel@tonic-gate exit( ldaptool_print_lderror( ld, cache_config_file, 11447c478bd9Sstevel@tonic-gate LDAPTOOL_CHECK4SSL_NEVER )); 11457c478bd9Sstevel@tonic-gate } 11467c478bd9Sstevel@tonic-gate opt = 1; 11477c478bd9Sstevel@tonic-gate (void) ldap_set_option( ld, LDAP_OPT_CACHE_ENABLE, &opt ); 11487c478bd9Sstevel@tonic-gate opt = LDAP_CACHE_LOCALDB; 11497c478bd9Sstevel@tonic-gate (void) ldap_set_option( ld, LDAP_OPT_CACHE_STRATEGY, &opt ); 11507c478bd9Sstevel@tonic-gate if ( ldversion == -1 ) { /* not set with -V */ 11517c478bd9Sstevel@tonic-gate ldversion = LDAP_VERSION2; /* local db only supports v2 */ 11527c478bd9Sstevel@tonic-gate } 11537c478bd9Sstevel@tonic-gate } 11547c478bd9Sstevel@tonic-gate #endif 11557c478bd9Sstevel@tonic-gate 11567c478bd9Sstevel@tonic-gate 11577c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_REFERRALS, chase_referrals ? LDAP_OPT_ON: 11587c478bd9Sstevel@tonic-gate LDAP_OPT_OFF ); 11597c478bd9Sstevel@tonic-gate if ( chase_referrals ) { 11607c478bd9Sstevel@tonic-gate ldap_set_rebind_proc( ld, get_rebind_credentials, NULL ); 11617c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_REFERRAL_HOP_LIMIT, &refhoplim ); 11627c478bd9Sstevel@tonic-gate } 11637c478bd9Sstevel@tonic-gate 11647c478bd9Sstevel@tonic-gate if ( ldversion == -1 ) { /* not set with -V and not using local db */ 11657c478bd9Sstevel@tonic-gate ldversion = LDAP_VERSION3; 11667c478bd9Sstevel@tonic-gate } 11677c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &ldversion ); 11687c478bd9Sstevel@tonic-gate 11697c478bd9Sstevel@tonic-gate return( ld ); 11707c478bd9Sstevel@tonic-gate } 11717c478bd9Sstevel@tonic-gate 11727c478bd9Sstevel@tonic-gate 11737c478bd9Sstevel@tonic-gate /* 11747c478bd9Sstevel@tonic-gate * perform a bind to the LDAP server if needed. 11757c478bd9Sstevel@tonic-gate * if an error occurs, we exit here. 11767c478bd9Sstevel@tonic-gate */ 11777c478bd9Sstevel@tonic-gate void 11787c478bd9Sstevel@tonic-gate ldaptool_bind( LDAP *ld ) 11797c478bd9Sstevel@tonic-gate { 11807c478bd9Sstevel@tonic-gate int rc; 11817c478bd9Sstevel@tonic-gate char *conv; 11827c478bd9Sstevel@tonic-gate LDAPControl auth_resp_ctrl, *ctrl_array[ 2 ], **bindctrls; 11837c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 11847c478bd9Sstevel@tonic-gate void *defaults; 11857c478bd9Sstevel@tonic-gate #endif 11867c478bd9Sstevel@tonic-gate 11877c478bd9Sstevel@tonic-gate if ( ldaptool_not ) { 11887c478bd9Sstevel@tonic-gate return; 11897c478bd9Sstevel@tonic-gate } 11907c478bd9Sstevel@tonic-gate 11917c478bd9Sstevel@tonic-gate if ( send_auth_response_ctrl ) { 11927c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_oid = LDAP_CONTROL_AUTH_REQUEST; 11937c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_value.bv_val = NULL; 11947c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_value.bv_len = 0; 11957c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_iscritical = 0; 11967c478bd9Sstevel@tonic-gate 11977c478bd9Sstevel@tonic-gate ctrl_array[0] = &auth_resp_ctrl; 11987c478bd9Sstevel@tonic-gate ctrl_array[1] = NULL; 11997c478bd9Sstevel@tonic-gate bindctrls = ctrl_array; 12007c478bd9Sstevel@tonic-gate } else { 12017c478bd9Sstevel@tonic-gate bindctrls = NULL; 12027c478bd9Sstevel@tonic-gate } 12037c478bd9Sstevel@tonic-gate 12047c478bd9Sstevel@tonic-gate /* 12057c478bd9Sstevel@tonic-gate * if using LDAPv3 and not using client auth., omit NULL bind for 12067c478bd9Sstevel@tonic-gate * efficiency. 12077c478bd9Sstevel@tonic-gate */ 12087c478bd9Sstevel@tonic-gate if ( ldversion > LDAP_VERSION2 && binddn == NULL && passwd == NULL 12097c478bd9Sstevel@tonic-gate && ssl_certname == NULL ) { 12107c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12117c478bd9Sstevel@tonic-gate if ( ldapauth != LDAP_AUTH_SASL ) { 12127c478bd9Sstevel@tonic-gate return; 12137c478bd9Sstevel@tonic-gate } 12147c478bd9Sstevel@tonic-gate #else 12157c478bd9Sstevel@tonic-gate return; 12167c478bd9Sstevel@tonic-gate #endif 12177c478bd9Sstevel@tonic-gate } 12187c478bd9Sstevel@tonic-gate 12197c478bd9Sstevel@tonic-gate /* 12207c478bd9Sstevel@tonic-gate * do the bind, backing off one LDAP version if necessary 12217c478bd9Sstevel@tonic-gate */ 12227c478bd9Sstevel@tonic-gate conv = ldaptool_local2UTF8( binddn ); 12237c478bd9Sstevel@tonic-gate 12247c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12257c478bd9Sstevel@tonic-gate if ( ldapauth == LDAP_AUTH_SASL) { 12267c478bd9Sstevel@tonic-gate if ( sasl_mech == NULL) { 12277c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Please specify the SASL mechanism name when " 12287c478bd9Sstevel@tonic-gate "using SASL options\n")); 12297c478bd9Sstevel@tonic-gate return; 12307c478bd9Sstevel@tonic-gate } 12317c478bd9Sstevel@tonic-gate 12327c478bd9Sstevel@tonic-gate if ( sasl_secprops != NULL) { 12337c478bd9Sstevel@tonic-gate rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS, 12347c478bd9Sstevel@tonic-gate (void *) sasl_secprops ); 12357c478bd9Sstevel@tonic-gate 12367c478bd9Sstevel@tonic-gate if ( rc != LDAP_SUCCESS ) { 12377c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Unable to set LDAP_OPT_X_SASL_SECPROPS: %s\n"), 12387c478bd9Sstevel@tonic-gate sasl_secprops ); 12397c478bd9Sstevel@tonic-gate return; 12407c478bd9Sstevel@tonic-gate } 12417c478bd9Sstevel@tonic-gate } 12427c478bd9Sstevel@tonic-gate 12437c478bd9Sstevel@tonic-gate defaults = ldaptool_set_sasl_defaults( ld, sasl_mech, sasl_authid, sasl_username, passwd, sasl_realm ); 12447c478bd9Sstevel@tonic-gate if (defaults == NULL) { 12457c478bd9Sstevel@tonic-gate perror ("malloc"); 12467c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 12477c478bd9Sstevel@tonic-gate } 12487c478bd9Sstevel@tonic-gate 12497c478bd9Sstevel@tonic-gate rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, 12507c478bd9Sstevel@tonic-gate sasl_flags, ldaptool_sasl_interact, defaults ); 12517c478bd9Sstevel@tonic-gate 12527c478bd9Sstevel@tonic-gate if (rc != LDAP_SUCCESS ) { 12537c478bd9Sstevel@tonic-gate ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); 12547c478bd9Sstevel@tonic-gate } 12557c478bd9Sstevel@tonic-gate } else 12567c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 12577c478bd9Sstevel@tonic-gate /* 12587c478bd9Sstevel@tonic-gate * if using LDAPv3 and client auth., try a SASL EXTERNAL bind 12597c478bd9Sstevel@tonic-gate */ 12607c478bd9Sstevel@tonic-gate if ( ldversion > LDAP_VERSION2 && binddn == NULL && passwd == NULL 12617c478bd9Sstevel@tonic-gate && ssl_certname != NULL ) { 12627c478bd9Sstevel@tonic-gate rc = ldaptool_sasl_bind_s( ld, NULL, LDAP_SASL_EXTERNAL, NULL, 12637c478bd9Sstevel@tonic-gate bindctrls, NULL, NULL, "ldap_sasl_bind" ); 12647c478bd9Sstevel@tonic-gate } 12657c478bd9Sstevel@tonic-gate else { 12667c478bd9Sstevel@tonic-gate rc = ldaptool_simple_bind_s( ld, conv, passwd, bindctrls, NULL, 12677c478bd9Sstevel@tonic-gate "ldap_simple_bind" ); 12687c478bd9Sstevel@tonic-gate } 12697c478bd9Sstevel@tonic-gate 12707c478bd9Sstevel@tonic-gate if ( rc == LDAP_SUCCESS ) { 12717c478bd9Sstevel@tonic-gate if ( conv != NULL ) { 12727c478bd9Sstevel@tonic-gate free( conv ); 12737c478bd9Sstevel@tonic-gate } 12747c478bd9Sstevel@tonic-gate return; /* success */ 12757c478bd9Sstevel@tonic-gate } 12767c478bd9Sstevel@tonic-gate 12777c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12787c478bd9Sstevel@tonic-gate if (ldapauth != LDAP_AUTH_SASL) { 12797c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 12807c478bd9Sstevel@tonic-gate if ( rc == LDAP_PROTOCOL_ERROR && ldversion > LDAP_VERSION2 ) { 12817c478bd9Sstevel@tonic-gate /* 12827c478bd9Sstevel@tonic-gate * try again, backing off one LDAP version 12837c478bd9Sstevel@tonic-gate * this is okay even for client auth. because the way to achieve 12847c478bd9Sstevel@tonic-gate * client auth. with LDAPv2 is to perform a NULL simple bind. 12857c478bd9Sstevel@tonic-gate */ 12867c478bd9Sstevel@tonic-gate --ldversion; 12877c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: the server doesn't understand LDAPv%d;" 12887c478bd9Sstevel@tonic-gate " trying LDAPv%d instead...\n"), ldaptool_progname, 12897c478bd9Sstevel@tonic-gate ldversion + 1, ldversion ); 12907c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &ldversion ); 12917c478bd9Sstevel@tonic-gate if (( rc = ldaptool_simple_bind_s( ld, conv, passwd, 12927c478bd9Sstevel@tonic-gate bindctrls, NULL, "ldap_simple_bind" )) == LDAP_SUCCESS ) { 12937c478bd9Sstevel@tonic-gate if( conv != NULL ) 12947c478bd9Sstevel@tonic-gate free( conv ); 12957c478bd9Sstevel@tonic-gate return; /* a qualified success */ 12967c478bd9Sstevel@tonic-gate } 12977c478bd9Sstevel@tonic-gate } 12987c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12997c478bd9Sstevel@tonic-gate } 13007c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 13017c478bd9Sstevel@tonic-gate 13027c478bd9Sstevel@tonic-gate if ( conv != NULL ) { 13037c478bd9Sstevel@tonic-gate free( conv ); 13047c478bd9Sstevel@tonic-gate } 13057c478bd9Sstevel@tonic-gate 13067c478bd9Sstevel@tonic-gate /* 13077c478bd9Sstevel@tonic-gate * bind(s) failed -- fatal error 13087c478bd9Sstevel@tonic-gate */ 13097c478bd9Sstevel@tonic-gate ldap_unbind( ld ); 13107c478bd9Sstevel@tonic-gate exit( rc ); 13117c478bd9Sstevel@tonic-gate } 13127c478bd9Sstevel@tonic-gate 13137c478bd9Sstevel@tonic-gate 13147c478bd9Sstevel@tonic-gate /* 13157c478bd9Sstevel@tonic-gate * close open files, unbind, etc. 13167c478bd9Sstevel@tonic-gate */ 13177c478bd9Sstevel@tonic-gate void 13187c478bd9Sstevel@tonic-gate ldaptool_cleanup( LDAP *ld ) 13197c478bd9Sstevel@tonic-gate { 13207c478bd9Sstevel@tonic-gate if ( ld != NULL ) { 13217c478bd9Sstevel@tonic-gate ldap_unbind( ld ); 13227c478bd9Sstevel@tonic-gate } 13237c478bd9Sstevel@tonic-gate 13247c478bd9Sstevel@tonic-gate if ( ldaptool_fp != NULL && ldaptool_fp != stdin ) { 13257c478bd9Sstevel@tonic-gate fclose( ldaptool_fp ); 13267c478bd9Sstevel@tonic-gate ldaptool_fp = NULL; 13277c478bd9Sstevel@tonic-gate } 13287c478bd9Sstevel@tonic-gate } 13297c478bd9Sstevel@tonic-gate 13307c478bd9Sstevel@tonic-gate 13317c478bd9Sstevel@tonic-gate /* 13327c478bd9Sstevel@tonic-gate * Retrieve and print an LDAP error message. Returns the LDAP error code. 13337c478bd9Sstevel@tonic-gate */ 13347c478bd9Sstevel@tonic-gate int 13357c478bd9Sstevel@tonic-gate ldaptool_print_lderror( LDAP *ld, char *msg, int check4ssl ) 13367c478bd9Sstevel@tonic-gate { 13377c478bd9Sstevel@tonic-gate int lderr = ldap_get_lderrno( ld, NULL, NULL ); 13387c478bd9Sstevel@tonic-gate 13397c478bd9Sstevel@tonic-gate ldap_perror( ld, msg ); 13407c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 13417c478bd9Sstevel@tonic-gate if ( secure && check4ssl != LDAPTOOL_CHECK4SSL_NEVER ) { 13427c478bd9Sstevel@tonic-gate if ( check4ssl == LDAPTOOL_CHECK4SSL_ALWAYS 13437c478bd9Sstevel@tonic-gate || ( lderr == LDAP_SERVER_DOWN )) { 13447c478bd9Sstevel@tonic-gate int sslerr = PORT_GetError(); 13457c478bd9Sstevel@tonic-gate 13467c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("\tSSL error %d (%s)\n"), sslerr, 13477c478bd9Sstevel@tonic-gate ldapssl_err2string( sslerr )); 13487c478bd9Sstevel@tonic-gate } 13497c478bd9Sstevel@tonic-gate } 13507c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 13517c478bd9Sstevel@tonic-gate 13527c478bd9Sstevel@tonic-gate return( lderr ); 13537c478bd9Sstevel@tonic-gate } 13547c478bd9Sstevel@tonic-gate 13557c478bd9Sstevel@tonic-gate 13567c478bd9Sstevel@tonic-gate /* 13577c478bd9Sstevel@tonic-gate * print referrals to stderr 13587c478bd9Sstevel@tonic-gate */ 13597c478bd9Sstevel@tonic-gate void 13607c478bd9Sstevel@tonic-gate ldaptool_print_referrals( char **refs ) 13617c478bd9Sstevel@tonic-gate { 13627c478bd9Sstevel@tonic-gate int i; 13637c478bd9Sstevel@tonic-gate 13647c478bd9Sstevel@tonic-gate if ( refs != NULL ) { 13657c478bd9Sstevel@tonic-gate for ( i = 0; refs[ i ] != NULL; ++i ) { 13667c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Referral: %s\n"), refs[ i ] ); 13677c478bd9Sstevel@tonic-gate } 13687c478bd9Sstevel@tonic-gate } 13697c478bd9Sstevel@tonic-gate } 13707c478bd9Sstevel@tonic-gate 13717c478bd9Sstevel@tonic-gate 13727c478bd9Sstevel@tonic-gate /* 13737c478bd9Sstevel@tonic-gate * print contents of an extended response to stderr 13747c478bd9Sstevel@tonic-gate * this is mainly to support unsolicited notifications 13757c478bd9Sstevel@tonic-gate * Returns an LDAP error code (from the extended result). 13767c478bd9Sstevel@tonic-gate */ 13777c478bd9Sstevel@tonic-gate int 13787c478bd9Sstevel@tonic-gate ldaptool_print_extended_response( LDAP *ld, LDAPMessage *res, char *msg ) 13797c478bd9Sstevel@tonic-gate { 13807c478bd9Sstevel@tonic-gate char *oid; 13817c478bd9Sstevel@tonic-gate struct berval *data; 13827c478bd9Sstevel@tonic-gate 13837c478bd9Sstevel@tonic-gate if ( ldap_parse_extended_result( ld, res, &oid, &data, 0 ) 13847c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) { 13857c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 13867c478bd9Sstevel@tonic-gate } else { 13877c478bd9Sstevel@tonic-gate if ( oid != NULL ) { 13887c478bd9Sstevel@tonic-gate if ( strcmp ( oid, LDAP_NOTICE_OF_DISCONNECTION ) == 0 ) { 13897c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: Notice of Disconnection\n"), msg ); 13907c478bd9Sstevel@tonic-gate } else { 13917c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: OID %s\n"), msg, oid ); 13927c478bd9Sstevel@tonic-gate } 13937c478bd9Sstevel@tonic-gate ldap_memfree( oid ); 13947c478bd9Sstevel@tonic-gate } else { 13957c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: missing OID\n"), msg ); 13967c478bd9Sstevel@tonic-gate } 13977c478bd9Sstevel@tonic-gate 13987c478bd9Sstevel@tonic-gate if ( data != NULL ) { 13997c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: Data (length %ld):\n"), msg, data->bv_len ); 14007c478bd9Sstevel@tonic-gate #if 0 14017c478bd9Sstevel@tonic-gate /* XXXmcs: maybe we should display the actual data? */ 14027c478bd9Sstevel@tonic-gate lber_bprint( data->bv_val, data->bv_len ); 14037c478bd9Sstevel@tonic-gate #endif 14047c478bd9Sstevel@tonic-gate ber_bvfree( data ); 14057c478bd9Sstevel@tonic-gate } 14067c478bd9Sstevel@tonic-gate } 14077c478bd9Sstevel@tonic-gate 14087c478bd9Sstevel@tonic-gate return parse_result( ld, res, NULL, msg, 1 ); 14097c478bd9Sstevel@tonic-gate } 14107c478bd9Sstevel@tonic-gate 14117c478bd9Sstevel@tonic-gate 14127c478bd9Sstevel@tonic-gate /* 14137c478bd9Sstevel@tonic-gate * Like ldap_sasl_bind_s() but calls wait4result() to display 14147c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14157c478bd9Sstevel@tonic-gate */ 14167c478bd9Sstevel@tonic-gate int 14177c478bd9Sstevel@tonic-gate ldaptool_sasl_bind_s( LDAP *ld, const char *dn, const char *mechanism, 14187c478bd9Sstevel@tonic-gate const struct berval *cred, LDAPControl **serverctrls, 14197c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, struct berval **servercredp, char *msg ) 14207c478bd9Sstevel@tonic-gate { 14217c478bd9Sstevel@tonic-gate int rc, msgid; 14227c478bd9Sstevel@tonic-gate 14237c478bd9Sstevel@tonic-gate if ( servercredp != NULL ) { 14247c478bd9Sstevel@tonic-gate *servercredp = NULL; 14257c478bd9Sstevel@tonic-gate } 14267c478bd9Sstevel@tonic-gate 14277c478bd9Sstevel@tonic-gate if (( rc = ldap_sasl_bind( ld, dn, mechanism, cred, serverctrls, 14287c478bd9Sstevel@tonic-gate clientctrls, &msgid )) != LDAP_SUCCESS ) { 14297c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 14307c478bd9Sstevel@tonic-gate } else { 14317c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, servercredp, msg ); 14327c478bd9Sstevel@tonic-gate } 14337c478bd9Sstevel@tonic-gate 14347c478bd9Sstevel@tonic-gate return( rc ); 14357c478bd9Sstevel@tonic-gate } 14367c478bd9Sstevel@tonic-gate 14377c478bd9Sstevel@tonic-gate 14387c478bd9Sstevel@tonic-gate /* 14397c478bd9Sstevel@tonic-gate * Like ldap_simple_bind_s() but calls wait4result() to display 14407c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14417c478bd9Sstevel@tonic-gate */ 14427c478bd9Sstevel@tonic-gate int 14437c478bd9Sstevel@tonic-gate ldaptool_simple_bind_s( LDAP *ld, const char *dn, const char *passwd, 14447c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, LDAPControl **clientctrls, char *msg ) 14457c478bd9Sstevel@tonic-gate { 14467c478bd9Sstevel@tonic-gate struct berval bv; 14477c478bd9Sstevel@tonic-gate 14487c478bd9Sstevel@tonic-gate bv.bv_val = (char *)passwd; /* XXXmcs: had to cast away const */ 14497c478bd9Sstevel@tonic-gate bv.bv_len = ( passwd == NULL ? 0 : strlen( passwd )); 14507c478bd9Sstevel@tonic-gate return( ldaptool_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, &bv, serverctrls, 14517c478bd9Sstevel@tonic-gate clientctrls, NULL, msg )); 14527c478bd9Sstevel@tonic-gate } 14537c478bd9Sstevel@tonic-gate 14547c478bd9Sstevel@tonic-gate 14557c478bd9Sstevel@tonic-gate /* 14567c478bd9Sstevel@tonic-gate * Like ldap_add_ext_s() but calls wait4result() to display 14577c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14587c478bd9Sstevel@tonic-gate */ 14597c478bd9Sstevel@tonic-gate int 14607c478bd9Sstevel@tonic-gate ldaptool_add_ext_s( LDAP *ld, const char *dn, LDAPMod **attrs, 14617c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, LDAPControl **clientctrls, char *msg ) 14627c478bd9Sstevel@tonic-gate { 14637c478bd9Sstevel@tonic-gate int rc, msgid; 14647c478bd9Sstevel@tonic-gate 14657c478bd9Sstevel@tonic-gate if (( rc = ldap_add_ext( ld, dn, attrs, serverctrls, clientctrls, &msgid )) 14667c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) { 14677c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 14687c478bd9Sstevel@tonic-gate } else { 14697c478bd9Sstevel@tonic-gate /* 14707c478bd9Sstevel@tonic-gate * 25-April-2000 Note: the next line used to read: 14717c478bd9Sstevel@tonic-gate * rc = wait4result( ld, msgid, NULL, msg ); 14727c478bd9Sstevel@tonic-gate * 'msgid' it was changed to 'LDAP_RES_ANY' in order to receive 14737c478bd9Sstevel@tonic-gate * unsolicited notifications. 14747c478bd9Sstevel@tonic-gate */ 14757c478bd9Sstevel@tonic-gate rc = wait4result( ld, LDAP_RES_ANY, NULL, msg ); 14767c478bd9Sstevel@tonic-gate } 14777c478bd9Sstevel@tonic-gate 14787c478bd9Sstevel@tonic-gate return( rc ); 14797c478bd9Sstevel@tonic-gate } 14807c478bd9Sstevel@tonic-gate 14817c478bd9Sstevel@tonic-gate 14827c478bd9Sstevel@tonic-gate /* 14837c478bd9Sstevel@tonic-gate * Like ldap_modify_ext_s() but calls wait4result() to display 14847c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14857c478bd9Sstevel@tonic-gate */ 14867c478bd9Sstevel@tonic-gate int 14877c478bd9Sstevel@tonic-gate ldaptool_modify_ext_s( LDAP *ld, const char *dn, LDAPMod **mods, 14887c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, LDAPControl **clientctrls, char *msg ) 14897c478bd9Sstevel@tonic-gate { 14907c478bd9Sstevel@tonic-gate int rc, msgid; 14917c478bd9Sstevel@tonic-gate 14927c478bd9Sstevel@tonic-gate if (( rc = ldap_modify_ext( ld, dn, mods, serverctrls, clientctrls, 14937c478bd9Sstevel@tonic-gate &msgid )) != LDAP_SUCCESS ) { 14947c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 14957c478bd9Sstevel@tonic-gate } else { 14967c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 14977c478bd9Sstevel@tonic-gate } 14987c478bd9Sstevel@tonic-gate 14997c478bd9Sstevel@tonic-gate return( rc ); 15007c478bd9Sstevel@tonic-gate } 15017c478bd9Sstevel@tonic-gate 15027c478bd9Sstevel@tonic-gate 15037c478bd9Sstevel@tonic-gate /* 15047c478bd9Sstevel@tonic-gate * Like ldap_delete_ext_s() but calls wait4result() to display 15057c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 15067c478bd9Sstevel@tonic-gate */ 15077c478bd9Sstevel@tonic-gate int 15087c478bd9Sstevel@tonic-gate ldaptool_delete_ext_s( LDAP *ld, const char *dn, LDAPControl **serverctrls, 15097c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, char *msg ) 15107c478bd9Sstevel@tonic-gate { 15117c478bd9Sstevel@tonic-gate int rc, msgid; 15127c478bd9Sstevel@tonic-gate 15137c478bd9Sstevel@tonic-gate if (( rc = ldap_delete_ext( ld, dn, serverctrls, clientctrls, &msgid )) 15147c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) { 15157c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15167c478bd9Sstevel@tonic-gate } else { 15177c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 15187c478bd9Sstevel@tonic-gate } 15197c478bd9Sstevel@tonic-gate 15207c478bd9Sstevel@tonic-gate return( rc ); 15217c478bd9Sstevel@tonic-gate } 15227c478bd9Sstevel@tonic-gate 15237c478bd9Sstevel@tonic-gate 15247c478bd9Sstevel@tonic-gate /* 15257c478bd9Sstevel@tonic-gate * Like ldap_compare_ext_s() but calls wait4result() to display 15267c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 15277c478bd9Sstevel@tonic-gate */ 15287c478bd9Sstevel@tonic-gate int ldaptool_compare_ext_s( LDAP *ld, const char *dn, const char *attrtype, 15297c478bd9Sstevel@tonic-gate const struct berval *bvalue, LDAPControl **serverctrls, 15307c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, char *msg ) 15317c478bd9Sstevel@tonic-gate { 15327c478bd9Sstevel@tonic-gate int rc, msgid; 15337c478bd9Sstevel@tonic-gate 15347c478bd9Sstevel@tonic-gate if (( rc = ldap_compare_ext( ld, dn, attrtype, bvalue, serverctrls, 15357c478bd9Sstevel@tonic-gate clientctrls, &msgid )) != LDAP_SUCCESS ) { 15367c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15377c478bd9Sstevel@tonic-gate } else { 15387c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 15397c478bd9Sstevel@tonic-gate } 15407c478bd9Sstevel@tonic-gate 15417c478bd9Sstevel@tonic-gate return( rc ); 15427c478bd9Sstevel@tonic-gate } 15437c478bd9Sstevel@tonic-gate 15447c478bd9Sstevel@tonic-gate 15457c478bd9Sstevel@tonic-gate /* 15467c478bd9Sstevel@tonic-gate * Like ldap_rename_s() but calls wait4result() to display 15477c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 15487c478bd9Sstevel@tonic-gate */ 15497c478bd9Sstevel@tonic-gate int 15507c478bd9Sstevel@tonic-gate ldaptool_rename_s( LDAP *ld, const char *dn, const char *newrdn, 15517c478bd9Sstevel@tonic-gate const char *newparent, int deleteoldrdn, LDAPControl **serverctrls, 15527c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, char *msg ) 15537c478bd9Sstevel@tonic-gate { 15547c478bd9Sstevel@tonic-gate int rc, msgid; 15557c478bd9Sstevel@tonic-gate 15567c478bd9Sstevel@tonic-gate if (( rc = ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, 15577c478bd9Sstevel@tonic-gate serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) { 15587c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15597c478bd9Sstevel@tonic-gate } else { 15607c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 15617c478bd9Sstevel@tonic-gate } 15627c478bd9Sstevel@tonic-gate 15637c478bd9Sstevel@tonic-gate return( rc ); 15647c478bd9Sstevel@tonic-gate } 15657c478bd9Sstevel@tonic-gate 15667c478bd9Sstevel@tonic-gate 15677c478bd9Sstevel@tonic-gate /* 15687c478bd9Sstevel@tonic-gate * Wait for a result, check for and display errors and referrals. 15697c478bd9Sstevel@tonic-gate * Also recognize and display "Unsolicited notification" messages. 15707c478bd9Sstevel@tonic-gate * Returns an LDAP error code. 15717c478bd9Sstevel@tonic-gate */ 15727c478bd9Sstevel@tonic-gate static int 15737c478bd9Sstevel@tonic-gate wait4result( LDAP *ld, int msgid, struct berval **servercredp, char *msg ) 15747c478bd9Sstevel@tonic-gate { 15757c478bd9Sstevel@tonic-gate LDAPMessage *res; 15767c478bd9Sstevel@tonic-gate int rc, received_only_unsolicited = 1; 15777c478bd9Sstevel@tonic-gate 15787c478bd9Sstevel@tonic-gate while ( received_only_unsolicited ) { 15797c478bd9Sstevel@tonic-gate res = NULL; 15807c478bd9Sstevel@tonic-gate if (( rc = ldap_result( ld, msgid, 1, (struct timeval *)NULL, &res )) 15817c478bd9Sstevel@tonic-gate == -1 ) { 15827c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15837c478bd9Sstevel@tonic-gate return( ldap_get_lderrno( ld, NULL, NULL )); 15847c478bd9Sstevel@tonic-gate } 15857c478bd9Sstevel@tonic-gate 15867c478bd9Sstevel@tonic-gate /* 15877c478bd9Sstevel@tonic-gate * Special handling for unsolicited notifications: 15887c478bd9Sstevel@tonic-gate * 1. Parse and display contents. 15897c478bd9Sstevel@tonic-gate * 2. go back and wait for another (real) result. 15907c478bd9Sstevel@tonic-gate */ 15917c478bd9Sstevel@tonic-gate if ( rc == LDAP_RES_EXTENDED 15927c478bd9Sstevel@tonic-gate && ldap_msgid( res ) == LDAP_RES_UNSOLICITED ) { 15937c478bd9Sstevel@tonic-gate rc = ldaptool_print_extended_response( ld, res, 15947c478bd9Sstevel@tonic-gate "Unsolicited response" ); 15957c478bd9Sstevel@tonic-gate } else { 15967c478bd9Sstevel@tonic-gate rc = parse_result( ld, res, servercredp, msg, 1 ); 15977c478bd9Sstevel@tonic-gate received_only_unsolicited = 0; /* we're done */ 15987c478bd9Sstevel@tonic-gate } 15997c478bd9Sstevel@tonic-gate } 16007c478bd9Sstevel@tonic-gate 16017c478bd9Sstevel@tonic-gate return( rc ); 16027c478bd9Sstevel@tonic-gate } 16037c478bd9Sstevel@tonic-gate 16047c478bd9Sstevel@tonic-gate 16057c478bd9Sstevel@tonic-gate static int 16067c478bd9Sstevel@tonic-gate parse_result( LDAP *ld, LDAPMessage *res, struct berval **servercredp, 16077c478bd9Sstevel@tonic-gate char *msg, int freeit ) 16087c478bd9Sstevel@tonic-gate { 16097c478bd9Sstevel@tonic-gate int rc, lderr, errno; 16107c478bd9Sstevel@tonic-gate int pw_days=0, pw_hrs=0, pw_mins=0, pw_secs=0; /* for pwpolicy */ 16117c478bd9Sstevel@tonic-gate char **refs = NULL; 16127c478bd9Sstevel@tonic-gate LDAPControl **ctrls; 16137c478bd9Sstevel@tonic-gate 16147c478bd9Sstevel@tonic-gate if (( rc = ldap_parse_result( ld, res, &lderr, NULL, NULL, &refs, 16157c478bd9Sstevel@tonic-gate &ctrls, 0 )) != LDAP_SUCCESS ) { 16167c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 16177c478bd9Sstevel@tonic-gate ldap_msgfree( res ); 16187c478bd9Sstevel@tonic-gate return( rc ); 16197c478bd9Sstevel@tonic-gate } 16207c478bd9Sstevel@tonic-gate 16217c478bd9Sstevel@tonic-gate /* check for authentication response control & PWPOLICY control*/ 16227c478bd9Sstevel@tonic-gate if ( NULL != ctrls ) { 16237c478bd9Sstevel@tonic-gate int i; 16247c478bd9Sstevel@tonic-gate char *s; 16257c478bd9Sstevel@tonic-gate 16267c478bd9Sstevel@tonic-gate for ( i = 0; NULL != ctrls[i]; ++i ) { 16277c478bd9Sstevel@tonic-gate if ( 0 == strcmp( ctrls[i]->ldctl_oid, 16287c478bd9Sstevel@tonic-gate LDAP_CONTROL_AUTH_RESPONSE )) { 16297c478bd9Sstevel@tonic-gate s = ctrls[i]->ldctl_value.bv_val; 16307c478bd9Sstevel@tonic-gate if ( NULL == s ) { 16317c478bd9Sstevel@tonic-gate s = "Null"; 16327c478bd9Sstevel@tonic-gate } else if ( *s == '\0' ) { 16337c478bd9Sstevel@tonic-gate s = "Anonymous"; 16347c478bd9Sstevel@tonic-gate } 16357c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: bound as %s\n"), ldaptool_progname, s ); 16367c478bd9Sstevel@tonic-gate } 16377c478bd9Sstevel@tonic-gate 16387c478bd9Sstevel@tonic-gate if ( 0 == strcmp( ctrls[i]->ldctl_oid, 16397c478bd9Sstevel@tonic-gate LDAP_CONTROL_PWEXPIRING )) { 16407c478bd9Sstevel@tonic-gate 16417c478bd9Sstevel@tonic-gate /* Warn the user his passwd is to expire */ 16427c478bd9Sstevel@tonic-gate errno = 0; 16437c478bd9Sstevel@tonic-gate pw_secs = atoi(ctrls[i]->ldctl_value.bv_val); 16447c478bd9Sstevel@tonic-gate if ( pw_secs > 0 && errno != ERANGE ) { 16457c478bd9Sstevel@tonic-gate if ( pw_secs > 86400 ) { 16467c478bd9Sstevel@tonic-gate pw_days = ( pw_secs / 86400 ); 16477c478bd9Sstevel@tonic-gate pw_secs = ( pw_secs % 86400 ); 16487c478bd9Sstevel@tonic-gate } 16497c478bd9Sstevel@tonic-gate if ( pw_secs > 3600 ) { 16507c478bd9Sstevel@tonic-gate pw_hrs = ( pw_secs / 3600 ); 16517c478bd9Sstevel@tonic-gate pw_secs = ( pw_secs % 3600 ); 16527c478bd9Sstevel@tonic-gate } 16537c478bd9Sstevel@tonic-gate if ( pw_secs > 60 ) { 16547c478bd9Sstevel@tonic-gate pw_mins = ( pw_secs / 60 ); 16557c478bd9Sstevel@tonic-gate pw_secs = ( pw_secs % 60 ); 16567c478bd9Sstevel@tonic-gate } 16577c478bd9Sstevel@tonic-gate 16587c478bd9Sstevel@tonic-gate printf(gettext("%s: Warning ! Your password will expire after "), ldaptool_progname); 16597c478bd9Sstevel@tonic-gate if ( pw_days ) { 16607c478bd9Sstevel@tonic-gate printf (gettext("%d days, "), pw_days); 16617c478bd9Sstevel@tonic-gate } 16627c478bd9Sstevel@tonic-gate if ( pw_hrs ) { 16637c478bd9Sstevel@tonic-gate printf (gettext("%d hrs, "), pw_hrs); 16647c478bd9Sstevel@tonic-gate } 16657c478bd9Sstevel@tonic-gate if ( pw_mins ) { 16667c478bd9Sstevel@tonic-gate printf (gettext("%d mins, "), pw_mins); 16677c478bd9Sstevel@tonic-gate } 16687c478bd9Sstevel@tonic-gate printf(gettext("%d seconds.