git.sur5r.net Git - openldap/blob - servers/slapd/slappasswd.c

   1 /* $OpenLDAP$ */
   2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   3  *
   4  * Copyright 1998-2006 The OpenLDAP Foundation.
   5  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16 /* ACKNOWLEDGEMENTS:
  17  * This work was initially developed by Kurt Zeilenga for inclusion
  18  * in OpenLDAP Software.
  19  */
  20
  21 #include "portable.h"
  22
  23 #include <stdio.h>
  24
  25 #include <ac/stdlib.h>
  26
  27 #include <ac/ctype.h>
  28 #include <ac/signal.h>
  29 #include <ac/socket.h>
  30 #include <ac/string.h>
  31 #include <ac/time.h>
  32 #include <ac/unistd.h>
  33
  34 #include <ldap.h>
  35 #include <lber_pvt.h>
  36 #include <lutil.h>
  37 #include <lutil_sha1.h>
  38
  39 #include "ldap_defaults.h"
  40
  41 static int      verbose = 0;
  42
  43 static void
  44 usage(const char *s)
  45 {
  46         fprintf(stderr,
  47                 "Usage: %s [options]\n"
  48                 "  -c format\tcrypt(3) salt format\n"
  49                 "  -g\t\tgenerate random password\n"
  50                 "  -h hash\tpassword scheme\n"
  51                 "  -n\t\tomit trailing newline\n"
  52                 "  -s secret\tnew password\n"
  53                 "  -u\t\tgenerate RFC2307 values (default)\n"
  54                 "  -v\t\tincrease verbosity\n"
  55                 "  -T file\tread file for new password\n"
  56                 , s );
  57
  58         exit( EXIT_FAILURE );
  59 }
  60
  61 int
  62 slappasswd( int argc, char *argv[] )
  63 {
  64 #ifdef LUTIL_SHA1_BYTES
  65         char    *default_scheme = "{SSHA}";
  66 #else
  67         char    *default_scheme = "{SMD5}";
  68 #endif
  69         char    *scheme = default_scheme;
  70
  71         char    *newpw = NULL;
  72         char    *pwfile = NULL;
  73         const char *text;
  74         const char *progname = "slappasswd";
  75
  76         int             i;
  77         char            *newline = "\n";
  78         struct berval passwd = BER_BVNULL;
  79         struct berval hash;
  80
  81         while( (i = getopt( argc, argv,
  82                 "c:d:gh:ns:T:vu" )) != EOF )
  83         {
  84                 switch (i) {
  85                 case 'c':       /* crypt salt format */
  86                         scheme = "{CRYPT}";
  87                         lutil_salt_format( optarg );
  88                         break;
  89
  90                 case 'g':       /* new password (generate) */
  91                         if ( pwfile != NULL ) {
  92                                 fprintf( stderr, "Option -g incompatible with -T\n" );
  93                                 return EXIT_FAILURE;
  94
  95                         } else if ( newpw != NULL ) {
  96                                 fprintf( stderr, "New password already provided\n" );
  97                                 return EXIT_FAILURE;
  98
  99                         } else if ( lutil_passwd_generate( &passwd, 8 )) {
 100                                 fprintf( stderr, "Password generation failed\n" );
 101                                 return EXIT_FAILURE;
 102                         }
 103                         break;
 104
 105                 case 'h':       /* scheme */
 106                         if ( scheme != default_scheme ) {
 107                                 fprintf( stderr, "Scheme already provided\n" );
 108                                 return EXIT_FAILURE;
 109
 110                         } else {
 111                                 scheme = strdup( optarg );
 112                         }
 113                         break;
 114
 115                 case 'n':
 116                         newline = "";
 117                         break;
 118
 119                 case 's':       /* new password (secret) */
 120                         if ( pwfile != NULL ) {
 121                                 fprintf( stderr, "Option -s incompatible with -T\n" );
 122                                 return EXIT_FAILURE;
 123
 124                         } else if ( newpw != NULL ) {
 125                                 fprintf( stderr, "New password already provided\n" );
 126                                 return EXIT_FAILURE;
 127
 128                         } else {
 129                                 char* p;
 130                                 newpw = strdup( optarg );
 131
 132                                 for( p = optarg; *p != '\0'; p++ ) {
 133                                         *p = '\0';
 134                                 }
 135                         }
 136                         break;
 137
 138                 case 'T':       /* password file */
 139                         if ( pwfile != NULL ) {
 140                                 fprintf( stderr, "Password file already provided\n" );
 141                                 return EXIT_FAILURE;
 142
 143                         } else if ( newpw != NULL ) {
 144                                 fprintf( stderr, "Option -T incompatible with -s/-g\n" );
 145                                 return EXIT_FAILURE;
 146
 147                         }
 148                         pwfile = optarg;
 149                         break;
 150
 151                 case 'u':       /* RFC2307 userPassword */
 152                         break;
 153
 154                 case 'v':       /* verbose */
 155                         verbose++;
 156                         break;
 157
 158                 default:
 159                         usage ( progname );
 160                 }
 161         }
 162
 163         if( argc - optind != 0 ) {
 164                 usage( progname );
 165         }
 166
 167         if( pwfile != NULL ) {
 168                 if( lutil_get_filed_password( pwfile, &passwd )) {
 169                         return EXIT_FAILURE;
 170                 }
 171         } else if ( BER_BVISEMPTY( &passwd )) {
 172                 if( newpw == NULL ) {
 173                         /* prompt for new password */
 174                         char *cknewpw;
 175                         newpw = strdup(getpassphrase("New password: "));
 176                         cknewpw = getpassphrase("Re-enter new password: ");
 177
 178                         if( strcmp( newpw, cknewpw )) {
 179                                 fprintf( stderr, "Password values do not match\n" );
 180                                 return EXIT_FAILURE;
 181                         }
 182                 }
 183
 184                 passwd.bv_val = newpw;
 185                 passwd.bv_len = strlen(passwd.bv_val);
 186         } else {
 187                 hash = passwd;
 188                 goto print_pw;
 189         }
 190
 191         lutil_passwd_hash( &passwd, scheme, &hash, &text );
 192         if( hash.bv_val == NULL ) {
 193                 fprintf( stderr,
 194                         "Password generation failed for scheme %s: %s\n",
 195                         scheme, text ? text : "" );
 196                 return EXIT_FAILURE;
 197         }
 198
 199         if( lutil_passwd( &hash, &passwd, NULL, &text ) ) {
 200                 fprintf( stderr, "Password verification failed. %s\n",
 201                         text ? text : "" );
 202                 return EXIT_FAILURE;
 203         }
 204
 205 print_pw:;
 206         printf( "%s%s" , hash.bv_val, newline );
 207         return EXIT_SUCCESS;
 208 }