X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=clients%2Ftools%2Fldappasswd.c;h=3d48a2d2c5eebfd64104a0ffb81f57bacb371a6e;hb=17a975b6fbccec9e215d090cb3646cb914dd8241;hp=26a621c98826d13bcb59f24b5071aaff758c1b50;hpb=695508813ddd00b2bb584d438556d7165b9a7103;p=openldap diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index 26a621c988..3d48a2d2c5 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -15,12 +15,15 @@ #include "portable.h" -#include #include -#include -#include +#include + +#include +#include +#include #include +#include #include #include @@ -29,14 +32,13 @@ #include #include -#include "ldapconfig.h" +#include "ldap_defaults.h" /* local macros */ -#define CEILING(x) ((double)x > (int)x ? (int)x + 1 : (int)x) -#define STRDUP(x) (x ? strcpy(malloc(strlen(x) + 1), x) : NULL) +#define CEILING(x) ((double)(x) > (int)(x) ? (int)(x) + 1 : (int)(x)) #define LDAP_PASSWD_ATTRIB "userPassword" -#define LDAP_PASSWD_CONF DEFAULT_SYSCONFDIR"/passwd.conf" +#define LDAP_PASSWD_CONF LDAP_SYSCONFDIR LDAP_DIRSEP "passwd.conf" #define HS_NONE 0 #define HS_PLAIN 1 @@ -80,7 +82,7 @@ static int auto_gen_pw = 0; /*** functions ***/ /* - * pw_encode() essentially base64 encodes a password and it's salt + * pw_encode() essentially base64 encodes a password and its salt */ char * @@ -120,20 +122,15 @@ pw_encode (unsigned char *passwd, Salt * salt, unsigned int len) void make_salt (Salt * salt, unsigned int len) { - struct timeval tv; if (!salt) return; - /* seed random number generator */ - gettimeofday (&tv, NULL); - srand (tv.tv_usec); - salt->len = len; salt->salt = (unsigned char *)malloc (len); for (len = 0; len < salt->len; len++) - salt->salt[len] = (tv.tv_usec ^ rand ()) & 0xff; + salt->salt[len] = rand () & 0xff; } /* @@ -143,10 +140,13 @@ make_salt (Salt * salt, unsigned int len) char * gen_pass (unsigned int len) { - const unsigned char autogen[] = + static const unsigned char autogen[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.,"; - int i; - Salt salt = {NULL, 0}; + unsigned int i; + Salt salt; + + salt.salt = NULL; + salt.len = 0; make_salt (&salt, len); for (i = 0; i < len; i++) @@ -159,7 +159,7 @@ gen_pass (unsigned int len) char * hash_none (const char *pw_in, Salt * salt) { - return (STRDUP (pw_in)); + return (strdup (pw_in)); } #endif @@ -167,7 +167,7 @@ hash_none (const char *pw_in, Salt * salt) char * hash_crypt (const char *pw_in, Salt * salt) { - const unsigned char crypt64[] = + static const unsigned char crypt64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./"; char *crypted_pw = NULL; Salt lsalt; @@ -190,7 +190,7 @@ hash_crypt (const char *pw_in, Salt * salt) crypted_pw = crypt (pw_in, (char *)lsalt.salt); free (lsalt.salt); } - return (STRDUP (crypted_pw)); + return (strdup (crypted_pw)); } #endif @@ -201,7 +201,8 @@ hash_md5 (const char *pw_in, Salt * salt) unsigned char MD5digest[16]; lutil_MD5Init (&MD5context); - lutil_MD5Update (&MD5context, pw_in, strlen(pw_in)); + lutil_MD5Update (&MD5context, + (const unsigned char *)pw_in, strlen(pw_in)); if (salt && salt->salt && salt->len) lutil_MD5Update (&MD5context, salt->salt, salt->len); lutil_MD5Final (MD5digest, &MD5context); @@ -216,7 +217,8 @@ hash_sha1 (const char *pw_in, Salt * salt) unsigned char SHA1digest[20]; lutil_SHA1Init (&SHA1context); - lutil_SHA1Update (&SHA1context, pw_in, strlen(pw_in)); + lutil_SHA1Update (&SHA1context, + (const unsigned char *)pw_in, strlen(pw_in)); if (salt && salt->salt && salt->len) lutil_SHA1Update (&SHA1context, salt->salt, salt->len); lutil_SHA1Final (SHA1digest, &SHA1context); @@ -278,7 +280,7 @@ modify_dn (LDAP * ld, char *targetdn, char *pwattr, char *oldpw, /* hash password */ hashed_pw = hashes[htype].func (newpw, salt->len ? salt : NULL); - /* return salt back to it's original state */ + /* return salt back to its original state */ if (want_salt) { free (salt->salt); @@ -305,14 +307,14 @@ modify_dn (LDAP * ld, char *targetdn, char *pwattr, char *oldpw, strvals[0] = buf; strvals[1] = NULL; - mod.mod_vals.modv_strvals = strvals; + mod.mod_values = strvals; mod.mod_type = pwattr; mod.mod_op = LDAP_MOD_REPLACE; mods[0] = &mod; mods[1] =NULL; if (!noupdates && (ret = ldap_modify_s (ld, targetdn, mods)) != LDAP_SUCCESS) - ldap_perror (ld, "ldap_modify_s"); + ldap_perror (ld, "ldap_modify"); free (hashed_pw); free (buf); @@ -388,11 +390,11 @@ main (int argc, char *argv[]) switch (i) { case 'a': /* password attribute */ - pwattr = STRDUP (optarg); + pwattr = strdup (optarg); break; case 'b': /* base search dn */ - base = STRDUP (optarg); + base = strdup (optarg); break; case 'C': @@ -400,7 +402,7 @@ main (int argc, char *argv[]) break; case 'D': /* bind distinguished name */ - binddn = STRDUP (optarg); + binddn = strdup (optarg); break; case 'd': /* debugging option */ @@ -412,7 +414,7 @@ main (int argc, char *argv[]) break; case 'e': /* new password */ - newpw = STRDUP (optarg); + newpw = strdup (optarg); break; case 'g': @@ -437,7 +439,7 @@ main (int argc, char *argv[]) break; case 'h': /* ldap host */ - ldaphost = STRDUP (optarg); + ldaphost = strdup (optarg); break; case 'K': /* use kerberos bind, 1st part only */ @@ -445,6 +447,7 @@ main (int argc, char *argv[]) authmethod = LDAP_AUTH_KRBV41; #else fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + usage (argv[0]); #endif break; @@ -453,6 +456,7 @@ main (int argc, char *argv[]) authmethod = LDAP_AUTH_KRBV4; #else fprintf (stderr, "%s was not compiled with Kerberos support\n", argv[0]); + usage (argv[0]); #endif break; @@ -465,14 +469,16 @@ main (int argc, char *argv[]) break; case 'P': - switch(optarg[0]) - { - case '2': + switch( atoi( optarg ) ) { + case 2: version = LDAP_VERSION2; break; - case '3': + case 3: version = LDAP_VERSION3; break; + default: + fprintf( stderr, "protocol version should be 2 or 3\n" ); + usage( argv[0] ); } break; @@ -481,11 +487,11 @@ main (int argc, char *argv[]) break; case 's': /* scope */ - if (strncasecmp (optarg, "base", 4) == 0) + if (strcasecmp (optarg, "base") == 0) scope = LDAP_SCOPE_BASE; - else if (strncasecmp (optarg, "one", 3) == 0) + else if (strcasecmp (optarg, "one") == 0) scope = LDAP_SCOPE_ONELEVEL; - else if (strncasecmp (optarg, "sub", 3) == 0) + else if (strcasecmp (optarg, "sub") == 0) scope = LDAP_SCOPE_SUBTREE; else { @@ -495,7 +501,7 @@ main (int argc, char *argv[]) break; case 't': /* target dn */ - targetdn = STRDUP (optarg); + targetdn = strdup (optarg); break; case 'v': /* verbose */ @@ -507,7 +513,14 @@ main (int argc, char *argv[]) break; case 'w': /* bind password */ - bindpw = STRDUP (optarg); + bindpw = strdup (optarg); + { + char* p; + + for( p = optarg; *p == '\0'; p++ ) { + *p = '*'; + } + } break; case 'Y': /* salt length */ @@ -516,7 +529,7 @@ main (int argc, char *argv[]) case 'y': /* user specified salt */ salt.len = strlen (optarg); - salt.salt = (unsigned char *)STRDUP (optarg); + salt.salt = (unsigned char *)strdup (optarg); break; case 'z': /* time limit */ @@ -530,7 +543,7 @@ main (int argc, char *argv[]) /* grab filter */ if (!