Ejemplo n.º 1
0
int
ldap_search_st(
	LDAP *ld, LDAP_CONST char *base, int scope,
	LDAP_CONST char *filter, char **attrs,
	int attrsonly, struct timeval *timeout, LDAPMessage **res )
{
	int	msgid;

    *res = NULL;

	if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
	    == -1 )
		return( ld->ld_errno );

	if ( ldap_result( ld, msgid, LDAP_MSG_ALL, timeout, res ) == -1 || !*res )
		return( ld->ld_errno );

	if ( ld->ld_errno == LDAP_TIMEOUT ) {
		(void) ldap_abandon( ld, msgid );
		ld->ld_errno = LDAP_TIMEOUT;
		return( ld->ld_errno );
	}

	return( ldap_result2error( ld, *res, 0 ) );
}
Ejemplo n.º 2
0
/* ARGSUSED */
int _ns_ldap_abandon(char *service, int flags,
	int msgid)
{
	LDAP *ld = __s_api_getLDAPconn(flags);

	return (ldap_abandon(ld, msgid));
}
Ejemplo n.º 3
0
static int 
nsldapi_search_s(
    LDAP		*ld, 
    const char 		*base, 
    int 		scope, 
    const char 		*filter, 
    char 		**attrs,
    int			attrsonly, 
    LDAPControl		**serverctrls,
    LDAPControl		**clientctrls,
    struct timeval	*localtimeoutp,
    int			timelimit,	/* -1 means use ld->ld_timelimit */
    int			sizelimit,	/* -1 means use ld->ld_sizelimit */
    LDAPMessage		**res
)
{
	int	err, msgid;

	/*
	 * It is an error to pass in a zero'd timeval.
	 */
	if ( localtimeoutp != NULL && localtimeoutp->tv_sec == 0 &&
	    localtimeoutp->tv_usec == 0 ) {
		if ( ld != NULL ) {
			LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
		}
		if ( res != NULL ) {
			*res = NULL;
		}
                return( LDAP_PARAM_ERROR );
        }

	if (( err = nsldapi_search( ld, base, scope, filter, attrs, attrsonly,
	    serverctrls, clientctrls, timelimit, sizelimit, &msgid ))
	    != LDAP_SUCCESS ) {
		if ( res != NULL ) {
			*res = NULL;
		}
		return( err );
	}

	if ( ldap_result( ld, msgid, 1, localtimeoutp, res ) == -1 ) {
		/*
		 * Error.  ldap_result() sets *res to NULL for us.
		 */
		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
	}

	if ( LDAP_GET_LDERRNO( ld, NULL, NULL ) == LDAP_TIMEOUT ) {
		(void) ldap_abandon( ld, msgid );
		err = LDAP_TIMEOUT;
		LDAP_SET_LDERRNO( ld, err, NULL, NULL );
		if ( res != NULL ) {
			*res = NULL;
		}
		return( err );
	}

	return( ldap_result2error( ld, *res, 0 ) );
}
Ejemplo n.º 4
0
int
ldap_pvt_search_s(
	LDAP *ld,
	LDAP_CONST char *base,
	int scope,
	LDAP_CONST char *filter,
	char **attrs,
	int attrsonly,
	LDAPControl **sctrls,
	LDAPControl **cctrls,
	struct timeval *timeout,
	int sizelimit,
	int deref,
	LDAPMessage **res )
{
	int rc;
	int	msgid;

    *res = NULL;

	rc = ldap_pvt_search( ld, base, scope, filter, attrs, attrsonly,
		sctrls, cctrls, timeout, sizelimit, deref, &msgid );

	if ( rc != LDAP_SUCCESS ) {
		return( rc );
	}

	rc = ldap_result( ld, msgid, LDAP_MSG_ALL, timeout, res );

	if( rc <= 0 ) {
		/* error(-1) or timeout(0) */
		if ( ld->ld_errno == LDAP_TIMEOUT ) {
			/* cleanup request */
			(void) ldap_abandon( ld, msgid );
			ld->ld_errno = LDAP_TIMEOUT;
		}
		return( ld->ld_errno );
	}

	if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_INTERMEDIATE ) {
		return( ld->ld_errno );
	}

	return( ldap_result2error( ld, *res, 0 ) );
}
Ejemplo n.º 5
0
/*
 * We need a version of ldap_bind that times out, otherwise all
 * of Postfix can get wedged during daemon initialization.
 */
static int dict_ldap_bind_st(DICT_LDAP *dict_ldap)
{
    int     msgid;
    LDAPMessage *res;
    struct timeval mytimeval;

    if ((msgid = ldap_bind(dict_ldap->ld, dict_ldap->bind_dn,
			   dict_ldap->bind_pw, LDAP_AUTH_SIMPLE)) == -1)
	return (dict_ldap_get_errno(dict_ldap->ld));

    mytimeval.tv_sec = dict_ldap->timeout;
    mytimeval.tv_usec = 0;

    if (ldap_result(dict_ldap->ld, msgid, 1, &mytimeval, &res) == -1)
	return (dict_ldap_get_errno(dict_ldap->ld));

    if (dict_ldap_get_errno(dict_ldap->ld) == LDAP_TIMEOUT) {
	(void) ldap_abandon(dict_ldap->ld, msgid);
	return (dict_ldap_set_errno(dict_ldap->ld, LDAP_TIMEOUT));
    }
    return (ldap_result2error(dict_ldap->ld, res, 1));
}
Ejemplo n.º 6
0
int
LDAP_CALL
ldap_url_search_st( LDAP *ld, const char *url, int attrsonly,
	struct timeval *timeout, LDAPMessage **res )
{
	int	msgid;

	/*
	 * It is an error to pass in a zero'd timeval.
	 */
	if ( timeout != NULL && timeout->tv_sec == 0 &&
	    timeout->tv_usec == 0 ) {
		if ( ld != NULL ) {
			LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
		}
		if ( res != NULL ) {
			*res = NULL;
		}
                return( LDAP_PARAM_ERROR );
        }

	if (( msgid = ldap_url_search( ld, url, attrsonly )) == -1 ) {
		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
	}

	if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 ) {
		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
	}

	if ( LDAP_GET_LDERRNO( ld, NULL, NULL ) == LDAP_TIMEOUT ) {
		(void) ldap_abandon( ld, msgid );
		LDAP_SET_LDERRNO( ld, LDAP_TIMEOUT, NULL, NULL );
		return( LDAP_TIMEOUT );
	}

	return( ldap_result2error( ld, *res, 0 ));
}
Ejemplo n.º 7
0
sInt32 CLDAPNode::BindProc ( sLDAPNodeStruct *inLDAPNodeStruct )
{

    sInt32				siResult		= eDSNoErr;
    int					bindMsgId		= 0;
	int					version			= -1;
    sLDAPConfigData	   *pConfig			= nil;
    char			   *ldapAcct		= nil;
    char			   *ldapPasswd		= nil;
    int					openTO			= 0;
	LDAP			   *inLDAPHost		= inLDAPNodeStruct->fHost;
	LDAPMessage		   *result			= nil;
	int					ldapReturnCode	= 0;

	try
	{
		if ( inLDAPNodeStruct == nil ) throw( (sInt32)eDSNullParameter );
		
		if (inLDAPNodeStruct->fLDAPSessionMutex != nil)
		{
			inLDAPNodeStruct->fLDAPSessionMutex->Wait();
		}
        // Here is the bind to the LDAP server
		// Note that there may be stored name/password in the config table
		// ie. always use the config table data if authentication has not explicitly been set
		// use LDAPAuthNodeMap if inLDAPNodeStruct contains a username
		
		//check that we were already here
		if (inLDAPHost == NULL)
		{
			//retrieve the config data
			//don't need to retrieve for the case of "generic unknown" so don't check index 0
			if (( inLDAPNodeStruct->fLDAPConfigTableIndex < gConfigTableLen) && ( inLDAPNodeStruct->fLDAPConfigTableIndex >= 1 ))
			{
				pConfig = (sLDAPConfigData *)gConfigTable->GetItemData( inLDAPNodeStruct->fLDAPConfigTableIndex );
				if (pConfig != nil)
				{
					if ( (pConfig->bSecureUse) && (inLDAPNodeStruct->fUserName == nil) )
					{
						if (pConfig->fServerAccount != nil)
						{
							ldapAcct = new char[1+::strlen(pConfig->fServerAccount)];
							::strcpy( ldapAcct, pConfig->fServerAccount );
						}
						if (pConfig->fServerPassword != nil)
						{
							ldapPasswd = new char[1+::strlen(pConfig->fServerPassword)];
							::strcpy( ldapPasswd, pConfig->fServerPassword );
						}
					}
					else
					{
						if (inLDAPNodeStruct->fUserName != nil)
						{
							ldapAcct = new char[1+::strlen(inLDAPNodeStruct->fUserName)];
							::strcpy( ldapAcct, inLDAPNodeStruct->fUserName );
						}
						if (inLDAPNodeStruct->fAuthCredential != nil)
						{
							if (inLDAPNodeStruct->fAuthType != nil)
							{
								//auth type of clear text means char * password
								if (strcmp(inLDAPNodeStruct->fAuthType,kDSStdAuthClearText) == 0)
								{
									ldapPasswd = new char[1+::strlen((char*)(inLDAPNodeStruct->fAuthCredential))];
									::strcpy( ldapPasswd, (char*)(inLDAPNodeStruct->fAuthCredential) );
								}
							}
							else //default is password
							{
								ldapPasswd = new char[1+::strlen((char*)(inLDAPNodeStruct->fAuthCredential))];
								::strcpy( ldapPasswd, (char*)(inLDAPNodeStruct->fAuthCredential) );
							}
						}
					}
					openTO		= pConfig->fOpenCloseTimeout;
				}
			}

			if (inLDAPNodeStruct->fLDAPConfigTableIndex != 0)
			{
				if (pConfig != nil)
				{
					inLDAPHost = ldap_init( pConfig->fServerName, pConfig->fServerPort );
				}
			}
			else
			{
				inLDAPHost = ldap_init( inLDAPNodeStruct->fServerName, inLDAPNodeStruct->fDirectLDAPPort );
			}
			
			if ( inLDAPHost == nil ) throw( (sInt32)eDSCannotAccessSession );
			
			if (pConfig != nil)
			{
				if ( pConfig->bIsSSL )
				{
					int ldapOptVal = LDAP_OPT_X_TLS_HARD;
					ldap_set_option(inLDAPHost, LDAP_OPT_X_TLS, &ldapOptVal);
				}
			}
			/* LDAPv3 only */
			version = LDAP_VERSION3;
			ldap_set_option( inLDAPHost, LDAP_OPT_PROTOCOL_VERSION, &version );
			
			//heuristic to prevent many consecutive failures with long timeouts
			//ie. forcing quick failures after first failure during a window of
			//the same length as the timeout value
			//NN fLDAPNodeOpenMutex.Wait();
			if ( inLDAPNodeStruct->bHasFailed )
			{
				if ( time( nil ) < inLDAPNodeStruct->fDelayedBindTime )
				{
					//NN fLDAPNodeOpenMutex.Signal();
					throw( (sInt32)eDSCannotAccessSession );
				}
				else
				{
					inLDAPNodeStruct->bHasFailed = false;
					//fDelayedBindTime then is unused so no need to reset
				}
			}
			//NN fLDAPNodeOpenMutex.Signal();

			//this is our and only our LDAP session for now
			//need to use our timeout so we don't hang indefinitely
			bindMsgId = ldap_bind( inLDAPHost, ldapAcct, ldapPasswd, LDAP_AUTH_SIMPLE );
			
			if (openTO == 0)
			{
				ldapReturnCode = ldap_result(inLDAPHost, bindMsgId, 0, NULL, &result);
			}
			else
			{
				struct	timeval	tv;
				tv.tv_sec		= openTO;
				tv.tv_usec		= 0;
				ldapReturnCode	= ldap_result(inLDAPHost, bindMsgId, 0, &tv, &result);
			}

			if ( ldapReturnCode == -1 )
			{
				throw( (sInt32)eDSCannotAccessSession );
			}
			else if ( ldapReturnCode == 0 )
			{
				// timed out, let's forget it
				ldap_abandon(inLDAPHost, bindMsgId);

				//log this timed out connection
				if (pConfig != nil)
				{
					syslog(LOG_INFO,"DSLDAPv3PlugIn: Timed out in attempt to bind to [%s] LDAP server.", pConfig->fServerName);
					syslog(LOG_INFO,"DSLDAPv3PlugIn: Disabled future attempts to bind to [%s] LDAP server for next %d seconds.", pConfig->fServerName, inLDAPNodeStruct->fDelayRebindTry);
				}
				else
				{
					syslog(LOG_INFO,"DSLDAPv3PlugIn: Timed out in attempt to bind to [%s] LDAP server.", inLDAPNodeStruct->fServerName);
					syslog(LOG_INFO,"DSLDAPv3PlugIn: Disabled future attempts to bind to [%s] LDAP server for next %d seconds.", inLDAPNodeStruct->fServerName, inLDAPNodeStruct->fDelayRebindTry);
				}
				//NN fLDAPNodeOpenMutex.Wait();
				inLDAPNodeStruct->bHasFailed = true;
				inLDAPNodeStruct->fDelayedBindTime = time( nil ) + inLDAPNodeStruct->fDelayRebindTry;
				//NN fLDAPNodeOpenMutex.Signal();
				throw( (sInt32)eDSCannotAccessSession );
			}
			else if ( ldap_result2error(inLDAPHost, result, 1) != LDAP_SUCCESS )
			{
				//NN fLDAPNodeOpenMutex.Wait();
				inLDAPNodeStruct->bHasFailed = true;
				inLDAPNodeStruct->fHost = inLDAPHost;
				//NN fLDAPNodeOpenMutex.Signal();
				throw( (sInt32)eDSCannotAccessSession );
			}
			//NN fLDAPNodeOpenMutex.Wait();
			inLDAPNodeStruct->fHost = inLDAPHost;
			//NN fLDAPNodeOpenMutex.Signal();

			//result is consumed above within ldap_result2error
			result = nil;
		}
		
	} // try
	
	catch ( sInt32 err )
	{
		siResult = err;
	}
	
	if (ldapAcct != nil)
	{
		delete (ldapAcct);
		ldapAcct = nil;
	}
	if (ldapPasswd != nil)
	{
		delete (ldapPasswd);
		ldapPasswd = nil;
	}
	
	if (inLDAPNodeStruct->fLDAPSessionMutex != nil)
	{
		inLDAPNodeStruct->fLDAPSessionMutex->Signal();
	}

	return (siResult);
	
}// BindProc
Ejemplo n.º 8
0
static int
do_bind (LDAP * ldap_connection, int timelimit)
{
	int rc;
	int rv;
	struct timeval tv;
	LDAPMessage *result;

	/*
	 * set timelimit in ld for select() call in ldap_pvt_connect()
	 * function implemented in libldap2's os-ip.c
	 */
  	tv.tv_sec = timelimit;
  	tv.tv_usec = 0;

DBG2("do_bind(): bind DN=\"%s\" pass=\"%s\"",binddn,passwd);

  	/* LDAPv3 doesn't need bind at all,
  	 * nevertheless, if no binddn is given than bind anonymous */
 	if ( ! strncmp(binddn,"",1) ) {
 		rv = ldap_simple_bind(ldap_connection, NULL, NULL);
 	} else {
		rv = ldap_simple_bind(ldap_connection, binddn, passwd);
 	}

	if (rv < 0)
	{
DBG("do_bind: rv < 0");

#if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
		if (ldap_get_option (ldap_connection, LDAP_OPT_ERROR_NUMBER, &rc) !=
            LDAP_SUCCESS)
		{
		  rc = LDAP_UNAVAILABLE;
		}
#else
		rc = ldap_connection->ld_errno;
#endif /* LDAP_OPT_ERROR_NUMBER */
		/* Notify if we failed. */
		DBG3("could not connect to LDAP server as %s - %d - %s",
		  binddn, rc, ldap_err2string (rc));

		return rc;
	}

	rc = ldap_result (ldap_connection, rv, 0, &tv, &result);
	if (rc > 0)
	{
DBG1("do_bind rc=%d", rc);
		/* debug ("<== do_bind"); */
		return ldap_result2error (ldap_connection, result, 1);
	}

	/* took too long */
	if (rc == 0)
	{
DBG("do_bind rc=0");

		ldap_abandon (ldap_connection, rv);
	}

DBG("do_bind return -1");
	return -1;
}
Ejemplo n.º 9
0
static int
cldap_result( LDAP *ld, int msgid, LDAPMessage **res,
	struct cldap_retinfo *crip, char *base )
{
    Sockbuf 		*sb;
    BerElement		ber;
    char		*logdn;
    int			ret, id, fromaddr, i;
    struct timeval	tv;

#if defined( SUN ) && defined( _REENTRANT )
    LOCK_LDAP(ld);
#endif	

    sb = &ld->ld_sb;
    fromaddr = -1;

    if ( crip->cri_try == 0 ) {
	crip->cri_maxtries = ld->ld_cldaptries * sb->sb_naddr;
	crip->cri_timeout = ld->ld_cldaptimeout;
	crip->cri_useaddr = 0;
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 117, "cldap_result tries %1$d timeout %2$d\n"),
		ld->ld_cldaptries, ld->ld_cldaptimeout, 0 );
    }

    if ((tv.tv_sec = crip->cri_timeout / sb->sb_naddr) < 1 ) {
	tv.tv_sec = 1;
    }
    tv.tv_usec = 0;

    Debug( LDAP_DEBUG_TRACE,
	    catgets(slapdcat, 1, 118, "cldap_result waiting up to %d seconds for a response\n"),
	    tv.tv_sec, 0, 0 );
    ber_zero_init( &ber, 0 );
    set_ber_options( ld, &ber );

    if ( cldap_getmsg( ld, &tv, &ber ) == -1 ) {
	ret = ld->ld_errno;
	Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 119, "cldap_getmsg returned -1 (%d)\n"),
		ret, 0, 0 );
    } else if ( ld->ld_errno == LDAP_TIMEOUT ) {
	Debug( LDAP_DEBUG_TRACE,
	    catgets(slapdcat, 1, 120, "cldap_result timed out\n"), 0, 0, 0 );
	/*
	 * It timed out; is it time to give up?
	 */
	if ( ++crip->cri_try >= crip->cri_maxtries ) {
	    ret = LDAP_TIMEOUT;
	    --crip->cri_try;
	} else {
	    if ( ++crip->cri_useaddr >= sb->sb_naddr ) {
		/*
		 * new round: reset address to first one and
		 * double the timeout
		 */
		crip->cri_useaddr = 0;
		crip->cri_timeout <<= 1;
	    }
	    ret = -1;
	}

    } else {
	/*
	 * Got a response.  It should look like:
	 * { msgid, logdn, { searchresponse...}}
	 */
	logdn = NULL;

	if ( ber_scanf( &ber, "ia", &id, &logdn ) == LBER_ERROR ) {
	    free( ber.ber_buf );	/* gack! */
	    ret = LDAP_DECODING_ERROR;
	    Debug( LDAP_DEBUG_TRACE,
		    catgets(slapdcat, 1, 121, "cldap_result: ber_scanf returned LBER_ERROR (%d)\n"),
		    ret, 0, 0 );
	} else if ( id != msgid ) {
	    free( ber.ber_buf );	/* gack! */
	    Debug( LDAP_DEBUG_TRACE,
		    catgets(slapdcat, 1, 122, "cldap_result: looking for msgid %1$d; got %2$d\n"),
		    msgid, id, 0 );
	    ret = -1;	/* ignore and keep looking */
	} else {
	    /*
	     * got a result: determine which server it came from
	     * decode into ldap message chain
	     */
	    for ( fromaddr = 0; fromaddr < sb->sb_naddr; ++fromaddr ) {
		    if ( memcmp( &((struct sockaddr_in *)
			    sb->sb_addrs[ fromaddr ])->sin_addr,
			    &((struct sockaddr_in *)sb->sb_fromaddr)->sin_addr,
			    sizeof( struct in_addr )) == 0 ) {
			break;
		    }
	    }
	    ret = cldap_parsemsg( ld, msgid, &ber, res, base );
	    free( ber.ber_buf );	/* gack! */
	    Debug( LDAP_DEBUG_TRACE,
		catgets(slapdcat, 1, 123, "cldap_result got result (%d)\n"), ret, 0, 0 );
	}

	if ( logdn != NULL ) {
		free( logdn );
	}
    }
    

    /*
     * If we are giving up (successfully or otherwise) then 
     * abandon any outstanding requests.
     */
    if ( ret != -1 ) {
	i = crip->cri_try;
	if ( i >= sb->sb_naddr ) {
	    i = sb->sb_naddr - 1;
	}

	for ( ; i >= 0; --i ) {
	    if ( i == fromaddr ) {
		continue;
	    }
	    sb->sb_useaddr = sb->sb_addrs[ i ];
	    Debug( LDAP_DEBUG_TRACE, catgets(slapdcat, 1, 124, "cldap_result abandoning id %1$d (to %2$s)\n"),
		msgid, inet_ntoa( ((struct sockaddr_in *)
		sb->sb_useaddr)->sin_addr ), 0 );
	    (void) ldap_abandon( ld, msgid );
	}
    }

