17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5b446700bSjanga * Common Development and Distribution License (the "License"). 6b446700bSjanga * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22e1dd0a2fSth * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate #include <stdio.h> 287c478bd9Sstevel@tonic-gate #include <stdlib.h> 297c478bd9Sstevel@tonic-gate #include <libintl.h> 307c478bd9Sstevel@tonic-gate #include <strings.h> 317c478bd9Sstevel@tonic-gate #include <locale.h> 327c478bd9Sstevel@tonic-gate #include <syslog.h> 33e1dd0a2fSth 34e1dd0a2fSth #include "standalone.h" 357c478bd9Sstevel@tonic-gate 367c478bd9Sstevel@tonic-gate extern char *set_filter(char **, char *, char **); 377c478bd9Sstevel@tonic-gate extern char *set_filter_publickey(char **, char *, int, char **); 387c478bd9Sstevel@tonic-gate extern void _printResult(ns_ldap_result_t *); 39b446700bSjanga extern void printMapping(); 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate int listflag = 0; 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate void 447c478bd9Sstevel@tonic-gate usage(char *msg) { 457c478bd9Sstevel@tonic-gate if (msg) 46b446700bSjanga (void) fprintf(stderr, "%s\n", msg); 477c478bd9Sstevel@tonic-gate 48b446700bSjanga (void) fprintf(stderr, 497c478bd9Sstevel@tonic-gate gettext( 50e1dd0a2fSth "\n" 51e1dd0a2fSth "usage: ldaplist [-dlv] [-h LDAP_server[:serverPort] [-M domainName]\n" 52e1dd0a2fSth "[-N profileName] [-a authenticationMethod] [-P certifPath]\n" 53e1dd0a2fSth "[-D bindDN] [-w bindPassword] [-j passwdFile]]\n" 54e1dd0a2fSth "[<database> [<key>] ...]\n\n" 55e1dd0a2fSth "usage: ldaplist -h\n" 56e1dd0a2fSth "\n" 57e1dd0a2fSth "usage: ldaplist -g\n\n" 587c478bd9Sstevel@tonic-gate "\tOptions:\n" 597c478bd9Sstevel@tonic-gate "\t -l list all the attributes found in entry.\n" 607c478bd9Sstevel@tonic-gate "\t By default, it lists only the DNs.\n" 617c478bd9Sstevel@tonic-gate "\t -d list attributes for the database instead of its entries\n" 627c478bd9Sstevel@tonic-gate "\t -v print out the LDAP search filter.\n" 63e1dd0a2fSth "\t -g list the database mappings.\n" 64e1dd0a2fSth "\t -h An address (or a name) and a port of the LDAP server in\n" 65e1dd0a2fSth "\t which the entries will be stored. The default value for\n" 66e1dd0a2fSth "\t the port is 389 (or 636 for TLS connections).\n" 67e1dd0a2fSth "\t -M The name of a domain served by the specified server.\n" 68e1dd0a2fSth "\t If not specified, the default domain name will be used.\n" 69e1dd0a2fSth "\t -N Specifies a DUAProfile name.\n" 70e1dd0a2fSth "\t The default value is \"default\".\n" 71e1dd0a2fSth "\t -a Specifies an authentication method.\n" 72e1dd0a2fSth "\t -P The certificate path for the location of the certificate\n" 73e1dd0a2fSth "\t database.\n" 74e1dd0a2fSth "\t -D Specifies an entry which has read permission to\n" 75e1dd0a2fSth "\t the requested database.