1 /* $NetBSD: slapauth.c,v 1.1.1.3 2010/12/12 15:22:48 adam Exp $ */ 2 3 /* OpenLDAP: pkg/ldap/servers/slapd/slapauth.c,v 1.10.2.7 2010/04/13 20:23:20 kurt Exp */ 4 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 5 * 6 * Copyright 2004-2010 The OpenLDAP Foundation. 7 * Portions Copyright 2004 Pierangelo Masarati. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18 /* ACKNOWLEDGEMENTS: 19 * This work was initially developed by Pierangelo Masarati for inclusion 20 * in OpenLDAP Software. 21 */ 22 23 #include "portable.h" 24 25 #include <stdio.h> 26 27 #include <ac/stdlib.h> 28 29 #include <ac/ctype.h> 30 #include <ac/string.h> 31 #include <ac/socket.h> 32 #include <ac/unistd.h> 33 34 #include <lber.h> 35 #include <ldif.h> 36 #include <lutil.h> 37 38 #include "slapcommon.h" 39 40 static int 41 do_check( Connection *c, Operation *op, struct berval *id ) 42 { 43 struct berval authcdn; 44 int rc; 45 46 rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID ); 47 if ( rc != LDAP_SUCCESS ) { 48 fprintf( stderr, "ID: <%s> check failed %d (%s)\n", 49 id->bv_val, rc, 50 ldap_err2string( rc ) ); 51 rc = 1; 52 53 } else { 54 if ( !BER_BVISNULL( &authzID ) ) { 55 rc = slap_sasl_authorized( op, &authcdn, &authzID ); 56 57 fprintf( stderr, 58 "ID: <%s>\n" 59 "authcDN: <%s>\n" 60 "authzDN: <%s>\n" 61 "authorization %s\n", 62 id->bv_val, 63 authcdn.bv_val, 64 authzID.bv_val, 65 rc == LDAP_SUCCESS ? "OK" : "failed" ); 66 67 } else { 68 fprintf( stderr, "ID: <%s> check succeeded\n" 69 "authcID: <%s>\n", 70 id->bv_val, 71 authcdn.bv_val ); 72 op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx ); 73 } 74 rc = 0; 75 } 76 77 return rc; 78 } 79 80 int 81 slapauth( int argc, char **argv ) 82 { 83 int rc = EXIT_SUCCESS; 84 const char *progname = "slapauth"; 85 Connection conn = {0}; 86 OperationBuffer opbuf; 87 Operation *op; 88 void *thrctx; 89 90 slap_tool_init( progname, SLAPAUTH, argc, argv ); 91 92 argv = &argv[ optind ]; 93 argc -= optind; 94 95 thrctx = ldap_pvt_thread_pool_context(); 96 connection_fake_init( &conn, &opbuf, thrctx ); 97 op = &opbuf.ob_op; 98 99 conn.c_sasl_bind_mech = mech; 100 101 if ( !BER_BVISNULL( &authzID ) ) { 102 struct berval authzdn; 103 104 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, 105 SLAP_GETDN_AUTHZID ); 106 if ( rc != LDAP_SUCCESS ) { 107 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", 108 authzID.bv_val, rc, 109 ldap_err2string( rc ) ); 110 rc = 1; 111 BER_BVZERO( &authzID ); 112 goto destroy; 113 } 114 115 authzID = authzdn; 116 } 117 118 119 if ( !BER_BVISNULL( &authcID ) ) { 120 if ( !BER_BVISNULL( &authzID ) || argc == 0 ) { 121 rc = do_check( &conn, op, &authcID ); 122 goto destroy; 123 } 124 125 for ( ; argc--; argv++ ) { 126 struct berval authzdn; 127 128 ber_str2bv( argv[ 0 ], 0, 0, &authzID ); 129 130 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, 131 SLAP_GETDN_AUTHZID ); 132 if ( rc != LDAP_SUCCESS ) { 133 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", 134 authzID.bv_val, rc, 135 ldap_err2string( rc ) ); 136 rc = -1; 137 BER_BVZERO( &authzID ); 138 if ( !continuemode ) { 139 goto destroy; 140 } 141 } 142 143 authzID = authzdn; 144 145 rc = do_check( &conn, op, &authcID ); 146 147 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); 148 BER_BVZERO( &authzID ); 149 150 if ( rc && !continuemode ) { 151 goto destroy; 152 } 153 } 154 155 goto destroy; 156 } 157 158 for ( ; argc--; argv++ ) { 159 struct berval id; 160 161 ber_str2bv( argv[ 0 ], 0, 0, &id ); 162 163 rc = do_check( &conn, op, &id ); 164 165 if ( rc && !continuemode ) { 166 goto destroy; 167 } 168 } 169 170 destroy:; 171 if ( !BER_BVISNULL( &authzID ) ) { 172 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); 173 } 174 if ( slap_tool_destroy()) 175 rc = EXIT_FAILURE; 176 177 return rc; 178 } 179 180