#if defined( SUN ) && defined( _REENTRANT )
    UNLOCK_LDAP(ld);
#endif
    return( ld->ld_errno = ret );
}
Ejemplo n.º 10
0
static krb5_error_code
LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
{
    int msgid, rc, parserc;
    krb5_error_code ret;
    LDAPMessage *e;

    msgid = HDB2MSGID(db);
    if (msgid < 0)
	return HDB_ERR_NOENTRY;

    do {
	rc = ldap_result(HDB2LDAP(db), msgid, LDAP_MSG_ONE, NULL, &e);
	switch (rc) {
	case LDAP_RES_SEARCH_REFERENCE:
	    ldap_msgfree(e);
	    ret = 0;
	    break;
	case LDAP_RES_SEARCH_ENTRY:
	    /* We have an entry. Parse it. */
	    ret = LDAP_message2entry(context, db, e, entry);
	    ldap_msgfree(e);
	    break;
	case LDAP_RES_SEARCH_RESULT:
	    /* We're probably at the end of the results. If not, abandon. */
	    parserc =
		ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL,
				  NULL, NULL, 1);
	    if (parserc != LDAP_SUCCESS
		&& parserc != LDAP_MORE_RESULTS_TO_RETURN) {
	        krb5_set_error_string(context, "ldap_parse_result: %s",
				      ldap_err2string(parserc));
		ldap_abandon(HDB2LDAP(db), msgid);
	    }
	    ret = HDB_ERR_NOENTRY;
	    HDBSETMSGID(db, -1);
	    break;
	case LDAP_SERVER_DOWN:
	    ldap_msgfree(e);
	    LDAP_close(context, db);
	    HDBSETMSGID(db, -1);
	    ret = ENETDOWN;
	    break;
	default:
	    /* Some unspecified error (timeout?). Abandon. */
	    ldap_msgfree(e);
	    ldap_abandon(HDB2LDAP(db), msgid);
	    ret = HDB_ERR_NOENTRY;
	    HDBSETMSGID(db, -1);
	    break;
	}
    } while (rc == LDAP_RES_SEARCH_REFERENCE);

    if (ret == 0) {
	if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
	    ret = hdb_unseal_keys(context, db, entry);
	    if (ret)
		hdb_free_entry(context,entry);
	}
    }

    return ret;
}
Ejemplo n.º 11
0
int
main( int argc, char **argv )
{
	LDAP		*ld = NULL;
	int		i, c, port, errflg, method, id, msgtype;
	char		line[256], command1, command2, command3;
	char		passwd[64], dn[256], rdn[64], attr[64], value[256];
	char		filter[256], *host, **types;
	char		**exdn;
	static const char usage[] =
		"usage: %s [-u] [-h host] [-d level] [-s dnsuffix] [-p port] [-t file] [-T file]\n";
	int		bound, all, scope, attrsonly;
	LDAPMessage	*res;
	LDAPMod		**mods, **attrs;
	struct timeval	timeout;
	char		*copyfname = NULL;
	int		copyoptions = 0;
	LDAPURLDesc	*ludp;

	host = NULL;
	port = LDAP_PORT;
	dnsuffix = "";
	errflg = 0;

	while (( c = getopt( argc, argv, "h:d:s:p:t:T:" )) != -1 ) {
		switch( c ) {
		case 'd':
#ifdef LDAP_DEBUG
			ldap_debug = atoi( optarg );
#ifdef LBER_DEBUG
			if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
				ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
			}
#endif
#else
			printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
			break;

		case 'h':
			host = optarg;
			break;

		case 's':
			dnsuffix = optarg;
			break;

		case 'p':
			port = atoi( optarg );
			break;

		case 't':	/* copy ber's to given file */
			copyfname = strdup( optarg );
/*			copyoptions = LBER_TO_FILE; */
			break;

		case 'T':	/* only output ber's to given file */
			copyfname = strdup( optarg );
/*			copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY); */
			break;

		default:
		    ++errflg;
		}
	}

	if ( host == NULL && optind == argc - 1 ) {
		host = argv[ optind ];
		++optind;
	}

	if ( errflg || optind < argc - 1 ) {
		fprintf( stderr, usage, argv[ 0 ] );
		exit( EXIT_FAILURE );
	}
	
	printf( "ldap_init( %s, %d )\n",
		host == NULL ? "(null)" : host, port );

	ld = ldap_init( host, port );

	if ( ld == NULL ) {
		perror( "ldap_init" );
		exit( EXIT_FAILURE );
	}

	if ( copyfname != NULL ) {
		if ( ( ld->ld_sb->sb_fd = open( copyfname, O_WRONLY|O_CREAT|O_EXCL,
		    0600 ))  == -1 ) {
			perror( copyfname );
			exit ( EXIT_FAILURE );
		}
		ld->ld_sb->sb_options = copyoptions;
	}

	bound = 0;
	timeout.tv_sec = 0;
	timeout.tv_usec = 0;

	(void) memset( line, '\0', sizeof(line) );
	while ( get_line( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) {
		command1 = line[0];
		command2 = line[1];
		command3 = line[2];

		switch ( command1 ) {
		case 'a':	/* add or abandon */
			switch ( command2 ) {
			case 'd':	/* add */
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (attrs = get_modlist( NULL, "attr? ",
				    "value? " )) == NULL )
					break;
				if ( (id = ldap_add( ld, dn, attrs )) == -1 )
					ldap_perror( ld, "ldap_add" );
				else
					printf( "Add initiated with id %d\n",
					    id );
				break;

			case 'b':	/* abandon */
				get_line( line, sizeof(line), stdin, "msgid? " );
				id = atoi( line );
				if ( ldap_abandon( ld, id ) != 0 )
					ldap_perror( ld, "ldap_abandon" );
				else
					printf( "Abandon successful\n" );
				break;
			default:
				printf( "Possibilities: [ad]d, [ab]ort\n" );
			}
			break;

		case 'b':	/* asynch bind */
			method = LDAP_AUTH_SIMPLE;
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );

			if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' )
				get_line( passwd, sizeof(passwd), stdin,
				    "password? " );
			else
				passwd[0] = '\0';

			if ( ldap_bind( ld, dn, passwd, method ) == -1 ) {
				fprintf( stderr, "ldap_bind failed\n" );
				ldap_perror( ld, "ldap_bind" );
			} else {
				printf( "Bind initiated\n" );
				bound = 1;
			}
			break;

		case 'B':	/* synch bind */
			method = LDAP_AUTH_SIMPLE;
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );

			if ( dn[0] != '\0' )
				get_line( passwd, sizeof(passwd), stdin,
				    "password? " );
			else
				passwd[0] = '\0';

			if ( ldap_bind_s( ld, dn, passwd, method ) !=
			    LDAP_SUCCESS ) {
				fprintf( stderr, "ldap_bind_s failed\n" );
				ldap_perror( ld, "ldap_bind_s" );
			} else {
				printf( "Bind successful\n" );
				bound = 1;
			}
			break;

		case 'c':	/* compare */
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );
			get_line( attr, sizeof(attr), stdin, "attr? " );
			get_line( value, sizeof(value), stdin, "value? " );

			if ( (id = ldap_compare( ld, dn, attr, value )) == -1 )
				ldap_perror( ld, "ldap_compare" );
			else
				printf( "Compare initiated with id %d\n", id );
			break;

		case 'd':	/* turn on debugging */
#ifdef LDAP_DEBUG
			get_line( line, sizeof(line), stdin, "debug level? " );
			ldap_debug = atoi( line );
#ifdef LBER_DEBUG
			if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
				ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
			}
#endif
#else
			printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
			break;

		case 'E':	/* explode a dn */
			get_line( line, sizeof(line), stdin, "dn? " );
			exdn = ldap_explode_dn( line, 0 );
			for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) {
				printf( "\t%s\n", exdn[i] );
			}
			break;

		case 'g':	/* set next msgid */
			get_line( line, sizeof(line), stdin, "msgid? " );
			ld->ld_msgid = atoi( line );
			break;

		case 'v':	/* set version number */
			get_line( line, sizeof(line), stdin, "version? " );
			ld->ld_version = atoi( line );
			break;

		case 'm':	/* modify or modifyrdn */
			if ( strncmp( line, "modify", 4 ) == 0 ) {
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (mods = get_modlist(
				    "mod (0=>add, 1=>delete, 2=>replace -1=>done)? ",
				    "attribute type? ", "attribute value? " ))
				    == NULL )
					break;
				if ( (id = ldap_modify( ld, dn, mods )) == -1 )
					ldap_perror( ld, "ldap_modify" );
				else
					printf( "Modify initiated with id %d\n",
					    id );
			} else if ( strncmp( line, "modrdn", 4 ) == 0 ) {
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				get_line( rdn, sizeof(rdn), stdin, "newrdn? " );
				if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 )
					ldap_perror( ld, "ldap_modrdn" );
				else
					printf( "Modrdn initiated with id %d\n",
					    id );
			} else {
				printf( "Possibilities: [modi]fy, [modr]dn\n" );
			}
			break;

		case 'q':	/* quit */
			ldap_unbind( ld );
			exit( EXIT_SUCCESS );
			break;

		case 'r':	/* result or remove */
			switch ( command3 ) {
			case 's':	/* result */
				get_line( line, sizeof(line), stdin,
				    "msgid (-1=>any)? " );
				if ( line[0] == '\0' )
					id = -1;
				else
					id = atoi( line );
				get_line( line, sizeof(line), stdin,
				    "all (0=>any, 1=>all)? " );
				if ( line[0] == '\0' )
					all = 1;
				else
					all = atoi( line );
				if (( msgtype = ldap_result( ld, id, all,
				    &timeout, &res )) < 1 ) {
					ldap_perror( ld, "ldap_result" );
					break;
				}
				printf( "\nresult: msgtype %d msgid %d\n",
				    msgtype, res->lm_msgid );
				handle_result( ld, res );
				res = NULL;
				break;

			case 'm':	/* remove */
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (id = ldap_delete( ld, dn )) == -1 )
					ldap_perror( ld, "ldap_delete" );
				else
					printf( "Remove initiated with id %d\n",
					    id );
				break;

			default:
				printf( "Possibilities: [rem]ove, [res]ult\n" );
				break;
			}
			break;

		case 's':	/* search */
			get_line( dn, sizeof(dn), stdin, "searchbase? " );
			strcat( dn, dnsuffix );
			get_line( line, sizeof(line), stdin,
			    "scope (0=baseObject, 1=oneLevel, 2=subtree, 3=children)? " );
			scope = atoi( line );
			get_line( filter, sizeof(filter), stdin,
			    "search filter (e.g. sn=jones)? " );
			types = get_list( "attrs to return? " );
			get_line( line, sizeof(line), stdin,
			    "attrsonly (0=attrs&values, 1=attrs only)? " );
			attrsonly = atoi( line );

			    if (( id = ldap_search( ld, dn, scope, filter,
				    types, attrsonly  )) == -1 ) {
				ldap_perror( ld, "ldap_search" );
			    } else {
				printf( "Search initiated with id %d\n", id );
			    }
			free_list( types );
			break;

		case 't':	/* set timeout value */
			get_line( line, sizeof(line), stdin, "timeout? " );
			timeout.tv_sec = atoi( line );
			break;

		case 'p':	/* parse LDAP URL */
			get_line( line, sizeof(line), stdin, "LDAP URL? " );
			if (( i = ldap_url_parse( line, &ludp )) != 0 ) {
			    fprintf( stderr, "ldap_url_parse: error %d\n", i );
			} else {
			    printf( "\t  host: " );
			    if ( ludp->lud_host == NULL ) {
				printf( "DEFAULT\n" );
			    } else {
				printf( "<%s>\n", ludp->lud_host );
			    }
			    printf( "\t  port: " );
			    if ( ludp->lud_port == 0 ) {
				printf( "DEFAULT\n" );
			    } else {
				printf( "%d\n", ludp->lud_port );
			    }
			    printf( "\t    dn: <%s>\n", ludp->lud_dn );
			    printf( "\t attrs:" );
			    if ( ludp->lud_attrs == NULL ) {
				printf( " ALL" );
			    } else {
				for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) {
				    printf( " <%s>", ludp->lud_attrs[ i ] );
				}
			    }
			    printf( "\n\t scope: %s\n",
					ludp->lud_scope == LDAP_SCOPE_BASE ? "baseObject"
					: ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "oneLevel"
					: ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "subtree"
#ifdef LDAP_SCOPE_SUBORDINATE
					: ludp->lud_scope == LDAP_SCOPE_SUBORDINATE ? "children"
#endif
					: "**invalid**" );
			    printf( "\tfilter: <%s>\n", ludp->lud_filter );
			    ldap_free_urldesc( ludp );
			}
			    break;

		case 'n':	/* set dn suffix, for convenience */
			get_line( line, sizeof(line), stdin, "DN suffix? " );
			strcpy( dnsuffix, line );
			break;

		case 'o':	/* set ldap options */
			get_line( line, sizeof(line), stdin, "alias deref (0=never, 1=searching, 2=finding, 3=always)?" );
			ld->ld_deref = atoi( line );
			get_line( line, sizeof(line), stdin, "timelimit?" );
			ld->ld_timelimit = atoi( line );
			get_line( line, sizeof(line), stdin, "sizelimit?" );
			ld->ld_sizelimit = atoi( line );

			LDAP_BOOL_ZERO(&ld->ld_options);

			get_line( line, sizeof(line), stdin,
				"Recognize and chase referrals (0=no, 1=yes)?" );
			if ( atoi( line ) != 0 ) {
				LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_REFERRALS);
				get_line( line, sizeof(line), stdin,
					"Prompt for bind credentials when chasing referrals (0=no, 1=yes)?" );
				if ( atoi( line ) != 0 ) {
					ldap_set_rebind_proc( ld, bind_prompt, NULL );
				}
			}
			break;

		case '?':	/* help */
			printf(
"Commands: [ad]d         [ab]andon         [b]ind\n"
"          [B]ind async  [c]ompare\n"
"          [modi]fy      [modr]dn          [rem]ove\n"
"          [res]ult      [s]earch          [q]uit/unbind\n\n"
"          [d]ebug       set ms[g]id\n"
"          d[n]suffix    [t]imeout         [v]ersion\n"
"          [?]help       [o]ptions"
"          [E]xplode dn  [p]arse LDAP URL\n" );
			break;

		default:
			printf( "Invalid command.  Type ? for help.\n" );
			break;
		}

		(void) memset( line, '\0', sizeof(line) );
	}

	return( 0 );
}
Ejemplo n.º 12
0
/*
 * Do an LDAP lookup to the server described in the info argument.
 *
 * Args      info -- LDAP info for server.
 *         string -- String to lookup.
 *           cust -- Possible custom filter description.
 *         wp_err -- We set this is we get a white pages error.
 *  name_in_error -- Caller sets this if they want us to include the server
 *                   name in error messages.
 *
 * Returns  Results of lookup, NULL if lookup failed.
 */
LDAP_SERV_RES_S *
ldap_lookup(LDAP_SERV_S *info, char *string, CUSTOM_FILT_S *cust,
	    WP_ERR_S *wp_err, int name_in_error)
{
    char     ebuf[900];
    char     buf[900];
    char    *serv, *base, *serv_errstr;
    char    *mailattr, *snattr, *gnattr, *cnattr;
    int      we_cancel = 0, we_turned_on = 0;
    LDAP_SERV_RES_S *serv_res = NULL;
    LDAP *ld;
    long  pwdtrial = 0L;
    int   ld_errnum;
    char *ld_errstr;


    if(!info)
      return(serv_res);

    serv = cpystr((info->serv && *info->serv) ? info->serv : "?");

    if(name_in_error)
      snprintf(ebuf, sizeof(ebuf), " (%s)",
	      (info->nick && *info->nick) ? info->nick : serv);
    else
      ebuf[0] = '\0';

    serv_errstr = cpystr(ebuf);
    base = cpystr(info->base ? info->base : "");

    if(info->port < 0)
      info->port = LDAP_PORT;

    if(info->type < 0)
      info->type = DEF_LDAP_TYPE;

    if(info->srch < 0)
      info->srch = DEF_LDAP_SRCH;
	
    if(info->time < 0)
      info->time = DEF_LDAP_TIME;

    if(info->size < 0)
      info->size = DEF_LDAP_SIZE;

    if(info->scope < 0)
      info->scope = DEF_LDAP_SCOPE;

    mailattr = (info->mailattr && info->mailattr[0]) ? info->mailattr
						     : DEF_LDAP_MAILATTR;
    snattr = (info->snattr && info->snattr[0]) ? info->snattr
						     : DEF_LDAP_SNATTR;
    gnattr = (info->gnattr && info->gnattr[0]) ? info->gnattr
						     : DEF_LDAP_GNATTR;
    cnattr = (info->cnattr && info->cnattr[0]) ? info->cnattr
						     : DEF_LDAP_CNATTR;

    /*
     * We may want to keep ldap handles open, but at least for
     * now, re-open them every time.
     */

    dprint((3, "ldap_lookup(%s,%d)\n", serv ? serv : "?", info->port));

    snprintf(ebuf, sizeof(ebuf), "Searching%s%s%s on %s",
	    (string && *string) ? " for \"" : "",
	    (string && *string) ? string : "",
	    (string && *string) ? "\"" : "",
	    serv);
    we_turned_on = intr_handling_on();		/* this erases keymenu */
    we_cancel = busy_cue(ebuf, NULL, 0);
    if(wp_err->mangled)
      *(wp_err->mangled) = 1;

#ifdef _SOLARIS_SDK
    if(info->tls || info->tlsmust)
      ldapssl_client_init(NULL, NULL);
    if((ld = ldap_init(serv, info->port)) == NULL)
#else
#if (LDAPAPI >= 11)
    if((ld = ldap_init(serv, info->port)) == NULL)
#else
    if((ld = ldap_open(serv, info->port)) == NULL)
#endif
#endif
    {
      /* TRANSLATORS: All of the three args together are an error message */
      snprintf(ebuf, sizeof(ebuf), _("Access to LDAP server failed: %s%s(%s)"),
	      errno ? error_description(errno) : "",
	      errno ? " " : "",
	      serv);
      wp_err->wp_err_occurred = 1;
      if(wp_err->error)
	fs_give((void **)&wp_err->error);

      wp_err->error = cpystr(ebuf);
      if(we_cancel)
        cancel_busy_cue(-1);

      q_status_message(SM_ORDER, 3, 5, wp_err->error);
      display_message('x');
      dprint((2, "%s\n", ebuf));
    }
    else if(!ps_global->intr_pending){
      int proto = 3, tlsmustbail = 0;
      char pwd[NETMAXPASSWD], user[NETMAXUSER];
      char *passwd = NULL;
      char hostbuf[1024];
      NETMBX mb;
#ifndef _WINDOWS
      int rc;
#endif

      memset(&mb, 0, sizeof(mb));

#ifdef _SOLARIS_SDK
      if(info->tls || info->tlsmust)
	rc = ldapssl_install_routines(ld);
#endif

      if(ldap_v3_is_supported(ld) &&
	 our_ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto) == 0){
	dprint((5, "ldap: using version 3 protocol\n"));
      }

      /*
       * If we don't set RESTART then the select() waiting for the answer
       * in libldap will be interrupted and stopped by our busy_cue.
       */
      our_ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);

      /*
       * If we need to authenticate, get the password. We are not
       * supporting SASL authentication, just LDAP simple.
       */
      if(info->binddn && info->binddn[0]){
	  char pmt[500];
	  char *space;

	  snprintf(hostbuf, sizeof(hostbuf), "{%s}dummy", info->serv ? info->serv : "?");

	  /*
	   * We don't handle multiple space-delimited hosts well.
	   * We don't know which we're asking for a password for.
	   * We're not connected yet so we can't know.
	   */
	  if((space=strindex(hostbuf, ' ')) != NULL)
	    *space = '\0';

	  mail_valid_net_parse_work(hostbuf, &mb, "ldap");
	  mb.port = info->port;
	  mb.tlsflag = (info->tls || info->tlsmust) ? 1 : 0;

try_password_again:

	  if(mb.tlsflag
	     && (pwdtrial > 0 || 
#ifndef _WINDOWS
#ifdef _SOLARIS_SDK
		 (rc == LDAP_SUCCESS)
#else /* !_SOLARIS_SDK */
		 ((rc=ldap_start_tls_s(ld, NULL, NULL)) == LDAP_SUCCESS)
#endif /* !_SOLARIS_SDK */
#else /* _WINDOWS */
		 0  /* TODO: find a way to do this in Windows */
#endif /* _WINDOWS */
		 ))
	    mb.tlsflag = 1;
	  else
	    mb.tlsflag = 0;

	  if((info->tls || info->tlsmust) && !mb.tlsflag){
	    q_status_message(SM_ORDER, 3, 5, "Not able to start TLS encryption for LDAP server");
	    if(info->tlsmust)
	      tlsmustbail++;
	  }

	  if(!tlsmustbail){
	      snprintf(pmt, sizeof(pmt), "  %s", (info->nick && *info->nick) ? info->nick : serv);
	      mm_login_work(&mb, user, pwd, pwdtrial, pmt, info->binddn);
	      if(pwd && pwd[0])
		passwd = pwd;
	  }
      }