\n" 76e1dd0a2fSth "\t -w Password to be used for authenticating the bindDN.\n" 77e1dd0a2fSth "\t -j File containing the password for bindDN or SSL key db.\n" 787c478bd9Sstevel@tonic-gate "\t<database> is the database to be searched in. Standard system\n" 797c478bd9Sstevel@tonic-gate "\tdatabases are:\n" 807c478bd9Sstevel@tonic-gate "\t\tpassword, printers, group, hosts, ethers, networks, netmasks,\n" 817c478bd9Sstevel@tonic-gate "\t\trpc, bootparams, protocols, services, netgroup, auto_*.\n" 827c478bd9Sstevel@tonic-gate "\tNon-standard system databases can be specified as follows:\n" 837c478bd9Sstevel@tonic-gate "\t\tby specific container: ou=<dbname> or\n" 847c478bd9Sstevel@tonic-gate "\t\tby default container: <dbname>. In this case, 'nismapname'\n" 857c478bd9Sstevel@tonic-gate "\t\twill be used, thus mapping this to nismapname=<dbname>.\n" 867c478bd9Sstevel@tonic-gate "\t<key> is the key to search in the database. For the standard\n" 877c478bd9Sstevel@tonic-gate "\tdatabases, the search type for the key is predefined. You can\n" 88e1dd0a2fSth "\toverride this by specifying <type>=<key>.\n" 89e1dd0a2fSth "\nNOTE: The old -h option printing the mapping information is " 90e1dd0a2fSth "deprecated.\nFor backward compatibility the following mode is " 91e1dd0a2fSth "available:\nldaplist -h\n")); 927c478bd9Sstevel@tonic-gate exit(1); 937c478bd9Sstevel@tonic-gate } 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate /* 967c478bd9Sstevel@tonic-gate * This is a generic filter call back function for 977c478bd9Sstevel@tonic-gate * merging the filter from service search descriptor with 987c478bd9Sstevel@tonic-gate * an existing search filter. This routine expects userdata 997c478bd9Sstevel@tonic-gate * contain a format string with a single %s in it, and will 1007c478bd9Sstevel@tonic-gate * use the format string with sprintf() to insert the SSD filter. 1017c478bd9Sstevel@tonic-gate * 1027c478bd9Sstevel@tonic-gate * This routine is passed to the __ns_ldap_list() or 1037c478bd9Sstevel@tonic-gate * __ns_ldap_firstEntry() APIs as the filter call back 1047c478bd9Sstevel@tonic-gate * together with the userdata. For example, 1057c478bd9Sstevel@tonic-gate * the "ldaplist hosts sys1" processing may call __ns_ldap_list() 1067c478bd9Sstevel@tonic-gate * with "(&(objectClass=ipHost)(cn=sys1))" as filter, this function 1077c478bd9Sstevel@tonic-gate * as the filter call back, and "(&(%s)(cn=sys1))" as the 1087c478bd9Sstevel@tonic-gate * userdata, this routine will in turn gets call to produce 1097c478bd9Sstevel@tonic-gate * "(&(department=sds)(cn=sys1))" as the real search 1107c478bd9Sstevel@tonic-gate * filter, if the input SSD contains a filter "department=sds". 