Esempio n. 1
0
static int apr_ldap_rebind_set_callback(LDAP *ld)
{
#if defined(LDAP_SET_REBIND_PROC_THREE)
    ldap_set_rebind_proc(ld, LDAP_rebindproc, NULL);
#else
    ldap_set_rebind_proc(ld, LDAP_rebindproc);
#endif
    return APR_SUCCESS;
}
Esempio n. 2
0
/** @brief Connect to a LDAP server.
  * @param uri Server to connect too.
  * @param starttls Starttls flags to disallow,allow or enforce SSL.
  * @param timelimit Query timelimit.
  * @param limit Results limit.
  * @param debug Set LDAP_OPT_DEBUG_LEVEL and LBER_OPT_DEBUG_LEVEL to this level.
  * @param err Pointer to a int that will contain the ldap error on failure.
  * @returns Reference to LDAP connection if its NULL the error is returned in err.*/
extern struct ldap_conn *ldap_connect(const char *uri, enum ldap_starttls starttls, int timelimit, int limit, int debug, int *err) {
	struct ldap_conn *ld;
	int version = 3;
	int res, sslres;
	struct timeval timeout;

	if (!(ld = objalloc(sizeof(*ld), free_ldapconn))) {
		return NULL;
	}

	ld->uri = strdup(uri);
	ld->sctrlsp = NULL;
	ld->timelim = timelimit;
	ld->limit = limit;
	ld->sasl = NULL;

	if ((res = ldap_initialize(&ld->ldap, ld->uri) != LDAP_SUCCESS)) {
		objunref(ld);
		ld = NULL;
	} else {
		if (debug) {
			ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &debug);
			ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &debug);
		}
		if (timelimit) {
			timeout.tv_sec = timelimit;
			timeout.tv_usec = 0;
			ldap_set_option(ld->ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *)&timeout);
		}
		ldap_set_option(ld->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
		ldap_set_option(ld->ldap, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_ON);
		ldap_set_rebind_proc(ld->ldap, ldap_rebind_proc, ld);

		if ((starttls != LDAP_STARTTLS_NONE) & !ldap_tls_inplace(ld->ldap) && (sslres = ldap_start_tls_s(ld->ldap, ld->sctrlsp, NULL))) {
			if (starttls == LDAP_STARTTLS_ENFORCE) {
				objunref(ld);
				ld = NULL;
				res = sslres;
			}
		}
	}
	*err = res;
	return ld;
}
Esempio n. 3
0
static int apr_ldap_rebind_set_callback(LDAP *ld)
{
    ldap_set_rebind_proc(ld, LDAP_rebindproc);
    return APR_SUCCESS;
}
Esempio n. 4
0
meta_search_candidate_t
asyncmeta_dobind_result(
	a_metaconn_t		*mc,
	int			candidate,
	SlapReply		*bind_result,
	LDAPMessage		*res )
{
	a_metainfo_t		*mi = mc->mc_info;
	a_metatarget_t		*mt = mi->mi_targets[ candidate ];
	a_metasingleconn_t	*msc = &mc->mc_conns[ candidate ];

	meta_search_candidate_t	retcode = META_SEARCH_NOT_CANDIDATE;
	int			rc;

	assert( msc->msc_ldr != NULL );

	if ( mi->mi_idle_timeout != 0 ) {
		asyncmeta_set_msc_time(msc);
	}

	if ( LogTest( asyncmeta_debug ) ) {
		char	time_buf[ SLAP_TEXT_BUFLEN ];
		asyncmeta_get_timestamp(time_buf);
		Debug( asyncmeta_debug, "[%x] [%s] asyncmeta_dobind_result msc: %p, "
		       "msc->msc_binding_time: %x, msc->msc_flags:%x\n ",
		       (unsigned int)slap_get_time(), time_buf, msc,
		       (unsigned int)msc->msc_binding_time, msc->msc_mscflags );
	}
	/* FIXME: matched? referrals? response controls? */
	rc = ldap_parse_result( msc->msc_ldr, res,
				&(bind_result->sr_err),
				(char **)&(bind_result->sr_matched),
				(char **)&(bind_result->sr_text),
				NULL, NULL, 0 );

	if ( LogTest( asyncmeta_debug ) ) {
		char	time_buf[ SLAP_TEXT_BUFLEN ];
		asyncmeta_get_timestamp(time_buf);
		Debug( asyncmeta_debug,
		       "[%s] asyncmeta_dobind_result error=%d msc: %p\n",
		       time_buf,bind_result->sr_err, msc );
	}

	if ( rc != LDAP_SUCCESS ) {
		bind_result->sr_err = rc;
	}
	rc = slap_map_api2result( bind_result );

	LDAP_BACK_CONN_BINDING_CLEAR( msc );
	if ( rc != LDAP_SUCCESS ) {
		bind_result->sr_err = rc;
	} else {
		/* FIXME: check if bound as idassert authcDN! */
		if ( BER_BVISNULL( &msc->msc_bound_ndn )
			|| BER_BVISEMPTY( &msc->msc_bound_ndn ) )
		{
			LDAP_BACK_CONN_ISANON_SET( msc );
			if ( LogTest( asyncmeta_debug ) ) {
				char	time_buf[ SLAP_TEXT_BUFLEN ];
				asyncmeta_get_timestamp(time_buf);
				Debug( asyncmeta_debug, "[%s] asyncmeta_dobind_result anonymous msc: %p\n",
				      time_buf, msc );
			}

		} else {
			if ( META_BACK_TGT_SAVECRED( mt ) &&
				!BER_BVISNULL( &msc->msc_cred ) &&
				!BER_BVISEMPTY( &msc->msc_cred ) )
			{
				ldap_set_rebind_proc( msc->msc_ldr, mt->mt_rebind_f, msc );
			}
			if ( LogTest( asyncmeta_debug ) ) {
				char	time_buf[ SLAP_TEXT_BUFLEN ];
				asyncmeta_get_timestamp(time_buf);
				Debug( asyncmeta_debug, "[%s] asyncmeta_dobind_result success msc: %p\n",
				      time_buf, msc );
			}
			LDAP_BACK_CONN_ISBOUND_SET( msc );
		}
		retcode = META_SEARCH_CANDIDATE;
	}
	return retcode;
}
Esempio n. 5
0
int
main( int argc, char **argv )
{
	LDAP		*ld = NULL;
	int		i, c, port, errflg, method, id, msgtype;
	char		line[256], command1, command2, command3;
	char		passwd[64], dn[256], rdn[64], attr[64], value[256];
	char		filter[256], *host, **types;
	char		**exdn;
	static const char usage[] =
		"usage: %s [-u] [-h host] [-d level] [-s dnsuffix] [-p port] [-t file] [-T file]\n";
	int		bound, all, scope, attrsonly;
	LDAPMessage	*res;
	LDAPMod		**mods, **attrs;
	struct timeval	timeout;
	char		*copyfname = NULL;
	int		copyoptions = 0;
	LDAPURLDesc	*ludp;

	host = NULL;
	port = LDAP_PORT;
	dnsuffix = "";
	errflg = 0;

	while (( c = getopt( argc, argv, "h:d:s:p:t:T:" )) != -1 ) {
		switch( c ) {
		case 'd':
#ifdef LDAP_DEBUG
			ldap_debug = atoi( optarg );
#ifdef LBER_DEBUG
			if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
				ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
			}
#endif
#else
			printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
			break;

		case 'h':
			host = optarg;
			break;

		case 's':
			dnsuffix = optarg;
			break;

		case 'p':
			port = atoi( optarg );
			break;

		case 't':	/* copy ber's to given file */
			copyfname = strdup( optarg );
/*			copyoptions = LBER_TO_FILE; */
			break;

		case 'T':	/* only output ber's to given file */
			copyfname = strdup( optarg );
/*			copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY); */
			break;

		default:
		    ++errflg;
		}
	}

	if ( host == NULL && optind == argc - 1 ) {
		host = argv[ optind ];
		++optind;
	}

	if ( errflg || optind < argc - 1 ) {
		fprintf( stderr, usage, argv[ 0 ] );
		exit( EXIT_FAILURE );
	}
	
	printf( "ldap_init( %s, %d )\n",
		host == NULL ? "(null)" : host, port );

	ld = ldap_init( host, port );

	if ( ld == NULL ) {
		perror( "ldap_init" );
		exit( EXIT_FAILURE );
	}

	if ( copyfname != NULL ) {
		if ( ( ld->ld_sb->sb_fd = open( copyfname, O_WRONLY|O_CREAT|O_EXCL,
		    0600 ))  == -1 ) {
			perror( copyfname );
			exit ( EXIT_FAILURE );
		}
		ld->ld_sb->sb_options = copyoptions;
	}

	bound = 0;
	timeout.tv_sec = 0;
	timeout.tv_usec = 0;

	(void) memset( line, '\0', sizeof(line) );
	while ( get_line( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) {
		command1 = line[0];
		command2 = line[1];
		command3 = line[2];

		switch ( command1 ) {
		case 'a':	/* add or abandon */
			switch ( command2 ) {
			case 'd':	/* add */
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (attrs = get_modlist( NULL, "attr? ",
				    "value? " )) == NULL )
					break;
				if ( (id = ldap_add( ld, dn, attrs )) == -1 )
					ldap_perror( ld, "ldap_add" );
				else
					printf( "Add initiated with id %d\n",
					    id );
				break;

			case 'b':	/* abandon */
				get_line( line, sizeof(line), stdin, "msgid? " );
				id = atoi( line );
				if ( ldap_abandon( ld, id ) != 0 )
					ldap_perror( ld, "ldap_abandon" );
				else
					printf( "Abandon successful\n" );
				break;
			default:
				printf( "Possibilities: [ad]d, [ab]ort\n" );
			}
			break;

		case 'b':	/* asynch bind */
			method = LDAP_AUTH_SIMPLE;
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );

			if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' )
				get_line( passwd, sizeof(passwd), stdin,
				    "password? " );
			else
				passwd[0] = '\0';

			if ( ldap_bind( ld, dn, passwd, method ) == -1 ) {
				fprintf( stderr, "ldap_bind failed\n" );
				ldap_perror( ld, "ldap_bind" );
			} else {
				printf( "Bind initiated\n" );
				bound = 1;
			}
			break;

		case 'B':	/* synch bind */
			method = LDAP_AUTH_SIMPLE;
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );

			if ( dn[0] != '\0' )
				get_line( passwd, sizeof(passwd), stdin,
				    "password? " );
			else
				passwd[0] = '\0';

			if ( ldap_bind_s( ld, dn, passwd, method ) !=
			    LDAP_SUCCESS ) {
				fprintf( stderr, "ldap_bind_s failed\n" );
				ldap_perror( ld, "ldap_bind_s" );
			} else {
				printf( "Bind successful\n" );
				bound = 1;
			}
			break;

		case 'c':	/* compare */
			get_line( dn, sizeof(dn), stdin, "dn? " );
			strcat( dn, dnsuffix );
			get_line( attr, sizeof(attr), stdin, "attr? " );
			get_line( value, sizeof(value), stdin, "value? " );

			if ( (id = ldap_compare( ld, dn, attr, value )) == -1 )
				ldap_perror( ld, "ldap_compare" );
			else
				printf( "Compare initiated with id %d\n", id );
			break;

		case 'd':	/* turn on debugging */
#ifdef LDAP_DEBUG
			get_line( line, sizeof(line), stdin, "debug level? " );
			ldap_debug = atoi( line );
#ifdef LBER_DEBUG
			if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
				ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ldap_debug );
			}
#endif
#else
			printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
			break;

		case 'E':	/* explode a dn */
			get_line( line, sizeof(line), stdin, "dn? " );
			exdn = ldap_explode_dn( line, 0 );
			for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) {
				printf( "\t%s\n", exdn[i] );
			}
			break;

		case 'g':	/* set next msgid */
			get_line( line, sizeof(line), stdin, "msgid? " );
			ld->ld_msgid = atoi( line );
			break;

		case 'v':	/* set version number */
			get_line( line, sizeof(line), stdin, "version? " );
			ld->ld_version = atoi( line );
			break;

		case 'm':	/* modify or modifyrdn */
			if ( strncmp( line, "modify", 4 ) == 0 ) {
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (mods = get_modlist(
				    "mod (0=>add, 1=>delete, 2=>replace -1=>done)? ",
				    "attribute type? ", "attribute value? " ))
				    == NULL )
					break;
				if ( (id = ldap_modify( ld, dn, mods )) == -1 )
					ldap_perror( ld, "ldap_modify" );
				else
					printf( "Modify initiated with id %d\n",
					    id );
			} else if ( strncmp( line, "modrdn", 4 ) == 0 ) {
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				get_line( rdn, sizeof(rdn), stdin, "newrdn? " );
				if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 )
					ldap_perror( ld, "ldap_modrdn" );
				else
					printf( "Modrdn initiated with id %d\n",
					    id );
			} else {
				printf( "Possibilities: [modi]fy, [modr]dn\n" );
			}
			break;

		case 'q':	/* quit */
			ldap_unbind( ld );
			exit( EXIT_SUCCESS );
			break;

