17c478bd9Sstevel@tonic-gate /* 2*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate /* 77c478bd9Sstevel@tonic-gate * The contents of this file are subject to the Netscape Public 87c478bd9Sstevel@tonic-gate * License Version 1.1 (the "License"); you may not use this file 97c478bd9Sstevel@tonic-gate * except in compliance with the License. You may obtain a copy of 107c478bd9Sstevel@tonic-gate * the License at http://www.mozilla.org/NPL/ 117c478bd9Sstevel@tonic-gate * 127c478bd9Sstevel@tonic-gate * Software distributed under the License is distributed on an "AS 137c478bd9Sstevel@tonic-gate * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 147c478bd9Sstevel@tonic-gate * implied. See the License for the specific language governing 157c478bd9Sstevel@tonic-gate * rights and limitations under the License. 167c478bd9Sstevel@tonic-gate * 177c478bd9Sstevel@tonic-gate * The Original Code is Mozilla Communicator client code, released 187c478bd9Sstevel@tonic-gate * March 31, 1998. 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * The Initial Developer of the Original Code is Netscape 217c478bd9Sstevel@tonic-gate * Communications Corporation. Portions created by Netscape are 227c478bd9Sstevel@tonic-gate * Copyright (C) 1998-1999 Netscape Communications Corporation. All 237c478bd9Sstevel@tonic-gate * Rights Reserved. 247c478bd9Sstevel@tonic-gate * 257c478bd9Sstevel@tonic-gate * Contributor(s): 267c478bd9Sstevel@tonic-gate */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate /* 297c478bd9Sstevel@tonic-gate * code that is shared by two or more of the LDAP command line tools 307c478bd9Sstevel@tonic-gate */ 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #include "ldaptool.h" 337c478bd9Sstevel@tonic-gate #include "fileurl.h" 347c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 357c478bd9Sstevel@tonic-gate #include "solaris-int.h" 367c478bd9Sstevel@tonic-gate #include <ldap.h> 377c478bd9Sstevel@tonic-gate #include <locale.h> 387c478bd9Sstevel@tonic-gate #include <libgen.h> 397c478bd9Sstevel@tonic-gate #include <sys/types.h> 407c478bd9Sstevel@tonic-gate #include <sys/stat.h> 417c478bd9Sstevel@tonic-gate #include <limits.h> 427c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_ARGPIN 457c478bd9Sstevel@tonic-gate #include "argpin.h" 467c478bd9Sstevel@tonic-gate #include "ntuserpin.h" 477c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_ARGPIN */ 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 507c478bd9Sstevel@tonic-gate #include <nspr.h> /* for PR_Cleanup() */ 517c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 527c478bd9Sstevel@tonic-gate #include <stdlib.h> 537c478bd9Sstevel@tonic-gate #include <time.h> /* for time() and ctime() */ 547c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 557c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 567c478bd9Sstevel@tonic-gate #include <sasl/sasl.h> 577c478bd9Sstevel@tonic-gate #else 587c478bd9Sstevel@tonic-gate #include <sasl.h> 597c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 607c478bd9Sstevel@tonic-gate #include "ldaptool-sasl.h" 617c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 647c478bd9Sstevel@tonic-gate #define gettext(s) s 657c478bd9Sstevel@tonic-gate #endif 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 687c478bd9Sstevel@tonic-gate #define PATH_BUF_SIZE (PATH_MAX + 1) 697c478bd9Sstevel@tonic-gate #endif 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate static LDAP_REBINDPROC_CALLBACK get_rebind_credentials; 727c478bd9Sstevel@tonic-gate static void print_library_info( const LDAPAPIInfo *aip, FILE *fp ); 737c478bd9Sstevel@tonic-gate static int wait4result( LDAP *ld, int msgid, struct berval **servercredp, 747c478bd9Sstevel@tonic-gate char *msg ); 757c478bd9Sstevel@tonic-gate static int parse_result( LDAP *ld, LDAPMessage *res, 767c478bd9Sstevel@tonic-gate struct berval **servercredp, char *msg, int freeit ); 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate #ifdef LDAPTOOL_DEBUG_MEMORY 797c478bd9Sstevel@tonic-gate static void *ldaptool_debug_malloc( size_t size ); 807c478bd9Sstevel@tonic-gate static void *ldaptool_debug_calloc( size_t nelem, size_t elsize ); 817c478bd9Sstevel@tonic-gate static void *ldaptool_debug_realloc( void *ptr, size_t size ); 827c478bd9Sstevel@tonic-gate static void ldaptool_debug_free( void *ptr ); 837c478bd9Sstevel@tonic-gate #endif /* LDAPTOOL_DEBUG_MEMORY */ 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 867c478bd9Sstevel@tonic-gate static char *certpath2keypath( char *certdbpath ); 877c478bd9Sstevel@tonic-gate static int ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns); 887c478bd9Sstevel@tonic-gate static char * buildTokenCertName( const char *tokenName, const char *certName); 897c478bd9Sstevel@tonic-gate #ifdef FORTEZZA 907c478bd9Sstevel@tonic-gate static int ldaptool_fortezza_init( int exit_on_error ); 917c478bd9Sstevel@tonic-gate static int ldaptool_fortezza_alert( void *arg, PRBool onOpen, 927c478bd9Sstevel@tonic-gate char *string, int value1, void *value2 ); 937c478bd9Sstevel@tonic-gate static void * ldaptool_fortezza_getpin( char **passwordp ); 947c478bd9Sstevel@tonic-gate static char * ldaptool_fortezza_err2string( int err ); 957c478bd9Sstevel@tonic-gate #endif /* FORTEZZA */ 967c478bd9Sstevel@tonic-gate #endif 977c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 987c478bd9Sstevel@tonic-gate static int saslSetParam(char *saslarg); 997c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate /* 1027c478bd9Sstevel@tonic-gate * display usage for common options with one exception: -f is not included 1037c478bd9Sstevel@tonic-gate * since the description tends to be tool-specific. 1047c478bd9Sstevel@tonic-gate * 1057c478bd9Sstevel@tonic-gate * As of 1-Jul-1998, of the characters in the set [A-Za-z] the following are 1067c478bd9Sstevel@tonic-gate * not currently used by any of the tools: EJgjqr 1077c478bd9Sstevel@tonic-gate */ 1087c478bd9Sstevel@tonic-gate void 1097c478bd9Sstevel@tonic-gate ldaptool_common_usage( int two_hosts ) 1107c478bd9Sstevel@tonic-gate { 1117c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -n\t\tshow what would be done but don't actually do it\n") ); 1127c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -v\t\trun in verbose mode (diagnostics to standard output)\n") ); 1137c478bd9Sstevel@tonic-gate if ( two_hosts ) { 1147c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -h host\tLDAP server1 name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST ); 1157c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -p port\tLDAP server1 TCP port number (default: %d)\n"), LDAP_PORT ); 1167c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -h host\tLDAP server2 name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST ); 1177c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -p port\tLDAP server2 TCP port number (default: %d)\n"), LDAP_PORT ); 1187c478bd9Sstevel@tonic-gate } else { 1197c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -h host\tLDAP server name or IP address (default: %s)\n"), LDAPTOOL_DEFHOST ); 1207c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -p port\tLDAP server TCP port number (default: %d)\n"), LDAP_PORT ); 1217c478bd9Sstevel@tonic-gate } 1227c478bd9Sstevel@tonic-gate fprintf( stderr, 1237c478bd9Sstevel@tonic-gate gettext(" -V n\tLDAP protocol version number (%d or %d; default: %d)\n"), 1247c478bd9Sstevel@tonic-gate LDAP_VERSION2, LDAP_VERSION3, LDAP_VERSION3 ); 1257c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 1267c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -Z\t\tmake an SSL-encrypted connection\n") ); 1277c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -P pathname\tpath to SSL certificate database (default: current directory)\n") ); 1287c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -N\t\tname of certificate to use for SSL client authentication\n") ); 1297c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 1307c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -K pathname\tpath to key database to use for SSL client authentication\n") ); 1317c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" \t\t(default: path to certificate database provided with -P option)\n") ); 1327c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 1337c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 1347c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -m pathname\tpath to security module database\n")); 1357c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 1367c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -W\t\tSSL key password\n") ); 1377c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 1387c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -3\t\tcheck hostnames in SSL certificates\n") ); 139a506a34cSth160488 #endif /* SOLARIS_LDAP_CMD */ 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 1427c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -Q [token][:certificate name]\tPKCS 11\n") ); 1437c478bd9Sstevel@tonic-gate /* fprintf( stderr, " -X pathname\tFORTEZZA compromised key list (CKL)\n" ); */ 1447c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -I pin\tcard password file\n") ); 1457c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 1467c478bd9Sstevel@tonic-gate 1477c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 1487c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -D binddn\tbind dn\n") ); 1497c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -w passwd\tbind passwd (for simple authentication)\n") ); 1507c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -w - \tprompt for bind passwd (for simple authentication)\n") ); 1517c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -j file\tread bind passwd (for simple authentication)\n") ); 1527c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" \t\tor SSL key password from 'file'\n") ); 1537c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -E\t\task server to expose (report) bind identity\n") ); 1547c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 1557c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -d level\tset LDAP debugging level to `level'\n") ); 1567c478bd9Sstevel@tonic-gate #endif 1577c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -R\t\tdo not automatically follow referrals\n") ); 1587c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -O limit\tmaximum number of referral hops to traverse (default: %d)\n"), LDAPTOOL_DEFREFHOPLIMIT ); 1597c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -M\t\tmanage references (treat them as regular entries)\n") ); 1607c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 1617c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -0\t\tignore LDAP library version mismatches\n") ); 1627c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 1637c478bd9Sstevel@tonic-gate 1647c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 1657c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -C cfgfile\tuse local database described by cfgfile\n") ); 1667c478bd9Sstevel@tonic-gate #endif 1677c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -i charset\tcharacter set for command line input (default taken from locale)\n") ); 1687c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -k dir\tconversion routine directory (default: current directory)\n") ); 1697c478bd9Sstevel@tonic-gate #if 0 1707c478bd9Sstevel@tonic-gate /* 1717c478bd9Sstevel@tonic-gate * Suppress usage for -y (old proxied authorization control) even though 1727c478bd9Sstevel@tonic-gate * we still support it. We want to encourage people to use -Y instead (the 1737c478bd9Sstevel@tonic-gate * new proxied authorization control). 1747c478bd9Sstevel@tonic-gate */ 1757c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -y proxydn\tDN used for proxy authorization\n") ); 1767c478bd9Sstevel@tonic-gate #endif 1777c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -Y proxyid\tproxied authorization id,\n") ); 1787c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" \te.g, dn:uid=bjensen,dc=example,dc=com\n") ); 1797c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -H\t\tdisplay usage information\n") ); 1807c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 1817c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -?\t\tdisplay usage information\n") ); 1827c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 1837c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -J controloid[:criticality[:value|::b64value|:<fileurl]]\n") ); 1847c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("\t\tcriticality is a boolean value (default is false)\n") ); 1857c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 1867c478bd9Sstevel@tonic-gate fprintf( stderr, gettext(" -o attrName=attrVal\tSASL options which are described in the man page\n")); 1877c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 1887c478bd9Sstevel@tonic-gate } 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate /* globals */ 1917c478bd9Sstevel@tonic-gate char *ldaptool_charset = ""; 1927c478bd9Sstevel@tonic-gate char *ldaptool_host = LDAPTOOL_DEFHOST; 1937c478bd9Sstevel@tonic-gate char *ldaptool_host2 = LDAPTOOL_DEFHOST; 1947c478bd9Sstevel@tonic-gate int ldaptool_port = LDAP_PORT; 1957c478bd9Sstevel@tonic-gate int ldaptool_port2 = LDAP_PORT; 1967c478bd9Sstevel@tonic-gate int ldaptool_verbose = 0; 1977c478bd9Sstevel@tonic-gate int ldaptool_not = 0; 1987c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 1997c478bd9Sstevel@tonic-gate int ldaptool_require_binddn = 1; 2007c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 2017c478bd9Sstevel@tonic-gate FILE *ldaptool_fp = NULL; 2027c478bd9Sstevel@tonic-gate FILE *password_fp = NULL; 2037c478bd9Sstevel@tonic-gate char *ldaptool_progname = ""; 2047c478bd9Sstevel@tonic-gate char *ldaptool_nls_lang = NULL; 2057c478bd9Sstevel@tonic-gate char *proxyauth_id = NULL; 2067c478bd9Sstevel@tonic-gate int proxyauth_version = 2; /* use newer proxy control */ 2077c478bd9Sstevel@tonic-gate LDAPControl *ldaptool_request_ctrls[CONTROL_REQUESTS] = {0}; 2087c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 2097c478bd9Sstevel@tonic-gate int ldaptool_dbg_lvl = 0; 2107c478bd9Sstevel@tonic-gate #endif /* LDAP_DEBUG */ 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate /* statics */ 2137c478bd9Sstevel@tonic-gate static char *binddn = NULL; 2147c478bd9Sstevel@tonic-gate static char *passwd = NULL; 2157c478bd9Sstevel@tonic-gate static int send_auth_response_ctrl = 0; 2167c478bd9Sstevel@tonic-gate static int user_specified_port = 0; 2177c478bd9Sstevel@tonic-gate static int user_specified_port2 = 0; 2187c478bd9Sstevel@tonic-gate static int chase_referrals = 1; 2197c478bd9Sstevel@tonic-gate static int lib_version_mismatch_is_fatal = 1; 2207c478bd9Sstevel@tonic-gate static int ldversion = -1; /* use default */ 2217c478bd9Sstevel@tonic-gate static int refhoplim = LDAPTOOL_DEFREFHOPLIMIT; 2227c478bd9Sstevel@tonic-gate static int send_manage_dsait_ctrl = 0; 2237c478bd9Sstevel@tonic-gate static int prompt_password = 0; 2247c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 2257c478bd9Sstevel@tonic-gate static unsigned sasl_flags = LDAP_SASL_INTERACTIVE; 2267c478bd9Sstevel@tonic-gate static char *sasl_mech = NULL; 2277c478bd9Sstevel@tonic-gate static char *sasl_authid = NULL; 2287c478bd9Sstevel@tonic-gate static char *sasl_mode = NULL; 2297c478bd9Sstevel@tonic-gate static char *sasl_realm = NULL; 2307c478bd9Sstevel@tonic-gate static char *sasl_username = NULL; 2317c478bd9Sstevel@tonic-gate static char *sasl_secprops = NULL; 2327c478bd9Sstevel@tonic-gate static int ldapauth = -1; 2337c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 2367c478bd9Sstevel@tonic-gate static char *cache_config_file = NULL; 2377c478bd9Sstevel@tonic-gate #endif /* !NO_LIBLCACHE */ 2387c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 2397c478bd9Sstevel@tonic-gate static int secure = 0; 2407c478bd9Sstevel@tonic-gate static int isZ = 0; 2417c478bd9Sstevel@tonic-gate static int isN = 0; 2427c478bd9Sstevel@tonic-gate static int isW = 0; 2437c478bd9Sstevel@tonic-gate static int isw = 0; 2447c478bd9Sstevel@tonic-gate static int isD = 0; 2457c478bd9Sstevel@tonic-gate static int isj = 0; 2467c478bd9Sstevel@tonic-gate static int ssl_strength = LDAPTOOL_DEFSSLSTRENGTH; 2477c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 2487c478bd9Sstevel@tonic-gate static char pathname[PATH_BUF_SIZE]; 2497c478bd9Sstevel@tonic-gate #endif 2507c478bd9Sstevel@tonic-gate static char *ssl_certdbpath = NULL; 2517c478bd9Sstevel@tonic-gate static char *ssl_keydbpath = NULL; 2527c478bd9Sstevel@tonic-gate static char *ssl_keyname = NULL; 2537c478bd9Sstevel@tonic-gate static char *ssl_certname = NULL; 2547c478bd9Sstevel@tonic-gate static char *ssl_passwd = NULL; 2557c478bd9Sstevel@tonic-gate 2567c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 2577c478bd9Sstevel@tonic-gate static char *ssl_secmodpath = NULL; 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate static char *pkcs_token = NULL; 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate static char *ssl_donglefile = NULL; 2627c478bd9Sstevel@tonic-gate 2637c478bd9Sstevel@tonic-gate #if 0 2647c478bd9Sstevel@tonic-gate static char *pkcs_pin = NULL; 2657c478bd9Sstevel@tonic-gate #endif 2667c478bd9Sstevel@tonic-gate static struct ldapssl_pkcs_fns local_pkcs_fns = 2677c478bd9Sstevel@tonic-gate {0,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL }; 2687c478bd9Sstevel@tonic-gate 2697c478bd9Sstevel@tonic-gate #ifdef FORTEZZA 2707c478bd9Sstevel@tonic-gate static uint32 fortezza_cardmask = 0; 2717c478bd9Sstevel@tonic-gate static char *fortezza_personality = NULL; 2727c478bd9Sstevel@tonic-gate static char *fortezza_krlfile = NULL; 2737c478bd9Sstevel@tonic-gate static char *fortezza_pin = NULL; 2747c478bd9Sstevel@tonic-gate #endif /* FORTEZZA */ 2757c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 2767c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate /* 2797c478bd9Sstevel@tonic-gate * Handle general initialization and options that are common to all of 2807c478bd9Sstevel@tonic-gate * the LDAP tools. 2817c478bd9Sstevel@tonic-gate * Handle options that are common to all of the LDAP tools. 