void *
create_sasl_defaults(LDAP *ld, char *mech, char *realm, char *authcid, char *passwd, char *authzid) {
lutilSASLdefaults *defaults;
defaults = ber_memalloc(sizeof(lutilSASLdefaults));
if(defaults == NULL) return (void *)PyErr_NoMemory();
defaults->mech = mech ? ber_strdup(mech) : NULL;
defaults->realm = realm ? ber_strdup(realm) : NULL;
defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
if (defaults->mech == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &defaults->mech);
}
if (defaults->realm == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &defaults->realm);
}
if (defaults->authcid == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &defaults->authcid);
}
if (defaults->authzid == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid);
}
defaults->resps = NULL;
defaults->nresps = 0;
return defaults;
}
static RLDAP_BICTX *_rldap_sasl_setdefs(LDAP *ld, char *sasl_mech, char *sasl_realm, char *sasl_authc_id, char *passwd, char *sasl_authz_id)
{
RLDAP_BICTX *ctx;
ctx = ber_memalloc(sizeof(RLDAP_BICTX));
ctx->mech = (sasl_mech) ? ber_strdup(sasl_mech) : NULL;
ctx->realm = (sasl_realm) ? ber_strdup(sasl_realm) : NULL;
ctx->authcid = (sasl_authc_id) ? ber_strdup(sasl_authc_id) : NULL;
ctx->passwd = (passwd) ? ber_strdup(passwd) : NULL;
ctx->authzid = (sasl_authz_id) ? ber_strdup(sasl_authz_id) : NULL;
if (ctx->mech == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_MECH, &ctx->mech);
}
if (ctx->realm == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &ctx->realm);
}
if (ctx->authcid == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHCID, &ctx->authcid);
}
if (ctx->authzid == NULL) {
ldap_get_option(ld, LDAP_OPT_X_SASL_AUTHZID, &ctx->authzid);
}
return ctx;
}
static krb5_error_code
LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute,
const char *value)
{
int cMods, i = 0;
krb5_error_code ret;
ret = LDAP__setmod(modlist, modop, attribute, &cMods);
if (ret)
return ret;
if (value != NULL) {
char **bv;
bv = (*modlist)[cMods]->mod_values;
if (bv != NULL) {
for (i = 0; bv[i] != NULL; i++)
;
bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
} else
bv = ber_memalloc(2 * sizeof(*bv));
if (bv == NULL)
return ENOMEM;
(*modlist)[cMods]->mod_values = bv;
bv[i] = ber_strdup(value);
if (bv[i] == NULL)
return ENOMEM;
bv[i + 1] = NULL;
}
return 0;
}
FILE *
ldif_open_url(
LDAP_CONST char *urlstr )
{
FILE *url;
if( strncasecmp( "file:", urlstr, sizeof("file:")-1 ) == 0 ) {
char *p;
urlstr += sizeof("file:")-1;
/* we don't check for LDAP_DIRSEP since URLs should contain '/' */
if ( urlstr[0] == '/' && urlstr[1] == '/' ) {
urlstr += 2;
/* path must be absolute if authority is present
* technically, file://hostname/path is also legal but we don't
* accept a non-empty hostname
*/
if ( urlstr[0] != '/' ) {
#ifdef _WIN32
/* An absolute path in improper file://C:/foo/bar format */
if ( urlstr[1] != ':' )
#endif
return NULL;
}
#ifdef _WIN32
/* An absolute path in proper file:///C:/foo/bar format */
if ( urlstr[2] == ':' )
urlstr++;
#endif
}
p = ber_strdup( urlstr );
/* But we should convert to LDAP_DIRSEP before use */
if ( LDAP_DIRSEP[0] != '/' ) {
char *s = p;
while (( s = strchr( s, '/' )))
*s++ = LDAP_DIRSEP[0];
}
ldap_pvt_hex_unescape( p );
url = fopen( p, "rb" );
ber_memfree( p );
} else {
#ifdef HAVE_FETCH
url = fetchGetURL( (char*) urlstr, "" );
#else
url = NULL;
#endif
}
return url;
}
static krb5_error_code
LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute,