      /*
       * LDAPv2 requires the bind. v3 doesn't require it but we want
       * to tell the server we're v3 if the server supports v3, and if the
       * server doesn't support v3 the bind is required.
       */
      if(tlsmustbail || ldap_simple_bind_s(ld, info->binddn, passwd) != LDAP_SUCCESS){
	wp_err->wp_err_occurred = 1;

	ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);

        if(!tlsmustbail && info->binddn && info->binddn[0] && pwdtrial < 2L
	   && ld_errnum == LDAP_INVALID_CREDENTIALS){
	  pwdtrial++;
          q_status_message(SM_ORDER, 3, 5, _("Invalid password"));
	  goto try_password_again;
	}

	snprintf(ebuf, sizeof(ebuf), _("LDAP server failed: %s%s%s%s"),
		ldap_err2string(ld_errnum),
		serv_errstr,
		(ld_errstr && *ld_errstr) ? ": " : "",
		(ld_errstr && *ld_errstr) ? ld_errstr : "");

        if(wp_err->error)
	  fs_give((void **)&wp_err->error);

        if(we_cancel)
          cancel_busy_cue(-1);

	ldap_unbind(ld);
        wp_err->error = cpystr(ebuf);
        q_status_message(SM_ORDER, 3, 5, wp_err->error);
        display_message('x');
	dprint((2, "%s\n", ebuf));
      }
      else if(!ps_global->intr_pending){
	int          srch_res, args, slen, flen;
#define TEMPLATELEN 512
	char         filt_template[TEMPLATELEN + 1];
	char         filt_format[2*TEMPLATELEN + 1];
	char         filter[2*TEMPLATELEN + 1];
	char         scp[2*TEMPLATELEN + 1];
	char        *p, *q;
	LDAPMessage *res = NULL;
	int intr_happened = 0;
	int tl;

	tl = (info->time == 0) ? info->time : info->time + 10;

	our_ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &tl);
	our_ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &info->size);

	/*
	 * If a custom filter has been passed in and it doesn't include a
	 * request to combine it with the configured filter, then replace
	 * any configured filter with the passed in filter.
	 */
	if(cust && cust->filt && !cust->combine){
	    if(info->cust)
	      fs_give((void **)&info->cust);
	    
	    info->cust = cpystr(cust->filt);
	}

	if(info->cust && *info->cust){	/* use custom filter if present */
	    strncpy(filt_template, info->cust, sizeof(filt_template));
	    filt_template[sizeof(filt_template)-1] = '\0';
	}
	else{				/* else use configured filter */
	    switch(info->type){
	      case LDAP_TYPE_SUR:
		snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", snattr);
		break;
	      case LDAP_TYPE_GIVEN:
		snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", gnattr);
		break;
	      case LDAP_TYPE_EMAIL:
		snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", mailattr);
		break;
	      case LDAP_TYPE_CN_EMAIL:
		snprintf(filt_template, sizeof(filt_template), "(|(%s=%%s)(%s=%%s))", cnattr,
			mailattr);
		break;
	      case LDAP_TYPE_SUR_GIVEN:
		snprintf(filt_template, sizeof(filt_template), "(|(%s=%%s)(%s=%%s))",
			snattr, gnattr);
		break;
	      case LDAP_TYPE_SEVERAL:
		snprintf(filt_template, sizeof(filt_template),
			"(|(%s=%%s)(%s=%%s)(%s=%%s)(%s=%%s))",
			cnattr, mailattr, snattr, gnattr);
		break;
	      default:
	      case LDAP_TYPE_CN:
		snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", cnattr);
		break;
	    }
	}

	/* just copy if custom */
	if(info->cust && *info->cust)
	  info->srch = LDAP_SRCH_EQUALS;

	p = filt_template;
	q = filt_format;
	memset((void *)filt_format, 0, sizeof(filt_format));
	args = 0;
	while(*p && (q - filt_format) + 4 < sizeof(filt_format)){
	    if(*p == '%' && *(p+1) == 's'){
		args++;
		switch(info->srch){
		  /* Exact match */
		  case LDAP_SRCH_EQUALS:
		    *q++ = *p++;
		    *q++ = *p++;
		    break;

		  /* Append wildcard after %s */
		  case LDAP_SRCH_BEGINS:
		    *q++ = *p++;
		    *q++ = *p++;
		    *q++ = '*';
		    break;

		  /* Insert wildcard before %s */
		  case LDAP_SRCH_ENDS:
		    *q++ = '*';
		    *q++ = *p++;
		    *q++ = *p++;
		    break;

		  /* Put wildcard before and after %s */
		  default:
		  case LDAP_SRCH_CONTAINS:
		    *q++ = '*';
		    *q++ = *p++;
		    *q++ = *p++;
		    *q++ = '*';
		    break;
		}
	    }
	    else
	      *q++ = *p++;
	}

	if(q - filt_format < sizeof(filt_format))
	  *q = '\0';

	filt_format[sizeof(filt_format)-1] = '\0';

	/*
	 * If combine is lit we put the custom filter and the filt_format
	 * filter and combine them with an &.
	 */
	if(cust && cust->filt && cust->combine){
	    char *combined;
	    size_t l;

	    l = strlen(filt_format) + strlen(cust->filt) + 3;
	    combined = (char *) fs_get((l+1) * sizeof(char));
	    snprintf(combined, l+1, "(&%s%s)", cust->filt, filt_format);
	    strncpy(filt_format, combined, sizeof(filt_format));
	    filt_format[sizeof(filt_format)-1] = '\0';
	    fs_give((void **) &combined);
	}

	/*
	 * Ad hoc attempt to make "Steve Hubert" match
	 * Steven Hubert but not Steven Shubert.
	 * We replace a <SPACE> with * <SPACE> (not * <SPACE> *).
	 */
	memset((void *)scp, 0, sizeof(scp));
	if(info->nosub)
	  strncpy(scp, string, sizeof(scp));
	else{
	    p = string;
	    q = scp;
	    while(*p && (q - scp) + 1 < sizeof(scp)){
		if(*p == SPACE && *(p+1) != SPACE){
		    *q++ = '*';
		    *q++ = *p++;
		}
		else
		  *q++ = *p++;
	    }
	}

	scp[sizeof(scp)-1] = '\0';

	slen = strlen(scp);
	flen = strlen(filt_format);
	/* truncate string if it will overflow filter */
	if(args*slen + flen - 2*args > sizeof(filter)-1)
	  scp[(sizeof(filter)-1 - flen)/args] = '\0';

	/*
	 * Replace %s's with scp.
	 */
	switch(args){
	  case 0:
	    snprintf(filter, sizeof(filter), "%s", filt_format);
	    break;
	  case 1:
	    snprintf(filter, sizeof(filter), filt_format, scp);
	    break;
	  case 2:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp);
	    break;
	  case 3:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp);
	    break;
	  case 4:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp);
	    break;
	  case 5:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp);
	    break;
	  case 6:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp);
	    break;
	  case 7:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp);
	    break;
	  case 8:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
		    scp);
	    break;
	  case 9:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
		    scp, scp);
	    break;
	  case 10:
	  default:
	    snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
		    scp, scp, scp);
	    break;
	}

	/* replace double *'s with single *'s in filter */
	for(p = q = filter; *p; p++)
	  if(*p != '*' || p == filter || *(p-1) != '*')
	    *q++ = *p;

	*q = '\0';

	(void) removing_double_quotes(base);
	dprint((5, "about to ldap_search(\"%s\", %s)\n",
	       base ? base : "?", filter ? filter : "?"));
        if(ps_global->intr_pending)
	  srch_res = LDAP_PROTOCOL_ERROR;
	else{
	  int msgid;
	  time_t start_time;

	  start_time = time((time_t *)0);

	  dprint((6, "ldap_lookup: calling ldap_search\n"));
	  msgid = ldap_search(ld, base, info->scope, filter, NULL, 0);

	  if(msgid == -1)
	    srch_res = our_ldap_get_lderrno(ld, NULL, NULL);
	  else{
	    int lres;
	    /*
	     * Warning: struct timeval is not portable. However, since it is
	     * part of LDAP api it must be portable to all platforms LDAP
	     * has been ported to.
	     */
	    struct timeval t;

	    t.tv_sec  = 1; t.tv_usec = 0;
	      
	    do {
	      if(ps_global->intr_pending)
		intr_happened = 1;

	      dprint((6, "ldap_result(id=%d): ", msgid));
	      if((lres=ldap_result(ld, msgid, LDAP_MSG_ALL, &t, &res)) == -1){
	        /* error */
		srch_res = our_ldap_get_lderrno(ld, NULL, NULL);
	        dprint((6, "error (-1 returned): ld_errno=%d\n",
			   srch_res));
	      }
	      else if(lres == 0){  /* timeout, no results available */
		if(intr_happened){
		  ldap_abandon(ld, msgid);
		  srch_res = LDAP_PROTOCOL_ERROR;
		  if(our_ldap_get_lderrno(ld, NULL, NULL) == LDAP_SUCCESS)
		    our_ldap_set_lderrno(ld, LDAP_PROTOCOL_ERROR, NULL, NULL);

	          dprint((6, "timeout, intr: srch_res=%d\n",
			     srch_res));
		}
		else if(info->time > 0 &&
			((long)time((time_t *)0) - start_time) > info->time){
		  /* try for partial results */
		  t.tv_sec  = 0; t.tv_usec = 0;
		  lres = ldap_result(ld, msgid, LDAP_MSG_RECEIVED, &t, &res);
		  if(lres > 0 && lres != LDAP_RES_SEARCH_RESULT){
		    srch_res = LDAP_SUCCESS;
		    dprint((6, "partial result: lres=0x%x\n", lres));
		  }
		  else{
		    if(lres == 0)
		      ldap_abandon(ld, msgid);

		    srch_res = LDAP_TIMEOUT;
		    if(our_ldap_get_lderrno(ld, NULL, NULL) == LDAP_SUCCESS)
		      our_ldap_set_lderrno(ld, LDAP_TIMEOUT, NULL, NULL);

	            dprint((6,
			       "timeout, total_time (%d), srch_res=%d\n",
			       info->time, srch_res));
		  }
		}
		else{
	          dprint((6, "timeout\n"));
		}
	      }
	      else{
		srch_res = ldap_result2error(ld, res, 0);
	        dprint((6, "lres=0x%x, srch_res=%d\n", lres,
			   srch_res));
	      }
	    }while(lres == 0 &&
		    !(intr_happened ||
		      (info->time > 0 &&
		       ((long)time((time_t *)0) - start_time) > info->time)));
	  }
	}

	if(intr_happened){
	  wp_exit = 1;
          if(we_cancel)
            cancel_busy_cue(-1);

	  if(wp_err->error)
	    fs_give((void **)&wp_err->error);
	  else{
	    q_status_message(SM_ORDER, 0, 1, "Interrupt");
	    display_message('x');
	    fflush(stdout);
	  }

	  if(res)
	    ldap_msgfree(res);
	  if(ld)
	    ldap_unbind(ld);
	  
	  res = NULL; ld  = NULL;
	}
	else if(srch_res != LDAP_SUCCESS &&
	   srch_res != LDAP_TIMELIMIT_EXCEEDED &&
	   srch_res != LDAP_RESULTS_TOO_LARGE &&
	   srch_res != LDAP_TIMEOUT &&
	   srch_res != LDAP_SIZELIMIT_EXCEEDED){
	  wp_err->wp_err_occurred = 1;

