openldap/servers/slapd/slapauth.c

178 lines
3.7 KiB
C
Raw Normal View History

2008-11-11 07:15:35 +08:00
/* $OpenLDAP$ */
2004-04-14 01:18:03 +08:00
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
2021-01-12 03:25:53 +08:00
* Copyright 2004-2021 The OpenLDAP Foundation.
2004-04-14 01:18:03 +08:00
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Pierangelo Masarati for inclusion
* in OpenLDAP Software.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/socket.h>
#include <ac/unistd.h>
#include <lber.h>
#include <ldif.h>
#include <lutil.h>
#include "slapcommon.h"
static int
do_check( Connection *c, Operation *op, struct berval *id )
{
2004-04-20 08:08:44 +08:00
struct berval authcdn;
2004-04-14 01:18:03 +08:00
int rc;
rc = slap_sasl_getdn( c, op, id, realm, &authcdn, SLAP_GETDN_AUTHCID );
2004-04-14 01:18:03 +08:00
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
id->bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
} else {
if ( !BER_BVISNULL( &authzID ) ) {
2004-04-20 08:08:44 +08:00
rc = slap_sasl_authorized( op, &authcdn, &authzID );
2004-04-14 01:18:03 +08:00
fprintf( stderr,
"ID: <%s>\n"
"authcDN: <%s>\n"
"authzDN: <%s>\n"
"authorization %s\n",
id->bv_val,
2004-04-20 08:08:44 +08:00
authcdn.bv_val,
2004-04-14 01:18:03 +08:00
authzID.bv_val,
rc == LDAP_SUCCESS ? "OK" : "failed" );
} else {
fprintf( stderr, "ID: <%s> check succeeded\n"
"authcID: <%s>\n",
id->bv_val,
2004-04-20 08:08:44 +08:00
authcdn.bv_val );
op->o_tmpfree( authcdn.bv_val, op->o_tmpmemctx );
2004-04-14 01:18:03 +08:00
}
rc = 0;
}
return rc;
}
int
2004-04-16 14:12:13 +08:00
slapauth( int argc, char **argv )
2004-04-14 01:18:03 +08:00
{
int rc = EXIT_SUCCESS;
2004-04-16 14:12:13 +08:00
const char *progname = "slapauth";
2004-11-26 06:59:00 +08:00
Connection conn = {0};
OperationBuffer opbuf;
Operation *op;
void *thrctx;
2004-04-14 01:18:03 +08:00
2004-04-16 14:12:13 +08:00
slap_tool_init( progname, SLAPAUTH, argc, argv );
2004-04-14 01:18:03 +08:00
argv = &argv[ optind ];
argc -= optind;
thrctx = ldap_pvt_thread_pool_context();
connection_fake_init( &conn, &opbuf, thrctx );
op = &opbuf.ob_op;
2004-04-14 01:18:03 +08:00
conn.c_sasl_bind_mech = mech;
2004-04-14 01:18:03 +08:00
if ( !BER_BVISNULL( &authzID ) ) {
2004-04-20 08:08:44 +08:00
struct berval authzdn;
2004-04-14 01:18:03 +08:00
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
2004-04-14 01:18:03 +08:00
SLAP_GETDN_AUTHZID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
authzID.bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
BER_BVZERO( &authzID );
goto destroy;
}
2004-04-20 08:08:44 +08:00
authzID = authzdn;
2004-04-14 01:18:03 +08:00
}
if ( !BER_BVISNULL( &authcID ) ) {
if ( !BER_BVISNULL( &authzID ) || argc == 0 ) {
rc = do_check( &conn, op, &authcID );
2004-04-14 01:18:03 +08:00
goto destroy;
}
for ( ; argc--; argv++ ) {
2004-04-20 08:08:44 +08:00
struct berval authzdn;
2004-04-14 01:18:03 +08:00
ber_str2bv( argv[ 0 ], 0, 0, &authzID );
rc = slap_sasl_getdn( &conn, op, &authzID, NULL, &authzdn,
2004-04-14 01:18:03 +08:00
SLAP_GETDN_AUTHZID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
authzID.bv_val, rc,
ldap_err2string( rc ) );
2004-04-26 08:17:58 +08:00
rc = -1;
2004-04-14 01:18:03 +08:00
BER_BVZERO( &authzID );
2004-04-26 08:17:58 +08:00
if ( !continuemode ) {
goto destroy;
}
2004-04-14 01:18:03 +08:00
}
2004-04-20 08:08:44 +08:00
authzID = authzdn;
2004-04-14 01:18:03 +08:00
rc = do_check( &conn, op, &authcID );
2004-04-14 01:18:03 +08:00
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
2004-04-14 01:18:03 +08:00
BER_BVZERO( &authzID );
2004-04-26 08:17:58 +08:00
if ( rc && !continuemode ) {
2004-04-14 01:18:03 +08:00
goto destroy;
}
}
goto destroy;
}
for ( ; argc--; argv++ ) {
struct berval id;
ber_str2bv( argv[ 0 ], 0, 0, &id );
rc = do_check( &conn, op, &id );
2004-04-14 01:18:03 +08:00
2004-04-26 08:17:58 +08:00
if ( rc && !continuemode ) {
2004-04-14 01:18:03 +08:00
goto destroy;
}
}
destroy:;
if ( !BER_BVISNULL( &authzID ) ) {
op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
2004-04-14 01:18:03 +08:00
}
if ( slap_tool_destroy())
rc = EXIT_FAILURE;
2004-04-14 01:18:03 +08:00
return rc;
}