int *pIndex)
{
int cMods;
if (*modlist == NULL) {
*modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *));
if (*modlist == NULL)
return ENOMEM;
}
for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) {
if ((*modlist)[cMods]->mod_op == modop &&
strcasecmp((*modlist)[cMods]->mod_type, attribute) == 0) {
break;
}
}
*pIndex = cMods;
if ((*modlist)[cMods] == NULL) {
LDAPMod *mod;
*modlist = (LDAPMod **)ber_memrealloc(*modlist,
(cMods + 2) * sizeof(LDAPMod *));
if (*modlist == NULL)
return ENOMEM;
(*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod));
if ((*modlist)[cMods] == NULL)
return ENOMEM;
mod = (*modlist)[cMods];
mod->mod_op = modop;
mod->mod_type = ber_strdup(attribute);
if (mod->mod_type == NULL) {
ber_memfree(mod);
(*modlist)[cMods] = NULL;
return ENOMEM;
}
if (modop & LDAP_MOD_BVALUES) {
mod->mod_bvalues = NULL;
} else {
mod->mod_values = NULL;
}
(*modlist)[cMods + 1] = NULL;
}
return 0;
}
FILE *
ldif_open_url(
LDAP_CONST char *urlstr )
{
FILE *url;
if( strncasecmp( "file:", urlstr, sizeof("file:")-1 ) == 0 ) {
char *p;
urlstr += sizeof("file:")-1;
/* we don't check for LDAP_DIRSEP since URLs should contain '/' */
if ( urlstr[0] == '/' && urlstr[1] == '/' ) {
urlstr += 2;
/* path must be absolute if authority is present */
if ( urlstr[0] != '/' )
return NULL;
}
p = ber_strdup( urlstr );
/* But we should convert to LDAP_DIRSEP before use */
if ( LDAP_DIRSEP[0] != '/' ) {
char *s = p;
while (( s = strchr( s, '/' )))
*s++ = LDAP_DIRSEP[0];
}
ldap_pvt_hex_unescape( p );
url = fopen( p, "rb" );
ber_memfree( p );
} else {
#ifdef HAVE_FETCH
url = fetchGetURL( (char*) urlstr, "" );
#else
url = NULL;
#endif
}
return url;
}
int tsps_ldap_login(const char *user, const char *pass)
{
char dn[1024];
LDAP *lp;
int res;
int val;
struct berval passwd;
res = ldap_initialize(&lp, server.ldap_uri);
if (res != LDAP_SUCCESS) {
fprintf(stderr, "LDAP initialization error: %s\n",
ldap_err2string(res));
return -1;
}
val = LDAP_VERSION3;
res = ldap_set_option(ldp, LDAP_OPT_PROTOCOL_VERSION, &val);
if (res != LDAP_SUCCESS) {
fprintf(stderr, "LDAP set_option error: %s\n",
ldap_err2string(res));
return -1;
}
/*
* Attempt to bind to the ldap server as the user
*/
snprintf(dn, sizeof(dn), "uid=%s,%s", user, server.ldap_user_base);
memset(&passwd, 0, sizeof(passwd));
passwd.bv_val = ber_strdup(pass);
passwd.bv_len = strlen(pass);
res = ldap_sasl_bind_s(lp, dn, LDAP_SASL_SIMPLE, &passwd,
NULL, NULL, NULL);
ldap_unbind_ext_s(lp, NULL, NULL);
if (res != LDAP_SUCCESS) {
fprintf(stderr, "LDAP bind error: %s\n",
ldap_err2string(res));
return -1;
}
return 0;
}
int
init_module( int argc, char *argv[] )
{
int i;
for ( i = 0; i < argc; i++ ) {
if ( strncasecmp( argv[ i ], "config=", STRLENOF( "config=" ) ) == 0 ) {
/* FIXME: what if multiple loads of same module?
* does it make sense (e.g. override an existing one)? */
if ( config_filename == NULL ) {
config_filename = ber_strdup( &argv[ i ][ STRLENOF( "config=" ) ] );
}
} else {
fprintf( stderr, "init_module(radius): unknown arg#%d=\"%s\".\n",
i, argv[ i ] );
return 1;
}
}
ldap_pvt_thread_mutex_init( &libradius_mutex );
return lutil_passwd_add( (struct berval *)&scheme, chk_radius, NULL );
}
/* Parse an LDIF control line of the form
control: oid [true/false] [: value] or
control: oid [true/false] [:: base64-value] or
control: oid [true/false] [:< url]
The control is added to the list of controls in *ppctrls.
