]> git.sur5r.net Git - openldap/blob - servers/slapd/slappasswd.c
Add entryDN MRA support. This is intended to be used:
[openldap] / servers / slapd / slappasswd.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 1998-2004 The OpenLDAP Foundation.
5  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was initially developed by Kurt Zeilenga for inclusion
18  * in OpenLDAP Software.
19  */
20
21 #include "portable.h"
22
23 #include <stdio.h>
24
25 #include <ac/stdlib.h>
26
27 #include <ac/ctype.h>
28 #include <ac/signal.h>
29 #include <ac/socket.h>
30 #include <ac/string.h>
31 #include <ac/time.h>
32 #include <ac/unistd.h>
33
34 #include <ldap.h>
35 #include <lutil.h>
36
37 #include "ldap_defaults.h"
38
39 static int      verbose = 0;
40
41 static void
42 usage(const char *s)
43 {
44         fprintf(stderr,
45                 "Usage: %s [options]\n"
46                 "  -h hash\tpassword scheme\n"
47                 "  -s secret\tnew password\n"
48                 "  -c format\tcrypt(3) salt format\n"
49                 "  -u\t\tgenerate RFC2307 values (default)\n"
50                 "  -v\t\tincrease verbosity\n"
51                 "  -T file\tread file for new password\n"
52                 , s );
53
54         exit( EXIT_FAILURE );
55 }
56
57 int
58 slappasswd( int argc, char *argv[] )
59 {
60         char    *scheme = "{SSHA}";
61         char    *newpw = NULL;
62         char    *pwfile = NULL;
63         const char *text;
64         const char *progname = "slappasswd";
65
66         int             i;
67         struct berval passwd;
68         struct berval hash;
69
70         while( (i = getopt( argc, argv,
71                 "c:d:h:s:T:vu" )) != EOF )
72         {
73                 switch (i) {
74                 case 'c':       /* crypt salt format */
75                         scheme = "{CRYPT}";
76                         lutil_salt_format( optarg );
77                         break;
78
79                 case 'h':       /* scheme */
80                         scheme = strdup( optarg );
81                         break;
82
83                 case 's':       /* new password (secret) */
84                         {
85                                 char* p;
86                                 newpw = strdup( optarg );
87
88                                 for( p = optarg; *p != '\0'; p++ ) {
89                                         *p = '\0';
90                                 }
91                         } break;
92
93                 case 'T':       /* password file */
94                         pwfile = optarg;
95                         break;
96
97                 case 'u':       /* RFC2307 userPassword */
98                         break;
99
100                 case 'v':       /* verbose */
101                         verbose++;
102                         break;
103
104                 default:
105                         usage ( progname );
106                 }
107         }
108
109         if( argc - optind != 0 ) {
110                 usage( progname );
111         } 
112
113         if( pwfile != NULL ) {
114                 if( lutil_get_filed_password( pwfile, &passwd )) {
115                         return EXIT_FAILURE;
116                 }
117         } else {
118                 if( newpw == NULL ) {
119                         /* prompt for new password */
120                         char *cknewpw;
121                         newpw = strdup(getpassphrase("New password: "));
122                         cknewpw = getpassphrase("Re-enter new password: ");
123         
124                         if( strcmp( newpw, cknewpw )) {
125                                 fprintf( stderr, "Password values do not match\n" );
126                                 return EXIT_FAILURE;
127                         }
128                 }
129
130                 passwd.bv_val = newpw;
131                 passwd.bv_len = strlen(passwd.bv_val);
132         }
133
134         lutil_passwd_hash( &passwd, scheme, &hash, &text );
135         if( hash.bv_val == NULL ) {
136                 fprintf( stderr,
137                         "Password generation failed for scheme %s: %s\n",
138                         scheme, text ? text : "" );
139                 return EXIT_FAILURE;
140         }
141
142         if( lutil_passwd( &hash, &passwd, NULL, &text ) ) {
143                 fprintf( stderr, "Password verification failed. %s\n",
144                         text ? text : "" );
145                 return EXIT_FAILURE;
146         }
147
148         printf( "%s\n" , hash.bv_val );
149         return EXIT_SUCCESS;
150 }