ldapvc.c revision 1.1
1 1.1 christos /* $NetBSD: ldapvc.c,v 1.1 2021/08/14 16:05:12 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* ldapvc.c -- a tool for verifying credentials */ 4 1.1 christos /* $OpenLDAP$ */ 5 1.1 christos /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 1.1 christos * 7 1.1 christos * Copyright 1998-2021 The OpenLDAP Foundation. 8 1.1 christos * Portions Copyright 2010 Kurt D. Zeilenga. 9 1.1 christos * All rights reserved. 10 1.1 christos * 11 1.1 christos * Redistribution and use in source and binary forms, with or without 12 1.1 christos * modification, are permitted only as authorized by the OpenLDAP 13 1.1 christos * Public License. 14 1.1 christos * 15 1.1 christos * A copy of this license is available in the file LICENSE in the 16 1.1 christos * top-level directory of the distribution or, alternatively, at 17 1.1 christos * <http://www.OpenLDAP.org/license.html>. 18 1.1 christos */ 19 1.1 christos /* Portions Copyright (c) 1992-1996 Regents of the University of Michigan. 20 1.1 christos * All rights reserved. 21 1.1 christos * 22 1.1 christos * Redistribution and use in source and binary forms are permitted 23 1.1 christos * provided that this notice is preserved and that due credit is given 24 1.1 christos * to the University of Michigan at Ann Arbor. The name of the 25 1.1 christos * University may not be used to endorse or promote products derived 26 1.1 christos * from this software without specific prior written permission. This 27 1.1 christos * software is provided ``as is'' without express or implied warranty. 28 1.1 christos */ 29 1.1 christos /* ACKNOWLEDGEMENTS: 30 1.1 christos * This work was originally developed by Kurt D. Zeilenga for inclusion 31 1.1 christos * in OpenLDAP Software based, in part, on other client tools. 32 1.1 christos */ 33 1.1 christos 34 1.1 christos #include <sys/cdefs.h> 35 1.1 christos __RCSID("$NetBSD: ldapvc.c,v 1.1 2021/08/14 16:05:12 christos Exp $"); 36 1.1 christos 37 1.1 christos #include "portable.h" 38 1.1 christos 39 1.1 christos #include <stdio.h> 40 1.1 christos 41 1.1 christos #include <ac/stdlib.h> 42 1.1 christos 43 1.1 christos #include <ac/ctype.h> 44 1.1 christos #include <ac/socket.h> 45 1.1 christos #include <ac/string.h> 46 1.1 christos #include <ac/time.h> 47 1.1 christos #include <ac/unistd.h> 48 1.1 christos 49 1.1 christos #include <ldap.h> 50 1.1 christos #include "lutil.h" 51 1.1 christos #include "lutil_ldap.h" 52 1.1 christos #include "ldap_defaults.h" 53 1.1 christos 54 1.1 christos #include "common.h" 55 1.1 christos 56 1.1 christos static int req_authzid = 0; 57 1.1 christos static int req_pp = 0; 58 1.1 christos 59 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 60 1.1 christos #define LDAP_SASL_NONE (~0U) 61 1.1 christos static unsigned vc_sasl = LDAP_SASL_NONE; 62 1.1 christos static char *vc_sasl_realm = NULL; 63 1.1 christos static char *vc_sasl_authcid = NULL; 64 1.1 christos static char *vc_sasl_authzid = NULL; 65 1.1 christos static char *vc_sasl_mech = NULL; 66 1.1 christos static char *vc_sasl_secprops = NULL; 67 1.1 christos #endif 68 1.1 christos static char * dn = NULL; 69 1.1 christos static struct berval cred = {0, NULL}; 70 1.1 christos 71 1.1 christos void 72 1.1 christos usage( void ) 73 1.1 christos { 74 1.1 christos fprintf( stderr, _("Issue LDAP Verify Credentials operation to verify a user's credentials\n\n")); 75 1.1 christos fprintf( stderr, _("usage: %s [options] [DN [cred]])\n"), prog); 76 1.1 christos fprintf( stderr, _("where:\n")); 77 1.1 christos fprintf( stderr, _(" DN\tDistinguished Name\n")); 78 1.1 christos fprintf( stderr, _(" cred\tCredentials (prompt if not present)\n")); 79 1.1 christos fprintf( stderr, _("options:\n")); 80 1.1 christos fprintf( stderr, _(" -a\tRequest AuthzId\n")); 81 1.1 christos fprintf( stderr, _(" -b\tRequest Password Policy Information\n")); 82 1.1 christos fprintf( stderr, _(" -E sasl=(a[utomatic]|i[nteractive]|q[uiet]>\tSASL mode (defaults to automatic if any other -E option provided, otherwise none))\n")); 83 1.1 christos fprintf( stderr, _(" -E mech=<mech>\tSASL mechanism (default "" e.g. Simple)\n")); 84 1.1 christos fprintf( stderr, _(" -E realm=<realm>\tSASL Realm (defaults to none)\n")); 85 1.1 christos fprintf( stderr, _(" -E authcid=<authcid>\tSASL Authentication Identity (defaults to USER)\n")); 86 1.1 christos fprintf( stderr, _(" -E authzid=<authzid>\tSASL Authorization Identity (defaults to none)\n")); 87 1.1 christos fprintf( stderr, _(" -E secprops=<secprops>\tSASL Security Properties (defaults to none)\n")); 88 1.1 christos tool_common_usage(); 89 1.1 christos exit( EXIT_FAILURE ); 90 1.1 christos } 91 1.1 christos 92 1.1 christos 93 1.1 christos const char options[] = "abE:" 94 1.1 christos "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; 95 1.1 christos 96 1.1 christos int 97 1.1 christos handle_private_option( int i ) 98 1.1 christos { 99 1.1 christos switch ( i ) { 100 1.1 christos char *control, *cvalue; 101 1.1 christos case 'E': /* vc extension */ 102 1.1 christos if( protocol == LDAP_VERSION2 ) { 103 1.1 christos fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"), 104 1.1 christos prog, protocol ); 105 1.1 christos exit( EXIT_FAILURE ); 106 1.1 christos } 107 1.1 christos 108 1.1 christos /* should be extended to support comma separated list of 109 1.1 christos * [!]key[=value] parameters, e.g. -E !foo,bar=567 110 1.1 christos */ 111 1.1 christos 112 1.1 christos cvalue = NULL; 113 1.1 christos if( optarg[0] == '!' ) { 114 1.1 christos optarg++; 115 1.1 christos } 116 1.1 christos 117 1.1 christos control = optarg; 118 1.1 christos if ( (cvalue = strchr( control, '=' )) != NULL ) { 119 1.1 christos *cvalue++ = '\0'; 120 1.1 christos } 121 1.1 christos 122 1.1 christos if (strcasecmp(control, "sasl") == 0) { 123 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 124 1.1 christos if (vc_sasl != LDAP_SASL_NONE) { 125 1.1 christos fprintf(stderr, 126 1.1 christos _("SASL option previously specified\n")); 127 1.1 christos exit(EXIT_FAILURE); 128 1.1 christos } 129 1.1 christos if (cvalue == NULL) { 130 1.1 christos fprintf(stderr, 131 1.1 christos _("missing mode in SASL option\n")); 132 1.1 christos exit(EXIT_FAILURE); 133 1.1 christos } 134 1.1 christos 135 1.1 christos switch (*cvalue) { 136 1.1 christos case 'a': 137 1.1 christos case 'A': 138 1.1 christos vc_sasl = LDAP_SASL_AUTOMATIC; 139 1.1 christos break; 140 1.1 christos case 'i': 141 1.1 christos case 'I': 142 1.1 christos vc_sasl = LDAP_SASL_INTERACTIVE; 143 1.1 christos break; 144 1.1 christos case 'q': 145 1.1 christos case 'Q': 146 1.1 christos vc_sasl = LDAP_SASL_QUIET; 147 1.1 christos break; 148 1.1 christos default: 149 1.1 christos fprintf(stderr, 150 1.1 christos _("unknown mode %s in SASL option\n"), cvalue); 151 1.1 christos exit(EXIT_FAILURE); 152 