*/
static int
parse_ldif_control(
struct berval *bval,
LDAPControl ***ppctrls )
{
char *oid = NULL;
int criticality = 0; /* Default is false if not present */
int i, rc=0;
char *s, *oidStart;
LDAPControl *newctrl = NULL;
LDAPControl **pctrls = NULL;
struct berval type, bv;
int freeval;
if (ppctrls) pctrls = *ppctrls;
/* OID should come first. Validate and extract it. */
s = bval->bv_val;
if (*s == 0) return ( LDAP_PARAM_ERROR );
oidStart = s;
while (isdigit((unsigned char)*s) || *s == '.') {
s++; /* OID should be digits or . */
}
if (s == oidStart) {
return ( LDAP_PARAM_ERROR ); /* OID was not present */
}
if (*s) { /* End of OID should be space or NULL */
if (!isspace((unsigned char)*s)) {
return ( LDAP_PARAM_ERROR ); /* else OID contained invalid chars */
}
*s++ = 0; /* Replace space with null to terminate */
}
oid = ber_strdup(oidStart);
if (oid == NULL) return ( LDAP_NO_MEMORY );
/* Optional Criticality field is next. */
while (*s && isspace((unsigned char)*s)) {
s++; /* Skip white space before criticality */
}
if (strncasecmp(s, "true", 4) == 0) {
criticality = 1;
s += 4;
}
else if (strncasecmp(s, "false", 5) == 0) {
criticality = 0;
s += 5;
}
/* Optional value field is next */
while (*s && isspace((unsigned char)*s)) {
s++; /* Skip white space before value */
}
if (*s) {
if (*s != ':') { /* If value is present, must start with : */
rc = LDAP_PARAM_ERROR;
goto cleanup;
}
/* Back up so value is in the form
a: value
a:: base64-value
a:< url
Then we can use ldif_parse_line2 to extract and decode the value
*/
s--;
*s = 'a';
rc = ldif_parse_line2(s, &type, &bv, &freeval);
if (rc < 0) {
rc = LDAP_PARAM_ERROR;
goto cleanup;
}
}
/* Create a new LDAPControl structure. */
newctrl = (LDAPControl *)ber_memalloc(sizeof(LDAPControl));
if ( newctrl == NULL ) {
rc = LDAP_NO_MEMORY;
goto cleanup;
}
newctrl->ldctl_oid = oid;
oid = NULL;
newctrl->ldctl_iscritical = criticality;
if ( freeval )
newctrl->ldctl_value = bv;
else
ber_dupbv( &newctrl->ldctl_value, &bv );
/* Add the new control to the passed-in list of controls. */
i = 0;
if (pctrls) {
while ( pctrls[i] ) { /* Count the # of controls passed in */
i++;
}
}
/* Allocate 1 more slot for the new control and 1 for the NULL. */
pctrls = (LDAPControl **) ber_memrealloc(pctrls,
(i+2)*(sizeof(LDAPControl *)));
if (pctrls == NULL) {
rc = LDAP_NO_MEMORY;
goto cleanup;
}
pctrls[i] = newctrl;
newctrl = NULL;
pctrls[i+1] = NULL;
*ppctrls = pctrls;
cleanup:
if (newctrl) {
if (newctrl->ldctl_oid) ber_memfree(newctrl->ldctl_oid);
if (newctrl->ldctl_value.bv_val) {
ber_memfree(newctrl->ldctl_value.bv_val);
}
ber_memfree(newctrl);
}
if (oid) ber_memfree(oid);
return( rc );
}
int
handle_private_option( int i )
{
char *control, *cvalue;
int crit;
switch ( i ) {
case 'E': /* modify extensions */
if( protocol == LDAP_VERSION2 ) {
fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
prog, protocol );
exit( EXIT_FAILURE );
}
/* should be extended to support comma separated list of
* [!]key[=value] parameters, e.g. -E !foo,bar=567
*/
crit = 0;
cvalue = NULL;
if( optarg[0] == '!' ) {
crit = 1;
optarg++;
}
control = ber_strdup( optarg );
if ( (cvalue = strchr( control, '=' )) != NULL ) {
*cvalue++ = '\0';
}
#ifdef LDAP_X_TXN
if( strcasecmp( control, "txn" ) == 0 ) {
/* Transaction */
if( txn ) {
fprintf( stderr,
_("txn control previously specified\n"));
exit( EXIT_FAILURE );
}
if( cvalue != NULL ) {
if( strcasecmp( cvalue, "abort" ) == 0 ) {