\n"), pw_secs); 16697c478bd9Sstevel@tonic-gate 16707c478bd9Sstevel@tonic-gate } 16717c478bd9Sstevel@tonic-gate } 16727c478bd9Sstevel@tonic-gate } 16737c478bd9Sstevel@tonic-gate ldap_controls_free( ctrls ); 16747c478bd9Sstevel@tonic-gate } 16757c478bd9Sstevel@tonic-gate 16767c478bd9Sstevel@tonic-gate if ( servercredp != NULL && ( rc = ldap_parse_sasl_bind_result( ld, res, 16777c478bd9Sstevel@tonic-gate servercredp, 0 )) != LDAP_SUCCESS ) { 16787c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 16797c478bd9Sstevel@tonic-gate ldap_msgfree( res ); 16807c478bd9Sstevel@tonic-gate return( rc ); 16817c478bd9Sstevel@tonic-gate } 16827c478bd9Sstevel@tonic-gate 16837c478bd9Sstevel@tonic-gate if ( freeit ) { 16847c478bd9Sstevel@tonic-gate ldap_msgfree( res ); 16857c478bd9Sstevel@tonic-gate } 16867c478bd9Sstevel@tonic-gate 16877c478bd9Sstevel@tonic-gate if ( LDAPTOOL_RESULT_IS_AN_ERROR( lderr )) { 16887c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 16897c478bd9Sstevel@tonic-gate } 16907c478bd9Sstevel@tonic-gate 16917c478bd9Sstevel@tonic-gate if ( refs != NULL ) { 16927c478bd9Sstevel@tonic-gate ldaptool_print_referrals( refs ); 16937c478bd9Sstevel@tonic-gate ldap_value_free( refs ); 16947c478bd9Sstevel@tonic-gate } 16957c478bd9Sstevel@tonic-gate 16967c478bd9Sstevel@tonic-gate return( lderr ); 16977c478bd9Sstevel@tonic-gate } 16987c478bd9Sstevel@tonic-gate 16997c478bd9Sstevel@tonic-gate 17007c478bd9Sstevel@tonic-gate /* 17017c478bd9Sstevel@tonic-gate * if -M was passed on the command line, create and return a "Manage DSA IT" 17027c478bd9Sstevel@tonic-gate * LDAPv3 control. If not, return NULL. 17037c478bd9Sstevel@tonic-gate */ 17047c478bd9Sstevel@tonic-gate LDAPControl * 17057c478bd9Sstevel@tonic-gate ldaptool_create_manage_dsait_control( void ) 17067c478bd9Sstevel@tonic-gate { 17077c478bd9Sstevel@tonic-gate LDAPControl *ctl; 17087c478bd9Sstevel@tonic-gate 17097c478bd9Sstevel@tonic-gate if ( !send_manage_dsait_ctrl ) { 17107c478bd9Sstevel@tonic-gate return( NULL ); 17117c478bd9Sstevel@tonic-gate } 17127c478bd9Sstevel@tonic-gate 17137c478bd9Sstevel@tonic-gate if (( ctl = (LDAPControl *)calloc( 1, sizeof( LDAPControl ))) == NULL || 17147c478bd9Sstevel@tonic-gate ( ctl->ldctl_oid = strdup( LDAP_CONTROL_MANAGEDSAIT )) == NULL ) { 17157c478bd9Sstevel@tonic-gate perror( "calloc" ); 17167c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 17177c478bd9Sstevel@tonic-gate } 17187c478bd9Sstevel@tonic-gate 17197c478bd9Sstevel@tonic-gate ctl->ldctl_iscritical = 1; 17207c478bd9Sstevel@tonic-gate 17217c478bd9Sstevel@tonic-gate return( ctl ); 17227c478bd9Sstevel@tonic-gate } 17237c478bd9Sstevel@tonic-gate 17247c478bd9Sstevel@tonic-gate /* 17257c478bd9Sstevel@tonic-gate * if -y "dn" was supplied on the command line, create the control 17267c478bd9Sstevel@tonic-gate */ 17277c478bd9Sstevel@tonic-gate LDAPControl * 17287c478bd9Sstevel@tonic-gate ldaptool_create_proxyauth_control( LDAP *ld ) 17297c478bd9Sstevel@tonic-gate { 17307c478bd9Sstevel@tonic-gate LDAPControl *ctl = NULL; 17317c478bd9Sstevel@tonic-gate int rc; 17327c478bd9Sstevel@tonic-gate 17337c478bd9Sstevel@tonic-gate 17347c478bd9Sstevel@tonic-gate if ( !proxyauth_id) 17357c478bd9Sstevel@tonic-gate return( NULL ); 17367c478bd9Sstevel@tonic-gate 17377c478bd9Sstevel@tonic-gate if ( 2 == proxyauth_version ) { 17387c478bd9Sstevel@tonic-gate rc = ldap_create_proxiedauth_control( ld, proxyauth_id, &ctl); 17397c478bd9Sstevel@tonic-gate } else { 17407c478bd9Sstevel@tonic-gate rc = ldap_create_proxyauth_control( ld, proxyauth_id, 1, &ctl); 17417c478bd9Sstevel@tonic-gate } 17427c478bd9Sstevel@tonic-gate if ( rc != LDAP_SUCCESS) 17437c478bd9Sstevel@tonic-gate { 17447c478bd9Sstevel@tonic-gate if (ctl) 17457c478bd9Sstevel@tonic-gate ldap_control_free( ctl); 17467c478bd9Sstevel@tonic-gate return NULL; 17477c478bd9Sstevel@tonic-gate } 17487c478bd9Sstevel@tonic-gate return( ctl ); 17497c478bd9Sstevel@tonic-gate } 17507c478bd9Sstevel@tonic-gate 17517c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 17527c478bd9Sstevel@tonic-gate LDAPControl * 17537c478bd9Sstevel@tonic-gate ldaptool_create_geteffectiveRights_control ( LDAP *ld, const char *authzid, 17547c478bd9Sstevel@tonic-gate const char **attrlist) 17557c478bd9Sstevel@tonic-gate { 17567c478bd9Sstevel@tonic-gate LDAPControl *ctl = NULL; 17577c478bd9Sstevel@tonic-gate int rc; 17587c478bd9Sstevel@tonic-gate 17597c478bd9Sstevel@tonic-gate rc = ldap_create_geteffectiveRights_control( ld, authzid, attrlist, 1, 17607c478bd9Sstevel@tonic-gate &ctl); 17617c478bd9Sstevel@tonic-gate 17627c478bd9Sstevel@tonic-gate if ( rc != LDAP_SUCCESS) 17637c478bd9Sstevel@tonic-gate { 17647c478bd9Sstevel@tonic-gate if (ctl) 17657c478bd9Sstevel@tonic-gate ldap_control_free( ctl); 17667c478bd9Sstevel@tonic-gate return NULL; 17677c478bd9Sstevel@tonic-gate } 17687c478bd9Sstevel@tonic-gate return( ctl ); 17697c478bd9Sstevel@tonic-gate } 17707c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 17717c478bd9Sstevel@tonic-gate 17727c478bd9Sstevel@tonic-gate 17737c478bd9Sstevel@tonic-gate void 17747c478bd9Sstevel@tonic-gate ldaptool_add_control_to_array( LDAPControl *ctrl, LDAPControl **array) 17757c478bd9Sstevel@tonic-gate { 17767c478bd9Sstevel@tonic-gate 17777c478bd9Sstevel@tonic-gate int i; 17787c478bd9Sstevel@tonic-gate for (i=0; i< CONTROL_REQUESTS; i++) 17797c478bd9Sstevel@tonic-gate { 17807c478bd9Sstevel@tonic-gate if (*(array + i) == NULL) 17817c478bd9Sstevel@tonic-gate { 17827c478bd9Sstevel@tonic-gate *(array + i +1) = NULL; 17837c478bd9Sstevel@tonic-gate *(array + i) = ctrl; 17847c478bd9Sstevel@tonic-gate return ; 17857c478bd9Sstevel@tonic-gate } 17867c478bd9Sstevel@tonic-gate } 17877c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: failed to store request control!!!!!!\n"), 17887c478bd9Sstevel@tonic-gate ldaptool_progname); 17897c478bd9Sstevel@tonic-gate } 17907c478bd9Sstevel@tonic-gate 17917c478bd9Sstevel@tonic-gate /* 17927c478bd9Sstevel@tonic-gate * Dispose of all controls in array and prepare array for reuse. 17937c478bd9Sstevel@tonic-gate */ 17947c478bd9Sstevel@tonic-gate void 17957c478bd9Sstevel@tonic-gate ldaptool_reset_control_array( LDAPControl **array ) 17967c478bd9Sstevel@tonic-gate { 17977c478bd9Sstevel@tonic-gate int i; 17987c478bd9Sstevel@tonic-gate 17997c478bd9Sstevel@tonic-gate for ( i = 0; i < CONTROL_REQUESTS; i++ ) { 18007c478bd9Sstevel@tonic-gate if ( array[i] != NULL ) { 18017c478bd9Sstevel@tonic-gate ldap_control_free( array[i] ); 18027c478bd9Sstevel@tonic-gate array[i] = NULL; 18037c478bd9Sstevel@tonic-gate } 18047c478bd9Sstevel@tonic-gate } 18057c478bd9Sstevel@tonic-gate } 18067c478bd9Sstevel@tonic-gate 18077c478bd9Sstevel@tonic-gate /* 18087c478bd9Sstevel@tonic-gate * This function calculates control value and its length. *value can 18097c478bd9Sstevel@tonic-gate * be pointing to plain value, ":b64encoded value" or "<fileurl". 18107c478bd9Sstevel@tonic-gate */ 18117c478bd9Sstevel@tonic-gate static int 18127c478bd9Sstevel@tonic-gate calculate_ctrl_value( const char *value, 18137c478bd9Sstevel@tonic-gate char **ctrl_value, int *vlen) 18147c478bd9Sstevel@tonic-gate { 18157c478bd9Sstevel@tonic-gate int b64; 18167c478bd9Sstevel@tonic-gate if (*value == ':') { 18177c478bd9Sstevel@tonic-gate value++; 18187c478bd9Sstevel@tonic-gate b64 = 1; 18197c478bd9Sstevel@tonic-gate } else { 18207c478bd9Sstevel@tonic-gate b64 = 0; 18217c478bd9Sstevel@tonic-gate } 18227c478bd9Sstevel@tonic-gate *ctrl_value = (char *)value; 18237c478bd9Sstevel@tonic-gate 18247c478bd9Sstevel@tonic-gate if ( b64 ) { 18257c478bd9Sstevel@tonic-gate if (( *vlen = ldif_base64_decode( (char *)value, 18267c478bd9Sstevel@tonic-gate (unsigned char *)value )) < 0 ) { 18277c478bd9Sstevel@tonic-gate fprintf( stderr, 18287c478bd9Sstevel@tonic-gate gettext("Unable to decode base64 control value \"%s\"\n"), value); 18297c478bd9Sstevel@tonic-gate return( -1 ); 18307c478bd9Sstevel@tonic-gate } 18317c478bd9Sstevel@tonic-gate } else { 18327c478bd9Sstevel@tonic-gate *vlen = (int)strlen(*ctrl_value); 18337c478bd9Sstevel@tonic-gate } 18347c478bd9Sstevel@tonic-gate return( 0 ); 18357c478bd9Sstevel@tonic-gate } 18367c478bd9Sstevel@tonic-gate 18377c478bd9Sstevel@tonic-gate /* 18387c478bd9Sstevel@tonic-gate * Parse the optarg from -J option of ldapsearch 18397c478bd9Sstevel@tonic-gate * and within LDIFfile for ldapmodify. Take ctrl_arg 18407c478bd9Sstevel@tonic-gate * (the whole string) and divide it into oid, criticality 18417c478bd9Sstevel@tonic-gate * and value. This function breaks down original ctrl_arg 18427c478bd9Sstevel@tonic-gate * with '\0' in places. Also, calculate length of valuestring. 18437c478bd9Sstevel@tonic-gate */ 18447c478bd9Sstevel@tonic-gate int 18457c478bd9Sstevel@tonic-gate ldaptool_parse_ctrl_arg(char *ctrl_arg, char sep, 18467c478bd9Sstevel@tonic-gate char **ctrl_oid, int *ctrl_criticality, 18477c478bd9Sstevel@tonic-gate char **ctrl_value, int *vlen) 18487c478bd9Sstevel@tonic-gate { 18497c478bd9Sstevel@tonic-gate char *s, *p; 18507c478bd9Sstevel@tonic-gate int strict; 18517c478bd9Sstevel@tonic-gate 18527c478bd9Sstevel@tonic-gate /* Initialize passed variables with default values */ 18537c478bd9Sstevel@tonic-gate *ctrl_oid = *ctrl_value = NULL; 18547c478bd9Sstevel@tonic-gate *ctrl_criticality = 0; 18557c478bd9Sstevel@tonic-gate *vlen = 0; 18567c478bd9Sstevel@tonic-gate 18577c478bd9Sstevel@tonic-gate strict = (sep == ' ' ? 1 : 0); 18587c478bd9Sstevel@tonic-gate if(!(s=strchr(ctrl_arg, sep))) { 18597c478bd9Sstevel@tonic-gate /* Possible values of ctrl_arg are 18607c478bd9Sstevel@tonic-gate * oid[:value|::b64value|:<fileurl] within LDIF, i.e. sep=' ' 18617c478bd9Sstevel@tonic-gate * oid from command line option, i.e. sep=':' 18627c478bd9Sstevel@tonic-gate */ 18637c478bd9Sstevel@tonic-gate if (sep == ' ') { 18647c478bd9Sstevel@tonic-gate if (!(s=strchr(ctrl_arg, ':'))) { 18657c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18667c478bd9Sstevel@tonic-gate } 18677c478bd9Sstevel@tonic-gate else { 18687c478bd9Sstevel@tonic-gate /* ctrl_arg is of oid:[value|:b64value|<fileurl] 18697c478bd9Sstevel@tonic-gate * form in the LDIF record. So, grab the oid and then 18707c478bd9Sstevel@tonic-gate * jump to continue the parsing of ctrl_arg. 18717c478bd9Sstevel@tonic-gate * 's' is pointing just after oid ends. 18727c478bd9Sstevel@tonic-gate */ 18737c478bd9Sstevel@tonic-gate *s++ = '\0'; 18747c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18757c478bd9Sstevel@tonic-gate return (calculate_ctrl_value( s, ctrl_value, vlen )); 18767c478bd9Sstevel@tonic-gate } 18777c478bd9Sstevel@tonic-gate } else { 18787c478bd9Sstevel@tonic-gate /* oid - from command line option, i.e. sep=':' */ 18797c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18807c478bd9Sstevel@tonic-gate } 18817c478bd9Sstevel@tonic-gate } 18827c478bd9Sstevel@tonic-gate else { 18837c478bd9Sstevel@tonic-gate /* Possible values of ctrl_arg are 18847c478bd9Sstevel@tonic-gate * oid:criticality[:value|::b64value|:<fileurl] - command line 18857c478bd9Sstevel@tonic-gate * oid criticality[:value|::b64value|:<fileurl] - LDIF 18867c478bd9Sstevel@tonic-gate * And 's' is pointing just after oid ends. 18877c478bd9Sstevel@tonic-gate */ 18887c478bd9Sstevel@tonic-gate 18897c478bd9Sstevel@tonic-gate if (*(s+1) == '\0') { 18907c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("missing value\n") ); 18917c478bd9Sstevel@tonic-gate return( -1 ); 18927c478bd9Sstevel@tonic-gate } 18937c478bd9Sstevel@tonic-gate *s = '\0'; 18947c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18957c478bd9Sstevel@tonic-gate p = ++s; 18967c478bd9Sstevel@tonic-gate if(!(s=strchr(p, ':'))) { 18977c478bd9Sstevel@tonic-gate if ( (*ctrl_criticality = ldaptool_boolean_str2value(p, strict)) 18987c478bd9Sstevel@tonic-gate == -1 ) { 18997c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Invalid criticality value\n") ); 19007c478bd9Sstevel@tonic-gate return( -1 ); 19017c478bd9Sstevel@tonic-gate } 19027c478bd9Sstevel@tonic-gate } 19037c478bd9Sstevel@tonic-gate else { 19047c478bd9Sstevel@tonic-gate if (*(s+1) == '\0') { 19057c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("missing value\n") ); 19067c478bd9Sstevel@tonic-gate return ( -1 ); 19077c478bd9Sstevel@tonic-gate } 19087c478bd9Sstevel@tonic-gate *s++ = '\0'; 19097c478bd9Sstevel@tonic-gate if ( (*ctrl_criticality = ldaptool_boolean_str2value(p, strict)) 19107c478bd9Sstevel@tonic-gate == -1 ) { 19117c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Invalid criticality value\n") ); 19127c478bd9Sstevel@tonic-gate return ( -1 ); 19137c478bd9Sstevel@tonic-gate } 19147c478bd9Sstevel@tonic-gate return (calculate_ctrl_value( s, ctrl_value, vlen )); 19157c478bd9Sstevel@tonic-gate } 19167c478bd9Sstevel@tonic-gate } 19177c478bd9Sstevel@tonic-gate 19187c478bd9Sstevel@tonic-gate return( 0 ); 19197c478bd9Sstevel@tonic-gate } 19207c478bd9Sstevel@tonic-gate 19217c478bd9Sstevel@tonic-gate 19227c478bd9Sstevel@tonic-gate /* 19237c478bd9Sstevel@tonic-gate * callback function for LDAP bind credentials 19247c478bd9Sstevel@tonic-gate */ 19257c478bd9Sstevel@tonic-gate static int 19267c478bd9Sstevel@tonic-gate LDAP_CALL 19277c478bd9Sstevel@tonic-gate LDAP_CALLBACK 19287c478bd9Sstevel@tonic-gate get_rebind_credentials( LDAP *ld, char **whop, char **credp, 19297c478bd9Sstevel@tonic-gate int *methodp, int freeit, void* arg ) 19307c478bd9Sstevel@tonic-gate { 19317c478bd9Sstevel@tonic-gate if ( !freeit ) { 19327c478bd9Sstevel@tonic-gate *whop = binddn; 19337c478bd9Sstevel@tonic-gate *credp = passwd; 19347c478bd9Sstevel@tonic-gate *methodp = LDAP_AUTH_SIMPLE; 19357c478bd9Sstevel@tonic-gate } 19367c478bd9Sstevel@tonic-gate 19377c478bd9Sstevel@tonic-gate return( LDAP_SUCCESS ); 19387c478bd9Sstevel@tonic-gate } 19397c478bd9Sstevel@tonic-gate 19407c478bd9Sstevel@tonic-gate 19417c478bd9Sstevel@tonic-gate /* 19427c478bd9Sstevel@tonic-gate * return pointer to pathname to temporary directory. 19437c478bd9Sstevel@tonic-gate * First we see if the environment variable "TEMP" is set and use it. 19447c478bd9Sstevel@tonic-gate * Then we see if the environment variable "TMP" is set and use it. 19457c478bd9Sstevel@tonic-gate * If this fails, we use "/tmp" on UNIX and fail on Windows. 19467c478bd9Sstevel@tonic-gate */ 19477c478bd9Sstevel@tonic-gate char * 19487c478bd9Sstevel@tonic-gate ldaptool_get_tmp_dir( void ) 19497c478bd9Sstevel@tonic-gate { 19507c478bd9Sstevel@tonic-gate char *p; 19517c478bd9Sstevel@tonic-gate int offset; 19527c478bd9Sstevel@tonic-gate 19537c478bd9Sstevel@tonic-gate if (( p = getenv( "TEMP" )) == NULL && ( p = getenv( "TMP" )) == NULL ) { 19547c478bd9Sstevel@tonic-gate #ifdef _WINDOWS 19557c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: please set the TEMP environment variable.\n"), 19567c478bd9Sstevel@tonic-gate ldaptool_progname ); 19577c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 19587c478bd9Sstevel@tonic-gate #else 19597c478bd9Sstevel@tonic-gate return( "/tmp" ); /* last resort on UNIX */ 19607c478bd9Sstevel@tonic-gate #endif 19617c478bd9Sstevel@tonic-gate } 19627c478bd9Sstevel@tonic-gate 19637c478bd9Sstevel@tonic-gate /* 19647c478bd9Sstevel@tonic-gate * remove trailing slash if present 19657c478bd9Sstevel@tonic-gate */ 19667c478bd9Sstevel@tonic-gate offset = strlen( p ) - 1; 19677c478bd9Sstevel@tonic-gate if ( p[offset] == '/' 19687c478bd9Sstevel@tonic-gate #ifdef _WINDOWS 19697c478bd9Sstevel@tonic-gate || p[offset] == '\\' 19707c478bd9Sstevel@tonic-gate #endif 19717c478bd9Sstevel@tonic-gate ) { 19727c478bd9Sstevel@tonic-gate if (( p = strdup( p )) == NULL ) { 19737c478bd9Sstevel@tonic-gate perror( "strdup" ); 19747c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 19757c478bd9Sstevel@tonic-gate } 19767c478bd9Sstevel@tonic-gate 19777c478bd9Sstevel@tonic-gate p[offset] = '\0'; 19787c478bd9Sstevel@tonic-gate } 19797c478bd9Sstevel@tonic-gate 19807c478bd9Sstevel@tonic-gate return( p ); 19817c478bd9Sstevel@tonic-gate } 19827c478bd9Sstevel@tonic-gate 19837c478bd9Sstevel@tonic-gate 19847c478bd9Sstevel@tonic-gate int 19857c478bd9Sstevel@tonic-gate ldaptool_berval_is_ascii( const struct berval *bvp ) 19867c478bd9Sstevel@tonic-gate { 19877c478bd9Sstevel@tonic-gate unsigned long j; 19887c478bd9Sstevel@tonic-gate int is_ascii = 1; /* optimistic */ 19897c478bd9Sstevel@tonic-gate 19907c478bd9Sstevel@tonic-gate for ( j = 0; j < bvp->bv_len; ++j ) { 19917c478bd9Sstevel@tonic-gate if ( !isascii( bvp->bv_val[ j ] )) { 19927c478bd9Sstevel@tonic-gate is_ascii = 0; 19937c478bd9Sstevel@tonic-gate break; 19947c478bd9Sstevel@tonic-gate } 19957c478bd9Sstevel@tonic-gate } 19967c478bd9Sstevel@tonic-gate 19977c478bd9Sstevel@tonic-gate return( is_ascii ); 19987c478bd9Sstevel@tonic-gate } 19997c478bd9Sstevel@tonic-gate 20007c478bd9Sstevel@tonic-gate 20017c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG_MEMORY 20027c478bd9Sstevel@tonic-gate #define LDAPTOOL_ALLOC_FREED 0xF001 20037c478bd9Sstevel@tonic-gate #define LDAPTOOL_ALLOC_INUSE 0xF002 20047c478bd9Sstevel@tonic-gate 20057c478bd9Sstevel@tonic-gate static void * 20067c478bd9Sstevel@tonic-gate ldaptool_debug_alloc( void *ptr, size_t size ) 20077c478bd9Sstevel@tonic-gate { 20087c478bd9Sstevel@tonic-gate int *statusp; 20097c478bd9Sstevel@tonic-gate void *systemptr; 20107c478bd9Sstevel@tonic-gate 20117c478bd9Sstevel@tonic-gate if ( ptr == NULL ) { 20127c478bd9Sstevel@tonic-gate systemptr = NULL; 20137c478bd9Sstevel@tonic-gate } else { 20147c478bd9Sstevel@tonic-gate systemptr = (void *)((char *)ptr - sizeof(int)); 20157c478bd9Sstevel@tonic-gate } 20167c478bd9Sstevel@tonic-gate 20177c478bd9Sstevel@tonic-gate if (( statusp = (int *)realloc( systemptr, size + sizeof(int))) == NULL ) { 20187c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: realloc( 0x%x, %d) failed\n"), 20197c478bd9Sstevel@tonic-gate ldaptool_progname, systemptr, size ); 20207c478bd9Sstevel@tonic-gate return( NULL ); 20217c478bd9Sstevel@tonic-gate } 20227c478bd9Sstevel@tonic-gate 20237c478bd9Sstevel@tonic-gate *statusp = LDAPTOOL_ALLOC_INUSE; 20247c478bd9Sstevel@tonic-gate 20257c478bd9Sstevel@tonic-gate return( (char *)statusp + sizeof(int)); 20267c478bd9Sstevel@tonic-gate } 20277c478bd9Sstevel@tonic-gate 20287c478bd9Sstevel@tonic-gate 20297c478bd9Sstevel@tonic-gate static void * 20307c478bd9Sstevel@tonic-gate ldaptool_debug_realloc( void *ptr, size_t size ) 20317c478bd9Sstevel@tonic-gate { 20327c478bd9Sstevel@tonic-gate void *p; 20337c478bd9Sstevel@tonic-gate 20347c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20357c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => realloc( 0x%x, %d )\n"), 20367c478bd9Sstevel@tonic-gate ldaptool_progname, ptr, size ); 20377c478bd9Sstevel@tonic-gate } 20387c478bd9Sstevel@tonic-gate 20397c478bd9Sstevel@tonic-gate p = ldaptool_debug_alloc( ptr, size ); 20407c478bd9Sstevel@tonic-gate 20417c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20427c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: 0x%x <= realloc()\n"), ldaptool_progname, p ); 20437c478bd9Sstevel@tonic-gate } 20447c478bd9Sstevel@tonic-gate 20457c478bd9Sstevel@tonic-gate return( p ); 20467c478bd9Sstevel@tonic-gate } 20477c478bd9Sstevel@tonic-gate 20487c478bd9Sstevel@tonic-gate 20497c478bd9Sstevel@tonic-gate static void * 20507c478bd9Sstevel@tonic-gate ldaptool_debug_malloc( size_t size ) 20517c478bd9Sstevel@tonic-gate { 20527c478bd9Sstevel@tonic-gate void *p; 20537c478bd9Sstevel@tonic-gate 20547c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20557c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => malloc( %d)\n"), ldaptool_progname, size ); 20567c478bd9Sstevel@tonic-gate } 20577c478bd9Sstevel@tonic-gate 20587c478bd9Sstevel@tonic-gate p = ldaptool_debug_alloc( NULL, size ); 20597c478bd9Sstevel@tonic-gate 20607c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20617c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: 0x%x <= malloc()\n"), ldaptool_progname, p ); 20627c478bd9Sstevel@tonic-gate } 20637c478bd9Sstevel@tonic-gate 20647c478bd9Sstevel@tonic-gate return( p ); 20657c478bd9Sstevel@tonic-gate } 20667c478bd9Sstevel@tonic-gate 20677c478bd9Sstevel@tonic-gate 20687c478bd9Sstevel@tonic-gate static void * 20697c478bd9Sstevel@tonic-gate ldaptool_debug_calloc( size_t nelem, size_t elsize ) 20707c478bd9Sstevel@tonic-gate { 20717c478bd9Sstevel@tonic-gate void *p; 20727c478bd9Sstevel@tonic-gate 20737c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20747c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => calloc( %d, %d )\n"), 20757c478bd9Sstevel@tonic-gate ldaptool_progname, nelem, elsize ); 20767c478bd9Sstevel@tonic-gate } 20777c478bd9Sstevel@tonic-gate 20787c478bd9Sstevel@tonic-gate if (( p = ldaptool_debug_alloc( NULL, nelem * elsize )) != NULL ) { 20797c478bd9Sstevel@tonic-gate memset( p, 0, nelem * elsize ); 20807c478bd9Sstevel@tonic-gate } 20817c478bd9Sstevel@tonic-gate 20827c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20837c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: 0x%x <= calloc()\n"), ldaptool_progname, p ); 20847c478bd9Sstevel@tonic-gate } 20857c478bd9Sstevel@tonic-gate 20867c478bd9Sstevel@tonic-gate return( p ); 20877c478bd9Sstevel@tonic-gate } 20887c478bd9Sstevel@tonic-gate 20897c478bd9Sstevel@tonic-gate 20907c478bd9Sstevel@tonic-gate static void 20917c478bd9Sstevel@tonic-gate ldaptool_debug_free( void *ptr ) 20927c478bd9Sstevel@tonic-gate { 20937c478bd9Sstevel@tonic-gate int *statusp = (int *)((char *)ptr - sizeof(int)); 20947c478bd9Sstevel@tonic-gate 20957c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20967c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => free( 0x%x )\n"), ldaptool_progname, ptr ); 20977c478bd9Sstevel@tonic-gate } 20987c478bd9Sstevel@tonic-gate 20997c478bd9Sstevel@tonic-gate if ( ptr == NULL ) { 21007c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: bad free( 0x0 ) attempted (NULL pointer)\n"), 21017c478bd9Sstevel@tonic-gate ldaptool_progname ); 21027c478bd9Sstevel@tonic-gate } else if ( *statusp != LDAPTOOL_ALLOC_INUSE ) { 21037c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: bad free( 0x%x ) attempted" 21047c478bd9Sstevel@tonic-gate " (block not in use; status is %d)\n"), 21057c478bd9Sstevel@tonic-gate ldaptool_progname, ptr, *statusp ); 21067c478bd9Sstevel@tonic-gate } else { 21077c478bd9Sstevel@tonic-gate *statusp = LDAPTOOL_ALLOC_FREED; 21087c478bd9Sstevel@tonic-gate free( statusp ); 21097c478bd9Sstevel@tonic-gate } 21107c478bd9Sstevel@tonic-gate } 21117c478bd9Sstevel@tonic-gate #endif /* LDAP_DEBUG_MEMORY */ 21127c478bd9Sstevel@tonic-gate 21137c478bd9Sstevel@tonic-gate 21147c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 21157c478bd9Sstevel@tonic-gate /* 21167c478bd9Sstevel@tonic-gate * Derive key database path from certificate database path and return a 21177c478bd9Sstevel@tonic-gate * malloc'd string. 21187c478bd9Sstevel@tonic-gate * 21197c478bd9Sstevel@tonic-gate * We just return an exact copy of "certdbpath" unless it ends in "cert.db", 21207c478bd9Sstevel@tonic-gate * "cert5.db", or "cert7.db". In those cases we strip off everything from 21217c478bd9Sstevel@tonic-gate * "cert" on and append "key.db", "key5.db", or "key3.db" as appropriate. 21227c478bd9Sstevel@tonic-gate * Strangely enough cert7.db and key3.db go together. 21237c478bd9Sstevel@tonic-gate */ 21247c478bd9Sstevel@tonic-gate static char * 21257c478bd9Sstevel@tonic-gate certpath2keypath( char *certdbpath ) 21267c478bd9Sstevel@tonic-gate { 21277c478bd9Sstevel@tonic-gate char *keydbpath, *appendstr; 21287c478bd9Sstevel@tonic-gate int len, striplen; 21297c478bd9Sstevel@tonic-gate 21307c478bd9Sstevel@tonic-gate if ( certdbpath == NULL ) { 21317c478bd9Sstevel@tonic-gate return( NULL ); 21327c478bd9Sstevel@tonic-gate } 21337c478bd9Sstevel@tonic-gate 21347c478bd9Sstevel@tonic-gate if (( keydbpath = strdup( certdbpath )) == NULL ) { 21357c478bd9Sstevel@tonic-gate perror( "strdup" ); 21367c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 21377c478bd9Sstevel@tonic-gate } 21387c478bd9Sstevel@tonic-gate 21397c478bd9Sstevel@tonic-gate len = strlen( keydbpath ); 21407c478bd9Sstevel@tonic-gate if ( len > 7 && 21417c478bd9Sstevel@tonic-gate strcasecmp( "cert.db", keydbpath + len - 7 ) == 0 ) { 21427c478bd9Sstevel@tonic-gate striplen = 7; 21437c478bd9Sstevel@tonic-gate appendstr = "key.db"; 21447c478bd9Sstevel@tonic-gate 21457c478bd9Sstevel@tonic-gate } else if ( len > 8 && 21467c478bd9Sstevel@tonic-gate strcasecmp( "cert5.db", keydbpath + len - 8 ) == 0 ) { 21477c478bd9Sstevel@tonic-gate striplen = 8; 21487c478bd9Sstevel@tonic-gate appendstr = "key5.db"; 21497c478bd9Sstevel@tonic-gate } else if ( len > 8 && 21507c478bd9Sstevel@tonic-gate strcasecmp( "cert7.db", keydbpath + len - 8 ) == 0 ) { 21517c478bd9Sstevel@tonic-gate striplen = 8; 21527c478bd9Sstevel@tonic-gate appendstr = "key3.db"; 21537c478bd9Sstevel@tonic-gate } else { 21547c478bd9Sstevel@tonic-gate striplen = 0; 21557c478bd9Sstevel@tonic-gate } 21567c478bd9Sstevel@tonic-gate 21577c478bd9Sstevel@tonic-gate if ( striplen > 0 ) { 21587c478bd9Sstevel@tonic-gate /* 21597c478bd9Sstevel@tonic-gate * The following code assumes that strlen( appendstr ) < striplen! 21607c478bd9Sstevel@tonic-gate */ 21617c478bd9Sstevel@tonic-gate strcpy( keydbpath + len - striplen, appendstr ); 21627c478bd9Sstevel@tonic-gate } 21637c478bd9Sstevel@tonic-gate 21647c478bd9Sstevel@tonic-gate return( keydbpath ); 21657c478bd9Sstevel@tonic-gate } 21667c478bd9Sstevel@tonic-gate 21677c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 21687c478bd9Sstevel@tonic-gate static 21697c478bd9Sstevel@tonic-gate char * 21707c478bd9Sstevel@tonic-gate buildTokenCertName( const char *tokenName, const char *certName) 21717c478bd9Sstevel@tonic-gate { 21727c478bd9Sstevel@tonic-gate 21737c478bd9Sstevel@tonic-gate int tokenlen = strlen(tokenName); 21747c478bd9Sstevel@tonic-gate int len = tokenlen + strlen(certName) +2; 21757c478bd9Sstevel@tonic-gate char *result; 21767c478bd9Sstevel@tonic-gate 21777c478bd9Sstevel@tonic-gate if (( result = malloc( len )) != NULL) { 21787c478bd9Sstevel@tonic-gate strcpy(result, tokenName); 21797c478bd9Sstevel@tonic-gate *(result+tokenlen) = ':'; 21807c478bd9Sstevel@tonic-gate ++tokenlen; 21817c478bd9Sstevel@tonic-gate strcpy(result+tokenlen, certName); 21827c478bd9Sstevel@tonic-gate } else { 21837c478bd9Sstevel@tonic-gate perror("malloc"); 21847c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 21857c478bd9Sstevel@tonic-gate } 21867c478bd9Sstevel@tonic-gate return result; 21877c478bd9Sstevel@tonic-gate } 21887c478bd9Sstevel@tonic-gate 21897c478bd9Sstevel@tonic-gate 21907c478bd9Sstevel@tonic-gate 21917c478bd9Sstevel@tonic-gate static 21927c478bd9Sstevel@tonic-gate int 21937c478bd9Sstevel@tonic-gate ldaptool_getcertpath( void *context, char **certlocp ) 21947c478bd9Sstevel@tonic-gate { 21957c478bd9Sstevel@tonic-gate 21967c478bd9Sstevel@tonic-gate *certlocp = ssl_certdbpath; 21977c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 21987c478bd9Sstevel@tonic-gate if (ssl_certdbpath) 21997c478bd9Sstevel@tonic-gate { 22007c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertpath -- %s\n"), ssl_certdbpath ); 22017c478bd9Sstevel@tonic-gate } 22027c478bd9Sstevel@tonic-gate else 22037c478bd9Sstevel@tonic-gate { 22047c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertpath -- (null)\n")); 22057c478bd9Sstevel@tonic-gate } 22067c478bd9Sstevel@tonic-gate 22077c478bd9Sstevel@tonic-gate } 22087c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22097c478bd9Sstevel@tonic-gate } 22107c478bd9Sstevel@tonic-gate 22117c478bd9Sstevel@tonic-gate int 22127c478bd9Sstevel@tonic-gate ldaptool_getcertname( void *context, char **certnamep ) 22137c478bd9Sstevel@tonic-gate { 22147c478bd9Sstevel@tonic-gate 22157c478bd9Sstevel@tonic-gate *certnamep = ssl_certname; 22167c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22177c478bd9Sstevel@tonic-gate if (ssl_certname) 22187c478bd9Sstevel@tonic-gate { 22197c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertname -- %s\n"), *certnamep); 22207c478bd9Sstevel@tonic-gate } 22217c478bd9Sstevel@tonic-gate else 22227c478bd9Sstevel@tonic-gate { 22237c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertname -- (null)\n")); 22247c478bd9Sstevel@tonic-gate } 22257c478bd9Sstevel@tonic-gate } 22267c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22277c478bd9Sstevel@tonic-gate } 22287c478bd9Sstevel@tonic-gate 22297c478bd9Sstevel@tonic-gate int 22307c478bd9Sstevel@tonic-gate ldaptool_getkeypath(void *context, char **keylocp ) 22317c478bd9Sstevel@tonic-gate { 22327c478bd9Sstevel@tonic-gate *keylocp = ssl_keydbpath; 22337c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22347c478bd9Sstevel@tonic-gate if (ssl_keydbpath) 22357c478bd9Sstevel@tonic-gate { 22367c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getkeypath -- %s\n"),*keylocp); 22377c478bd9Sstevel@tonic-gate } 22387c478bd9Sstevel@tonic-gate else 22397c478bd9Sstevel@tonic-gate { 22407c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getkeypath -- (null)\n")); 22417c478bd9Sstevel@tonic-gate } 22427c478bd9Sstevel@tonic-gate } 22437c478bd9Sstevel@tonic-gate 22447c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22457c478bd9Sstevel@tonic-gate } 22467c478bd9Sstevel@tonic-gate 22477c478bd9Sstevel@tonic-gate int 22487c478bd9Sstevel@tonic-gate ldaptool_gettokenname( void *context, char **tokennamep ) 22497c478bd9Sstevel@tonic-gate { 22507c478bd9Sstevel@tonic-gate 22517c478bd9Sstevel@tonic-gate *tokennamep = pkcs_token; 22527c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22537c478bd9Sstevel@tonic-gate if (pkcs_token) 22547c478bd9Sstevel@tonic-gate { 22557c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_gettokenname -- %s\n"),*tokennamep); 22567c478bd9Sstevel@tonic-gate } 22577c478bd9Sstevel@tonic-gate else 22587c478bd9Sstevel@tonic-gate { 22597c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_gettokenname -- (null)\n")); 22607c478bd9Sstevel@tonic-gate } 22617c478bd9Sstevel@tonic-gate } 22627c478bd9Sstevel@tonic-gate 22637c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22647c478bd9Sstevel@tonic-gate } 22657c478bd9Sstevel@tonic-gate int 22667c478bd9Sstevel@tonic-gate ldaptool_gettokenpin( void *context, const char *tokennamep, char **tokenpinp) 22677c478bd9Sstevel@tonic-gate { 22687c478bd9Sstevel@tonic-gate 22697c478bd9Sstevel@tonic-gate #if 0 22707c478bd9Sstevel@tonic-gate char *localtoken; 22717c478bd9Sstevel@tonic-gate #endif 22727c478bd9Sstevel@tonic-gate 22737c478bd9Sstevel@tonic-gate /* XXXceb this stuff is removed for the time being. 