2827c478bd9Sstevel@tonic-gate * Note the the H option is included here but handled via the 2837c478bd9Sstevel@tonic-gate * extra_opt_callback function (along with any "extra_opts" ). 2847c478bd9Sstevel@tonic-gate * 2857c478bd9Sstevel@tonic-gate * Return: final value for optind or -1 if usage should be displayed (for 2867c478bd9Sstevel@tonic-gate * some fatal errors, we call exit here). 2877c478bd9Sstevel@tonic-gate */ 2887c478bd9Sstevel@tonic-gate int 2897c478bd9Sstevel@tonic-gate ldaptool_process_args( int argc, char **argv, char *extra_opts, 2907c478bd9Sstevel@tonic-gate int two_hosts, void (*extra_opt_callback)( int option, char *optarg )) 2917c478bd9Sstevel@tonic-gate { 2927c478bd9Sstevel@tonic-gate int rc, i, hostnum; 2937c478bd9Sstevel@tonic-gate char *optstring, *common_opts; 2947c478bd9Sstevel@tonic-gate extern char *optarg; 2957c478bd9Sstevel@tonic-gate extern int optind; 2967c478bd9Sstevel@tonic-gate LDAPAPIInfo ldai; 2977c478bd9Sstevel@tonic-gate char *ctrl_arg, *ctrl_oid=NULL, *ctrl_value=NULL; 2987c478bd9Sstevel@tonic-gate int ctrl_criticality=0, vlen; 2997c478bd9Sstevel@tonic-gate LDAPControl *ldctrl; 3007c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 3017c478bd9Sstevel@tonic-gate struct stat st; 3027c478bd9Sstevel@tonic-gate #endif 3037c478bd9Sstevel@tonic-gate 3047c478bd9Sstevel@tonic-gate 3057c478bd9Sstevel@tonic-gate /* 3067c478bd9Sstevel@tonic-gate * Set program name global based on argv[0]. 3077c478bd9Sstevel@tonic-gate */ 3087c478bd9Sstevel@tonic-gate if (( ldaptool_progname = strrchr( argv[ 0 ], '/' )) == NULL ) { 3097c478bd9Sstevel@tonic-gate ldaptool_progname = argv[ 0 ]; 3107c478bd9Sstevel@tonic-gate } else { 3117c478bd9Sstevel@tonic-gate ++ldaptool_progname; 3127c478bd9Sstevel@tonic-gate } 3137c478bd9Sstevel@tonic-gate 3147c478bd9Sstevel@tonic-gate #ifdef LDAPTOOL_DEBUG_MEMORY 3157c478bd9Sstevel@tonic-gate { 3167c478bd9Sstevel@tonic-gate struct ldap_memalloc_fns mafns = { 3177c478bd9Sstevel@tonic-gate ldaptool_debug_malloc, 3187c478bd9Sstevel@tonic-gate ldaptool_debug_calloc, 3197c478bd9Sstevel@tonic-gate ldaptool_debug_realloc, 3207c478bd9Sstevel@tonic-gate ldaptool_debug_free 3217c478bd9Sstevel@tonic-gate }; 3227c478bd9Sstevel@tonic-gate 3237c478bd9Sstevel@tonic-gate ldap_set_option( NULL, LDAP_OPT_MEMALLOC_FN_PTRS, &mafns ); 3247c478bd9Sstevel@tonic-gate } 3257c478bd9Sstevel@tonic-gate #endif /* LDAPTOOL_DEBUG_MEMORY */ 3267c478bd9Sstevel@tonic-gate 3277c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 3287c478bd9Sstevel@tonic-gate i = LDAP_DEBUG_ANY; 3297c478bd9Sstevel@tonic-gate ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, (void *) &i); 3307c478bd9Sstevel@tonic-gate #endif 3317c478bd9Sstevel@tonic-gate 3327c478bd9Sstevel@tonic-gate /* 3337c478bd9Sstevel@tonic-gate * Perform a sanity check on the revision of the LDAP API library to 3347c478bd9Sstevel@tonic-gate * make sure it is at least as new as the one we were compiled against. 3357c478bd9Sstevel@tonic-gate * If the API implementation is from the same vendor as we were compiled 3367c478bd9Sstevel@tonic-gate * against, we also check to make sure the vendor version is at least 3377c478bd9Sstevel@tonic-gate * as new as the library we were compiled against. 3387c478bd9Sstevel@tonic-gate * 3397c478bd9Sstevel@tonic-gate * Version differences are fatal unless the -0 option is passed on the 3407c478bd9Sstevel@tonic-gate * tool command line (that's a zero, not an oh). We check for the 3417c478bd9Sstevel@tonic-gate * presence of -0 in a crude way to it must appear by itself in argv. 3427c478bd9Sstevel@tonic-gate */ 3437c478bd9Sstevel@tonic-gate for ( i = 1; i < argc; ++i ) { 3447c478bd9Sstevel@tonic-gate if ( strcmp( argv[i], "-0" ) == 0 ) { 3457c478bd9Sstevel@tonic-gate lib_version_mismatch_is_fatal = 0; 3467c478bd9Sstevel@tonic-gate break; 3477c478bd9Sstevel@tonic-gate } 3487c478bd9Sstevel@tonic-gate } 3497c478bd9Sstevel@tonic-gate 3507c478bd9Sstevel@tonic-gate memset( &ldai, 0, sizeof(ldai)); 3517c478bd9Sstevel@tonic-gate ldai.ldapai_info_version = LDAP_API_INFO_VERSION; 3527c478bd9Sstevel@tonic-gate if (( rc = ldap_get_option( NULL, LDAP_OPT_API_INFO, &ldai )) != 0 ) { 3537c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: unable to retrieve LDAP library version" 3547c478bd9Sstevel@tonic-gate " information;\n\tthis program requires an LDAP library that" 3557c478bd9Sstevel@tonic-gate " implements revision\n\t%d or greater of the LDAP API.\n"), 3567c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_API_VERSION ); 3577c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3587c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3597c478bd9Sstevel@tonic-gate } 3607c478bd9Sstevel@tonic-gate } else if ( ldai.ldapai_api_version < LDAP_API_VERSION ) { 3617c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: this program requires an LDAP library that" 3627c478bd9Sstevel@tonic-gate " implements revision\n\t%d or greater of the LDAP API;" 3637c478bd9Sstevel@tonic-gate " running with revision %d.\n"), 3647c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_API_VERSION, ldai.ldapai_api_version ); 3657c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3667c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3677c478bd9Sstevel@tonic-gate } 3687c478bd9Sstevel@tonic-gate } else if ( strcmp( ldai.ldapai_vendor_name, LDAP_VENDOR_NAME ) != 0) { 3697c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: this program requires %s's LDAP\n" 3707c478bd9Sstevel@tonic-gate "\tlibrary version %2.2f or greater; running with\n" 3717c478bd9Sstevel@tonic-gate "\t%s's version %2.2f.\n"), 3727c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_VENDOR_NAME, 3737c478bd9Sstevel@tonic-gate (float)LDAP_VENDOR_VERSION / 100, 3747c478bd9Sstevel@tonic-gate ldai.ldapai_vendor_name, 3757c478bd9Sstevel@tonic-gate (float)ldai.ldapai_vendor_version / 100 ); 3767c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3777c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3787c478bd9Sstevel@tonic-gate } 3797c478bd9Sstevel@tonic-gate } else if (ldai.ldapai_vendor_version < LDAP_VENDOR_VERSION ) { 3807c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: this program requires %s's LDAP\n" 3817c478bd9Sstevel@tonic-gate "\tlibrary version %2.2f or greater; running with" 3827c478bd9Sstevel@tonic-gate " version %2.2f.\n"), 3837c478bd9Sstevel@tonic-gate ldaptool_progname, LDAP_VENDOR_NAME, 3847c478bd9Sstevel@tonic-gate (float)LDAP_VENDOR_VERSION / 100, 3857c478bd9Sstevel@tonic-gate (float)ldai.ldapai_vendor_version / 100 ); 3867c478bd9Sstevel@tonic-gate if ( lib_version_mismatch_is_fatal ) { 3877c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 3887c478bd9Sstevel@tonic-gate } 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate /* 3927c478bd9Sstevel@tonic-gate * Process command line options. 3937c478bd9Sstevel@tonic-gate */ 3947c478bd9Sstevel@tonic-gate if ( extra_opts == NULL ) { 3957c478bd9Sstevel@tonic-gate extra_opts = ""; 3967c478bd9Sstevel@tonic-gate } 3977c478bd9Sstevel@tonic-gate 3987c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 3997c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 4007c478bd9Sstevel@tonic-gate common_opts = "nvEMRH?Zd:D:f:h:j:N:O:o:P:p:W:w:V:i:k:y:Y:J:"; 4017c478bd9Sstevel@tonic-gate #else 4027c478bd9Sstevel@tonic-gate common_opts = "nvEMRHZ03d:D:f:h:j:I:K:N:O:o:P:p:Q:W:w:V:X:m:i:k:y:Y:J:"; 4037c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 4047c478bd9Sstevel@tonic-gate #else 4057c478bd9Sstevel@tonic-gate common_opts = "nvEMRHZ03d:D:f:h:j:I:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y:J:"; 4067c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 4077c478bd9Sstevel@tonic-gate 4087c478bd9Sstevel@tonic-gate /* note: optstring must include room for liblcache "C:" option */ 4097c478bd9Sstevel@tonic-gate if (( optstring = (char *) malloc( strlen( extra_opts ) + strlen( common_opts ) 4107c478bd9Sstevel@tonic-gate + 3 )) == NULL ) { 4117c478bd9Sstevel@tonic-gate perror( "malloc" ); 4127c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 4137c478bd9Sstevel@tonic-gate } 4147c478bd9Sstevel@tonic-gate 4157c478bd9Sstevel@tonic-gate #ifdef NO_LIBLCACHE 4167c478bd9Sstevel@tonic-gate sprintf( optstring, "%s%s", common_opts, extra_opts ); 4177c478bd9Sstevel@tonic-gate #else 4187c478bd9Sstevel@tonic-gate sprintf( optstring, "%s%sC:", common_opts, extra_opts ); 4197c478bd9Sstevel@tonic-gate #endif 4207c478bd9Sstevel@tonic-gate 4217c478bd9Sstevel@tonic-gate hostnum = 0; 4227c478bd9Sstevel@tonic-gate while ( (i = getopt( argc, argv, optstring )) != EOF ) { 4237c478bd9Sstevel@tonic-gate switch( i ) { 4247c478bd9Sstevel@tonic-gate case 'n': /* do Not do any LDAP operations */ 4257c478bd9Sstevel@tonic-gate ++ldaptool_not; 4267c478bd9Sstevel@tonic-gate break; 4277c478bd9Sstevel@tonic-gate case 'v': /* verbose mode */ 4287c478bd9Sstevel@tonic-gate ++ldaptool_verbose; 4297c478bd9Sstevel@tonic-gate break; 4307c478bd9Sstevel@tonic-gate case 'd': 4317c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG 4327c478bd9Sstevel@tonic-gate ldaptool_dbg_lvl = atoi( optarg ); /* */ 4337c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 4347c478bd9Sstevel@tonic-gate ldap_set_option(NULL, LBER_OPT_DEBUG_LEVEL, 4357c478bd9Sstevel@tonic-gate (void *)&ldaptool_dbg_lvl); 4367c478bd9Sstevel@tonic-gate #else 4377c478bd9Sstevel@tonic-gate ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, 4387c478bd9Sstevel@tonic-gate (void *)&ldaptool_dbg_lvl); 4397c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 4407c478bd9Sstevel@tonic-gate ldaptool_dbg_lvl |= LDAP_DEBUG_ANY; 4417c478bd9Sstevel@tonic-gate ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, 4427c478bd9Sstevel@tonic-gate (void *)&ldaptool_dbg_lvl); 4437c478bd9Sstevel@tonic-gate #else /* LDAP_DEBUG */ 4447c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("compile with -DLDAP_DEBUG for debugging\n") ); 4457c478bd9Sstevel@tonic-gate #endif /* LDAP_DEBUG */ 4467c478bd9Sstevel@tonic-gate break; 4477c478bd9Sstevel@tonic-gate case 'R': /* don't automatically chase referrals */ 4487c478bd9Sstevel@tonic-gate chase_referrals = 0; 4497c478bd9Sstevel@tonic-gate break; 4507c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 4517c478bd9Sstevel@tonic-gate case 'C': /* search local database */ 4527c478bd9Sstevel@tonic-gate cache_config_file = strdup( optarg ); 4537c478bd9Sstevel@tonic-gate break; 4547c478bd9Sstevel@tonic-gate #endif 4557c478bd9Sstevel@tonic-gate case 'f': /* input file */ 4567c478bd9Sstevel@tonic-gate if ( optarg[0] == '-' && optarg[1] == '\0' ) { 4577c478bd9Sstevel@tonic-gate ldaptool_fp = stdin; 4587c478bd9Sstevel@tonic-gate } else if (( ldaptool_fp = ldaptool_open_file( optarg, "r" )) == NULL ) { 4597c478bd9Sstevel@tonic-gate perror( optarg ); 4607c478bd9Sstevel@tonic-gate exit( LDAP_PARAM_ERROR ); 4617c478bd9Sstevel@tonic-gate } 4627c478bd9Sstevel@tonic-gate break; 4637c478bd9Sstevel@tonic-gate case 'h': /* ldap host */ 4647c478bd9Sstevel@tonic-gate if ( hostnum == 0 ) { 4657c478bd9Sstevel@tonic-gate ldaptool_host = strdup( optarg ); 4667c478bd9Sstevel@tonic-gate } else { 4677c478bd9Sstevel@tonic-gate ldaptool_host2 = strdup( optarg ); 4687c478bd9Sstevel@tonic-gate } 4697c478bd9Sstevel@tonic-gate ++hostnum; 4707c478bd9Sstevel@tonic-gate break; 4717c478bd9Sstevel@tonic-gate case 'D': /* bind DN */ 4727c478bd9Sstevel@tonic-gate isD = 1; 4737c478bd9Sstevel@tonic-gate binddn = strdup( optarg ); 4747c478bd9Sstevel@tonic-gate break; 4757c478bd9Sstevel@tonic-gate case 'E': /* expose bind identity via auth. response control */ 4767c478bd9Sstevel@tonic-gate ++send_auth_response_ctrl; 4777c478bd9Sstevel@tonic-gate break; 4787c478bd9Sstevel@tonic-gate 4797c478bd9Sstevel@tonic-gate case 'p': /* ldap port */ 4807c478bd9Sstevel@tonic-gate if ( !user_specified_port ) { 4817c478bd9Sstevel@tonic-gate ++user_specified_port; 4827c478bd9Sstevel@tonic-gate ldaptool_port = atoi( optarg ); 4837c478bd9Sstevel@tonic-gate } else { 4847c478bd9Sstevel@tonic-gate ++user_specified_port2; 4857c478bd9Sstevel@tonic-gate ldaptool_port2 = atoi( optarg ); 4867c478bd9Sstevel@tonic-gate } 4877c478bd9Sstevel@tonic-gate break; 4887c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 4897c478bd9Sstevel@tonic-gate case 'P': /* path to security database */ 4907c478bd9Sstevel@tonic-gate secure = 1; /* do SSL encryption */ 4917c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 4927c478bd9Sstevel@tonic-gate ssl_certdbpath = strdup(optarg); 4937c478bd9Sstevel@tonic-gate if (NULL == ssl_certdbpath) { 4947c478bd9Sstevel@tonic-gate perror("malloc"); 4957c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 4967c478bd9Sstevel@tonic-gate } 4977c478bd9Sstevel@tonic-gate #else 4987c478bd9Sstevel@tonic-gate /* 4997c478bd9Sstevel@tonic-gate * Verify whether it's a base directory or a cert db file. 5007c478bd9Sstevel@tonic-gate * If it is not a directory, truncate the file name as 5017c478bd9Sstevel@tonic-gate * the revised NSS_Init() doesn't take file name any longer. 5027c478bd9Sstevel@tonic-gate */ 5037c478bd9Sstevel@tonic-gate if (strlcpy(pathname, optarg, PATH_BUF_SIZE) >= PATH_BUF_SIZE) { 5047c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("\"-P\": Path name is too " 5057c478bd9Sstevel@tonic-gate "long\n")); 5067c478bd9Sstevel@tonic-gate exit(LDAP_PARAM_ERROR); 5077c478bd9Sstevel@tonic-gate } 5087c478bd9Sstevel@tonic-gate 5097c478bd9Sstevel@tonic-gate if (stat(pathname, &st) != 0) { 5107c478bd9Sstevel@tonic-gate perror("stat"); 5117c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("\"-P\": Path name is " 5127c478bd9Sstevel@tonic-gate "invalid\n")); 5137c478bd9Sstevel@tonic-gate exit(LDAP_PARAM_ERROR); 5147c478bd9Sstevel@tonic-gate } else { 5157c478bd9Sstevel@tonic-gate if (S_ISREG(st.st_mode)) { 5167c478bd9Sstevel@tonic-gate /* redir to a regular file's dir name */ 5177c478bd9Sstevel@tonic-gate ssl_certdbpath = dirname(pathname); 5187c478bd9Sstevel@tonic-gate } else 5197c478bd9Sstevel@tonic-gate ssl_certdbpath = pathname; 5207c478bd9Sstevel@tonic-gate } 5217c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 5227c478bd9Sstevel@tonic-gate break; 5237c478bd9Sstevel@tonic-gate case 'Z': /* do SSL encryption */ 5247c478bd9Sstevel@tonic-gate secure = 1; 5257c478bd9Sstevel@tonic-gate isZ = 1; 5267c478bd9Sstevel@tonic-gate break; 5277c478bd9Sstevel@tonic-gate case 'N': /* nickname of cert. to use for client auth. */ 5287c478bd9Sstevel@tonic-gate ssl_certname = strdup( optarg ); 5297c478bd9Sstevel@tonic-gate if (NULL == ssl_certname) 5307c478bd9Sstevel@tonic-gate { 5317c478bd9Sstevel@tonic-gate perror("malloc"); 5327c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5337c478bd9Sstevel@tonic-gate } 5347c478bd9Sstevel@tonic-gate isN = 1; 5357c478bd9Sstevel@tonic-gate break; 5367c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 5377c478bd9Sstevel@tonic-gate case 'K': /* location of key database */ 5387c478bd9Sstevel@tonic-gate ssl_keydbpath = strdup( optarg ); 5397c478bd9Sstevel@tonic-gate if (NULL == ssl_keydbpath) 5407c478bd9Sstevel@tonic-gate { 5417c478bd9Sstevel@tonic-gate perror("malloc"); 5427c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5437c478bd9Sstevel@tonic-gate } 5447c478bd9Sstevel@tonic-gate break; 5457c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 5467c478bd9Sstevel@tonic-gate 5477c478bd9Sstevel@tonic-gate case 'W': /* SSL key password */ 5487c478bd9Sstevel@tonic-gate ssl_passwd = strdup( optarg ); 5497c478bd9Sstevel@tonic-gate if (NULL == ssl_passwd) 5507c478bd9Sstevel@tonic-gate { 5517c478bd9Sstevel@tonic-gate perror("malloc"); 5527c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5537c478bd9Sstevel@tonic-gate } 5547c478bd9Sstevel@tonic-gate isW = 1; 5557c478bd9Sstevel@tonic-gate break; 5567c478bd9Sstevel@tonic-gate 5577c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 5587c478bd9Sstevel@tonic-gate case '3': /* check hostnames in SSL certificates ("no third") */ 5597c478bd9Sstevel@tonic-gate ssl_strength = LDAPSSL_AUTH_CNCHECK; 5607c478bd9Sstevel@tonic-gate break; 5617c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 5627c478bd9Sstevel@tonic-gate 5637c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 5647c478bd9Sstevel@tonic-gate case 'm': /* SSL secmod path */ 5657c478bd9Sstevel@tonic-gate ssl_secmodpath = strdup( optarg); 5667c478bd9Sstevel@tonic-gate if (NULL == ssl_secmodpath) 5677c478bd9Sstevel@tonic-gate { 5687c478bd9Sstevel@tonic-gate perror("malloc"); 5697c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5707c478bd9Sstevel@tonic-gate } 5717c478bd9Sstevel@tonic-gate break; 5727c478bd9Sstevel@tonic-gate 5737c478bd9Sstevel@tonic-gate case 'Q': /* FORTEZZA [card][:personality] */ 5747c478bd9Sstevel@tonic-gate pkcs_token = strdup(optarg); 5757c478bd9Sstevel@tonic-gate if (NULL == pkcs_token) 5767c478bd9Sstevel@tonic-gate { 5777c478bd9Sstevel@tonic-gate perror("malloc"); 5787c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 5797c478bd9Sstevel@tonic-gate } 5807c478bd9Sstevel@tonic-gate 5817c478bd9Sstevel@tonic-gate break; 5827c478bd9Sstevel@tonic-gate /* This option removed to prevent interference 5837c478bd9Sstevel@tonic-gate with the getEffectiveRights option, also -X 5847c478bd9Sstevel@tonic-gate case 'X': * path to FORTEZZA CKL file * 5857c478bd9Sstevel@tonic-gate 5867c478bd9Sstevel@tonic-gate fortezza_krlfile = strdup( optarg ); 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate 5897c478bd9Sstevel@tonic-gate break; 5907c478bd9Sstevel@tonic-gate */ 5917c478bd9Sstevel@tonic-gate case 'I': /* FORTEZZA PIN (password file) */ 5927c478bd9Sstevel@tonic-gate ssl_donglefile = strdup( optarg ); 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate break; 5957c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 5967c478bd9Sstevel@tonic-gate 5977c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 5987c478bd9Sstevel@tonic-gate case 'w': /* bind password */ 5997c478bd9Sstevel@tonic-gate isw = 1; 6007c478bd9Sstevel@tonic-gate if ( optarg[0] == '-' && optarg[1] == '\0' ) 6017c478bd9Sstevel@tonic-gate prompt_password = 1; 6027c478bd9Sstevel@tonic-gate else 6037c478bd9Sstevel@tonic-gate passwd = strdup( optarg ); 6047c478bd9Sstevel@tonic-gate break; 6057c478bd9Sstevel@tonic-gate case 'j': /* bind password