ldclt: -e randombinddnfromfile fails with LDAP_UNWILLING_TO_PERFORM (53)

https://bugzilla.redhat.com/show_bug.cgi?id=555189
Resolves: bug 555189
Bug Description:
 ldclt code is not passing the password correctly to ldap_sasl_bind_s.
 The server receives NULL credential.  Due to the default configuration:
  nsslapd-allow-unauthenticated-binds: off
 the unauthenticated bind fails with LDAP_UNWILLING_TO_PERFORM.
Reviewed by: rmeggins@redhat.com
Files: see diff
Branch: HEAD
Fix Description:
 When "-e randombinddnfromfile=file" is given, bind dn and password pair
 is retrieved from the file and is supposed to pass to ldap_sasl_bind_s.
 Although the password was read from the file, but it was not set to the
 berval "cred" which was passed to ldap_sasl_bind_s.  Therefore, the
 bind operation tried to bind with bind dn and NULL password, which now
 fails since it's considered as an unauthenticated bind.  This change
 fixes the problem.  Also, a usage typo is being fixed.
Platforms tested: Fedora 11
Flag Day: no
Doc impact: no

3 files changed, 38 insertions, 21 deletions

diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index ac8250aa..359b5fe1 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -770,10 +770,12 @@ connectToServer (
       binddn = "";
       passwd = NULL;
     } else {
-      binddn = tttctx->bufBindDN;
-      passwd = tttctx->bufPasswd;
-      cred.bv_val = (char *)passwd;
-      cred.bv_len = strlen(passwd);
+      binddn = tttctx->bufBindDN?tttctx->bufBindDN:mctx.bindDN;
+      passwd = tttctx->bufPasswd?tttctx->bufPasswd:mctx.passwd;
+      if (passwd) {
+        cred.bv_val = (char *)passwd;
+        cred.bv_len = strlen(passwd);
+      }
     }
 
     if (mctx.mode & LDAP_V2)
@@ -931,22 +933,35 @@ connectToServer (
 	((!(tttctx->binded)) || (mctx.mode & BIND_EACH_OPER)))
     {
       struct berval *servercredp = NULL;
+      char *binddn = NULL;
+      char *passwd = NULL;
 
       if (buildNewBindDN (tttctx) < 0)				/*JLS 05-01-01*/
-	return (-1);						/*JLS 05-01-01*/
+        return (-1);						/*JLS 05-01-01*/
+      if (tttctx->bufPasswd) {
+        binddn = tttctx->bufBindDN;
+        passwd = tttctx->bufPasswd;
+      } else if (mctx.passwd) {
+        binddn = mctx.bindDN;
+        passwd = mctx.passwd;
+      }
+      if (passwd) {
+        cred.bv_val = passwd;
+        cred.bv_len = strlen(passwd);
+      }
       if (mctx.mode & VERY_VERBOSE)
-	printf ("ldclt[%d]: T%03d: Before ldap_simple_bind_s (%s, %s)\n",
-		mctx.pid, tttctx->thrdNum, tttctx->bufBindDN,
-		mctx.passwd?tttctx->bufPasswd:"NO PASSWORD PROVIDED");
-      ret = ldap_sasl_bind_s (tttctx->ldapCtx, tttctx->bufBindDN, LDAP_SASL_SIMPLE,
-			      &cred, NULL, NULL, &servercredp);	/*JLS 05-01-01*/
+        printf ("ldclt[%d]: T%03d: Before ldap_simple_bind_s (%s, %s)\n",
+                mctx.pid, tttctx->thrdNum, binddn,
+                passwd?passwd:"NO PASSWORD PROVIDED");
+      ret = ldap_sasl_bind_s (tttctx->ldapCtx, binddn,
+            LDAP_SASL_SIMPLE, &cred, NULL, NULL, &servercredp);	/*JLS 05-01-01*/
       ber_bvfree(servercredp);
       if (mctx.mode & VERY_VERBOSE)
-	printf ("ldclt[%d]: T%03d: After ldap_simple_bind_s (%s, %s)\n",
-		mctx.pid, tttctx->thrdNum, tttctx->bufBindDN,
-		mctx.passwd?tttctx->bufPasswd:"NO PASSWORD PROVIDED");
+        printf ("ldclt[%d]: T%03d: After ldap_simple_bind_s (%s, %s)\n",
+                mctx.pid, tttctx->thrdNum, binddn,
+                passwd?passwd:"NO PASSWORD PROVIDED");
       if (ret == LDAP_SUCCESS)					/*JLS 18-12-00*/
-	tttctx->binded = 1;					/*JLS 18-12-00*/
+        tttctx->binded = 1;					/*JLS 18-12-00*/
       else							/*JLS 18-12-00*/
       {								/*JLS 18-12-00*/
 	tttctx->binded  = 0;					/*JLS 18-12-00*/
@@ -2048,10 +2063,12 @@ createMissingNodes (
       binddn = "";
       passwd = NULL;
     } else {
-      binddn = tttctx->bufBindDN;
-      passwd = tttctx->bufPasswd;
-      cred.bv_val = (char *)passwd;
-      cred.bv_len = strlen(passwd);
+      binddn = tttctx->bufBindDN?tttctx->bufBindDN:mctx.bindDN;
+      passwd = tttctx->bufPasswd?tttctx->bufPasswd:mctx.passwd;
+      if (passwd) {
+        cred.bv_val = (char *)passwd;
+        cred.bv_len = strlen(passwd);
+      }
     }
 