		case 'r':	/* result or remove */
			switch ( command3 ) {
			case 's':	/* result */
				get_line( line, sizeof(line), stdin,
				    "msgid (-1=>any)? " );
				if ( line[0] == '\0' )
					id = -1;
				else
					id = atoi( line );
				get_line( line, sizeof(line), stdin,
				    "all (0=>any, 1=>all)? " );
				if ( line[0] == '\0' )
					all = 1;
				else
					all = atoi( line );
				if (( msgtype = ldap_result( ld, id, all,
				    &timeout, &res )) < 1 ) {
					ldap_perror( ld, "ldap_result" );
					break;
				}
				printf( "\nresult: msgtype %d msgid %d\n",
				    msgtype, res->lm_msgid );
				handle_result( ld, res );
				res = NULL;
				break;

			case 'm':	/* remove */
				get_line( dn, sizeof(dn), stdin, "dn? " );
				strcat( dn, dnsuffix );
				if ( (id = ldap_delete( ld, dn )) == -1 )
					ldap_perror( ld, "ldap_delete" );
				else
					printf( "Remove initiated with id %d\n",
					    id );
				break;

			default:
				printf( "Possibilities: [rem]ove, [res]ult\n" );
				break;
			}
			break;

		case 's':	/* search */
			get_line( dn, sizeof(dn), stdin, "searchbase? " );
			strcat( dn, dnsuffix );
			get_line( line, sizeof(line), stdin,
			    "scope (0=baseObject, 1=oneLevel, 2=subtree, 3=children)? " );
			scope = atoi( line );
			get_line( filter, sizeof(filter), stdin,
			    "search filter (e.g. sn=jones)? " );
			types = get_list( "attrs to return? " );
			get_line( line, sizeof(line), stdin,
			    "attrsonly (0=attrs&values, 1=attrs only)? " );
			attrsonly = atoi( line );

			    if (( id = ldap_search( ld, dn, scope, filter,
				    types, attrsonly  )) == -1 ) {
				ldap_perror( ld, "ldap_search" );
			    } else {
				printf( "Search initiated with id %d\n", id );
			    }
			free_list( types );
			break;

		case 't':	/* set timeout value */
			get_line( line, sizeof(line), stdin, "timeout? " );
			timeout.tv_sec = atoi( line );
			break;

		case 'p':	/* parse LDAP URL */
			get_line( line, sizeof(line), stdin, "LDAP URL? " );
			if (( i = ldap_url_parse( line, &ludp )) != 0 ) {
			    fprintf( stderr, "ldap_url_parse: error %d\n", i );
			} else {
			    printf( "\t  host: " );
			    if ( ludp->lud_host == NULL ) {
				printf( "DEFAULT\n" );
			    } else {
				printf( "<%s>\n", ludp->lud_host );
			    }
			    printf( "\t  port: " );
			    if ( ludp->lud_port == 0 ) {
				printf( "DEFAULT\n" );
			    } else {
				printf( "%d\n", ludp->lud_port );
			    }
			    printf( "\t    dn: <%s>\n", ludp->lud_dn );
			    printf( "\t attrs:" );
			    if ( ludp->lud_attrs == NULL ) {
				printf( " ALL" );
			    } else {
				for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) {
				    printf( " <%s>", ludp->lud_attrs[ i ] );
				}
			    }
			    printf( "\n\t scope: %s\n",
					ludp->lud_scope == LDAP_SCOPE_BASE ? "baseObject"
					: ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "oneLevel"
					: ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "subtree"
#ifdef LDAP_SCOPE_SUBORDINATE
					: ludp->lud_scope == LDAP_SCOPE_SUBORDINATE ? "children"
#endif
					: "**invalid**" );
			    printf( "\tfilter: <%s>\n", ludp->lud_filter );
			    ldap_free_urldesc( ludp );
			}
			    break;

		case 'n':	/* set dn suffix, for convenience */
			get_line( line, sizeof(line), stdin, "DN suffix? " );
			strcpy( dnsuffix, line );
			break;

		case 'o':	/* set ldap options */
			get_line( line, sizeof(line), stdin, "alias deref (0=never, 1=searching, 2=finding, 3=always)?" );
			ld->ld_deref = atoi( line );
			get_line( line, sizeof(line), stdin, "timelimit?" );
			ld->ld_timelimit = atoi( line );
			get_line( line, sizeof(line), stdin, "sizelimit?" );
			ld->ld_sizelimit = atoi( line );

			LDAP_BOOL_ZERO(&ld->ld_options);

			get_line( line, sizeof(line), stdin,
				"Recognize and chase referrals (0=no, 1=yes)?" );
			if ( atoi( line ) != 0 ) {
				LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_REFERRALS);
				get_line( line, sizeof(line), stdin,
					"Prompt for bind credentials when chasing referrals (0=no, 1=yes)?" );
				if ( atoi( line ) != 0 ) {
					ldap_set_rebind_proc( ld, bind_prompt, NULL );
				}
			}
			break;

		case '?':	/* help */
			printf(
"Commands: [ad]d         [ab]andon         [b]ind\n"
"          [B]ind async  [c]ompare\n"
"          [modi]fy      [modr]dn          [rem]ove\n"
"          [res]ult      [s]earch          [q]uit/unbind\n\n"
"          [d]ebug       set ms[g]id\n"
"          d[n]suffix    [t]imeout         [v]ersion\n"
"          [?]help       [o]ptions"
"          [E]xplode dn  [p]arse LDAP URL\n" );
			break;

		default:
			printf( "Invalid command.  Type ? for help.\n" );
			break;
		}

		(void) memset( line, '\0', sizeof(line) );
	}

	return( 0 );
}
Esempio n. 6
0
/*
 * meta_back_single_bind
 *
 * attempts to perform a bind with creds
 */
static int
meta_back_single_bind(
	Operation		*op,
	SlapReply		*rs,
	metaconn_t		*mc,
	int			candidate )
{
	metainfo_t		*mi = ( metainfo_t * )op->o_bd->be_private;
	metatarget_t		*mt = mi->mi_targets[ candidate ];
	struct berval		mdn = BER_BVNULL;
	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
	int			msgid;
	dncookie		dc;
	struct berval		save_o_dn;
	int			save_o_do_not_cache;
	LDAPControl		**ctrls = NULL;

	if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
		ch_free( msc->msc_bound_ndn.bv_val );
		BER_BVZERO( &msc->msc_bound_ndn );
	}

	if ( !BER_BVISNULL( &msc->msc_cred ) ) {
		/* destroy sensitive data */
		memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
		ch_free( msc->msc_cred.bv_val );
		BER_BVZERO( &msc->msc_cred );
	}

	/*
	 * Rewrite the bind dn if needed
	 */
	dc.target = mt;
	dc.conn = op->o_conn;
	dc.rs = rs;
	dc.ctx = "bindDN";

	if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
		rs->sr_text = "DN rewrite error";
		rs->sr_err = LDAP_OTHER;
		return rs->sr_err;
	}

	/* don't add proxyAuthz; set the bindDN */
	save_o_dn = op->o_dn;
	save_o_do_not_cache = op->o_do_not_cache;
	op->o_do_not_cache = 1;
	op->o_dn = op->o_req_dn;

	ctrls = op->o_ctrls;
	rs->sr_err = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
	op->o_dn = save_o_dn;
	op->o_do_not_cache = save_o_do_not_cache;
	if ( rs->sr_err != LDAP_SUCCESS ) {
		goto return_results;
	}

	/* FIXME: this fixes the bind problem right now; we need
	 * to use the asynchronous version to get the "matched"
	 * and more in case of failure ... */
	/* FIXME: should we check if at least some of the op->o_ctrls
	 * can/should be passed? */
	for (;;) {
		rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,
			LDAP_SASL_SIMPLE, &op->orb_cred,
			ctrls, NULL, &msgid );
		if ( rs->sr_err != LDAP_X_CONNECTING ) {
			break;
		}
		ldap_pvt_thread_yield();
	}

	mi->mi_ldap_extra->controls_free( op, rs, &ctrls );

	meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND, 1 );
	if ( rs->sr_err != LDAP_SUCCESS ) {
		goto return_results;
	}

	/* If defined, proxyAuthz will be used also when
	 * back-ldap is the authorizing backend; for this
	 * purpose, a successful bind is followed by a
	 * bind with the configured identity assertion */
	/* NOTE: use with care */
	if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
		meta_back_proxy_authz_bind( mc, candidate, op, rs, LDAP_BACK_SENDERR, 1 );
		if ( !LDAP_BACK_CONN_ISBOUND( msc ) ) {
			goto return_results;
		}
		goto cache_refresh;
	}

	ber_bvreplace( &msc->msc_bound_ndn, &op->o_req_ndn );
	LDAP_BACK_CONN_ISBOUND_SET( msc );
	mc->mc_authz_target = candidate;

	if ( META_BACK_TGT_SAVECRED( mt ) ) {
		if ( !BER_BVISNULL( &msc->msc_cred ) ) {
			memset( msc->msc_cred.bv_val, 0,
				msc->msc_cred.bv_len );
		}
		ber_bvreplace( &msc->msc_cred, &op->orb_cred );
		ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
	}

cache_refresh:;
	if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED
			&& !BER_BVISEMPTY( &op->o_req_ndn ) )
	{
		( void )meta_dncache_update_entry( &mi->mi_cache,
				&op->o_req_ndn, candidate );
	}

return_results:;
	if ( mdn.bv_val != op->o_req_dn.bv_val ) {
		free( mdn.bv_val );
	}

	if ( META_BACK_TGT_QUARANTINE( mt ) ) {
		meta_back_quarantine( op, rs, candidate );
	}

	return rs->sr_err;
}
Esempio n. 7
0
static int
meta_back_proxy_authz_bind(
	metaconn_t *mc,
	int candidate,
	Operation *op,
	SlapReply *rs,
	ldap_back_send_t sendok,
	int dolock )
{
	metainfo_t		*mi = (metainfo_t *)op->o_bd->be_private;
	metatarget_t		*mt = mi->mi_targets[ candidate ];
	metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
	struct berval		binddn = BER_BVC( "" ),
				cred = BER_BVC( "" );
	int			method = LDAP_AUTH_NONE,
				rc;

	rc = meta_back_proxy_authz_cred( mc, candidate, op, rs, sendok, &binddn, &cred, &method );
	if ( rc == LDAP_SUCCESS && !LDAP_BACK_CONN_ISBOUND( msc ) ) {
		int	msgid;

		switch ( method ) {
		case LDAP_AUTH_NONE:
		case LDAP_AUTH_SIMPLE:

			if(!dolock) {
				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
			}

			for (;;) {
				rs->sr_err = ldap_sasl_bind( msc->msc_ld,
					binddn.bv_val, LDAP_SASL_SIMPLE,
					&cred, NULL, NULL, &msgid );
				if ( rs->sr_err != LDAP_X_CONNECTING ) {
					break;
				}
				ldap_pvt_thread_yield();
			}

			if(!dolock) {
				ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
			}

			rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok, dolock );
			if ( rc == LDAP_SUCCESS ) {
				/* set rebind stuff in case of successful proxyAuthz bind,
				 * so that referral chasing is attempted using the right
				 * identity */
				LDAP_BACK_CONN_ISBOUND_SET( msc );
				ber_bvreplace( &msc->msc_bound_ndn, &binddn );

				if ( META_BACK_TGT_SAVECRED( mt ) ) {
					if ( !BER_BVISNULL( &msc->msc_cred ) ) {
						memset( msc->msc_cred.bv_val, 0,
							msc->msc_cred.bv_len );
					}
					ber_bvreplace( &msc->msc_cred, &cred );
					ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
				}
			}
			break;

		default:
			LDAP_BUG();
			break;
		}
	}

	return LDAP_BACK_CONN_ISBOUND( msc );
}
Esempio n. 8
0
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#ifdef MACOS
#include <stdlib.h>
#ifdef THINK_C
#include <console.h>
#include <unix.h>
#include <fcntl.h>
#endif /* THINK_C */
#include "macos.h"
#else /* MACOS */
#if defined( DOS ) || defined( _WIN32 )
#ifdef DOS
#include "msdos.h"
#endif
#if defined( WINSOCK ) || defined( _WIN32 )
#include "console.h"
#endif /* WINSOCK */
#else /* DOS */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/file.h>
#ifndef VMS
#include <fcntl.h>
#include <unistd.h>
#endif /* VMS */
#endif /* DOS */
#endif /* MACOS */

#include "lber.h"
#include "ldap.h"

#if !defined( PCNFS ) && !defined( WINSOCK ) && !defined( MACOS )
#define MOD_USE_BVALS
#endif /* !PCNFS && !WINSOCK && !MACOS */

#ifdef NEEDPROTOS
static void handle_result( LDAP *ld, LDAPMessage *lm );
static void print_ldap_result( LDAP *ld, LDAPMessage *lm, char *s );
static void print_search_entry( LDAP *ld, LDAPMessage *res );
static void free_list( char **list );
#else
static void handle_result();
static void print_ldap_result();
static void print_search_entry();
static void free_list();
#endif /* NEEDPROTOS */

#define NOCACHEERRMSG \
		"don't compile with -DNO_CACHE if you desire local caching"

char *dnsuffix;

#ifndef WINSOCK
static char *
getline( char *line, int len, FILE *fp, char *prompt )
{
    printf(prompt);

    if ( fgets( line, len, fp ) == NULL )
        return( NULL );

    line[ strlen( line ) - 1 ] = '\0';

    return( line );
}
#endif /* WINSOCK */

static char **
get_list( char *prompt )
{
    static char	buf[256];
    int		num;
    char		**result;

    num = 0;
    result = (char **) 0;
    while ( 1 ) {
        getline( buf, sizeof(buf), stdin, prompt );

        if ( *buf == '\0' )
            break;

        if ( result == (char **) 0 )
            result = (char **) malloc( sizeof(char *) );
        else
            result = (char **) realloc( result,
                                        sizeof(char *) * (num + 1) );

        result[num++] = (char *) strdup( buf );
    }
    if ( result == (char **) 0 )
        return( NULL );
    result = (char **) realloc( result, sizeof(char *) * (num + 1) );
    result[num] = NULL;

    return( result );
}


static void
free_list( char **list )
{
    int	i;

    if ( list != NULL ) {
        for ( i = 0; list[ i ] != NULL; ++i ) {
            free( list[ i ] );
        }
        free( (char *)list );
    }
}


#ifdef MOD_USE_BVALS
static int
file_read( char *path, struct berval *bv )
{
    FILE		*fp;
    long		rlen;
    int		eof;

    if (( fp = fopen( path, "r" )) == NULL ) {
        perror( path );
        return( -1 );
    }

    if ( fseek( fp, 0L, SEEK_END ) != 0 ) {
        perror( path );
        fclose( fp );
        return( -1 );
    }

    bv->bv_len = ftell( fp );

    if (( bv->bv_val = (char *)malloc( bv->bv_len )) == NULL ) {
        perror( "malloc" );
        fclose( fp );
        return( -1 );
    }

    if ( fseek( fp, 0L, SEEK_SET ) != 0 ) {
        perror( path );
        fclose( fp );
        return( -1 );
    }

    rlen = fread( bv->bv_val, 1, bv->bv_len, fp );
    eof = feof( fp );
    fclose( fp );

    if ( rlen != bv->bv_len ) {
        perror( path );
        free( bv->bv_val );
        return( -1 );
    }

    return( bv->bv_len );
}
#endif /* MOD_USE_BVALS */


static LDAPMod **
get_modlist( char *prompt1, char *prompt2, char *prompt3 )
{
    static char	buf[256];
    int		num;
    LDAPMod		tmp;
    LDAPMod		**result;
#ifdef MOD_USE_BVALS
    struct berval	**bvals;
#endif /* MOD_USE_BVALS */

    num = 0;
    result = NULL;
    while ( 1 ) {
        if ( prompt1 ) {
            getline( buf, sizeof(buf), stdin, prompt1 );
            tmp.mod_op = atoi( buf );

            if ( tmp.mod_op == -1 || buf[0] == '\0' )
                break;
        }

        getline( buf, sizeof(buf), stdin, prompt2 );
        if ( buf[0] == '\0' )
            break;
        tmp.mod_type = strdup( buf );

        tmp.mod_values = get_list( prompt3 );
#ifdef MOD_USE_BVALS
        if ( tmp.mod_values != NULL ) {
            int	i;

            for ( i = 0; tmp.mod_values[i] != NULL; ++i )
                ;
            bvals = (struct berval **)calloc( i + 1,
                                              sizeof( struct berval *));
            for ( i = 0; tmp.mod_values[i] != NULL; ++i ) {
                bvals[i] = (struct berval *)malloc(
                               sizeof( struct berval ));
                if ( strncmp( tmp.mod_values[i], "{FILE}",
                              6 ) == 0 ) {
                    if ( file_read( tmp.mod_values[i] + 6,
                                    bvals[i] ) < 0 ) {
                        return( NULL );
                    }
                } else {
                    bvals[i]->bv_val = tmp.mod_values[i];
                    bvals[i]->bv_len =
                        strlen( tmp.mod_values[i] );
                }
            }
            tmp.mod_bvalues = bvals;
            tmp.mod_op |= LDAP_MOD_BVALUES;
        }
#endif /* MOD_USE_BVALS */

        if ( result == NULL )
            result = (LDAPMod **) malloc( sizeof(LDAPMod *) );
        else
            result = (LDAPMod **) realloc( result,
                                           sizeof(LDAPMod *) * (num + 1) );

        result[num] = (LDAPMod *) malloc( sizeof(LDAPMod) );
        *(result[num]) = tmp;	/* struct copy */
        num++;
    }
    if ( result == NULL )
        return( NULL );
    result = (LDAPMod **) realloc( result, sizeof(LDAPMod *) * (num + 1) );
    result[num] = NULL;

    return( result );
}


#ifdef LDAP_REFERRALS
int
bind_prompt( LDAP *ld, char **dnp, char **passwdp, int *authmethodp,
             int freeit )
{
    static char	dn[256], passwd[256];

    if ( !freeit ) {
#ifdef KERBEROS
        getline( dn, sizeof(dn), stdin, "re-bind method (0->simple, "
                 "1->krbv41, 2->krbv42, 3->krbv41&2)? " );
        if (( *authmethodp = atoi( dn )) == 3 ) {
            *authmethodp = LDAP_AUTH_KRBV4;
        } else {
            *authmethodp |= 0x80;
        }
#else /* KERBEROS */
        *authmethodp = LDAP_AUTH_SIMPLE;
#endif /* KERBEROS */

        getline( dn, sizeof(dn), stdin, "re-bind dn? " );
        strcat( dn, dnsuffix );
        *dnp = dn;

        if ( *authmethodp == LDAP_AUTH_SIMPLE && dn[0] != '\0' ) {
            getline( passwd, sizeof(passwd), stdin,
                     "re-bind password? " );
        } else {
            passwd[0] = '\0';
        }
        *passwdp = passwd;
    }

    return( LDAP_SUCCESS );
}
#endif /* LDAP_REFERRALS */


int
#ifdef WINSOCK
ldapmain(
#else /* WINSOCK */
main(
#endif /* WINSOCK */
    int argc, char **argv )
{
    LDAP		*ld;
    int		i, c, port, cldapflg, errflg, method, id, msgtype;
    char		line[256], command1, command2, command3;
    char		passwd[64], dn[256], rdn[64], attr[64], value[256];
    char		filter[256], *host, **types;
    char		**exdn;
    char		*usage = "usage: %s [-u] [-h host] [-d level] "
                         "[-s dnsuffix] [-p port] [-t file] [-T file]\n";
    int		bound, all, scope, attrsonly;
    LDAPMessage	*res;
    LDAPMod		**mods, **attrs;
    struct timeval	timeout;
    char		*copyfname = NULL;
    int		copyoptions = 0;
    LDAPURLDesc	*ludp;

    extern char	*optarg;
    extern int	optind;