1.1 christos } 153 1.1 christos #else 154 1.1 christos fprintf(stderr, 155 1.1 christos _("%s: not compiled with SASL support\n"), prog); 156 1.1 christos exit(EXIT_FAILURE); 157 1.1 christos #endif 158 1.1 christos 159 1.1 christos } else if (strcasecmp(control, "mech") == 0) { 160 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 161 1.1 christos if (vc_sasl_mech) { 162 1.1 christos fprintf(stderr, 163 1.1 christos _("SASL mech previously specified\n")); 164 1.1 christos exit(EXIT_FAILURE); 165 1.1 christos } 166 1.1 christos if (cvalue == NULL) { 167 1.1 christos fprintf(stderr, 168 1.1 christos _("missing mech in SASL option\n")); 169 1.1 christos exit(EXIT_FAILURE); 170 1.1 christos } 171 1.1 christos 172 1.1 christos vc_sasl_mech = ber_strdup(cvalue); 173 1.1 christos #else 174 1.1 christos #endif 175 1.1 christos 176 1.1 christos } else if (strcasecmp(control, "realm") == 0) { 177 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 178 1.1 christos if (vc_sasl_realm) { 179 1.1 christos fprintf(stderr, 180 1.1 christos _("SASL realm previously specified\n")); 181 1.1 christos exit(EXIT_FAILURE); 182 1.1 christos } 183 1.1 christos if (cvalue == NULL) { 184 1.1 christos fprintf(stderr, 185 1.1 christos _("missing realm in SASL option\n")); 186 1.1 christos exit(EXIT_FAILURE); 187 1.1 christos } 188 1.1 christos 189 1.1 christos vc_sasl_realm = ber_strdup(cvalue); 190 1.1 christos #else 191 1.1 christos fprintf(stderr, 192 1.1 christos _("%s: not compiled with SASL support\n"), prog); 193 1.1 christos exit(EXIT_FAILURE); 194 1.1 christos #endif 195 1.1 christos 196 1.1 christos } else if (strcasecmp(control, "authcid") == 0) { 197 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 198 1.1 christos if (vc_sasl_authcid) { 199 1.1 christos fprintf(stderr, 200 1.1 christos _("SASL authcid previously specified\n")); 201 1.1 christos exit(EXIT_FAILURE); 202 1.1 christos } 203 1.1 christos if (cvalue == NULL) { 204 1.1 christos fprintf(stderr, 205 1.1 christos _("missing authcid in SASL option\n")); 206 1.1 christos exit(EXIT_FAILURE); 207 1.1 christos } 208 1.1 christos 209 1.1 christos vc_sasl_authcid = ber_strdup(cvalue); 210 1.1 christos #else 211 1.1 christos fprintf(stderr, 212 1.1 christos _("%s: not compiled with SASL support\n"), prog); 213 1.1 christos exit(EXIT_FAILURE); 214 1.1 christos #endif 215 1.1 christos 216 1.1 christos } else if (strcasecmp(control, "authzid") == 0) { 217 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 218 1.1 christos if (vc_sasl_authzid) { 219 1.1 christos fprintf(stderr, 220 1.1 christos _("SASL authzid previously specified\n")); 221 1.1 christos exit(EXIT_FAILURE); 222 1.1 christos } 223 1.1 christos if (cvalue == NULL) { 224 1.1 christos fprintf(stderr, 225 1.1 christos _("missing authzid in SASL option\n")); 226 1.1 christos exit(EXIT_FAILURE); 227 1.1 christos } 228 1.1 christos 229 1.1 christos vc_sasl_authzid = ber_strdup(cvalue); 230 1.1 christos #else 231 1.1 christos fprintf(stderr, 232 1.1 christos _("%s: not compiled with SASL support\n"), prog); 233 1.1 christos exit(EXIT_FAILURE); 234 1.1 christos #endif 235 1.1 christos 236 1.1 christos } else if (strcasecmp(control, "secprops") == 0) { 237 1.1 christos #if defined(LDAP_API_FEATURES_VERIFY_CREDENTIALS_INTERACTIVE) && defined(HAVE_CYRUS_SASL) 238 1.1 christos if (vc_sasl_secprops) { 239 1.1 christos fprintf(stderr, 240 1.1 christos _("SASL secprops