1 1.1 christos /* $NetBSD: ldapvc.c,v 1.3 2025/09/05 21:16:13 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* ldapvc.c -- a tool for verifying credentials */ 4 1.1 christos /* $OpenLDAP$ */ 5 1.1 christos /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 1.1 christos * 7 1.3 christos * Copyright 1998-2024 The OpenLDAP Foundation. 8 1.1 christos * Portions Copyright 2010 Kurt D. Zeilenga. 9 1.1 christos * All rights reserved. 10 1.1 christos * 11 1.1 christos * Redistribution and use in source and binary forms, with or without 12 1.1 christos * modification, are permitted only as authorized by the OpenLDAP 13 1.1 christos * Public License. 14 1.1 christos * 15 1.1 christos * A copy of this license is available in the file LICENSE in the 16 1.1 christos * top-level directory of the distribution or, alternatively, at 17 1.1 christos * <http://www.OpenLDAP.org/license.html>. 18 1.1 christos */ 19 1.1 christos /* Portions Copyright (c) 1992-1996 Regents of the University of Michigan. 20 1.1 christos * All rights reserved. 21 1.1 christos * 22 1.1 christos * Redistribution and use in source and binary forms are permitted 23 1.1 christos * provided that this notice is preserved and that due credit is given 24 1.1 christos * to the University of Michigan at Ann Arbor. The name of the 25 1.1 christos * University may not be used to endorse or promote products derived 26 1.1 christos * from this software without specific prior written permission. This 27 1.1 christos * software is provided ``as is'' without express or implied warranty. 28 1.1 christos */ 29 1.1 christos /* ACKNOWLEDGEMENTS: 30 1.1 christos * This work was originally developed by Kurt D. Zeilenga for inclusion 31 1.1 christos * in OpenLDAP Software based, in part, on other client tools. 32 1.1 christos */ 33 1.1 christos 34 1.1 christos #include <sys/cdefs.h> 35 1.1 christos __RCSID("$NetBSD: ldapvc.c,v 1.3 2025/09/05 21:16:13 christos Exp $"); 36 1.1 christos 37 1.1 christos #include "portable.h" 38 1.1 christos 39 1.1 christos #include <stdio.h> 40 1.1 christos 41 1.1 christos #include <ac/stdlib.h> 42 1.1 christos 43 1.1 christos #include <ac/ctype.h> 44 1.1 christos #include <ac/socket.h> 45 1.1 christos #include <ac/string.h> 46 1.1 christos #include <ac/time.h> 47 1.1 christos #include <ac/unistd.h> 48 1.1 christos 49 1.1 christos #include <ldap.h> 50 1.1 christos #include "lutil.h" 51 1.1 christos #include "lutil_ldap.h" 52 1.1 christos #include "ldap_defaults.h" 53 1.1 christos 54 1.1 christos #include "common.h" 55 1.1 christos 56 1.1 christos static int req_authzid = 0; 57 1.1 christos static int req_pp = 0; 58 1.1 christos 59 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 60 1.1 christos #define LDAP_SASL_NONE (~0U) 61 1.1 christos static unsigned vc_sasl = LDAP_SASL_NONE; 62 1.1 christos static char *vc_sasl_realm = NULL; 63 1.1 christos static char *vc_sasl_authcid = NULL; 64 1.1 christos static char *vc_sasl_authzid = NULL; 65 1.1 christos static char *vc_sasl_mech = NULL; 66 1.1 christos static char *vc_sasl_secprops = NULL; 67 1.1 christos #endif 68 1.1 christos static char * dn = NULL; 69 1.1 christos static struct berval cred = {0, NULL}; 70 1.1 christos 71 1.1 christos void 72 1.1 christos usage( void ) 73 1.1 christos { 74 1.1 christos fprintf( stderr, _("Issue LDAP Verify Credentials operation to verify a user's credentials\n\n")); 75 1.1 christos fprintf( stderr, _("usage: %s [options] [DN [cred]])\n"), prog); 76 1.1 christos fprintf( stderr, _("where:\n")); 77 1.1 christos fprintf( stderr, _(" DN\tDistinguished Name\n")); 78 1.1 christos fprintf( stderr, _(" cred\tCredentials (prompt if not present)\n")); 79 1.1 christos fprintf( stderr, _("options:\n")); 80 1.1 christos fprintf( stderr, _(" -a\tRequest AuthzId\n")); 81 1.1 christos fprintf( stderr, _(" -b\tRequest Password Policy Information\n")); 82 1.1 christos fprintf( stderr, _(" -E sasl=(a[utomatic]|i[nteractive]|q[uiet]>\tSASL mode (defaults to automatic if any other -E option provided, otherwise none))\n")); 83 1.1 christos fprintf( stderr, _(" -E mech=<mech>\tSASL mechanism (default "" e.g. Simple)\n")); 84 1.1 christos fprintf( stderr, _(" -E realm=<realm>\tSASL Realm (defaults to none)\n")); 85 1.1 christos fprintf( stderr, _(" -E authcid=<authcid>\tSASL Authentication Identity (defaults to USER)\n")); 86 1.1 christos fprintf( stderr, _(" -E authzid=<authzid>\tSASL Authorization Identity (defaults to none)\n")); 87 1.1 christos fprintf( stderr, _(" -E secprops=<secprops>\tSASL Security Properties (defaults to none)\n")); 88 1.1 christos tool_common_usage(); 89 1.1 christos exit( EXIT_FAILURE ); 90 1.1 christos } 91 1.1 christos 92 1.1 christos 93 1.1 christos const char options[] = "abE:" 94 1.3 christos "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; 95 1.1 christos 96 1.1 christos int 97 1.1 christos handle_private_option( int i ) 98 1.1 christos { 99 1.1 christos switch ( i ) { 100 1.1 christos char *control, *cvalue; 101 1.1 christos case 'E': /* vc extension */ 102 1.1 christos if( protocol == LDAP_VERSION2 ) { 103 1.1 christos fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"), 104 1.1 christos prog, protocol ); 105 1.1 christos exit( EXIT_FAILURE ); 106 1.1 christos } 107 1.1 christos 108 1.1 christos /* should be extended to support comma separated list of 109 1.1 christos * [!]key[=value] parameters, e.g. -E !foo,bar=567 110 1.1 christos */ 111 1.1 christos 112 1.1 christos cvalue = NULL; 113 1.1 christos if( optarg[0] == '!' ) { 114 1.1 christos optarg++; 115 1.1 christos } 116 1.1 christos 117 1.1 christos control = optarg; 118 1.1 christos if ( (cvalue = strchr( control, '=' )) != NULL ) { 119 1.1 christos *cvalue++ = '\0'; 120 1.1 christos } 121 1.1 christos 122 1.1 christos if (strcasecmp(control, "sasl") == 0) { 123 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 124 1.1 christos if (vc_sasl != LDAP_SASL_NONE) { 125 1.1 christos fprintf(stderr, 126 1.1 christos _("SASL option previously specified\n")); 127 1.1 christos exit(EXIT_FAILURE); 128 1.1 christos } 129 1.1 christos if (cvalue == NULL) { 130 1.1 christos fprintf(stderr, 131 1.1 christos _("missing mode in SASL option\n")); 132 1.1 christos exit(EXIT_FAILURE); 133 1.1 christos } 134 1.1 christos 135 1.1 christos switch (*cvalue) { 136 1.1 christos case 'a': 137 1.1 christos case 'A': 138 1.1 christos vc_sasl = LDAP_SASL_AUTOMATIC; 139 1.1 christos break; 140 1.1 christos case 'i': 141 1.1 christos case 'I': 142 1.1 christos vc_sasl = LDAP_SASL_INTERACTIVE; 143 1.1 christos break; 144 1.1 christos case 'q': 145 1.1 christos case 'Q': 146 1.1 christos vc_sasl = LDAP_SASL_QUIET; 147 1.1 christos break; 148 1.1 christos default: 149 1.1 christos fprintf(stderr, 150 1.1 christos _("unknown mode %s in SASL option\n"), cvalue); 151 1.1 christos exit(EXIT_FAILURE); 152 1.1 christos } 153 1.1 christos #else 154 1.1 christos fprintf(stderr, 155 1.1 christos _("%s: not compiled with SASL support\n"), prog); 156 1.1 christos exit(EXIT_FAILURE); 157 1.1 christos #endif 158 1.1 christos 159 1.1 christos } else if (strcasecmp(control, "mech") == 0) { 160 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 161 1.1 christos if (vc_sasl_mech) { 162 1.1 christos fprintf(stderr, 163 1.1 christos _("SASL mech previously specified\n")); 164 1.1 christos exit(EXIT_FAILURE); 165 1.1 christos } 166 1.1 christos if (cvalue == NULL) { 167 1.1 christos fprintf(stderr, 168 1.1 christos _("missing mech in SASL option\n")); 169 1.1 christos exit(EXIT_FAILURE); 170 1.1 christos } 171 1.1 christos 172 1.1 christos vc_sasl_mech = ber_strdup(cvalue); 173 1.3 christos if (vc_sasl_mech == NULL) { 174 1.3 christos exit(EXIT_FAILURE); 175 1.3 christos } 176 1.1 christos #else 177 1.1 christos #endif 178 1.1 christos 179 1.1 christos } else if (strcasecmp(control, "realm") == 0) { 180 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 181 1.1 christos if (vc_sasl_realm) { 182 1.1 christos fprintf(stderr, 183 1.1 christos _("SASL realm previously specified\n")); 184 1.1 christos exit(EXIT_FAILURE); 185 1.1 christos } 186 1.1 christos if (cvalue == NULL) { 187 1.1 christos fprintf(stderr, 188 1.1 christos _("missing realm in SASL option\n")); 189 1.1 christos exit(EXIT_FAILURE); 190 1.1 christos } 191 1.1 christos 192 1.1 christos vc_sasl_realm = ber_strdup(cvalue); 193 1.3 christos if (vc_sasl_realm == NULL) { 194 1.3 christos exit(EXIT_FAILURE); 195 1.3 christos } 196 1.1 christos #else 197 1.1 christos fprintf(stderr, 198 1.1 christos _("%s: not compiled with SASL support\n"), prog); 199 1.1 christos exit(EXIT_FAILURE); 200 1.1 christos #endif 201 1.1 christos 202 1.1 christos } else if (strcasecmp(control, "authcid") == 0) { 203 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 204 1.1 christos if (vc_sasl_authcid) { 205 1.1 christos fprintf(stderr, 206 1.1 christos _("SASL authcid previously specified\n")); 207 1.1 christos exit(EXIT_FAILURE); 208 1.1 christos } 209 1.1 christos if (cvalue == NULL) { 210 1.1 christos fprintf(stderr, 211 1.1 christos _("missing authcid in SASL option\n")); 212 1.1 christos exit(EXIT_FAILURE); 213 1.1 christos } 214 1.1 christos 215 1.1 christos vc_sasl_authcid = ber_strdup(cvalue); 216 1.3 christos if (vc_sasl_authcid == NULL) { 217 1.3 christos exit(EXIT_FAILURE); 218 1.3 christos } 219 1.1 christos #else 220 1.1 christos fprintf(stderr, 221 1.1 christos _("%s: not compiled with SASL support\n"), prog); 222 1.1 christos exit(EXIT_FAILURE); 223 1.1 christos #endif 224 1.1 christos 225 1.1 christos } else if (strcasecmp(control, "authzid") == 0) { 226 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 227 1.1 christos if (vc_sasl_authzid) { 228 1.1 christos fprintf(stderr, 229 1.1 christos _("SASL authzid previously specified\n")); 230 1.1 christos exit(EXIT_FAILURE); 231 1.1 christos } 232 1.1 christos if (cvalue == NULL) { 233 1.1 christos fprintf(stderr, 234 1.1 christos _("missing authzid in SASL option\n")); 235 1.1 christos exit(EXIT_FAILURE); 236 1.1 christos } 237 1.1 christos 238 1.1 christos vc_sasl_authzid = ber_strdup(cvalue); 239 1.3 christos if (vc_sasl_authzid == NULL) { 240 1.3 christos exit(EXIT_FAILURE); 241 1.3 christos } 242 1.1 christos #else 243 1.1 christos fprintf(stderr, 244 1.1 christos _("%s: not compiled with SASL support\n"), prog); 245 1.1 christos exit(EXIT_FAILURE); 246 1.1 christos #endif 247 1.1 christos 248 1.1 christos } else if (strcasecmp(control, "secprops") == 0) { 249 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 250 1.1 christos if (vc_sasl_secprops) { 251 1.1 christos fprintf(stderr, 252 1.1 christos _("SASL secprops previously specified\n")); 253 1.1 christos exit(EXIT_FAILURE); 254 1.1 christos } 255 1.1 christos if (cvalue == NULL) { 256 1.1 christos fprintf(stderr, 257 1.1 christos _("missing secprops in SASL option\n")); 258 1.1 christos exit(EXIT_FAILURE); 259 1.1 christos } 260 1.1 christos 261 1.1 christos vc_sasl_secprops = ber_strdup(cvalue); 262 1.3 christos if (vc_sasl_secprops == NULL) { 263 1.3 christos exit(EXIT_FAILURE); 264 1.3 christos } 265 1.1 christos #else 266 1.1 christos fprintf(stderr, 267 1.1 christos _("%s: not compiled with SASL support\n"), prog); 268 1.1 christos exit(EXIT_FAILURE); 269 1.1 christos #endif 270 1.1 christos 271 1.1 christos } else { 272 1.1 christos fprintf( stderr, _("Invalid Verify Credentials extension name: %s\n"), control ); 273 1.1 christos usage(); 274 1.1 christos } 275 1.1 christos break; 276 1.1 christos 277 1.1 christos case 'a': /* request authzid */ 278 1.1 christos req_authzid++; 279 1.1 christos break; 280 1.1 christos 281 1.1 christos case 'b': /* request authzid */ 282 1.1 christos req_pp++; 283 1.1 christos break; 284 1.1 christos 285 1.1 christos default: 286 1.1 christos return 0; 287 1.1 christos } 288 1.1 christos return 1; 289 1.1 christos } 290 1.1 christos 291 1.1 christos 292 1.1 christos int 293 1.1 christos main( int argc, char *argv[] ) 294 1.1 christos { 295 1.1 christos int rc; 296 1.1 christos LDAP *ld = NULL; 297 1.1 christos char *matcheddn = NULL, *text = NULL, **refs = NULL; 298 1.1 christos int rcode; 299 1.1 christos char * diag = NULL; 300 1.1 christos struct berval *scookie = NULL; 301 1.1 christos struct berval *scred = NULL; 302 1.1 christos int id, code = 0; 303 1.1 christos LDAPMessage *res; 304 1.1 christos LDAPControl **ctrls = NULL; 305 1.1 christos LDAPControl **vcctrls = NULL; 306 1.1 christos int nvcctrls = 0; 307 1.1 christos 308 1.1 christos tool_init( TOOL_VC ); 309 1.1 christos prog = lutil_progname( "ldapvc", argc, argv ); 310 1.1 christos 311 1.1 christos /* LDAPv3 only */ 312 1.1 christos protocol = LDAP_VERSION3; 313 1.1 christos 314 1.1 christos tool_args( argc, argv ); 315 1.1 christos 316 1.1 christos if (argc - optind > 0) { 317 1.1 christos dn = argv[optind++]; 318 1.1 christos } 319 1.1 christos if (argc - optind > 0) { 320 1.1 christos cred.bv_val = strdup(argv[optind++]); 321 1.1 christos cred.bv_len = strlen(cred.bv_val); 322 1.1 christos } 323 1.1 christos if (argc - optind > 0) { 324 1.1 christos usage(); 325 1.1 christos } 326 1.1 christos if (dn 327 1.1 christos #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 328 1.1 christos && !vc_sasl_mech 329 1.1 christos #endif 330 1.1 christos && !cred.bv_val) 331 1.1 christos { 332 1.3 christos char *userpw = getpassphrase(_("User's password: ")); 333 1.3 christos if ( userpw == NULL ) /* Allow EOF to exit. */ 334 1.3 christos { 335 1.3 christos tool_exit( ld, EXIT_FAILURE ); 336 1.3 christos } 337 1.3 christos cred.bv_val = strdup(userpw); 338 1.3 christos cred.bv_len = strlen(cred.bv_val); 339 1.1 christos } 340 1.1 christos 341 1.1 christos #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 342 1.1 christos if (vc_sasl_mech && (vc_sasl == LDAP_SASL_NONE)) { 343 1.1 christos vc_sasl = LDAP_SASL_AUTOMATIC; 344 1.1 christos } 345 1.1 christos #endif 346 1.1 christos 347 1.1 christos ld = tool_conn_setup( 0, 0 ); 348 1.1 christos 349 1.1 christos tool_bind( ld ); 350 1.1 christos 351 1.1 christos if ( dont ) { 352 1.1 christos rc = LDAP_SUCCESS; 353 1.1 christos goto skip; 354 1.1 christos } 355 1.1 christos 356 1.1 christos tool_server_controls( ld, NULL, 0 ); 357 1.1 christos 358 1.1 christos if (req_authzid) { 359 1.1 christos vcctrls = (LDAPControl **) malloc(3*sizeof(LDAPControl *)); 360 1.1 christos vcctrls[nvcctrls] = (LDAPControl *) malloc(sizeof(LDAPControl)); 361 1.1 christos vcctrls[nvcctrls]->ldctl_oid = ldap_strdup(LDAP_CONTROL_AUTHZID_REQUEST); 362 1.1 christos vcctrls[nvcctrls]->ldctl_iscritical = 0; 363 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_val = NULL; 364 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_len = 0; 365 1.1 christos vcctrls[++nvcctrls] = NULL; 366 1.1 christos } 367 1.1 christos 368 1.1 christos if (req_pp) { 369 1.1 christos if (!vcctrls) vcctrls = (LDAPControl **) malloc(3*sizeof(LDAPControl *)); 370 1.1 christos vcctrls[nvcctrls] = (LDAPControl *) malloc(sizeof(LDAPControl)); 371 1.1 christos vcctrls[nvcctrls]->ldctl_oid = ldap_strdup(LDAP_CONTROL_PASSWORDPOLICYREQUEST); 372 1.1 christos vcctrls[nvcctrls]->ldctl_iscritical = 0; 373 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_val = NULL; 374 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_len = 0; 375 1.1 christos vcctrls[++nvcctrls] = NULL; 376 1.1 christos } 377 1.1 christos 378 1.1 christos #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 379 1.1 christos #ifdef HAVE_CYRUS_SASL 380 1.1 christos if (vc_sasl_mech) { 381 1.1 christos int msgid; 382 1.1 christos void * defaults; 383 1.1 christos void * context = NULL; 384 1.1 christos const char *rmech = NULL; 385 1.1 christos 386 1.1 christos defaults = lutil_sasl_defaults(ld, 387 1.1 christos vc_sasl_mech, 388 1.1 christos vc_sasl_realm, 389 1.1 christos vc_sasl_authcid, 390 1.1 christos cred.bv_val, 391 1.1 christos sasl_authz_id); 392 1.1 christos 393 1.1 christos do { 394 1.1 christos rc = ldap_verify_credentials_interactive(ld, dn, vc_sasl_mech, 395 1.1 christos vcctrls, NULL, NULL, 396 1.1 christos vc_sasl, lutil_sasl_interact, defaults, context, 397 1.1 christos res, &rmech, &msgid); 398 1.1 christos 399 1.1 christos if (rc != LDAP_SASL_BIND_IN_PROGRESS) break; 400 1.1 christos 401 1.1 christos ldap_msgfree(res); 402 1.1 christos 403 1.1 christos if (ldap_result(ld, msgid, LDAP_MSG_ALL, NULL, &res) == -1 || !res) { 404 1.1 christos ldap_get_option(ld, LDAP_OPT_RESULT_CODE, (void*) &rc); 405 1.1 christos ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); 406 1.1 christos tool_perror( "ldap_verify_credentials_interactive", rc, NULL, NULL, text, NULL); 407 1.1 christos ldap_memfree(text); 408 1.1 christos tool_exit(ld, rc); 409 1.1 christos } 410 1.1 christos } while (rc == LDAP_SASL_BIND_IN_PROGRESS); 411 1.1 christos 412 1.1 christos lutil_sasl_freedefs(defaults); 413 1.1 christos 414 1.1 christos if( rc != LDAP_SUCCESS ) { 415 1.1 christos ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); 416 1.1 christos tool_perror( "ldap_verify_credentials", rc, NULL, NULL, text, NULL ); 417 1.1 christos rc = EXIT_FAILURE; 418 1.1 christos goto skip; 419 1.1 christos } 420 1.1 christos 421 1.1 christos } else 422 1.1 christos #endif 423 1.1 christos #endif 424 1.1 christos { 425 1.1 christos rc = ldap_verify_credentials( ld, 426 1.1 christos NULL, 427 1.1 christos dn, NULL, cred.bv_val ? &cred: NULL, vcctrls, 428 1.1 christos NULL, NULL, &id ); 429 1.1 christos 430 1.1 christos if( rc != LDAP_SUCCESS ) { 431 1.1 christos ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); 432 1.1 christos tool_perror( "ldap_verify_credentials", rc, NULL, NULL, text, NULL ); 433 1.1 christos rc = EXIT_FAILURE; 434 1.1 christos goto skip; 435 1.1 christos } 436 1.1 christos 437 1.1 christos for ( ; ; ) { 438 1.1 christos struct timeval tv; 439 1.1 christos 440 1.1 christos if ( tool_check_abandon( ld, id ) ) { 441 1.1 christos tool_exit( ld, LDAP_CANCELLED ); 442 1.1 christos } 443 1.1 christos 444 1.1 christos tv.tv_sec = 0; 445 1.1 christos tv.tv_usec = 100000; 446 1.1 christos 447 1.1 christos rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); 448 1.1 christos if ( rc < 0 ) { 449 1.1 christos tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); 450 1.1 christos tool_exit( ld, rc ); 451 1.1 christos } 452 1.1 christos 453 1.1 christos if ( rc != 0 ) { 454 1.1 christos break; 455 1.1 christos } 456 1.1 christos } 457 1.1 christos } 458 1.1 christos 459 1.1 christos ldap_controls_free(vcctrls); 460 1.1 christos vcctrls = NULL; 461 1.1 christos 462 1.1 christos rc = ldap_parse_result( ld, res, 463 1.1 christos &code, &matcheddn, &text, &refs, &ctrls, 0 ); 464 1.1 christos 465 1.1 christos if (rc == LDAP_SUCCESS) rc = code; 466 1.1 christos 467 1.1 christos if (rc != LDAP_SUCCESS) { 468 1.1 christos tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs ); 469 1.1 christos rc = EXIT_FAILURE; 470 1.1 christos goto skip; 471 1.1 christos } 472 1.1 christos 473 1.1 christos rc = ldap_parse_verify_credentials( ld, res, &rcode, &diag, &scookie, &scred, &vcctrls ); 474 1.1 christos ldap_msgfree(res); 475 1.1 christos 476 1.1 christos if (rc != LDAP_SUCCESS) { 477 1.1 christos tool_perror( "ldap_parse_verify_credentials", rc, NULL, NULL, NULL, NULL ); 478 1.1 christos rc = EXIT_FAILURE; 479 1.1 christos goto skip; 480 1.1 christos } 481 1.1 christos 482 1.1 christos if (rcode != LDAP_SUCCESS) { 483 1.1 christos printf(_("Failed: %s (%d)\n"), ldap_err2string(rcode), rcode); 484 1.1 christos } 485 1.1 christos 486 1.1 christos if (diag && *diag) { 487 1.1 christos printf(_("Diagnostic: %s\n"), diag); 488 1.1 christos } 489 1.1 christos 490 1.1 christos if (vcctrls) { 491 1.1 christos tool_print_ctrls( ld, vcctrls ); 492 1.1 christos } 493 1.1 christos 494 1.1 christos skip: 495 1.1 christos if ( verbose || code != LDAP_SUCCESS || 496 1.1 christos ( matcheddn && *matcheddn ) || ( text && *text ) || refs || ctrls ) 497 1.1 christos { 498 1.1 christos printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); 499 1.1 christos 500 1.1 christos if( text && *text ) { 501 1.1 christos printf( _("Additional info: %s\n"), text ); 502 1.1 christos } 503 1.1 christos 504 1.1 christos if( matcheddn && *matcheddn ) { 505 1.1 christos printf( _("Matched DN: %s\n"), matcheddn ); 506 1.1 christos } 507 1.1 christos 508 1.1 christos if( refs ) { 509 1.1 christos int i; 510 1.1 christos for( i=0; refs[i]; i++ ) { 511 1.1 christos printf(_("Referral: %s\n"), refs[i] ); 512 1.1 christos } 513 1.1 christos } 514 1.1 christos 515 1.1 christos if (ctrls) { 516 1.1 christos tool_print_ctrls( ld, ctrls ); 517 1.1 christos ldap_controls_free( ctrls ); 518 1.1 christos } 519 1.1 christos } 520 1.1 christos 521 1.1 christos ber_memfree( text ); 522 1.1 christos ber_memfree( matcheddn ); 523 1.1 christos ber_memvfree( (void **) refs ); 524 1.1 christos ber_bvfree( scookie ); 525 1.1 christos ber_bvfree( scred ); 526 1.1 christos ber_memfree( diag ); 527 1.1 christos free( cred.bv_val ); 528 1.1 christos 529 1.1 christos /* disconnect from server */ 530 1.1 christos tool_exit( ld, code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE ); 531 1.1 christos } 532
Indexes created Mon Apr 13 00:22:24 UTC 2026