From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 16 May 2000 02:16:54 +0000 (+0000)
Subject: Fix password handling for SASL
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2954
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9267700fb90f2e3e4b341c359bf88bb845420029;p=openldap

Fix password handling for SASL
---

diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c
index 5f29a4cab5..5a69de52a8 100644
--- a/clients/tools/ldapdelete.c
+++ b/clients/tools/ldapdelete.c
@@ -20,7 +20,7 @@
 #include <ldap.h>
 
 static char	*binddn = NULL;
-static char	*passwd = NULL;
+static struct berval passwd = { 0, NULL};
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 static int	prune = 0;
@@ -119,7 +119,7 @@ main( int argc, char **argv )
 	    binddn = strdup( optarg );
 	    break;
 	case 'w':	/* password */
-	    passwd = strdup( optarg );
+	    passwd.bv_val = strdup( optarg );
 		{
 			char* p;
 
@@ -127,6 +127,7 @@ main( int argc, char **argv )
 				*p = '*';
 			}
 		}
+		passwd.bv_len = strlen( passwd.bv_val );
 	    break;
 	case 'f':	/* read DNs from a file */
 	    if (( fp = fopen( optarg, "r" )) == NULL ) {
@@ -317,7 +318,8 @@ main( int argc, char **argv )
 	}
 
 	if (want_bindpw)
-		passwd = getpass("Enter LDAP Password: ");
+		passwd.bv_val = getpass("Enter LDAP Password: ");
+		passwd.bv_len = strlen( passwd.bv_val );
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL
@@ -345,10 +347,13 @@ main( int argc, char **argv )
 			return( EXIT_FAILURE );
 		}
 		
-		if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
-				sasl_authz_id, sasl_mech, NULL, NULL, NULL )
-					!= LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_sasl_bind" );
+		rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+				sasl_authz_id, sasl_mech,
+				passwd.bv_len ? &passwd : NULL,
+				NULL, NULL );
+
+		if( rc != LDAP_SUCCESS ) {
+			ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
 			return( EXIT_FAILURE );
 		}
 #else
@@ -358,7 +363,7 @@ main( int argc, char **argv )
 #endif
 	}
 	else {
-		if ( ldap_bind_s( ld, binddn, passwd, authmethod )
+		if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
 				!= LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_bind" );
 			return( EXIT_FAILURE );
diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c
index 86343417ce..ea00cb33fd 100644
--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
@@ -35,7 +35,7 @@
 
 static char	*prog;
 static char	*binddn = NULL;
-static char	*passwd = NULL;
+static struct berval passwd = { 0, NULL};
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
@@ -184,7 +184,7 @@ main( int argc, char **argv )
 	    binddn = strdup( optarg );
 	    break;
 	case 'w':	/* password */
-	    passwd = strdup( optarg );
+	    passwd.bv_val = strdup( optarg );
 		{
 			char* p;
 
@@ -192,6 +192,7 @@ main( int argc, char **argv )
 				*p = '*';
 			}
 		}
+		passwd.bv_len = strlen( passwd.bv_val );
 	    break;
 	case 'd':
 	    debug |= atoi( optarg );
@@ -381,7 +382,8 @@ main( int argc, char **argv )
 	}
 
 	if (want_bindpw)
-		passwd = getpass("Enter LDAP Password: ");
+		passwd.bv_val = getpass("Enter LDAP Password: ");
+		passwd.bv_len = strlen( passwd.bv_val );
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL
@@ -409,10 +411,13 @@ main( int argc, char **argv )
 			return( EXIT_FAILURE );
 		}
 		
-		if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
-				sasl_authz_id, sasl_mech, NULL, NULL, NULL )
-					!= LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_sasl_bind" );
+		rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+				sasl_authz_id, sasl_mech,
+				passwd.bv_len ? &passwd : NULL,
+				NULL, NULL );
+
+		if( rc != LDAP_SUCCESS ) {
+			ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
 			return( EXIT_FAILURE );
 		}
 #else
@@ -422,7 +427,7 @@ main( int argc, char **argv )
 #endif
 	}
 	else {
-		if ( ldap_bind_s( ld, binddn, passwd, authmethod )
+		if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
 				!= LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_bind" );
 			return( EXIT_FAILURE );
diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c
index 8f4ff512e8..5b7a403621 100644
--- a/clients/tools/ldapmodrdn.c
+++ b/clients/tools/ldapmodrdn.c
@@ -32,7 +32,7 @@
 #include <ldap.h>
 
 static char	*binddn = NULL;
-static char	*passwd = NULL;
+static struct berval passwd = { 0, NULL};
 static char	*ldaphost = NULL;
 static int	ldapport = 0;
 #ifdef HAVE_CYRUS_SASL
@@ -138,7 +138,7 @@ main(int argc, char **argv)
 	    version = LDAP_VERSION3;	/* This option => force V3 */
 	    break;
 	case 'w':	/* password */
-	    passwd = strdup( optarg );
+	    passwd.bv_val = strdup( optarg );
 		{
 			char* p;
 
