Commit Graph

87 Commits

Author SHA1 Message Date
Kurt Zeilenga
4ce42af196 Add client-side subentries control support.
Make sure client controls are not specified multiple times.
NT port updates.
2002-08-30 07:05:12 +00:00
Kurt Zeilenga
26e4960c1c Remove those #ifdefs NOOP just added. 2002-08-30 05:43:47 +00:00
Kurt Zeilenga
0517278aff Place NOOP behind #ifdef 2002-08-30 05:02:20 +00:00
Kurt Zeilenga
2de5c33ba7 Add manageDsaIt/NOOP control support to every tool.
Update NT build.
2002-08-29 21:52:45 +00:00
Kurt Zeilenga
d912c2c711 Rework client control parsing... need to implement
common controls across all tools.
2002-08-29 21:36:36 +00:00
Kurt Zeilenga
8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00
Howard Chu
d8929296b8 Use lutil_progname, #include <lutil.h> to get it. 2002-07-27 00:06:27 +00:00
Kurt Zeilenga
ac6df28e7d Fix misplaced "search" references 2002-02-08 19:10:06 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
e6d6faf3c9 From jon@symas.com - patches for consistent use of directory separators
in pathnames.
2001-12-07 01:46:26 +00:00
Kurt Zeilenga
0c13c5bbdd Use parens for clarity 2001-08-28 00:35:34 +00:00
Kurt Zeilenga
867ed1c7c8 use "authcid" instead of "username". 2001-01-18 08:04:56 +00:00
Kurt Zeilenga
ed9bacc1a6 Change start tls warning message 2001-01-16 04:32:13 +00:00
Kurt Zeilenga
ba37cbc233 Fix passwd clearing bug 2000-11-06 15:53:02 +00:00
Kurt Zeilenga
3d47cb33c1 Fix spelling error 2000-09-19 20:47:22 +00:00
Ben Collins
bca61801a1 Fix fprintf\'s, missing `prog\' argument 2000-09-15 02:48:10 +00:00
Kurt Zeilenga
e366aefffc Fix ldap_init/initialize error checking 2000-09-13 21:49:31 +00:00
Kurt Zeilenga
8d2c074a80 Fix -R processing 2000-09-07 01:15:52 +00:00
Kurt Zeilenga
fb6590f8db Add -H to usage 2000-09-05 18:52:10 +00:00
Kurt Zeilenga
f6a1c05b68 Add missing fprintf param 2000-08-25 23:51:10 +00:00
Kurt Zeilenga
ef3fb24f39 Fix typo which escaped my obviously flawed midnight test
(I must have been dreamed that the 'make test' completed
successfully)
2000-08-25 23:46:09 +00:00
Kurt Zeilenga
e97cdfb7a9 Add support of "-H uri" 2000-08-25 05:31:29 +00:00
Randy Kunkee
45ef1d2c90 Clean up lint. 2000-08-23 22:49:44 +00:00
Kurt Zeilenga
0f5c87a41c Clean up usage() 2000-07-17 21:54:20 +00:00
Kurt Zeilenga
6393523ffa Expose sasl flags to -lldap (so they can be quiet)
Fix interactive and automatic modes.  Quiet needs work.
2000-07-17 21:23:59 +00:00
Kurt Zeilenga
95eea5accc First cut SASL "interactive" and "quiet" modes (default is "automatic") 2000-07-17 00:56:29 +00:00
Kurt Zeilenga
1e562b0d1f Make it all work. 2000-07-16 00:14:08 +00:00
Kurt Zeilenga
4d45c61600 Cleanup previous commit 2000-07-15 23:34:27 +00:00
Kurt Zeilenga
d2b05a3858 Rework SASL command line arguments. Default is now to authenticate
using best available mechanism.  (authzid prompting to be disabled)
To use simple bind, -x is required (implied if -P 2) with -D/-[Ww]
To use simple "anonymous" bind, just -x will do.
2000-07-15 23:25:46 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session.
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
f6cda93bd1 Correct improper ldap_result() result checking... 2000-07-04 21:59:41 +00:00
Kurt Zeilenga
20e6dcec3b Improved but still broken client tools. 2000-07-04 21:49:00 +00:00
Kurt Zeilenga
8be1d467b8 Add reporting of LDAPv3 referrals. Should also report returned controls.
Also, as written, the code will behave better in the face of unsolicited
noticifications (such as notice of disconnect).  However, code needs to
be improved to better distinguished such from expected result response.
Delete improvements are limited to base object delete.  Should be applied
to -p[rune] option as well.
2000-07-03 19:03:22 +00:00
Kurt Zeilenga
1a862732ee Fail if ldap_set_option fails 2000-06-25 18:17:47 +00:00
Kurt Zeilenga
bf9231ac40 Round 2 of tools work.
-R now ignored
-C added to chase.  No rebind proc yet, no checking of appropriate authentication.
complain if non-critical TLS was not started.
Fail if requested version is not supported.
ldapdelete:
  deletechildren modified to use ldap_search_ext_s()
  fixed deletechildren dn memory leak
ldapsearch:
  modified to use ldap_search_ext()
2000-06-25 18:07:15 +00:00
Kurt Zeilenga
5f20cf1ed5 Modify ldapsearch(1) significantly. Now handles LDAPv3 search
references, extended results, and extended partial results.  LDIF
extended to support these new features and reported version 2.
-L now limits output to LDIFv1 for compatibility reasons.  No
-L is now LDIFv2.  Old alternative form is no longer supported.