1117c478bd9Sstevel@tonic-gate */ 1127c478bd9Sstevel@tonic-gate static int 1137c478bd9Sstevel@tonic-gate merge_SSD_filter(const ns_ldap_search_desc_t *desc, 1147c478bd9Sstevel@tonic-gate char **realfilter, 1157c478bd9Sstevel@tonic-gate const void *userdata) 1167c478bd9Sstevel@tonic-gate { 1177c478bd9Sstevel@tonic-gate int len; 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate /* sanity check */ 1207c478bd9Sstevel@tonic-gate if (realfilter == NULL) 1217c478bd9Sstevel@tonic-gate return (NS_LDAP_INVALID_PARAM); 1227c478bd9Sstevel@tonic-gate *realfilter = NULL; 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate if (desc == NULL || desc->filter == NULL || 125e1dd0a2fSth userdata == NULL) 1267c478bd9Sstevel@tonic-gate return (NS_LDAP_INVALID_PARAM); 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate len = strlen(userdata) + strlen(desc->filter) + 1; 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate *realfilter = (char *)malloc(len); 1317c478bd9Sstevel@tonic-gate if (*realfilter == NULL) 1327c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate (void) sprintf(*realfilter, (char *)userdata, 135e1dd0a2fSth desc->filter); 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate return (NS_LDAP_SUCCESS); 1387c478bd9Sstevel@tonic-gate } 1397c478bd9Sstevel@tonic-gate 1407c478bd9Sstevel@tonic-gate /* returns 0=success, 1=error */ 1417c478bd9Sstevel@tonic-gate int 1427c478bd9Sstevel@tonic-gate list(char *database, char *ldapfilter, char **ldapattribute, 1437c478bd9Sstevel@tonic-gate char **err, char *userdata) 1447c478bd9Sstevel@tonic-gate { 1457c478bd9Sstevel@tonic-gate ns_ldap_result_t *result; 1467c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 1477c478bd9Sstevel@tonic-gate int rc; 1487c478bd9Sstevel@tonic-gate char buf[500]; 1497c478bd9Sstevel@tonic-gate 1507c478bd9Sstevel@tonic-gate *err = NULL; 1517c478bd9Sstevel@tonic-gate buf[0] = '\0'; 1527c478bd9Sstevel@tonic-gate rc = __ns_ldap_list(database, (const char *)ldapfilter, 153e1dd0a2fSth merge_SSD_filter, (const char **)ldapattribute, NULL, 154e1dd0a2fSth listflag, &result, &errorp, NULL, userdata); 1557c478bd9Sstevel@tonic-gate if (rc != NS_LDAP_SUCCESS) { 1567c478bd9Sstevel@tonic-gate char *p; 1577c478bd9Sstevel@tonic-gate (void) __ns_ldap_err2str(rc, &p); 1587c478bd9Sstevel@tonic-gate if (errorp && errorp->message) { 159b446700bSjanga (void) snprintf(buf, sizeof (buf), "%s (%s)", 160e1dd0a2fSth p, errorp->message); 161b446700bSjanga (void) __ns_ldap_freeError(&errorp); 1627c478bd9Sstevel@tonic-gate } else 163e1dd0a2fSth (void) snprintf(buf, sizeof (buf), "%s\n", p); 1647c478bd9Sstevel@tonic-gate *err = strdup(buf); 1657c478bd9Sstevel@tonic-gate return (rc); 1667c478bd9Sstevel@tonic-gate } 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate _printResult(result); 169b446700bSjanga (void) __ns_ldap_freeResult(&result); 1707c478bd9Sstevel@tonic-gate return (0); 1717c478bd9Sstevel@tonic-gate } 1727c478bd9Sstevel@tonic-gate 1737c478bd9Sstevel@tonic-gate 1747c478bd9Sstevel@tonic-gate int 1757c478bd9Sstevel@tonic-gate switch_err(int rc) 1767c478bd9Sstevel@tonic-gate { 1777c478bd9Sstevel@tonic-gate switch (rc) { 1787c478bd9Sstevel@tonic-gate case NS_LDAP_SUCCESS: 1797c478bd9Sstevel@tonic-gate return (0); 1807c478bd9Sstevel@tonic-gate case NS_LDAP_NOTFOUND: 1817c478bd9Sstevel@tonic-gate return (1); 1827c478bd9Sstevel@tonic-gate } 1837c478bd9Sstevel@tonic-gate return (2); 1847c478bd9Sstevel@tonic-gate } 1857c478bd9Sstevel@tonic-gate 186a506a34cSth int 1877c478bd9Sstevel@tonic-gate main(int argc, char **argv) 1887c478bd9Sstevel@tonic-gate { 1897c478bd9Sstevel@tonic-gate 190e1dd0a2fSth extern int optind; 191e1dd0a2fSth char *database = NULL; 192e1dd0a2fSth char *ldapfilter = NULL; 193e1dd0a2fSth char *attribute = "dn"; 194e1dd0a2fSth char **key = NULL; 195e1dd0a2fSth char **ldapattribute = NULL; 196e1dd0a2fSth char *buffer[100]; 197e1dd0a2fSth char *err = NULL; 198e1dd0a2fSth char *p; 199e1dd0a2fSth int index = 1; 200e1dd0a2fSth int c; 201e1dd0a2fSth int rc; 202e1dd0a2fSth int verbose = 0; 203e1dd0a2fSth char *udata = NULL; 204e1dd0a2fSth 205e1dd0a2fSth ns_standalone_conf_t standalone_cfg = standaloneDefaults; 206e1dd0a2fSth ns_ldap_error_t *errorp = NULL; 207e1dd0a2fSth char *authmech = NULL; 208e1dd0a2fSth ns_auth_t auth = {NS_LDAP_AUTH_NONE, 209e1dd0a2fSth NS_LDAP_TLS_NONE, 210e1dd0a2fSth NS_LDAP_SASL_NONE, 211e1dd0a2fSth NS_LDAP_SASLOPT_NONE}; 2127c478bd9Sstevel@tonic-gate 2137c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 2147c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 2157c478bd9Sstevel@tonic-gate 2167c478bd9Sstevel@tonic-gate openlog("ldaplist", LOG_PID, LOG_USER); 2177c478bd9Sstevel@tonic-gate 218e1dd0a2fSth if (argc == 2 && 219e1dd0a2fSth strlen(argv[1]) == 2 && strncmp(argv[1], "-h", 2) == 0) { 220e1dd0a2fSth /* preserve backwards compatability, support old -h option */ 221e1dd0a2fSth (void) printMapping(); 222e1dd0a2fSth exit(0); 223e1dd0a2fSth } 224e1dd0a2fSth 225e1dd0a2fSth while ((c = getopt(argc, argv, "h:M:N:P:r:a:D:w:j:dgvl")) != EOF) { 2267c478bd9Sstevel@tonic-gate switch (c) { 2277c478bd9Sstevel@tonic-gate case 'd': 2287c478bd9Sstevel@tonic-gate listflag |= NS_LDAP_SCOPE_BASE; 2297c478bd9Sstevel@tonic-gate break; 230e1dd0a2fSth case 'g': 2317c478bd9Sstevel@tonic-gate (void) printMapping(); 2327c478bd9Sstevel@tonic-gate exit(0); 233b446700bSjanga break; /* Never reached */ 2347c478bd9Sstevel@tonic-gate case 'l': 2357c478bd9Sstevel@tonic-gate attribute = "NULL"; 2367c478bd9Sstevel@tonic-gate break; 2377c478bd9Sstevel@tonic-gate case 'v': 2387c478bd9Sstevel@tonic-gate verbose = 1; 2397c478bd9Sstevel@tonic-gate break; 240e1dd0a2fSth case 'M': 241e1dd0a2fSth standalone_cfg.type = NS_LDAP_SERVER; 242e1dd0a2fSth standalone_cfg.SA_DOMAIN = optarg; 243e1dd0a2fSth break; 244e1dd0a2fSth case 'h': 245e1dd0a2fSth standalone_cfg.type = NS_LDAP_SERVER; 246e1dd0a2fSth if (separatePort(optarg, 247e1dd0a2fSth &standalone_cfg.SA_SERVER, 248e1dd0a2fSth &standalone_cfg.SA_PORT) > 0) { 249e1dd0a2fSth exit(1); 250e1dd0a2fSth } 251e1dd0a2fSth break; 252e1dd0a2fSth case 'P': 253e1dd0a2fSth standalone_cfg.type = NS_LDAP_SERVER; 254e1dd0a2fSth standalone_cfg.SA_CERT_PATH = optarg; 255e1dd0a2fSth break; 256e1dd0a2fSth case 'N': 257e1dd0a2fSth standalone_cfg.type = NS_LDAP_SERVER; 258e1dd0a2fSth standalone_cfg.SA_PROFILE_NAME = optarg; 259e1dd0a2fSth break; 260e1dd0a2fSth case 'D': 261e1dd0a2fSth standalone_cfg.type = NS_LDAP_SERVER; 262e1dd0a2fSth standalone_cfg.SA_BIND_DN = strdup(optarg); 263e1dd0a2fSth break; 264e1dd0a2fSth case 'w': 265e1dd0a2fSth if (standalone_cfg.SA_BIND_PWD != NULL) { 266e1dd0a2fSth (void) fprintf(stderr, 267e1dd0a2fSth gettext("The -w option is mutually " 268e1dd0a2fSth "exclusive of -j. -w is ignored.\n")); 269e1dd0a2fSth break; 270e1dd0a2fSth } 271e1dd0a2fSth 272e1dd0a2fSth if (optarg != NULL && 273e1dd0a2fSth optarg[0] == '-' && optarg[1] == '\0') { 274e1dd0a2fSth /* Ask for a password later */ 275e1dd0a2fSth break; 276e1dd0a2fSth } 277e1dd0a2fSth 278e1dd0a2fSth standalone_cfg.type = NS_LDAP_SERVER; 279e1dd0a2fSth standalone_cfg.SA_BIND_PWD = strdup(optarg); 280e1dd0a2fSth break; 281e1dd0a2fSth case 'j': 282e1dd0a2fSth if (standalone_cfg.SA_BIND_PWD != NULL) { 283e1dd0a2fSth (void) fprintf(stderr, 284e1dd0a2fSth gettext("The -w option is mutually " 285e1dd0a2fSth "exclusive of -j. -w is ignored.\n")); 286e1dd0a2fSth free(standalone_cfg.SA_BIND_PWD); 287e1dd0a2fSth } 288e1dd0a2fSth standalone_cfg.type = NS_LDAP_SERVER; 289e1dd0a2fSth standalone_cfg.SA_BIND_PWD = readPwd(optarg); 290e1dd0a2fSth if (standalone_cfg.SA_BIND_PWD == NULL) { 291e1dd0a2fSth exit(1); 292e1dd0a2fSth } 293e1dd0a2fSth break; 294e1dd0a2fSth case 'a': 295e1dd0a2fSth authmech = optarg; 296e1dd0a2fSth break; 2977c478bd9Sstevel@tonic-gate default: 2987c478bd9Sstevel@tonic-gate usage(gettext("Invalid option")); 2997c478bd9Sstevel@tonic-gate } 3007c478bd9Sstevel@tonic-gate } 301e1dd0a2fSth 302e1dd0a2fSth if (standalone_cfg.type == NS_LDAP_SERVER && 303e1dd0a2fSth standalone_cfg.SA_SERVER == NULL) { 304e1dd0a2fSth (void) fprintf(stderr, 305e1dd0a2fSth gettext("Please specify an LDAP server you want " 306e1dd0a2fSth "to connect to. \n")); 307e1dd0a2fSth exit(1); 308e1dd0a2fSth } 309e1dd0a2fSth 3107c478bd9Sstevel@tonic-gate if ((c = argc - optind) > 0) 3117c478bd9Sstevel@tonic-gate database = argv[optind++]; 3127c478bd9Sstevel@tonic-gate if ((--c) > 0) 3137c478bd9Sstevel@tonic-gate key = &argv[optind]; 3147c478bd9Sstevel@tonic-gate 315e1dd0a2fSth if (authmech != NULL) { 316e1dd0a2fSth if (__ns_ldap_initAuth(authmech, 317e1dd0a2fSth &auth, 318e1dd0a2fSth &errorp) != NS_LDAP_SUCCESS) { 319e1dd0a2fSth if (errorp) { 320e1dd0a2fSth (void) fprintf(stderr, "%s", errorp->message); 321e1dd0a2fSth (void) __ns_ldap_freeError(&errorp); 322e1dd0a2fSth } 323e1dd0a2fSth exit(1); 324e1dd0a2fSth } 325e1dd0a2fSth } 326e1dd0a2fSth 327e1dd0a2fSth if (auth.saslmech != NS_LDAP_SASL_GSSAPI && 328e1dd0a2fSth standalone_cfg.SA_BIND_DN != NULL && 329e1dd0a2fSth standalone_cfg.SA_BIND_PWD == NULL) { 330e1dd0a2fSth /* If password is not specified, then prompt user for it. */ 331e1dd0a2fSth standalone_cfg.SA_BIND_PWD = 332e1dd0a2fSth strdup(getpassphrase("Enter password:")); 333e1dd0a2fSth } 334e1dd0a2fSth 335e1dd0a2fSth standalone_cfg.SA_AUTH = (authmech == NULL) ? NULL : &auth; 336e1dd0a2fSth 337e1dd0a2fSth if (__ns_ldap_initStandalone(&standalone_cfg, 338e1dd0a2fSth &errorp) != NS_LDAP_SUCCESS) { 339e1dd0a2fSth if (errorp) { 340e1dd0a2fSth (void) fprintf(stderr, "%s\n", errorp->message); 341e1dd0a2fSth (void) __ns_ldap_freeError(&errorp); 342e1dd0a2fSth } 343e1dd0a2fSth exit(1); 344e1dd0a2fSth } 345e1dd0a2fSth 346e1dd0a2fSth if (authmech != NULL) { 347e1dd0a2fSth if (__ns_ldap_setParam(NS_LDAP_AUTH_P, 348e1dd0a2fSth authmech, &errorp) != NS_LDAP_SUCCESS) { 349e1dd0a2fSth __ns_ldap_cancelStandalone(); 350e1dd0a2fSth if (errorp != NULL) { 351e1dd0a2fSth (void) fprintf(stderr, "%s", errorp->message); 352e1dd0a2fSth (void) __ns_ldap_freeError(&errorp); 353e1dd0a2fSth } 354e1dd0a2fSth exit(1); 355e1dd0a2fSth } 356e1dd0a2fSth } 357e1dd0a2fSth if (standalone_cfg.SA_CRED != NULL) { 358e1dd0a2fSth if (__ns_ldap_setParam(NS_LDAP_CREDENTIAL_LEVEL_P, 359e1dd0a2fSth standalone_cfg.SA_CRED, &errorp) != NS_LDAP_SUCCESS) { 360e1dd0a2fSth __ns_ldap_cancelStandalone(); 361e1dd0a2fSth if (errorp != NULL) { 362e1dd0a2fSth (void) fprintf(stderr, "%s", errorp->message); 363e1dd0a2fSth (void) __ns_ldap_freeError(&errorp); 364e1dd0a2fSth } 365e1dd0a2fSth exit(1); 366e1dd0a2fSth } 367e1dd0a2fSth } 368e1dd0a2fSth 369e1dd0a2fSth if (standalone_cfg.type != NS_CACHEMGR && 370e1dd0a2fSth standalone_cfg.SA_BIND_DN != NULL) { 371e1dd0a2fSth ns_auth_t **authpp = NULL, **authp = NULL; 372e1dd0a2fSth 373e1dd0a2fSth if (__ns_ldap_getParam(NS_LDAP_AUTH_P, 374e1dd0a2fSth (void ***)&authpp, 375e1dd0a2fSth &errorp) != NS_LDAP_SUCCESS || authpp == NULL) { 376e1dd0a2fSth __ns_ldap_cancelStandalone(); 377e1dd0a2fSth (void) __ns_ldap_freeParam((void ***)&authpp); 378e1dd0a2fSth if (errorp) { 379e1dd0a2fSth (void) fprintf(stderr, 380e1dd0a2fSth gettext(errorp->message)); 381e1dd0a2fSth (void) __ns_ldap_freeError(&errorp); 382e1dd0a2fSth } 383e1dd0a2fSth exit(1); 384e1dd0a2fSth } 385e1dd0a2fSth for (authp = authpp; *authp; authp++) { 386e1dd0a2fSth if ((*authp)->saslmech == NS_LDAP_SASL_GSSAPI) { 387e1dd0a2fSth /* 388e1dd0a2fSth * For now we have no use for bindDN and 389e1dd0a2fSth * bindPassword when using SASL/GSSAPI. 390e1dd0a2fSth */ 391e1dd0a2fSth (void) fprintf(stderr, 392e1dd0a2fSth gettext("Warning: SASL/GSSAPI will be " 393e1dd0a2fSth "used as an authentication method" 394e1dd0a2fSth "The bind DN and password will " 395e1dd0a2fSth "be ignored.\n")); 396e1dd0a2fSth break; 397e1dd0a2fSth } 398e1dd0a2fSth } 399e1dd0a2fSth } 400e1dd0a2fSth 4017c478bd9Sstevel@tonic-gate /* 4027c478bd9Sstevel@tonic-gate * If dumpping a database, 4037c478bd9Sstevel@tonic-gate * or all the containers, 4047c478bd9Sstevel@tonic-gate * use page control just 4057c478bd9Sstevel@tonic-gate * in case there are too many entries 4067c478bd9Sstevel@tonic-gate */ 4077c478bd9Sstevel@tonic-gate if (!key && !(listflag & NS_LDAP_SCOPE_BASE)) 4087c478bd9Sstevel@tonic-gate listflag |= NS_LDAP_PAGE_CTRL; 4097c478bd9Sstevel@tonic-gate 4107c478bd9Sstevel@tonic-gate /* build the attribute array */ 4117c478bd9Sstevel@tonic-gate if (strncasecmp(attribute, "NULL", 4) == 0) 4127c478bd9Sstevel@tonic-gate ldapattribute = NULL; 4137c478bd9Sstevel@tonic-gate else { 4147c478bd9Sstevel@tonic-gate buffer[0] = strdup(attribute); 4157c478bd9Sstevel@tonic-gate while ((p = strchr(attribute, ',')) != NULL) { 4167c478bd9Sstevel@tonic-gate buffer[index++] = attribute = p + 1; 4177c478bd9Sstevel@tonic-gate *p = '\0'; 4187c478bd9Sstevel@tonic-gate } 4197c478bd9Sstevel@tonic-gate buffer[index] = NULL; 4207c478bd9Sstevel@tonic-gate ldapattribute = buffer; 4217c478bd9Sstevel@tonic-gate } 4227c478bd9Sstevel@tonic-gate 4237c478bd9Sstevel@tonic-gate /* build the filter */ 4247c478bd9Sstevel@tonic-gate if (database && (strcasecmp(database, "publickey") == NULL)) { 4257c478bd9Sstevel@tonic-gate /* user publickey lookup */ 4267c478bd9Sstevel@tonic-gate char *err1 = NULL; 4277c478bd9Sstevel@tonic-gate int rc1; 4287c478bd9Sstevel@tonic-gate 4297c478bd9Sstevel@tonic-gate rc = rc1 = -1; 4307c478bd9Sstevel@tonic-gate ldapfilter = set_filter_publickey(key, database, 0, &udata); 4317c478bd9Sstevel@tonic-gate if (ldapfilter) { 4327c478bd9Sstevel@tonic-gate if (verbose) { 433b446700bSjanga (void) fprintf(stdout, 434e1dd0a2fSth gettext("+++ database=%s\n"), 435e1dd0a2fSth (database ? database : "NULL")); 436b446700bSjanga (void) fprintf(stdout, 437e1dd0a2fSth gettext("+++ filter=%s\n"), 438e1dd0a2fSth (ldapfilter ? ldapfilter : "NULL")); 439b446700bSjanga (void) fprintf(stdout, 4407c478bd9Sstevel@tonic-gate gettext("+++ template for merging" 441e1dd0a2fSth "SSD filter=%s\n"), 442e1dd0a2fSth (udata ? udata : "NULL")); 4437c478bd9Sstevel@tonic-gate } 4447c478bd9Sstevel@tonic-gate rc = list("passwd", ldapfilter, ldapattribute, 445e1dd0a2fSth &err, udata); 4467c478bd9Sstevel@tonic-gate free(ldapfilter); 4477c478bd9Sstevel@tonic-gate free(udata); 4487c478bd9Sstevel@tonic-gate } 4497c478bd9Sstevel@tonic-gate /* hosts publickey lookup */ 4507c478bd9Sstevel@tonic-gate ldapfilter = set_filter_publickey(key, database, 1, &udata); 4517c478bd9Sstevel@tonic-gate if (ldapfilter) { 4527c478bd9Sstevel@tonic-gate if (verbose) { 453b446700bSjanga (void) fprintf(stdout, 454e1dd0a2fSth gettext("+++ database=%s\n"), 455e1dd0a2fSth (database ? database : "NULL")); 456b446700bSjanga (void) fprintf(stdout, 457e1dd0a2fSth gettext("+++ filter=%s\n"), 458e1dd0a2fSth (ldapfilter ? ldapfilter : "NULL")); 459b446700bSjanga (void) fprintf(stdout, 4607c478bd9Sstevel@tonic-gate gettext("+++ template for merging" 461e1dd0a2fSth "SSD filter=%s\n"), 462e1dd0a2fSth (udata ? udata : "NULL")); 4637c478bd9Sstevel@tonic-gate } 4647c478bd9Sstevel@tonic-gate rc1 = list("hosts", ldapfilter, ldapattribute, 465e1dd0a2fSth &err1, udata); 4667c478bd9Sstevel@tonic-gate free(ldapfilter); 4677c478bd9Sstevel@tonic-gate free(udata); 4687c478bd9Sstevel@tonic-gate } 4697c478bd9Sstevel@tonic-gate if (rc == -1 && rc1 == -1) { 4707c478bd9Sstevel@tonic-gate /* this should never happen */ 471b446700bSjanga (void) fprintf(stderr, 4727c478bd9Sstevel@tonic-gate gettext("ldaplist: invalid publickey lookup\n")); 4737c478bd9Sstevel@tonic-gate rc = 2; 474*5aa2fb58SChin-Long Shu } else if (rc != 0 && rc1 != 0) { 475b446700bSjanga (void) fprintf(stderr, 4767c478bd9Sstevel@tonic-gate gettext("ldaplist: %s\n"), (err ? err : err1)); 4777c478bd9Sstevel@tonic-gate if (rc == -1) 4787c478bd9Sstevel@tonic-gate rc = rc1; 4797c478bd9Sstevel@tonic-gate } else 4807c478bd9Sstevel@tonic-gate rc = 0; 4817c478bd9Sstevel@tonic-gate exit(switch_err(rc)); 4827c478bd9Sstevel@tonic-gate } 4837c478bd9Sstevel@tonic-gate 4847c478bd9Sstevel@tonic-gate /* 4857c478bd9Sstevel@tonic-gate * we set the search filter to (objectclass=*) when we want 4867c478bd9Sstevel@tonic-gate * to list the directory attribute instead of the entries 4877c478bd9Sstevel@tonic-gate * (the -d option). 4887c478bd9Sstevel@tonic-gate */ 4897c478bd9Sstevel@tonic-gate if (((ldapfilter = set_filter(key, database, &udata)) == NULL) || 490e1dd0a2fSth (listflag == NS_LDAP_SCOPE_BASE)) { 4917c478bd9Sstevel@tonic-gate ldapfilter = strdup("objectclass=*"); 4927c478bd9Sstevel@tonic-gate udata = strdup("%s"); 4937c478bd9Sstevel@tonic-gate } 4947c478bd9Sstevel@tonic-gate 4957c478bd9Sstevel@tonic-gate if (verbose) { 496b446700bSjanga (void) fprintf(stdout, gettext("+++ database=%s\n"), 497e1dd0a2fSth (database ? database : "NULL")); 498b446700bSjanga (void) fprintf(stdout, gettext("+++ filter=%s\n"), 499e1dd0a2fSth (ldapfilter ? ldapfilter : "NULL")); 500b446700bSjanga (void) fprintf(stdout, 501e1dd0a2fSth gettext("+++ template for merging SSD filter=%s\n"), 502e1dd0a2fSth (udata ? udata : "NULL")); 5037c478bd9Sstevel@tonic-gate } 5047c478bd9Sstevel@tonic-gate if (rc = list(database, ldapfilter, ldapattribute, &err, udata)) 505b446700bSjanga (void) fprintf(stderr, gettext("ldaplist: %s\n"), err); 506e1dd0a2fSth 507e1dd0a2fSth __ns_ldap_cancelStandalone(); 508e1dd0a2fSth 5097c478bd9Sstevel@tonic-gate if (ldapfilter) 5107c478bd9Sstevel@tonic-gate free(ldapfilter); 5117c478bd9Sstevel@tonic-gate if (udata) 5127c478bd9Sstevel@tonic-gate free(udata); 5137c478bd9Sstevel@tonic-gate exit(switch_err(rc)); 514b446700bSjanga return (0); /* Never reached */ 5157c478bd9Sstevel@tonic-gate } 516