22747c478bd9Sstevel@tonic-gate * This function should return the pin from ssl_password 22757c478bd9Sstevel@tonic-gate */ 22767c478bd9Sstevel@tonic-gate 22777c478bd9Sstevel@tonic-gate 22787c478bd9Sstevel@tonic-gate *tokenpinp = ssl_passwd; 22797c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22807c478bd9Sstevel@tonic-gate 22817c478bd9Sstevel@tonic-gate #if 0 22827c478bd9Sstevel@tonic-gate 22837c478bd9Sstevel@tonic-gate ldaptool_gettokenname( NULL, &localtoken); 22847c478bd9Sstevel@tonic-gate 22857c478bd9Sstevel@tonic-gate if (strcmp( localtoken, tokennamep)) 22867c478bd9Sstevel@tonic-gate 22877c478bd9Sstevel@tonic-gate *tokenpinp = pkcs_pin; 22887c478bd9Sstevel@tonic-gate else 22897c478bd9Sstevel@tonic-gate *tokenpinp = NULL; 22907c478bd9Sstevel@tonic-gate 22917c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22927c478bd9Sstevel@tonic-gate if (pkcs_pin) 22937c478bd9Sstevel@tonic-gate { 22947c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getokenpin --%s\n"), tokenpinp); 22957c478bd9Sstevel@tonic-gate } 22967c478bd9Sstevel@tonic-gate else 22977c478bd9Sstevel@tonic-gate { 22987c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getokenpin -- (null)\n")); 22997c478bd9Sstevel@tonic-gate } 23007c478bd9Sstevel@tonic-gate } 23017c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23027c478bd9Sstevel@tonic-gate #endif 23037c478bd9Sstevel@tonic-gate } 23047c478bd9Sstevel@tonic-gate 23057c478bd9Sstevel@tonic-gate int 23067c478bd9Sstevel@tonic-gate ldaptool_getmodpath( void *context, char **modulep ) 23077c478bd9Sstevel@tonic-gate { 23087c478bd9Sstevel@tonic-gate *modulep = ssl_secmodpath; 23097c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 23107c478bd9Sstevel@tonic-gate if (ssl_secmodpath) 23117c478bd9Sstevel@tonic-gate { 23127c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getmodpath -- %s\n"), *modulep); 23137c478bd9Sstevel@tonic-gate } 23147c478bd9Sstevel@tonic-gate else 23157c478bd9Sstevel@tonic-gate { 23167c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getmodpath -- (null)\n")); 23177c478bd9Sstevel@tonic-gate } 23187c478bd9Sstevel@tonic-gate } 23197c478bd9Sstevel@tonic-gate 23207c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23217c478bd9Sstevel@tonic-gate } 23227c478bd9Sstevel@tonic-gate 23237c478bd9Sstevel@tonic-gate int 23247c478bd9Sstevel@tonic-gate ldaptool_getdonglefilename( void *context, char **filename ) 23257c478bd9Sstevel@tonic-gate { 23267c478bd9Sstevel@tonic-gate *filename = ssl_donglefile; 23277c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 23287c478bd9Sstevel@tonic-gate if (ssl_donglefile) 23297c478bd9Sstevel@tonic-gate { 23307c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getdonglefilename -- %s\n"), *filename); 23317c478bd9Sstevel@tonic-gate } 23327c478bd9Sstevel@tonic-gate else 23337c478bd9Sstevel@tonic-gate { 23347c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getdonglefilename -- (null)\n")); 23357c478bd9Sstevel@tonic-gate } 23367c478bd9Sstevel@tonic-gate 23377c478bd9Sstevel@tonic-gate } 23387c478bd9Sstevel@tonic-gate 23397c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23407c478bd9Sstevel@tonic-gate } 23417c478bd9Sstevel@tonic-gate 23427c478bd9Sstevel@tonic-gate static int 23437c478bd9Sstevel@tonic-gate ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns) 23447c478bd9Sstevel@tonic-gate { 23457c478bd9Sstevel@tonic-gate pfns->pkcs_getcertpath = (int (*)(void *, char **))ldaptool_getcertpath; 23467c478bd9Sstevel@tonic-gate pfns->pkcs_getcertname = (int (*)(void *, char **))ldaptool_getcertname; 23477c478bd9Sstevel@tonic-gate pfns->pkcs_getkeypath = (int (*)(void *, char **)) ldaptool_getkeypath; 23487c478bd9Sstevel@tonic-gate pfns->pkcs_getmodpath = (int (*)(void *, char **)) ldaptool_getmodpath; 23497c478bd9Sstevel@tonic-gate pfns->pkcs_getpin = (int (*)(void *, const char*, char **)) ldaptool_gettokenpin; 23507c478bd9Sstevel@tonic-gate pfns->pkcs_gettokenname = (int (*)(void *, char **)) ldaptool_gettokenname; 23517c478bd9Sstevel@tonic-gate pfns->pkcs_getdonglefilename = (int (*)(void *, char **)) ldaptool_getdonglefilename; 23527c478bd9Sstevel@tonic-gate pfns->local_structure_id=PKCS_STRUCTURE_ID; 23537c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23547c478bd9Sstevel@tonic-gate } 23557c478bd9Sstevel@tonic-gate 23567c478bd9Sstevel@tonic-gate 23577c478bd9Sstevel@tonic-gate 23587c478bd9Sstevel@tonic-gate #ifdef FORTEZZA 23597c478bd9Sstevel@tonic-gate static int 23607c478bd9Sstevel@tonic-gate ldaptool_fortezza_init( int exit_on_error ) 23617c478bd9Sstevel@tonic-gate { 23627c478bd9Sstevel@tonic-gate int rc, errcode; 23637c478bd9Sstevel@tonic-gate 23647c478bd9Sstevel@tonic-gate if ( fortezza_personality == NULL && fortezza_cardmask == 0 ) { /* no FORTEZZA desired */ 23657c478bd9Sstevel@tonic-gate SSL_EnableGroup( SSL_GroupFortezza, DSFalse ); /* disable FORTEZZA */ 23667c478bd9Sstevel@tonic-gate return( 0 ); 23677c478bd9Sstevel@tonic-gate } 23687c478bd9Sstevel@tonic-gate 23697c478bd9Sstevel@tonic-gate if (( rc = FortezzaConfigureServer( ldaptool_fortezza_getpin, fortezza_cardmask, 23707c478bd9Sstevel@tonic-gate fortezza_personality, ldaptool_fortezza_alert, NULL, &errcode, 23717c478bd9Sstevel@tonic-gate fortezza_krlfile )) < 0 ) { 23727c478bd9Sstevel@tonic-gate fprintf( stderr, 23737c478bd9Sstevel@tonic-gate "%s: FORTEZZA initialization failed (error %d - %s)\n", 23747c478bd9Sstevel@tonic-gate ldaptool_progname, errcode, 23757c478bd9Sstevel@tonic-gate ldaptool_fortezza_err2string( errcode )); 23767c478bd9Sstevel@tonic-gate if ( exit_on_error ) { 23777c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 23787c478bd9Sstevel@tonic-gate } 23797c478bd9Sstevel@tonic-gate 23807c478bd9Sstevel@tonic-gate SSL_EnableGroup( SSL_GroupFortezza, DSFalse ); /* disable FORTEZZA */ 23817c478bd9Sstevel@tonic-gate return( -1 ); 23827c478bd9Sstevel@tonic-gate } 23837c478bd9Sstevel@tonic-gate 23847c478bd9Sstevel@tonic-gate SSL_EnableGroup( SSL_GroupFortezza, DSTrue ); /* enable FORTEZZA */ 23857c478bd9Sstevel@tonic-gate return( 0 ); 23867c478bd9Sstevel@tonic-gate } 23877c478bd9Sstevel@tonic-gate 23887c478bd9Sstevel@tonic-gate 23897c478bd9Sstevel@tonic-gate static int 23907c478bd9Sstevel@tonic-gate ldaptool_fortezza_alert( void *arg, PRBool onOpen, char *string, 23917c478bd9Sstevel@tonic-gate int value1, void *value2 ) 23927c478bd9Sstevel@tonic-gate { 23937c478bd9Sstevel@tonic-gate fprintf( stderr, "%s: FORTEZZA alert: ", ldaptool_progname ); 23947c478bd9Sstevel@tonic-gate fprintf( stderr, string, value1, value2 ); 23957c478bd9Sstevel@tonic-gate fprintf( stderr, "\n" ); 23967c478bd9Sstevel@tonic-gate return( 1 ); 23977c478bd9Sstevel@tonic-gate } 23987c478bd9Sstevel@tonic-gate 23997c478bd9Sstevel@tonic-gate 24007c478bd9Sstevel@tonic-gate static void * 24017c478bd9Sstevel@tonic-gate ldaptool_fortezza_getpin( char **passwordp ) 24027c478bd9Sstevel@tonic-gate { 24037c478bd9Sstevel@tonic-gate *passwordp = fortezza_pin; 24047c478bd9Sstevel@tonic-gate return( *passwordp ); 24057c478bd9Sstevel@tonic-gate } 24067c478bd9Sstevel@tonic-gate 24077c478bd9Sstevel@tonic-gate 24087c478bd9Sstevel@tonic-gate /* 24097c478bd9Sstevel@tonic-gate * convert a Fortezza error code (as returned by FortezzaConfigureServer() 24107c478bd9Sstevel@tonic-gate * into a human-readable string. 24117c478bd9Sstevel@tonic-gate * 24127c478bd9Sstevel@tonic-gate * Error strings are intentionally similar to those found in 24137c478bd9Sstevel@tonic-gate * ns/netsite/lib/libadmin/httpcon.c 24147c478bd9Sstevel@tonic-gate */ 24157c478bd9Sstevel@tonic-gate static char * 24167c478bd9Sstevel@tonic-gate ldaptool_fortezza_err2string( int err ) 24177c478bd9Sstevel@tonic-gate { 24187c478bd9Sstevel@tonic-gate char *s; 24197c478bd9Sstevel@tonic-gate 24207c478bd9Sstevel@tonic-gate switch( err ) { 24217c478bd9Sstevel@tonic-gate case FORTEZZA_BADPASSWD: 24227c478bd9Sstevel@tonic-gate s = "invalid pin number"; 24237c478bd9Sstevel@tonic-gate break; 24247c478bd9Sstevel@tonic-gate case FORTEZZA_BADCARD: 24257c478bd9Sstevel@tonic-gate s = "bad or missing card"; 24267c478bd9Sstevel@tonic-gate break; 24277c478bd9Sstevel@tonic-gate case FORTEZZA_MISSING_KRL: 24287c478bd9Sstevel@tonic-gate s = "bad or missing compromised key list"; 24297c478bd9Sstevel@tonic-gate break; 24307c478bd9Sstevel@tonic-gate case FORTEZZA_CERT_INIT_ERROR: 24317c478bd9Sstevel@tonic-gate s = "unable to initialize certificate cache. either a cert on " 24327c478bd9Sstevel@tonic-gate "the card is bad, or an old FORTEZZA certificate is in a" 24337c478bd9Sstevel@tonic-gate "readonly database"; 24347c478bd9Sstevel@tonic-gate break; 24357c478bd9Sstevel@tonic-gate case FORTEZZA_EXPIRED_CERT: 24367c478bd9Sstevel@tonic-gate s = "unable to verify certificate"; 24377c478bd9Sstevel@tonic-gate break; 24387c478bd9Sstevel@tonic-gate default: 24397c478bd9Sstevel@tonic-gate s = "unknown error"; 24407c478bd9Sstevel@tonic-gate } 24417c478bd9Sstevel@tonic-gate 24427c478bd9Sstevel@tonic-gate return( s ); 24437c478bd9Sstevel@tonic-gate } 24447c478bd9Sstevel@tonic-gate 24457c478bd9Sstevel@tonic-gate #endif /* FORTEZZA */ 24467c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 24477c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 24487c478bd9Sstevel@tonic-gate 24497c478bd9Sstevel@tonic-gate int 24507c478bd9Sstevel@tonic-gate ldaptool_boolean_str2value ( const char *ptr, int strict ) 24517c478bd9Sstevel@tonic-gate { 24527c478bd9Sstevel@tonic-gate if (strict) { 24537c478bd9Sstevel@tonic-gate if ( !