	  ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);

	  snprintf(ebuf, sizeof(ebuf), _("LDAP search failed: %s%s%s%s"),
		  ldap_err2string(ld_errnum),
		  serv_errstr,
		  (ld_errstr && *ld_errstr) ? ": " : "",
		  (ld_errstr && *ld_errstr) ? ld_errstr : "");

          if(wp_err->error)
	    fs_give((void **)&wp_err->error);

          wp_err->error = cpystr(ebuf);
          if(we_cancel)
            cancel_busy_cue(-1);

          q_status_message(SM_ORDER, 3, 5, wp_err->error);
          display_message('x');
	  dprint((2, "%s\n", ebuf));
	  if(res)
	    ldap_msgfree(res);
	  if(ld)
	    ldap_unbind(ld);
	  
	  res = NULL; ld  = NULL;
	}
	else{
	  int cnt;

	  cnt = ldap_count_entries(ld, res);

	  if(cnt > 0){

	    if(srch_res == LDAP_TIMELIMIT_EXCEEDED ||
	       srch_res == LDAP_RESULTS_TOO_LARGE ||
	       srch_res == LDAP_TIMEOUT ||
	       srch_res == LDAP_SIZELIMIT_EXCEEDED){
	      wp_err->wp_err_occurred = 1;
	      ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);

	      snprintf(ebuf, sizeof(ebuf), _("LDAP partial results: %s%s%s%s"),
		      ldap_err2string(ld_errnum),
		      serv_errstr,
		      (ld_errstr && *ld_errstr) ? ": " : "",
		      (ld_errstr && *ld_errstr) ? ld_errstr : "");
	      dprint((2, "%s\n", ebuf));
	      if(wp_err->error)
		fs_give((void **)&wp_err->error);

	      wp_err->error = cpystr(ebuf);
	      if(we_cancel)
		cancel_busy_cue(-1);

	      q_status_message(SM_ORDER, 3, 5, wp_err->error);
	      display_message('x');
	    }

	    dprint((5, "Matched %d entries on %s\n",
	           cnt, serv ? serv : "?"));

	    serv_res = (LDAP_SERV_RES_S *)fs_get(sizeof(LDAP_SERV_RES_S));
	    memset((void *)serv_res, 0, sizeof(*serv_res));
	    serv_res->ld   = ld;
	    serv_res->res  = res;
	    serv_res->info_used = copy_ldap_serv_info(info);
	    /* Save by reference? */
	    if(info->ref){
		snprintf(buf, sizeof(buf), "%s:%s", serv, comatose(info->port));
		serv_res->serv = cpystr(buf);
	    }
	    else
	      serv_res->serv = NULL;

	    serv_res->next = NULL;
	  }
	  else{
	    if(srch_res == LDAP_TIMELIMIT_EXCEEDED ||
	       srch_res == LDAP_RESULTS_TOO_LARGE ||
	       srch_res == LDAP_TIMEOUT ||
	       srch_res == LDAP_SIZELIMIT_EXCEEDED){
	      wp_err->wp_err_occurred = 1;
	      wp_err->ldap_errno      = srch_res;

	      ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);

	      snprintf(ebuf, sizeof(ebuf), _("LDAP search failed: %s%s%s%s"),
		      ldap_err2string(ld_errnum),
		      serv_errstr,
		      (ld_errstr && *ld_errstr) ? ": " : "",
		      (ld_errstr && *ld_errstr) ? ld_errstr : "");

	      if(wp_err->error)
		fs_give((void **)&wp_err->error);

	      wp_err->error = cpystr(ebuf);
	      if(we_cancel)
		cancel_busy_cue(-1);

	      q_status_message(SM_ORDER, 3, 5, wp_err->error);
	      display_message('x');
	      dprint((2, "%s\n", ebuf));
	    }

	    dprint((5, "Matched 0 entries on %s\n",
		   serv ? serv : "?"));
	    if(res)
	      ldap_msgfree(res);
	    if(ld)
	      ldap_unbind(ld);

	    res = NULL; ld  = NULL;
	  }
	}
      }
    }

    if(we_cancel)
      cancel_busy_cue(-1);

    if(we_turned_on)
      intr_handling_off();

    if(serv)
      fs_give((void **)&serv);
    if(base)
      fs_give((void **)&base);
    if(serv_errstr)
      fs_give((void **)&serv_errstr);

    return(serv_res);
}
Ejemplo n.º 13
0
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#ifdef MACOS
#include <stdlib.h>
#ifdef THINK_C
#include <console.h>
#include <unix.h>
#include <fcntl.h>
#endif /* THINK_C */
#include "macos.h"
#else /* MACOS */
#if defined( DOS ) || defined( _WIN32 )
#ifdef DOS
#include "msdos.h"
#endif
#if defined( WINSOCK ) || defined( _WIN32 )
#include "console.h"
#endif /* WINSOCK */
#else /* DOS */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/file.h>
#ifndef VMS
#include <fcntl.h>
#include <unistd.h>
#endif /* VMS */
#endif /* DOS */
#endif /* MACOS */

#include "lber.h"
#include "ldap.h"

#if !defined( PCNFS ) && !defined( WINSOCK ) && !defined( MACOS )
#define MOD_USE_BVALS
#endif /* !PCNFS && !WINSOCK && !MACOS */

#ifdef NEEDPROTOS
static void handle_result( LDAP *ld, LDAPMessage *lm );
static void print_ldap_result( LDAP *ld, LDAPMessage *lm, char *s );
static void print_search_entry( LDAP *ld, LDAPMessage *res );
static void free_list( char **list );
#else
static void handle_result();
static void print_ldap_result();
static void print_search_entry();
static void free_list();
#endif /* NEEDPROTOS */

#define NOCACHEERRMSG \
		"don't compile with -DNO_CACHE if you desire local caching"

char *dnsuffix;

#ifndef WINSOCK
static char *
getline( char *line, int len, FILE *fp, char *prompt )
{
    printf(prompt);

    if ( fgets( line, len, fp ) == NULL )
        return( NULL );

    line[ strlen( line ) - 1 ] = '\0';

    return( line );
}
#endif /* WINSOCK */

static char **
get_list( char *prompt )
{
    static char	buf[256];
    int		num;
    char		**result;

    num = 0;
    result = (char **) 0;
    while ( 1 ) {
        getline( buf, sizeof(buf), stdin, prompt );

        if ( *buf == '\0' )
            break;

        if ( result == (char **) 0 )
            result = (char **) malloc( sizeof(char *) );
        else
            result = (char **) realloc( result,
                                        sizeof(char *) * (num + 1) );

        result[num++] = (char *) strdup( buf );
    }
    if ( result == (char **) 0 )
        return( NULL );
    result = (char **) realloc( result, sizeof(char *) * (num + 1) );
    result[num] = NULL;

    return( result );
}


static void
free_list( char **list )
{
    int	i;

    if ( list != NULL ) {
        for ( i = 0; list[ i ] != NULL; ++i ) {
            free( list[ i ] );
        }
        free( (char *)list );
    }
}


#ifdef MOD_USE_BVALS
static int
file_read( char *path, struct berval *bv )
{
    FILE		*fp;
    long		rlen;
    int		eof;

    if (( fp = fopen( path, "r" )) == NULL ) {
        perror( path );
        return( -1 );
    }

    if ( fseek( fp, 0L, SEEK_END ) != 0 ) {
        perror( path );
        fclose( fp );
        return( -1 );
    }

    bv->bv_len = ftell( fp );

    if (( bv->bv_val = (char *)malloc( bv->bv_len )) == NULL ) {
        perror( "malloc" );
        fclose( fp );
        return( -1 );
    }

    if ( fseek( fp, 0L, SEEK_SET ) != 0 ) {
        perror( path );
        fclose( fp );
        return( -1 );
    }

    rlen = fread( bv->bv_val, 1, bv->bv_len, fp );
    eof = feof( fp );
    fclose( fp );

    if ( rlen != bv->bv_len ) {
        perror( path );
        free( bv->bv_val );
        return( -1 );
    }

    return( bv->bv_len );
}
#endif /* MOD_USE_BVALS */


static LDAPMod **
get_modlist( char *prompt1, char *prompt2, char *prompt3 )
{
    static char	buf[256];
    int		num;
    LDAPMod		tmp;
    LDAPMod		**result;
#ifdef MOD_USE_BVALS
    struct berval	**bvals;
#endif /* MOD_USE_BVALS */

    num = 0;
    result = NULL;
    while ( 1 ) {
        if ( prompt1 ) {
            getline( buf, sizeof(buf), stdin, prompt1 );
            tmp.mod_op = atoi( buf );

            if ( tmp.mod_op == -1 || buf[0] == '\0' )
                break;
        }

        getline( buf, sizeof(buf), stdin, prompt2 );
        if ( buf[0] == '\0' )
            break;
        tmp.mod_type = strdup( buf );

        tmp.mod_values = get_list( prompt3 );
#ifdef MOD_USE_BVALS
        if ( tmp.mod_values != NULL ) {
            int	i;

            for ( i = 0; tmp.mod_values[i] != NULL; ++i )
                ;
            bvals = (struct berval **)calloc( i + 1,
                                              sizeof( struct berval *));
            for ( i = 0; tmp.mod_values[i] != NULL; ++i ) {
                bvals[i] = (struct berval *)malloc(
                               sizeof( struct berval ));
                if ( strncmp( tmp.mod_values[i], "{FILE}",
                              6 ) == 0 ) {
                    if ( file_read( tmp.mod_values[i] + 6,
                                    bvals[i] ) < 0 ) {
                        return( NULL );
                    }
                } else {
                    bvals[i]->bv_val = tmp.mod_values[i];
                    bvals[i]->bv_len =
                        strlen( tmp.mod_values[i] );
                }
            }
            tmp.mod_bvalues = bvals;
            tmp.mod_op |= LDAP_MOD_BVALUES;
        }
#endif /* MOD_USE_BVALS */

        if ( result == NULL )
            result = (LDAPMod **) malloc( sizeof(LDAPMod *) );
        else
            result = (LDAPMod **) realloc( result,
                                           sizeof(LDAPMod *) * (num + 1) );

        result[num] = (LDAPMod *) malloc( sizeof(LDAPMod) );
        *(result[num]) = tmp;	/* struct copy */
        num++;
    }
    if ( result == NULL )
        return( NULL );
    result = (LDAPMod **) realloc( result, sizeof(LDAPMod *) * (num + 1) );
    result[num] = NULL;

    return( result );
}


#ifdef LDAP_REFERRALS
int
bind_prompt( LDAP *ld, char **dnp, char **passwdp, int *authmethodp,
             int freeit )
{
    static char	dn[256], passwd[256];

    if ( !freeit ) {
#ifdef KERBEROS
        getline( dn, sizeof(dn), stdin, "re-bind method (0->simple, "
                 "1->krbv41, 2->krbv42, 3->krbv41&2)? " );
        if (( *authmethodp = atoi( dn )) == 3 ) {
            *authmethodp = LDAP_AUTH_KRBV4;
        } else {
            *authmethodp |= 0x80;
        }
#else /* KERBEROS */
        *authmethodp = LDAP_AUTH_SIMPLE;
#endif /* KERBEROS */

        getline( dn, sizeof(dn), stdin, "re-bind dn? " );
        strcat( dn, dnsuffix );
        *dnp = dn;

        if ( *authmethodp == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) {
            getline( passwd, sizeof(passwd), stdin,
                     "re-bind password? " );
        } else {
            passwd[0] = '\0';
        }
        *passwdp = passwd;
    }

    return( LDAP_SUCCESS );
}
#endif /* LDAP_REFERRALS */


int
#ifdef WINSOCK
ldapmain(
#else /* WINSOCK */
main(
#endif /* WINSOCK */
    int argc, char **argv )
{
    LDAP		*ld;
    int		i, c, port, cldapflg, errflg, method, id, msgtype;
    char		line[256], command1, command2, command3;
    char		passwd[64], dn[256], rdn[64], attr[64], value[256];
    char		filter[256], *host, **types;
    char		**exdn;
    char		*usage = "usage: %s [-u] [-h host] [-d level] "
                         "[-s dnsuffix] [-p port] [-t file] [-T file]\n";
    int		bound, all, scope, attrsonly;
    LDAPMessage	*res;
    LDAPMod		**mods, **attrs;
    struct timeval	timeout;
    char		*copyfname = NULL;
    int		copyoptions = 0;
    LDAPURLDesc	*ludp;

    extern char	*optarg;
    extern int	optind;

#ifdef MACOS
    if (( argv = get_list( "cmd line arg?" )) == NULL ) {
        exit( 1 );
    }
    for ( argc = 0; argv[ argc ] != NULL; ++argc ) {
        ;
    }
#endif /* MACOS */

    host = NULL;
    port = LDAP_PORT;
    dnsuffix = "";
    cldapflg = errflg = 0;

    while (( c = getopt( argc, argv, "uh:d:s:p:t:T:" )) != -1 ) {
        switch( c ) {
        case 'u':
#ifdef CLDAP
            cldapflg++;
#else /* CLDAP */
            printf( "Compile with -DCLDAP for UDP support\n" );
#endif /* CLDAP */
            break;

        case 'd':
#ifdef LDAP_DEBUG
            ldap_debug = atoi( optarg );
            if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
                lber_debug = ldap_debug;
            }
#else
            printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
            break;

        case 'h':
            host = optarg;
            break;

        case 's':
            dnsuffix = optarg;
            break;

        case 'p':
            port = atoi( optarg );
            break;

#if !defined(MACOS) && !defined(DOS)
        case 't':	/* copy ber's to given file */
            copyfname = strdup( optarg );
            copyoptions = LBER_TO_FILE;
            break;

        case 'T':	/* only output ber's to given file */
            copyfname = strdup( optarg );
            copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY);
            break;
#endif

        default:
            ++errflg;
        }
    }

    if ( host == NULL && optind == argc - 1 ) {
        host = argv[ optind ];
        ++optind;
    }

    if ( errflg || optind < argc - 1 ) {
        fprintf( stderr, usage, argv[ 0 ] );
        exit( 1 );
    }

    printf( "%sldap_open( %s, %d )\n", cldapflg ? "c" : "",
            host == NULL ? "(null)" : host, port );

    if ( cldapflg ) {
#ifdef CLDAP
        ld = cldap_open( host, port );
#endif /* CLDAP */
    } else {
        ld = ldap_open( host, port );
    }

    if ( ld == NULL ) {
        perror( "ldap_open" );
        exit(1);
    }

#if !defined(MACOS) && !defined(DOS)
    if ( copyfname != NULL ) {
        if ( (ld->ld_sb.sb_fd = open( copyfname, O_WRONLY | O_CREAT,
                                      0600 ))  == -1 ) {
            perror( copyfname );
            exit ( 1 );
        }
        ld->ld_sb.sb_options = copyoptions;
    }
#endif

    bound = 0;
    timeout.tv_sec = 0;
    timeout.tv_usec = 0;

    (void) memset( line, '\0', sizeof(line) );
    while ( getline( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) {
        command1 = line[0];
        command2 = line[1];
        command3 = line[2];

        switch ( command1 ) {
        case 'a':	/* add or abandon */
            switch ( command2 ) {
            case 'd':	/* add */
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                if ( (attrs = get_modlist( NULL, "attr? ",
                                           "value? " )) == NULL )
                    break;
                if ( (id = ldap_add( ld, dn, attrs )) == -1 )
                    ldap_perror( ld, "ldap_add" );
                else
                    printf( "Add initiated with id %d\n",
                            id );
                break;

            case 'b':	/* abandon */
                getline( line, sizeof(line), stdin, "msgid? " );
                id = atoi( line );
                if ( ldap_abandon( ld, id ) != 0 )
                    ldap_perror( ld, "ldap_abandon" );
                else
                    printf( "Abandon successful\n" );
                break;
            default:
                printf( "Possibilities: [ad]d, [ab]ort\n" );
            }
            break;

        case 'b':	/* asynch bind */
#ifdef KERBEROS
            getline( line, sizeof(line), stdin,
                     "method (0->simple, 1->krbv41, 2->krbv42)? " );
            method = atoi( line ) | 0x80;
#else /* KERBEROS */
            method = LDAP_AUTH_SIMPLE;
#endif /* KERBEROS */
            getline( dn, sizeof(dn), stdin, "dn? " );
            strcat( dn, dnsuffix );

            if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' )
                getline( passwd, sizeof(passwd), stdin,
                         "password? " );
            else
                passwd[0] = '\0';

            if ( ldap_bind( ld, dn, passwd, method ) == -1 ) {
                fprintf( stderr, "ldap_bind failed\n" );
                ldap_perror( ld, "ldap_bind" );
            } else {
                printf( "Bind initiated\n" );
                bound = 1;
            }
            break;

        case 'B':	/* synch bind */
#ifdef KERBEROS
            getline( line, sizeof(line), stdin,
                     "method 0->simple 1->krbv41 2->krbv42 3->krb? " );
            method = atoi( line );
            if ( method == 3 )
                method = LDAP_AUTH_KRBV4;
            else
                method = method | 0x80;
#else /* KERBEROS */
            method = LDAP_AUTH_SIMPLE;
#endif /* KERBEROS */
            getline( dn, sizeof(dn), stdin, "dn? " );
            strcat( dn, dnsuffix );

            if ( dn[0] != '\0' )
                getline( passwd, sizeof(passwd), stdin,
                         "password? " );
            else
                passwd[0] = '\0';

            if ( ldap_bind_s( ld, dn, passwd, method ) !=
                    LDAP_SUCCESS ) {
                fprintf( stderr, "ldap_bind_s failed\n" );
                ldap_perror( ld, "ldap_bind_s" );
            } else {
                printf( "Bind successful\n" );
                bound = 1;
            }
            break;

        case 'c':	/* compare */
            getline( dn, sizeof(dn), stdin, "dn? " );
            strcat( dn, dnsuffix );
            getline( attr, sizeof(attr), stdin, "attr? " );
            getline( value, sizeof(value), stdin, "value? " );

            if ( (id = ldap_compare( ld, dn, attr, value )) == -1 )
                ldap_perror( ld, "ldap_compare" );
            else
                printf( "Compare initiated with id %d\n", id );
            break;

        case 'd':	/* turn on debugging */
#ifdef LDAP_DEBUG
            getline( line, sizeof(line), stdin, "debug level? " );
            ldap_debug = atoi( line );
            if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
                lber_debug = ldap_debug;
            }
#else
            printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
            break;

        case 'E':	/* explode a dn */
            getline( line, sizeof(line), stdin, "dn? " );
            exdn = ldap_explode_dn( line, 0 );
            for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) {
                printf( "\t%s\n", exdn[i] );
            }
            break;

        case 'g':	/* set next msgid */
            getline( line, sizeof(line), stdin, "msgid? " );
            ld->ld_msgid = atoi( line );
            break;

        case 'v':	/* set version number */
            getline( line, sizeof(line), stdin, "version? " );
            ld->ld_version = atoi( line );
            break;

        case 'm':	/* modify or modifyrdn */
            if ( strncmp( line, "modify", 4 ) == 0 ) {
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                if ( (mods = get_modlist(
                                 "mod (0=>add, 1=>delete, 2=>replace -1=>done)? ",
                                 "attribute type? ", "attribute value? " ))
                        == NULL )
                    break;
                if ( (id = ldap_modify( ld, dn, mods )) == -1 )
                    ldap_perror( ld, "ldap_modify" );
                else
                    printf( "Modify initiated with id %d\n",
                            id );
            } else if ( strncmp( line, "modrdn", 4 ) == 0 ) {
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                getline( rdn, sizeof(rdn), stdin, "newrdn? " );
                if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 )
                    ldap_perror( ld, "ldap_modrdn" );
                else
                    printf( "Modrdn initiated with id %d\n",
                            id );
            } else {
                printf( "Possibilities: [modi]fy, [modr]dn\n" );
            }
            break;

