ldapcompare.c revision 1.3
1 1.3 christos /* $NetBSD: ldapcompare.c,v 1.3 2021/08/14 16:14:49 christos Exp $ */ 2 1.2 christos 3 1.1 lukem /* ldapcompare.c -- LDAP compare tool */ 4 1.2 christos /* $OpenLDAP$ */ 5 1.1 lukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 1.1 lukem * 7 1.3 christos * Copyright 1998-2021 The OpenLDAP Foundation. 8 1.1 lukem * Portions Copyright 1998-2003 Kurt D. Zeilenga. 9 1.1 lukem * Portions Copyright 1998-2001 Net Boolean Incorporated. 10 1.1 lukem * All rights reserved. 11 1.1 lukem * 12 1.1 lukem * Redistribution and use in source and binary forms, with or without 13 1.1 lukem * modification, are permitted only as authorized by the OpenLDAP 14 1.1 lukem * Public License. 15 1.1 lukem * 16 1.1 lukem * A copy of this license is available in the file LICENSE in the 17 1.1 lukem * top-level directory of the distribution or, alternatively, at 18 1.1 lukem * <http://www.OpenLDAP.org/license.html>. 19 1.1 lukem */ 20 1.1 lukem /* Portions Copyright (c) 1992-1996 Regents of the University of Michigan. 21 1.1 lukem * All rights reserved. 22 1.1 lukem * 23 1.1 lukem * Redistribution and use in source and binary forms are permitted 24 1.1 lukem * provided that this notice is preserved and that due credit is given 25 1.1 lukem * to the University of Michigan at Ann Arbor. The name of the 26 1.1 lukem * University may not be used to endorse or promote products derived 27 1.1 lukem * from this software without specific prior written permission. This 28 1.1 lukem * software is provided ``as is'' without express or implied warranty. 29 1.1 lukem */ 30 1.1 lukem /* Portions Copyright 2002, F5 Networks, Inc, All rights reserved. 31 1.1 lukem * This software is not subject to any license of F5 Networks. 32 1.1 lukem * This is free software; you can redistribute and use it 33 1.1 lukem * under the same terms as OpenLDAP itself. 34 1.1 lukem */ 35 1.1 lukem /* ACKNOWLEDGEMENTS: 36 1.1 lukem * This work was originally developed by Jeff Costlow (F5 Networks) 37 1.1 lukem * based, in part, on existing LDAP tools and adapted for inclusion 38 1.1 lukem * into OpenLDAP Software by Kurt D. Zeilenga. 39 1.1 lukem */ 40 1.1 lukem 41 1.2 christos #include <sys/cdefs.h> 42 1.3 christos __RCSID("$NetBSD: ldapcompare.c,v 1.3 2021/08/14 16:14:49 christos Exp $"); 43 1.2 christos 44 1.1 lukem #include "portable.h" 45 1.1 lukem 46 1.1 lukem #include <stdio.h> 47 1.1 lukem 48 1.1 lukem #include <ac/stdlib.h> 49 1.1 lukem 50 1.1 lukem #include <ac/ctype.h> 51 1.1 lukem #include <ac/string.h> 52 1.1 lukem #include <ac/unistd.h> 53 1.1 lukem #include <ac/errno.h> 54 1.1 lukem #include <ac/socket.h> 55 1.1 lukem #include <ac/time.h> 56 1.1 lukem #include <sys/stat.h> 57 1.1 lukem 58 1.1 lukem #ifdef HAVE_FCNTL_H 59 1.1 lukem #include <fcntl.h> 60 1.1 lukem #endif 61 1.1 lukem #ifdef HAVE_SYS_TYPES_H 62 1.1 lukem #include <sys/types.h> 63 1.1 lukem #endif 64 1.1 lukem #ifdef HAVE_IO_H 65 1.1 lukem #include <io.h> 66 1.1 lukem #endif 67 1.1 lukem 68 1.1 lukem #include <ldap.h> 69 1.1 lukem 70 1.1 lukem #include "lutil.h" 71 1.1 lukem #include "lutil_ldap.h" 72 1.1 lukem #include "ldap_defaults.h" 73 1.1 lukem 74 1.1 lukem #include "common.h" 75 1.1 lukem 76 1.1 lukem 77 1.1 lukem static int quiet = 0; 78 1.1 lukem 79 1.1 lukem 80 1.1 lukem void 81 1.1 lukem usage( void ) 82 1.1 lukem { 83 1.1 lukem fprintf( stderr, _("usage: %s [options] DN <attr:value|attr::b64value>\n"), prog); 84 1.1 lukem fprintf( stderr, _("where:\n")); 85 1.1 lukem fprintf( stderr, _(" DN\tDistinguished Name\n")); 86 1.1 lukem fprintf( stderr, _(" attr\tassertion attribute\n")); 87 1.1 lukem fprintf( stderr, _(" value\tassertion value\n")); 88 1.1 lukem fprintf( stderr, _(" b64value\tbase64 encoding of assertion value\n")); 89 1.1 lukem 90 1.1 lukem fprintf( stderr, _("Compare options:\n")); 91 1.1 lukem fprintf( stderr, _(" -E [!]<ext>[=<extparam>] compare extensions (! indicates criticality)\n")); 92 1.1 lukem fprintf( stderr, _(" !dontUseCopy (Don't Use Copy)\n")); 93 1.2 christos fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n")); 94 1.2 christos fprintf( stderr, _(" -P version protocol version (default: 3)\n")); 95 1.1 lukem fprintf( stderr, _(" -z Quiet mode," 96 1.1 lukem " don't print anything, use return values\n")); 97 1.1 lukem tool_common_usage(); 98 1.1 lukem exit( EXIT_FAILURE ); 99 1.1 lukem } 100 1.1 lukem 101 1.1 lukem static int docompare LDAP_P(( 102 1.1 lukem LDAP *ld, 103 1.1 lukem char *dn, 104 1.1 lukem char *attr, 105 1.1 lukem struct berval *bvalue, 106 1.1 lukem int quiet, 107 1.1 lukem LDAPControl **sctrls, 108 1.1 lukem LDAPControl **cctrls)); 109 1.1 lukem 110 1.1 lukem 111 1.1 lukem const char options[] = "z" 112 1.2 christos "Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; 113 1.1 lukem 114 1.1 lukem #ifdef LDAP_CONTROL_DONTUSECOPY 115 1.1 lukem int dontUseCopy = 0; 116 1.1 lukem #endif 117 1.1 lukem 118 1.1 lukem int 119 1.1 lukem handle_private_option( int i ) 120 1.1 lukem { 121 1.1 lukem char *control, *cvalue; 122 1.1 lukem int crit; 123 1.1 lukem 124 1.1 lukem switch ( i ) { 125 1.1 lukem case 'E': /* compare extensions */ 126 1.1 lukem if( protocol == LDAP_VERSION2 ) { 127 1.1 lukem fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"), 128 1.1 lukem prog, protocol ); 129 1.1 lukem exit( EXIT_FAILURE ); 130 1.1 lukem } 131 1.1 lukem 132 1.1 lukem /* should be extended to support comma separated list of 133 1.1 lukem * [!]key[=value] parameters, e.g. -E !foo,bar=567 134 1.1 lukem */ 135 1.1 lukem 136 1.1 lukem crit = 0; 137 1.1 lukem cvalue = NULL; 138 1.1 lukem if( optarg[0] == '!' ) { 139 1.1 lukem crit = 1; 140 1.1 lukem optarg++; 141 1.1 lukem } 142 1.1 lukem 143 1.3 christos control = optarg; 144 1.1 lukem if ( (cvalue = strchr( control, '=' )) != NULL ) { 145 1.1 lukem *cvalue++ = '\0'; 146 1.1 lukem } 147 1.1 lukem 148 1.1 lukem #ifdef LDAP_CONTROL_DONTUSECOPY 149 1.1 lukem if ( strcasecmp( control, "dontUseCopy" ) == 0 ) { 150 1.1 lukem if( dontUseCopy ) { 151 1.1 lukem fprintf( stderr, 152 1.1 lukem _("dontUseCopy control previously specified\n")); 153 1.1 lukem exit( EXIT_FAILURE ); 154 1.1 lukem } 155 1.1 lukem if( cvalue != NULL ) { 156 1.1 lukem fprintf( stderr, 157 1.1 lukem _("dontUseCopy: no control value expected\n") ); 158 1.1 lukem usage(); 159 1.1 lukem } 160 1.1 lukem if( !crit ) { 161 1.1 lukem fprintf( stderr, 162 1.1 lukem _("dontUseCopy: critical flag