/* $OpenLDAP$ */
/*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include <ac/signal.h>
#include <ac/string.h>
#include <ac/unistd.h>
+#include <ac/errno.h>
+#include <sys/stat.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
#ifdef HAVE_IO_H
#include <io.h>
#endif
static char *urlpre = NULL;
static char *binddn = NULL;
-static char *passwd = NULL;
+static struct berval passwd = { 0, NULL };
static char *base = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
ldapport = atoi( optarg );
break;
case 'w': /* bind password */
- passwd = strdup( optarg );
+ passwd.bv_val = strdup( optarg );
{
char* p;
*p = '*';
}
}
+ passwd.bv_len = strlen( passwd.bv_val );
break;
case 'l': /* time limit */
timelimit = atoi( optarg );
if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
LDAP_AUTH_KRBV41 ) ) {
- if( version != LDAP_VERSION2 ) {
-
+ if( version > LDAP_VERSION2 ) {
fprintf( stderr, "Kerberos requires LDAPv2\n" );
return( EXIT_FAILURE );
}
+ version = LDAP_VERSION2;
}
else if ( authmethod == LDAP_AUTH_SASL ) {
- if( version != LDAP_VERSION3 ) {
+ if( version != -1 && version != LDAP_VERSION3 ) {
fprintf( stderr, "SASL requires LDAPv3\n" );
return( EXIT_FAILURE );
}
+ version = LDAP_VERSION3;
}
if( manageDSAit ) {
- if( version != LDAP_VERSION3 ) {
+ if( version != -1 && version != LDAP_VERSION3 ) {
fprintf(stderr, "manage DSA control requires LDAPv3\n");
return EXIT_FAILURE;
}
+ version = LDAP_VERSION3;
+ }
+
+ if( use_tls ) {
+ if( version != -1 && version != LDAP_VERSION3 ) {
+ fprintf(stderr, "Start TLS requires LDAPv3\n");
+ return EXIT_FAILURE;
+ }
+ version = LDAP_VERSION3;
}
if ( argc - optind < 1 ) {
}
if( urlpre == NULL ) {
- urlpre = malloc( sizeof("file:///") + strlen(tmpdir) );
+ urlpre = malloc( sizeof("file:////") + strlen(tmpdir) );
if( urlpre == NULL ) {
perror( "malloc" );
}
if (want_bindpw) {
- passwd = getpass("Enter LDAP Password: ");
+ passwd.bv_val = getpassphrase("Enter LDAP Password: ");
+ passwd.bv_len = strlen( passwd.bv_val );
}
if ( authmethod == LDAP_AUTH_SASL ) {
return( EXIT_FAILURE );
}
- if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
- sasl_authz_id, sasl_mech, NULL, NULL, NULL )
- != LDAP_SUCCESS ) {
- ldap_perror( ld, "ldap_sasl_bind" );
+ rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+ sasl_authz_id, sasl_mech,
+ passwd.bv_len ? &passwd : NULL,
+ NULL, NULL );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
return( EXIT_FAILURE );
}
#else
#endif
}
else {
- if ( ldap_bind_s( ld, binddn, passwd, authmethod )
+ if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
return( EXIT_FAILURE );
if ( vals2tmp > 1 || ( vals2tmp
&& ldif_is_not_printable( bvals[i]->bv_val, bvals[i]->bv_len ) ))
{
+ int tmpfd;
/* write value to file */
sprintf( tmpfname, "%s" LDAP_DIRSEP "ldapsearch-%s-XXXXXX",
tmpdir, a );
continue;
}
- if (( tmpfp = fopen( tmpfname, "w")) == NULL ) {
+ if (( tmpfd = open( tmpfname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) == -1 ) {
+ perror( tmpfname );
+ continue;
+ }
+
+ if (( tmpfp = fdopen( tmpfd, "w")) == NULL ) {
perror( tmpfname );
continue;
}