xref: /netbsd-src/external/bsd/openldap/dist/clients/tools/ldapcompare.c (revision 549b59ed3ccf0d36d3097190a0db27b770f3a839) 
1*549b59edSchristos /*	$NetBSD: ldapcompare.c,v 1.3 2021/08/14 16:14:49 christos Exp $	*/
24e6df137Slukem 
32de962bdSlukem /* ldapcompare.c -- LDAP compare tool */
4d11b170bStron /* $OpenLDAP$ */
52de962bdSlukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
62de962bdSlukem  *
7*549b59edSchristos  * Copyright 1998-2021 The OpenLDAP Foundation.
82de962bdSlukem  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
92de962bdSlukem  * Portions Copyright 1998-2001 Net Boolean Incorporated.
102de962bdSlukem  * All rights reserved.
112de962bdSlukem  *
122de962bdSlukem  * Redistribution and use in source and binary forms, with or without
132de962bdSlukem  * modification, are permitted only as authorized by the OpenLDAP
142de962bdSlukem  * Public License.
152de962bdSlukem  *
162de962bdSlukem  * A copy of this license is available in the file LICENSE in the
172de962bdSlukem  * top-level directory of the distribution or, alternatively, at
182de962bdSlukem  * <http://www.OpenLDAP.org/license.html>.
192de962bdSlukem  */
202de962bdSlukem /* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
212de962bdSlukem  * All rights reserved.
222de962bdSlukem  *
232de962bdSlukem  * Redistribution and use in source and binary forms are permitted
242de962bdSlukem  * provided that this notice is preserved and that due credit is given
252de962bdSlukem  * to the University of Michigan at Ann Arbor.  The name of the
262de962bdSlukem  * University may not be used to endorse or promote products derived
272de962bdSlukem  * from this software without specific prior written permission.  This
282de962bdSlukem  * software is provided ``as is'' without express or implied warranty.
292de962bdSlukem  */
302de962bdSlukem /* Portions Copyright 2002, F5 Networks, Inc, All rights reserved.
312de962bdSlukem  * This software is not subject to any license of F5 Networks.
322de962bdSlukem  * This is free software; you can redistribute and use it
332de962bdSlukem  * under the same terms as OpenLDAP itself.
342de962bdSlukem  */
352de962bdSlukem /* ACKNOWLEDGEMENTS:
362de962bdSlukem  * This work was originally developed by Jeff Costlow (F5 Networks)
372de962bdSlukem  * based, in part, on existing LDAP tools and adapted for inclusion
382de962bdSlukem  * into OpenLDAP Software by Kurt D. Zeilenga.
392de962bdSlukem  */
402de962bdSlukem 
41376af7d7Schristos #include <sys/cdefs.h>
42*549b59edSchristos __RCSID("$NetBSD: ldapcompare.c,v 1.3 2021/08/14 16:14:49 christos Exp $");
43376af7d7Schristos 
442de962bdSlukem #include "portable.h"
452de962bdSlukem 
462de962bdSlukem #include <stdio.h>
472de962bdSlukem 
482de962bdSlukem #include <ac/stdlib.h>
492de962bdSlukem 
502de962bdSlukem #include <ac/ctype.h>
512de962bdSlukem #include <ac/string.h>
522de962bdSlukem #include <ac/unistd.h>
532de962bdSlukem #include <ac/errno.h>
542de962bdSlukem #include <ac/socket.h>
552de962bdSlukem #include <ac/time.h>
