1 /* ldapdelete.c - simple program to delete an entry using LDAP */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 1998-2021 The OpenLDAP Foundation.
6  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted only as authorized by the OpenLDAP
11  * Public License.
12  *
13  * A copy of this license is available in the file LICENSE in the
14  * top-level directory of the distribution or, alternatively, at
15  * <http://www.OpenLDAP.org/license.html>.
16  */
17 /* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
18  * All rights reserved.
19  *
20  * Redistribution and use in source and binary forms are permitted
21  * provided that this notice is preserved and that due credit is given
22  * to the University of Michigan at Ann Arbor.  The name of the
23  * University may not be used to endorse or promote products derived
24  * from this software without specific prior written permission.  This
25  * software is provided ``as is'' without express or implied warranty.
26  */
27 /* ACKNOWLEDGEMENTS:
28  * This work was originally developed by the University of Michigan
29  * (as part of U-MICH LDAP).  Additional significant contributors
30  * include:
31  *   Kurt D. Zeilenga
32  */
33 
34 #include "portable.h"
35 
36 #include <stdio.h>
37 
38 #include <ac/stdlib.h>
39 #include <ac/ctype.h>
40 #include <ac/string.h>
41 #include <ac/unistd.h>
42 #include <ac/socket.h>
43 #include <ac/time.h>
44 
45 #include <ldap.h>
46 #include "lutil.h"
47 #include "lutil_ldap.h"
48 #include "ldap_defaults.h"
49 
50 #include "common.h"
51 
52 
53 static int	prune = 0;
54 static int sizelimit = -1;
55 
56 
57 static int dodelete LDAP_P((
58     LDAP *ld,
59     const char *dn));
60 
61 static int deletechildren LDAP_P((
62 	LDAP *ld,
63 	const char *dn,
64 	int subentries ));
65 
66 void
usage(void)67 usage( void )
68 {
69 	fprintf( stderr, _("Delete entries from an LDAP server\n\n"));
70 	fprintf( stderr, _("usage: %s [options] [dn]...\n"), prog);
71 	fprintf( stderr, _("	dn: list of DNs to delete. If not given, it will be readed from stdin\n"));
72 	fprintf( stderr, _("	    or from the file specified with \"-f file\".\n"));
73 	fprintf( stderr, _("Delete Options:\n"));
74 	fprintf( stderr, _("  -c         continuous operation mode (do not stop on errors)\n"));
75 	fprintf( stderr, _("  -f file    read operations from `file'\n"));
76 	fprintf( stderr, _("  -M         enable Manage DSA IT control (-MM to make critical)\n"));
77 	fprintf( stderr, _("  -P version protocol version (default: 3)\n"));
78 	fprintf( stderr, _("  -r         delete recursively\n"));
79 	tool_common_usage();
80 	exit( EXIT_FAILURE );
81 }
82 
83 
84 const char options[] = "r"
85 	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
86 
87 int
handle_private_option(int i)88 handle_private_option( int i )
89 {
90 	int ival;
91 	char *next;
92 	switch ( i ) {
93 #if 0
94 		int crit;
95 		char *control, *cvalue;
96 	case 'E': /* delete extensions */
97 		if( protocol == LDAP_VERSION2 ) {
98 			fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
99 				prog, protocol );
100 			exit( EXIT_FAILURE );
101 		}
102 
103 		/* should be extended to support comma separated list of
104 		 *	[!]key[=value] parameters, e.g.  -E !foo,bar=567
105 		 */
106 
107 		crit = 0;
108 		cvalue = NULL;
109 		if( optarg[0] == '!' ) {
110 			crit = 1;
111 			optarg++;
112 		}
113 
114 		control = strdup( optarg );
115 		if ( (cvalue = strchr( control, '=' )) != NULL ) {
116 			*cvalue++ = '\0';
117 		}
118 		fprintf( stderr, _("Invalid delete extension name: %s\n"), control );
119 		usage();
120 #endif
121 
122 	case 'r':
123 		prune = 1;
124 		break;
125 
126 	case 'z':	/* size limit */
127 		if ( strcasecmp( optarg, "none" ) == 0 ) {
128 			sizelimit = 0;
129 
130 		} else if ( strcasecmp( optarg, "max" ) == 0 ) {
131 			sizelimit = LDAP_MAXINT;
132 
133 		} else {
134 			ival = strtol( optarg, &next, 10 );
135 			if ( next == NULL || next[0] != '\0' ) {
136 				fprintf( stderr,
137 					_("Unable to parse size limit \"%s\"\n"), optarg );
138 				exit( EXIT_FAILURE );
139 			}
140 			sizelimit = ival;
141 		}
142 		if( sizelimit < 0 || sizelimit > LDAP_MAXINT ) {
143 			fprintf( stderr, _("%s: invalid sizelimit (%d) specified\n"),
144 				prog, sizelimit );
145 			exit( EXIT_FAILURE );
146 		}
147 		break;
