1 /* ldapdelete.c - simple program to delete an entry using LDAP */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 *
5 * Copyright 1998-2021 The OpenLDAP Foundation.
6 * Portions Copyright 1998-2003 Kurt D. Zeilenga.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
11 * Public License.
12 *
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
16 */
17 /* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
18 * All rights reserved.
19 *
20 * Redistribution and use in source and binary forms are permitted
21 * provided that this notice is preserved and that due credit is given
22 * to the University of Michigan at Ann Arbor. The name of the
23 * University may not be used to endorse or promote products derived
24 * from this software without specific prior written permission. This
25 * software is provided ``as is'' without express or implied warranty.
26 */
27 /* ACKNOWLEDGEMENTS:
28 * This work was originally developed by the University of Michigan
29 * (as part of U-MICH LDAP). Additional significant contributors
30 * include:
31 * Kurt D. Zeilenga
32 */
33
34 #include "portable.h"
35
36 #include <stdio.h>
37
38 #include <ac/stdlib.h>
39 #include <ac/ctype.h>
40 #include <ac/string.h>
41 #include <ac/unistd.h>
42 #include <ac/socket.h>
43 #include <ac/time.h>
44
45 #include <ldap.h>
46 #include "lutil.h"
47 #include "lutil_ldap.h"
48 #include "ldap_defaults.h"
49
50 #include "common.h"
51
52
53 static int prune = 0;
54 static int sizelimit = -1;
55
56
57 static int dodelete LDAP_P((
58 LDAP *ld,
59 const char *dn));
60
61 static int deletechildren LDAP_P((
62 LDAP *ld,
63 const char *dn,
64 int subentries ));
65
66 void
usage(void)67 usage( void )
68 {
69 fprintf( stderr, _("Delete entries from an LDAP server\n\n"));
70 fprintf( stderr, _("usage: %s [options] [dn]...\n"), prog);
71 fprintf( stderr, _(" dn: list of DNs to delete. If not given, it will be read from stdin\n"));
72 fprintf( stderr, _(" or from the file specified with \"-f file\".\n"));
73 fprintf( stderr, _("Delete Options:\n"));
74 fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
75 fprintf( stderr, _(" -f file read operations from `file'\n"));
76 fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
77 fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
78 fprintf( stderr, _(" -r delete recursively\n"));
79 tool_common_usage();
80 exit( EXIT_FAILURE );
81 }
82
83
84 const char options[] = "r"
85 "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
86
87 int
handle_private_option(int i)88 handle_private_option( int i )
89 {
90 int ival;
91 char *next;
92 switch ( i ) {
93 #if 0
94 int crit;
95 char *control, *cvalue;
96 case 'E': /* delete extensions */
97 if( protocol == LDAP_VERSION2 ) {
98 fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
99 prog, protocol );
100 exit( EXIT_FAILURE );
101 }
102
103 /* should be extended to support comma separated list of
104 * [!]key[=value] parameters, e.g. -E !foo,bar=567
105 */
106
107 crit = 0;
108 cvalue = NULL;
109 if( optarg[0] == '!' ) {
110 crit = 1;
111 optarg++;
112 }
113
114 control = optarg;
115 if ( (cvalue = strchr( control, '=' )) != NULL ) {
116 *cvalue++ = '\0';
117 }
118 fprintf( stderr, _("Invalid delete extension name: %s\n"), control );
119 usage();
120 #endif
121
122 case 'r':
123 prune = 1;
124 break;
125
126 case 'z': /* size limit */
127 if ( strcasecmp( optarg, "none" ) == 0 ) {
128 sizelimit = 0;
129
130 } else if ( strcasecmp( optarg, "max" ) == 0 ) {
131 sizelimit = LDAP_MAXINT;
132
133 } else {
134 ival = strtol( optarg, &next, 10 );
135 if ( next == NULL || next[0] != '\0' ) {
136 fprintf( stderr,
137 _("Unable to parse size limit \"%s\"\n"), optarg );
138 exit( EXIT_FAILURE );
139 }
140 sizelimit = ival;
141 }
142 if( sizelimit < 0 || sizelimit > LDAP_MAXINT ) {
143 fprintf( stderr, _("%s: invalid sizelimit (%d) specified\n"),
144 prog, sizelimit );
145 exit( EXIT_FAILURE );
146 }
147 break;
148
149 default:
150 return 0;
151 }
152 return 1;