562de962bdSlukem #include <sys/stat.h>
572de962bdSlukem 
582de962bdSlukem #ifdef HAVE_FCNTL_H
592de962bdSlukem #include <fcntl.h>
602de962bdSlukem #endif
612de962bdSlukem #ifdef HAVE_SYS_TYPES_H
622de962bdSlukem #include <sys/types.h>
632de962bdSlukem #endif
642de962bdSlukem #ifdef HAVE_IO_H
652de962bdSlukem #include <io.h>
662de962bdSlukem #endif
672de962bdSlukem 
682de962bdSlukem #include <ldap.h>
692de962bdSlukem 
702de962bdSlukem #include "lutil.h"
712de962bdSlukem #include "lutil_ldap.h"
722de962bdSlukem #include "ldap_defaults.h"
732de962bdSlukem 
742de962bdSlukem #include "common.h"
752de962bdSlukem 
762de962bdSlukem 
772de962bdSlukem static int quiet = 0;
782de962bdSlukem 
792de962bdSlukem 
802de962bdSlukem void
usage(void)812de962bdSlukem usage( void )
822de962bdSlukem {
832de962bdSlukem 	fprintf( stderr, _("usage: %s [options] DN <attr:value|attr::b64value>\n"), prog);
842de962bdSlukem 	fprintf( stderr, _("where:\n"));
852de962bdSlukem 	fprintf( stderr, _("  DN\tDistinguished Name\n"));
862de962bdSlukem 	fprintf( stderr, _("  attr\tassertion attribute\n"));
872de962bdSlukem 	fprintf( stderr, _("  value\tassertion value\n"));
882de962bdSlukem 	fprintf( stderr, _("  b64value\tbase64 encoding of assertion value\n"));
892de962bdSlukem 
902de962bdSlukem 	fprintf( stderr, _("Compare options:\n"));
912de962bdSlukem 	fprintf( stderr, _("  -E [!]<ext>[=<extparam>] compare extensions (! indicates criticality)\n"));
922de962bdSlukem 	fprintf( stderr, _("             !dontUseCopy                (Don't Use Copy)\n"));
934e6df137Slukem 	fprintf( stderr, _("  -M         enable Manage DSA IT control (-MM to make critical)\n"));
944e6df137Slukem 	fprintf( stderr, _("  -P version protocol version (default: 3)\n"));
952de962bdSlukem 	fprintf( stderr, _("  -z         Quiet mode,"
962de962bdSlukem 		" don't print anything, use return values\n"));
972de962bdSlukem 	tool_common_usage();
982de962bdSlukem 	exit( EXIT_FAILURE );
992de962bdSlukem }
1002de962bdSlukem 
1012de962bdSlukem static int docompare LDAP_P((
1022de962bdSlukem 	LDAP *ld,
1032de962bdSlukem 	char *dn,
1042de962bdSlukem 	char *attr,
1052de962bdSlukem 	struct berval *bvalue,
1062de962bdSlukem 	int quiet,
1072de962bdSlukem 	LDAPControl **sctrls,
1082de962bdSlukem 	LDAPControl **cctrls));
1092de962bdSlukem 
1102de962bdSlukem 
1112de962bdSlukem const char options[] = "z"
1124e6df137Slukem 	"Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
1132de962bdSlukem 
1142de962bdSlukem #ifdef LDAP_CONTROL_DONTUSECOPY
1152de962bdSlukem int dontUseCopy = 0;
1162de962bdSlukem #endif
1172de962bdSlukem 
1182de962bdSlukem int
handle_private_option(int i)1192de962bdSlukem handle_private_option( int i )
1202de962bdSlukem {
1212de962bdSlukem 	char	*control, *cvalue;
1222de962bdSlukem 	int		crit;
1232de962bdSlukem 
1242de962bdSlukem 	switch ( i ) {
1252de962bdSlukem 	case 'E': /* compare extensions */
1262de962bdSlukem 		if( protocol == LDAP_VERSION2 ) {
1272de962bdSlukem 			fprintf( stderr, _("%s: -E incompatible with LDAPv%d\n"),
1282de962bdSlukem 				prog, protocol );
1292de962bdSlukem 			exit( EXIT_FAILURE );
1302de962bdSlukem 		}
1312de962bdSlukem 
1322de962bdSlukem 		/* should be extended to support comma separated list of
1332de962bdSlukem 		 *	[!]key[=value] parameters, e.g.  -E !foo,bar=567
1342de962bdSlukem 		 */
1352de962bdSlukem 
1362de962bdSlukem 		crit = 0;
1372de962bdSlukem 		cvalue = NULL;
1382de962bdSlukem 		if( optarg[0] == '!' ) {
1392de962bdSlukem 			crit = 1;
1402de962bdSlukem 			optarg++;
1412de962bdSlukem 		}
1422de962bdSlukem 
143*549b59edSchristos 		control = optarg;
1442de962bdSlukem 		if ( (cvalue = strchr( control, '=' )) != NULL ) {
1452de962bdSlukem 			*cvalue++ = '\0';
1462de962bdSlukem 		}
1472de962bdSlukem 
1482de962bdSlukem #ifdef LDAP_CONTROL_DONTUSECOPY
1492de962bdSlukem 		if ( strcasecmp( control, "dontUseCopy" ) == 0 ) {
1502de962bdSlukem 			if( dontUseCopy ) {
1512de962bdSlukem 				fprintf( stderr,
1522de962bdSlukem 					_("dontUseCopy control previously specified\n"));
1532de962bdSlukem 				exit( EXIT_FAILURE );
1542de962bdSlukem 			}
1552de962bdSlukem 			if( cvalue != NULL ) {
1562de962bdSlukem 				fprintf( stderr,
1572de962bdSlukem 					_("dontUseCopy: no control value expected\n") );
1582de962bdSlukem 				usage();
1592de962bdSlukem 			}
1602de962bdSlukem 			if( !crit ) {
1612de962bdSlukem 				fprintf( stderr,
1622de962bdSlukem 					_("dontUseCopy: critical flag required\n") );
1632de962bdSlukem 				usage();
1642de962bdSlukem 			}
1652de962bdSlukem 
1662de962bdSlukem 			dontUseCopy = 1 + crit;
1672de962bdSlukem 		} else
1682de962bdSlukem #endif
1692de962bdSlukem 		{
1702de962bdSlukem 			fprintf( stderr,
1712de962bdSlukem 				_("Invalid compare extension name: %s\n"), control );
1722de962bdSlukem 			usage();
1732de962bdSlukem 		}
1742de962bdSlukem 		break;
1752de962bdSlukem 
1762de962bdSlukem 	case 'z':
1772de962bdSlukem 		quiet = 1;
1782de962bdSlukem 		break;
1792de962bdSlukem 
1802de962bdSlukem 	default:
1812de962bdSlukem 		return 0;
1822de962bdSlukem 	}
1832de962bdSlukem 	return 1;
1842de962bdSlukem }
1852de962bdSlukem 
1862de962bdSlukem 
1872de962bdSlukem int
main(int argc,char ** argv)1882de962bdSlukem main( int argc, char **argv )
1892de962bdSlukem {
1902de962bdSlukem 	char		*compdn = NULL, *attrs = NULL;
1912de962bdSlukem 	char		*sep;
1922de962bdSlukem 	int		rc;
1932de962bdSlukem 	LDAP		*ld = NULL;
1942de962bdSlukem 	struct berval	bvalue = { 0, NULL };
1952de962bdSlukem 	int		i = 0;
1962de962bdSlukem 	LDAPControl	c[1];
1972de962bdSlukem 
1982de962bdSlukem 
1992de962bdSlukem 	tool_init( TOOL_COMPARE );
2002de962bdSlukem 	prog = lutil_progname( "ldapcompare", argc, argv );
2012de962bdSlukem 
2022de962bdSlukem 	tool_args( argc, argv );
2032de962bdSlukem 
2042de962bdSlukem 	if ( argc - optind != 2 ) {
2052de962bdSlukem 		usage();
2062de962bdSlukem 	}
2072de962bdSlukem 
2082de962bdSlukem 	compdn = argv[optind++];
2092de962bdSlukem 	attrs = argv[optind++];
2102de962bdSlukem 
2112de962bdSlukem 	/* user passed in only 2 args, the last one better be in
