StartTLS requires LDAPv3

Set version to required protocol.
2024-12-15 03:01:09 +08:00 · 2000-04-20 14:15:39 +00:00 · 2000-04-20 14:15:39 +00:00 · 4ecf780e48
commit 4ecf780e48
parent c02d7e2cb6
5 changed files with 59 additions and 14 deletions
--- a/clients/tools/ldapdelete.c
+++ b/clients/tools/ldapdelete.c
@ -240,23 +240,34 @@ main( int argc, char **argv )

 	if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
 			LDAP_AUTH_KRBV41 ) ) {
-		if( version != LDAP_VERSION2 ) {
+		if( version > LDAP_VERSION2 ) {
 			fprintf( stderr, "Kerberos requires LDAPv2\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION2;
 	}
 	else if ( authmethod == LDAP_AUTH_SASL ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf( stderr, "SASL requires LDAPv3\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION3;
 	}

 	if( manageDSAit ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf(stderr, "manage DSA control requires LDAPv3\n");
 			return EXIT_FAILURE;
 		}
+		version = LDAP_VERSION3;
+	}
+
+	if( use_tls ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
+			fprintf(stderr, "Start TLS requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
 	}

    if ( fp == NULL ) {
--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
@ -300,23 +300,34 @@ main( int argc, char **argv )

 	if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
 			LDAP_AUTH_KRBV41 ) ) {
-		if( version != LDAP_VERSION2 ) {
+		if( version > LDAP_VERSION2 ) {
 			fprintf( stderr, "Kerberos requires LDAPv2\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION2;
 	}
 	else if ( authmethod == LDAP_AUTH_SASL ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf( stderr, "SASL requires LDAPv3\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION3;
 	}

 	if( manageDSAit ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf(stderr, "manage DSA control requires LDAPv3\n");
 			return EXIT_FAILURE;
 		}
+		version = LDAP_VERSION3;
+	}
+
+	if( use_tls ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
+			fprintf(stderr, "Start TLS requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
 	}

    if ( infile != NULL ) {
--- a/clients/tools/ldapmodrdn.c
+++ b/clients/tools/ldapmodrdn.c
@ -256,23 +256,34 @@ main(int argc, char **argv)

 	if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
 			LDAP_AUTH_KRBV41 ) ) {
-		if( version != LDAP_VERSION2 ) {
+		if( version > LDAP_VERSION2 ) {
 			fprintf( stderr, "Kerberos requires LDAPv2\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION2;
 	}
 	else if ( authmethod == LDAP_AUTH_SASL ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf( stderr, "SASL requires LDAPv3\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION3;
 	}

 	if( manageDSAit ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf(stderr, "manage DSA control requires LDAPv3\n");
 			return EXIT_FAILURE;
 		}
+		version = LDAP_VERSION3;
+	}
+
+	if( use_tls ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
+			fprintf(stderr, "Start TLS requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
 	}

    if (newSuperior != NULL) {
@ -283,6 +294,7 @@ main(int argc, char **argv)
 			usage( argv[0] );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION3;
    }
    
    havedn = 0;
--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@ -302,6 +302,7 @@ main( int argc, char *argv[] )
 	/* don't chase referrals */
 	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );

+	/* LDAPv3 only */
 	version = 3;
 	rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );

@ -448,5 +449,5 @@ main( int argc, char *argv[] )
 	/* disconnect from server */
 	ldap_unbind (ld);

-	return ( EXIT_SUCCESS );
+	return EXIT_SUCCESS;
 }
--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
@ -363,24 +363,34 @@ main( int argc, char **argv )

 	if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
 			LDAP_AUTH_KRBV41 ) ) {
-		if( version != LDAP_VERSION2 ) {
-
+		if( version > LDAP_VERSION2 ) {
 			fprintf( stderr, "Kerberos requires LDAPv2\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION2;
 	}
 	else if ( authmethod == LDAP_AUTH_SASL ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf( stderr, "SASL requires LDAPv3\n" );
 			return( EXIT_FAILURE );
 		}
+		version = LDAP_VERSION3;
 	}

 	if( manageDSAit ) {
-		if( version != LDAP_VERSION3 ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
 			fprintf(stderr, "manage DSA control requires LDAPv3\n");
 			return EXIT_FAILURE;
 		}
+		version = LDAP_VERSION3;
+	}
+
+	if( use_tls ) {
+		if( version != -1 || version != LDAP_VERSION3 ) {
+			fprintf(stderr, "Start TLS requires LDAPv3\n");
+			return EXIT_FAILURE;
+		}
+		version = LDAP_VERSION3;
 	}

 	if ( argc - optind < 1 ) {