required\n") ); 163 1.1 lukem usage(); 164 1.1 lukem } 165 1.1 lukem 166 1.1 lukem dontUseCopy = 1 + crit; 167 1.1 lukem } else 168 1.1 lukem #endif 169 1.1 lukem { 170 1.1 lukem fprintf( stderr, 171 1.1 lukem _("Invalid compare extension name: %s\n"), control ); 172 1.1 lukem usage(); 173 1.1 lukem } 174 1.1 lukem break; 175 1.1 lukem 176 1.1 lukem case 'z': 177 1.1 lukem quiet = 1; 178 1.1 lukem break; 179 1.1 lukem 180 1.1 lukem default: 181 1.1 lukem return 0; 182 1.1 lukem } 183 1.1 lukem return 1; 184 1.1 lukem } 185 1.1 lukem 186 1.1 lukem 187 1.1 lukem int 188 1.1 lukem main( int argc, char **argv ) 189 1.1 lukem { 190 1.1 lukem char *compdn = NULL, *attrs = NULL; 191 1.1 lukem char *sep; 192 1.1 lukem int rc; 193 1.1 lukem LDAP *ld = NULL; 194 1.1 lukem struct berval bvalue = { 0, NULL }; 195 1.1 lukem int i = 0; 196 1.1 lukem LDAPControl c[1]; 197 1.1 lukem 198 1.1 lukem 199 1.1 lukem tool_init( TOOL_COMPARE ); 200 1.1 lukem prog = lutil_progname( "ldapcompare", argc, argv ); 201 1.1 lukem 202 1.1 lukem tool_args( argc, argv ); 203 1.1 lukem 204 1.1 lukem if ( argc - optind != 2 ) { 205 1.1 lukem usage(); 206 1.1 lukem } 207 1.1 lukem 208 1.1 lukem compdn = argv[optind++]; 209 1.1 lukem attrs = argv[optind++]; 210 1.1 lukem 211 1.1 lukem /* user passed in only 2 args, the last one better be in 212 1.1 lukem * the form attr:value or attr::b64value 213 1.1 lukem */ 214 1.1 lukem sep = strchr(attrs, ':'); 215 1.1 lukem if (!sep) { 216 1.1 lukem usage(); 217 1.1 lukem } 218 1.1 lukem 219 1.1 lukem *sep++='\0'; 220 1.1 lukem if ( *sep != ':' ) { 221 1.1 lukem bvalue.bv_val = strdup( sep ); 222 1.1 lukem bvalue.bv_len = strlen( bvalue.bv_val ); 223 1.1 lukem 224 1.1 lukem } else { 225 1.1 lukem /* it's base64 encoded. */ 226 1.1 lukem bvalue.bv_val = malloc( strlen( &sep[1] )); 227 1.1 lukem bvalue.bv_len = lutil_b64_pton( &sep[1], 228 1.1 lukem (unsigned char *) bvalue.bv_val, strlen( &sep[1] )); 229 1.1 lukem 230 1.1 lukem if (bvalue.bv_len == (ber_len_t)-1) { 231 1.1 lukem fprintf(stderr, _("base64 decode error\n")); 232 1.1 lukem exit(-1); 233 1.1 lukem } 234 1.1 lukem } 235 1.1 lukem 236 1.1 lukem ld = tool_conn_setup( 0, 0 ); 237 1.1 lukem 238 1.1 lukem tool_bind( ld ); 239 1.1 lukem 240 1.1 lukem if ( 0 241 1.1 lukem #ifdef LDAP_CONTROL_DONTUSECOPY 242 1.1 lukem || dontUseCopy 243 1.1 lukem #endif 244 1.1 lukem ) 245 1.1 lukem { 246 1.1 lukem #ifdef LDAP_CONTROL_DONTUSECOPY 247 1.1 lukem if ( dontUseCopy ) { 248 1.1 lukem c[i].ldctl_oid = LDAP_CONTROL_DONTUSECOPY; 249 1.1 lukem c[i].ldctl_value.bv_val = NULL; 250 1.1 lukem c[i].ldctl_value.bv_len = 0; 251 1.1 lukem c[i].ldctl_iscritical = dontUseCopy > 1; 252 1.1 lukem i++; 253 1.1 lukem } 254 1.1 lukem #endif 255 1.1 lukem } 256 1.1 lukem 257 1.1 lukem tool_server_controls( ld, c, i ); 258 1.1 lukem 259 1.1 lukem if ( verbose ) { 260 1.1 lukem fprintf( stderr, _("DN:%s, attr:%s, value:%s\n"), 261 1.1 lukem compdn, attrs, sep ); 262 1.1 lukem } 263 1.1 lukem 264 1.1 lukem rc = docompare( ld, compdn, attrs, &bvalue, quiet, NULL, NULL ); 265 1.1 lukem 266 1.1 lukem free( bvalue.bv_val ); 267 1.1 lukem 268 1.2 christos tool_exit( ld, rc ); 269 1.1 lukem } 270 1.1 lukem 271 1.1 lukem 272 1.1 lukem static int docompare( 273 1.1 lukem LDAP *ld, 274 1.1 lukem char *dn, 275 1.1 lukem char *attr, 276 1.1 lukem struct berval *bvalue, 277 1.1 lukem int quiet, 278 1.1 lukem LDAPControl **sctrls, 279 1.1 lukem LDAPControl **cctrls ) 280 1.1 lukem { 281 1.1 lukem int rc, msgid, code; 282 1.1 lukem LDAPMessage *res; 283 1.1 lukem char *matcheddn; 284 1.1 lukem char *text; 285 1.1 lukem char **refs; 286 1.1 lukem LDAPControl **ctrls = NULL; 287 1.1 lukem 288 1.1 lukem if ( dont ) { 289 1.1 lukem return LDAP_SUCCESS; 290 1.1 lukem } 291 1.1 lukem 292 1.1 lukem rc = ldap_compare_ext( ld, dn, attr, bvalue, 293 1.1 lukem sctrls, cctrls, &msgid ); 294 1.1 lukem if ( rc == -1 ) { 295 1.1 lukem return( rc ); 296 1.1 lukem } 297 1.1 lukem 298 1.1 lukem for ( ; ; ) { 299 1.1 lukem struct timeval tv; 300 1.1 lukem 301 1.1 lukem tv.tv_sec = 0; 302 1.1 lukem tv.tv_usec = 100000; 303 1.1 lukem 304 1.1 lukem if ( tool_check_abandon( ld, msgid ) ) { 305 1.1 lukem return LDAP_CANCELLED; 306 1.1 lukem } 307 1.1 lukem 308 1.1 lukem rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); 309 1.1 lukem if ( rc < 0 ) { 310 1.1 lukem tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); 311 1.1 lukem return rc; 312 1.1 lukem } 313 1.1 lukem 314 1.1 lukem if ( rc != 0 ) { 315 1.1 lukem break; 316 1.1 lukem } 317 1.1 lukem } 318 1.1 lukem 319 1.1 lukem rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 ); 320 1.1 lukem 321 1.1 lukem if( rc != LDAP_SUCCESS ) { 322 1.1 lukem fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n", 323 1.1 lukem prog, ldap_err2string( rc ), rc ); 324 1.1 lukem return rc; 325 1.1 lukem } 326 1.1 lukem 327 1.1 lukem if ( !quiet && ( verbose || ( code != LDAP_SUCCESS && code != LDAP_COMPARE_TRUE && code != LDAP_COMPARE_FALSE )|| 328 1.1 lukem (matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ) ) 329 1.1 lukem { 330 1.1 lukem printf( _("Compare Result: %s (%d)\n"), 331 1.1 lukem ldap_err2string( code ), code ); 332 1.1 lukem 333 1.1 lukem if( text && *text ) { 334 1.1 lukem printf( _("Additional info: %s\n"), text ); 335 1.1 lukem } 336 1.1 lukem 337 1.1 lukem if( matcheddn && *matcheddn ) { 338 1.1 lukem printf( _("Matched DN: %s\n"), matcheddn ); 339 1.1 lukem } 340 1.1 lukem 341 1.1 lukem if( refs ) { 342 1.1 lukem int i; 343 1.1 lukem for( i=0; refs[i]; i++ ) { 344 1.1 lukem printf(_("Referral: %s\n"), refs[i] ); 345 1.1 lukem } 346 1.1 lukem } 347 1.1 lukem } 348 1.1 lukem 349 1.1 lukem /* if we were told to be quiet, use the return value. */ 350 1.1 lukem if ( !quiet ) { 351 1.1 lukem if ( code == LDAP_COMPARE_TRUE ) { 352 1.1 lukem printf(_("TRUE\n")); 353 1.1 lukem } else if ( code == LDAP_COMPARE_FALSE ) { 354 1.1 lukem printf(_("FALSE\n")); 355 1.1 lukem } else { 356 1.1 lukem printf(_("UNDEFINED\n")); 357 1.1 lukem } 358 1.1 lukem } 359 1.1 lukem 360 1.1 lukem if ( ctrls ) { 361 1.1 lukem tool_print_ctrls( ld, ctrls ); 362 1.1 lukem ldap_controls_free( ctrls ); 363 1.1 lukem } 364 1.1 lukem 365 1.1 lukem ber_memfree( text ); 366 1.1 lukem ber_memfree( matcheddn ); 367 1.1 lukem ber_memvfree( (void **) refs ); 368 1.1 lukem 369 1.1 lukem return( code ); 370 1.1 lukem } 371 1.1 lukem 372
Indexes created Wed May 06 00:24:28 UTC 2026