2122de962bdSlukem 	 * the form attr:value or attr::b64value
2132de962bdSlukem 	 */
2142de962bdSlukem 	sep = strchr(attrs, ':');
2152de962bdSlukem 	if (!sep) {
2162de962bdSlukem 		usage();
2172de962bdSlukem 	}
2182de962bdSlukem 
2192de962bdSlukem 	*sep++='\0';
2202de962bdSlukem 	if ( *sep != ':' ) {
2212de962bdSlukem 		bvalue.bv_val = strdup( sep );
2222de962bdSlukem 		bvalue.bv_len = strlen( bvalue.bv_val );
2232de962bdSlukem 
2242de962bdSlukem 	} else {
2252de962bdSlukem 		/* it's base64 encoded. */
2262de962bdSlukem 		bvalue.bv_val = malloc( strlen( &sep[1] ));
2272de962bdSlukem 		bvalue.bv_len = lutil_b64_pton( &sep[1],
2282de962bdSlukem 			(unsigned char *) bvalue.bv_val, strlen( &sep[1] ));
2292de962bdSlukem 
2302de962bdSlukem 		if (bvalue.bv_len == (ber_len_t)-1) {
2312de962bdSlukem 			fprintf(stderr, _("base64 decode error\n"));
2322de962bdSlukem 			exit(-1);
2332de962bdSlukem 		}
2342de962bdSlukem 	}
2352de962bdSlukem 
2362de962bdSlukem 	ld = tool_conn_setup( 0, 0 );
2372de962bdSlukem 
2382de962bdSlukem 	tool_bind( ld );
2392de962bdSlukem 
2402de962bdSlukem 	if ( 0
2412de962bdSlukem #ifdef LDAP_CONTROL_DONTUSECOPY
2422de962bdSlukem 		|| dontUseCopy
2432de962bdSlukem #endif
2442de962bdSlukem 		)
2452de962bdSlukem 	{
2462de962bdSlukem #ifdef LDAP_CONTROL_DONTUSECOPY
2472de962bdSlukem 		if ( dontUseCopy ) {
2482de962bdSlukem 			c[i].ldctl_oid = LDAP_CONTROL_DONTUSECOPY;
2492de962bdSlukem 			c[i].ldctl_value.bv_val = NULL;
2502de962bdSlukem 			c[i].ldctl_value.bv_len = 0;
2512de962bdSlukem 			c[i].ldctl_iscritical = dontUseCopy > 1;
2522de962bdSlukem 			i++;
2532de962bdSlukem 		}
2542de962bdSlukem #endif
2552de962bdSlukem 	}
2562de962bdSlukem 
2572de962bdSlukem 	tool_server_controls( ld, c, i );
2582de962bdSlukem 
2592de962bdSlukem 	if ( verbose ) {
2602de962bdSlukem 		fprintf( stderr, _("DN:%s, attr:%s, value:%s\n"),
2612de962bdSlukem 			compdn, attrs, sep );
2622de962bdSlukem 	}
2632de962bdSlukem 
2642de962bdSlukem 	rc = docompare( ld, compdn, attrs, &bvalue, quiet, NULL, NULL );
2652de962bdSlukem 
2662de962bdSlukem 	free( bvalue.bv_val );
2672de962bdSlukem 
268d11b170bStron 	tool_exit( ld, rc );
2692de962bdSlukem }
2702de962bdSlukem 
2712de962bdSlukem 
docompare(LDAP * ld,char * dn,char * attr,struct berval * bvalue,int quiet,LDAPControl ** sctrls,LDAPControl ** cctrls)2722de962bdSlukem static int docompare(
2732de962bdSlukem 	LDAP *ld,
2742de962bdSlukem 	char *dn,
2752de962bdSlukem 	char *attr,
2762de962bdSlukem 	struct berval *bvalue,
2772de962bdSlukem 	int quiet,
2782de962bdSlukem 	LDAPControl **sctrls,
2792de962bdSlukem 	LDAPControl **cctrls )
2802de962bdSlukem {
2812de962bdSlukem 	int		rc, msgid, code;
2822de962bdSlukem 	LDAPMessage	*res;
2832de962bdSlukem 	char		*matcheddn;
2842de962bdSlukem 	char		*text;
2852de962bdSlukem 	char		**refs;
2862de962bdSlukem 	LDAPControl **ctrls = NULL;
2872de962bdSlukem 
2882de962bdSlukem 	if ( dont ) {
2892de962bdSlukem 		return LDAP_SUCCESS;
2902de962bdSlukem 	}
2912de962bdSlukem 
2922de962bdSlukem 	rc = ldap_compare_ext( ld, dn, attr, bvalue,
