From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 18 Nov 2005 00:18:53 +0000 (+0000)
Subject: Limit use of deprecated ldap_bind(3) to LDAPv2 KBIND
X-Git-Tag: OPENLDAP_REL_ENG_2_4_BP~786
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=2707ba1ddffd6a777d6c1f3a3d57c28c0397fdbc;p=openldap

Limit use of deprecated ldap_bind(3) to LDAPv2 KBIND
---

diff --git a/clients/tools/common.c b/clients/tools/common.c
index a9d2bcc749..1581e42d8d 100644
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -49,11 +49,9 @@
 
 #include "common.h"
 
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 #if !LDAP_DEPRECATED
-/*
- * NOTE: we declare it here only because we want to keep supporting
- * (how long?) ancient, deprecated LDAP_AUTH_KRB* auth methods
- */
+/* Necessary for old LDAPv2 Kerberos Bind methods */
 LDAP_F( int )
 ldap_bind LDAP_P((	/* deprecated */
 	LDAP *ld,
@@ -61,6 +59,7 @@ ldap_bind LDAP_P((	/* deprecated */
 	LDAP_CONST char *passwd,
 	int authmethod ));
 #endif
+#endif
 
 int   authmethod = -1;
 char *binddn = NULL;
@@ -788,6 +787,7 @@ tool_args( int argc, char **argv )
 			exit( EXIT_FAILURE );
 		}
 	}
+
 	if( protocol == LDAP_VERSION2 ) {
 		if( assertctl || authzid || manageDIT || manageDSAit ||
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
@@ -811,8 +811,9 @@ tool_args( int argc, char **argv )
 			exit( EXIT_FAILURE );
 		}
 #endif
-	} else {
+
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+	} else {
 		if ( authmethod == LDAP_AUTH_KRBV4 || authmethod == LDAP_AUTH_KRBV41 ) {
 			fprintf( stderr, "%s: -k/-K incompatible with LDAPv%d\n",
 				prog, protocol );
@@ -979,10 +980,24 @@ tool_bind( LDAP *ld )
 
 		msgbuf[0] = 0;
 
-		msgid = ldap_bind( ld, binddn, passwd.bv_val, authmethod );
-		if ( msgid == -1 ) {
-			tool_perror( "ldap_bind", -1, NULL, NULL, NULL, NULL );
-			exit( EXIT_FAILURE );
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+		if ( authmethod == LDAP_AUTH_KRBV4 || authmethod == LDAP_AUTH_KRBV41 ) {
+			msgid = ldap_bind( ld, binddn, passwd.bv_val, authmethod );
+			if ( msgid == -1 ) {
+				tool_perror( "ldap_bind", -1, NULL, NULL, NULL, NULL );
+				exit( EXIT_FAILURE );
+			}
+		} else
+#endif
+		{
+			/* simple bind */
+			rc = ldap_sasl_bind( ld, binddn, LDAP_SASL_SIMPLE,
+				&passwd, NULL, NULL, &msgid );
+			if ( msgid == -1 ) {
+				tool_perror( "ldap_sasl_bind(SIMPLE)", rc,
+					NULL, NULL, NULL, NULL );
+				exit( EXIT_FAILURE );
+			}
 		}
 
 		if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 ) {