(strcasecmp(ptr, "true"))) { 24547c478bd9Sstevel@tonic-gate return 1; 24557c478bd9Sstevel@tonic-gate } 24567c478bd9Sstevel@tonic-gate else if ( !(strcasecmp(ptr, "false"))) { 24577c478bd9Sstevel@tonic-gate return 0; 24587c478bd9Sstevel@tonic-gate } 24597c478bd9Sstevel@tonic-gate else { 24607c478bd9Sstevel@tonic-gate return (-1); 24617c478bd9Sstevel@tonic-gate } 24627c478bd9Sstevel@tonic-gate } 24637c478bd9Sstevel@tonic-gate else { 24647c478bd9Sstevel@tonic-gate if ( !(strcasecmp(ptr, "true")) || 24657c478bd9Sstevel@tonic-gate !(strcasecmp(ptr, "t")) || 24667c478bd9Sstevel@tonic-gate !(strcmp(ptr, "1")) ) { 24677c478bd9Sstevel@tonic-gate return (1); 24687c478bd9Sstevel@tonic-gate } 24697c478bd9Sstevel@tonic-gate else if ( !(strcasecmp(ptr, "false")) || 24707c478bd9Sstevel@tonic-gate !(strcasecmp(ptr, "f")) || 24717c478bd9Sstevel@tonic-gate !(strcmp(ptr, "0")) ) { 24727c478bd9Sstevel@tonic-gate return (0); 24737c478bd9Sstevel@tonic-gate } 24747c478bd9Sstevel@tonic-gate else { 24757c478bd9Sstevel@tonic-gate return (-1); 24767c478bd9Sstevel@tonic-gate } 24777c478bd9Sstevel@tonic-gate } 24787c478bd9Sstevel@tonic-gate } 24797c478bd9Sstevel@tonic-gate 24807c478bd9Sstevel@tonic-gate FILE * 24817c478bd9Sstevel@tonic-gate ldaptool_open_file(const char *filename, const char *mode) 24827c478bd9Sstevel@tonic-gate { 24837c478bd9Sstevel@tonic-gate #ifdef _LARGEFILE64_SOURCE 24847c478bd9Sstevel@tonic-gate return fopen64(filename, mode); 24857c478bd9Sstevel@tonic-gate #else 24867c478bd9Sstevel@tonic-gate return fopen(filename, mode); 24877c478bd9Sstevel@tonic-gate #endif 24887c478bd9Sstevel@tonic-gate } 24897c478bd9Sstevel@tonic-gate 24907c478bd9Sstevel@tonic-gate #ifdef later 24917c478bd9Sstevel@tonic-gate /* Functions for list in ldapdelete.c */ 24927c478bd9Sstevel@tonic-gate 24937c478bd9Sstevel@tonic-gate void L_Init(Head *list) 24947c478bd9Sstevel@tonic-gate { 24957c478bd9Sstevel@tonic-gate if(list) 24967c478bd9Sstevel@tonic-gate { 24977c478bd9Sstevel@tonic-gate list->first = NULL; 24987c478bd9Sstevel@tonic-gate list->last = NULL; 24997c478bd9Sstevel@tonic-gate list->count = 0; 25007c478bd9Sstevel@tonic-gate } 25017c478bd9Sstevel@tonic-gate } 25027c478bd9Sstevel@tonic-gate 25037c478bd9Sstevel@tonic-gate void L_Insert(Element *Node, Head *HeadNode) 25047c478bd9Sstevel@tonic-gate { 25057c478bd9Sstevel@tonic-gate if (!Node || !HeadNode) 25067c478bd9Sstevel@tonic-gate return; 25077c478bd9Sstevel@tonic-gate 25087c478bd9Sstevel@tonic-gate Node->right = NULL; 25097c478bd9Sstevel@tonic-gate 25107c478bd9Sstevel@tonic-gate if (HeadNode->first == NULL) 25117c478bd9Sstevel@tonic-gate { 25127c478bd9Sstevel@tonic-gate Node->left= NULL; 25137c478bd9Sstevel@tonic-gate HeadNode->last = HeadNode->first = Node; 25147c478bd9Sstevel@tonic-gate } 25157c478bd9Sstevel@tonic-gate else 25167c478bd9Sstevel@tonic-gate { 25177c478bd9Sstevel@tonic-gate Node->left = HeadNode->last; 25187c478bd9Sstevel@tonic-gate HeadNode->last = Node->left->right = Node; 25197c478bd9Sstevel@tonic-gate } 25207c478bd9Sstevel@tonic-gate HeadNode->count++; 25217c478bd9Sstevel@tonic-gate } 25227c478bd9Sstevel@tonic-gate 25237c478bd9Sstevel@tonic-gate void L_Remove(Element *Node, Head *HeadNode) 25247c478bd9Sstevel@tonic-gate { 25257c478bd9Sstevel@tonic-gate Element *traverse = NULL; 25267c478bd9Sstevel@tonic-gate Element *prevnode = NULL; 25277c478bd9Sstevel@tonic-gate 25287c478bd9Sstevel@tonic-gate if(!Node || !HeadNode) 25297c478bd9Sstevel@tonic-gate return; 25307c478bd9Sstevel@tonic-gate 25317c478bd9Sstevel@tonic-gate for(traverse = HeadNode->first; traverse; traverse = traverse->right) 25327c478bd9Sstevel@tonic-gate { 25337c478bd9Sstevel@tonic-gate if(traverse == Node) 25347c478bd9Sstevel@tonic-gate { 25357c478bd9Sstevel@tonic-gate if(HeadNode->first == traverse) 25367c478bd9Sstevel@tonic-gate { 25377c478bd9Sstevel@tonic-gate HeadNode->first = traverse->right; 25387c478bd9Sstevel@tonic-gate } 25397c478bd9Sstevel@tonic-gate if(HeadNode->last == traverse) 25407c478bd9Sstevel@tonic-gate { 25417c478bd9Sstevel@tonic-gate HeadNode->last = prevnode; 25427c478bd9Sstevel@tonic-gate } 25437c478bd9Sstevel@tonic-gate traverse = traverse->right; 25447c478bd9Sstevel@tonic-gate if(prevnode != NULL) 25457c478bd9Sstevel@tonic-gate { 25467c478bd9Sstevel@tonic-gate prevnode->right = traverse; 25477c478bd9Sstevel@tonic-gate } 25487c478bd9Sstevel@tonic-gate if(traverse != NULL) 25497c478bd9Sstevel@tonic-gate { 25507c478bd9Sstevel@tonic-gate traverse->left = prevnode; 25517c478bd9Sstevel@tonic-gate } 25527c478bd9Sstevel@tonic-gate HeadNode->count--; 25537c478bd9Sstevel@tonic-gate return; 25547c478bd9Sstevel@tonic-gate } 25557c478bd9Sstevel@tonic-gate else /* traverse != node */ 25567c478bd9Sstevel@tonic-gate { 25577c478bd9Sstevel@tonic-gate prevnode = traverse; 25587c478bd9Sstevel@tonic-gate } 25597c478bd9Sstevel@tonic-gate } 25607c478bd9Sstevel@tonic-gate } 25617c478bd9Sstevel@tonic-gate #endif 25627c478bd9Sstevel@tonic-gate 25637c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 25647c478bd9Sstevel@tonic-gate /* 25657c478bd9Sstevel@tonic-gate * Function checks for valid args, returns an error if not found 25667c478bd9Sstevel@tonic-gate * and sets SASL params from command line 25677c478bd9Sstevel@tonic-gate */ 25687c478bd9Sstevel@tonic-gate 25697c478bd9Sstevel@tonic-gate static int 25707c478bd9Sstevel@tonic-gate saslSetParam(char *saslarg) 25717c478bd9Sstevel@tonic-gate { 25727c478bd9Sstevel@tonic-gate char *attr = NULL; 25737c478bd9Sstevel@tonic-gate 25747c478bd9Sstevel@tonic-gate attr = strchr(saslarg, '='); 25757c478bd9Sstevel@tonic-gate if (attr == NULL) { 25767c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Didn't find \"=\" character in %s\n"), saslarg); 25777c478bd9Sstevel@tonic-gate return (-1); 25787c478bd9Sstevel@tonic-gate } 25797c478bd9Sstevel@tonic-gate *attr = '\0'; 25807c478bd9Sstevel@tonic-gate attr++; 25817c478bd9Sstevel@tonic-gate 25827c478bd9Sstevel@tonic-gate if (!strcasecmp(saslarg, "secProp")) { 25837c478bd9Sstevel@tonic-gate if ( sasl_secprops != NULL ) { 25847c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("secProp previously specified\n")); 25857c478bd9Sstevel@tonic-gate return (-1); 25867c478bd9Sstevel@tonic-gate } 25877c478bd9Sstevel@tonic-gate if (( sasl_secprops = strdup(attr)) == NULL ) { 25887c478bd9Sstevel@tonic-gate perror ("malloc"); 25897c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 25907c478bd9Sstevel@tonic-gate } 25917c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "realm")) { 25927c478bd9Sstevel@tonic-gate if ( sasl_realm != NULL ) { 25937c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Realm previously specified\n")); 25947c478bd9Sstevel@tonic-gate return (-1); 25957c478bd9Sstevel@tonic-gate } 25967c478bd9Sstevel@tonic-gate if (( sasl_realm = strdup(attr)) == NULL ) { 25977c478bd9Sstevel@tonic-gate perror ("malloc"); 25987c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 25997c478bd9Sstevel@tonic-gate } 26007c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "authzid")) { 26017c478bd9Sstevel@tonic-gate if (sasl_username != NULL) { 26027c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Authorization name previously specified\n")); 26037c478bd9Sstevel@tonic-gate return (-1); 26047c478bd9Sstevel@tonic-gate } 26057c478bd9Sstevel@tonic-gate if (( sasl_username = strdup(attr)) == NULL ) { 26067c478bd9Sstevel@tonic-gate perror ("malloc"); 26077c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 26087c478bd9Sstevel@tonic-gate } 26097c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "authid")) { 26107c478bd9Sstevel@tonic-gate if ( sasl_authid != NULL ) { 26117c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Authentication name previously specified\n")); 26127c478bd9Sstevel@tonic-gate return (-1); 26137c478bd9Sstevel@tonic-gate } 26147c478bd9Sstevel@tonic-gate if (( sasl_authid = strdup(attr)) == NULL) { 26157c478bd9Sstevel@tonic-gate perror ("malloc"); 26167c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 26177c478bd9Sstevel@tonic-gate } 26187c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "mech")) { 26197c478bd9Sstevel@tonic-gate if ( sasl_mech != NULL ) { 26207c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Mech previously specified\n")); 26217c478bd9Sstevel@tonic-gate return (-1); 26227c478bd9Sstevel@tonic-gate } 26237c478bd9Sstevel@tonic-gate if (( sasl_mech = strdup(attr)) == NULL) { 26247c478bd9Sstevel@tonic-gate perror ("malloc"); 26257c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 26267c478bd9Sstevel@tonic-gate } 26277c478bd9Sstevel@tonic-gate } else { 26287c478bd9Sstevel@tonic-gate fprintf (stderr, gettext("Invalid attribute name %s\n"), saslarg); 26297c478bd9Sstevel@tonic-gate return (-1); 26307c478bd9Sstevel@tonic-gate } 26317c478bd9Sstevel@tonic-gate return 0; 26327c478bd9Sstevel@tonic-gate } 26337c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 2634