txnabort=1;
} else if( strcasecmp( cvalue, "commit" ) != 0 ) {
fprintf( stderr, _("Invalid value for txn control, %s\n"),
cvalue );
exit( EXIT_FAILURE );
}
}
txn = 1 + crit;
} else
#endif
{
fprintf( stderr, _("Invalid modify extension name: %s\n"),
control );
usage();
}
break;
case 'a': /* add */
ldapadd = 1;
break;
case 'r': /* replace (obsolete) */
break;
case 'S': /* skipped modifications to file */
if( rejfile != NULL ) {
fprintf( stderr, _("%s: -S previously specified\n"), prog );
exit( EXIT_FAILURE );
}
rejfile = ber_strdup( optarg );
break;
default:
return 0;
}
return 1;
}
int
ldif_parse_line(
LDAP_CONST char *line,
char **typep,
char **valuep,
ber_len_t *vlenp
)
{
char *s, *p, *d;
char nib;
int b64, url;
char *freeme, *type, *value;
ber_len_t vlen;
*typep = NULL;
*valuep = NULL;
*vlenp = 0;
/* skip any leading space */
while ( isspace( (unsigned char) *line ) ) {
line++;
}
freeme = ber_strdup( line );
if( freeme == NULL ) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
"ldif_parse_line: line malloc failed\n");
return( -1 );
}
type = freeme;
s = strchr( type, ':' );
if ( s == NULL ) {
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
"ldif_parse_line: missing ':' after %s\n",
type );
ber_memfree( freeme );
return( -1 );
}
/* trim any space between type and : */
for ( p = &s[-1]; p > type && isspace( * (unsigned char *) p ); p-- ) {
*p = '\0';
}
*s++ = '\0';
url = 0;
b64 = 0;
if ( *s == '<' ) {
s++;
url = 1;
} else if ( *s == ':' ) {
/* base 64 encoded value */
s++;
b64 = 1;
}
/* skip space between : and value */
while ( isspace( (unsigned char) *s ) ) {
s++;
}
/* check for continued line markers that should be deleted */
for ( p = s, d = s; *p; p++ ) {
if ( *p != CONTINUED_LINE_MARKER )
*d++ = *p;
}
*d = '\0';
if ( b64 ) {
char *byte = s;
if ( *s == '\0' ) {
/* no value is present, error out */
ber_pvt_log_printf( LDAP_DEBUG_PARSE, ldif_debug,
"ldif_parse_line: %s missing base64 value\n", type );
ber_memfree( freeme );
return( -1 );
}
byte = value = s;
for ( p = s, vlen = 0; p < d; p += 4, vlen += 3 ) {
int i;
for ( i = 0; i < 4; i++ ) {
if ( p[i] != '=' && (p[i] & 0x80 ||
b642nib[ p[i] & 0x7f ] > 0x3f) ) {
ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
"ldif_parse_line: %s: invalid base64 encoding"
" char (%c) 0x%x\n",
type, p[i], p[i] );
ber_memfree( freeme );
return( -1 );
}
}
/* first digit */
nib = b642nib[ p[0] & 0x7f ];
byte[0] = nib << 2;
/* second digit */
nib = b642nib[ p[1] & 0x7f ];
byte[0] |= nib >> 4;
byte[1] = (nib & RIGHT4) << 4;
/* third digit */
if ( p[2] == '=' ) {
vlen += 1;
break;
}
nib = b642nib[ p[2] & 0x7f ];
byte[1] |= nib >> 2;
byte[2] = (nib & RIGHT2) << 6;
/* fourth digit */
if ( p[3] == '=' ) {
vlen += 2;
break;
}
nib = b642nib[ p[3] & 0x7f ];
byte[2] |= nib;
byte += 3;
}
s[ vlen ] = '\0';
} else if ( url ) {
static int
do_base( char *uri, char *dn, struct berval *pass, char *base, char *filter, char *pwattr,
int maxloop, int force, int chaserefs, int noinit, int delay,
int action_type, void *action )
{
LDAP *ld = NULL;
int i = 0;
int rc = LDAP_SUCCESS;
ber_int_t msgid;
LDAPMessage *res, *msg;
char **dns = NULL;
struct berval *creds = NULL;
char *attrs[] = { LDAP_NO_ATTRS, NULL };
int ndns = 0;
#ifdef _WIN32
DWORD beg, end;
#else
struct timeval beg, end;
#endif
int version = LDAP_VERSION3;
char *nullstr = "";
ldap_initialize( &ld, uri );
if ( ld == NULL ) {
tester_perror( "ldap_initialize", NULL );
exit( EXIT_FAILURE );
}
(void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
(void) ldap_set_option( ld, LDAP_OPT_REFERRALS,
chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF );
rc = ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, pass, NULL, NULL, NULL );
if ( rc != LDAP_SUCCESS ) {
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
exit( EXIT_FAILURE );
}
fprintf( stderr, "PID=%ld - Bind(%d): base=\"%s\", filter=\"%s\" attr=\"%s\".\n",
(long) pid, maxloop, base, filter, pwattr );
if ( pwattr != NULL ) {
attrs[ 0 ] = pwattr;
}
rc = ldap_search_ext( ld, base, LDAP_SCOPE_SUBTREE,
filter, attrs, 0, NULL, NULL, 0, 0, &msgid );
if ( rc != LDAP_SUCCESS ) {
tester_ldap_error( ld, "ldap_search_ext", NULL );
exit( EXIT_FAILURE );
}
while ( ( rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ONE, NULL, &res ) ) > 0 )
{
BerElement *ber;
struct berval bv;
int done = 0;
for ( msg = ldap_first_message( ld, res ); msg;
msg = ldap_next_message( ld, msg ) )
{
switch ( ldap_msgtype( msg ) ) {
case LDAP_RES_SEARCH_ENTRY:
rc = ldap_get_dn_ber( ld, msg, &ber, &bv );
dns = realloc( dns, (ndns + 1)*sizeof(char *) );
dns[ndns] = ber_strdup( bv.bv_val );
if ( pwattr != NULL ) {
struct berval **values = ldap_get_values_len( ld, msg, pwattr );
creds = realloc( creds, (ndns + 1)*sizeof(struct berval) );
if ( values == NULL ) {
novals:;
creds[ndns].bv_len = 0;
creds[ndns].bv_val = nullstr;
} else {
static struct berval cleartext = BER_BVC( "{CLEARTEXT} " );
struct berval value = *values[ 0 ];
if ( value.bv_val[ 0 ] == '{' ) {
char *end = ber_bvchr( &value, '}' );
if ( end ) {
if ( ber_bvcmp( &value, &cleartext ) == 0 ) {
value.bv_val += cleartext.bv_len;
value.bv_len -= cleartext.bv_len;
} else {
ldap_value_free_len( values );
goto novals;
}
}
}
ber_dupbv( &creds[ndns], &value );
ldap_value_free_len( values );
}
}
ndns++;
ber_free( ber, 0 );
break;
case LDAP_RES_SEARCH_RESULT:
done = 1;
break;
}
if ( done )
break;
}
ldap_msgfree( res );
if ( done ) break;
}
#ifdef _WIN32
beg = GetTickCount();
#else
gettimeofday( &beg, NULL );
#endif
if ( ndns == 0 ) {
tester_error( "No DNs" );
return 1;
}
fprintf( stderr, " PID=%ld - Bind base=\"%s\" filter=\"%s\" got %d values.\n",
(long) pid, base, filter, ndns );
/* Ok, got list of DNs, now start binding to each */
for ( i = 0; i < maxloop; i++ ) {
int j;
struct berval cred = { 0, NULL };
#if 0 /* use high-order bits for better randomness (Numerical Recipes in "C") */
j = rand() % ndns;
#endif
j = ((double)ndns)*rand()/(RAND_MAX + 1.0);
if ( creds && !BER_BVISEMPTY( &creds[j] ) ) {
cred = creds[j];
}
if ( do_bind( uri, dns[j], &cred, 1, force, chaserefs, noinit, &ld,
action_type, action ) && !force )
{
break;
}
if ( delay ) {
sleep( delay );
}
}
if ( ld != NULL ) {
ldap_unbind_ext( ld, NULL, NULL );
ld = NULL;
}
#ifdef _WIN32
end = GetTickCount();
end -= beg;
fprintf( stderr, " PID=%ld - Bind done %d in %d.%03d seconds.\n",
(long) pid, i, end / 1000, end % 1000 );
#else
gettimeofday( &end, NULL );
end.tv_usec -= beg.tv_usec;
if (end.tv_usec < 0 ) {
end.tv_usec += 1000000;
end.tv_sec -= 1;
}
end.tv_sec -= beg.tv_sec;
fprintf( stderr, " PID=%ld - Bind done %d in %ld.%06ld seconds.\n",
(long) pid, i, (long) end.tv_sec, (long) end.tv_usec );
#endif
if ( dns ) {
for ( i = 0; i < ndns; i++ ) {
ber_memfree( dns[i] );
}
free( dns );
}
if ( creds ) {
for ( i = 0; i < ndns; i++ ) {
if ( creds[i].bv_val != nullstr ) {
ber_memfree( creds[i].bv_val );
