From 46899d6ad145d29e7c9d5f625a1adba27d7d96b1 Mon Sep 17 00:00:00 2001
From: leitner <leitner>
Date: Mon, 16 Sep 2013 18:35:04 +0000
Subject: [PATCH] fix make clean fix acl matching in tinyldap give ldapclient a
 way to do basic authentication

---
 Makefile     |  4 ++--
 ldapclient.c | 13 ++++++++++---
 tinyldap.c   |  9 +++++----
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/Makefile b/Makefile
index 20d6992..9f7336b 100644
--- a/Makefile
+++ b/Makefile
@@ -98,8 +98,8 @@ acl: acl.c ldap.a asn1.a
 clean:
 	rm -f t t[1-9] *.[ao] bindrequest tinyldap ldapclient \
 parse tinyldap_standalone tinyldap_debug ldapclient_str addindex \
-dumpidx idx2ldif md5password *.da *.bbg *.bb *.gcov gmon.out *.gcda \
-*.gcno
+dumpidx idx2ldif md5password ldapdelete dumpacls asn1dump acl \
+*.da *.bbg *.bb *.gcov gmon.out *.gcda *.gcno
 
 tar: clean
 	cd ..; tar cvvf tinyldap.tar.bz2 tinyldap --use=bzip2 --exclude capture --exclude CVS --exclude exp.ldif --exclude polyp* --exclude rfc*
diff --git a/ldapclient.c b/ldapclient.c
index 56c4c0a..1fecc9f 100644
--- a/ldapclient.c
+++ b/ldapclient.c
@@ -32,7 +32,12 @@ static unsigned long messageid=1;
 static int ldapbind(int sock) {
   char outbuf[1024];
   int s=100;
-  size_t len=fmt_ldapbindrequest(outbuf+s,3,"","");
+  char* u=getenv("LDAP_USER"),* p=getenv("LDAP_PASSWD");
+  if (!u) u="";
+  if (!p) p="";
+  if (strlen(u)>100 || strlen(p)>100)
+    return 0;
+  size_t len=fmt_ldapbindrequest(outbuf+s,3,u,p);
   size_t hlen=fmt_ldapmessage(0,messageid,BindRequest,len);
   size_t res,Len;
   unsigned long op,result;
@@ -74,9 +79,11 @@ int main(int argc,char* argv[]) {
 
   if (argc<4) {
 usage:
-    buffer_putsflush(buffer_2,"usage: ldapclient ip baseObject filter [foo...]\n");
+    buffer_puts(buffer_2,"usage: ldapclient ip baseObject filter [foo...]\n");
     if (bench)
-      buffer_putsflush(buffer_2,"and set $NUM to the number of iterations,\nand $CONNECT to anything to do only one connection (instead of one per request).\n");
+      buffer_puts(buffer_2,"and set $NUM to the number of iterations,\nand $CONNECT to anything to do only one connection (instead of one per request).\n");
+    buffer_putsflush(buffer_2,"To use basic authentication, set $LDAP_USER to the dn and $LDAP_PASSWD to the password.\n"
+		     "Note that this is for debugging in trusted environments only, as other users can see this in ps(8).\n");
     return 0;
   }
   for (durchlauf=0; durchlauf<n; ++durchlauf) {
diff --git a/tinyldap.c b/tinyldap.c
index 4174982..a9c76c0 100644
--- a/tinyldap.c
+++ b/tinyldap.c
@@ -1544,6 +1544,7 @@ static int handle(int in,int out) {
 		  uint32_unpack(map+indices_offset+4*idx,&j);
 		  uint32_unpack(map+j+8,&authdn);
 		  authdn_str=map+authdn;
+		  authdn=j;
 		  if (!(j=ldap_find_attr_value(j,userPassword_ofs))) {
 		    buffer_putsflush(buffer_2,"no userPassword attribute found, bind failed!\n");
 		    goto authfailure;
@@ -2078,7 +2079,6 @@ resetjournal:
     mduptab_reset(&attributes);
     mduptab_reset(&classes);
     readjournal();
-    ss_data=new_data;
     return;
   }
   /* the data file did not change.  Maybe the journal did. */
@@ -2104,7 +2104,7 @@ resetjournal:
      *   1. size is identical or smaller
      *   2. journal does not end with "\n\n"
      * If we detect meddling we just throw away our journal and read the new one. */
-    int kosher=0;
+    int notkosher=0;
     if (new_journal.st_size>ss_journal.st_size && ss_journal.st_size>2) {
       int fd;
       fd=open("journal",O_RDONLY);
@@ -2113,11 +2113,11 @@ resetjournal:
 	lseek(fd,ss_journal.st_size-2,SEEK_SET);
 	if (read(fd,buf,2)!=2) 
 	  if (buf[0]=='\n' && buf[1]=='\n')
-	    kosher=1;
+	    notkosher=1;
 	close(fd);
       }
     }
-    if (kosher) {
+    if (notkosher) {
       buffer_putsflush(buffer_2,"Unsanctioned journal editing detected!  Re-reading journal.\n");
       goto resetjournal;
     }
@@ -2399,6 +2399,7 @@ again:
       int one=1;
       setsockopt(asock,IPPROTO_TCP,TCP_NODELAY,&one,sizeof(one));
     }
+    update();
 #ifdef DEBUG
     {
       struct pollfd p;