[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAPBINDDN & LDAPBINDPW



Hi,

I was allways wondering why the ldap.conf(5) mechanism left out
BINDDN (-D) and BINDPW (-w) options.
Attached is a patch against stable-20000129 wich adds the above options.
My motivation was to save typing (-D) and to get passwords (-w) out
of schellscripts and their ARGV.
Notes to the BINDPW option: A password is only read if the file is mode
0600 and owned by the same uid and gid as the client process. If the
environment variable LDAPBINDPW is set, it's value is the name of a file
containing the password. Currently the two new defaults are evaluated
only in ldap_simple_bind().

Please let me know what you all think about it and if it's worth to be
included into the next release.

regards,
-- 
Lars Uffmann, <lars.uffmann@mediaways.net>, fon: +49 5241 80 40330
*** libraries/libldap/ldap-int.h.orig	Sun Mar 12 15:07:46 2000
--- libraries/libldap/ldap-int.h	Sun Mar 12 15:08:38 2000
***************
*** 40,45 ****
--- 40,47 ----
  	int		ldo_sizelimit;
  
  	char*	ldo_defbase;
+ 	char*	ldo_defbinddn;
+ 	char*	ldo_defbindpw;
  	char*	ldo_defhost;
  	int		ldo_defport;
  };
*** libraries/libldap/init.c.orig	Sun Mar 12 15:08:49 2000
--- libraries/libldap/init.c	Sun Mar 12 16:45:45 2000
***************
*** 12,17 ****
--- 12,19 ----
  #include <ac/ctype.h>
  #include <ac/time.h>
  
+ #include <sys/stat.h>
+ 
  #include "lber.h"
  #include "ldap.h"
  
***************
*** 30,35 ****
--- 32,38 ----
  #define ATTR_INT	2
  #define ATTR_KV		3
  #define ATTR_STRING	4
+ #define ATTR_PASSWD	5
  
  struct ol_keyvalue {
  	char*		key;
***************
*** 58,63 ****
--- 61,70 ----
  		offsetof(struct ldapoptions, ldo_timelimit)},
  	{ATTR_STRING,	"BASE",			NULL,
  		offsetof(struct ldapoptions, ldo_defbase)},
+ 	{ATTR_STRING,	"BINDDN",		NULL,
+ 		offsetof(struct ldapoptions, ldo_defbinddn)},
+ 	{ATTR_PASSWD,	"BINDPW",		NULL,
+ 		offsetof(struct ldapoptions, ldo_defbindpw)},
  	{ATTR_STRING,	"HOST",			NULL,
  		offsetof(struct ldapoptions, ldo_defhost)},
  	{ATTR_INT,		"PORT",			NULL,
***************
*** 75,80 ****
--- 82,88 ----
  	int i;
  	char *cmd, *opt;
  	char *start, *end;
+ 	struct stat st;
  
  	if (file == NULL) {
  		/* no file name */
***************
*** 151,156 ****
--- 159,177 ----
  					}
  				} break;
  
+ 			case ATTR_PASSWD:
+ 				if (* (char**) p != NULL) free(* (char**) p);
+ 				* (char**) p = NULL;
+ 				if ( fstat(fileno(fp), &st) == -1 )
+ 					break;
+ 				if ( (st.st_mode & 07777) != 0600 )
+ 					break;
+ 				if ( st.st_uid != getuid() )
+ 					break;
+ 				if ( st.st_gid != getgid() )
+ 					break;
+ 				* (char**) p = ldap_strdup(opt);
+ 				break;
  			case ATTR_STRING:
  				if (* (char**) p != NULL) free(* (char**) p);
  				* (char**) p = ldap_strdup(opt);
***************
*** 203,212 ****
--- 224,238 ----
  static void openldap_ldap_init_w_env(const char *prefix)
  {
  	char buf[MAX_LDAP_ATTR_LEN+MAX_LDAP_ENV_PREFIX_LEN];
+ 	char pwbuf[16];
+ 	char *pw;
+ 	int pwlen;
+ 	FILE *fp;
  	int len;
  	int i;
  	void *p;
  	char *value;
+ 	struct stat st;
  
  	if (prefix == NULL) {
  		prefix = DEFAULT_LDAP_ENV_PREFIX;
***************
*** 244,249 ****
--- 270,299 ----
  					}
  				}
  			} break;
+ 		case ATTR_PASSWD:
+ 			if (* (char**) p != NULL) free(* (char**) p);
+ 			* (char**) p = NULL;
+ 			if ( stat(value, &st) == -1)
+ 				break;
+ 			if ( (st.st_mode & S_IFMT) != S_IFREG )
+ 				break;
+ 			if ( (st.st_mode & 07777) != 0600 )
+ 				break;
+ 			if ( (st.st_uid != getuid()) || (st.st_gid != getgid()) )
+ 				break;
+ 			if ( (fp = fopen(value, "r")) == NULL )
+ 				break;
+ 			pw = fgets(pwbuf, sizeof(pwbuf), fp);
+ 			if (*pw == '\0') {
+ 				fclose( fp );
+ 				break;
+ 			}
+ 			pwlen = strlen(pw);
+ 			if (pw[pwlen-1] == '\n') --pwlen;
+ 			pw[pwlen] = '\0';
+ 			* (char**) p = ldap_strdup(pw);
+ 			fclose( fp );
+ 			break;
  
  		case ATTR_STRING:
  			if (* (char**) p != NULL) free(* (char**) p);
*** libraries/libldap/sbind.c.orig	Sun Mar 12 15:11:32 2000
--- libraries/libldap/sbind.c	Sun Mar 12 16:40:53 2000
***************
*** 52,58 ****
--- 52,62 ----
  	Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind\n", 0, 0, 0 );
  
  	if ( dn == NULL )
+ 		dn = openldap_ldap_global_options.ldo_defbinddn;
+ 	if ( dn == NULL )
  		dn = "";
+ 	if ( passwd == NULL )
+ 		passwd = openldap_ldap_global_options.ldo_defbindpw;
  	if ( passwd == NULL )
  		passwd = "";