1 /* $NetBSD: ldapdelete.c,v 1.3 2021/08/14 16:14:49 christos Exp $ */
2
3 /* ldapdelete.c - simple program to delete an entry using LDAP */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 1998-2021 The OpenLDAP Foundation.
8 * Portions Copyright 1998-2003 Kurt D. Zeilenga.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted only as authorized by the OpenLDAP
13 * Public License.
14 *
15 * A copy of this license is available in the file LICENSE in the
16 * top-level directory of the distribution or, alternatively, at
17 * <http://www.OpenLDAP.org/license.html>.
18 */
19 /* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
20 * All rights reserved.
21 *
22 * Redistribution and use in source and binary forms are permitted
23 * provided that this notice is preserved and that due credit is given
24 * to the University of Michigan at Ann Arbor. The name of the
25 * University may not be used to endorse or promote products derived
26 * from this software without specific prior written permission. This
27 * software is provided ``as is'' without express or implied warranty.
28 */
29 /* ACKNOWLEDGEMENTS:
30 * This work was originally developed by the University of Michigan
31 * (as part of U-MICH LDAP). Additional significant contributors
32 * include:
33 * Kurt D. Zeilenga
34 */
35
36 #include <sys/cdefs.h>
37 __RCSID("$NetBSD: ldapdelete.c,v 1.3 2021/08/14 16:14:49 christos Exp $");
38
39 #include "portable.h"
40
41 #include <stdio.h>
42
43 #include <ac/stdlib.h>
44 #include <ac/ctype.h>
45 #include <ac/string.h>
46 #include <ac/unistd.h>
47 #include <ac/socket.h>
48 #include <ac/time.h>
49
50 #include <ldap.h>
51 #include "lutil.h"
52 #include "lutil_ldap.h"
53 #include "ldap_defaults.h"
54
55 #include "common.h"
56
57
58 static int prune = 0;
59 static int sizelimit = -1;
60
61
62 static int dodelete LDAP_P((
63 LDAP *ld,
64 const char *dn));
65
66 static int deletechildren LDAP_P((
67 LDAP *ld,
68 const char *dn,
69 int subentries ));
70
71 void
usage(void)72 usage( void )
73 {
74 fprintf( stderr, _("Delete entries from an LDAP server\n\n"));
75 fprintf( stderr, _("usage: %s [options] [dn]...\n"), prog);
76 fprintf( stderr, _(" dn: list of DNs to delete. If not given, it will be read from stdin\n"));
77 fprintf( stderr, _(" or from the file specified with \"-f file\".\n"));
78 fprintf( stderr, _("Delete Options:\n"));
79 fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
80 fprintf( stderr, _(" -f file read operations from `file'\n"));
81 fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
82 fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
83 fprintf( stderr, _(" -r delete recursively\n"));
84 tool_common_usage();
85 exit( EXIT_FAILURE );
86 }
87
88
89 const char options[] = "r"
90 "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
91
92 int
handle_private_option(int i)93 handle_private_option( int i )
94 {
95 int ival;
96 char *next;
97 switch ( i ) {
98 #if 0
99 int crit;
100 char *control, *cvalue;
101 case 'E': /* delete extensions */
102 if( protocol == LDAP_VERSION2 ) {
103 fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
104 prog, protocol );
105 exit( EXIT_FAILURE );
106 }
107
108 /* should be extended to support comma separated list of
109 * [!]key[=value] parameters, e.g. -E !foo,bar=567
110 */
111
112 crit = 0;
113 cvalue = NULL;
114 if( optarg[0] == '!' ) {
115 crit = 1;
116 optarg++;
117 }
118
119 control = optarg;
120 if ( (cvalue = strchr( control, '=' )) != NULL ) {
121 *cvalue++ = '\0';
122 }
123 fprintf( stderr, _("Invalid delete extension name: %s\n"), control );
124 usage();
125 #endif
126
127 case 'r':
128 prune = 1;
129 break;
130
131 case 'z': /* size limit */
132 if ( strcasecmp( optarg, "none" ) == 0 ) {
133 sizelimit = 0;
134
135 } else if ( strcasecmp( optarg, "max" ) == 0 ) {
136 sizelimit = LDAP_MAXINT;
137
138 } else {
139 ival = strtol( optarg, &next, 10 );
140 if ( next == NULL || next[0] != '\0' ) {
141 fprintf( stderr,
142 _("Unable to parse size limit \"%s\"\n"), optarg );
143 exit( EXIT_FAILURE );
144 }
145 sizelimit = ival;
146 }
147 if( sizelimit < 0 || sizelimit > LDAP_MAXINT ) {
148 fprintf( stderr, _("%s: invalid sizelimit (%d) specified\n"),
149 prog, sizelimit );
150 exit( EXIT_FAILURE );
151 }
152 break;
153
154 default:
155 return 0;
156 }
157 return 1;
158 }
159
160
161 static void
private_conn_setup(LDAP * ld)162 private_conn_setup( LDAP *ld )
163 {
164 /* this seems prudent for searches below */
165 int deref = LDAP_DEREF_NEVER;
166 ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
167 }
168
169
170 int
main(int argc,char ** argv)171 main( int argc, char **argv )
172 {
173 char buf[ 4096 ];
174 FILE *fp = NULL;
175 LDAP *ld;
176 int rc, retval;
177
178 tool_init( TOOL_DELETE );
179 prog = lutil_progname( "ldapdelete", argc, argv );
180
181 tool_args( argc, argv );
182
183 if ( infile != NULL ) {
184 if (( fp = fopen( infile, "r" )) == NULL ) {
185 perror( optarg );
186 exit( EXIT_FAILURE );
187 }
188 } else {
189 if ( optind >= argc ) {
190 fp = stdin;
191 }
192 }
193
194 ld = tool_conn_setup( 0, &private_conn_setup );
195
196 tool_bind( ld );
197
198 tool_server_controls( ld, NULL, 0 );
199
200 retval = rc = 0;
201
202 if ( fp == NULL ) {
203 for ( ; optind < argc; ++optind ) {
204 rc = dodelete( ld, argv[ optind ] );
205
206 /* Stop on error and no -c option */
207 if( rc != 0 ) {
208 retval = rc;
209 if( contoper == 0 ) break;
210 }
211 }
212 } else {
213 while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
214 buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */
215
216 if ( *buf != '\0' ) {
217 rc = dodelete( ld, buf );
218 if ( rc != 0 )
219 retval = rc;
220 }
221 }
222 if ( fp != stdin )
223 fclose( fp );
224 }
225
226 tool_exit( ld, retval );
227 }
228
229
dodelete(LDAP * ld,const char * dn)230 static int dodelete(
231 LDAP *ld,
232 const char *dn)
233 {
234 int id;
235 int rc, code;
236 char *matcheddn = NULL, *text = NULL, **refs = NULL;
237 LDAPControl **ctrls = NULL;
238 LDAPMessage *res;
239 int subentries = 0;
240
241 if ( verbose ) {
242 printf( _("%sdeleting entry \"%s\"\n"),
243 (dont ? "!" : ""), dn );
244 }
245
246 if ( dont ) {
247 return LDAP_SUCCESS;
248 }
249
250 /* If prune is on, remove a whole subtree. Delete the children of the
251 * DN recursively, then the DN requested.
252 */
253 if ( prune ) {
254 retry:;
255 deletechildren( ld, dn, subentries );
256 }
257
258 rc = ldap_delete_ext( ld, dn, NULL, NULL, &id );
259 if ( rc != LDAP_SUCCESS ) {
260 fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
261 prog, ldap_err2string( rc ), rc );
262 return rc;
263 }
264
265 for ( ; ; ) {
266 struct timeval tv;
267
268 if ( tool_check_abandon( ld, id ) ) {
269 return LDAP_CANCELLED;
270 }
271
272 tv.tv_sec = 0;
273 tv.tv_usec = 100000;
274
275 rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
276 if ( rc < 0 ) {
277 tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
278 return rc;
279 }
280
281 if ( rc != 0 ) {
282 break;
283 }
284 }
285
286 rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 );
287
288 switch ( rc ) {
289 case LDAP_SUCCESS:
290 break;
291
292 case LDAP_NOT_ALLOWED_ON_NONLEAF:
293 if ( prune && !subentries ) {
294 subentries = 1;
295 goto retry;
296 }
297 /* fallthru */
298
299 default:
300 fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
301 prog, ldap_err2string( rc ), rc );
302 return rc;
303 }
304
305 if( code != LDAP_SUCCESS ) {
306 tool_perror( "ldap_delete", code, NULL, matcheddn, text, refs );
307 } else if ( verbose &&
308 ((matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ))
309 {
310 printf( _("Delete Result: %s (%d)\n"),
311 ldap_err2string( code ), code );
312
313 if( text && *text ) {
314 printf( _("Additional info: %s\n"), text );
315 }
316
317 if( matcheddn && *matcheddn ) {
318 printf( _("Matched DN: %s\n"), matcheddn );
319 }
320
321 if( refs ) {
322 int i;
323 for( i=0; refs[i]; i++ ) {
324 printf(_("Referral: %s\n"), refs[i] );
325 }
326 }
327 }
328
329 if (ctrls) {
330 tool_print_ctrls( ld, ctrls );
331 ldap_controls_free( ctrls );
332 }
333
334 ber_memfree( text );
335 ber_memfree( matcheddn );
336 ber_memvfree( (void **) refs );
337
338 return code;
339 }
340
341 /*
342 * Delete all the children of an entry recursively until leaf nodes are reached.
343 */
deletechildren(LDAP * ld,const char * base,int subentries)344 static int deletechildren(
345 LDAP *ld,
346 const char *base,
347 int subentries )
348 {
349 LDAPMessage *res, *e;
350 int entries;
351 int rc = LDAP_SUCCESS, srch_rc;
352 static char *attrs[] = { LDAP_NO_ATTRS, NULL };
353 LDAPControl c, *ctrls[2], **ctrlsp = NULL;
354 BerElement *ber = NULL;
355
356 if ( verbose ) printf ( _("deleting children of: %s\n"), base );
357
358 if ( subentries ) {
359 /*
360 * Do a one level search at base for subentry children.
361 */
362
363 if ((ber = ber_alloc_t(LBER_USE_DER)) == NULL) {
364 return EXIT_FAILURE;
365 }
366 rc = ber_printf( ber, "b", 1 );
367 if ( rc == -1 ) {
368 ber_free( ber, 1 );
369 fprintf( stderr, _("Subentries control encoding error!\n"));
370 return EXIT_FAILURE;
371 }
372 if ( ber_flatten2( ber, &c.ldctl_value, 0 ) == -1 ) {
373 return EXIT_FAILURE;
374 }
375 c.ldctl_oid = LDAP_CONTROL_SUBENTRIES;
376 c.ldctl_iscritical = 1;
377 ctrls[0] = &c;
378 ctrls[1] = NULL;
379 ctrlsp = ctrls;
380 }
381
382 /*
383 * Do a one level search at base for children. For each, delete its children.
384 */
385 more:;
386 srch_rc = ldap_search_ext_s( ld, base, LDAP_SCOPE_ONELEVEL, NULL, attrs, 1,
387 ctrlsp, NULL, NULL, sizelimit, &res );
388 switch ( srch_rc ) {
389 case LDAP_SUCCESS:
390 case LDAP_SIZELIMIT_EXCEEDED:
391 break;
392 default:
393 tool_perror( "ldap_search", srch_rc, NULL, NULL, NULL, NULL );
394 return( srch_rc );
395 }
396
397 entries = ldap_count_entries( ld, res );
398
399 if ( entries > 0 ) {
400 int i;
401
402 for (e = ldap_first_entry( ld, res ), i = 0; e != NULL;
403 e = ldap_next_entry( ld, e ), i++ )
404 {
405 char *dn = ldap_get_dn( ld, e );
406
407 if( dn == NULL ) {
408 ldap_get_option( ld, LDAP_OPT_RESULT_CODE, &rc );
409 tool_perror( "ldap_prune", rc, NULL, NULL, NULL, NULL );
410 ber_memfree( dn );
411 return rc;
412 }
413
414 rc = deletechildren( ld, dn, 0 );
415 if ( rc != LDAP_SUCCESS ) {
416 tool_perror( "ldap_prune", rc, NULL, NULL, NULL, NULL );
417 ber_memfree( dn );
418 return rc;
419 }
420
421 if ( verbose ) {
422 printf( _("\tremoving %s\n"), dn );
423 }
424
425 rc = ldap_delete_ext_s( ld, dn, NULL, NULL );
426 if ( rc != LDAP_SUCCESS ) {
427 tool_perror( "ldap_delete", rc, NULL, NULL, NULL, NULL );
428 ber_memfree( dn );
429 return rc;
430
431 }
432
433 if ( verbose ) {
434 printf( _("\t%s removed\n"), dn );
435 }
436
437 ber_memfree( dn );
438 }
439 }
440
441 ldap_msgfree( res );
442
443 if ( srch_rc == LDAP_SIZELIMIT_EXCEEDED ) {
444 goto more;
445 }
446
447 return rc;
448 }
449