}
}
free( creds );
}
return 0;
}
int
tester_config_opt( struct tester_conn_args *config, char opt, char *optarg )
{
switch ( opt ) {
case 'C':
config->chaserefs++;
break;
case 'D':
config->binddn = strdup( optarg );
break;
case 'd':
{
int debug;
if ( lutil_atoi( &debug, optarg ) != 0 ) {
return -1;
}
if ( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug )
!= LBER_OPT_SUCCESS )
{
fprintf( stderr,
"Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
}
if ( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug )
!= LDAP_OPT_SUCCESS )
{
fprintf( stderr,
"Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
}
break;
}
case 'H':
config->uri = strdup( optarg );
break;
case 'h':
config->host = strdup( optarg );
break;
case 'i':
tester_ignore_str2errlist( optarg );
break;
case 'L':
if ( lutil_atoi( &config->outerloops, optarg ) != 0 ) {
return -1;
}
break;
case 'l':
if ( lutil_atoi( &config->loops, optarg ) != 0 ) {
return -1;
}
break;
#ifdef HAVE_CYRUS_SASL
case 'O':
if ( config->secprops != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->secprops = ber_strdup( optarg );
break;
case 'R':
if ( config->realm != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->realm = ber_strdup( optarg );
break;
case 'U':
if ( config->authc_id != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->authc_id = ber_strdup( optarg );
break;
case 'X':
if ( config->authz_id != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->authz_id = ber_strdup( optarg );
break;
case 'Y':
if ( config->mech != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->mech = ber_strdup( optarg );
break;
#endif
case 'p':
if ( lutil_atoi( &config->port, optarg ) != 0 ) {
return -1;
}
break;
case 'r':
if ( lutil_atoi( &config->retries, optarg ) != 0 ) {
return -1;
}
break;
case 't':
if ( lutil_atoi( &config->delay, optarg ) != 0 ) {
return -1;
}
break;
case 'w':
config->pass.bv_val = strdup( optarg );
config->pass.bv_len = strlen( optarg );
memset( optarg, '*', config->pass.bv_len );
break;
case 'x':
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SIMPLE ) {
return -1;
}
config->authmethod = LDAP_AUTH_SIMPLE;
break;
default:
return -1;
}
return LDAP_SUCCESS;
}
int
handle_private_option( int i )
{
char *control, *cvalue;
int crit;
switch ( i ) {
case 'E': /* compare extensions */
if( protocol == LDAP_VERSION2 ) {
fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
prog, protocol );
exit( EXIT_FAILURE );
}
/* should be extended to support comma separated list of
* [!]key[=value] parameters, e.g. -E !foo,bar=567
*/
crit = 0;
cvalue = NULL;
if( optarg[0] == '!' ) {
crit = 1;
optarg++;
}
control = ber_strdup( optarg );
if ( (cvalue = strchr( control, '=' )) != NULL ) {
*cvalue++ = '\0';
}
#ifdef LDAP_CONTROL_DONTUSECOPY
if ( strcasecmp( control, "dontUseCopy" ) == 0 ) {
if( dontUseCopy ) {
fprintf( stderr,
_("dontUseCopy control previously specified\n"));
exit( EXIT_FAILURE );
}
if( cvalue != NULL ) {
fprintf( stderr,
_("dontUseCopy: no control value expected\n") );
usage();
}
if( !crit ) {
fprintf( stderr,
_("dontUseCopy: critical flag required\n") );
usage();
}
dontUseCopy = 1 + crit;
} else
#endif
{
fprintf( stderr,
_("Invalid compare extension name: %s\n"), control );
usage();
}
break;
case 'z':
quiet = 1;
break;
default:
return 0;
}
return 1;
}
int
handle_private_option( int i )
{
switch ( i ) {
char *control, *cvalue;
int crit;
case 'E': /* vc extension */
if( protocol == LDAP_VERSION2 ) {
fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
prog, protocol );
exit( EXIT_FAILURE );
}
/* should be extended to support comma separated list of
* [!]key[=value] parameters, e.g. -E !foo,bar=567
*/
crit = 0;
cvalue = NULL;
if( optarg[0] == '!' ) {
crit = 1;
optarg++;
}
control = strdup( optarg );
if ( (cvalue = strchr( control, '=' )) != NULL ) {
*cvalue++ = '\0';
}
if (strcasecmp(control, "sasl") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
if (vc_sasl != LDAP_SASL_NONE) {
fprintf(stderr,
_("SASL option previously specified\n"));
exit(EXIT_FAILURE);
}
if (cvalue == NULL) {
fprintf(stderr,
_("missing mode in SASL option\n"));
exit(EXIT_FAILURE);
}
switch (*cvalue) {
case 'a':
case 'A':
vc_sasl = LDAP_SASL_AUTOMATIC;
break;
case 'i':
case 'I':
vc_sasl = LDAP_SASL_INTERACTIVE;
break;
case 'q':
case 'Q':
vc_sasl = LDAP_SASL_QUIET;
break;
default:
fprintf(stderr,
_("unknown mode %s in SASL option\n"), cvalue);
exit(EXIT_FAILURE);
}
#else
fprintf(stderr,
_("%s: not compiled with SASL support\n"), prog);
exit(EXIT_FAILURE);
#endif
} else if (strcasecmp(control, "mech") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
if (vc_sasl_mech) {
fprintf(stderr,
_("SASL mech previously specified\n"));
exit(EXIT_FAILURE);
}
if (cvalue == NULL) {
fprintf(stderr,
_("missing mech in SASL option\n"));
exit(EXIT_FAILURE);
}
vc_sasl_mech = ber_strdup(cvalue);
#else
#endif
} else if (strcasecmp(control, "realm") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
if (vc_sasl_realm) {
fprintf(stderr,
_("SASL realm previously specified\n"));
exit(EXIT_FAILURE);
}
if (cvalue == NULL) {
fprintf(stderr,
_("missing realm in SASL option\n"));
exit(EXIT_FAILURE);
}
vc_sasl_realm = ber_strdup(cvalue);
#else
fprintf(stderr,
_("%s: not compiled with SASL support\n"), prog);
exit(EXIT_FAILURE);
#endif
} else if (strcasecmp(control, "authcid") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
if (vc_sasl_authcid) {
fprintf(stderr,
_("SASL authcid previously specified\n"));
exit(EXIT_FAILURE);
}
if (cvalue == NULL) {
fprintf(stderr,
_("missing authcid in SASL option\n"));
exit(EXIT_FAILURE);
}
vc_sasl_authcid = ber_strdup(cvalue);
#else
fprintf(stderr,
_("%s: not compiled with SASL support\n"), prog);
exit(EXIT_FAILURE);
#endif
} else if (strcasecmp(control, "authzid") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
if (vc_sasl_authzid) {
fprintf(stderr,
_("SASL authzid previously specified\n"));
exit(EXIT_FAILURE);
}
if (cvalue == NULL) {
fprintf(stderr,
_("missing authzid in SASL option\n"));
exit(EXIT_FAILURE);
}
vc_sasl_authzid = ber_strdup(cvalue);
#else
fprintf(stderr,
_("%s: not compiled with SASL support\n"), prog);
exit(EXIT_FAILURE);
#endif
} else if (strcasecmp(control, "secprops") == 0) {
#if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL)
if (vc_sasl_secprops) {
fprintf(stderr,
_("SASL secprops previously specified\n"));
exit(EXIT_FAILURE);
}
if (cvalue == NULL) {
fprintf(stderr,
_("missing secprops in SASL option\n"));
exit(EXIT_FAILURE);
}
vc_sasl_secprops = ber_strdup(cvalue);
#else
fprintf(stderr,
_("%s: not compiled with SASL support\n"), prog);
exit(EXIT_FAILURE);
#endif
} else {
fprintf( stderr, _("Invalid Verify Credentials extension name: %s\n"), control );
usage();
}
free( control );
break;
case 'a': /* request authzid */
req_authzid++;
break;
case 'b': /* request authzid */
req_pp++;
break;
default:
return 0;
}
return 1;
}