(argc - optind < 1)) - filtpattern = STRDUP (argv[optind]); + filtpattern = strdup (argv[optind]); /* check for target(s) */ if (!filtpattern && !targetdn) @@ -550,28 +563,55 @@ main (int argc, char *argv[]) if (strncmp (newpw, cknewpw, strlen (newpw))) { fprintf (stderr, "passwords do not match\n"); - exit (1); + return ( EXIT_FAILURE ); } } if ( debug ) { - lber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ); - ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ); + if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); + } + if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &debug ) != LDAP_OPT_SUCCESS ) { + fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", debug ); + } } +#ifdef SIGPIPE + (void) SIGNAL( SIGPIPE, SIG_IGN ); +#endif + /* seed random number generator */ + +#ifdef HAVE_GETTIMEOFDAY + /* this is of questionable value + * gettimeofday not provide much usec + */ + { + struct timeval tv; + gettimeofday (&tv, NULL); + srand (tv.tv_usec); + } +#else + /* The traditional seed */ + srand((unsigned)time( NULL )); +#endif + /* connect to server */ - if ((ld = ldap_open (ldaphost, ldapport)) == NULL) + if ((ld = ldap_init (ldaphost, ldapport)) == NULL) { - perror (ldaphost); - exit (1); + perror ("ldap_init"); + return ( EXIT_FAILURE ); } /* set options */ - if( timelimit != -1 ) { - ldap_set_option (ld, LDAP_OPT_TIMELIMIT, (void *)&timelimit); + if (timelimit != -1 && + ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit ); } - if( sizelimit != -1 ) { - ldap_set_option (ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit); + if (sizelimit != -1 && + ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit ); } /* this seems prudent */ @@ -580,15 +620,17 @@ main (int argc, char *argv[]) ldap_set_option( ld, LDAP_OPT_DEREF, &deref); } - if( version != -1 ) { - ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ); + if (version != -1 && + ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS ) + { + fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version ); } /* authenticate to server */ if (ldap_bind_s (ld, binddn, bindpw, authmethod) != LDAP_SUCCESS) { ldap_perror (ld, "ldap_bind"); - exit (1); + return ( EXIT_FAILURE ); } if (targetdn) @@ -604,9 +646,11 @@ main (int argc, char *argv[]) if (filtpattern) { char filter[BUFSIZ]; - LDAPMessage *result = NULL, *e = NULL; - char *attrs[3] = {"dn", NULL, NULL}; + LDAPMessage *result = NULL, *e; + char *attrs[3]; + attrs[0] = "dn"; attrs[1] = pwattr; + attrs[2] = NULL; /* search */ sprintf (filter, "%s", filtpattern); @@ -615,8 +659,8 @@ main (int argc, char *argv[]) i != LDAP_TIMELIMIT_EXCEEDED && i != LDAP_SIZELIMIT_EXCEEDED) { - ldap_perror (ld, "ldap_search_s"); - exit (1); + ldap_perror (ld, "ldap_search"); + return ( EXIT_FAILURE ); } for (e = ldap_first_entry (ld, result); e; e = ldap_next_entry (ld, e)) @@ -635,8 +679,6 @@ main (int argc, char *argv[]) /* disconnect from server */ ldap_unbind (ld); - exit(0); - /* unreached */ - return (0); + return ( EXIT_SUCCESS ); }