or SSL key password from file */ 6067c478bd9Sstevel@tonic-gate isj = 1; 6077c478bd9Sstevel@tonic-gate if ((password_fp = fopen( optarg, "r" )) == NULL ) { 6087c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: Unable to open '%s' file\n"), 6097c478bd9Sstevel@tonic-gate ldaptool_progname, optarg); 6107c478bd9Sstevel@tonic-gate exit( LDAP_PARAM_ERROR ); 6117c478bd9Sstevel@tonic-gate } 6127c478bd9Sstevel@tonic-gate break; 6137c478bd9Sstevel@tonic-gate case 'O': /* referral hop limit */ 6147c478bd9Sstevel@tonic-gate refhoplim = atoi( optarg ); 6157c478bd9Sstevel@tonic-gate break; 6167c478bd9Sstevel@tonic-gate case 'V': /* protocol version */ 6177c478bd9Sstevel@tonic-gate ldversion = atoi (optarg); 6187c478bd9Sstevel@tonic-gate if ( ldversion != LDAP_VERSION2 && ldversion != LDAP_VERSION3 ) { 6197c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: LDAP protocol version %d is not " 6207c478bd9Sstevel@tonic-gate "supported (use -V%d or -V%d)\n"), 6217c478bd9Sstevel@tonic-gate ldaptool_progname, ldversion, LDAP_VERSION2, 6227c478bd9Sstevel@tonic-gate LDAP_VERSION3 ); 6237c478bd9Sstevel@tonic-gate exit( LDAP_PARAM_ERROR ); 6247c478bd9Sstevel@tonic-gate } 6257c478bd9Sstevel@tonic-gate break; 6267c478bd9Sstevel@tonic-gate case 'M': /* send a manageDsaIT control */ 6277c478bd9Sstevel@tonic-gate send_manage_dsait_ctrl = 1; 6287c478bd9Sstevel@tonic-gate break; 6297c478bd9Sstevel@tonic-gate 6307c478bd9Sstevel@tonic-gate case 'i': /* character set specified */ 6317c478bd9Sstevel@tonic-gate ldaptool_charset = strdup( optarg ); 6327c478bd9Sstevel@tonic-gate if (NULL == ldaptool_charset) 6337c478bd9Sstevel@tonic-gate { 6347c478bd9Sstevel@tonic-gate perror( "malloc" ); 6357c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 6367c478bd9Sstevel@tonic-gate } 6377c478bd9Sstevel@tonic-gate 6387c478bd9Sstevel@tonic-gate break; 6397c478bd9Sstevel@tonic-gate case 'k': /* conversion directory */ 6407c478bd9Sstevel@tonic-gate ldaptool_convdir = strdup( optarg ); 6417c478bd9Sstevel@tonic-gate if (NULL == ldaptool_convdir) 6427c478bd9Sstevel@tonic-gate { 6437c478bd9Sstevel@tonic-gate perror( "malloc" ); 6447c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 6457c478bd9Sstevel@tonic-gate } 6467c478bd9Sstevel@tonic-gate break; 6477c478bd9Sstevel@tonic-gate case 'y': /* old (version 1) proxied authorization control */ 6487c478bd9Sstevel@tonic-gate proxyauth_version = 1; 6497c478bd9Sstevel@tonic-gate case 'Y': /* new (version 2 ) proxied authorization control */ 6507c478bd9Sstevel@tonic-gate /*FALLTHRU*/ 6517c478bd9Sstevel@tonic-gate proxyauth_id = strdup(optarg); 6527c478bd9Sstevel@tonic-gate if (NULL == proxyauth_id) 6537c478bd9Sstevel@tonic-gate { 6547c478bd9Sstevel@tonic-gate perror( "malloc" ); 6557c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 6567c478bd9Sstevel@tonic-gate } 6577c478bd9Sstevel@tonic-gate 6587c478bd9Sstevel@tonic-gate break; 6597c478bd9Sstevel@tonic-gate 6607c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 6617c478bd9Sstevel@tonic-gate case '0': /* zero -- override LDAP library version check */ 6627c478bd9Sstevel@tonic-gate break; /* already handled above */ 6637c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 6647c478bd9Sstevel@tonic-gate case 'J': /* send an arbitrary control */ 6657c478bd9Sstevel@tonic-gate if ( (ctrl_arg = strdup( optarg)) == NULL ) { 6667c478bd9Sstevel@tonic-gate perror ("strdup"); 6677c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 6687c478bd9Sstevel@tonic-gate } 6697c478bd9Sstevel@tonic-gate if (ldaptool_parse_ctrl_arg(ctrl_arg, ':', &ctrl_oid, 6707c478bd9Sstevel@tonic-gate &ctrl_criticality, &ctrl_value, &vlen)) { 6717c478bd9Sstevel@tonic-gate return (-1); 6727c478bd9Sstevel@tonic-gate } 6737c478bd9Sstevel@tonic-gate ldctrl = calloc(1,sizeof(LDAPControl)); 6747c478bd9Sstevel@tonic-gate if (ctrl_value) { 6757c478bd9Sstevel@tonic-gate rc = ldaptool_berval_from_ldif_value( ctrl_value, 6767c478bd9Sstevel@tonic-gate vlen, &(ldctrl->ldctl_value), 6777c478bd9Sstevel@tonic-gate 1 /* recognize file URLs */, 6787c478bd9Sstevel@tonic-gate 0 /* always try file */, 6797c478bd9Sstevel@tonic-gate 1 /* report errors */ ); 6807c478bd9Sstevel@tonic-gate if ((rc = ldaptool_fileurlerr2ldaperr( rc )) != LDAP_SUCCESS) { 6817c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Unable to parse %s\n"), ctrl_value); 6827c478bd9Sstevel@tonic-gate return (-1); 6837c478bd9Sstevel@tonic-gate } 6847c478bd9Sstevel@tonic-gate } 6857c478bd9Sstevel@tonic-gate ldctrl->ldctl_oid = ctrl_oid; 6867c478bd9Sstevel@tonic-gate ldctrl->ldctl_iscritical = ctrl_criticality; 6877c478bd9Sstevel@tonic-gate ldaptool_add_control_to_array(ldctrl, ldaptool_request_ctrls); 6887c478bd9Sstevel@tonic-gate break; 6897c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 6907c478bd9Sstevel@tonic-gate case 'o': /* attribute assignment */ 6917c478bd9Sstevel@tonic-gate if ((rc = saslSetParam(optarg)) == -1) { 6927c478bd9Sstevel@tonic-gate return (-1); 6937c478bd9Sstevel@tonic-gate } 6947c478bd9Sstevel@tonic-gate ldapauth = LDAP_AUTH_SASL; 6957c478bd9Sstevel@tonic-gate ldversion = LDAP_VERSION3; 6967c478bd9Sstevel@tonic-gate break; 6977c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 6987c478bd9Sstevel@tonic-gate default: 6997c478bd9Sstevel@tonic-gate (*extra_opt_callback)( i, optarg ); 7007c478bd9Sstevel@tonic-gate } 7017c478bd9Sstevel@tonic-gate } 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate 7047c478bd9Sstevel@tonic-gate /* If '-Z' is specified, check if '-P' is specified too. */ 7057c478bd9Sstevel@tonic-gate if ( isN || isW ) { 7067c478bd9Sstevel@tonic-gate if ( !isZ ) { 7077c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: with -N, -W options, please specify -Z\n\n"), ldaptool_progname ); 7087c478bd9Sstevel@tonic-gate return (-1); 7097c478bd9Sstevel@tonic-gate } 7107c478bd9Sstevel@tonic-gate } 7117c478bd9Sstevel@tonic-gate 7127c478bd9Sstevel@tonic-gate /* if '-N' is specified, -W is needed too */ 7137c478bd9Sstevel@tonic-gate if ( isN && NULL == ssl_passwd ) { 7147c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: with the -N option, please specify -W also\n\n"), 7157c478bd9Sstevel@tonic-gate ldaptool_progname ); 7167c478bd9Sstevel@tonic-gate return (-1); 7177c478bd9Sstevel@tonic-gate } 7187c478bd9Sstevel@tonic-gate 7197c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 7207c478bd9Sstevel@tonic-gate if ( isj && ( isw || isW )) { 7217c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: -j and -w or -W options cannot be specified simultaneously\n\n"), ldaptool_progname ); 7227c478bd9Sstevel@tonic-gate #else 7237c478bd9Sstevel@tonic-gate if ( isj && isw ) { 7247c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: -j and -w options cannot be specified simultaneously\n\n"), ldaptool_progname ); 7257c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 7267c478bd9Sstevel@tonic-gate return (-1); 7277c478bd9Sstevel@tonic-gate } 7287c478bd9Sstevel@tonic-gate 7297c478bd9Sstevel@tonic-gate /* complain if -j or -w does not also have -D, unless using SASL */ 7307c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 7317c478bd9Sstevel@tonic-gate if ( (isj || isw) && !isD && ( ldapauth != LDAP_AUTH_SASL ) ) { 7327c478bd9Sstevel@tonic-gate #else 7337c478bd9Sstevel@tonic-gate if ( (isj || isw) && !isD ) { 7347c478bd9Sstevel@tonic-gate #endif 7357c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: with -j, -w options, please specify -D\n\n"), ldaptool_progname ); 7367c478bd9Sstevel@tonic-gate return (-1); 7377c478bd9Sstevel@tonic-gate } 7387c478bd9Sstevel@tonic-gate 7397c478bd9Sstevel@tonic-gate /* use default key and cert DB paths if not set on the command line */ 7407c478bd9Sstevel@tonic-gate if ( NULL == ssl_keydbpath ) { 7417c478bd9Sstevel@tonic-gate if ( NULL == ssl_certdbpath ) { 7427c478bd9Sstevel@tonic-gate ssl_keydbpath = LDAPTOOL_DEFKEYDBPATH; 7437c478bd9Sstevel@tonic-gate } else { 7447c478bd9Sstevel@tonic-gate ssl_keydbpath = certpath2keypath( ssl_certdbpath ); 7457c478bd9Sstevel@tonic-gate } 7467c478bd9Sstevel@tonic-gate } 7477c478bd9Sstevel@tonic-gate if ( NULL == ssl_certdbpath ) { 7487c478bd9Sstevel@tonic-gate ssl_certdbpath = LDAPTOOL_DEFCERTDBPATH; 7497c478bd9Sstevel@tonic-gate } 7507c478bd9Sstevel@tonic-gate 7517c478bd9Sstevel@tonic-gate if (prompt_password != 0) { 7527c478bd9Sstevel@tonic-gate char *password_string = "Enter bind password: "; 7537c478bd9Sstevel@tonic-gate 7547c478bd9Sstevel@tonic-gate #if defined(_WIN32) 7557c478bd9Sstevel@tonic-gate char pbuf[257]; 7567c478bd9Sstevel@tonic-gate fputs(password_string,stdout); 7577c478bd9Sstevel@tonic-gate fflush(stdout); 7587c478bd9Sstevel@tonic-gate if (fgets(pbuf,256,stdin) == NULL) { 7597c478bd9Sstevel@tonic-gate passwd = NULL; 7607c478bd9Sstevel@tonic-gate } else { 7617c478bd9Sstevel@tonic-gate char *tmp; 7627c478bd9Sstevel@tonic-gate 7637c478bd9Sstevel@tonic-gate tmp = strchr(pbuf,'\n'); 7647c478bd9Sstevel@tonic-gate if (tmp) *tmp = '\0'; 7657c478bd9Sstevel@tonic-gate tmp = strchr(pbuf,'\r'); 7667c478bd9Sstevel@tonic-gate if (tmp) *tmp = '\0'; 7677c478bd9Sstevel@tonic-gate passwd = strdup(pbuf); 7687c478bd9Sstevel@tonic-gate } 7697c478bd9Sstevel@tonic-gate #else 7707c478bd9Sstevel@tonic-gate #if defined(SOLARIS) 7717c478bd9Sstevel@tonic-gate /* 256 characters on Solaris */ 7727c478bd9Sstevel@tonic-gate passwd = getpassphrase(password_string); 7737c478bd9Sstevel@tonic-gate #else 7747c478bd9Sstevel@tonic-gate /* limited to 16 chars on Tru64, 32 on AIX */ 7757c478bd9Sstevel@tonic-gate passwd = getpass(password_string); 7767c478bd9Sstevel@tonic-gate #endif 7777c478bd9Sstevel@tonic-gate #endif 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate } else if (password_fp != NULL) { 7807c478bd9Sstevel@tonic-gate char *linep = NULL; 7817c478bd9Sstevel@tonic-gate int increment = 0; 7827c478bd9Sstevel@tonic-gate int c, index; 7837c478bd9Sstevel@tonic-gate 7847c478bd9Sstevel@tonic-gate /* allocate initial block of memory */ 7857c478bd9Sstevel@tonic-gate if ((linep = (char *)malloc(BUFSIZ)) == NULL) { 7867c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: not enough memory to read password from file\n"), ldaptool_progname ); 7877c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 7887c478bd9Sstevel@tonic-gate } 7897c478bd9Sstevel@tonic-gate increment++; 7907c478bd9Sstevel@tonic-gate index = 0; 7917c478bd9Sstevel@tonic-gate while ((c = fgetc( password_fp )) != '\n' && c != EOF) { 7927c478bd9Sstevel@tonic-gate 7937c478bd9Sstevel@tonic-gate /* check if we will overflow the buffer */ 7947c478bd9Sstevel@tonic-gate if ((c != EOF) && (index == ((increment * BUFSIZ) -1))) { 7957c478bd9Sstevel@tonic-gate 7967c478bd9Sstevel@tonic-gate /* if we did, add another BUFSIZ worth of bytes */ 7977c478bd9Sstevel@tonic-gate if ((linep = (char *) 7987c478bd9Sstevel@tonic-gate realloc(linep, (increment + 1) * BUFSIZ)) == NULL) { 7997c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: not enough memory to read password from file\n"), ldaptool_progname ); 8007c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 8017c478bd9Sstevel@tonic-gate } 8027c478bd9Sstevel@tonic-gate increment++; 8037c478bd9Sstevel@tonic-gate } 8047c478bd9Sstevel@tonic-gate linep[index++] = c; 8057c478bd9Sstevel@tonic-gate } 8067c478bd9Sstevel@tonic-gate linep[index] = '\0'; 8077c478bd9Sstevel@tonic-gate passwd = linep; 8087c478bd9Sstevel@tonic-gate } 8097c478bd9Sstevel@tonic-gate 8107c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 8117c478bd9Sstevel@tonic-gate if (binddn != NULL && passwd == NULL) { 8127c478bd9Sstevel@tonic-gate char *password_string = gettext("Enter bind password: "); 8137c478bd9Sstevel@tonic-gate passwd = getpassphrase(password_string); 8147c478bd9Sstevel@tonic-gate } 8157c478bd9Sstevel@tonic-gate 8167c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 8177c478bd9Sstevel@tonic-gate if (ldapauth == LDAP_AUTH_SASL) { 8187c478bd9Sstevel@tonic-gate /* BindDN not required for SASL */ 8197c478bd9Sstevel@tonic-gate ldaptool_require_binddn = 0; 8207c478bd9Sstevel@tonic-gate } 8217c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 8227c478bd9Sstevel@tonic-gate 8237c478bd9Sstevel@tonic-gate #ifdef NET_SSL 8247c478bd9Sstevel@tonic-gate if (secure == 1) { 8257c478bd9Sstevel@tonic-gate /* BindDN not required for SSL */ 8267c478bd9Sstevel@tonic-gate ldaptool_require_binddn = 0; 8277c478bd9Sstevel@tonic-gate } 8287c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 8297c478bd9Sstevel@tonic-gate 8307c478bd9Sstevel@tonic-gate if (ldaptool_require_binddn && binddn == NULL && passwd == NULL) { 8317c478bd9Sstevel@tonic-gate fprintf(stderr, 8327c478bd9Sstevel@tonic-gate gettext("%s: DN and Bind Password are required.\n"), 8337c478bd9Sstevel@tonic-gate ldaptool_progname ); 8347c478bd9Sstevel@tonic-gate exit(1); 8357c478bd9Sstevel@tonic-gate } 8367c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 8377c478bd9Sstevel@tonic-gate 8387c478bd9Sstevel@tonic-gate /* 8397c478bd9Sstevel@tonic-gate * If verbose (-v) flag was passed in, display program name and start time. 8407c478bd9Sstevel@tonic-gate * If the verbose flag was passed at least twice (-vv), also display 8417c478bd9Sstevel@tonic-gate * information about the API library we are running with. 8427c478bd9Sstevel@tonic-gate */ 8437c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 8447c478bd9Sstevel@tonic-gate time_t curtime; 8457c478bd9Sstevel@tonic-gate 8467c478bd9Sstevel@tonic-gate curtime = time( NULL ); 8477c478bd9Sstevel@tonic-gate printf( gettext("%s: started %s\n"), ldaptool_progname, ctime( &curtime )); 8487c478bd9Sstevel@tonic-gate if ( ldaptool_verbose > 1 ) { 8497c478bd9Sstevel@tonic-gate print_library_info( &ldai, stdout ); 8507c478bd9Sstevel@tonic-gate } 8517c478bd9Sstevel@tonic-gate } 8527c478bd9Sstevel@tonic-gate 8537c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 8547c478bd9Sstevel@tonic-gate if ((NULL != pkcs_token) && (NULL != ssl_certname)) { 8557c478bd9Sstevel@tonic-gate char *result; 8567c478bd9Sstevel@tonic-gate 8577c478bd9Sstevel@tonic-gate if ( (result = buildTokenCertName( pkcs_token, ssl_certname)) != NULL){ 8587c478bd9Sstevel@tonic-gate free( ssl_certname ); 8597c478bd9Sstevel@tonic-gate ssl_certname = result; 8607c478bd9Sstevel@tonic-gate } 8617c478bd9Sstevel@tonic-gate } 8627c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 8637c478bd9Sstevel@tonic-gate 8647c478bd9Sstevel@tonic-gate free( optstring ); 8657c478bd9Sstevel@tonic-gate 8667c478bd9Sstevel@tonic-gate /* 8677c478bd9Sstevel@tonic-gate * Clean up and return index of first non-option argument. 8687c478bd9Sstevel@tonic-gate */ 8697c478bd9Sstevel@tonic-gate if ( ldai.ldapai_extensions != NULL ) { 8707c478bd9Sstevel@tonic-gate ldap_value_free( ldai.ldapai_extensions ); 8717c478bd9Sstevel@tonic-gate } 8727c478bd9Sstevel@tonic-gate if ( ldai.ldapai_vendor_name != NULL ) { 8737c478bd9Sstevel@tonic-gate ldap_memfree( ldai.ldapai_vendor_name ); 8747c478bd9Sstevel@tonic-gate } 8757c478bd9Sstevel@tonic-gate 8767c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 8777c478bd9Sstevel@tonic-gate if (ldversion == LDAP_VERSION2 && ldapauth == LDAP_AUTH_SASL) { 8787c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Incompatible with version %d\n"), ldversion); 8797c478bd9Sstevel@tonic-gate return (-1); 8807c478bd9Sstevel@tonic-gate } 8817c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 8827c478bd9Sstevel@tonic-gate return( optind ); 8837c478bd9Sstevel@tonic-gate } 8847c478bd9Sstevel@tonic-gate 8857c478bd9Sstevel@tonic-gate 8867c478bd9Sstevel@tonic-gate /* 8877c478bd9Sstevel@tonic-gate * Write detailed information about the API library we are running with to fp. 8887c478bd9Sstevel@tonic-gate */ 8897c478bd9Sstevel@tonic-gate static void 8907c478bd9Sstevel@tonic-gate print_library_info( const LDAPAPIInfo *aip, FILE *fp ) 8917c478bd9Sstevel@tonic-gate { 8927c478bd9Sstevel@tonic-gate int i; 8937c478bd9Sstevel@tonic-gate LDAPAPIFeatureInfo fi; 8947c478bd9Sstevel@tonic-gate 8957c478bd9Sstevel@tonic-gate fprintf( fp, gettext("LDAP Library Information -\n" 8967c478bd9Sstevel@tonic-gate " Highest supported protocol version: %d\n" 8977c478bd9Sstevel@tonic-gate " LDAP API revision: %d\n" 8987c478bd9Sstevel@tonic-gate " API vendor name: %s\n" 8997c478bd9Sstevel@tonic-gate " Vendor-specific version: %.2f\n"), 9007c478bd9Sstevel@tonic-gate aip->ldapai_protocol_version, aip->ldapai_api_version, 9017c478bd9Sstevel@tonic-gate aip->ldapai_vendor_name, 9027c478bd9Sstevel@tonic-gate (float)aip->ldapai_vendor_version / 100.0 ); 9037c478bd9Sstevel@tonic-gate 9047c478bd9Sstevel@tonic-gate if ( aip->ldapai_extensions != NULL ) { 9057c478bd9Sstevel@tonic-gate fputs( gettext(" LDAP API Extensions:\n"), fp ); 9067c478bd9Sstevel@tonic-gate 9077c478bd9Sstevel@tonic-gate for ( i = 0; aip->ldapai_extensions[i] != NULL; i++ ) { 9087c478bd9Sstevel@tonic-gate fprintf( fp, gettext(" %s"), aip->ldapai_extensions[i] ); 9097c478bd9Sstevel@tonic-gate fi.ldapaif_info_version = LDAP_FEATURE_INFO_VERSION; 9107c478bd9Sstevel@tonic-gate fi.ldapaif_name = aip->ldapai_extensions[i]; 9117c478bd9Sstevel@tonic-gate fi.ldapaif_version = 0; 9127c478bd9Sstevel@tonic-gate 9137c478bd9Sstevel@tonic-gate if ( ldap_get_option( NULL, LDAP_OPT_API_FEATURE_INFO, &fi ) 9147c478bd9Sstevel@tonic-gate != 0 ) { 9157c478bd9Sstevel@tonic-gate fprintf( fp, gettext(" %s: ldap_get_option( NULL," 9167c478bd9Sstevel@tonic-gate " LDAP_OPT_API_FEATURE_INFO, ... ) for %s failed" 9177c478bd9Sstevel@tonic-gate " (Feature Info version: %d)\n"), ldaptool_progname, 9187c478bd9Sstevel@tonic-gate fi.ldapaif_name, fi.ldapaif_info_version ); 9197c478bd9Sstevel@tonic-gate } else { 9207c478bd9Sstevel@tonic-gate fprintf( fp, gettext(" (revision %d)\n"), fi.ldapaif_version); 9217c478bd9Sstevel@tonic-gate } 9227c478bd9Sstevel@tonic-gate } 9237c478bd9Sstevel@tonic-gate } 9247c478bd9Sstevel@tonic-gate fputc( '\n', fp ); 9257c478bd9Sstevel@tonic-gate } 9267c478bd9Sstevel@tonic-gate 9277c478bd9Sstevel@tonic-gate 9287c478bd9Sstevel@tonic-gate 9297c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_ARGPIN 9307c478bd9Sstevel@tonic-gate static int PinArgRegistration( void ) 9317c478bd9Sstevel@tonic-gate { 9327c478bd9Sstevel@tonic-gate 9337c478bd9Sstevel@tonic-gate /* pkcs_init was successful register the pin args */ 9347c478bd9Sstevel@tonic-gate 9357c478bd9Sstevel@tonic-gate SVRCOREArgPinObj *ArgPinObj; 9367c478bd9Sstevel@tonic-gate char *tokenName; 9377c478bd9Sstevel@tonic-gate #ifndef _WIN32 9387c478bd9Sstevel@tonic-gate SVRCOREStdPinObj *StdPinObj; 9397c478bd9Sstevel@tonic-gate #else 9407c478bd9Sstevel@tonic-gate SVRCOREFilePinObj *FilePinObj; 9417c478bd9Sstevel@tonic-gate SVRCOREAltPinObj *AltPinObj; 9427c478bd9Sstevel@tonic-gate SVRCORENTUserPinObj *NTUserPinObj; 9437c478bd9Sstevel@tonic-gate int err; 9447c478bd9Sstevel@tonic-gate #endif 9457c478bd9Sstevel@tonic-gate char *pin; 9467c478bd9Sstevel@tonic-gate char *filename; 9477c478bd9Sstevel@tonic-gate /* Create and register the pin object for PKCS 11 */ 9487c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_getdonglefilename(NULL, &filename); 9497c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_getpin(NULL, "", &pin); 9507c478bd9Sstevel@tonic-gate #ifndef _WIN32 9517c478bd9Sstevel@tonic-gate if ( SVRCORE_CreateStdPinObj(&StdPinObj, filename, PR_TRUE) != 9527c478bd9Sstevel@tonic-gate SVRCORE_Success) { 9537c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create PinObj " 9547c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9557c478bd9Sstevel@tonic-gate return -1; 9567c478bd9Sstevel@tonic-gate } 9577c478bd9Sstevel@tonic-gate if (pin != NULL) 9587c478bd9Sstevel@tonic-gate { 9597c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_gettokenname(NULL, &tokenName); 9607c478bd9Sstevel@tonic-gate SVRCORE_CreateArgPinObj(&ArgPinObj, tokenName, pin, (SVRCOREPinObj *)StdPinObj); 9617c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)ArgPinObj); 9627c478bd9Sstevel@tonic-gate } 9637c478bd9Sstevel@tonic-gate else 9647c478bd9Sstevel@tonic-gate { 9657c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)StdPinObj); 9667c478bd9Sstevel@tonic-gate } 9677c478bd9Sstevel@tonic-gate #else 9687c478bd9Sstevel@tonic-gate if (NULL != pin) 9697c478bd9Sstevel@tonic-gate { 9707c478bd9Sstevel@tonic-gate local_pkcs_fns.pkcs_gettokenname(NULL, &tokenName); 9717c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateNTUserPinObj(&NTUserPinObj)) != SVRCORE_Success){ 9727c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create NTUserPinObj " 9737c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9747c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 9757c478bd9Sstevel@tonic-gate } 9767c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateArgPinObj(&ArgPinObj, tokenName, pin, 9777c478bd9Sstevel@tonic-gate (SVRCOREPinObj *)NTUserPinObj)) != SVRCORE_Success) 9787c478bd9Sstevel@tonic-gate { 9797c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create ArgPinObj " 9807c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9817c478bd9Sstevel@tonic-gate return -1; 9827c478bd9Sstevel@tonic-gate 9837c478bd9Sstevel@tonic-gate } 9847c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)ArgPinObj); 9857c478bd9Sstevel@tonic-gate 9867c478bd9Sstevel@tonic-gate } 9877c478bd9Sstevel@tonic-gate else 9887c478bd9Sstevel@tonic-gate { 9897c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateNTUserPinObj(&NTUserPinObj)) != SVRCORE_Success){ 9907c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create NTUserPinObj " 9917c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 9927c478bd9Sstevel@tonic-gate return -1; 9937c478bd9Sstevel@tonic-gate } 9947c478bd9Sstevel@tonic-gate if (filename && *filename) 9957c478bd9Sstevel@tonic-gate { 9967c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateFilePinObj(&FilePinObj, filename)) != 9977c478bd9Sstevel@tonic-gate SVRCORE_Success) { 9987c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create FilePinObj " 9997c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 10007c478bd9Sstevel@tonic-gate return -1; 10017c478bd9Sstevel@tonic-gate 10027c478bd9Sstevel@tonic-gate } 10037c478bd9Sstevel@tonic-gate if ((err = SVRCORE_CreateAltPinObj(&AltPinObj, (SVRCOREPinObj *)FilePinObj, 10047c478bd9Sstevel@tonic-gate (SVRCOREPinObj *)NTUserPinObj)) != SVRCORE_Success) { 10057c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("Security Initialization: Unable to create AltPinObj " 10067c478bd9Sstevel@tonic-gate "(%d)"), PR_GetError()); 10077c478bd9Sstevel@tonic-gate return -1; 10087c478bd9Sstevel@tonic-gate } 10097c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)AltPinObj); 10107c478bd9Sstevel@tonic-gate } 10117c478bd9Sstevel@tonic-gate else 10127c478bd9Sstevel@tonic-gate { 10137c478bd9Sstevel@tonic-gate SVRCORE_RegisterPinObj((SVRCOREPinObj *)NTUserPinObj); 10147c478bd9Sstevel@tonic-gate } 10157c478bd9Sstevel@tonic-gate } 10167c478bd9Sstevel@tonic-gate #endif 10177c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 10187c478bd9Sstevel@tonic-gate 10197c478bd9Sstevel@tonic-gate } 10207c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_ARGPIN */ 10217c478bd9Sstevel@tonic-gate 10227c478bd9Sstevel@tonic-gate 10237c478bd9Sstevel@tonic-gate /* 10247c478bd9Sstevel@tonic-gate * initialize and return an LDAP session handle. 10257c478bd9Sstevel@tonic-gate * if errors occur, we exit here. 10267c478bd9Sstevel@tonic-gate */ 10277c478bd9Sstevel@tonic-gate LDAP * 10287c478bd9Sstevel@tonic-gate ldaptool_ldap_init( int second_host ) 10297c478bd9Sstevel@tonic-gate { 10307c478bd9Sstevel@tonic-gate LDAP *ld = NULL; 10317c478bd9Sstevel@tonic-gate char *host; 10327c478bd9Sstevel@tonic-gate int port, rc, user_port; 10337c478bd9Sstevel@tonic-gate 10347c478bd9Sstevel@tonic-gate if ( ldaptool_not ) { 10357c478bd9Sstevel@tonic-gate return( NULL ); 10367c478bd9Sstevel@tonic-gate } 10377c478bd9Sstevel@tonic-gate 10387c478bd9Sstevel@tonic-gate if ( second_host ) { 10397c478bd9Sstevel@tonic-gate host = ldaptool_host2; 10407c478bd9Sstevel@tonic-gate port = ldaptool_port2; 10417c478bd9Sstevel@tonic-gate user_port = user_specified_port2; 10427c478bd9Sstevel@tonic-gate } else { 10437c478bd9Sstevel@tonic-gate host = ldaptool_host; 10447c478bd9Sstevel@tonic-gate port = ldaptool_port; 10457c478bd9Sstevel@tonic-gate user_port = user_specified_port; 10467c478bd9Sstevel@tonic-gate } 10477c478bd9Sstevel@tonic-gate 10487c478bd9Sstevel@tonic-gate 10497c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 10507c478bd9Sstevel@tonic-gate printf( gettext("ldap_init( %s, %d )\n"), host, port ); 10517c478bd9Sstevel@tonic-gate } 10527c478bd9Sstevel@tonic-gate 10537c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 10547c478bd9Sstevel@tonic-gate /* 10557c478bd9Sstevel@tonic-gate * Initialize security libraries and databases and LDAP session. If 10567c478bd9Sstevel@tonic-gate * ssl_certname is not NULL, then we will attempt to use client auth. 10577c478bd9Sstevel@tonic-gate * if the server supports it. 10587c478bd9Sstevel@tonic-gate */ 10597c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 10607c478bd9Sstevel@tonic-gate ldaptool_setcallbacks( &local_pkcs_fns ); 10617c478bd9Sstevel@tonic-gate 10627c478bd9Sstevel@tonic-gate if ( !second_host && secure 10637c478bd9Sstevel@tonic-gate &&(rc = ldapssl_pkcs_init( &local_pkcs_fns)) < 0) { 10647c478bd9Sstevel@tonic-gate /* secure connection requested -- fail if no SSL */ 10657c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 10667c478bd9Sstevel@tonic-gate rc = PORT_GetError(); 10677c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 10687c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("SSL initialization failed: error %d (%s)\n"), 10697c478bd9Sstevel@tonic-gate rc, ldapssl_err2string( rc )); 10707c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 10717c478bd9Sstevel@tonic-gate } 10727c478bd9Sstevel@tonic-gate 10737c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_ARGPIN 10747c478bd9Sstevel@tonic-gate if (secure) { 10757c478bd9Sstevel@tonic-gate if (PinArgRegistration( )) { 10767c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR); 10777c478bd9Sstevel@tonic-gate } 10787c478bd9Sstevel@tonic-gate } 10797c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_ARGPIN */ 10807c478bd9Sstevel@tonic-gate 10817c478bd9Sstevel@tonic-gate #else /* LDAP_TOOL_PKCS11 */ 10827c478bd9Sstevel@tonic-gate if ( !second_host && secure 10837c478bd9Sstevel@tonic-gate &&(rc = ldapssl_client_init( ssl_certdbpath, NULL )) < 0) { 10847c478bd9Sstevel@tonic-gate /* secure connection requested -- fail if no SSL */ 10857c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 10867c478bd9Sstevel@tonic-gate rc = PORT_GetError(); 10877c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 10887c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("SSL initialization failed: error %d (%s)\n"), 10897c478bd9Sstevel@tonic-gate rc, ldapssl_err2string( rc )); 10907c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 10917c478bd9Sstevel@tonic-gate } 10927c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 10937c478bd9Sstevel@tonic-gate 10947c478bd9Sstevel@tonic-gate /* set the default SSL strength (used for all future ld's we create) */ 10957c478bd9Sstevel@tonic-gate if ( ldapssl_set_strength( NULL, ssl_strength ) < 0 ) { 10967c478bd9Sstevel@tonic-gate perror( "ldapssl_set_strength" ); 10977c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 10987c478bd9Sstevel@tonic-gate } 10997c478bd9Sstevel@tonic-gate 11007c478bd9Sstevel@tonic-gate 11017c478bd9Sstevel@tonic-gate if (secure) { 11027c478bd9Sstevel@tonic-gate if ( !user_port ) { 11037c478bd9Sstevel@tonic-gate port = LDAPS_PORT; 11047c478bd9Sstevel@tonic-gate } 11057c478bd9Sstevel@tonic-gate 11067c478bd9Sstevel@tonic-gate if (( ld = ldapssl_init( host, port, 11077c478bd9Sstevel@tonic-gate secure )) != NULL && ssl_certname != NULL ) 11087c478bd9Sstevel@tonic-gate if (ldapssl_enable_clientauth( ld, ssl_keydbpath, ssl_passwd, 11097c478bd9Sstevel@tonic-gate ssl_certname ) != 0 ) { 11107c478bd9Sstevel@tonic-gate exit ( ldaptool_print_lderror( ld, "ldapssl_enable_clientauth", 11117c478bd9Sstevel@tonic-gate LDAPTOOL_CHECK4SSL_ALWAYS )); 11127c478bd9Sstevel@tonic-gate } 11137c478bd9Sstevel@tonic-gate } else { 11147c478bd9Sstevel@tonic-gate /* In order to support IPv6, we use NSPR I/O */ 11157c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 11167c478bd9Sstevel@tonic-gate ld = ldap_init( host, port ); 11177c478bd9Sstevel@tonic-gate #else 11187c478bd9Sstevel@tonic-gate ld = prldap_init( host, port, 0 /* not shared across threads */ ); 11197c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 11207c478bd9Sstevel@tonic-gate } 11217c478bd9Sstevel@tonic-gate 11227c478bd9Sstevel@tonic-gate #else /* NET_SSL */ 11237c478bd9Sstevel@tonic-gate /* In order to support IPv6, we use NSPR I/O */ 11247c478bd9Sstevel@tonic-gate #ifdef SOLARIS_LDAP_CMD 11257c478bd9Sstevel@tonic-gate ld = ldap_init( host, port ); 11267c478bd9Sstevel@tonic-gate #else 11277c478bd9Sstevel@tonic-gate ld = prldap_init( host, port, 0 /* not shared across threads */ ); 11287c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 11297c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 11307c478bd9Sstevel@tonic-gate 11317c478bd9Sstevel@tonic-gate if ( ld == NULL ) { 11327c478bd9Sstevel@tonic-gate perror( "ldap_init" ); 11337c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 11347c478bd9Sstevel@tonic-gate } 11357c478bd9Sstevel@tonic-gate 11367c478bd9Sstevel@tonic-gate #ifndef NO_LIBLCACHE 11377c478bd9Sstevel@tonic-gate if ( cache_config_file != NULL ) { 11387c478bd9Sstevel@tonic-gate int opt; 11397c478bd9Sstevel@tonic-gate 11407c478bd9Sstevel@tonic-gate if ( lcache_init( ld, cache_config_file ) != 0 ) { 11417c478bd9Sstevel@tonic-gate exit( ldaptool_print_lderror( ld, cache_config_file, 11427c478bd9Sstevel@tonic-gate LDAPTOOL_CHECK4SSL_NEVER )); 11437c478bd9Sstevel@tonic-gate } 11447c478bd9Sstevel@tonic-gate opt = 1; 11457c478bd9Sstevel@tonic-gate (void) ldap_set_option( ld, LDAP_OPT_CACHE_ENABLE, &opt ); 11467c478bd9Sstevel@tonic-gate opt = LDAP_CACHE_LOCALDB; 11477c478bd9Sstevel@tonic-gate (void) ldap_set_option( ld, LDAP_OPT_CACHE_STRATEGY, &opt ); 11487c478bd9Sstevel@tonic-gate if ( ldversion == -1 ) { /* not set with -V */ 11497c478bd9Sstevel@tonic-gate ldversion = LDAP_VERSION2; /* local db only supports v2 */ 11507c478bd9Sstevel@tonic-gate } 11517c478bd9Sstevel@tonic-gate } 11527c478bd9Sstevel@tonic-gate #endif 11537c478bd9Sstevel@tonic-gate 11547c478bd9Sstevel@tonic-gate 11557c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_REFERRALS, chase_referrals ? LDAP_OPT_ON: 11567c478bd9Sstevel@tonic-gate LDAP_OPT_OFF ); 11577c478bd9Sstevel@tonic-gate if ( chase_referrals ) { 11587c478bd9Sstevel@tonic-gate ldap_set_rebind_proc( ld, get_rebind_credentials, NULL ); 11597c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_REFERRAL_HOP_LIMIT, &refhoplim ); 11607c478bd9Sstevel@tonic-gate } 11617c478bd9Sstevel@tonic-gate 11627c478bd9Sstevel@tonic-gate if ( ldversion == -1 ) { /* not set with -V and not using local db */ 11637c478bd9Sstevel@tonic-gate ldversion = LDAP_VERSION3; 11647c478bd9Sstevel@tonic-gate } 11657c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &ldversion ); 11667c478bd9Sstevel@tonic-gate 11677c478bd9Sstevel@tonic-gate return( ld ); 11687c478bd9Sstevel@tonic-gate } 11697c478bd9Sstevel@tonic-gate 11707c478bd9Sstevel@tonic-gate 11717c478bd9Sstevel@tonic-gate /* 11727c478bd9Sstevel@tonic-gate * perform a bind to the LDAP server if needed. 11737c478bd9Sstevel@tonic-gate * if an error occurs, we exit here. 11747c478bd9Sstevel@tonic-gate */ 11757c478bd9Sstevel@tonic-gate void 11767c478bd9Sstevel@tonic-gate ldaptool_bind( LDAP *ld ) 11777c478bd9Sstevel@tonic-gate { 11787c478bd9Sstevel@tonic-gate int rc; 11797c478bd9Sstevel@tonic-gate char *conv; 11807c478bd9Sstevel@tonic-gate LDAPControl auth_resp_ctrl, *ctrl_array[ 2 ], **bindctrls; 11817c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 11827c478bd9Sstevel@tonic-gate void *defaults; 11837c478bd9Sstevel@tonic-gate #endif 11847c478bd9Sstevel@tonic-gate 11857c478bd9Sstevel@tonic-gate if ( ldaptool_not ) { 11867c478bd9Sstevel@tonic-gate return; 11877c478bd9Sstevel@tonic-gate } 11887c478bd9Sstevel@tonic-gate 11897c478bd9Sstevel@tonic-gate if ( send_auth_response_ctrl ) { 11907c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_oid = LDAP_CONTROL_AUTH_REQUEST; 11917c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_value.bv_val = NULL; 11927c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_value.bv_len = 0; 11937c478bd9Sstevel@tonic-gate auth_resp_ctrl.ldctl_iscritical = 0; 11947c478bd9Sstevel@tonic-gate 11957c478bd9Sstevel@tonic-gate ctrl_array[0] = &auth_resp_ctrl; 11967c478bd9Sstevel@tonic-gate ctrl_array[1] = NULL; 11977c478bd9Sstevel@tonic-gate bindctrls = ctrl_array; 11987c478bd9Sstevel@tonic-gate } else { 11997c478bd9Sstevel@tonic-gate bindctrls = NULL; 12007c478bd9Sstevel@tonic-gate } 12017c478bd9Sstevel@tonic-gate 12027c478bd9Sstevel@tonic-gate /* 12037c478bd9Sstevel@tonic-gate * if using LDAPv3 and not using client auth., omit NULL bind for 12047c478bd9Sstevel@tonic-gate * efficiency. 12057c478bd9Sstevel@tonic-gate */ 12067c478bd9Sstevel@tonic-gate if ( ldversion > LDAP_VERSION2 && binddn == NULL && passwd == NULL 12077c478bd9Sstevel@tonic-gate && ssl_certname == NULL ) { 12087c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12097c478bd9Sstevel@tonic-gate if ( ldapauth != LDAP_AUTH_SASL ) { 12107c478bd9Sstevel@tonic-gate return; 12117c478bd9Sstevel@tonic-gate } 12127c478bd9Sstevel@tonic-gate #else 12137c478bd9Sstevel@tonic-gate return; 12147c478bd9Sstevel@tonic-gate #endif 12157c478bd9Sstevel@tonic-gate } 12167c478bd9Sstevel@tonic-gate 12177c478bd9Sstevel@tonic-gate /* 12187c478bd9Sstevel@tonic-gate * do the bind, backing off one LDAP version if necessary 12197c478bd9Sstevel@tonic-gate */ 12207c478bd9Sstevel@tonic-gate conv = ldaptool_local2UTF8( binddn ); 12217c478bd9Sstevel@tonic-gate 12227c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12237c478bd9Sstevel@tonic-gate if ( ldapauth == LDAP_AUTH_SASL) { 12247c478bd9Sstevel@tonic-gate if ( sasl_mech == NULL) { 12257c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Please specify the SASL mechanism name when " 12267c478bd9Sstevel@tonic-gate "using SASL options\n")); 12277c478bd9Sstevel@tonic-gate return; 12287c478bd9Sstevel@tonic-gate } 12297c478bd9Sstevel@tonic-gate 12307c478bd9Sstevel@tonic-gate if ( sasl_secprops != NULL) { 12317c478bd9Sstevel@tonic-gate rc = ldap_set_option( ld, LDAP_OPT_X_SASL_SECPROPS, 12327c478bd9Sstevel@tonic-gate (void *) sasl_secprops ); 12337c478bd9Sstevel@tonic-gate 12347c478bd9Sstevel@tonic-gate if ( rc != LDAP_SUCCESS ) { 12357c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Unable to set LDAP_OPT_X_SASL_SECPROPS: %s\n"), 12367c478bd9Sstevel@tonic-gate sasl_secprops ); 12377c478bd9Sstevel@tonic-gate return; 12387c478bd9Sstevel@tonic-gate } 12397c478bd9Sstevel@tonic-gate } 12407c478bd9Sstevel@tonic-gate 12417c478bd9Sstevel@tonic-gate defaults = ldaptool_set_sasl_defaults( ld, sasl_mech, sasl_authid, sasl_username, passwd, sasl_realm ); 12427c478bd9Sstevel@tonic-gate if (defaults == NULL) { 12437c478bd9Sstevel@tonic-gate perror ("malloc"); 12447c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 12457c478bd9Sstevel@tonic-gate } 12467c478bd9Sstevel@tonic-gate 12477c478bd9Sstevel@tonic-gate rc = ldap_sasl_interactive_bind_s( ld, binddn, sasl_mech, NULL, NULL, 12487c478bd9Sstevel@tonic-gate sasl_flags, ldaptool_sasl_interact, defaults ); 12497c478bd9Sstevel@tonic-gate 12507c478bd9Sstevel@tonic-gate if (rc != LDAP_SUCCESS ) { 12517c478bd9Sstevel@tonic-gate ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); 12527c478bd9Sstevel@tonic-gate } 12537c478bd9Sstevel@tonic-gate } else 12547c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 12557c478bd9Sstevel@tonic-gate /* 12567c478bd9Sstevel@tonic-gate * if using LDAPv3 and client auth., try a SASL EXTERNAL bind 12577c478bd9Sstevel@tonic-gate */ 12587c478bd9Sstevel@tonic-gate if ( ldversion > LDAP_VERSION2 && binddn == NULL && passwd == NULL 12597c478bd9Sstevel@tonic-gate && ssl_certname != NULL ) { 12607c478bd9Sstevel@tonic-gate rc = ldaptool_sasl_bind_s( ld, NULL, LDAP_SASL_EXTERNAL, NULL, 12617c478bd9Sstevel@tonic-gate bindctrls, NULL, NULL, "ldap_sasl_bind" ); 12627c478bd9Sstevel@tonic-gate } 12637c478bd9Sstevel@tonic-gate else { 12647c478bd9Sstevel@tonic-gate rc = ldaptool_simple_bind_s( ld, conv, passwd, bindctrls, NULL, 12657c478bd9Sstevel@tonic-gate "ldap_simple_bind" ); 12667c478bd9Sstevel@tonic-gate } 12677c478bd9Sstevel@tonic-gate 12687c478bd9Sstevel@tonic-gate if ( rc == LDAP_SUCCESS ) { 12697c478bd9Sstevel@tonic-gate if ( conv != NULL ) { 12707c478bd9Sstevel@tonic-gate free( conv ); 12717c478bd9Sstevel@tonic-gate } 12727c478bd9Sstevel@tonic-gate return; /* success */ 12737c478bd9Sstevel@tonic-gate } 12747c478bd9Sstevel@tonic-gate 12757c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12767c478bd9Sstevel@tonic-gate if (ldapauth != LDAP_AUTH_SASL) { 12777c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 12787c478bd9Sstevel@tonic-gate if ( rc == LDAP_PROTOCOL_ERROR && ldversion > LDAP_VERSION2 ) { 12797c478bd9Sstevel@tonic-gate /* 12807c478bd9Sstevel@tonic-gate * try again, backing off one LDAP version 12817c478bd9Sstevel@tonic-gate * this is okay even for client auth. because the way to achieve 12827c478bd9Sstevel@tonic-gate * client auth. with LDAPv2 is to perform a NULL simple bind. 12837c478bd9Sstevel@tonic-gate */ 12847c478bd9Sstevel@tonic-gate --ldversion; 12857c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: the server doesn't understand LDAPv%d;" 12867c478bd9Sstevel@tonic-gate " trying LDAPv%d instead...\n"), ldaptool_progname, 12877c478bd9Sstevel@tonic-gate ldversion + 1, ldversion ); 12887c478bd9Sstevel@tonic-gate ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &ldversion ); 12897c478bd9Sstevel@tonic-gate if (( rc = ldaptool_simple_bind_s( ld, conv, passwd, 12907c478bd9Sstevel@tonic-gate bindctrls, NULL, "ldap_simple_bind" )) == LDAP_SUCCESS ) { 12917c478bd9Sstevel@tonic-gate if( conv != NULL ) 12927c478bd9Sstevel@tonic-gate free( conv ); 12937c478bd9Sstevel@tonic-gate return; /* a qualified success */ 12947c478bd9Sstevel@tonic-gate } 12957c478bd9Sstevel@tonic-gate } 12967c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 12977c478bd9Sstevel@tonic-gate } 12987c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 12997c478bd9Sstevel@tonic-gate 13007c478bd9Sstevel@tonic-gate if ( conv != NULL ) { 13017c478bd9Sstevel@tonic-gate free( conv ); 13027c478bd9Sstevel@tonic-gate } 13037c478bd9Sstevel@tonic-gate 13047c478bd9Sstevel@tonic-gate /* 13057c478bd9Sstevel@tonic-gate * bind(s) failed -- fatal error 13067c478bd9Sstevel@tonic-gate */ 13077c478bd9Sstevel@tonic-gate ldap_unbind( ld ); 13087c478bd9Sstevel@tonic-gate exit( rc ); 13097c478bd9Sstevel@tonic-gate } 13107c478bd9Sstevel@tonic-gate 13117c478bd9Sstevel@tonic-gate 13127c478bd9Sstevel@tonic-gate /* 13137c478bd9Sstevel@tonic-gate * close open files, unbind, etc. 13147c478bd9Sstevel@tonic-gate */ 13157c478bd9Sstevel@tonic-gate void 13167c478bd9Sstevel@tonic-gate ldaptool_cleanup( LDAP *ld ) 13177c478bd9Sstevel@tonic-gate { 13187c478bd9Sstevel@tonic-gate if ( ld != NULL ) { 13197c478bd9Sstevel@tonic-gate ldap_unbind( ld ); 13207c478bd9Sstevel@tonic-gate } 13217c478bd9Sstevel@tonic-gate 13227c478bd9Sstevel@tonic-gate if ( ldaptool_fp != NULL && ldaptool_fp != stdin ) { 13237c478bd9Sstevel@tonic-gate fclose( ldaptool_fp ); 13247c478bd9Sstevel@tonic-gate ldaptool_fp = NULL; 13257c478bd9Sstevel@tonic-gate } 13267c478bd9Sstevel@tonic-gate } 13277c478bd9Sstevel@tonic-gate 13287c478bd9Sstevel@tonic-gate 13297c478bd9Sstevel@tonic-gate /* 13307c478bd9Sstevel@tonic-gate * Retrieve and print an LDAP error message. Returns the LDAP error code. 13317c478bd9Sstevel@tonic-gate */ 13327c478bd9Sstevel@tonic-gate int 13337c478bd9Sstevel@tonic-gate ldaptool_print_lderror( LDAP *ld, char *msg, int check4ssl ) 13347c478bd9Sstevel@tonic-gate { 13357c478bd9Sstevel@tonic-gate int lderr = ldap_get_lderrno( ld, NULL, NULL ); 13367c478bd9Sstevel@tonic-gate 13377c478bd9Sstevel@tonic-gate ldap_perror( ld, msg ); 13387c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 13397c478bd9Sstevel@tonic-gate if ( secure && check4ssl != LDAPTOOL_CHECK4SSL_NEVER ) { 13407c478bd9Sstevel@tonic-gate if ( check4ssl == LDAPTOOL_CHECK4SSL_ALWAYS 13417c478bd9Sstevel@tonic-gate || ( lderr == LDAP_SERVER_DOWN )) { 13427c478bd9Sstevel@tonic-gate int sslerr = PORT_GetError(); 13437c478bd9Sstevel@tonic-gate 13447c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("\tSSL error %d (%s)\n"), sslerr, 13457c478bd9Sstevel@tonic-gate ldapssl_err2string( sslerr )); 13467c478bd9Sstevel@tonic-gate } 13477c478bd9Sstevel@tonic-gate } 13487c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 13497c478bd9Sstevel@tonic-gate 13507c478bd9Sstevel@tonic-gate return( lderr ); 13517c478bd9Sstevel@tonic-gate } 13527c478bd9Sstevel@tonic-gate 13537c478bd9Sstevel@tonic-gate 13547c478bd9Sstevel@tonic-gate /* 13557c478bd9Sstevel@tonic-gate * print referrals to stderr 13567c478bd9Sstevel@tonic-gate */ 13577c478bd9Sstevel@tonic-gate void 13587c478bd9Sstevel@tonic-gate ldaptool_print_referrals( char **refs ) 13597c478bd9Sstevel@tonic-gate { 13607c478bd9Sstevel@tonic-gate int i; 13617c478bd9Sstevel@tonic-gate 13627c478bd9Sstevel@tonic-gate if ( refs != NULL ) { 13637c478bd9Sstevel@tonic-gate for ( i = 0; refs[ i ] != NULL; ++i ) { 13647c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Referral: %s\n"), refs[ i ] ); 13657c478bd9Sstevel@tonic-gate } 13667c478bd9Sstevel@tonic-gate } 13677c478bd9Sstevel@tonic-gate } 13687c478bd9Sstevel@tonic-gate 13697c478bd9Sstevel@tonic-gate 13707c478bd9Sstevel@tonic-gate /* 13717c478bd9Sstevel@tonic-gate * print contents of an extended response to stderr 13727c478bd9Sstevel@tonic-gate * this is mainly to support unsolicited notifications 13737c478bd9Sstevel@tonic-gate * Returns an LDAP error code (from the extended result). 13747c478bd9Sstevel@tonic-gate */ 13757c478bd9Sstevel@tonic-gate int 13767c478bd9Sstevel@tonic-gate ldaptool_print_extended_response( LDAP *ld, LDAPMessage *res, char *msg ) 13777c478bd9Sstevel@tonic-gate { 13787c478bd9Sstevel@tonic-gate char *oid; 13797c478bd9Sstevel@tonic-gate struct berval *data; 13807c478bd9Sstevel@tonic-gate 13817c478bd9Sstevel@tonic-gate if ( ldap_parse_extended_result( ld, res, &oid, &data, 0 ) 13827c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) { 13837c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 13847c478bd9Sstevel@tonic-gate } else { 13857c478bd9Sstevel@tonic-gate if ( oid != NULL ) { 13867c478bd9Sstevel@tonic-gate if ( strcmp ( oid, LDAP_NOTICE_OF_DISCONNECTION ) == 0 ) { 13877c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: Notice of Disconnection\n"), msg ); 13887c478bd9Sstevel@tonic-gate } else { 13897c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: OID %s\n"), msg, oid ); 13907c478bd9Sstevel@tonic-gate } 13917c478bd9Sstevel@tonic-gate ldap_memfree( oid ); 13927c478bd9Sstevel@tonic-gate } else { 13937c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: missing OID\n"), msg ); 13947c478bd9Sstevel@tonic-gate } 13957c478bd9Sstevel@tonic-gate 13967c478bd9Sstevel@tonic-gate if ( data != NULL ) { 13977c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: Data (length %ld):\n"), msg, data->bv_len ); 13987c478bd9Sstevel@tonic-gate #if 0 13997c478bd9Sstevel@tonic-gate /* XXXmcs: maybe we should display the actual data? */ 14007c478bd9Sstevel@tonic-gate lber_bprint( data->bv_val, data->bv_len ); 14017c478bd9Sstevel@tonic-gate #endif 14027c478bd9Sstevel@tonic-gate ber_bvfree( data ); 14037c478bd9Sstevel@tonic-gate } 14047c478bd9Sstevel@tonic-gate } 14057c478bd9Sstevel@tonic-gate 14067c478bd9Sstevel@tonic-gate return parse_result( ld, res, NULL, msg, 1 ); 14077c478bd9Sstevel@tonic-gate } 14087c478bd9Sstevel@tonic-gate 14097c478bd9Sstevel@tonic-gate 14107c478bd9Sstevel@tonic-gate /* 14117c478bd9Sstevel@tonic-gate * Like ldap_sasl_bind_s() but calls wait4result() to display 14127c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14137c478bd9Sstevel@tonic-gate */ 14147c478bd9Sstevel@tonic-gate int 14157c478bd9Sstevel@tonic-gate ldaptool_sasl_bind_s( LDAP *ld, const char *dn, const char *mechanism, 14167c478bd9Sstevel@tonic-gate const struct berval *cred, LDAPControl **serverctrls, 14177c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, struct berval **servercredp, char *msg ) 14187c478bd9Sstevel@tonic-gate { 14197c478bd9Sstevel@tonic-gate int rc, msgid; 14207c478bd9Sstevel@tonic-gate 14217c478bd9Sstevel@tonic-gate if ( servercredp != NULL ) { 14227c478bd9Sstevel@tonic-gate *servercredp = NULL; 14237c478bd9Sstevel@tonic-gate } 14247c478bd9Sstevel@tonic-gate 14257c478bd9Sstevel@tonic-gate if (( rc = ldap_sasl_bind( ld, dn, mechanism, cred, serverctrls, 14267c478bd9Sstevel@tonic-gate clientctrls, &msgid )) != LDAP_SUCCESS ) { 14277c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 14287c478bd9Sstevel@tonic-gate } else { 14297c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, servercredp, msg ); 14307c478bd9Sstevel@tonic-gate } 14317c478bd9Sstevel@tonic-gate 14327c478bd9Sstevel@tonic-gate return( rc ); 14337c478bd9Sstevel@tonic-gate } 14347c478bd9Sstevel@tonic-gate 14357c478bd9Sstevel@tonic-gate 14367c478bd9Sstevel@tonic-gate /* 14377c478bd9Sstevel@tonic-gate * Like ldap_simple_bind_s() but calls wait4result() to display 14387c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14397c478bd9Sstevel@tonic-gate */ 14407c478bd9Sstevel@tonic-gate int 14417c478bd9Sstevel@tonic-gate ldaptool_simple_bind_s( LDAP *ld, const char *dn, const char *passwd, 14427c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, LDAPControl **clientctrls, char *msg ) 14437c478bd9Sstevel@tonic-gate { 14447c478bd9Sstevel@tonic-gate struct berval bv; 14457c478bd9Sstevel@tonic-gate 14467c478bd9Sstevel@tonic-gate bv.bv_val = (char *)passwd; /* XXXmcs: had to cast away const */ 14477c478bd9Sstevel@tonic-gate bv.bv_len = ( passwd == NULL ? 0 : strlen( passwd )); 14487c478bd9Sstevel@tonic-gate return( ldaptool_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, &bv, serverctrls, 14497c478bd9Sstevel@tonic-gate clientctrls, NULL, msg )); 14507c478bd9Sstevel@tonic-gate } 14517c478bd9Sstevel@tonic-gate 14527c478bd9Sstevel@tonic-gate 14537c478bd9Sstevel@tonic-gate /* 14547c478bd9Sstevel@tonic-gate * Like ldap_add_ext_s() but calls wait4result() to display 14557c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14567c478bd9Sstevel@tonic-gate */ 14577c478bd9Sstevel@tonic-gate int 14587c478bd9Sstevel@tonic-gate ldaptool_add_ext_s( LDAP *ld, const char *dn, LDAPMod **attrs, 14597c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, LDAPControl **clientctrls, char *msg ) 14607c478bd9Sstevel@tonic-gate { 14617c478bd9Sstevel@tonic-gate int rc, msgid; 14627c478bd9Sstevel@tonic-gate 14637c478bd9Sstevel@tonic-gate if (( rc = ldap_add_ext( ld, dn, attrs, serverctrls, clientctrls, &msgid )) 14647c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) { 14657c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 14667c478bd9Sstevel@tonic-gate } else { 14677c478bd9Sstevel@tonic-gate /* 14687c478bd9Sstevel@tonic-gate * 25-April-2000 Note: the next line used to read: 14697c478bd9Sstevel@tonic-gate * rc = wait4result( ld, msgid, NULL, msg ); 14707c478bd9Sstevel@tonic-gate * 'msgid' it was changed to 'LDAP_RES_ANY' in order to receive 14717c478bd9Sstevel@tonic-gate * unsolicited notifications. 14727c478bd9Sstevel@tonic-gate */ 14737c478bd9Sstevel@tonic-gate rc = wait4result( ld, LDAP_RES_ANY, NULL, msg ); 14747c478bd9Sstevel@tonic-gate } 14757c478bd9Sstevel@tonic-gate 14767c478bd9Sstevel@tonic-gate return( rc ); 14777c478bd9Sstevel@tonic-gate } 14787c478bd9Sstevel@tonic-gate 14797c478bd9Sstevel@tonic-gate 14807c478bd9Sstevel@tonic-gate /* 14817c478bd9Sstevel@tonic-gate * Like ldap_modify_ext_s() but calls wait4result() to display 14827c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 14837c478bd9Sstevel@tonic-gate */ 14847c478bd9Sstevel@tonic-gate int 14857c478bd9Sstevel@tonic-gate ldaptool_modify_ext_s( LDAP *ld, const char *dn, LDAPMod **mods, 14867c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, LDAPControl **clientctrls, char *msg ) 14877c478bd9Sstevel@tonic-gate { 14887c478bd9Sstevel@tonic-gate int rc, msgid; 14897c478bd9Sstevel@tonic-gate 14907c478bd9Sstevel@tonic-gate if (( rc = ldap_modify_ext( ld, dn, mods, serverctrls, clientctrls, 14917c478bd9Sstevel@tonic-gate &msgid )) != LDAP_SUCCESS ) { 14927c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 14937c478bd9Sstevel@tonic-gate } else { 14947c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 14957c478bd9Sstevel@tonic-gate } 14967c478bd9Sstevel@tonic-gate 14977c478bd9Sstevel@tonic-gate return( rc ); 14987c478bd9Sstevel@tonic-gate } 14997c478bd9Sstevel@tonic-gate 15007c478bd9Sstevel@tonic-gate 15017c478bd9Sstevel@tonic-gate /* 15027c478bd9Sstevel@tonic-gate * Like ldap_delete_ext_s() but calls wait4result() to display 15037c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 15047c478bd9Sstevel@tonic-gate */ 15057c478bd9Sstevel@tonic-gate int 15067c478bd9Sstevel@tonic-gate ldaptool_delete_ext_s( LDAP *ld, const char *dn, LDAPControl **serverctrls, 15077c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, char *msg ) 15087c478bd9Sstevel@tonic-gate { 15097c478bd9Sstevel@tonic-gate int rc, msgid; 15107c478bd9Sstevel@tonic-gate 15117c478bd9Sstevel@tonic-gate if (( rc = ldap_delete_ext( ld, dn, serverctrls, clientctrls, &msgid )) 15127c478bd9Sstevel@tonic-gate != LDAP_SUCCESS ) { 15137c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15147c478bd9Sstevel@tonic-gate } else { 15157c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 15167c478bd9Sstevel@tonic-gate } 15177c478bd9Sstevel@tonic-gate 15187c478bd9Sstevel@tonic-gate return( rc ); 15197c478bd9Sstevel@tonic-gate } 15207c478bd9Sstevel@tonic-gate 15217c478bd9Sstevel@tonic-gate 15227c478bd9Sstevel@tonic-gate /* 15237c478bd9Sstevel@tonic-gate * Like ldap_compare_ext_s() but calls wait4result() to display 15247c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 15257c478bd9Sstevel@tonic-gate */ 15267c478bd9Sstevel@tonic-gate int ldaptool_compare_ext_s( LDAP *ld, const char *dn, const char *attrtype, 15277c478bd9Sstevel@tonic-gate const struct berval *bvalue, LDAPControl **serverctrls, 15287c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, char *msg ) 15297c478bd9Sstevel@tonic-gate { 15307c478bd9Sstevel@tonic-gate int rc, msgid; 15317c478bd9Sstevel@tonic-gate 15327c478bd9Sstevel@tonic-gate if (( rc = ldap_compare_ext( ld, dn, attrtype, bvalue, serverctrls, 15337c478bd9Sstevel@tonic-gate clientctrls, &msgid )) != LDAP_SUCCESS ) { 15347c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15357c478bd9Sstevel@tonic-gate } else { 15367c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 15377c478bd9Sstevel@tonic-gate } 15387c478bd9Sstevel@tonic-gate 15397c478bd9Sstevel@tonic-gate return( rc ); 15407c478bd9Sstevel@tonic-gate } 15417c478bd9Sstevel@tonic-gate 15427c478bd9Sstevel@tonic-gate 15437c478bd9Sstevel@tonic-gate /* 15447c478bd9Sstevel@tonic-gate * Like ldap_rename_s() but calls wait4result() to display 15457c478bd9Sstevel@tonic-gate * any referrals returned and report errors in a consistent way. 15467c478bd9Sstevel@tonic-gate */ 15477c478bd9Sstevel@tonic-gate int 15487c478bd9Sstevel@tonic-gate ldaptool_rename_s( LDAP *ld, const char *dn, const char *newrdn, 15497c478bd9Sstevel@tonic-gate const char *newparent, int deleteoldrdn, LDAPControl **serverctrls, 15507c478bd9Sstevel@tonic-gate LDAPControl **clientctrls, char *msg ) 15517c478bd9Sstevel@tonic-gate { 15527c478bd9Sstevel@tonic-gate int rc, msgid; 15537c478bd9Sstevel@tonic-gate 15547c478bd9Sstevel@tonic-gate if (( rc = ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, 15557c478bd9Sstevel@tonic-gate serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) { 15567c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15577c478bd9Sstevel@tonic-gate } else { 15587c478bd9Sstevel@tonic-gate rc = wait4result( ld, msgid, NULL, msg ); 15597c478bd9Sstevel@tonic-gate } 15607c478bd9Sstevel@tonic-gate 15617c478bd9Sstevel@tonic-gate return( rc ); 15627c478bd9Sstevel@tonic-gate } 15637c478bd9Sstevel@tonic-gate 15647c478bd9Sstevel@tonic-gate 15657c478bd9Sstevel@tonic-gate /* 15667c478bd9Sstevel@tonic-gate * Wait for a result, check for and display errors and referrals. 15677c478bd9Sstevel@tonic-gate * Also recognize and display "Unsolicited notification" messages. 15687c478bd9Sstevel@tonic-gate * Returns an LDAP error code. 15697c478bd9Sstevel@tonic-gate */ 15707c478bd9Sstevel@tonic-gate static int 15717c478bd9Sstevel@tonic-gate wait4result( LDAP *ld, int msgid, struct berval **servercredp, char *msg ) 15727c478bd9Sstevel@tonic-gate { 15737c478bd9Sstevel@tonic-gate LDAPMessage *res; 15747c478bd9Sstevel@tonic-gate int rc, received_only_unsolicited = 1; 15757c478bd9Sstevel@tonic-gate 15767c478bd9Sstevel@tonic-gate while ( received_only_unsolicited ) { 15777c478bd9Sstevel@tonic-gate res = NULL; 15787c478bd9Sstevel@tonic-gate if (( rc = ldap_result( ld, msgid, 1, (struct timeval *)NULL, &res )) 15797c478bd9Sstevel@tonic-gate == -1 ) { 15807c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 15817c478bd9Sstevel@tonic-gate return( ldap_get_lderrno( ld, NULL, NULL )); 15827c478bd9Sstevel@tonic-gate } 15837c478bd9Sstevel@tonic-gate 15847c478bd9Sstevel@tonic-gate /* 15857c478bd9Sstevel@tonic-gate * Special handling for unsolicited notifications: 15867c478bd9Sstevel@tonic-gate * 1. Parse and display contents. 15877c478bd9Sstevel@tonic-gate * 2. go back and wait for another (real) result. 15887c478bd9Sstevel@tonic-gate */ 15897c478bd9Sstevel@tonic-gate if ( rc == LDAP_RES_EXTENDED 15907c478bd9Sstevel@tonic-gate && ldap_msgid( res ) == LDAP_RES_UNSOLICITED ) { 15917c478bd9Sstevel@tonic-gate rc = ldaptool_print_extended_response( ld, res, 15927c478bd9Sstevel@tonic-gate "Unsolicited response" ); 15937c478bd9Sstevel@tonic-gate } else { 15947c478bd9Sstevel@tonic-gate rc = parse_result( ld, res, servercredp, msg, 1 ); 15957c478bd9Sstevel@tonic-gate received_only_unsolicited = 0; /* we're done */ 15967c478bd9Sstevel@tonic-gate } 15977c478bd9Sstevel@tonic-gate } 15987c478bd9Sstevel@tonic-gate 15997c478bd9Sstevel@tonic-gate return( rc ); 16007c478bd9Sstevel@tonic-gate } 16017c478bd9Sstevel@tonic-gate 16027c478bd9Sstevel@tonic-gate 16037c478bd9Sstevel@tonic-gate static int 16047c478bd9Sstevel@tonic-gate parse_result( LDAP *ld, LDAPMessage *res, struct berval **servercredp, 16057c478bd9Sstevel@tonic-gate char *msg, int freeit ) 16067c478bd9Sstevel@tonic-gate { 16077c478bd9Sstevel@tonic-gate int rc, lderr, errno; 16087c478bd9Sstevel@tonic-gate int pw_days=0, pw_hrs=0, pw_mins=0, pw_secs=0; /* for pwpolicy */ 16097c478bd9Sstevel@tonic-gate char **refs = NULL; 16107c478bd9Sstevel@tonic-gate LDAPControl **ctrls; 16117c478bd9Sstevel@tonic-gate 16127c478bd9Sstevel@tonic-gate if (( rc = ldap_parse_result( ld, res, &lderr, NULL, NULL, &refs, 16137c478bd9Sstevel@tonic-gate &ctrls, 0 )) != LDAP_SUCCESS ) { 16147c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 16157c478bd9Sstevel@tonic-gate ldap_msgfree( res ); 16167c478bd9Sstevel@tonic-gate return( rc ); 16177c478bd9Sstevel@tonic-gate } 16187c478bd9Sstevel@tonic-gate 16197c478bd9Sstevel@tonic-gate /* check for authentication response control & PWPOLICY control*/ 16207c478bd9Sstevel@tonic-gate if ( NULL != ctrls ) { 16217c478bd9Sstevel@tonic-gate int i; 16227c478bd9Sstevel@tonic-gate char *s; 16237c478bd9Sstevel@tonic-gate 16247c478bd9Sstevel@tonic-gate for ( i = 0; NULL != ctrls[i]; ++i ) { 16257c478bd9Sstevel@tonic-gate if ( 0 == strcmp( ctrls[i]->ldctl_oid, 16267c478bd9Sstevel@tonic-gate LDAP_CONTROL_AUTH_RESPONSE )) { 16277c478bd9Sstevel@tonic-gate s = ctrls[i]->ldctl_value.bv_val; 16287c478bd9Sstevel@tonic-gate if ( NULL == s ) { 16297c478bd9Sstevel@tonic-gate s = "Null"; 16307c478bd9Sstevel@tonic-gate } else if ( *s == '\0' ) { 16317c478bd9Sstevel@tonic-gate s = "Anonymous"; 16327c478bd9Sstevel@tonic-gate } 16337c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: bound as %s\n"), ldaptool_progname, s ); 16347c478bd9Sstevel@tonic-gate } 16357c478bd9Sstevel@tonic-gate 16367c478bd9Sstevel@tonic-gate if ( 0 == strcmp( ctrls[i]->ldctl_oid, 16377c478bd9Sstevel@tonic-gate LDAP_CONTROL_PWEXPIRING )) { 16387c478bd9Sstevel@tonic-gate 16397c478bd9Sstevel@tonic-gate /* Warn the user his passwd is to expire */ 16407c478bd9Sstevel@tonic-gate errno = 0; 16417c478bd9Sstevel@tonic-gate pw_secs = atoi(ctrls[i]->ldctl_value.bv_val); 16427c478bd9Sstevel@tonic-gate if ( pw_secs > 0 && errno != ERANGE ) { 16437c478bd9Sstevel@tonic-gate if ( pw_secs > 86400 ) { 16447c478bd9Sstevel@tonic-gate pw_days = ( pw_secs / 86400 ); 16457c478bd9Sstevel@tonic-gate pw_secs = ( pw_secs % 86400 ); 16467c478bd9Sstevel@tonic-gate } 16477c478bd9Sstevel@tonic-gate if ( pw_secs > 3600 ) { 16487c478bd9Sstevel@tonic-gate pw_hrs = ( pw_secs / 3600 ); 16497c478bd9Sstevel@tonic-gate pw_secs = ( pw_secs % 3600 ); 16507c478bd9Sstevel@tonic-gate } 16517c478bd9Sstevel@tonic-gate if ( pw_secs > 60 ) { 16527c478bd9Sstevel@tonic-gate pw_mins = ( pw_secs / 60 ); 16537c478bd9Sstevel@tonic-gate pw_secs = ( pw_secs % 60 ); 16547c478bd9Sstevel@tonic-gate } 16557c478bd9Sstevel@tonic-gate 16567c478bd9Sstevel@tonic-gate printf(gettext("%s: Warning ! Your password will expire after "), ldaptool_progname); 16577c478bd9Sstevel@tonic-gate if ( pw_days ) { 16587c478bd9Sstevel@tonic-gate printf (gettext("%d days, "), pw_days); 16597c478bd9Sstevel@tonic-gate } 16607c478bd9Sstevel@tonic-gate if ( pw_hrs ) { 16617c478bd9Sstevel@tonic-gate printf (gettext("%d hrs, "), pw_hrs); 16627c478bd9Sstevel@tonic-gate } 16637c478bd9Sstevel@tonic-gate if ( pw_mins ) { 16647c478bd9Sstevel@tonic-gate printf (gettext("%d mins, "), pw_mins); 16657c478bd9Sstevel@tonic-gate } 16667c478bd9Sstevel@tonic-gate printf(gettext("%d seconds.\n"), pw_secs); 16677c478bd9Sstevel@tonic-gate 16687c478bd9Sstevel@tonic-gate } 16697c478bd9Sstevel@tonic-gate } 16707c478bd9Sstevel@tonic-gate } 16717c478bd9Sstevel@tonic-gate ldap_controls_free( ctrls ); 16727c478bd9Sstevel@tonic-gate } 16737c478bd9Sstevel@tonic-gate 16747c478bd9Sstevel@tonic-gate if ( servercredp != NULL && ( rc = ldap_parse_sasl_bind_result( ld, res, 16757c478bd9Sstevel@tonic-gate servercredp, 0 )) != LDAP_SUCCESS ) { 16767c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 16777c478bd9Sstevel@tonic-gate ldap_msgfree( res ); 16787c478bd9Sstevel@tonic-gate return( rc ); 16797c478bd9Sstevel@tonic-gate } 16807c478bd9Sstevel@tonic-gate 16817c478bd9Sstevel@tonic-gate if ( freeit ) { 16827c478bd9Sstevel@tonic-gate ldap_msgfree( res ); 16837c478bd9Sstevel@tonic-gate } 16847c478bd9Sstevel@tonic-gate 16857c478bd9Sstevel@tonic-gate if ( LDAPTOOL_RESULT_IS_AN_ERROR( lderr )) { 16867c478bd9Sstevel@tonic-gate ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP ); 16877c478bd9Sstevel@tonic-gate } 16887c478bd9Sstevel@tonic-gate 16897c478bd9Sstevel@tonic-gate if ( refs != NULL ) { 16907c478bd9Sstevel@tonic-gate ldaptool_print_referrals( refs ); 16917c478bd9Sstevel@tonic-gate ldap_value_free( refs ); 16927c478bd9Sstevel@tonic-gate } 16937c478bd9Sstevel@tonic-gate 16947c478bd9Sstevel@tonic-gate return( lderr ); 16957c478bd9Sstevel@tonic-gate } 16967c478bd9Sstevel@tonic-gate 16977c478bd9Sstevel@tonic-gate 16987c478bd9Sstevel@tonic-gate /* 16997c478bd9Sstevel@tonic-gate * if -M was passed on the command line, create and return a "Manage DSA IT" 17007c478bd9Sstevel@tonic-gate * LDAPv3 control. If not, return NULL. 17017c478bd9Sstevel@tonic-gate */ 17027c478bd9Sstevel@tonic-gate LDAPControl * 17037c478bd9Sstevel@tonic-gate ldaptool_create_manage_dsait_control( void ) 17047c478bd9Sstevel@tonic-gate { 17057c478bd9Sstevel@tonic-gate LDAPControl *ctl; 17067c478bd9Sstevel@tonic-gate 17077c478bd9Sstevel@tonic-gate if ( !send_manage_dsait_ctrl ) { 17087c478bd9Sstevel@tonic-gate return( NULL ); 17097c478bd9Sstevel@tonic-gate } 17107c478bd9Sstevel@tonic-gate 17117c478bd9Sstevel@tonic-gate if (( ctl = (LDAPControl *)calloc( 1, sizeof( LDAPControl ))) == NULL || 17127c478bd9Sstevel@tonic-gate ( ctl->ldctl_oid = strdup( LDAP_CONTROL_MANAGEDSAIT )) == NULL ) { 17137c478bd9Sstevel@tonic-gate perror( "calloc" ); 17147c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 17157c478bd9Sstevel@tonic-gate } 17167c478bd9Sstevel@tonic-gate 17177c478bd9Sstevel@tonic-gate ctl->ldctl_iscritical = 1; 17187c478bd9Sstevel@tonic-gate 17197c478bd9Sstevel@tonic-gate return( ctl ); 17207c478bd9Sstevel@tonic-gate } 17217c478bd9Sstevel@tonic-gate 17227c478bd9Sstevel@tonic-gate /* 17237c478bd9Sstevel@tonic-gate * if -y "dn" was supplied on the command line, create the control 17247c478bd9Sstevel@tonic-gate */ 17257c478bd9Sstevel@tonic-gate LDAPControl * 17267c478bd9Sstevel@tonic-gate ldaptool_create_proxyauth_control( LDAP *ld ) 17277c478bd9Sstevel@tonic-gate { 17287c478bd9Sstevel@tonic-gate LDAPControl *ctl = NULL; 17297c478bd9Sstevel@tonic-gate int rc; 17307c478bd9Sstevel@tonic-gate 17317c478bd9Sstevel@tonic-gate 17327c478bd9Sstevel@tonic-gate if ( !proxyauth_id) 17337c478bd9Sstevel@tonic-gate return( NULL ); 17347c478bd9Sstevel@tonic-gate 17357c478bd9Sstevel@tonic-gate if ( 2 == proxyauth_version ) { 17367c478bd9Sstevel@tonic-gate rc = ldap_create_proxiedauth_control( ld, proxyauth_id, &ctl); 17377c478bd9Sstevel@tonic-gate } else { 17387c478bd9Sstevel@tonic-gate rc = ldap_create_proxyauth_control( ld, proxyauth_id, 1, &ctl); 17397c478bd9Sstevel@tonic-gate } 17407c478bd9Sstevel@tonic-gate if ( rc != LDAP_SUCCESS) 17417c478bd9Sstevel@tonic-gate { 17427c478bd9Sstevel@tonic-gate if (ctl) 17437c478bd9Sstevel@tonic-gate ldap_control_free( ctl); 17447c478bd9Sstevel@tonic-gate return NULL; 17457c478bd9Sstevel@tonic-gate } 17467c478bd9Sstevel@tonic-gate return( ctl ); 17477c478bd9Sstevel@tonic-gate } 17487c478bd9Sstevel@tonic-gate 17497c478bd9Sstevel@tonic-gate #ifndef SOLARIS_LDAP_CMD 17507c478bd9Sstevel@tonic-gate LDAPControl * 17517c478bd9Sstevel@tonic-gate ldaptool_create_geteffectiveRights_control ( LDAP *ld, const char *authzid, 17527c478bd9Sstevel@tonic-gate const char **attrlist) 17537c478bd9Sstevel@tonic-gate { 17547c478bd9Sstevel@tonic-gate LDAPControl *ctl = NULL; 17557c478bd9Sstevel@tonic-gate int rc; 17567c478bd9Sstevel@tonic-gate 17577c478bd9Sstevel@tonic-gate rc = ldap_create_geteffectiveRights_control( ld, authzid, attrlist, 1, 17587c478bd9Sstevel@tonic-gate &ctl); 17597c478bd9Sstevel@tonic-gate 17607c478bd9Sstevel@tonic-gate if ( rc != LDAP_SUCCESS) 17617c478bd9Sstevel@tonic-gate { 17627c478bd9Sstevel@tonic-gate if (ctl) 17637c478bd9Sstevel@tonic-gate ldap_control_free( ctl); 17647c478bd9Sstevel@tonic-gate return NULL; 17657c478bd9Sstevel@tonic-gate } 17667c478bd9Sstevel@tonic-gate return( ctl ); 17677c478bd9Sstevel@tonic-gate } 17687c478bd9Sstevel@tonic-gate #endif /* SOLARIS_LDAP_CMD */ 17697c478bd9Sstevel@tonic-gate 17707c478bd9Sstevel@tonic-gate 17717c478bd9Sstevel@tonic-gate void 17727c478bd9Sstevel@tonic-gate ldaptool_add_control_to_array( LDAPControl *ctrl, LDAPControl **array) 17737c478bd9Sstevel@tonic-gate { 17747c478bd9Sstevel@tonic-gate 17757c478bd9Sstevel@tonic-gate int i; 17767c478bd9Sstevel@tonic-gate for (i=0; i< CONTROL_REQUESTS; i++) 17777c478bd9Sstevel@tonic-gate { 17787c478bd9Sstevel@tonic-gate if (*(array + i) == NULL) 17797c478bd9Sstevel@tonic-gate { 17807c478bd9Sstevel@tonic-gate *(array + i +1) = NULL; 17817c478bd9Sstevel@tonic-gate *(array + i) = ctrl; 17827c478bd9Sstevel@tonic-gate return ; 17837c478bd9Sstevel@tonic-gate } 17847c478bd9Sstevel@tonic-gate } 17857c478bd9Sstevel@tonic-gate fprintf(stderr, gettext("%s: failed to store request control!!!!!!\n"), 17867c478bd9Sstevel@tonic-gate ldaptool_progname); 17877c478bd9Sstevel@tonic-gate } 17887c478bd9Sstevel@tonic-gate 17897c478bd9Sstevel@tonic-gate /* 17907c478bd9Sstevel@tonic-gate * Dispose of all controls in array and prepare array for reuse. 17917c478bd9Sstevel@tonic-gate */ 17927c478bd9Sstevel@tonic-gate void 17937c478bd9Sstevel@tonic-gate ldaptool_reset_control_array( LDAPControl **array ) 17947c478bd9Sstevel@tonic-gate { 17957c478bd9Sstevel@tonic-gate int i; 17967c478bd9Sstevel@tonic-gate 17977c478bd9Sstevel@tonic-gate for ( i = 0; i < CONTROL_REQUESTS; i++ ) { 17987c478bd9Sstevel@tonic-gate if ( array[i] != NULL ) { 17997c478bd9Sstevel@tonic-gate ldap_control_free( array[i] ); 18007c478bd9Sstevel@tonic-gate array[i] = NULL; 18017c478bd9Sstevel@tonic-gate } 18027c478bd9Sstevel@tonic-gate } 18037c478bd9Sstevel@tonic-gate } 18047c478bd9Sstevel@tonic-gate 18057c478bd9Sstevel@tonic-gate /* 18067c478bd9Sstevel@tonic-gate * This function calculates control value and its length. *value can 18077c478bd9Sstevel@tonic-gate * be pointing to plain value, ":b64encoded value" or "<fileurl". 18087c478bd9Sstevel@tonic-gate */ 18097c478bd9Sstevel@tonic-gate static int 18107c478bd9Sstevel@tonic-gate calculate_ctrl_value( const char *value, 18117c478bd9Sstevel@tonic-gate char **ctrl_value, int *vlen) 18127c478bd9Sstevel@tonic-gate { 18137c478bd9Sstevel@tonic-gate int b64; 18147c478bd9Sstevel@tonic-gate if (*value == ':') { 18157c478bd9Sstevel@tonic-gate value++; 18167c478bd9Sstevel@tonic-gate b64 = 1; 18177c478bd9Sstevel@tonic-gate } else { 18187c478bd9Sstevel@tonic-gate b64 = 0; 18197c478bd9Sstevel@tonic-gate } 18207c478bd9Sstevel@tonic-gate *ctrl_value = (char *)value; 18217c478bd9Sstevel@tonic-gate 18227c478bd9Sstevel@tonic-gate if ( b64 ) { 18237c478bd9Sstevel@tonic-gate if (( *vlen = ldif_base64_decode( (char *)value, 18247c478bd9Sstevel@tonic-gate (unsigned char *)value )) < 0 ) { 18257c478bd9Sstevel@tonic-gate fprintf( stderr, 18267c478bd9Sstevel@tonic-gate gettext("Unable to decode base64 control value \"%s\"\n"), value); 18277c478bd9Sstevel@tonic-gate return( -1 ); 18287c478bd9Sstevel@tonic-gate } 18297c478bd9Sstevel@tonic-gate } else { 18307c478bd9Sstevel@tonic-gate *vlen = (int)strlen(*ctrl_value); 18317c478bd9Sstevel@tonic-gate } 18327c478bd9Sstevel@tonic-gate return( 0 ); 18337c478bd9Sstevel@tonic-gate } 18347c478bd9Sstevel@tonic-gate 18357c478bd9Sstevel@tonic-gate /* 18367c478bd9Sstevel@tonic-gate * Parse the optarg from -J option of ldapsearch 18377c478bd9Sstevel@tonic-gate * and within LDIFfile for ldapmodify. Take ctrl_arg 18387c478bd9Sstevel@tonic-gate * (the whole string) and divide it into oid, criticality 18397c478bd9Sstevel@tonic-gate * and value. This function breaks down original ctrl_arg 18407c478bd9Sstevel@tonic-gate * with '\0' in places. Also, calculate length of valuestring. 18417c478bd9Sstevel@tonic-gate */ 18427c478bd9Sstevel@tonic-gate int 18437c478bd9Sstevel@tonic-gate ldaptool_parse_ctrl_arg(char *ctrl_arg, char sep, 18447c478bd9Sstevel@tonic-gate char **ctrl_oid, int *ctrl_criticality, 18457c478bd9Sstevel@tonic-gate char **ctrl_value, int *vlen) 18467c478bd9Sstevel@tonic-gate { 18477c478bd9Sstevel@tonic-gate char *s, *p; 18487c478bd9Sstevel@tonic-gate int strict; 18497c478bd9Sstevel@tonic-gate 18507c478bd9Sstevel@tonic-gate /* Initialize passed variables with default values */ 18517c478bd9Sstevel@tonic-gate *ctrl_oid = *ctrl_value = NULL; 18527c478bd9Sstevel@tonic-gate *ctrl_criticality = 0; 18537c478bd9Sstevel@tonic-gate *vlen = 0; 18547c478bd9Sstevel@tonic-gate 18557c478bd9Sstevel@tonic-gate strict = (sep == ' ' ? 1 : 0); 18567c478bd9Sstevel@tonic-gate if(!(s=strchr(ctrl_arg, sep))) { 18577c478bd9Sstevel@tonic-gate /* Possible values of ctrl_arg are 18587c478bd9Sstevel@tonic-gate * oid[:value|::b64value|:<fileurl] within LDIF, i.e. sep=' ' 18597c478bd9Sstevel@tonic-gate * oid from command line option, i.e. sep=':' 18607c478bd9Sstevel@tonic-gate */ 18617c478bd9Sstevel@tonic-gate if (sep == ' ') { 18627c478bd9Sstevel@tonic-gate if (!(s=strchr(ctrl_arg, ':'))) { 18637c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18647c478bd9Sstevel@tonic-gate } 18657c478bd9Sstevel@tonic-gate else { 18667c478bd9Sstevel@tonic-gate /* ctrl_arg is of oid:[value|:b64value|<fileurl] 18677c478bd9Sstevel@tonic-gate * form in the LDIF record. So, grab the oid and then 18687c478bd9Sstevel@tonic-gate * jump to continue the parsing of ctrl_arg. 18697c478bd9Sstevel@tonic-gate * 's' is pointing just after oid ends. 18707c478bd9Sstevel@tonic-gate */ 18717c478bd9Sstevel@tonic-gate *s++ = '\0'; 18727c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18737c478bd9Sstevel@tonic-gate return (calculate_ctrl_value( s, ctrl_value, vlen )); 18747c478bd9Sstevel@tonic-gate } 18757c478bd9Sstevel@tonic-gate } else { 18767c478bd9Sstevel@tonic-gate /* oid - from command line option, i.e. sep=':' */ 18777c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18787c478bd9Sstevel@tonic-gate } 18797c478bd9Sstevel@tonic-gate } 18807c478bd9Sstevel@tonic-gate else { 18817c478bd9Sstevel@tonic-gate /* Possible values of ctrl_arg are 18827c478bd9Sstevel@tonic-gate * oid:criticality[:value|::b64value|:<fileurl] - command line 18837c478bd9Sstevel@tonic-gate * oid criticality[:value|::b64value|:<fileurl] - LDIF 18847c478bd9Sstevel@tonic-gate * And 's' is pointing just after oid ends. 18857c478bd9Sstevel@tonic-gate */ 18867c478bd9Sstevel@tonic-gate 18877c478bd9Sstevel@tonic-gate if (*(s+1) == '\0') { 18887c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("missing value\n") ); 18897c478bd9Sstevel@tonic-gate return( -1 ); 18907c478bd9Sstevel@tonic-gate } 18917c478bd9Sstevel@tonic-gate *s = '\0'; 18927c478bd9Sstevel@tonic-gate *ctrl_oid = ctrl_arg; 18937c478bd9Sstevel@tonic-gate p = ++s; 18947c478bd9Sstevel@tonic-gate if(!(s=strchr(p, ':'))) { 18957c478bd9Sstevel@tonic-gate if ( (*ctrl_criticality = ldaptool_boolean_str2value(p, strict)) 18967c478bd9Sstevel@tonic-gate == -1 ) { 18977c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Invalid criticality value\n") ); 18987c478bd9Sstevel@tonic-gate return( -1 ); 18997c478bd9Sstevel@tonic-gate } 19007c478bd9Sstevel@tonic-gate } 19017c478bd9Sstevel@tonic-gate else { 19027c478bd9Sstevel@tonic-gate if (*(s+1) == '\0') { 19037c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("missing value\n") ); 19047c478bd9Sstevel@tonic-gate return ( -1 ); 19057c478bd9Sstevel@tonic-gate } 19067c478bd9Sstevel@tonic-gate *s++ = '\0'; 19077c478bd9Sstevel@tonic-gate if ( (*ctrl_criticality = ldaptool_boolean_str2value(p, strict)) 19087c478bd9Sstevel@tonic-gate == -1 ) { 19097c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Invalid criticality value\n") ); 19107c478bd9Sstevel@tonic-gate return ( -1 ); 19117c478bd9Sstevel@tonic-gate } 19127c478bd9Sstevel@tonic-gate return (calculate_ctrl_value( s, ctrl_value, vlen )); 19137c478bd9Sstevel@tonic-gate } 19147c478bd9Sstevel@tonic-gate } 19157c478bd9Sstevel@tonic-gate 19167c478bd9Sstevel@tonic-gate return( 0 ); 19177c478bd9Sstevel@tonic-gate } 19187c478bd9Sstevel@tonic-gate 19197c478bd9Sstevel@tonic-gate 19207c478bd9Sstevel@tonic-gate /* 19217c478bd9Sstevel@tonic-gate * callback function for LDAP bind credentials 19227c478bd9Sstevel@tonic-gate */ 19237c478bd9Sstevel@tonic-gate static int 19247c478bd9Sstevel@tonic-gate LDAP_CALL 19257c478bd9Sstevel@tonic-gate LDAP_CALLBACK 19267c478bd9Sstevel@tonic-gate get_rebind_credentials( LDAP *ld, char **whop, char **credp, 19277c478bd9Sstevel@tonic-gate int *methodp, int freeit, void* arg ) 19287c478bd9Sstevel@tonic-gate { 19297c478bd9Sstevel@tonic-gate if ( !freeit ) { 19307c478bd9Sstevel@tonic-gate *whop = binddn; 19317c478bd9Sstevel@tonic-gate *credp = passwd; 19327c478bd9Sstevel@tonic-gate *methodp = LDAP_AUTH_SIMPLE; 19337c478bd9Sstevel@tonic-gate } 19347c478bd9Sstevel@tonic-gate 19357c478bd9Sstevel@tonic-gate return( LDAP_SUCCESS ); 19367c478bd9Sstevel@tonic-gate } 19377c478bd9Sstevel@tonic-gate 19387c478bd9Sstevel@tonic-gate 19397c478bd9Sstevel@tonic-gate /* 19407c478bd9Sstevel@tonic-gate * return pointer to pathname to temporary directory. 19417c478bd9Sstevel@tonic-gate * First we see if the environment variable "TEMP" is set and use it. 19427c478bd9Sstevel@tonic-gate * Then we see if the environment variable "TMP" is set and use it. 19437c478bd9Sstevel@tonic-gate * If this fails, we use "/tmp" on UNIX and fail on Windows. 19447c478bd9Sstevel@tonic-gate */ 19457c478bd9Sstevel@tonic-gate char * 19467c478bd9Sstevel@tonic-gate ldaptool_get_tmp_dir( void ) 19477c478bd9Sstevel@tonic-gate { 19487c478bd9Sstevel@tonic-gate char *p; 19497c478bd9Sstevel@tonic-gate int offset; 19507c478bd9Sstevel@tonic-gate 19517c478bd9Sstevel@tonic-gate if (( p = getenv( "TEMP" )) == NULL && ( p = getenv( "TMP" )) == NULL ) { 19527c478bd9Sstevel@tonic-gate #ifdef _WINDOWS 19537c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: please set the TEMP environment variable.\n"), 19547c478bd9Sstevel@tonic-gate ldaptool_progname ); 19557c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 19567c478bd9Sstevel@tonic-gate #else 19577c478bd9Sstevel@tonic-gate return( "/tmp" ); /* last resort on UNIX */ 19587c478bd9Sstevel@tonic-gate #endif 19597c478bd9Sstevel@tonic-gate } 19607c478bd9Sstevel@tonic-gate 19617c478bd9Sstevel@tonic-gate /* 19627c478bd9Sstevel@tonic-gate * remove trailing slash if present 19637c478bd9Sstevel@tonic-gate */ 19647c478bd9Sstevel@tonic-gate offset = strlen( p ) - 1; 19657c478bd9Sstevel@tonic-gate if ( p[offset] == '/' 19667c478bd9Sstevel@tonic-gate #ifdef _WINDOWS 19677c478bd9Sstevel@tonic-gate || p[offset] == '\\' 19687c478bd9Sstevel@tonic-gate #endif 19697c478bd9Sstevel@tonic-gate ) { 19707c478bd9Sstevel@tonic-gate if (( p = strdup( p )) == NULL ) { 19717c478bd9Sstevel@tonic-gate perror( "strdup" ); 19727c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 19737c478bd9Sstevel@tonic-gate } 19747c478bd9Sstevel@tonic-gate 19757c478bd9Sstevel@tonic-gate p[offset] = '\0'; 19767c478bd9Sstevel@tonic-gate } 19777c478bd9Sstevel@tonic-gate 19787c478bd9Sstevel@tonic-gate return( p ); 19797c478bd9Sstevel@tonic-gate } 19807c478bd9Sstevel@tonic-gate 19817c478bd9Sstevel@tonic-gate 19827c478bd9Sstevel@tonic-gate int 19837c478bd9Sstevel@tonic-gate ldaptool_berval_is_ascii( const struct berval *bvp ) 19847c478bd9Sstevel@tonic-gate { 19857c478bd9Sstevel@tonic-gate unsigned long j; 19867c478bd9Sstevel@tonic-gate int is_ascii = 1; /* optimistic */ 19877c478bd9Sstevel@tonic-gate 19887c478bd9Sstevel@tonic-gate for ( j = 0; j < bvp->bv_len; ++j ) { 19897c478bd9Sstevel@tonic-gate if ( !isascii( bvp->bv_val[ j ] )) { 19907c478bd9Sstevel@tonic-gate is_ascii = 0; 19917c478bd9Sstevel@tonic-gate break; 19927c478bd9Sstevel@tonic-gate } 19937c478bd9Sstevel@tonic-gate } 19947c478bd9Sstevel@tonic-gate 19957c478bd9Sstevel@tonic-gate return( is_ascii ); 19967c478bd9Sstevel@tonic-gate } 19977c478bd9Sstevel@tonic-gate 19987c478bd9Sstevel@tonic-gate 19997c478bd9Sstevel@tonic-gate #ifdef LDAP_DEBUG_MEMORY 20007c478bd9Sstevel@tonic-gate #define LDAPTOOL_ALLOC_FREED 0xF001 20017c478bd9Sstevel@tonic-gate #define LDAPTOOL_ALLOC_INUSE 0xF002 20027c478bd9Sstevel@tonic-gate 20037c478bd9Sstevel@tonic-gate static void * 20047c478bd9Sstevel@tonic-gate ldaptool_debug_alloc( void *ptr, size_t size ) 20057c478bd9Sstevel@tonic-gate { 20067c478bd9Sstevel@tonic-gate int *statusp; 20077c478bd9Sstevel@tonic-gate void *systemptr; 20087c478bd9Sstevel@tonic-gate 20097c478bd9Sstevel@tonic-gate if ( ptr == NULL ) { 20107c478bd9Sstevel@tonic-gate systemptr = NULL; 20117c478bd9Sstevel@tonic-gate } else { 20127c478bd9Sstevel@tonic-gate systemptr = (void *)((char *)ptr - sizeof(int)); 20137c478bd9Sstevel@tonic-gate } 20147c478bd9Sstevel@tonic-gate 20157c478bd9Sstevel@tonic-gate if (( statusp = (int *)realloc( systemptr, size + sizeof(int))) == NULL ) { 20167c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: realloc( 0x%x, %d) failed\n"), 20177c478bd9Sstevel@tonic-gate ldaptool_progname, systemptr, size ); 20187c478bd9Sstevel@tonic-gate return( NULL ); 20197c478bd9Sstevel@tonic-gate } 20207c478bd9Sstevel@tonic-gate 20217c478bd9Sstevel@tonic-gate *statusp = LDAPTOOL_ALLOC_INUSE; 20227c478bd9Sstevel@tonic-gate 20237c478bd9Sstevel@tonic-gate return( (char *)statusp + sizeof(int)); 20247c478bd9Sstevel@tonic-gate } 20257c478bd9Sstevel@tonic-gate 20267c478bd9Sstevel@tonic-gate 20277c478bd9Sstevel@tonic-gate static void * 20287c478bd9Sstevel@tonic-gate ldaptool_debug_realloc( void *ptr, size_t size ) 20297c478bd9Sstevel@tonic-gate { 20307c478bd9Sstevel@tonic-gate void *p; 20317c478bd9Sstevel@tonic-gate 20327c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20337c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => realloc( 0x%x, %d )\n"), 20347c478bd9Sstevel@tonic-gate ldaptool_progname, ptr, size ); 20357c478bd9Sstevel@tonic-gate } 20367c478bd9Sstevel@tonic-gate 20377c478bd9Sstevel@tonic-gate p = ldaptool_debug_alloc( ptr, size ); 20387c478bd9Sstevel@tonic-gate 20397c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20407c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: 0x%x <= realloc()\n"), ldaptool_progname, p ); 20417c478bd9Sstevel@tonic-gate } 20427c478bd9Sstevel@tonic-gate 20437c478bd9Sstevel@tonic-gate return( p ); 20447c478bd9Sstevel@tonic-gate } 20457c478bd9Sstevel@tonic-gate 20467c478bd9Sstevel@tonic-gate 20477c478bd9Sstevel@tonic-gate static void * 20487c478bd9Sstevel@tonic-gate ldaptool_debug_malloc( size_t size ) 20497c478bd9Sstevel@tonic-gate { 20507c478bd9Sstevel@tonic-gate void *p; 20517c478bd9Sstevel@tonic-gate 20527c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20537c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => malloc( %d)\n"), ldaptool_progname, size ); 20547c478bd9Sstevel@tonic-gate } 20557c478bd9Sstevel@tonic-gate 20567c478bd9Sstevel@tonic-gate p = ldaptool_debug_alloc( NULL, size ); 20577c478bd9Sstevel@tonic-gate 20587c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20597c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: 0x%x <= malloc()\n"), ldaptool_progname, p ); 20607c478bd9Sstevel@tonic-gate } 20617c478bd9Sstevel@tonic-gate 20627c478bd9Sstevel@tonic-gate return( p ); 20637c478bd9Sstevel@tonic-gate } 20647c478bd9Sstevel@tonic-gate 20657c478bd9Sstevel@tonic-gate 20667c478bd9Sstevel@tonic-gate static void * 20677c478bd9Sstevel@tonic-gate ldaptool_debug_calloc( size_t nelem, size_t elsize ) 20687c478bd9Sstevel@tonic-gate { 20697c478bd9Sstevel@tonic-gate void *p; 20707c478bd9Sstevel@tonic-gate 20717c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20727c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => calloc( %d, %d )\n"), 20737c478bd9Sstevel@tonic-gate ldaptool_progname, nelem, elsize ); 20747c478bd9Sstevel@tonic-gate } 20757c478bd9Sstevel@tonic-gate 20767c478bd9Sstevel@tonic-gate if (( p = ldaptool_debug_alloc( NULL, nelem * elsize )) != NULL ) { 20777c478bd9Sstevel@tonic-gate memset( p, 0, nelem * elsize ); 20787c478bd9Sstevel@tonic-gate } 20797c478bd9Sstevel@tonic-gate 20807c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20817c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: 0x%x <= calloc()\n"), ldaptool_progname, p ); 20827c478bd9Sstevel@tonic-gate } 20837c478bd9Sstevel@tonic-gate 20847c478bd9Sstevel@tonic-gate return( p ); 20857c478bd9Sstevel@tonic-gate } 20867c478bd9Sstevel@tonic-gate 20877c478bd9Sstevel@tonic-gate 20887c478bd9Sstevel@tonic-gate static void 20897c478bd9Sstevel@tonic-gate ldaptool_debug_free( void *ptr ) 20907c478bd9Sstevel@tonic-gate { 20917c478bd9Sstevel@tonic-gate int *statusp = (int *)((char *)ptr - sizeof(int)); 20927c478bd9Sstevel@tonic-gate 20937c478bd9Sstevel@tonic-gate if ( ldaptool_dbg_lvl & LDAP_DEBUG_TRACE ) { 20947c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: => free( 0x%x )\n"), ldaptool_progname, ptr ); 20957c478bd9Sstevel@tonic-gate } 20967c478bd9Sstevel@tonic-gate 20977c478bd9Sstevel@tonic-gate if ( ptr == NULL ) { 20987c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: bad free( 0x0 ) attempted (NULL pointer)\n"), 20997c478bd9Sstevel@tonic-gate ldaptool_progname ); 21007c478bd9Sstevel@tonic-gate } else if ( *statusp != LDAPTOOL_ALLOC_INUSE ) { 21017c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("%s: bad free( 0x%x ) attempted" 21027c478bd9Sstevel@tonic-gate " (block not in use; status is %d)\n"), 21037c478bd9Sstevel@tonic-gate ldaptool_progname, ptr, *statusp ); 21047c478bd9Sstevel@tonic-gate } else { 21057c478bd9Sstevel@tonic-gate *statusp = LDAPTOOL_ALLOC_FREED; 21067c478bd9Sstevel@tonic-gate free( statusp ); 21077c478bd9Sstevel@tonic-gate } 21087c478bd9Sstevel@tonic-gate } 21097c478bd9Sstevel@tonic-gate #endif /* LDAP_DEBUG_MEMORY */ 21107c478bd9Sstevel@tonic-gate 21117c478bd9Sstevel@tonic-gate 21127c478bd9Sstevel@tonic-gate #if defined(NET_SSL) 21137c478bd9Sstevel@tonic-gate /* 21147c478bd9Sstevel@tonic-gate * Derive key database path from certificate database path and return a 21157c478bd9Sstevel@tonic-gate * malloc'd string. 21167c478bd9Sstevel@tonic-gate * 21177c478bd9Sstevel@tonic-gate * We just return an exact copy of "certdbpath" unless it ends in "cert.db", 21187c478bd9Sstevel@tonic-gate * "cert5.db", or "cert7.db". In those cases we strip off everything from 21197c478bd9Sstevel@tonic-gate * "cert" on and append "key.db", "key5.db", or "key3.db" as appropriate. 21207c478bd9Sstevel@tonic-gate * Strangely enough cert7.db and key3.db go together. 21217c478bd9Sstevel@tonic-gate */ 21227c478bd9Sstevel@tonic-gate static char * 21237c478bd9Sstevel@tonic-gate certpath2keypath( char *certdbpath ) 21247c478bd9Sstevel@tonic-gate { 21257c478bd9Sstevel@tonic-gate char *keydbpath, *appendstr; 21267c478bd9Sstevel@tonic-gate int len, striplen; 21277c478bd9Sstevel@tonic-gate 21287c478bd9Sstevel@tonic-gate if ( certdbpath == NULL ) { 21297c478bd9Sstevel@tonic-gate return( NULL ); 21307c478bd9Sstevel@tonic-gate } 21317c478bd9Sstevel@tonic-gate 21327c478bd9Sstevel@tonic-gate if (( keydbpath = strdup( certdbpath )) == NULL ) { 21337c478bd9Sstevel@tonic-gate perror( "strdup" ); 21347c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 21357c478bd9Sstevel@tonic-gate } 21367c478bd9Sstevel@tonic-gate 21377c478bd9Sstevel@tonic-gate len = strlen( keydbpath ); 21387c478bd9Sstevel@tonic-gate if ( len > 7 && 21397c478bd9Sstevel@tonic-gate strcasecmp( "cert.db", keydbpath + len - 7 ) == 0 ) { 21407c478bd9Sstevel@tonic-gate striplen = 7; 21417c478bd9Sstevel@tonic-gate appendstr = "key.db"; 21427c478bd9Sstevel@tonic-gate 21437c478bd9Sstevel@tonic-gate } else if ( len > 8 && 21447c478bd9Sstevel@tonic-gate strcasecmp( "cert5.db", keydbpath + len - 8 ) == 0 ) { 21457c478bd9Sstevel@tonic-gate striplen = 8; 21467c478bd9Sstevel@tonic-gate appendstr = "key5.db"; 21477c478bd9Sstevel@tonic-gate } else if ( len > 8 && 21487c478bd9Sstevel@tonic-gate strcasecmp( "cert7.db", keydbpath + len - 8 ) == 0 ) { 21497c478bd9Sstevel@tonic-gate striplen = 8; 21507c478bd9Sstevel@tonic-gate appendstr = "key3.db"; 21517c478bd9Sstevel@tonic-gate } else { 21527c478bd9Sstevel@tonic-gate striplen = 0; 21537c478bd9Sstevel@tonic-gate } 21547c478bd9Sstevel@tonic-gate 21557c478bd9Sstevel@tonic-gate if ( striplen > 0 ) { 21567c478bd9Sstevel@tonic-gate /* 21577c478bd9Sstevel@tonic-gate * The following code assumes that strlen( appendstr ) < striplen! 21587c478bd9Sstevel@tonic-gate */ 21597c478bd9Sstevel@tonic-gate strcpy( keydbpath + len - striplen, appendstr ); 21607c478bd9Sstevel@tonic-gate } 21617c478bd9Sstevel@tonic-gate 21627c478bd9Sstevel@tonic-gate return( keydbpath ); 21637c478bd9Sstevel@tonic-gate } 21647c478bd9Sstevel@tonic-gate 21657c478bd9Sstevel@tonic-gate #ifdef LDAP_TOOL_PKCS11 21667c478bd9Sstevel@tonic-gate static 21677c478bd9Sstevel@tonic-gate char * 21687c478bd9Sstevel@tonic-gate buildTokenCertName( const char *tokenName, const char *certName) 21697c478bd9Sstevel@tonic-gate { 21707c478bd9Sstevel@tonic-gate 21717c478bd9Sstevel@tonic-gate int tokenlen = strlen(tokenName); 21727c478bd9Sstevel@tonic-gate int len = tokenlen + strlen(certName) +2; 21737c478bd9Sstevel@tonic-gate char *result; 21747c478bd9Sstevel@tonic-gate 21757c478bd9Sstevel@tonic-gate if (( result = malloc( len )) != NULL) { 21767c478bd9Sstevel@tonic-gate strcpy(result, tokenName); 21777c478bd9Sstevel@tonic-gate *(result+tokenlen) = ':'; 21787c478bd9Sstevel@tonic-gate ++tokenlen; 21797c478bd9Sstevel@tonic-gate strcpy(result+tokenlen, certName); 21807c478bd9Sstevel@tonic-gate } else { 21817c478bd9Sstevel@tonic-gate perror("malloc"); 21827c478bd9Sstevel@tonic-gate exit( LDAP_NO_MEMORY ); 21837c478bd9Sstevel@tonic-gate } 21847c478bd9Sstevel@tonic-gate return result; 21857c478bd9Sstevel@tonic-gate } 21867c478bd9Sstevel@tonic-gate 21877c478bd9Sstevel@tonic-gate 21887c478bd9Sstevel@tonic-gate 21897c478bd9Sstevel@tonic-gate static 21907c478bd9Sstevel@tonic-gate int 21917c478bd9Sstevel@tonic-gate ldaptool_getcertpath( void *context, char **certlocp ) 21927c478bd9Sstevel@tonic-gate { 21937c478bd9Sstevel@tonic-gate 21947c478bd9Sstevel@tonic-gate *certlocp = ssl_certdbpath; 21957c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 21967c478bd9Sstevel@tonic-gate if (ssl_certdbpath) 21977c478bd9Sstevel@tonic-gate { 21987c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertpath -- %s\n"), ssl_certdbpath ); 21997c478bd9Sstevel@tonic-gate } 22007c478bd9Sstevel@tonic-gate else 22017c478bd9Sstevel@tonic-gate { 22027c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertpath -- (null)\n")); 22037c478bd9Sstevel@tonic-gate } 22047c478bd9Sstevel@tonic-gate 22057c478bd9Sstevel@tonic-gate } 22067c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22077c478bd9Sstevel@tonic-gate } 22087c478bd9Sstevel@tonic-gate 22097c478bd9Sstevel@tonic-gate int 22107c478bd9Sstevel@tonic-gate ldaptool_getcertname( void *context, char **certnamep ) 22117c478bd9Sstevel@tonic-gate { 22127c478bd9Sstevel@tonic-gate 22137c478bd9Sstevel@tonic-gate *certnamep = ssl_certname; 22147c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22157c478bd9Sstevel@tonic-gate if (ssl_certname) 22167c478bd9Sstevel@tonic-gate { 22177c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertname -- %s\n"), *certnamep); 22187c478bd9Sstevel@tonic-gate } 22197c478bd9Sstevel@tonic-gate else 22207c478bd9Sstevel@tonic-gate { 22217c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getcertname -- (null)\n")); 22227c478bd9Sstevel@tonic-gate } 22237c478bd9Sstevel@tonic-gate } 22247c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22257c478bd9Sstevel@tonic-gate } 22267c478bd9Sstevel@tonic-gate 22277c478bd9Sstevel@tonic-gate int 22287c478bd9Sstevel@tonic-gate ldaptool_getkeypath(void *context, char **keylocp ) 22297c478bd9Sstevel@tonic-gate { 22307c478bd9Sstevel@tonic-gate *keylocp = ssl_keydbpath; 22317c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22327c478bd9Sstevel@tonic-gate if (ssl_keydbpath) 22337c478bd9Sstevel@tonic-gate { 22347c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getkeypath -- %s\n"),*keylocp); 22357c478bd9Sstevel@tonic-gate } 22367c478bd9Sstevel@tonic-gate else 22377c478bd9Sstevel@tonic-gate { 22387c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getkeypath -- (null)\n")); 22397c478bd9Sstevel@tonic-gate } 22407c478bd9Sstevel@tonic-gate } 22417c478bd9Sstevel@tonic-gate 22427c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22437c478bd9Sstevel@tonic-gate } 22447c478bd9Sstevel@tonic-gate 22457c478bd9Sstevel@tonic-gate int 22467c478bd9Sstevel@tonic-gate ldaptool_gettokenname( void *context, char **tokennamep ) 22477c478bd9Sstevel@tonic-gate { 22487c478bd9Sstevel@tonic-gate 22497c478bd9Sstevel@tonic-gate *tokennamep = pkcs_token; 22507c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22517c478bd9Sstevel@tonic-gate if (pkcs_token) 22527c478bd9Sstevel@tonic-gate { 22537c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_gettokenname -- %s\n"),*tokennamep); 22547c478bd9Sstevel@tonic-gate } 22557c478bd9Sstevel@tonic-gate else 22567c478bd9Sstevel@tonic-gate { 22577c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_gettokenname -- (null)\n")); 22587c478bd9Sstevel@tonic-gate } 22597c478bd9Sstevel@tonic-gate } 22607c478bd9Sstevel@tonic-gate 22617c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22627c478bd9Sstevel@tonic-gate } 22637c478bd9Sstevel@tonic-gate int 22647c478bd9Sstevel@tonic-gate ldaptool_gettokenpin( void *context, const char *tokennamep, char **tokenpinp) 22657c478bd9Sstevel@tonic-gate { 22667c478bd9Sstevel@tonic-gate 22677c478bd9Sstevel@tonic-gate #if 0 22687c478bd9Sstevel@tonic-gate char *localtoken; 22697c478bd9Sstevel@tonic-gate #endif 22707c478bd9Sstevel@tonic-gate 22717c478bd9Sstevel@tonic-gate /* XXXceb this stuff is removed for the time being. 