#ifdef MACOS
    if (( argv = get_list( "cmd line arg?" )) == NULL ) {
        exit( 1 );
    }
    for ( argc = 0; argv[ argc ] != NULL; ++argc ) {
        ;
    }
#endif /* MACOS */

    host = NULL;
    port = LDAP_PORT;
    dnsuffix = "";
    cldapflg = errflg = 0;

    while (( c = getopt( argc, argv, "uh:d:s:p:t:T:" )) != -1 ) {
        switch( c ) {
        case 'u':
#ifdef CLDAP
            cldapflg++;
#else /* CLDAP */
            printf( "Compile with -DCLDAP for UDP support\n" );
#endif /* CLDAP */
            break;

        case 'd':
#ifdef LDAP_DEBUG
            ldap_debug = atoi( optarg );
            if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
                lber_debug = ldap_debug;
            }
#else
            printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
            break;

        case 'h':
            host = optarg;
            break;

        case 's':
            dnsuffix = optarg;
            break;

        case 'p':
            port = atoi( optarg );
            break;

#if !defined(MACOS) && !defined(DOS)
        case 't':	/* copy ber's to given file */
            copyfname = strdup( optarg );
            copyoptions = LBER_TO_FILE;
            break;

        case 'T':	/* only output ber's to given file */
            copyfname = strdup( optarg );
            copyoptions = (LBER_TO_FILE | LBER_TO_FILE_ONLY);
            break;
#endif

        default:
            ++errflg;
        }
    }

    if ( host == NULL && optind == argc - 1 ) {
        host = argv[ optind ];
        ++optind;
    }

    if ( errflg || optind < argc - 1 ) {
        fprintf( stderr, usage, argv[ 0 ] );
        exit( 1 );
    }

    printf( "%sldap_open( %s, %d )\n", cldapflg ? "c" : "",
            host == NULL ? "(null)" : host, port );

    if ( cldapflg ) {
#ifdef CLDAP
        ld = cldap_open( host, port );
#endif /* CLDAP */
    } else {
        ld = ldap_open( host, port );
    }

    if ( ld == NULL ) {
        perror( "ldap_open" );
        exit(1);
    }

#if !defined(MACOS) && !defined(DOS)
    if ( copyfname != NULL ) {
        if ( (ld->ld_sb.sb_fd = open( copyfname, O_WRONLY | O_CREAT,
                                      0600 ))  == -1 ) {
            perror( copyfname );
            exit ( 1 );
        }
        ld->ld_sb.sb_options = copyoptions;
    }
#endif

    bound = 0;
    timeout.tv_sec = 0;
    timeout.tv_usec = 0;

    (void) memset( line, '\0', sizeof(line) );
    while ( getline( line, sizeof(line), stdin, "\ncommand? " ) != NULL ) {
        command1 = line[0];
        command2 = line[1];
        command3 = line[2];

        switch ( command1 ) {
        case 'a':	/* add or abandon */
            switch ( command2 ) {
            case 'd':	/* add */
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                if ( (attrs = get_modlist( NULL, "attr? ",
                                           "value? " )) == NULL )
                    break;
                if ( (id = ldap_add( ld, dn, attrs )) == -1 )
                    ldap_perror( ld, "ldap_add" );
                else
                    printf( "Add initiated with id %d\n",
                            id );
                break;

            case 'b':	/* abandon */
                getline( line, sizeof(line), stdin, "msgid? " );
                id = atoi( line );
                if ( ldap_abandon( ld, id ) != 0 )
                    ldap_perror( ld, "ldap_abandon" );
                else
                    printf( "Abandon successful\n" );
                break;
            default:
                printf( "Possibilities: [ad]d, [ab]ort\n" );
            }
            break;

        case 'b':	/* asynch bind */
#ifdef KERBEROS
            getline( line, sizeof(line), stdin,
                     "method (0->simple, 1->krbv41, 2->krbv42)? " );
            method = atoi( line ) | 0x80;
#else /* KERBEROS */
            method = LDAP_AUTH_SIMPLE;
#endif /* KERBEROS */
            getline( dn, sizeof(dn), stdin, "dn? " );
            strcat( dn, dnsuffix );

            if ( method == LDAP_AUTH_SIMPLE && dn[0] != '\0' )
                getline( passwd, sizeof(passwd), stdin,
                         "password? " );
            else
                passwd[0] = '\0';

            if ( ldap_bind( ld, dn, passwd, method ) == -1 ) {
                fprintf( stderr, "ldap_bind failed\n" );
                ldap_perror( ld, "ldap_bind" );
            } else {
                printf( "Bind initiated\n" );
                bound = 1;
            }
            break;

        case 'B':	/* synch bind */
#ifdef KERBEROS
            getline( line, sizeof(line), stdin,
                     "method 0->simple 1->krbv41 2->krbv42 3->krb? " );
            method = atoi( line );
            if ( method == 3 )
                method = LDAP_AUTH_KRBV4;
            else
                method = method | 0x80;
#else /* KERBEROS */
            method = LDAP_AUTH_SIMPLE;
#endif /* KERBEROS */
            getline( dn, sizeof(dn), stdin, "dn? " );
            strcat( dn, dnsuffix );

            if ( dn[0] != '\0' )
                getline( passwd, sizeof(passwd), stdin,
                         "password? " );
            else
                passwd[0] = '\0';

            if ( ldap_bind_s( ld, dn, passwd, method ) !=
                    LDAP_SUCCESS ) {
                fprintf( stderr, "ldap_bind_s failed\n" );
                ldap_perror( ld, "ldap_bind_s" );
            } else {
                printf( "Bind successful\n" );
                bound = 1;
            }
            break;

        case 'c':	/* compare */
            getline( dn, sizeof(dn), stdin, "dn? " );
            strcat( dn, dnsuffix );
            getline( attr, sizeof(attr), stdin, "attr? " );
            getline( value, sizeof(value), stdin, "value? " );

            if ( (id = ldap_compare( ld, dn, attr, value )) == -1 )
                ldap_perror( ld, "ldap_compare" );
            else
                printf( "Compare initiated with id %d\n", id );
            break;