     if (mctx.mode & LDAP_V2)
diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.use b/ldap/servers/slapd/tools/ldclt/ldclt.use
index 4f388e64..96136909 100644
--- a/ldap/servers/slapd/tools/ldclt/ldclt.use
+++ b/ldap/servers/slapd/tools/ldclt/ldclt.use
@@ -50,7 +50,7 @@ usage: ldclt [-qQvV] [-E <max errors>]
 		randombaselow=value    : low value for random generator.
 		randombasehigh=value   : high value for random generator.
 		randombinddn           : random bind DN.
-		randombinddnfromfile=fine : retrieve bind DN & passwd from file
+		randombinddnfromfile=file : retrieve bind DN & passwd from file
 		randombinddnlow=value  : low value for random generator.
 		randombinddnhigh=value : high value for random generator.
 		rdn=attrname:value     : alternate for -f.
diff --git a/ldap/servers/slapd/tools/ldclt/ldcltU.c b/ldap/servers/slapd/tools/ldclt/ldcltU.c
index 7540c5f4..1233a558 100644
--- a/ldap/servers/slapd/tools/ldclt/ldcltU.c
+++ b/ldap/servers/slapd/tools/ldclt/ldcltU.c
@@ -100,7 +100,7 @@
  * 		randombaselow=value    : low value for random generator.
  * 		randombasehigh=value   : high value for random generator.
  * 		randombinddn           : random bind DN.
- * 		randombinddnfromfile=fine : retrieve bind DN & passwd from file
+ * 		randombinddnfromfile=file : retrieve bind DN & passwd from file
  * 		randombinddnlow=value  : low value for random generator.
  * 		randombinddnhigh=value : high value for random generator.
  * 		rdn=attrname:value     : alternate for -f.
@@ -195,7 +195,7 @@ void usage ()
   (void) printf ("		randombaselow=value    : low value for random generator.\n");
   (void) printf ("		randombasehigh=value   : high value for random generator.\n");
   (void) printf ("		randombinddn           : random bind DN.\n");
-  (void) printf ("		randombinddnfromfile=fine : retrieve bind DN & passwd from file\n");
+  (void) printf ("		randombinddnfromfile=file : retrieve bind DN & passwd from file\n");
   (void) printf ("		randombinddnlow=value  : low value for random generator.\n");
   (void) printf ("		randombinddnhigh=value : high value for random generator.\n");
   (void) printf ("		rdn=attrname:value     : alternate for -f.\n");