@@ -146,6 +146,7 @@ main(int argc, char **argv)
 				*p = '*';
 			}
 		}
+		passwd.bv_len = strlen( passwd.bv_val );
 	    break;
 	case 'd':
 	    debug |= atoi( optarg );
@@ -364,7 +365,8 @@ main(int argc, char **argv)
 	}
 
 	if (want_bindpw)
-		passwd = getpass("Enter LDAP Password: ");
+		passwd.bv_val = getpass("Enter LDAP Password: ");
+		passwd.bv_len = strlen( passwd.bv_val );
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL
@@ -392,10 +394,13 @@ main(int argc, char **argv)
 			return( EXIT_FAILURE );
 		}
 		
-		if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
-				sasl_authz_id, sasl_mech, NULL, NULL, NULL )
-					!= LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_sasl_bind" );
+		rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+				sasl_authz_id, sasl_mech,
+				passwd.bv_len ? &passwd : NULL,
+				NULL, NULL );
+
+		if( rc != LDAP_SUCCESS ) {
+			ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
 			return( EXIT_FAILURE );
 		}
 #else
@@ -405,7 +410,7 @@ main(int argc, char **argv)
 #endif
 	}
 	else {
-		if ( ldap_bind_s( ld, binddn, passwd, authmethod )
+		if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
 				!= LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_bind" );
 			return( EXIT_FAILURE );
diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c
index 8546a42764..ec96349ec7 100644
--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@@ -64,7 +64,7 @@ main( int argc, char *argv[] )
 	char	*dn = NULL;
 	char	*binddn = NULL;
 
-	char	*bindpw = NULL;
+	struct berval passwd = { 0, NULL};
 	char	*newpw = NULL;
 	char	*oldpw = NULL;
 
@@ -158,8 +158,7 @@ main( int argc, char *argv[] )
 			break;
 
 		case 'w':	/* bind password */
-			bindpw = strdup (optarg);
-
+			passwd.bv_val = strdup (optarg);
 			{
 				char* p;
 
@@ -167,6 +166,7 @@ main( int argc, char *argv[] )
 					*p = '*';
 				}
 			}
+			passwd.bv_len = strlen( passwd.bv_val );
 			break;
 
 		case 'I':
@@ -271,13 +271,17 @@ main( int argc, char *argv[] )
 		binddn = dn;
 		dn = NULL;
 
-		if( bindpw == NULL ) bindpw = oldpw;
+		if( passwd.bv_val == NULL ) {
+			passwd.bv_val = oldpw;
+			passwd.bv_len = oldpw == NULL ? 0 : strlen( oldpw );
+		}
 	}
 
-	if (want_bindpw && bindpw == NULL ) {
+	if (want_bindpw && passwd.bv_val == NULL ) {
 		/* handle bind password */
 		fprintf( stderr, "Bind DN: %s\n", binddn );
-		bindpw = strdup( getpass("Enter bind password: "));
+		passwd.bv_val = strdup( getpass("Enter bind password: "));
+		passwd.bv_len = strlen( passwd.bv_val );
 	}
 
 	if ( debug ) {
@@ -343,10 +347,13 @@ main( int argc, char *argv[] )
 			return( EXIT_FAILURE );
 		}
 		
-		if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
-				sasl_authz_id, sasl_mech, NULL, NULL, NULL )
-					!= LDAP_SUCCESS ) {
-			ldap_perror( ld, "ldap_sasl_bind" );
+		rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+				sasl_authz_id, sasl_mech,
+				bindpw.bv_len ? &bindpw : NULL,
+				NULL, NULL );
+
+		if( rc != LDAP_SUCCESS ) {
+			ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
 			return( EXIT_FAILURE );
 		}
 #else
@@ -356,7 +363,7 @@ main( int argc, char *argv[] )
 #endif
 	}
 	else {
-		if ( ldap_bind_s( ld, binddn, bindpw, authmethod )
+		if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
 				!= LDAP_SUCCESS ) {
 			ldap_perror( ld, "ldap_bind" );
 			return( EXIT_FAILURE );