1
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3
* Copyright 2004-2008 The OpenLDAP Foundation.
4
* Portions Copyright 2004 Pierangelo Masarati.
7
* Redistribution and use in source and binary forms, with or without
8
* modification, are permitted only as authorized by the OpenLDAP
11
* A copy of this license is available in file LICENSE in the
12
* top-level directory of the distribution or, alternatively, at
13
* <http://www.OpenLDAP.org/license.html>.
16
* This work was initially developed by Pierangelo Masarati for inclusion
17
* in OpenLDAP Software.
24
#include <ac/stdlib.h>
27
#include <ac/string.h>
28
#include <ac/socket.h>
29
#include <ac/unistd.h>
35
#include "slapcommon.h"
38
do_check( Connection *c, Operation *op, struct berval *id )
40
struct berval authcdn;
43
rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID );
44
if ( rc != LDAP_SUCCESS ) {
45
fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
47
ldap_err2string( rc ) );
51
if ( !BER_BVISNULL( &authzID ) ) {
52
rc = slap_sasl_authorized( op, &authcdn, &authzID );
62
rc == LDAP_SUCCESS ? "OK" : "failed" );
65
fprintf( stderr, "ID: <%s> check succeeded\n"
69
op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx );
78
slapauth( int argc, char **argv )
80
int rc = EXIT_SUCCESS;
81
const char *progname = "slapauth";
82
Connection conn = {0};
83
OperationBuffer opbuf;
86
slap_tool_init( progname, SLAPAUTH, argc, argv );
88
argv = &argv[ optind ];
91
connection_fake_init( &conn, &opbuf, &conn );
94
conn.c_sasl_bind_mech = mech;
96
if ( !BER_BVISNULL( &authzID ) ) {
97
struct berval authzdn;
99
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
100
SLAP_GETDN_AUTHZID );
101
if ( rc != LDAP_SUCCESS ) {
102
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
104
ldap_err2string( rc ) );
106
BER_BVZERO( &authzID );
114
if ( !BER_BVISNULL( &authcID ) ) {
115
if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
116
rc = do_check( &conn, op, &authcID );
120
for ( ; argc--; argv++ ) {
121
struct berval authzdn;
123
ber_str2bv( argv[ 0 ], 0, 0, &authzID );
125
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
126
SLAP_GETDN_AUTHZID );
127
if ( rc != LDAP_SUCCESS ) {
128
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
130
ldap_err2string( rc ) );
132
BER_BVZERO( &authzID );
133
if ( !continuemode ) {
140
rc = do_check( &conn, op, &authcID );
142
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
143
BER_BVZERO( &authzID );
145
if ( rc && !continuemode ) {
153
for ( ; argc--; argv++ ) {
156
ber_str2bv( argv[ 0 ], 0, 0, &id );
158
rc = do_check( &conn, op, &id );
160
if ( rc && !continuemode ) {
166
if ( !BER_BVISNULL( &authzID ) ) {
167
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );