mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-20 22:59:34 -05:00
allow to select credentials; allow subtree search
This commit is contained in:
Pierangelo Masarati
parent
6910b36df8
commit
9e3581ba64
2 changed files with 110 additions and 48 deletions
|
|
@ -34,6 +34,7 @@
|
||||||
|
|
||||||
#include <ldap.h>
|
#include <ldap.h>
|
||||||
#include <lutil.h>
|
#include <lutil.h>
|
||||||
|
#include <lber_pvt.h>
|
||||||
|
|
||||||
#include "slapd-common.h"
|
#include "slapd-common.h"
|
||||||
|
|
||||||
|
|
@ -44,8 +45,8 @@ do_bind( char *uri, char *dn, struct berval *pass, int maxloop,
|
||||||
int force, int chaserefs, int noinit, LDAP **ldp );
|
int force, int chaserefs, int noinit, LDAP **ldp );
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_base( char *uri, struct berval *base, struct berval *pass, int maxloop,
|
do_base( char *uri, struct berval *base, struct berval *pass, char *pwattr,
|
||||||
int force, int chaserefs, int noinit, int delay );
|
int maxloop, int force, int chaserefs, int noinit, int delay );
|
||||||
|
|
||||||
/* This program can be invoked two ways: if -D is used to specify a Bind DN,
|
/* This program can be invoked two ways: if -D is used to specify a Bind DN,
|
||||||
* that DN will be used repeatedly for all of the Binds. If instead -b is used
|
* that DN will be used repeatedly for all of the Binds. If instead -b is used
|
||||||
|
|
@ -58,10 +59,9 @@ static void
|
||||||
usage( char *name )
|
usage( char *name )
|
||||||
{
|
{
|
||||||
fprintf( stderr, "usage: %s "
|
fprintf( stderr, "usage: %s "
|
||||||
"[-h <host>] "
|
"[-H uri | -h <host> [-p port]] "
|
||||||
"-p port "
|
"[-D <dn> [-w <passwd>]] "
|
||||||
"(-D <dn>|-b <baseDN> [-f <searchfilter>]) "
|
"[-b <baseDN> [-f <searchfilter>] [-a pwattr]] "
|
||||||
"-w <passwd> "
|
|
||||||
"[-l <loops>] "
|
"[-l <loops>] "
|
||||||
"[-L <outerloops>] "
|
"[-L <outerloops>] "
|
||||||
"[-F] "
|
"[-F] "
|
||||||
|
|
@ -83,6 +83,7 @@ main( int argc, char **argv )
|
||||||
char *dn = NULL;
|
char *dn = NULL;
|
||||||
struct berval base = { 0, NULL };
|
struct berval base = { 0, NULL };
|
||||||
struct berval pass = { 0, NULL };
|
struct berval pass = { 0, NULL };
|
||||||
|
char *pwattr = NULL;
|
||||||
int port = -1;
|
int port = -1;
|
||||||
int loops = LOOPS;
|
int loops = LOOPS;
|
||||||
int outerloops = 1;
|
int outerloops = 1;
|
||||||
|
|
@ -93,8 +94,12 @@ main( int argc, char **argv )
|
||||||
|
|
||||||
tester_init( "slapd-bind" );
|
tester_init( "slapd-bind" );
|
||||||
|
|
||||||
while ( (i = getopt( argc, argv, "b:H:h:p:D:w:l:L:f:FIt:" )) != EOF ) {
|
while ( (i = getopt( argc, argv, "a:b:H:h:p:D:w:l:L:f:FIt:" )) != EOF ) {
|
||||||
switch( i ) {
|
switch( i ) {
|
||||||
|
case 'a':
|
||||||
|
pwattr = optarg;
|
||||||
|
break;
|
||||||
|
|
||||||
case 'b': /* base DN of a tree of user DNs */
|
case 'b': /* base DN of a tree of user DNs */
|
||||||
ber_str2bv( optarg, 0, 0, &base );
|
ber_str2bv( optarg, 0, 0, &base );
|
||||||
break;
|
break;
|
||||||
|
|
@ -104,11 +109,11 @@ main( int argc, char **argv )
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'H': /* the server uri */
|
case 'H': /* the server uri */
|
||||||
uri = strdup( optarg );
|
uri = optarg;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'h': /* the servers host */
|
case 'h': /* the servers host */
|
||||||
host = strdup( optarg );
|
host = optarg;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'p': /* the servers port */
|
case 'p': /* the servers port */
|
||||||
|
|
@ -118,12 +123,11 @@ main( int argc, char **argv )
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'D':
|
case 'D':
|
||||||
dn = strdup( optarg );
|
dn = optarg;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'w':
|
case 'w':
|
||||||
pass.bv_val = strdup( optarg );
|
ber_str2bv( optarg, 0, 0, &pass );
|
||||||
pass.bv_len = strlen( optarg );
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'l': /* the number of loops */
|
case 'l': /* the number of loops */
|
||||||
|
|
@ -172,7 +176,7 @@ main( int argc, char **argv )
|
||||||
|
|
||||||
for ( i = 0; i < outerloops; i++ ) {
|
for ( i = 0; i < outerloops; i++ ) {
|
||||||
if ( base.bv_val != NULL ) {
|
if ( base.bv_val != NULL ) {
|
||||||
do_base( uri, &base, &pass, loops,
|
do_base( uri, &base, &pass, pwattr, loops,
|
||||||
force, chaserefs, noinit, delay );
|
force, chaserefs, noinit, delay );
|
||||||
} else {
|
} else {
|
||||||
do_bind( uri, dn, &pass, loops,
|
do_bind( uri, dn, &pass, loops,
|
||||||
|
|
@ -244,7 +248,7 @@ do_bind( char *uri, char *dn, struct berval *pass, int maxloop,
|
||||||
fprintf( stderr, " PID=%ld - Bind done (%d).\n", (long) pid, rc );
|
fprintf( stderr, " PID=%ld - Bind done (%d).\n", (long) pid, rc );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ldp ) {
|
if ( ldp && noinit ) {
|
||||||
*ldp = ld;
|
*ldp = ld;
|
||||||
|
|
||||||
} else if ( ld != NULL ) {
|
} else if ( ld != NULL ) {
|
||||||
|
|
@ -256,8 +260,8 @@ do_bind( char *uri, char *dn, struct berval *pass, int maxloop,
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_base( char *uri, struct berval *base, struct berval *pass, int maxloop,
|
do_base( char *uri, struct berval *base, struct berval *pass, char *pwattr,
|
||||||
int force, int chaserefs, int noinit, int delay )
|
int maxloop, int force, int chaserefs, int noinit, int delay )
|
||||||
{
|
{
|
||||||
LDAP *ld = NULL;
|
LDAP *ld = NULL;
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
|
@ -265,9 +269,10 @@ do_base( char *uri, struct berval *base, struct berval *pass, int maxloop,
|
||||||
int rc = LDAP_SUCCESS;
|
int rc = LDAP_SUCCESS;
|
||||||
ber_int_t msgid;
|
ber_int_t msgid;
|
||||||
LDAPMessage *res, *msg;
|
LDAPMessage *res, *msg;
|
||||||
struct berval *rdns = NULL;
|
char **dns = NULL;
|
||||||
|
struct berval *creds = NULL;
|
||||||
char *attrs[] = { LDAP_NO_ATTRS, NULL };
|
char *attrs[] = { LDAP_NO_ATTRS, NULL };
|
||||||
int nrdns = 0;
|
int ndns = 0;
|
||||||
#ifdef _WIN32
|
#ifdef _WIN32
|
||||||
DWORD beg, end;
|
DWORD beg, end;
|
||||||
#else
|
#else
|
||||||
|
|
@ -275,6 +280,7 @@ do_base( char *uri, struct berval *base, struct berval *pass, int maxloop,
|
||||||
#endif
|
#endif
|
||||||
int version = LDAP_VERSION3;
|
int version = LDAP_VERSION3;
|
||||||
struct berval pw = { 0, NULL };
|
struct berval pw = { 0, NULL };
|
||||||
|
char *nullstr = "";
|
||||||
|
|
||||||
srand(pid);
|
srand(pid);
|
||||||
|
|
||||||
|
|
@ -294,32 +300,75 @@ do_base( char *uri, struct berval *base, struct berval *pass, int maxloop,
|
||||||
exit( EXIT_FAILURE );
|
exit( EXIT_FAILURE );
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = ldap_search_ext( ld, base->bv_val, LDAP_SCOPE_ONE,
|
fprintf( stderr, "PID=%ld - Bind(%d): base=\"%s\", filter=\"%s\" attr=\"%s\".\n",
|
||||||
|
(long) pid, maxloop, base->bv_val, filter, pwattr );
|
||||||
|
|
||||||
|
if ( pwattr != NULL ) {
|
||||||
|
attrs[ 0 ] = pwattr;
|
||||||
|
}
|
||||||
|
rc = ldap_search_ext( ld, base->bv_val, LDAP_SCOPE_SUBTREE,
|
||||||
filter, attrs, 0, NULL, NULL, 0, 0, &msgid );
|
filter, attrs, 0, NULL, NULL, 0, 0, &msgid );
|
||||||
if ( rc != LDAP_SUCCESS ) {
|
if ( rc != LDAP_SUCCESS ) {
|
||||||
tester_ldap_error( ld, "ldap_search_ext", NULL );
|
tester_ldap_error( ld, "ldap_search_ext", NULL );
|
||||||
exit( EXIT_FAILURE );
|
exit( EXIT_FAILURE );
|
||||||
}
|
}
|
||||||
|
|
||||||
while (( rc=ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ONE, NULL, &res )) >0){
|
while ( ( rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ONE, NULL, &res ) ) > 0 )
|
||||||
|
{
|
||||||
BerElement *ber;
|
BerElement *ber;
|
||||||
struct berval bv;
|
struct berval bv;
|
||||||
char *ptr;
|
|
||||||
int done = 0;
|
int done = 0;
|
||||||
|
|
||||||
for (msg = ldap_first_message( ld, res ); msg;
|
for ( msg = ldap_first_message( ld, res ); msg;
|
||||||
msg = ldap_next_message( ld, msg )) {
|
msg = ldap_next_message( ld, msg ) )
|
||||||
switch ( ldap_msgtype( msg )) {
|
{
|
||||||
|
switch ( ldap_msgtype( msg ) ) {
|
||||||
case LDAP_RES_SEARCH_ENTRY:
|
case LDAP_RES_SEARCH_ENTRY:
|
||||||
rc = ldap_get_dn_ber( ld, msg, &ber, &bv );
|
rc = ldap_get_dn_ber( ld, msg, &ber, &bv );
|
||||||
ptr = strchr( bv.bv_val, ',');
|
dns = realloc( dns, (ndns + 1)*sizeof(char *) );
|
||||||
assert( ptr != NULL );
|
dns[ndns] = ber_strdup( bv.bv_val );
|
||||||
bv.bv_len = ptr - bv.bv_val + 1;
|
if ( pwattr != NULL ) {
|
||||||
rdns = realloc( rdns, (nrdns+1)*sizeof(struct berval));
|
struct berval **values = ldap_get_values_len( ld, msg, pwattr );
|
||||||
ber_dupbv( &rdns[nrdns], &bv );
|
|
||||||
nrdns++;
|
creds = realloc( creds, (ndns + 1)*sizeof(struct berval) );
|
||||||
|
if ( values == NULL ) {
|
||||||
|
novals:;
|
||||||
|
if ( pass != NULL ) {
|
||||||
|
ber_dupbv( &creds[ndns], pass );
|
||||||
|
|
||||||
|
} else {
|
||||||
|
creds[ndns].bv_len = 0;
|
||||||
|
creds[ndns].bv_val = nullstr;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
static struct berval cleartext = BER_BVC( "{CLEARTEXT} " );
|
||||||
|
struct berval value = *values[ 0 ];
|
||||||
|
|
||||||
|
if ( value.bv_val[ 0 ] == '{' ) {
|
||||||
|
char *end = ber_bvchr( &value, '}' );
|
||||||
|
|
||||||
|
if ( end ) {
|
||||||
|
if ( ber_bvcmp( &value, &cleartext ) == 0 ) {
|
||||||
|
value.bv_val += cleartext.bv_len;
|
||||||
|
value.bv_len -= cleartext.bv_len;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
ldap_value_free_len( values );
|
||||||
|
goto novals;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
ber_dupbv( &creds[ndns], &value );
|
||||||
|
ldap_value_free_len( values );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ndns++;
|
||||||
ber_free( ber, 0 );
|
ber_free( ber, 0 );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case LDAP_RES_SEARCH_RESULT:
|
case LDAP_RES_SEARCH_RESULT:
|
||||||
done = 1;
|
done = 1;
|
||||||
break;
|
break;
|
||||||
|
|
@ -337,30 +386,26 @@ do_base( char *uri, struct berval *base, struct berval *pass, int maxloop,
|
||||||
gettimeofday( &beg, NULL );
|
gettimeofday( &beg, NULL );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ( nrdns == 0 ) {
|
if ( ndns == 0 ) {
|
||||||
tester_error( "No RDNs" );
|
tester_error( "No RDNs" );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fprintf( stderr, "PID=%ld - got %d values.\n", (long) pid, ndns );
|
||||||
|
|
||||||
/* Ok, got list of RDNs, now start binding to each */
|
/* Ok, got list of RDNs, now start binding to each */
|
||||||
for ( i = 0; i < maxloop; i++ ) {
|
for ( i = 0; i < maxloop; i++ ) {
|
||||||
char dn[BUFSIZ], *ptr;
|
|
||||||
int j, k;
|
int j, k;
|
||||||
|
struct berval *cred = pass;
|
||||||
|
|
||||||
for ( j = 0, k = 0; k < nrdns; k++) {
|
for ( j = 0, k = 0; k < ndns; k++) {
|
||||||
j = rand() % nrdns;
|
j = rand() % ndns;
|
||||||
if ( base->bv_len + rdns[j].bv_len < sizeof( dn ) ) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( k == nrdns ) {
|
if ( creds && !BER_BVISEMPTY( &creds[j] ) ) {
|
||||||
|
cred = &creds[j];
|
||||||
}
|
}
|
||||||
|
if ( do_bind( uri, dns[j], cred, 1, force, chaserefs, noinit, &ld )
|
||||||
ptr = lutil_strcopy(dn, rdns[j].bv_val);
|
|
||||||
strcpy(ptr, base->bv_val);
|
|
||||||
if ( do_bind( uri, dn, pass, 1, force, chaserefs, noinit, &ld )
|
|
||||||
&& !force )
|
&& !force )
|
||||||
{
|
{
|
||||||
break;
|
break;
|
||||||
|
|
@ -395,11 +440,20 @@ do_base( char *uri, struct berval *base, struct berval *pass, int maxloop,
|
||||||
(long) end.tv_sec, (long) end.tv_usec );
|
(long) end.tv_sec, (long) end.tv_usec );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ( rdns ) {
|
if ( dns ) {
|
||||||
for ( i = 0; i < nrdns; i++ ) {
|
for ( i = 0; i < ndns; i++ ) {
|
||||||
free( rdns[i].bv_val );
|
free( dns[i] );
|
||||||
}
|
}
|
||||||
free( rdns );
|
free( dns );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( creds ) {
|
||||||
|
for ( i = 0; i < ndns; i++ ) {
|
||||||
|
if ( creds[i].bv_val != nullstr ) {
|
||||||
|
free( creds[i].bv_val );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
free( creds );
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -162,6 +162,7 @@ main( int argc, char **argv )
|
||||||
char *bfile = NULL;
|
char *bfile = NULL;
|
||||||
char *breqs[MAXREQS];
|
char *breqs[MAXREQS];
|
||||||
char *bcreds[MAXREQS];
|
char *bcreds[MAXREQS];
|
||||||
|
char *battrs[MAXREQS];
|
||||||
int bnum = 0;
|
int bnum = 0;
|
||||||
char *bargs[MAXARGS];
|
char *bargs[MAXARGS];
|
||||||
int banum;
|
int banum;
|
||||||
|
|
@ -309,7 +310,7 @@ main( int argc, char **argv )
|
||||||
|
|
||||||
/* look for bind requests */
|
/* look for bind requests */
|
||||||
if ( bfile ) {
|
if ( bfile ) {
|
||||||
bnum = get_search_filters( bfile, bcreds, NULL, breqs );
|
bnum = get_search_filters( bfile, bcreds, battrs, breqs );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* setup friendly option */
|
/* setup friendly option */
|
||||||
|
|
@ -642,6 +643,13 @@ main( int argc, char **argv )
|
||||||
|
|
||||||
bargs[banum - 4] = breqs[jj];
|
bargs[banum - 4] = breqs[jj];
|
||||||
bargs[banum - 2] = bcreds[jj];
|
bargs[banum - 2] = bcreds[jj];
|
||||||
|
if ( battrs[jj] != NULL ) {
|
||||||
|
bargs[banum - 1] = "-a";
|
||||||
|
bargs[banum] = battrs[jj];
|
||||||
|
|
||||||
|
} else {
|
||||||
|
sargs[sanum - 1] = NULL;
|
||||||
|
}
|
||||||
fork_child( bcmd, bargs );
|
fork_child( bcmd, bargs );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue