1 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 2 * 3 * Copyright 2004-2008 The OpenLDAP Foundation. 4 * Portions Copyright 2004 Pierangelo Masarati. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted only as authorized by the OpenLDAP 9 * Public License. 10 * 11 * A copy of this license is available in file LICENSE in the 12 * top-level directory of the distribution or, alternatively, at 13 * <http://www.OpenLDAP.org/license.html>. 14 */ 15 /* ACKNOWLEDGEMENTS: 16 * This work was initially developed by Pierangelo Masarati for inclusion 17 * in OpenLDAP Software. 18 */ 19 20 #include "portable.h" 21 22 #include <stdio.h> 23 24 #include <ac/stdlib.h> 25 26 #include <ac/ctype.h> 27 #include <ac/string.h> 28 #include <ac/socket.h> 29 #include <ac/unistd.h> 30 31 #include <lber.h> 32 #include <ldif.h> 33 #include <lutil.h> 34 35 #include "slapcommon.h" 36 37 static int 38 do_check( Connection *c, Operation *op, struct berval *id ) 39 { 40 struct berval authcdn; 41 int rc; 42 43 rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID ); 44 if ( rc != LDAP_SUCCESS ) { 45 fprintf( stderr, "ID: <%s> check failed %d (%s)\n", 46 id->bv_val, rc, 47 ldap_err2string( rc ) ); 48 rc = 1; 49 50 } else { 51 if ( !BER_BVISNULL( &authzID ) ) { 52 rc = slap_sasl_authorized( op, &authcdn, &authzID ); 53 54 fprintf( stderr, 55 "ID: <%s>\n" 56 "authcDN: <%s>\n" 57 "authzDN: <%s>\n" 58 "authorization %s\n", 59 id->bv_val, 60 authcdn.bv_val, 61 authzID.bv_val, 62 rc == LDAP_SUCCESS ? "OK" : "failed" ); 63 64 } else { 65 fprintf( stderr, "ID: <%s> check succeeded\n" 66 "authcID: <%s>\n", 67 id->bv_val, 68 authcdn.bv_val ); 69 op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx ); 70 } 71 rc = 0; 72 } 73 74 return rc; 75 } 76 77 int 78 slapauth( int argc, char **argv ) 79 { 80 int rc = EXIT_SUCCESS; 81 const char *progname = "slapauth"; 82 Connection conn = {0}; 83 OperationBuffer opbuf; 84 Operation *op; 85 86 slap_tool_init( progname, SLAPAUTH, argc, argv ); 87 88 argv = &argv[ optind ]; 89 argc -= optind; 90 91 connection_fake_init( &conn, &opbuf, &conn ); 92 op = &opbuf.ob_op; 93 94 conn.c_sasl_bind_mech = mech; 95 96 if ( !BER_BVISNULL( &authzID ) ) { 97 struct berval authzdn; 98 99 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, 100 SLAP_GETDN_AUTHZID ); 101 if ( rc != LDAP_SUCCESS ) { 102 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", 103 authzID.bv_val, rc, 104 ldap_err2string( rc ) ); 105 rc = 1; 106 BER_BVZERO( &authzID ); 107 goto destroy; 108 } 109 110 authzID = authzdn; 111 } 112 113 114 if ( !BER_BVISNULL( &authcID ) ) { 115 if ( !BER_BVISNULL( &authzID ) || argc == 0 ) { 116 rc = do_check( &conn, op, &authcID ); 117 goto destroy; 118 } 119 120 for ( ; argc--; argv++ ) { 121 struct berval authzdn; 122 123 ber_str2bv( argv[ 0 ], 0, 0, &authzID ); 124 125 rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn, 126 SLAP_GETDN_AUTHZID ); 127 if ( rc != LDAP_SUCCESS ) { 128 fprintf( stderr, "authzID: <%s> check failed %d (%s)\n", 129 authzID.bv_val, rc, 130 ldap_err2string( rc ) ); 131 rc = -1; 132 BER_BVZERO( &authzID ); 133 if ( !continuemode ) { 134 goto destroy; 135 } 136 } 137 138 authzID = authzdn; 139 140 rc = do_check( &conn, op, &authcID ); 141 142 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); 143 BER_BVZERO( &authzID ); 144 145 if ( rc && !continuemode ) { 146 goto destroy; 147 } 148 } 149 150 goto destroy; 151 } 152 153 for ( ; argc--; argv++ ) { 154 struct berval id; 155 156 ber_str2bv( argv[ 0 ], 0, 0, &id ); 157 158 rc = do_check( &conn, op, &id ); 159 160 if ( rc && !continuemode ) { 161 goto destroy; 162 } 163 } 164 165 destroy:; 166 if ( !BER_BVISNULL( &authzID ) ) { 167 op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx ); 168 } 169 slap_tool_destroy(); 170 171 return rc; 172 } 173 174