Use LDAP_TMPDIR (in ldap_config.h) instead of hardcoded /tmp
Use LDAP_FILE_URI_PREFIX (in ldap_config.h) instead of hardcoded
	file://tmp/
2000-06-25 00:35:17 +00:00
Kurt Zeilenga
49f4147385 Added -llber 'N' ber_printf format which inserts a NULL if
an internal flag set.  Used for SEQUENCE testing.  Flag must
be set using debugger.  Modified ber_printf to use new format
were needed for extensibility testing.

Added first cut -lldap support for extended responses.
Modified ldapsearch(1) to handle v3 search references when not
chasing.  Also added extended/unsolicited notification handling
and extended partial response handling.  Changes include a
number of LDIF enhancements.

Fixed getpassphrase() returns NULL bugs
2000-06-24 01:40:39 +00:00
Kurt Zeilenga
f48234f5bf No need to include <lber.h> 2000-06-20 17:02:19 +00:00
Kurt Zeilenga
e7791e2f93 Adjust -Z[Z] usage statements
Change ldapsearch to only produce LDIF.
2000-06-19 16:19:59 +00:00
Kurt Zeilenga
701cc91e8d Fix getpassword bug 2000-06-14 03:07:33 +00:00
Kurt Zeilenga
5417fdfea7 Rename ldap_start_tls() to ldap_start_tls_s() for consistency sake.
Misc other header changes.
2000-06-13 20:45:30 +00:00
Kurt Zeilenga
8045b54124 Use getpassphrase() instead of getpass() if available. 2000-05-19 18:41:26 +00:00
Kurt Zeilenga
9267700fb9 Fix password handling for SASL 2000-05-16 02:16:54 +00:00
Kurt Zeilenga
0bb431d3b3 Y2k copyright update 2000-05-13 02:25:54 +00:00
Kurt Zeilenga
fe8be04237 Fix typos in version checking 2000-04-25 10:30:42 +00:00
Kurt Zeilenga
4ecf780e48 StartTLS requires LDAPv3
Set version to required protocol.
2000-04-20 14:15:39 +00:00
Kurt Zeilenga
c02d7e2cb6 ITS#503: Extend ldap tools to support SASL/TLS
Submitted by Gabor Gombas <gombasg@inf.elte.hu>
2000-04-20 09:23:51 +00:00
Kurt Zeilenga
6437785a82 Initial implementation of Kerberos password verification for
simple bind via:
	{KERBEROS}principal
Code is disabled by default (for security reasons).  Use
--enable-kpasswd to enable.  Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support.  Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
2000-01-08 18:42:11 +00:00
Kurt Zeilenga
cd5c29cdc4 Add checks to ensure arguments are consistent (v2 vs v3). 1999-12-12 05:05:20 +00:00
Kurt Zeilenga
5d5588836f Fix ldap_rename parameter order (ITS#387) 1999-12-04 17:19:11 +00:00