previously specified\n")); 241 1.1 christos exit(EXIT_FAILURE); 242 1.1 christos } 243 1.1 christos if (cvalue == NULL) { 244 1.1 christos fprintf(stderr, 245 1.1 christos _("missing secprops in SASL option\n")); 246 1.1 christos exit(EXIT_FAILURE); 247 1.1 christos } 248 1.1 christos 249 1.1 christos vc_sasl_secprops = ber_strdup(cvalue); 250 1.1 christos #else 251 1.1 christos fprintf(stderr, 252 1.1 christos _("%s: not compiled with SASL support\n"), prog); 253 1.1 christos exit(EXIT_FAILURE); 254 1.1 christos #endif 255 1.1 christos 256 1.1 christos } else { 257 1.1 christos fprintf( stderr, _("Invalid Verify Credentials extension name: %s\n"), control ); 258 1.1 christos usage(); 259 1.1 christos } 260 1.1 christos break; 261 1.1 christos 262 1.1 christos case 'a': /* request authzid */ 263 1.1 christos req_authzid++; 264 1.1 christos break; 265 1.1 christos 266 1.1 christos case 'b': /* request authzid */ 267 1.1 christos req_pp++; 268 1.1 christos break; 269 1.1 christos 270 1.1 christos default: 271 1.1 christos return 0; 272 1.1 christos } 273 1.1 christos return 1; 274 1.1 christos } 275 1.1 christos 276 1.1 christos 277 1.1 christos int 278 1.1 christos main( int argc, char *argv[] ) 279 1.1 christos { 280 1.1 christos int rc; 281 1.1 christos LDAP *ld = NULL; 282 1.1 christos char *matcheddn = NULL, *text = NULL, **refs = NULL; 283 1.1 christos int rcode; 284 1.1 christos char * diag = NULL; 285 1.1 christos struct berval *scookie = NULL; 286 1.1 christos struct berval *scred = NULL; 287 1.1 christos int id, code = 0; 288 1.1 christos LDAPMessage *res; 289 1.1 christos LDAPControl **ctrls = NULL; 290 1.1 christos LDAPControl **vcctrls = NULL; 291 1.1 christos int nvcctrls = 0; 292 1.1 christos 293 1.1 christos tool_init( TOOL_VC ); 294 1.1 christos prog = lutil_progname( "ldapvc", argc, argv ); 295 1.1 christos 296 1.1 christos /* LDAPv3 only */ 297 1.1 christos protocol = LDAP_VERSION3; 298 1.1 christos 299 1.1 christos tool_args( argc, argv ); 300 1.1 christos 301 1.1 christos if (argc - optind > 0) { 302 1.1 christos dn = argv[optind++]; 303 1.1 christos } 304 1.1 christos if (argc - optind > 0) { 305 1.1 christos cred.bv_val = strdup(argv[optind++]); 306 1.1 christos cred.bv_len = strlen(cred.bv_val); 307 1.1 christos } 308 1.1 christos if (argc - optind > 0) { 309 1.1 christos usage(); 310 1.1 christos } 311 1.1 christos if (dn 312 1.1 christos #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 313 1.1 christos && !vc_sasl_mech 314 1.1 christos #endif 315 1.1 christos && !cred.bv_val) 316 1.1 christos { 317 1.1 christos cred.bv_val = strdup(getpassphrase(_("User's password: "))); 318 1.1 christos cred.bv_len = strlen(cred.bv_val); 319 1.1 christos } 320 1.1 christos 321 1.1 christos #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 322 1.1 christos if (vc_sasl_mech && (vc_sasl == LDAP_SASL_NONE)) { 323 1.1 christos vc_sasl = LDAP_SASL_AUTOMATIC; 324 1.1 christos } 325 1.1 christos #endif 326 1.1 christos 327 1.1 christos ld = tool_conn_setup( 0, 0 ); 328 1.1 christos 329 1.1 christos tool_bind( ld ); 330 1.1 christos 331 1.1 christos if ( dont ) { 332 1.1 christos rc = LDAP_SUCCESS; 333 1.1 christos goto skip; 334 1.1 christos } 335 1.1 christos 336 1.1 christos tool_server_controls( ld, NULL, 0 ); 337 1.1 christos 338 1.1 christos if (req_authzid) { 339 1.1 christos vcctrls = (LDAPControl **) malloc(3*sizeof(LDAPControl *)); 340 1.1 christos vcctrls[nvcctrls] = (LDAPControl *) malloc(sizeof(LDAPControl)); 341 1.1 christos vcctrls[nvcctrls]->ldctl_oid = ldap_strdup(LDAP_CONTROL_AUTHZID_REQUEST); 342 1.1 christos vcctrls[nvcctrls]->ldctl_iscritical = 0; 343 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_val = NULL; 344 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_len = 0; 345 1.1 christos vcctrls[++nvcctrls] = NULL; 346 1.1 christos } 347 1.1 christos 348 1.1 christos if (req_pp) { 349 1.1 christos if (!vcctrls) vcctrls = (LDAPControl **) malloc(3*sizeof(LDAPControl *)); 350 1.1 christos vcctrls[nvcctrls] = (LDAPControl *) malloc(sizeof(LDAPControl)); 351 1.1 christos vcctrls[nvcctrls]->ldctl_oid = ldap_strdup(LDAP_CONTROL_PASSWORDPOLICYREQUEST); 352 1.1 christos vcctrls[nvcctrls]->ldctl_iscritical = 0; 353 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_val = NULL; 354 1.1 christos vcctrls[nvcctrls]->ldctl_value.bv_len = 0; 355 1.1 christos vcctrls[++nvcctrls] = NULL; 356 1.1 christos } 357 1.1 christos 358 1.1 christos #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 359 1.1 christos #ifdef HAVE_CYRUS_SASL 360 1.1 christos if (vc_sasl_mech) { 361 1.1 christos int msgid; 362 1.1 christos void * defaults; 363 1.1 christos void * context = NULL; 364 1.1 christos const char *rmech = NULL; 365 1.1 christos 366 1.1 christos defaults = lutil_sasl_defaults(ld, 367 1.1 christos vc_sasl_mech, 368 1.1 christos vc_sasl_realm, 369 1.1 christos vc_sasl_authcid, 370 1.1 christos cred.bv_val, 371 1.1 christos sasl_authz_id); 372 1.1 christos 373 1.1 christos do { 374 1.1 christos rc = ldap_verify_credentials_interactive(ld, dn, vc_sasl_mech, 375 1.1 christos vcctrls, NULL, NULL, 376 1.1 christos vc_sasl, lutil_sasl_interact, defaults, context, 377 1.1 christos res, &rmech, &msgid); 378 1.1 christos 379 1.1 christos if (rc != LDAP_SASL_BIND_IN_PROGRESS) break; 380 1.1 christos 381 1.1 christos ldap_msgfree(res); 382 1.1 christos 383 1.1 christos if (ldap_result(ld, msgid, LDAP_MSG_ALL, NULL, &res) == -1 || !res) { 384 1.1 christos ldap_get_option(ld, LDAP_OPT_RESULT_CODE, (void*) &rc); 385 1.1 christos ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); 386 1.1 christos tool_perror( "ldap_verify_credentials_interactive", rc, NULL, NULL, text, NULL); 387 1.1 christos ldap_memfree(text); 388 1.1 christos tool_exit(ld, rc); 389 1.1 christos } 390 1.1 christos } while (rc == LDAP_SASL_BIND_IN_PROGRESS); 391 1.1 christos 392 1.1 christos lutil_sasl_freedefs(defaults); 393 1.1 christos 394 1.1 christos if( rc != LDAP_SUCCESS ) { 395 1.1 christos ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); 396 1.1 christos tool_perror( "ldap_verify_credentials", rc, NULL, NULL, text, NULL ); 397 1.1 christos rc = EXIT_FAILURE; 398 1.1 christos goto skip; 399 1.1 christos } 400 1.1 christos 401 1.1 christos } else 402 1.1 christos #endif 403 1.1 christos #endif 404 1.1 christos { 405 1.1 christos rc = ldap_verify_credentials( ld, 406 1.1 christos NULL, 407 1.1 christos dn, NULL, cred.bv_val ? &cred: NULL, vcctrls, 408 1.1 christos NULL, NULL, &id ); 409 1.1 christos 410 1.1 christos if( rc != LDAP_SUCCESS ) { 411 1.1 christos ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); 412 1.1 christos tool_perror( "ldap_verify_credentials", rc, NULL, NULL, text, NULL ); 413 1.1 christos rc = EXIT_FAILURE; 414 1.1 christos goto skip; 415 1.1 christos } 416 1.1 christos 417 1.1 christos for ( ; ; ) { 418 1.1 christos struct timeval tv; 419 1.1 christos 420 1.1 christos if ( tool_check_abandon( ld, id ) ) { 421 1.1 christos tool_exit( ld, LDAP_CANCELLED ); 422 1.1 christos } 423 1.1 christos 424 1.1 christos tv.tv_sec = 0; 425 1.1 christos tv.tv_usec = 100000; 426 1.1 christos 427 1.1 christos rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); 428 1.1 christos if ( rc < 0 ) { 429 1.1 christos tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); 430 1.1 christos tool_exit( ld, rc ); 431 1.1 christos } 432 1.1 christos 433 1.1 christos if ( rc != 0 ) { 434 1.1 christos break; 435 1.1 christos } 436 1.1 christos } 437 1.1 christos } 438 1.1 christos 439 1.1 christos ldap_controls_free(vcctrls); 440 1.1 christos vcctrls = NULL; 441 1.1 christos 442 1.1 christos rc = ldap_parse_result( ld, res, 443 1.1 christos &code, &matcheddn, &text, &refs, &ctrls, 0 ); 444 1.1 christos 445 1.1 christos if (rc == LDAP_SUCCESS) rc = code; 446 1.1 christos 447 1.1 christos if (rc != LDAP_SUCCESS) { 448 1.1 christos tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs ); 449 1.1 christos rc = EXIT_FAILURE; 450 1.1 christos goto skip; 451 1.1 christos } 452 1.1 christos 453 1.1 christos rc = ldap_parse_verify_credentials( ld, res, &rcode, &diag, &scookie, &scred, &vcctrls ); 454 1.1 christos ldap_msgfree(res); 455 1.1 christos 456 1.1 christos if (rc != LDAP_SUCCESS) { 457 1.1 christos tool_perror( "ldap_parse_verify_credentials", rc, NULL, NULL, NULL, NULL ); 458 1.1 christos rc = EXIT_FAILURE; 459 1.1 christos goto skip; 460 1.1 christos } 461 1.1 christos 462 1.1 christos if (rcode != LDAP_SUCCESS) { 463 1.1 christos printf(_("Failed: %s (%d)\n"), ldap_err2string(rcode), rcode); 464 1.1 christos } 465 1.1 christos 466 1.1 christos if (diag && *diag) { 467 1.1 christos printf(_("Diagnostic: %s\n"), diag); 468 1.1 christos } 469 1.1 christos 470 1.1 christos if (vcctrls) { 471 1.1 christos tool_print_ctrls( ld, vcctrls ); 472 1.1 christos } 473 1.1 christos 474 1.1 christos skip: 475 1.1 christos if ( verbose || code != LDAP_SUCCESS || 476 1.1 christos ( matcheddn && *matcheddn ) || ( text && *text ) || refs || ctrls ) 477 1.1 christos { 478 1.1 christos printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); 479 1.1 christos 480 1.1 christos if( text && *text ) { 481 1.1 christos printf( _("Additional info: %s\n"), text ); 482 1.1 christos } 483 1.1 christos 484 1.1 christos if( matcheddn && *matcheddn ) { 485 1.1 christos printf( _("Matched DN: %s\n"), matcheddn ); 486 1.1 christos } 487 1.1 christos 488 1.1 christos if( refs ) { 489 1.1 christos int i; 490 1.1 christos for( i=0; refs[i]; i++ ) { 491 1.1 christos printf(_("Referral: %s\n"), refs[i] ); 492 1.1 christos } 493 1.1 christos } 494 1.1 christos 495 1.1 christos if (ctrls) { 496 1.1 christos tool_print_ctrls( ld, ctrls ); 497 1.1 christos ldap_controls_free( ctrls ); 498 1.1 christos } 499 1.1 christos } 500 1.1 christos 501 1.1 christos ber_memfree( text ); 502 1.1 christos ber_memfree( matcheddn ); 503 1.1 christos ber_memvfree( (void **) refs ); 504 1.1 christos ber_bvfree( scookie ); 505 1.1 christos ber_bvfree( scred ); 506 1.1 christos ber_memfree( diag ); 507 1.1 christos free( cred.bv_val ); 508 1.1 christos 509 1.1 christos /* disconnect from server */ 510 1.1 christos tool_exit( ld, code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE ); 511 1.1 christos } 512
Indexes created Mon Apr 13 00:22:24 UTC 2026