Commit 9267700f authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Fix password handling for SASL

parent ebfe5834
......@@ -20,7 +20,7 @@
#include <ldap.h>
static char *binddn = NULL;
static char *passwd = NULL;
static struct berval passwd = { 0, NULL};
static char *ldaphost = NULL;
static int ldapport = 0;
static int prune = 0;
......@@ -119,7 +119,7 @@ main( int argc, char **argv )
binddn = strdup( optarg );
break;
case 'w': /* password */
passwd = strdup( optarg );
passwd.bv_val = strdup( optarg );
{
char* p;
......@@ -127,6 +127,7 @@ main( int argc, char **argv )
*p = '*';
}
}
passwd.bv_len = strlen( passwd.bv_val );
break;
case 'f': /* read DNs from a file */
if (( fp = fopen( optarg, "r" )) == NULL ) {
......@@ -317,7 +318,8 @@ main( int argc, char **argv )
}
if (want_bindpw)
passwd = getpass("Enter LDAP Password: ");
passwd.bv_val = getpass("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
if ( authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
......@@ -345,10 +347,13 @@ main( int argc, char **argv )
return( EXIT_FAILURE );
}
if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech, NULL, NULL, NULL )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_bind" );
rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech,
passwd.bv_len ? &passwd : NULL,
NULL, NULL );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
return( EXIT_FAILURE );
}
#else
......@@ -358,7 +363,7 @@ main( int argc, char **argv )
#endif
}
else {
if ( ldap_bind_s( ld, binddn, passwd, authmethod )
if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
return( EXIT_FAILURE );
......
......@@ -35,7 +35,7 @@
static char *prog;
static char *binddn = NULL;
static char *passwd = NULL;
static struct berval passwd = { 0, NULL};
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
......@@ -184,7 +184,7 @@ main( int argc, char **argv )
binddn = strdup( optarg );
break;
case 'w': /* password */
passwd = strdup( optarg );
passwd.bv_val = strdup( optarg );
{
char* p;
......@@ -192,6 +192,7 @@ main( int argc, char **argv )
*p = '*';
}
}
passwd.bv_len = strlen( passwd.bv_val );
break;
case 'd':
debug |= atoi( optarg );
......@@ -381,7 +382,8 @@ main( int argc, char **argv )
}
if (want_bindpw)
passwd = getpass("Enter LDAP Password: ");
passwd.bv_val = getpass("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
if ( authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
......@@ -409,10 +411,13 @@ main( int argc, char **argv )
return( EXIT_FAILURE );
}
if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech, NULL, NULL, NULL )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_bind" );
rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech,
passwd.bv_len ? &passwd : NULL,
NULL, NULL );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
return( EXIT_FAILURE );
}
#else
......@@ -422,7 +427,7 @@ main( int argc, char **argv )
#endif
}
else {
if ( ldap_bind_s( ld, binddn, passwd, authmethod )
if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
return( EXIT_FAILURE );
......
......@@ -32,7 +32,7 @@
#include <ldap.h>
static char *binddn = NULL;
static char *passwd = NULL;
static struct berval passwd = { 0, NULL};
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
......@@ -138,7 +138,7 @@ main(int argc, char **argv)
version = LDAP_VERSION3; /* This option => force V3 */
break;
case 'w': /* password */
passwd = strdup( optarg );
passwd.bv_val = strdup( optarg );
{
char* p;
......@@ -146,6 +146,7 @@ main(int argc, char **argv)
*p = '*';
}
}
passwd.bv_len = strlen( passwd.bv_val );
break;
case 'd':
debug |= atoi( optarg );
......@@ -364,7 +365,8 @@ main(int argc, char **argv)
}
if (want_bindpw)
passwd = getpass("Enter LDAP Password: ");
passwd.bv_val = getpass("Enter LDAP Password: ");
passwd.bv_len = strlen( passwd.bv_val );
if ( authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
......@@ -392,10 +394,13 @@ main(int argc, char **argv)
return( EXIT_FAILURE );
}
if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech, NULL, NULL, NULL )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_bind" );
rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech,
passwd.bv_len ? &passwd : NULL,
NULL, NULL );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
return( EXIT_FAILURE );
}
#else
......@@ -405,7 +410,7 @@ main(int argc, char **argv)
#endif
}
else {
if ( ldap_bind_s( ld, binddn, passwd, authmethod )
if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
return( EXIT_FAILURE );
......
......@@ -64,7 +64,7 @@ main( int argc, char *argv[] )
char *dn = NULL;
char *binddn = NULL;
char *bindpw = NULL;
struct berval passwd = { 0, NULL};
char *newpw = NULL;
char *oldpw = NULL;
......@@ -158,8 +158,7 @@ main( int argc, char *argv[] )
break;
case 'w': /* bind password */
bindpw = strdup (optarg);
passwd.bv_val = strdup (optarg);
{
char* p;
......@@ -167,6 +166,7 @@ main( int argc, char *argv[] )
*p = '*';
}
}
passwd.bv_len = strlen( passwd.bv_val );
break;
case 'I':
......@@ -271,13 +271,17 @@ main( int argc, char *argv[] )
binddn = dn;
dn = NULL;
if( bindpw == NULL ) bindpw = oldpw;
if( passwd.bv_val == NULL ) {
passwd.bv_val = oldpw;
passwd.bv_len = oldpw == NULL ? 0 : strlen( oldpw );
}
}
if (want_bindpw && bindpw == NULL ) {
if (want_bindpw && passwd.bv_val == NULL ) {
/* handle bind password */
fprintf( stderr, "Bind DN: %s\n", binddn );
bindpw = strdup( getpass("Enter bind password: "));
passwd.bv_val = strdup( getpass("Enter bind password: "));
passwd.bv_len = strlen( passwd.bv_val );
}
if ( debug ) {
......@@ -343,10 +347,13 @@ main( int argc, char *argv[] )
return( EXIT_FAILURE );
}
if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech, NULL, NULL, NULL )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_bind" );
rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
sasl_authz_id, sasl_mech,
bindpw.bv_len ? &bindpw : NULL,
NULL, NULL );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
return( EXIT_FAILURE );
}
#else
......@@ -356,7 +363,7 @@ main( int argc, char *argv[] )
#endif
}
else {
if ( ldap_bind_s( ld, binddn, bindpw, authmethod )
if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
return( EXIT_FAILURE );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment