3 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
11 #include <ac/stdlib.h>
14 #include <ac/signal.h>
15 #include <ac/socket.h>
16 #include <ac/string.h>
18 #include <ac/unistd.h>
22 #include "ldap_defaults.h"
24 static int verbose = 0;
30 "Usage: %s [options] dn\n"
31 " -A\t\tprompt for old password\n"
32 " -a secret\told password\n"
33 " -D binddn\tbind dn\n"
34 " -d level\tdebugging level\n"
35 " -h host\tldap server (default: localhost)\n"
36 " -n\t\tmake no modifications\n"
37 " -p port\tldap port\n"
38 " -S\t\tprompt for new password\n"
39 " -s secret\tnew password\n"
40 " -v\t\tincrease verbosity\n"
41 " -W\t\tprompt for bind password\n"
42 " -w passwd\tbind password (for simple authentication)\n"
49 main( int argc, char *argv[] )
52 char *ldaphost = NULL;
71 struct berval *bv = NULL;
74 struct berval *retdata;
79 while( (i = getopt( argc, argv,
80 "Aa:D:d:h:np:Ss:vWw:" )) != EOF )
83 case 'A': /* prompt for oldr password */
86 case 'a': /* old password (secret) */
87 oldpw = strdup (optarg);
92 for( p = optarg; *p == '\0'; p++ ) {
97 case 'D': /* bind distinguished name */
98 binddn = strdup (optarg);
101 case 'd': /* debugging option */
102 debug |= atoi (optarg);
105 case 'h': /* ldap host */
106 ldaphost = strdup (optarg);
109 case 'n': /* don't update entry(s) */
113 case 'p': /* ldap port */
114 ldapport = strtol( optarg, NULL, 10 );
117 case 'S': /* prompt for user password */
121 case 's': /* new password (secret) */
122 newpw = strdup (optarg);
127 for( p = optarg; *p == '\0'; p++ ) {
133 case 'v': /* verbose */
137 case 'W': /* prompt for bind password */
141 case 'w': /* bind password */
142 bindpw = strdup (optarg);
147 for( p = optarg; *p == '\0'; p++ ) {
159 if( argc - optind != 1 ) {
163 dn = strdup( argv[optind] );
165 if( want_oldpw && oldpw == NULL ) {
166 /* prompt for old password */
168 newpw = strdup(getpass("Old password: "));
169 ckoldpw = getpass("Re-enter old password: ");
171 if( strncmp( oldpw, ckoldpw, strlen(oldpw) )) {
172 fprintf( stderr, "passwords do not match\n" );
177 if( want_newpw && newpw == NULL ) {
178 /* prompt for new password */
180 newpw = strdup(getpass("New password: "));
181 cknewpw = getpass("Re-enter new password: ");
183 if( strncmp( newpw, cknewpw, strlen(newpw) )) {
184 fprintf( stderr, "passwords do not match\n" );
189 if( binddn == NULL && dn != NULL ) {
193 if( bindpw == NULL ) bindpw = oldpw;
196 if (want_bindpw && bindpw == NULL ) {
197 /* handle bind password */
198 fprintf( stderr, "Bind DN: %s\n", binddn );
199 bindpw = strdup( getpass("Enter bind password: "));
203 if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
204 fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
206 if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) {
207 fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug );
212 (void) SIGNAL( SIGPIPE, SIG_IGN );
215 /* connect to server */
216 if ((ld = ldap_init( ldaphost, ldapport )) == NULL) {
221 /* don't chase referrals */
222 ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
225 rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
227 if(rc != LDAP_OPT_SUCCESS ) {
228 fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
231 rc = ldap_bind_s( ld, binddn, bindpw, LDAP_AUTH_SIMPLE );
233 if ( rc != LDAP_SUCCESS ) {
234 ldap_perror( ld, "ldap_bind" );
239 if( dn != NULL || oldpw != NULL || newpw != NULL ) {
240 /* build change password control */
241 BerElement *ber = ber_alloc_t( LBER_USE_DER );
244 perror( "ber_alloc_t" );
249 ber_printf( ber, "{" /*}*/ );
252 ber_printf( ber, "ts",
253 LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID, dn );
257 if( oldpw != NULL ) {
258 ber_printf( ber, "ts",
259 LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, oldpw );
263 if( newpw != NULL ) {
264 ber_printf( ber, "ts",
265 LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, newpw );
269 ber_printf( ber, /*{*/ "}" );
271 rc = ber_flatten( ber, &bv );
274 perror( "ber_flatten" );
282 rc = ldap_extended_operation_s( ld,
283 LDAP_EXOP_X_MODIFY_PASSWD, bv,
289 if( retdata != NULL ) {
292 BerElement *ber = ber_init( retdata );
295 perror( "ber_init" );
300 /* we should check the tag */
301 tag = ber_scanf( ber, "{a}", &s);
303 if( tag == LBER_ERROR ) {
304 perror( "ber_scanf" );
306 printf("New password: %s\n", s);
313 if ( rc != LDAP_SUCCESS ) {
314 ldap_perror( ld, "ldap_extended_operation" );
319 ldap_memfree( retoid );
320 ber_bvfree( retdata );
322 /* disconnect from server */
325 return ( EXIT_SUCCESS );