1/* $NetBSD: slapauth.c,v 1.3 2021/08/14 16:14:58 christos Exp $ */ 2 3/* $OpenLDAP$ */ 4/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 5 * 6 * Copyright 2004-2021 The OpenLDAP Foundation. 7 * Portions Copyright 2004 Pierangelo Masarati. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18/* ACKNOWLEDGEMENTS: 19 * This work was initially developed by Pierangelo Masarati for inclusion 20 * in OpenLDAP Software. 21 */ 22 23#include <sys/cdefs.h> 24__RCSID("$NetBSD: slapauth.c,v 1.3 2021/08/14 16:14:58 christos Exp $"); 25 26#include "portable.h" 27 28#include <stdio.h> 29 30#include <ac/stdlib.h> 31 32#include <ac/ctype.h> 33#include <ac/string.h> 34#include <ac/socket.h> 35#include <ac/unistd.h> 36 37#include <lber.h> 38#include <ldif.h> 39#include <lutil.h> 40 41#include "slapcommon.h" 42 43static int 44do_check( Connection *c, Operation *op, struct berval *id ) 45{ 46 struct berval authcdn; 47 int rc; 48 49 rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID ); 50 if ( rc != LDAP_SUCCESS ) { 51 fprintf( stderr, "ID: <%s> check failed %d (%s)\n", 52 id->bv_val, rc, 53 ldap_err2string( rc ) ); 54 rc = 1; 55 56 } else { 57 if ( !BER_BVISNULL( &authzID ) ) { 58 rc = slap_sasl_authorized( op, &authcdn, &authzID ); 59 60 fprintf( stderr, 61 "ID: <%s>\n" 62 "authcDN: <%s>\n" 63 "authzDN: <%s>\n" 64 "authorization %s\n", 65 id->bv_val, 66 authcdn.bv_val, 67 authzID.bv_val, 68 rc == LDAP_SUCCESS ? "OK" : "failed" ); 69 70 } else { 71 fprintf( stderr, "ID: <%s> check succeeded\n" 72 "authcID: <%s>\n", 73 id->bv_val, 74 authcdn.bv_val ); 75 op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx ); 76 } 77 rc = 0; 78 } 79 80 return rc; 81} 82 83int 84slapauth( int argc, char **argv ) 85{ 86 int rc = EXIT_SUCCESS; 87 const char *progname = "slapauth"; 88 Connection conn = {0}; 89 OperationBuffer opbuf; 90 Operation *op; 91 void *thrctx; 92 93 slap_tool_init( progname, SLAPAUTH, argc, argv ); 94 95 argv = &argv[ optind ]; 96 argc -= optind; 97 98 thrctx = ldap_pvt_thread_pool_context(); 99 connection_fake_init( &conn, &opbuf, thrctx ); 100 op = &opbuf.ob_op; 101 102 conn.c_sasl_bind_mech = mech; 103 104 if ( !BER_BVISNULL( &authzID ) ) { 105 struct berval authzdn; 106 107 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, 108 SLAP_GETDN_AUTHZID ); 109 if ( rc != LDAP_SUCCESS ) { 110 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", 111 authzID.bv_val, rc, 112 ldap_err2string( rc ) ); 113 rc = 1; 114 BER_BVZERO( &authzID ); 115 goto destroy; 116 } 117 118 authzID = authzdn; 119 } 120 121 122 if ( !BER_BVISNULL( &authcID ) ) { 123 if ( !BER_BVISNULL( &authzID ) || argc == 0 ) { 124 rc = do_check( &conn, op, &authcID ); 125 goto destroy; 126 } 127 128 for ( ; argc--; argv++ ) { 129 struct berval authzdn; 130 131 ber_str2bv( argv[ 0 ], 0, 0, &authzID ); 132 133 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, 134 SLAP_GETDN_AUTHZID ); 135 if ( rc != LDAP_SUCCESS ) { 136 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", 137 authzID.bv_val, rc, 138 ldap_err2string( rc ) ); 139 rc = -1; 140 BER_BVZERO( &authzID ); 141 if ( !continuemode ) { 142 goto destroy; 143 } 144 } 145 146 authzID = authzdn; 147 148 rc = do_check( &conn, op, &authcID ); 149 150 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); 151 BER_BVZERO( &authzID ); 152 153 if ( rc && !continuemode ) { 154 goto destroy; 155 } 156 } 157 158 goto destroy; 159 } 160 161 for ( ; argc--; argv++ ) { 162 struct berval id; 163 164 ber_str2bv( argv[ 0 ], 0, 0, &id ); 165 166 rc = do_check( &conn, op, &id ); 167 168 if ( rc && !continuemode ) { 169 goto destroy; 170 } 171 } 172 173destroy:; 174 if ( !BER_BVISNULL( &authzID ) ) { 175 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); 176 } 177 if ( slap_tool_destroy()) 178 rc = EXIT_FAILURE; 179 180 return rc; 181} 182 183