X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldapmodrdn.c;h=40615d047c8a4e3b740b96b76e126466921ad175;hb=49f414738569096eae2c94a4f05f0f3f2636b8b7;hp=dbfe1629f8907eb878ba91489fd8d343a1f1442c;hpb=c02d7e2cb6afb75c6896869d89f7f2f0e378cd31;p=openldap diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index dbfe1629f8..40615d047c 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -1,6 +1,6 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* ldapmodrdn.c - generic program to modify an entry's RDN using LDAP. @@ -28,11 +28,10 @@ #include #include -#include #include static char *binddn = NULL; -static char *passwd = NULL; +static struct berval passwd = { 0, NULL}; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL @@ -85,7 +84,7 @@ usage( const char *s ) " -W\t\tprompt for bind passwd\n" " -X id\t\tSASL authorization identity (\"dn:\" or \"u:\")\n" " -Y mech\t\tSASL mechanism\n" -" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n" +" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n" , s ); exit( EXIT_FAILURE ); @@ -138,7 +137,7 @@ main(int argc, char **argv) version = LDAP_VERSION3; /* This option => force V3 */ break; case 'w': /* password */ - passwd = strdup( optarg ); + passwd.bv_val = strdup( optarg ); { char* p; @@ -146,6 +145,7 @@ main(int argc, char **argv) *p = '*'; } } + passwd.bv_len = strlen( passwd.bv_val ); break; case 'd': debug |= atoi( optarg ); @@ -256,23 +256,34 @@ main(int argc, char **argv) if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod == LDAP_AUTH_KRBV41 ) ) { - if( version != LDAP_VERSION2 ) { + if( version > LDAP_VERSION2 ) { fprintf( stderr, "Kerberos requires LDAPv2\n" ); return( EXIT_FAILURE ); } + version = LDAP_VERSION2; } else if ( authmethod == LDAP_AUTH_SASL ) { - if( version != LDAP_VERSION3 ) { + if( version != -1 && version != LDAP_VERSION3 ) { fprintf( stderr, "SASL requires LDAPv3\n" ); return( EXIT_FAILURE ); } + version = LDAP_VERSION3; } if( manageDSAit ) { - if( version != LDAP_VERSION3 ) { + if( version != -1 && version != LDAP_VERSION3 ) { fprintf(stderr, "manage DSA control requires LDAPv3\n"); return EXIT_FAILURE; } + version = LDAP_VERSION3; + } + + if( use_tls ) { + if( version != -1 && version != LDAP_VERSION3 ) { + fprintf(stderr, "Start TLS requires LDAPv3\n"); + return EXIT_FAILURE; + } + version = LDAP_VERSION3; } if (newSuperior != NULL) { @@ -283,6 +294,7 @@ main(int argc, char **argv) usage( argv[0] ); return( EXIT_FAILURE ); } + version = LDAP_VERSION3; } havedn = 0; @@ -344,15 +356,17 @@ main(int argc, char **argv) fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); } - if ( use_tls && ldap_start_tls( ld, NULL, NULL ) != LDAP_SUCCESS ) { + if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) { if ( use_tls > 1 ) { ldap_perror( ld, "ldap_start_tls" ); return( EXIT_FAILURE ); } } - if (want_bindpw) - passwd = getpass("Enter LDAP Password: "); + if (want_bindpw) { + passwd.bv_val = getpassphrase("Enter LDAP Password: "); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + } if ( authmethod == LDAP_AUTH_SASL ) { #ifdef HAVE_CYRUS_SASL @@ -380,10 +394,13 @@ main(int argc, char **argv) return( EXIT_FAILURE ); } - if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, - sasl_authz_id, sasl_mech, NULL, NULL, NULL ) - != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_sasl_bind" ); + rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, + sasl_authz_id, sasl_mech, + passwd.bv_len ? &passwd : NULL, + NULL, NULL ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_negotiated_sasl_bind_s" ); return( EXIT_FAILURE ); } #else @@ -393,7 +410,7 @@ main(int argc, char **argv) #endif } else { - if ( ldap_bind_s( ld, binddn, passwd, authmethod ) + if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); return( EXIT_FAILURE );