148 
149 	default:
150 		return 0;
151 	}
152 	return 1;
153 }
154 
155 
156 static void
private_conn_setup(LDAP * ld)157 private_conn_setup( LDAP *ld )
158 {
159 	/* this seems prudent for searches below */
160 	int deref = LDAP_DEREF_NEVER;
161 	ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
162 }
163 
164 
165 int
main(int argc,char ** argv)166 main( int argc, char **argv )
167 {
168 	char		buf[ 4096 ];
169 	FILE		*fp = NULL;
170 	LDAP		*ld;
171 	int		rc, retval;
172 
173 	tool_init( TOOL_DELETE );
174     prog = lutil_progname( "ldapdelete", argc, argv );
175 
176 	tool_args( argc, argv );
177 
178 	if ( infile != NULL ) {
179 		if (( fp = fopen( infile, "r" )) == NULL ) {
180 			perror( optarg );
181 			exit( EXIT_FAILURE );
182 	    }
183 	} else {
184 		if ( optind >= argc ) {
185 			fp = stdin;
186 		}
187 	}
188 
189 	ld = tool_conn_setup( 0, &private_conn_setup );
190 
191 	tool_bind( ld );
192 
193 	tool_server_controls( ld, NULL, 0 );
194 
195 	retval = rc = 0;
196 
197 	if ( fp == NULL ) {
198 		for ( ; optind < argc; ++optind ) {
199 			rc = dodelete( ld, argv[ optind ] );
200 
201 			/* Stop on error and no -c option */
202 			if( rc != 0 ) {
203 				retval = rc;
204 				if( contoper == 0 ) break;
205 			}
206 		}
207 	} else {
208 		while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
209 			buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */
210 
211 			if ( *buf != '\0' ) {
212 				rc = dodelete( ld, buf );
213 				if ( rc != 0 )
214 					retval = rc;
215 			}
216 		}
217 		if ( fp != stdin )
218 			fclose( fp );
219 	}
220 
221 	tool_exit( ld, retval );
222 }
223 
224 
dodelete(LDAP * ld,const char * dn)225 static int dodelete(
226     LDAP	*ld,
227     const char	*dn)
228 {
229 	int id;
230 	int	rc, code;
231 	char *matcheddn = NULL, *text = NULL, **refs = NULL;
232 	LDAPControl **ctrls = NULL;
233 	LDAPMessage *res;
234 	int subentries = 0;
235 
236 	if ( verbose ) {
237 		printf( _("%sdeleting entry \"%s\"\n"),
238 			(dont ? "!" : ""), dn );
239 	}
240 
241 	if ( dont ) {
242 		return LDAP_SUCCESS;
243 	}
244 
245 	/* If prune is on, remove a whole subtree.  Delete the children of the
246 	 * DN recursively, then the DN requested.
247 	 */
248 	if ( prune ) {
249 retry:;
250 		deletechildren( ld, dn, subentries );
251 	}
252 
253 	rc = ldap_delete_ext( ld, dn, NULL, NULL, &id );
254 	if ( rc != LDAP_SUCCESS ) {
255 		fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
256 			prog, ldap_err2string( rc ), rc );
257 		return rc;
258 	}
259 
260 	for ( ; ; ) {
261 		struct timeval tv;
262 
263 		if ( tool_check_abandon( ld, id ) ) {
264 			return LDAP_CANCELLED;
265 		}
266 
267 		tv.tv_sec = 0;
268 		tv.tv_usec = 100000;
269 
270 		rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
271 		if ( rc < 0 ) {
272 			tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
273 			return rc;
274 		}
275 
276 		if ( rc != 0 ) {
277 			break;
278 		}
279 	}
280 
281 	rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 );
282 
283 	switch ( rc ) {
284 	case LDAP_SUCCESS:
285 		break;
286 
287 	case LDAP_NOT_ALLOWED_ON_NONLEAF:
288 		if ( prune && !subentries ) {
289 			subentries = 1;
290 			goto retry;
291 		}
292 		/* fallthru */
293 
294 	default:
295 		fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
296 			prog, ldap_err2string( rc ), rc );
297 		return rc;
298 	}
299 
300 	if( code != LDAP_SUCCESS ) {
301 		tool_perror( "ldap_delete", code, NULL, matcheddn, text, refs );
302 	} else if ( verbose &&
303 		((matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ))
304 	{
305 		printf( _("Delete Result: %s (%d)\n"),
306 			ldap_err2string( code ), code );
307 
308 		if( text && *text ) {
309 			printf( _("Additional info: %s\n"), text );
310 		}
311 
312 		if( matcheddn && *matcheddn ) {
313 			printf( _("Matched DN: %s\n"), matcheddn );
314 		}
315 
316 		if( refs ) {
317 			int i;
318 			for( i=0; refs[i]; i++ ) {
319 				printf(_("Referral: %s\n"), refs[i] );
320 			}
321 		}
322 	}
323 
324 	if (ctrls) {
325 		tool_print_ctrls( ld, ctrls );
326 		ldap_controls_free( ctrls );
327 	}
328 
329 	ber_memfree( text );
330 	ber_memfree( matcheddn );
331 	ber_memvfree( (void **) refs );
332 
333 	return code;
334 }
335 
336 /*
337  * Delete all the children of an entry recursively until leaf nodes are reached.