22727c478bd9Sstevel@tonic-gate * This function should return the pin from ssl_password 22737c478bd9Sstevel@tonic-gate */ 22747c478bd9Sstevel@tonic-gate 22757c478bd9Sstevel@tonic-gate 22767c478bd9Sstevel@tonic-gate *tokenpinp = ssl_passwd; 22777c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 22787c478bd9Sstevel@tonic-gate 22797c478bd9Sstevel@tonic-gate #if 0 22807c478bd9Sstevel@tonic-gate 22817c478bd9Sstevel@tonic-gate ldaptool_gettokenname( NULL, &localtoken); 22827c478bd9Sstevel@tonic-gate 22837c478bd9Sstevel@tonic-gate if (strcmp( localtoken, tokennamep)) 22847c478bd9Sstevel@tonic-gate 22857c478bd9Sstevel@tonic-gate *tokenpinp = pkcs_pin; 22867c478bd9Sstevel@tonic-gate else 22877c478bd9Sstevel@tonic-gate *tokenpinp = NULL; 22887c478bd9Sstevel@tonic-gate 22897c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 22907c478bd9Sstevel@tonic-gate if (pkcs_pin) 22917c478bd9Sstevel@tonic-gate { 22927c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getokenpin --%s\n"), tokenpinp); 22937c478bd9Sstevel@tonic-gate } 22947c478bd9Sstevel@tonic-gate else 22957c478bd9Sstevel@tonic-gate { 22967c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getokenpin -- (null)\n")); 22977c478bd9Sstevel@tonic-gate } 22987c478bd9Sstevel@tonic-gate } 22997c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23007c478bd9Sstevel@tonic-gate #endif 23017c478bd9Sstevel@tonic-gate } 23027c478bd9Sstevel@tonic-gate 23037c478bd9Sstevel@tonic-gate int 23047c478bd9Sstevel@tonic-gate ldaptool_getmodpath( void *context, char **modulep ) 23057c478bd9Sstevel@tonic-gate { 23067c478bd9Sstevel@tonic-gate *modulep = ssl_secmodpath; 23077c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 23087c478bd9Sstevel@tonic-gate if (ssl_secmodpath) 23097c478bd9Sstevel@tonic-gate { 23107c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getmodpath -- %s\n"), *modulep); 23117c478bd9Sstevel@tonic-gate } 23127c478bd9Sstevel@tonic-gate else 23137c478bd9Sstevel@tonic-gate { 23147c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getmodpath -- (null)\n")); 23157c478bd9Sstevel@tonic-gate } 23167c478bd9Sstevel@tonic-gate } 23177c478bd9Sstevel@tonic-gate 23187c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23197c478bd9Sstevel@tonic-gate } 23207c478bd9Sstevel@tonic-gate 23217c478bd9Sstevel@tonic-gate int 23227c478bd9Sstevel@tonic-gate ldaptool_getdonglefilename( void *context, char **filename ) 23237c478bd9Sstevel@tonic-gate { 23247c478bd9Sstevel@tonic-gate *filename = ssl_donglefile; 23257c478bd9Sstevel@tonic-gate if ( ldaptool_verbose ) { 23267c478bd9Sstevel@tonic-gate if (ssl_donglefile) 23277c478bd9Sstevel@tonic-gate { 23287c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getdonglefilename -- %s\n"), *filename); 23297c478bd9Sstevel@tonic-gate } 23307c478bd9Sstevel@tonic-gate else 23317c478bd9Sstevel@tonic-gate { 23327c478bd9Sstevel@tonic-gate printf(gettext("ldaptool_getdonglefilename -- (null)\n")); 23337c478bd9Sstevel@tonic-gate } 23347c478bd9Sstevel@tonic-gate 23357c478bd9Sstevel@tonic-gate } 23367c478bd9Sstevel@tonic-gate 23377c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23387c478bd9Sstevel@tonic-gate } 23397c478bd9Sstevel@tonic-gate 23407c478bd9Sstevel@tonic-gate static int 23417c478bd9Sstevel@tonic-gate ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns) 23427c478bd9Sstevel@tonic-gate { 23437c478bd9Sstevel@tonic-gate pfns->pkcs_getcertpath = (int (*)(void *, char **))ldaptool_getcertpath; 23447c478bd9Sstevel@tonic-gate pfns->pkcs_getcertname = (int (*)(void *, char **))ldaptool_getcertname; 23457c478bd9Sstevel@tonic-gate pfns->pkcs_getkeypath = (int (*)(void *, char **)) ldaptool_getkeypath; 23467c478bd9Sstevel@tonic-gate pfns->pkcs_getmodpath = (int (*)(void *, char **)) ldaptool_getmodpath; 23477c478bd9Sstevel@tonic-gate pfns->pkcs_getpin = (int (*)(void *, const char*, char **)) ldaptool_gettokenpin; 23487c478bd9Sstevel@tonic-gate pfns->pkcs_gettokenname = (int (*)(void *, char **)) ldaptool_gettokenname; 23497c478bd9Sstevel@tonic-gate pfns->pkcs_getdonglefilename = (int (*)(void *, char **)) ldaptool_getdonglefilename; 23507c478bd9Sstevel@tonic-gate pfns->local_structure_id=PKCS_STRUCTURE_ID; 23517c478bd9Sstevel@tonic-gate return LDAP_SUCCESS; 23527c478bd9Sstevel@tonic-gate } 23537c478bd9Sstevel@tonic-gate 23547c478bd9Sstevel@tonic-gate 23557c478bd9Sstevel@tonic-gate 23567c478bd9Sstevel@tonic-gate #ifdef FORTEZZA 23577c478bd9Sstevel@tonic-gate static int 23587c478bd9Sstevel@tonic-gate ldaptool_fortezza_init( int exit_on_error ) 23597c478bd9Sstevel@tonic-gate { 23607c478bd9Sstevel@tonic-gate int rc, errcode; 23617c478bd9Sstevel@tonic-gate 23627c478bd9Sstevel@tonic-gate if ( fortezza_personality == NULL && fortezza_cardmask == 0 ) { /* no FORTEZZA desired */ 23637c478bd9Sstevel@tonic-gate SSL_EnableGroup( SSL_GroupFortezza, DSFalse ); /* disable FORTEZZA */ 23647c478bd9Sstevel@tonic-gate return( 0 ); 23657c478bd9Sstevel@tonic-gate } 23667c478bd9Sstevel@tonic-gate 23677c478bd9Sstevel@tonic-gate if (( rc = FortezzaConfigureServer( ldaptool_fortezza_getpin, fortezza_cardmask, 23687c478bd9Sstevel@tonic-gate fortezza_personality, ldaptool_fortezza_alert, NULL, &errcode, 23697c478bd9Sstevel@tonic-gate fortezza_krlfile )) < 0 ) { 23707c478bd9Sstevel@tonic-gate fprintf( stderr, 23717c478bd9Sstevel@tonic-gate "%s: FORTEZZA initialization failed (error %d - %s)\n", 23727c478bd9Sstevel@tonic-gate ldaptool_progname, errcode, 23737c478bd9Sstevel@tonic-gate ldaptool_fortezza_err2string( errcode )); 23747c478bd9Sstevel@tonic-gate if ( exit_on_error ) { 23757c478bd9Sstevel@tonic-gate exit( LDAP_LOCAL_ERROR ); 23767c478bd9Sstevel@tonic-gate } 23777c478bd9Sstevel@tonic-gate 23787c478bd9Sstevel@tonic-gate SSL_EnableGroup( SSL_GroupFortezza, DSFalse ); /* disable FORTEZZA */ 23797c478bd9Sstevel@tonic-gate return( -1 ); 23807c478bd9Sstevel@tonic-gate } 23817c478bd9Sstevel@tonic-gate 23827c478bd9Sstevel@tonic-gate SSL_EnableGroup( SSL_GroupFortezza, DSTrue ); /* enable FORTEZZA */ 23837c478bd9Sstevel@tonic-gate return( 0 ); 23847c478bd9Sstevel@tonic-gate } 23857c478bd9Sstevel@tonic-gate 23867c478bd9Sstevel@tonic-gate 23877c478bd9Sstevel@tonic-gate static int 23887c478bd9Sstevel@tonic-gate ldaptool_fortezza_alert( void *arg, PRBool onOpen, char *string, 23897c478bd9Sstevel@tonic-gate int value1, void *value2 ) 23907c478bd9Sstevel@tonic-gate { 23917c478bd9Sstevel@tonic-gate fprintf( stderr, "%s: FORTEZZA alert: ", ldaptool_progname ); 23927c478bd9Sstevel@tonic-gate fprintf( stderr, string, value1, value2 ); 23937c478bd9Sstevel@tonic-gate fprintf( stderr, "\n" ); 23947c478bd9Sstevel@tonic-gate return( 1 ); 23957c478bd9Sstevel@tonic-gate } 23967c478bd9Sstevel@tonic-gate 23977c478bd9Sstevel@tonic-gate 23987c478bd9Sstevel@tonic-gate static void * 23997c478bd9Sstevel@tonic-gate ldaptool_fortezza_getpin( char **passwordp ) 24007c478bd9Sstevel@tonic-gate { 24017c478bd9Sstevel@tonic-gate *passwordp = fortezza_pin; 24027c478bd9Sstevel@tonic-gate return( *passwordp ); 24037c478bd9Sstevel@tonic-gate } 24047c478bd9Sstevel@tonic-gate 24057c478bd9Sstevel@tonic-gate 24067c478bd9Sstevel@tonic-gate /* 24077c478bd9Sstevel@tonic-gate * convert a Fortezza error code (as returned by FortezzaConfigureServer() 24087c478bd9Sstevel@tonic-gate * into a human-readable string. 24097c478bd9Sstevel@tonic-gate * 24107c478bd9Sstevel@tonic-gate * Error strings are intentionally similar to those found in 24117c478bd9Sstevel@tonic-gate * ns/netsite/lib/libadmin/httpcon.c 24127c478bd9Sstevel@tonic-gate */ 24137c478bd9Sstevel@tonic-gate static char * 24147c478bd9Sstevel@tonic-gate ldaptool_fortezza_err2string( int err ) 24157c478bd9Sstevel@tonic-gate { 24167c478bd9Sstevel@tonic-gate char *s; 24177c478bd9Sstevel@tonic-gate 24187c478bd9Sstevel@tonic-gate switch( err ) { 24197c478bd9Sstevel@tonic-gate case FORTEZZA_BADPASSWD: 24207c478bd9Sstevel@tonic-gate s = "invalid pin number"; 24217c478bd9Sstevel@tonic-gate break; 24227c478bd9Sstevel@tonic-gate case FORTEZZA_BADCARD: 24237c478bd9Sstevel@tonic-gate s = "bad or missing card"; 24247c478bd9Sstevel@tonic-gate break; 24257c478bd9Sstevel@tonic-gate case FORTEZZA_MISSING_KRL: 24267c478bd9Sstevel@tonic-gate s = "bad or missing compromised key list"; 24277c478bd9Sstevel@tonic-gate break; 24287c478bd9Sstevel@tonic-gate case FORTEZZA_CERT_INIT_ERROR: 24297c478bd9Sstevel@tonic-gate s = "unable to initialize certificate cache. either a cert on " 24307c478bd9Sstevel@tonic-gate "the card is bad, or an old FORTEZZA certificate is in a" 24317c478bd9Sstevel@tonic-gate "readonly database"; 24327c478bd9Sstevel@tonic-gate break; 24337c478bd9Sstevel@tonic-gate case FORTEZZA_EXPIRED_CERT: 24347c478bd9Sstevel@tonic-gate s = "unable to verify certificate"; 24357c478bd9Sstevel@tonic-gate break; 24367c478bd9Sstevel@tonic-gate default: 24377c478bd9Sstevel@tonic-gate s = "unknown error"; 24387c478bd9Sstevel@tonic-gate } 24397c478bd9Sstevel@tonic-gate 24407c478bd9Sstevel@tonic-gate return( s ); 24417c478bd9Sstevel@tonic-gate } 24427c478bd9Sstevel@tonic-gate 24437c478bd9Sstevel@tonic-gate #endif /* FORTEZZA */ 24447c478bd9Sstevel@tonic-gate #endif /* LDAP_TOOL_PKCS11 */ 24457c478bd9Sstevel@tonic-gate #endif /* NET_SSL */ 24467c478bd9Sstevel@tonic-gate 24477c478bd9Sstevel@tonic-gate int 24487c478bd9Sstevel@tonic-gate ldaptool_boolean_str2value ( const char *ptr, int strict ) 24497c478bd9Sstevel@tonic-gate { 24507c478bd9Sstevel@tonic-gate if (strict) { 24517c478bd9Sstevel@tonic-gate if ( !(strcasecmp(ptr, "true"))) { 24527c478bd9Sstevel@tonic-gate return 1; 24537c478bd9Sstevel@tonic-gate } 24547c478bd9Sstevel@tonic-gate else if ( !(strcasecmp(ptr, "false"))) { 24557c478bd9Sstevel@tonic-gate return 0; 24567c478bd9Sstevel@tonic-gate } 24577c478bd9Sstevel@tonic-gate else { 24587c478bd9Sstevel@tonic-gate return (-1); 24597c478bd9Sstevel@tonic-gate } 24607c478bd9Sstevel@tonic-gate } 24617c478bd9Sstevel@tonic-gate else { 24627c478bd9Sstevel@tonic-gate if ( !(strcasecmp(ptr, "true")) || 24637c478bd9Sstevel@tonic-gate !(strcasecmp(ptr, "t")) || 24647c478bd9Sstevel@tonic-gate !(strcmp(ptr, "1")) ) { 24657c478bd9Sstevel@tonic-gate return (1); 24667c478bd9Sstevel@tonic-gate } 24677c478bd9Sstevel@tonic-gate else if ( !(strcasecmp(ptr, "false")) || 24687c478bd9Sstevel@tonic-gate !(strcasecmp(ptr, "f")) || 24697c478bd9Sstevel@tonic-gate !(strcmp(ptr, "0")) ) { 24707c478bd9Sstevel@tonic-gate return (0); 24717c478bd9Sstevel@tonic-gate } 24727c478bd9Sstevel@tonic-gate else { 24737c478bd9Sstevel@tonic-gate return (-1); 24747c478bd9Sstevel@tonic-gate } 24757c478bd9Sstevel@tonic-gate } 24767c478bd9Sstevel@tonic-gate } 24777c478bd9Sstevel@tonic-gate 24787c478bd9Sstevel@tonic-gate FILE * 24797c478bd9Sstevel@tonic-gate ldaptool_open_file(const char *filename, const char *mode) 24807c478bd9Sstevel@tonic-gate { 24817c478bd9Sstevel@tonic-gate #ifdef _LARGEFILE64_SOURCE 24827c478bd9Sstevel@tonic-gate return fopen64(filename, mode); 24837c478bd9Sstevel@tonic-gate #else 24847c478bd9Sstevel@tonic-gate return fopen(filename, mode); 24857c478bd9Sstevel@tonic-gate #endif 24867c478bd9Sstevel@tonic-gate } 24877c478bd9Sstevel@tonic-gate 24887c478bd9Sstevel@tonic-gate #ifdef later 24897c478bd9Sstevel@tonic-gate /* Functions for list in ldapdelete.c */ 24907c478bd9Sstevel@tonic-gate 24917c478bd9Sstevel@tonic-gate void L_Init(Head *list) 24927c478bd9Sstevel@tonic-gate { 24937c478bd9Sstevel@tonic-gate if(list) 24947c478bd9Sstevel@tonic-gate { 24957c478bd9Sstevel@tonic-gate list->first = NULL; 24967c478bd9Sstevel@tonic-gate list->last = NULL; 24977c478bd9Sstevel@tonic-gate list->count = 0; 24987c478bd9Sstevel@tonic-gate } 24997c478bd9Sstevel@tonic-gate } 25007c478bd9Sstevel@tonic-gate 25017c478bd9Sstevel@tonic-gate void L_Insert(Element *Node, Head *HeadNode) 25027c478bd9Sstevel@tonic-gate { 25037c478bd9Sstevel@tonic-gate if (!Node || !HeadNode) 25047c478bd9Sstevel@tonic-gate return; 25057c478bd9Sstevel@tonic-gate 25067c478bd9Sstevel@tonic-gate Node->right = NULL; 25077c478bd9Sstevel@tonic-gate 25087c478bd9Sstevel@tonic-gate if (HeadNode->first == NULL) 25097c478bd9Sstevel@tonic-gate { 25107c478bd9Sstevel@tonic-gate Node->left= NULL; 25117c478bd9Sstevel@tonic-gate HeadNode->last = HeadNode->first = Node; 25127c478bd9Sstevel@tonic-gate } 25137c478bd9Sstevel@tonic-gate else 25147c478bd9Sstevel@tonic-gate { 25157c478bd9Sstevel@tonic-gate Node->left = HeadNode->last; 25167c478bd9Sstevel@tonic-gate HeadNode->last = Node->left->right = Node; 25177c478bd9Sstevel@tonic-gate } 25187c478bd9Sstevel@tonic-gate HeadNode->count++; 25197c478bd9Sstevel@tonic-gate } 25207c478bd9Sstevel@tonic-gate 25217c478bd9Sstevel@tonic-gate void L_Remove(Element *Node, Head *HeadNode) 25227c478bd9Sstevel@tonic-gate { 25237c478bd9Sstevel@tonic-gate Element *traverse = NULL; 25247c478bd9Sstevel@tonic-gate Element *prevnode = NULL; 25257c478bd9Sstevel@tonic-gate 25267c478bd9Sstevel@tonic-gate if(!Node || !HeadNode) 25277c478bd9Sstevel@tonic-gate return; 25287c478bd9Sstevel@tonic-gate 25297c478bd9Sstevel@tonic-gate for(traverse = HeadNode->first; traverse; traverse = traverse->right) 25307c478bd9Sstevel@tonic-gate { 25317c478bd9Sstevel@tonic-gate if(traverse == Node) 25327c478bd9Sstevel@tonic-gate { 25337c478bd9Sstevel@tonic-gate if(HeadNode->first == traverse) 25347c478bd9Sstevel@tonic-gate { 25357c478bd9Sstevel@tonic-gate HeadNode->first = traverse->right; 25367c478bd9Sstevel@tonic-gate } 25377c478bd9Sstevel@tonic-gate if(HeadNode->last == traverse) 25387c478bd9Sstevel@tonic-gate { 25397c478bd9Sstevel@tonic-gate HeadNode->last = prevnode; 25407c478bd9Sstevel@tonic-gate } 25417c478bd9Sstevel@tonic-gate traverse = traverse->right; 25427c478bd9Sstevel@tonic-gate if(prevnode != NULL) 25437c478bd9Sstevel@tonic-gate { 25447c478bd9Sstevel@tonic-gate prevnode->right = traverse; 25457c478bd9Sstevel@tonic-gate } 25467c478bd9Sstevel@tonic-gate if(traverse != NULL) 25477c478bd9Sstevel@tonic-gate { 25487c478bd9Sstevel@tonic-gate traverse->left = prevnode; 25497c478bd9Sstevel@tonic-gate } 25507c478bd9Sstevel@tonic-gate HeadNode->count--; 25517c478bd9Sstevel@tonic-gate return; 25527c478bd9Sstevel@tonic-gate } 25537c478bd9Sstevel@tonic-gate else /* traverse != node */ 25547c478bd9Sstevel@tonic-gate { 25557c478bd9Sstevel@tonic-gate prevnode = traverse; 25567c478bd9Sstevel@tonic-gate } 25577c478bd9Sstevel@tonic-gate } 25587c478bd9Sstevel@tonic-gate } 25597c478bd9Sstevel@tonic-gate #endif 25607c478bd9Sstevel@tonic-gate 25617c478bd9Sstevel@tonic-gate #ifdef HAVE_SASL_OPTIONS 25627c478bd9Sstevel@tonic-gate /* 25637c478bd9Sstevel@tonic-gate * Function checks for valid args, returns an error if not found 25647c478bd9Sstevel@tonic-gate * and sets SASL params from command line 25657c478bd9Sstevel@tonic-gate */ 25667c478bd9Sstevel@tonic-gate 25677c478bd9Sstevel@tonic-gate static int 25687c478bd9Sstevel@tonic-gate saslSetParam(char *saslarg) 25697c478bd9Sstevel@tonic-gate { 25707c478bd9Sstevel@tonic-gate char *attr = NULL; 25717c478bd9Sstevel@tonic-gate 25727c478bd9Sstevel@tonic-gate attr = strchr(saslarg, '='); 25737c478bd9Sstevel@tonic-gate if (attr == NULL) { 25747c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Didn't find \"=\" character in %s\n"), saslarg); 25757c478bd9Sstevel@tonic-gate return (-1); 25767c478bd9Sstevel@tonic-gate } 25777c478bd9Sstevel@tonic-gate *attr = '\0'; 25787c478bd9Sstevel@tonic-gate attr++; 25797c478bd9Sstevel@tonic-gate 25807c478bd9Sstevel@tonic-gate if (!strcasecmp(saslarg, "secProp")) { 25817c478bd9Sstevel@tonic-gate if ( sasl_secprops != NULL ) { 25827c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("secProp previously specified\n")); 25837c478bd9Sstevel@tonic-gate return (-1); 25847c478bd9Sstevel@tonic-gate } 25857c478bd9Sstevel@tonic-gate if (( sasl_secprops = strdup(attr)) == NULL ) { 25867c478bd9Sstevel@tonic-gate perror ("malloc"); 25877c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 25887c478bd9Sstevel@tonic-gate } 25897c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "realm")) { 25907c478bd9Sstevel@tonic-gate if ( sasl_realm != NULL ) { 25917c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Realm previously specified\n")); 25927c478bd9Sstevel@tonic-gate return (-1); 25937c478bd9Sstevel@tonic-gate } 25947c478bd9Sstevel@tonic-gate if (( sasl_realm = strdup(attr)) == NULL ) { 25957c478bd9Sstevel@tonic-gate perror ("malloc"); 25967c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 25977c478bd9Sstevel@tonic-gate } 25987c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "authzid")) { 25997c478bd9Sstevel@tonic-gate if (sasl_username != NULL) { 26007c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Authorization name previously specified\n")); 26017c478bd9Sstevel@tonic-gate return (-1); 26027c478bd9Sstevel@tonic-gate } 26037c478bd9Sstevel@tonic-gate if (( sasl_username = strdup(attr)) == NULL ) { 26047c478bd9Sstevel@tonic-gate perror ("malloc"); 26057c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 26067c478bd9Sstevel@tonic-gate } 26077c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "authid")) { 26087c478bd9Sstevel@tonic-gate if ( sasl_authid != NULL ) { 26097c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Authentication name previously specified\n")); 26107c478bd9Sstevel@tonic-gate return (-1); 26117c478bd9Sstevel@tonic-gate } 26127c478bd9Sstevel@tonic-gate if (( sasl_authid = strdup(attr)) == NULL) { 26137c478bd9Sstevel@tonic-gate perror ("malloc"); 26147c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 26157c478bd9Sstevel@tonic-gate } 26167c478bd9Sstevel@tonic-gate } else if (!strcasecmp(saslarg, "mech")) { 26177c478bd9Sstevel@tonic-gate if ( sasl_mech != NULL ) { 26187c478bd9Sstevel@tonic-gate fprintf( stderr, gettext("Mech previously specified\n")); 26197c478bd9Sstevel@tonic-gate return (-1); 26207c478bd9Sstevel@tonic-gate } 26217c478bd9Sstevel@tonic-gate if (( sasl_mech = strdup(attr)) == NULL) { 26227c478bd9Sstevel@tonic-gate perror ("malloc"); 26237c478bd9Sstevel@tonic-gate exit (LDAP_NO_MEMORY); 26247c478bd9Sstevel@tonic-gate } 26257c478bd9Sstevel@tonic-gate } else { 26267c478bd9Sstevel@tonic-gate fprintf (stderr, gettext("Invalid attribute name %s\n"), saslarg); 26277c478bd9Sstevel@tonic-gate return (-1); 26287c478bd9Sstevel@tonic-gate } 26297c478bd9Sstevel@tonic-gate return 0; 26307c478bd9Sstevel@tonic-gate } 26317c478bd9Sstevel@tonic-gate #endif /* HAVE_SASL_OPTIONS */ 2632*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India 2633*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India /* 2634*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India * check for and report input or output error on named stream 2635*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India * return ldap_err or ferror() (ldap_err takes precedence) 2636*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India * assume that fflush() already has been called if needed. 2637*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India * don't want to fflush() an input stream. 2638*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India */ 2639*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India int 2640*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India ldaptool_check_ferror(FILE * stream, const int ldap_err, const char *msg) 2641*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India { 2642*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India int err = 0; 2643*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India if ((err = ferror(stream)) != 0 ) { 2644*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India fprintf(stderr, gettext("%s: ERROR: "), ldaptool_progname); 2645*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India perror(msg); 2646*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India err = LDAP_LOCAL_ERROR; 2647*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India } 2648*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India 2649*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India /* 2650*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India * reporting LDAP error code is more important than 2651*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India * reporting errors from ferror() 2652*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India */ 2653*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India if (ldap_err == LDAP_SUCCESS) { 2654*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India return(err); 2655*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India } else { 2656*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India return(ldap_err); 2657*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India } 2658*ffc33b84SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India } 2659