X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldapsearch.c;h=da6831074139dffcfe6e7859ac642aa9407b9cee;hb=8045b54124f0365b3d34d9d3220256f052f2b76b;hp=ab700a729b9bbf287dd902275d0b588c3cd2d139;hpb=c02d7e2cb6afb75c6896869d89f7f2f0e378cd31;p=openldap

diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c
index ab700a729b..da68310741 100644
--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@@ -1,6 +1,6 @@
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -14,7 +14,15 @@
 #include <ac/signal.h>
 #include <ac/string.h>
 #include <ac/unistd.h>
+#include <ac/errno.h>
+#include <sys/stat.h>
 
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
 #ifdef HAVE_IO_H
 #include <io.h>
 #endif
@@ -112,7 +120,7 @@ static char *tmpdir = NULL;
 static char *urlpre = NULL;
 
 static char	*binddn = NULL;
-static char	*passwd = NULL;
+static struct berval passwd = { 0, NULL };
 static char	*base = NULL;
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
@@ -255,7 +263,7 @@ main( int argc, char **argv )
 		ldapport = atoi( optarg );
 		break;
 	case 'w':	/* bind password */
-		passwd = strdup( optarg );
+		passwd.bv_val = strdup( optarg );
 		{
 			char* p;
 
@@ -263,6 +271,7 @@ main( int argc, char **argv )
 				*p = '*';
 			}
 		}
+		passwd.bv_len = strlen( passwd.bv_val );
 		break;
 	case 'l':	/* time limit */
 		timelimit = atoi( optarg );
@@ -363,24 +372,34 @@ main( int argc, char **argv )
 
 	if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
 			LDAP_AUTH_KRBV41 ) ) {
-		if( version != LDAP_VERSION2 ) {
-
+		if( version > LDAP_VERSION2 ) {
 			fprintf( stderr, "Kerberos requires LDAPv2\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION2;
 	}
 	else if ( authmethod == LDAP_AUTH_SASL ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 && version != LDAP_VERSION3 ) {
 			fprintf( stderr, "SASL requires LDAPv3\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION3;
 	}
 
 	if( manageDSAit ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 && version != LDAP_VERSION3 ) {
 			fprintf(stderr, "manage DSA control requires LDAPv3\n");
 			return EXIT_FAILURE;
 		}
+		version = LDAP_VERSION3;
+	}
+
+	if( use_tls ) {
+		if( version != -1 && version != LDAP_VERSION3 ) {
+			fprintf(stderr, "Start TLS requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
 	}
 
 	if ( argc - optind < 1 ) {
@@ -426,7 +445,7 @@ main( int argc, char **argv )
 	}
 
 	if( urlpre == NULL ) {
-		urlpre = malloc( sizeof("file:///") + strlen(tmpdir) );
+		urlpre = malloc( sizeof("file:////") + strlen(tmpdir) );
 
 		if( urlpre == NULL ) {
 			perror( "malloc" );
@@ -502,7 +521,8 @@ main( int argc, char **argv )
 	}
 
 	if (want_bindpw) {
-		passwd = getpass("Enter LDAP Password: ");
+		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
+		passwd.bv_len = strlen( passwd.bv_val );
 	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
@@ -531,10 +551,13 @@ main( int argc, char **argv )
 			return( EXIT_FAILURE );
 		}
 		
-		if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
-				sasl_authz_id, sasl_mech, NULL, NULL, NULL )
-					!= LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_sasl_bind" );
+		rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+				sasl_authz_id, sasl_mech,
+				passwd.bv_len ? &passwd : NULL,
+				NULL, NULL );
+
+		if( rc != LDAP_SUCCESS ) {
+			ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
 			return( EXIT_FAILURE );
 		}
 #else
@@ -544,7 +567,7 @@ main( int argc, char **argv )
 #endif
 	}
 	else {
-		if ( ldap_bind_s( ld, binddn, passwd, authmethod )
+		if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
 				!= LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_bind" );
 			return( EXIT_FAILURE );
@@ -784,6 +807,7 @@ print_entry(
 				if ( vals2tmp > 1 || ( vals2tmp
 					&& ldif_is_not_printable( bvals[i]->bv_val, bvals[i]->bv_len ) ))
 				{
+					int tmpfd;
 					/* write value to file */
 					sprintf( tmpfname, "%s" LDAP_DIRSEP "ldapsearch-%s-XXXXXX",
 						tmpdir, a );
@@ -794,7 +818,12 @@ print_entry(
 						continue;
 					}
 
-					if (( tmpfp = fopen( tmpfname, "w")) == NULL ) {
+					if (( tmpfd = open( tmpfname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) == -1 ) {
+						perror( tmpfname );
+						continue;
+					}
+
+					if (( tmpfp = fdopen( tmpfd, "w")) == NULL ) {
 						perror( tmpfname );
 						continue;
 					}