From: Kurt Zeilenga Date: Tue, 16 May 2000 02:16:54 +0000 (+0000) Subject: Fix password handling for SASL X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2954 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9267700fb90f2e3e4b341c359bf88bb845420029;p=openldap Fix password handling for SASL --- diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index 5f29a4cab5..5a69de52a8 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -20,7 +20,7 @@ #include static char *binddn = NULL; -static char *passwd = NULL; +static struct berval passwd = { 0, NULL}; static char *ldaphost = NULL; static int ldapport = 0; static int prune = 0; @@ -119,7 +119,7 @@ main( int argc, char **argv ) binddn = strdup( optarg ); break; case 'w': /* password */ - passwd = strdup( optarg ); + passwd.bv_val = strdup( optarg ); { char* p; @@ -127,6 +127,7 @@ main( int argc, char **argv ) *p = '*'; } } + passwd.bv_len = strlen( passwd.bv_val ); break; case 'f': /* read DNs from a file */ if (( fp = fopen( optarg, "r" )) == NULL ) { @@ -317,7 +318,8 @@ main( int argc, char **argv ) } if (want_bindpw) - passwd = getpass("Enter LDAP Password: "); + passwd.bv_val = getpass("Enter LDAP Password: "); + passwd.bv_len = strlen( passwd.bv_val ); if ( authmethod == LDAP_AUTH_SASL ) { #ifdef HAVE_CYRUS_SASL @@ -345,10 +347,13 @@ main( int argc, char **argv ) return( EXIT_FAILURE ); } - if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, - sasl_authz_id, sasl_mech, NULL, NULL, NULL ) - != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_sasl_bind" ); + rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, + sasl_authz_id, sasl_mech, + passwd.bv_len ? &passwd : NULL, + NULL, NULL ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_negotiated_sasl_bind_s" ); return( EXIT_FAILURE ); } #else @@ -358,7 +363,7 @@ main( int argc, char **argv ) #endif } else { - if ( ldap_bind_s( ld, binddn, passwd, authmethod ) + if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); return( EXIT_FAILURE ); diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index 86343417ce..ea00cb33fd 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -35,7 +35,7 @@ static char *prog; static char *binddn = NULL; -static char *passwd = NULL; +static struct berval passwd = { 0, NULL}; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL @@ -184,7 +184,7 @@ main( int argc, char **argv ) binddn = strdup( optarg ); break; case 'w': /* password */ - passwd = strdup( optarg ); + passwd.bv_val = strdup( optarg ); { char* p; @@ -192,6 +192,7 @@ main( int argc, char **argv ) *p = '*'; } } + passwd.bv_len = strlen( passwd.bv_val ); break; case 'd': debug |= atoi( optarg ); @@ -381,7 +382,8 @@ main( int argc, char **argv ) } if (want_bindpw) - passwd = getpass("Enter LDAP Password: "); + passwd.bv_val = getpass("Enter LDAP Password: "); + passwd.bv_len = strlen( passwd.bv_val ); if ( authmethod == LDAP_AUTH_SASL ) { #ifdef HAVE_CYRUS_SASL @@ -409,10 +411,13 @@ main( int argc, char **argv ) return( EXIT_FAILURE ); } - if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, - sasl_authz_id, sasl_mech, NULL, NULL, NULL ) - != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_sasl_bind" ); + rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, + sasl_authz_id, sasl_mech, + passwd.bv_len ? &passwd : NULL, + NULL, NULL ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_negotiated_sasl_bind_s" ); return( EXIT_FAILURE ); } #else @@ -422,7 +427,7 @@ main( int argc, char **argv ) #endif } else { - if ( ldap_bind_s( ld, binddn, passwd, authmethod ) + if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); return( EXIT_FAILURE ); diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 8f4ff512e8..5b7a403621 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -32,7 +32,7 @@ #include static char *binddn = NULL; -static char *passwd = NULL; +static struct berval passwd = { 0, NULL}; static char *ldaphost = NULL; static int ldapport = 0; #ifdef HAVE_CYRUS_SASL @@ -138,7 +138,7 @@ main(int argc, char **argv) version = LDAP_VERSION3; /* This option => force V3 */ break; case 'w': /* password */ - passwd = strdup( optarg ); + passwd.bv_val = strdup( optarg ); { char* p; @@ -146,6 +146,7 @@ main(int argc, char **argv) *p = '*'; } } + passwd.bv_len = strlen( passwd.bv_val ); break; case 'd': debug |= atoi( optarg ); @@ -364,7 +365,8 @@ main(int argc, char **argv) } if (want_bindpw) - passwd = getpass("Enter LDAP Password: "); + passwd.bv_val = getpass("Enter LDAP Password: "); + passwd.bv_len = strlen( passwd.bv_val ); if ( authmethod == LDAP_AUTH_SASL ) { #ifdef HAVE_CYRUS_SASL @@ -392,10 +394,13 @@ main(int argc, char **argv) return( EXIT_FAILURE ); } - if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, - sasl_authz_id, sasl_mech, NULL, NULL, NULL ) - != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_sasl_bind" ); + rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, + sasl_authz_id, sasl_mech, + passwd.bv_len ? &passwd : NULL, + NULL, NULL ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_negotiated_sasl_bind_s" ); return( EXIT_FAILURE ); } #else @@ -405,7 +410,7 @@ main(int argc, char **argv) #endif } else { - if ( ldap_bind_s( ld, binddn, passwd, authmethod ) + if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); return( EXIT_FAILURE ); diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index 8546a42764..ec96349ec7 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -64,7 +64,7 @@ main( int argc, char *argv[] ) char *dn = NULL; char *binddn = NULL; - char *bindpw = NULL; + struct berval passwd = { 0, NULL}; char *newpw = NULL; char *oldpw = NULL; @@ -158,8 +158,7 @@ main( int argc, char *argv[] ) break; case 'w': /* bind password */ - bindpw = strdup (optarg); - + passwd.bv_val = strdup (optarg); { char* p; @@ -167,6 +166,7 @@ main( int argc, char *argv[] ) *p = '*'; } } + passwd.bv_len = strlen( passwd.bv_val ); break; case 'I': @@ -271,13 +271,17 @@ main( int argc, char *argv[] ) binddn = dn; dn = NULL; - if( bindpw == NULL ) bindpw = oldpw; + if( passwd.bv_val == NULL ) { + passwd.bv_val = oldpw; + passwd.bv_len = oldpw == NULL ? 0 : strlen( oldpw ); + } } - if (want_bindpw && bindpw == NULL ) { + if (want_bindpw && passwd.bv_val == NULL ) { /* handle bind password */ fprintf( stderr, "Bind DN: %s\n", binddn ); - bindpw = strdup( getpass("Enter bind password: ")); + passwd.bv_val = strdup( getpass("Enter bind password: ")); + passwd.bv_len = strlen( passwd.bv_val ); } if ( debug ) { @@ -343,10 +347,13 @@ main( int argc, char *argv[] ) return( EXIT_FAILURE ); } - if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, - sasl_authz_id, sasl_mech, NULL, NULL, NULL ) - != LDAP_SUCCESS ) { - ldap_perror( ld, "ldap_sasl_bind" ); + rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id, + sasl_authz_id, sasl_mech, + bindpw.bv_len ? &bindpw : NULL, + NULL, NULL ); + + if( rc != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_negotiated_sasl_bind_s" ); return( EXIT_FAILURE ); } #else @@ -356,7 +363,7 @@ main( int argc, char *argv[] ) #endif } else { - if ( ldap_bind_s( ld, binddn, bindpw, authmethod ) + if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); return( EXIT_FAILURE );