153 }
154
155
156 static void
private_conn_setup(LDAP * ld)157 private_conn_setup( LDAP *ld )
158 {
159 /* this seems prudent for searches below */
160 int deref = LDAP_DEREF_NEVER;
161 ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
162 }
163
164
165 int
main(int argc,char ** argv)166 main( int argc, char **argv )
167 {
168 char buf[ 4096 ];
169 FILE *fp = NULL;
170 LDAP *ld;
171 int rc, retval;
172
173 tool_init( TOOL_DELETE );
174 prog = lutil_progname( "ldapdelete", argc, argv );
175
176 tool_args( argc, argv );
177
178 if ( infile != NULL ) {
179 if (( fp = fopen( infile, "r" )) == NULL ) {
180 perror( optarg );
181 exit( EXIT_FAILURE );
182 }
183 } else {
184 if ( optind >= argc ) {
185 fp = stdin;
186 }
187 }
188
189 ld = tool_conn_setup( 0, &private_conn_setup );
190
191 tool_bind( ld );
192
193 tool_server_controls( ld, NULL, 0 );
194
195 retval = rc = 0;
196
197 if ( fp == NULL ) {
198 for ( ; optind < argc; ++optind ) {
199 rc = dodelete( ld, argv[ optind ] );
200
201 /* Stop on error and no -c option */
202 if( rc != 0 ) {
203 retval = rc;
204 if( contoper == 0 ) break;
205 }
206 }
207 } else {
208 while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
209 buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */
210
211 if ( *buf != '\0' ) {
212 rc = dodelete( ld, buf );
213 if ( rc != 0 )
214 retval = rc;
215 }
216 }
217 if ( fp != stdin )
218 fclose( fp );
219 }
220
221 tool_exit( ld, retval );
222 }
223
224
dodelete(LDAP * ld,const char * dn)225 static int dodelete(
226 LDAP *ld,
227 const char *dn)
228 {
229 int id;
230 int rc, code;
231 char *matcheddn = NULL, *text = NULL, **refs = NULL;
232 LDAPControl **ctrls = NULL;
233 LDAPMessage *res;
234 int subentries = 0;
235
236 if ( verbose ) {
237 printf( _("%sdeleting entry \"%s\"\n"),
238 (dont ? "!" : ""), dn );
239 }
240
241 if ( dont ) {
242 return LDAP_SUCCESS;
243 }
244
245 /* If prune is on, remove a whole subtree. Delete the children of the
246 * DN recursively, then the DN requested.
247 */
248 if ( prune ) {
249 retry:;
250 deletechildren( ld, dn, subentries );
251 }
252
253 rc = ldap_delete_ext( ld, dn, NULL, NULL, &id );
254 if ( rc != LDAP_SUCCESS ) {
255 fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
256 prog, ldap_err2string( rc ), rc );
257 return rc;
258 }
259
260 for ( ; ; ) {
261 struct timeval tv;
262
263 if ( tool_check_abandon( ld, id ) ) {
264 return LDAP_CANCELLED;
265 }
266
267 tv.tv_sec = 0;
268 tv.tv_usec = 100000;
269
270 rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
271 if ( rc < 0 ) {
272 tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
273 return rc;
274 }
275
276 if ( rc != 0 ) {
277 break;
278 }
279 }
280
281 rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 );
282
283 switch ( rc ) {
284 case LDAP_SUCCESS:
285 break;
286
287 case LDAP_NOT_ALLOWED_ON_NONLEAF:
288 if ( prune && !subentries ) {
289 subentries = 1;
290 goto retry;
291 }
292 /* fallthru */
293
294 default:
295 fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
296 prog, ldap_err2string( rc ), rc );
297 return rc;
298 }
299
300 if( code != LDAP_SUCCESS ) {
301 tool_perror( "ldap_delete", code, NULL, matcheddn, text, refs );
302 } else if ( verbose &&
303 ((matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ))
304 {
305 printf( _("Delete Result: %s (%d)\n"),
306 ldap_err2string( code ), code );
307
308 if( text && *text ) {
309 printf( _("Additional info: %s\n"), text );
310 }
311
312 if( matcheddn && *matcheddn ) {
313 printf( _("Matched DN: %s\n"), matcheddn );
314 }
315
316 if( refs ) {
317 int i;
318 for( i=0; refs[i]; i++ ) {
319 printf(_("Referral: %s\n"), refs[i] );
320 }
321 }
322 }
323
324 if (ctrls) {
325 tool_print_ctrls( ld, ctrls );
326 ldap_controls_free( ctrls );
327 }
328
329 ber_memfree( text );
330 ber_memfree( matcheddn );
331 ber_memvfree( (void **) refs );
332
333 return code;
334 }
335
336 /*
337 * Delete all the children of an entry recursively until leaf nodes are reached.
338 */
deletechildren(LDAP * ld,const char * base,int subentries)339 static int deletechildren(
340 LDAP *ld,
341 const char *base,
342 int subentries )
343 {
344 LDAPMessage *res, *e;
345 int entries;
346 int rc = LDAP_SUCCESS, srch_rc;
347 static char *attrs[] = { LDAP_NO_ATTRS, NULL };
348 LDAPControl c, *ctrls[2], **ctrlsp = NULL;
349 BerElement *ber = NULL;
350
351 if ( verbose ) printf ( _("deleting children of: %s\n"), base );
352
353 if ( subentries ) {
354 /*
355 * Do a one level search at base for subentry children.
356 */
357
358 if ((ber = ber_alloc_t(LBER_USE_DER)) == NULL) {
359 return EXIT_FAILURE;
360 }
361 rc = ber_printf( ber, "b", 1 );
362 if ( rc == -1 ) {
363 ber_free( ber, 1 );
364 fprintf( stderr, _("Subentries control encoding error!\n"));
365 return EXIT_FAILURE;
366 }
367 if ( ber_flatten2( ber, &c.ldctl_value, 0 ) == -1 ) {
368 return EXIT_FAILURE;
369 }
370 c.ldctl_oid = LDAP_CONTROL_SUBENTRIES;
371 c.ldctl_iscritical = 1;
372 ctrls[0] = &c;
373 ctrls[1] = NULL;
374 ctrlsp = ctrls;
375 }
376
377 /*
378 * Do a one level search at base for children. For each, delete its children.
379 */
380 more:;
381 srch_rc = ldap_search_ext_s( ld, base, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
382 ctrlsp, NULL, NULL, sizelimit, &res );
383 switch ( srch_rc ) {
384 case LDAP_SUCCESS:
385 case LDAP_SIZELIMIT_EXCEEDED:
386 break;
387 default:
388 tool_perror( "ldap_search", srch_rc, NULL, NULL, NULL, NULL );
389 return( srch_rc );
390 }
391
392 entries = ldap_count_entries( ld, res );
393
394 if ( entries > 0 ) {
395 int i;
396
397 for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
398 e = ldap_next_entry( ld, e ), i++ )
399 {
400 char *dn = ldap_get_dn( ld, e );
401
402 if( dn == NULL ) {
403 ldap_get_option( ld, LDAP_OPT_RESULT_CODE, &rc );
404 tool_perror( "ldap_prune", rc, NULL, NULL, NULL, NULL );
405 ber_memfree( dn );
406 return rc;
407 }
408
409 rc = deletechildren( ld, dn, 0 );
410 if ( rc != LDAP_SUCCESS ) {
411 tool_perror( "ldap_prune", rc, NULL, NULL, NULL, NULL );
412 ber_memfree( dn );
413 return rc;
414 }
415
416 if ( verbose ) {
417 printf( _("\tremoving %s\n"), dn );
418 }
419
420 rc = ldap_delete_ext_s( ld, dn, NULL, NULL );
421 if ( rc != LDAP_SUCCESS ) {
422 tool_perror( "ldap_delete", rc, NULL, NULL, NULL, NULL );
423 ber_memfree( dn );
424 return rc;
425
426 }
427
428 if ( verbose ) {
429 printf( _("\t%s removed\n"), dn );
430 }
431
432 ber_memfree( dn );
433 }
434 }
435
436 ldap_msgfree( res );
437
438 if ( srch_rc == LDAP_SIZELIMIT_EXCEEDED ) {
439 goto more;
440 }
441
442 return rc;
443 }
444