338  */
deletechildren(LDAP * ld,const char * base,int subentries)339 static int deletechildren(
340 	LDAP *ld,
341 	const char *base,
342 	int subentries )
343 {
344 	LDAPMessage *res, *e;
345 	int entries;
346 	int rc = LDAP_SUCCESS, srch_rc;
347 	static char *attrs[] = { LDAP_NO_ATTRS, NULL };
348 	LDAPControl c, *ctrls[2], **ctrlsp = NULL;
349 	BerElement *ber = NULL;
350 
351 	if ( verbose ) printf ( _("deleting children of: %s\n"), base );
352 
353 	if ( subentries ) {
354 		/*
355 		 * Do a one level search at base for subentry children.
356 		 */
357 
358 		if ((ber = ber_alloc_t(LBER_USE_DER)) == NULL) {
359 			return EXIT_FAILURE;
360 		}
361 		rc = ber_printf( ber, "b", 1 );
362 		if ( rc == -1 ) {
363 			ber_free( ber, 1 );
364 			fprintf( stderr, _("Subentries control encoding error!\n"));
365 			return EXIT_FAILURE;
366 		}
367 		if ( ber_flatten2( ber, &c.ldctl_value, 0 ) == -1 ) {
368 			return EXIT_FAILURE;
369 		}
370 		c.ldctl_oid = LDAP_CONTROL_SUBENTRIES;
371 		c.ldctl_iscritical = 1;
372 		ctrls[0] = &c;
373 		ctrls[1] = NULL;
374 		ctrlsp = ctrls;
375 	}
376 
377 	/*
378 	 * Do a one level search at base for children.  For each, delete its children.
379 	 */
380 more:;
381 	srch_rc = ldap_search_ext_s( ld, base, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
382 		ctrlsp, NULL, NULL, sizelimit, &res );
383 	switch ( srch_rc ) {
384 	case LDAP_SUCCESS:
385 	case LDAP_SIZELIMIT_EXCEEDED:
386 		break;
387 	default:
388 		tool_perror( "ldap_search", srch_rc, NULL, NULL, NULL, NULL );
389 		return( srch_rc );
390 	}
391 
392 	entries = ldap_count_entries( ld, res );
393 
394 	if ( entries > 0 ) {
395 		int i;
396 
397 		for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
398 			e = ldap_next_entry( ld, e ), i++ )
399 		{
400 			char *dn = ldap_get_dn( ld, e );
401 
402 			if( dn == NULL ) {
403 				ldap_get_option( ld, LDAP_OPT_RESULT_CODE, &rc );
404 				tool_perror( "ldap_prune", rc, NULL, NULL, NULL, NULL );
405 				ber_memfree( dn );
406 				return rc;
407 			}
408 
409 			rc = deletechildren( ld, dn, 0 );
410 			if ( rc != LDAP_SUCCESS ) {
411 				tool_perror( "ldap_prune", rc, NULL, NULL, NULL, NULL );
412 				ber_memfree( dn );
413 				return rc;
414 			}
415 
416 			if ( verbose ) {
417 				printf( _("\tremoving %s\n"), dn );
418 			}
419 
420 			rc = ldap_delete_ext_s( ld, dn, NULL, NULL );
421 			if ( rc != LDAP_SUCCESS ) {
422 				tool_perror( "ldap_delete", rc, NULL, NULL, NULL, NULL );
423 				ber_memfree( dn );
424 				return rc;
425 
426 			}
427 
428 			if ( verbose ) {
429 				printf( _("\t%s removed\n"), dn );
430 			}
431 
432 			ber_memfree( dn );
433 		}
434 	}
435 
436 	ldap_msgfree( res );
437 
438 	if ( srch_rc == LDAP_SIZELIMIT_EXCEEDED ) {
439 		goto more;
440 	}
441 
442 	return rc;
443 }
444