        case 'q':	/* quit */
#ifdef CLDAP
            if ( cldapflg )
                cldap_close( ld );
#endif /* CLDAP */
#ifdef LDAP_REFERRALS
            if ( !cldapflg )
#else /* LDAP_REFERRALS */
            if ( !cldapflg && bound )
#endif /* LDAP_REFERRALS */
                ldap_unbind( ld );
            exit( 0 );
            break;

        case 'r':	/* result or remove */
            switch ( command3 ) {
            case 's':	/* result */
                getline( line, sizeof(line), stdin,
                         "msgid (-1=>any)? " );
                if ( line[0] == '\0' )
                    id = -1;
                else
                    id = atoi( line );
                getline( line, sizeof(line), stdin,
                         "all (0=>any, 1=>all)? " );
                if ( line[0] == '\0' )
                    all = 1;
                else
                    all = atoi( line );
                if (( msgtype = ldap_result( ld, id, all,
                                             &timeout, &res )) < 1 ) {
                    ldap_perror( ld, "ldap_result" );
                    break;
                }
                printf( "\nresult: msgtype %d msgid %d\n",
                        msgtype, res->lm_msgid );
                handle_result( ld, res );
                res = NULLMSG;
                break;

            case 'm':	/* remove */
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                if ( (id = ldap_delete( ld, dn )) == -1 )
                    ldap_perror( ld, "ldap_delete" );
                else
                    printf( "Remove initiated with id %d\n",
                            id );
                break;

            default:
                printf( "Possibilities: [rem]ove, [res]ult\n" );
                break;
            }
            break;

        case 's':	/* search */
            getline( dn, sizeof(dn), stdin, "searchbase? " );
            strcat( dn, dnsuffix );
            getline( line, sizeof(line), stdin,
                     "scope (0=Base, 1=One Level, 2=Subtree)? " );
            scope = atoi( line );
            getline( filter, sizeof(filter), stdin,
                     "search filter (e.g. sn=jones)? " );
            types = get_list( "attrs to return? " );
            getline( line, sizeof(line), stdin,
                     "attrsonly (0=attrs&values, 1=attrs only)? " );
            attrsonly = atoi( line );

            if ( cldapflg ) {
#ifdef CLDAP
                getline( line, sizeof(line), stdin,
                         "Requestor DN (for logging)? " );
                if ( cldap_search_s( ld, dn, scope, filter, types,
                                     attrsonly, &res, line ) != 0 ) {
                    ldap_perror( ld, "cldap_search_s" );
                } else {
                    printf( "\nresult: msgid %d\n",
                            res->lm_msgid );
                    handle_result( ld, res );
                    res = NULLMSG;
                }
#endif /* CLDAP */
            } else {
                if (( id = ldap_search( ld, dn, scope, filter,
                                        types, attrsonly  )) == -1 ) {
                    ldap_perror( ld, "ldap_search" );
                } else {
                    printf( "Search initiated with id %d\n", id );
                }
            }
            free_list( types );
            break;

        case 't':	/* set timeout value */
            getline( line, sizeof(line), stdin, "timeout? " );
            timeout.tv_sec = atoi( line );
            break;

        case 'U':	/* set ufn search prefix */
            getline( line, sizeof(line), stdin, "ufn prefix? " );
            ldap_ufn_setprefix( ld, line );
            break;

        case 'u':	/* user friendly search w/optional timeout */
            getline( dn, sizeof(dn), stdin, "ufn? " );
            strcat( dn, dnsuffix );
            types = get_list( "attrs to return? " );
            getline( line, sizeof(line), stdin,
                     "attrsonly (0=attrs&values, 1=attrs only)? " );
            attrsonly = atoi( line );

            if ( command2 == 't' ) {
                id = ldap_ufn_search_c( ld, dn, types,
                                        attrsonly, &res, ldap_ufn_timeout,
                                        &timeout );
            } else {
                id = ldap_ufn_search_s( ld, dn, types,
                                        attrsonly, &res );
            }
            if ( res == NULL )
                ldap_perror( ld, "ldap_ufn_search" );
            else {
                printf( "\nresult: err %d\n", id );
                handle_result( ld, res );
                res = NULLMSG;
            }
            free_list( types );
            break;

        case 'l':	/* URL search */
            getline( line, sizeof(line), stdin,
                     "attrsonly (0=attrs&values, 1=attrs only)? " );
            attrsonly = atoi( line );
            getline( line, sizeof(line), stdin, "LDAP URL? " );
            if (( id = ldap_url_search( ld, line, attrsonly  ))
                    == -1 ) {
                ldap_perror( ld, "ldap_url_search" );
            } else {
                printf( "URL search initiated with id %d\n", id );
            }
            break;

        case 'p':	/* parse LDAP URL */
            getline( line, sizeof(line), stdin, "LDAP URL? " );
            if (( i = ldap_url_parse( line, &ludp )) != 0 ) {
                fprintf( stderr, "ldap_url_parse: error %d\n", i );
            } else {
                printf( "\t  host: " );
                if ( ludp->lud_host == NULL ) {
                    printf( "DEFAULT\n" );
                } else {
                    printf( "<%s>\n", ludp->lud_host );
                }
                printf( "\t  port: " );
                if ( ludp->lud_port == 0 ) {
                    printf( "DEFAULT\n" );
                } else {
                    printf( "%d\n", ludp->lud_port );
                }
                printf( "\t    dn: <%s>\n", ludp->lud_dn );
                printf( "\t attrs:" );
                if ( ludp->lud_attrs == NULL ) {
                    printf( " ALL" );
                } else {
                    for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) {
                        printf( " <%s>", ludp->lud_attrs[ i ] );
                    }
                }
                printf( "\n\t scope: %s\n",
                        ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "ONE"
                        : ludp->lud_scope == LDAP_SCOPE_BASE ? "BASE" :
                        ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "SUB" :
                        "**invalid**" );
                printf( "\tfilter: <%s>\n", ludp->lud_filter );
                ldap_free_urldesc( ludp );
            }
            break;

        case 'n':	/* set dn suffix, for convenience */
            getline( line, sizeof(line), stdin, "DN suffix? " );
            strcpy( dnsuffix, line );
            break;

        case 'e':	/* enable cache */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin,
                     "Cache timeout (secs)? " );
            i = atoi( line );
            getline( line, sizeof(line), stdin,
                     "Maximum memory to use (bytes)? " );
            if ( ldap_enable_cache( ld, i, atoi( line )) == 0 ) {
                printf( "local cache is on\n" );
            } else {
                printf( "ldap_enable_cache failed\n" );
            }
#endif /* NO_CACHE */
            break;

        case 'x':	/* uncache entry */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin, "DN? " );
            ldap_uncache_entry( ld, line );
#endif /* NO_CACHE */
            break;

        case 'X':	/* uncache request */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin, "request msgid? " );
            ldap_uncache_request( ld, atoi( line ));
#endif /* NO_CACHE */
            break;

        case 'o':	/* set ldap options */
            getline( line, sizeof(line), stdin,
                     "alias deref (0=never, 1=searching, 2"
                     "=finding, 3=always)?" );
            ld->ld_deref = atoi( line );
            getline( line, sizeof(line), stdin, "timelimit?" );
            ld->ld_timelimit = atoi( line );
            getline( line, sizeof(line), stdin, "sizelimit?" );
            ld->ld_sizelimit = atoi( line );

            ld->ld_options = 0;

#ifdef STR_TRANSLATION
            getline( line, sizeof(line), stdin,
                     "Automatic translation of T.61 strings "
                     "(0=no, 1=yes)?" );
            if ( atoi( line ) == 0 ) {
                ld->ld_lberoptions &= ~LBER_TRANSLATE_STRINGS;
            } else {
                ld->ld_lberoptions |= LBER_TRANSLATE_STRINGS;
#ifdef LDAP_CHARSET_8859
                getline( line, sizeof(line), stdin,
                         "Translate to/from ISO-8859 "
                         "(0=no, 1=yes?" );
                if ( atoi( line ) != 0 ) {
                    ldap_set_string_translators( ld,
                                                 ldap_8859_to_t61,
                                                 ldap_t61_to_8859 );
                }
#endif /* LDAP_CHARSET_8859 */
            }
#endif /* STR_TRANSLATION */

#ifdef LDAP_DNS
            getline( line, sizeof(line), stdin,
                     "Use DN & DNS to determine where to send "
                     "requests (0=no, 1=yes)?" );
            if ( atoi( line ) != 0 ) {
                ld->ld_options |= LDAP_OPT_DNS;
            }
#endif /* LDAP_DNS */

#ifdef LDAP_REFERRALS
            getline( line, sizeof(line), stdin,
                     "Recognize and chase referrals (0=no, 1=yes)?");
            if ( atoi( line ) != 0 ) {
                ld->ld_options |= LDAP_OPT_REFERRALS;
                getline( line, sizeof(line), stdin,
                         "Prompt for bind credentials when "
                         "chasing referrals (0=no, 1=yes)?" );
                if ( atoi( line ) != 0 ) {
                    ldap_set_rebind_proc( ld, bind_prompt );
                }
            }
#endif /* LDAP_REFERRALS */
            break;

        case 'O':	/* set cache options */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin,
                     "cache errors (0=smart, 1=never, 2=always)?" );
            switch( atoi( line )) {
            case 0:
                ldap_set_cache_options( ld, 0 );
                break;
            case 1:
                ldap_set_cache_options( ld,
                                        LDAP_CACHE_OPT_CACHENOERRS );
                break;
            case 2:
                ldap_set_cache_options( ld,
                                        LDAP_CACHE_OPT_CACHEALLERRS );
                break;
            default:
                printf( "not a valid cache option\n" );
            }
#endif /* NO_CACHE */
            break;

        case '?':	/* help */
            printf( "Commands: [ad]d         [ab]andon         [b]ind\n" );
            printf( "          [B]ind async  [c]ompare         [l]URL search\n" );
            printf( "          [modi]fy      [modr]dn          [rem]ove\n" );
            printf( "          [res]ult      [s]earch          [q]uit/unbind\n\n" );
            printf( "          [u]fn search  [ut]fn search with timeout\n" );
            printf( "          [d]ebug       [e]nable cache    set ms[g]id\n" );
            printf( "          d[n]suffix    [t]imeout         [v]ersion\n" );
            printf( "          [U]fn prefix  [x]uncache entry  [X]uncache request\n" );
            printf( "          [?]help       [o]ptions         [O]cache options\n" );
            printf( "          [E]xplode dn  [p]arse LDAP URL\n" );
            break;

        default:
            printf( "Invalid command.  Type ? for help.\n" );
            break;
        }

        (void) memset( line, '\0', sizeof(line) );
    }

    return( 0 );
}