        case 'd':	/* turn on debugging */
#ifdef LDAP_DEBUG
            getline( line, sizeof(line), stdin, "debug level? " );
            ldap_debug = atoi( line );
            if ( ldap_debug & LDAP_DEBUG_PACKETS ) {
                lber_debug = ldap_debug;
            }
#else
            printf( "Compile with -DLDAP_DEBUG for debugging\n" );
#endif
            break;

        case 'E':	/* explode a dn */
            getline( line, sizeof(line), stdin, "dn? " );
            exdn = ldap_explode_dn( line, 0 );
            for ( i = 0; exdn != NULL && exdn[i] != NULL; i++ ) {
                printf( "\t%s\n", exdn[i] );
            }
            break;

        case 'g':	/* set next msgid */
            getline( line, sizeof(line), stdin, "msgid? " );
            ld->ld_msgid = atoi( line );
            break;

        case 'v':	/* set version number */
            getline( line, sizeof(line), stdin, "version? " );
            ld->ld_version = atoi( line );
            break;

        case 'm':	/* modify or modifyrdn */
            if ( strncmp( line, "modify", 4 ) == 0 ) {
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                if ( (mods = get_modlist(
                                 "mod (0=>add, 1=>delete, 2=>replace -1=>done)? ",
                                 "attribute type? ", "attribute value? " ))
                        == NULL )
                    break;
                if ( (id = ldap_modify( ld, dn, mods )) == -1 )
                    ldap_perror( ld, "ldap_modify" );
                else
                    printf( "Modify initiated with id %d\n",
                            id );
            } else if ( strncmp( line, "modrdn", 4 ) == 0 ) {
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                getline( rdn, sizeof(rdn), stdin, "newrdn? " );
                if ( (id = ldap_modrdn( ld, dn, rdn )) == -1 )
                    ldap_perror( ld, "ldap_modrdn" );
                else
                    printf( "Modrdn initiated with id %d\n",
                            id );
            } else {
                printf( "Possibilities: [modi]fy, [modr]dn\n" );
            }
            break;

        case 'q':	/* quit */
#ifdef CLDAP
            if ( cldapflg )
                cldap_close( ld );
#endif /* CLDAP */
#ifdef LDAP_REFERRALS
            if ( !cldapflg )
#else /* LDAP_REFERRALS */
            if ( !cldapflg && bound )
#endif /* LDAP_REFERRALS */
                ldap_unbind( ld );
            exit( 0 );
            break;

        case 'r':	/* result or remove */
            switch ( command3 ) {
            case 's':	/* result */
                getline( line, sizeof(line), stdin,
                         "msgid (-1=>any)? " );
                if ( line[0] == '\0' )
                    id = -1;
                else
                    id = atoi( line );
                getline( line, sizeof(line), stdin,
                         "all (0=>any, 1=>all)? " );
                if ( line[0] == '\0' )
                    all = 1;
                else
                    all = atoi( line );
                if (( msgtype = ldap_result( ld, id, all,
                                             &timeout, &res )) < 1 ) {
                    ldap_perror( ld, "ldap_result" );
                    break;
                }
                printf( "\nresult: msgtype %d msgid %d\n",
                        msgtype, res->lm_msgid );
                handle_result( ld, res );
                res = NULLMSG;
                break;

            case 'm':	/* remove */
                getline( dn, sizeof(dn), stdin, "dn? " );
                strcat( dn, dnsuffix );
                if ( (id = ldap_delete( ld, dn )) == -1 )
                    ldap_perror( ld, "ldap_delete" );
                else
                    printf( "Remove initiated with id %d\n",
                            id );
                break;

            default:
                printf( "Possibilities: [rem]ove, [res]ult\n" );
                break;
            }
            break;

        case 's':	/* search */
            getline( dn, sizeof(dn), stdin, "searchbase? " );
            strcat( dn, dnsuffix );
            getline( line, sizeof(line), stdin,
                     "scope (0=Base, 1=One Level, 2=Subtree)? " );
            scope = atoi( line );
            getline( filter, sizeof(filter), stdin,
                     "search filter (e.g. sn=jones)? " );
            types = get_list( "attrs to return? " );
            getline( line, sizeof(line), stdin,
                     "attrsonly (0=attrs&values, 1=attrs only)? " );
            attrsonly = atoi( line );

            if ( cldapflg ) {
#ifdef CLDAP
                getline( line, sizeof(line), stdin,
                         "Requestor DN (for logging)? " );
                if ( cldap_search_s( ld, dn, scope, filter, types,
                                     attrsonly, &res, line ) != 0 ) {
                    ldap_perror( ld, "cldap_search_s" );
                } else {
                    printf( "\nresult: msgid %d\n",
                            res->lm_msgid );
                    handle_result( ld, res );
                    res = NULLMSG;
                }
#endif /* CLDAP */
            } else {
                if (( id = ldap_search( ld, dn, scope, filter,
                                        types, attrsonly  )) == -1 ) {
                    ldap_perror( ld, "ldap_search" );
                } else {
                    printf( "Search initiated with id %d\n", id );
                }
            }
            free_list( types );
            break;

        case 't':	/* set timeout value */
            getline( line, sizeof(line), stdin, "timeout? " );
            timeout.tv_sec = atoi( line );
            break;

        case 'U':	/* set ufn search prefix */
            getline( line, sizeof(line), stdin, "ufn prefix? " );
            ldap_ufn_setprefix( ld, line );
            break;

        case 'u':	/* user friendly search w/optional timeout */
            getline( dn, sizeof(dn), stdin, "ufn? " );
            strcat( dn, dnsuffix );
            types = get_list( "attrs to return? " );
            getline( line, sizeof(line), stdin,
                     "attrsonly (0=attrs&values, 1=attrs only)? " );
            attrsonly = atoi( line );

            if ( command2 == 't' ) {
                id = ldap_ufn_search_c( ld, dn, types,
                                        attrsonly, &res, ldap_ufn_timeout,
                                        &timeout );
            } else {
                id = ldap_ufn_search_s( ld, dn, types,
                                        attrsonly, &res );
            }
            if ( res == NULL )
                ldap_perror( ld, "ldap_ufn_search" );
            else {
                printf( "\nresult: err %d\n", id );
                handle_result( ld, res );
                res = NULLMSG;
            }
            free_list( types );
            break;

        case 'l':	/* URL search */
            getline( line, sizeof(line), stdin,
                     "attrsonly (0=attrs&values, 1=attrs only)? " );
            attrsonly = atoi( line );
            getline( line, sizeof(line), stdin, "LDAP URL? " );
            if (( id = ldap_url_search( ld, line, attrsonly  ))
                    == -1 ) {
                ldap_perror( ld, "ldap_url_search" );
            } else {
                printf( "URL search initiated with id %d\n", id );
            }
            break;