2932de962bdSlukem 		sctrls, cctrls, &msgid );
2942de962bdSlukem 	if ( rc == -1 ) {
2952de962bdSlukem 		return( rc );
2962de962bdSlukem 	}
2972de962bdSlukem 
2982de962bdSlukem 	for ( ; ; ) {
2992de962bdSlukem 		struct timeval	tv;
3002de962bdSlukem 
3012de962bdSlukem 		tv.tv_sec = 0;
3022de962bdSlukem 		tv.tv_usec = 100000;
3032de962bdSlukem 
3042de962bdSlukem 		if ( tool_check_abandon( ld, msgid ) ) {
3052de962bdSlukem 			return LDAP_CANCELLED;
3062de962bdSlukem 		}
3072de962bdSlukem 
3082de962bdSlukem 		rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
3092de962bdSlukem 		if ( rc < 0 ) {
3102de962bdSlukem 			tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
3112de962bdSlukem 			return rc;
3122de962bdSlukem 		}
3132de962bdSlukem 
3142de962bdSlukem 		if ( rc != 0 ) {
3152de962bdSlukem 			break;
3162de962bdSlukem 		}
3172de962bdSlukem 	}
3182de962bdSlukem 
3192de962bdSlukem 	rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 );
3202de962bdSlukem 
3212de962bdSlukem 	if( rc != LDAP_SUCCESS ) {
3222de962bdSlukem 		fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
3232de962bdSlukem 			prog, ldap_err2string( rc ), rc );
3242de962bdSlukem 		return rc;
3252de962bdSlukem 	}
3262de962bdSlukem 
3272de962bdSlukem 	if ( !quiet && ( verbose || ( code != LDAP_SUCCESS && code != LDAP_COMPARE_TRUE && code != LDAP_COMPARE_FALSE )||
3282de962bdSlukem 		(matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ) )
3292de962bdSlukem 	{
3302de962bdSlukem 		printf( _("Compare Result: %s (%d)\n"),
3312de962bdSlukem 			ldap_err2string( code ), code );
3322de962bdSlukem 
3332de962bdSlukem 		if( text && *text ) {
3342de962bdSlukem 			printf( _("Additional info: %s\n"), text );
3352de962bdSlukem 		}
3362de962bdSlukem 
3372de962bdSlukem 		if( matcheddn && *matcheddn ) {
3382de962bdSlukem 			printf( _("Matched DN: %s\n"), matcheddn );
3392de962bdSlukem 		}
3402de962bdSlukem 
3412de962bdSlukem 		if( refs ) {
3422de962bdSlukem 			int i;
3432de962bdSlukem 			for( i=0; refs[i]; i++ ) {
3442de962bdSlukem 				printf(_("Referral: %s\n"), refs[i] );
3452de962bdSlukem 			}
3462de962bdSlukem 		}
3472de962bdSlukem 	}
3482de962bdSlukem 
3492de962bdSlukem 	/* if we were told to be quiet, use the return value. */
3502de962bdSlukem 	if ( !quiet ) {
3512de962bdSlukem 		if ( code == LDAP_COMPARE_TRUE ) {
3522de962bdSlukem 			printf(_("TRUE\n"));
3532de962bdSlukem 		} else if ( code == LDAP_COMPARE_FALSE ) {
3542de962bdSlukem 			printf(_("FALSE\n"));
3552de962bdSlukem 		} else {
3562de962bdSlukem 			printf(_("UNDEFINED\n"));
3572de962bdSlukem 		}
3582de962bdSlukem 	}
3592de962bdSlukem 
3602de962bdSlukem 	if ( ctrls ) {
3612de962bdSlukem 		tool_print_ctrls( ld, ctrls );
3622de962bdSlukem 		ldap_controls_free( ctrls );
3632de962bdSlukem 	}
3642de962bdSlukem 
3652de962bdSlukem 	ber_memfree( text );
3662de962bdSlukem 	ber_memfree( matcheddn );
3672de962bdSlukem 	ber_memvfree( (void **) refs );
3682de962bdSlukem 
3692de962bdSlukem 	return( code );
3702de962bdSlukem }
3712de962bdSlukem 
372