Back to index

openldap  2.4.31
slapauth.c
Go to the documentation of this file.
00001 /* $OpenLDAP$ */
00002 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00003  *
00004  * Copyright 2004-2012 The OpenLDAP Foundation.
00005  * Portions Copyright 2004 Pierangelo Masarati.
00006  * All rights reserved.
00007  *
00008  * Redistribution and use in source and binary forms, with or without
00009  * modification, are permitted only as authorized by the OpenLDAP
00010  * Public License.
00011  *
00012  * A copy of this license is available in file LICENSE in the
00013  * top-level directory of the distribution or, alternatively, at
00014  * <http://www.OpenLDAP.org/license.html>.
00015  */
00016 /* ACKNOWLEDGEMENTS:
00017  * This work was initially developed by Pierangelo Masarati for inclusion
00018  * in OpenLDAP Software.
00019  */
00020 
00021 #include "portable.h"
00022 
00023 #include <stdio.h>
00024 
00025 #include <ac/stdlib.h>
00026 
00027 #include <ac/ctype.h>
00028 #include <ac/string.h>
00029 #include <ac/socket.h>
00030 #include <ac/unistd.h>
00031 
00032 #include <lber.h>
00033 #include <ldif.h>
00034 #include <lutil.h>
00035 
00036 #include "slapcommon.h"
00037 
00038 static int
00039 do_check( Connection *c, Operation *op, struct berval *id )
00040 {
00041        struct berval authcdn;
00042        int           rc;
00043 
00044        rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID );
00045        if ( rc != LDAP_SUCCESS ) {
00046               fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
00047                             id->bv_val, rc,
00048                             ldap_err2string( rc ) );
00049               rc = 1;
00050                      
00051        } else {
00052               if ( !BER_BVISNULL( &authzID ) ) {
00053                      rc = slap_sasl_authorized( op, &authcdn, &authzID );
00054 
00055                      fprintf( stderr,
00056                                    "ID:      <%s>\n"
00057                                    "authcDN: <%s>\n"
00058                                    "authzDN: <%s>\n"
00059                                    "authorization %s\n",
00060                                    id->bv_val,
00061                                    authcdn.bv_val,
00062                                    authzID.bv_val,
00063                                    rc == LDAP_SUCCESS ? "OK" : "failed" );
00064 
00065               } else {
00066                      fprintf( stderr, "ID: <%s> check succeeded\n"
00067                                    "authcID:     <%s>\n",
00068                                    id->bv_val,
00069                                    authcdn.bv_val );
00070                      op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx );
00071               }
00072               rc = 0;
00073        }
00074 
00075        return rc;
00076 }
00077 
00078 int
00079 slapauth( int argc, char **argv )
00080 {
00081        int                  rc = EXIT_SUCCESS;
00082        const char           *progname = "slapauth";
00083        Connection           conn = {0};
00084        OperationBuffer      opbuf;
00085        Operation            *op;
00086        void                 *thrctx;
00087 
00088        slap_tool_init( progname, SLAPAUTH, argc, argv );
00089 
00090        argv = &argv[ optind ];
00091        argc -= optind;
00092 
00093        thrctx = ldap_pvt_thread_pool_context();
00094        connection_fake_init( &conn, &opbuf, thrctx );
00095        op = &opbuf.ob_op;
00096 
00097        conn.c_sasl_bind_mech = mech;
00098 
00099        if ( !BER_BVISNULL( &authzID ) ) {
00100               struct berval authzdn;
00101               
00102               rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
00103                             SLAP_GETDN_AUTHZID );
00104               if ( rc != LDAP_SUCCESS ) {
00105                      fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
00106                                    authzID.bv_val, rc,
00107                                    ldap_err2string( rc ) );
00108                      rc = 1;
00109                      BER_BVZERO( &authzID );
00110                      goto destroy;
00111               } 
00112 
00113               authzID = authzdn;
00114        }
00115 
00116 
00117        if ( !BER_BVISNULL( &authcID ) ) {
00118               if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
00119                      rc = do_check( &conn, op, &authcID );
00120                      goto destroy;
00121               }
00122 
00123               for ( ; argc--; argv++ ) {
00124                      struct berval authzdn;
00125               
00126                      ber_str2bv( argv[ 0 ], 0, 0, &authzID );
00127 
00128                      rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
00129                                    SLAP_GETDN_AUTHZID );
00130                      if ( rc != LDAP_SUCCESS ) {
00131                             fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
00132                                           authzID.bv_val, rc,
00133                                           ldap_err2string( rc ) );
00134                             rc = -1;
00135                             BER_BVZERO( &authzID );
00136                             if ( !continuemode ) {
00137                                    goto destroy;
00138                             }
00139                      }
00140 
00141                      authzID = authzdn;
00142 
00143                      rc = do_check( &conn, op, &authcID );
00144 
00145                      op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
00146                      BER_BVZERO( &authzID );
00147 
00148                      if ( rc && !continuemode ) {
00149                             goto destroy;
00150                      }
00151               }
00152 
00153               goto destroy;
00154        }
00155 
00156        for ( ; argc--; argv++ ) {
00157               struct berval id;
00158 
00159               ber_str2bv( argv[ 0 ], 0, 0, &id );
00160 
00161               rc = do_check( &conn, op, &id );
00162 
00163               if ( rc && !continuemode ) {
00164                      goto destroy;
00165               }
00166        }
00167 
00168 destroy:;
00169        if ( !BER_BVISNULL( &authzID ) ) {
00170               op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
00171        }
00172        if ( slap_tool_destroy())
00173               rc = EXIT_FAILURE;
00174 
00175        return rc;
00176 }
00177