        case 'p':	/* parse LDAP URL */
            getline( line, sizeof(line), stdin, "LDAP URL? " );
            if (( i = ldap_url_parse( line, &ludp )) != 0 ) {
                fprintf( stderr, "ldap_url_parse: error %d\n", i );
            } else {
                printf( "\t  host: " );
                if ( ludp->lud_host == NULL ) {
                    printf( "DEFAULT\n" );
                } else {
                    printf( "<%s>\n", ludp->lud_host );
                }
                printf( "\t  port: " );
                if ( ludp->lud_port == 0 ) {
                    printf( "DEFAULT\n" );
                } else {
                    printf( "%d\n", ludp->lud_port );
                }
                printf( "\t    dn: <%s>\n", ludp->lud_dn );
                printf( "\t attrs:" );
                if ( ludp->lud_attrs == NULL ) {
                    printf( " ALL" );
                } else {
                    for ( i = 0; ludp->lud_attrs[ i ] != NULL; ++i ) {
                        printf( " <%s>", ludp->lud_attrs[ i ] );
                    }
                }
                printf( "\n\t scope: %s\n",
                        ludp->lud_scope == LDAP_SCOPE_ONELEVEL ? "ONE"
                        : ludp->lud_scope == LDAP_SCOPE_BASE ? "BASE" :
                        ludp->lud_scope == LDAP_SCOPE_SUBTREE ? "SUB" :
                        "**invalid**" );
                printf( "\tfilter: <%s>\n", ludp->lud_filter );
                ldap_free_urldesc( ludp );
            }
            break;

        case 'n':	/* set dn suffix, for convenience */
            getline( line, sizeof(line), stdin, "DN suffix? " );
            strcpy( dnsuffix, line );
            break;

        case 'e':	/* enable cache */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin,
                     "Cache timeout (secs)? " );
            i = atoi( line );
            getline( line, sizeof(line), stdin,
                     "Maximum memory to use (bytes)? " );
            if ( ldap_enable_cache( ld, i, atoi( line )) == 0 ) {
                printf( "local cache is on\n" );
            } else {
                printf( "ldap_enable_cache failed\n" );
            }
#endif /* NO_CACHE */
            break;

        case 'x':	/* uncache entry */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin, "DN? " );
            ldap_uncache_entry( ld, line );
#endif /* NO_CACHE */
            break;

        case 'X':	/* uncache request */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin, "request msgid? " );
            ldap_uncache_request( ld, atoi( line ));
#endif /* NO_CACHE */
            break;

        case 'o':	/* set ldap options */
            getline( line, sizeof(line), stdin,
                     "alias deref (0=never, 1=searching, 2"
                     "=finding, 3=always)?" );
            ld->ld_deref = atoi( line );
            getline( line, sizeof(line), stdin, "timelimit?" );
            ld->ld_timelimit = atoi( line );
            getline( line, sizeof(line), stdin, "sizelimit?" );
            ld->ld_sizelimit = atoi( line );

            ld->ld_options = 0;

#ifdef STR_TRANSLATION
            getline( line, sizeof(line), stdin,
                     "Automatic translation of T.61 strings "
                     "(0=no, 1=yes)?" );
            if ( atoi( line ) == 0 ) {
                ld->ld_lberoptions &= ~LBER_TRANSLATE_STRINGS;
            } else {
                ld->ld_lberoptions |= LBER_TRANSLATE_STRINGS;
#ifdef LDAP_CHARSET_8859
                getline( line, sizeof(line), stdin,
                         "Translate to/from ISO-8859 "
                         "(0=no, 1=yes?" );
                if ( atoi( line ) != 0 ) {
                    ldap_set_string_translators( ld,
                                                 ldap_8859_to_t61,
                                                 ldap_t61_to_8859 );
                }
#endif /* LDAP_CHARSET_8859 */
            }
#endif /* STR_TRANSLATION */

#ifdef LDAP_DNS
            getline( line, sizeof(line), stdin,
                     "Use DN & DNS to determine where to send "
                     "requests (0=no, 1=yes)?" );
            if ( atoi( line ) != 0 ) {
                ld->ld_options |= LDAP_OPT_DNS;
            }
#endif /* LDAP_DNS */

#ifdef LDAP_REFERRALS
            getline( line, sizeof(line), stdin,
                     "Recognize and chase referrals (0=no, 1=yes)?");
            if ( atoi( line ) != 0 ) {
                ld->ld_options |= LDAP_OPT_REFERRALS;
                getline( line, sizeof(line), stdin,
                         "Prompt for bind credentials when "
                         "chasing referrals (0=no, 1=yes)?" );
                if ( atoi( line ) != 0 ) {
                    ldap_set_rebind_proc( ld, bind_prompt );
                }
            }
#endif /* LDAP_REFERRALS */
            break;

        case 'O':	/* set cache options */
#ifdef NO_CACHE
            printf( NOCACHEERRMSG );
#else /* NO_CACHE */
            getline( line, sizeof(line), stdin,
                     "cache errors (0=smart, 1=never, 2=always)?" );
            switch( atoi( line )) {
            case 0:
                ldap_set_cache_options( ld, 0 );
                break;
            case 1:
                ldap_set_cache_options( ld,
                                        LDAP_CACHE_OPT_CACHENOERRS );
                break;
            case 2:
                ldap_set_cache_options( ld,
                                        LDAP_CACHE_OPT_CACHEALLERRS );
                break;
            default:
                printf( "not a valid cache option\n" );
            }
#endif /* NO_CACHE */
            break;

        case '?':	/* help */
            printf( "Commands: [ad]d         [ab]andon         [b]ind\n" );
            printf( "          [B]ind async  [c]ompare         [l]URL search\n" );
            printf( "          [modi]fy      [modr]dn          [rem]ove\n" );
            printf( "          [res]ult      [s]earch          [q]uit/unbind\n\n" );
            printf( "          [u]fn search  [ut]fn search with timeout\n" );
            printf( "          [d]ebug       [e]nable cache    set ms[g]id\n" );
            printf( "          d[n]suffix    [t]imeout         [v]ersion\n" );
            printf( "          [U]fn prefix  [x]uncache entry  [X]uncache request\n" );
            printf( "          [?]help       [o]ptions         [O]cache options\n" );
            printf( "          [E]xplode dn  [p]arse LDAP URL\n" );
            break;

        default:
            printf( "Invalid command.  Type ? for help.\n" );
            break;
        }

        (void) memset( line, '\0', sizeof(line) );
    }

    return( 0 );
}