" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
int authmethod, version, want_bindpw;
LDAP *ld = NULL;
struct berval bvalue = { 0, NULL };
+ char *pw_file = NULL;
debug = verbose = not = referrals =
manageDSAit = want_bindpw = quiet = 0;
prog = lutil_progname( "ldapcompare", argc, argv );
while (( i = getopt( argc, argv,
- "Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:Y:zZ")) != EOF )
+ "Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:y:Y:zZ")) != EOF )
{
switch( i ) {
case 'W':
want_bindpw++;
break;
+ case 'y':
+ pw_file = optarg;
+ break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
}
}
- if (want_bindpw) {
- passwd.bv_val = getpassphrase("Enter LDAP Password: ");
- passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
}
if ( authmethod == LDAP_AUTH_SASL ) {
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
char buf[ 4096 ];
FILE *fp;
int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit;
+ char *pw_file;
not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0;
fp = NULL;
authmethod = -1;
version = -1;
+ pw_file = NULL;
prog = lutil_progname( "ldapdelete", argc, argv );
while (( i = getopt( argc, argv, "cf:r"
- "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF )
+ "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch( i ) {
/* Delete Specific Options */
case 'W':
want_bindpw++;
break;
+ case 'y':
+ pw_file = optarg;
+ break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
}
}
- if (want_bindpw) {
- passwd.bv_val = getpassphrase("Enter LDAP Password: ");
- passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
}
if ( authmethod == LDAP_AUTH_SASL ) {
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, prog, (strcmp( prog, "ldapadd" ) ? " is to replace" : "") );
char *matched_msg = NULL, *error_msg = NULL;
int rc, i, authmethod, version, want_bindpw, debug, manageDSAit, referrals;
int count, len;
+ char *pw_file = NULL;
prog = lutil_progname( "ldapmodify", argc, argv );
version = -1;
while (( i = getopt( argc, argv, "acrf:F"
- "Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:Y:Z" )) != EOF )
+ "Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch( i ) {
/* Modify Options */
case 'W':
want_bindpw++;
break;
+ case 'y':
+ pw_file = optarg;
+ break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
}
}
- if (want_bindpw) {
- passwd.bv_val = getpassphrase("Enter LDAP Password: ");
- passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
}
if ( authmethod == LDAP_AUTH_SASL ) {
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
int rc, i, remove, havedn, authmethod, version, want_bindpw, debug, manageDSAit;
int referrals;
char *newSuperior=NULL;
+ char *pw_file = NULL;
infile = NULL;
not = contoper = verbose = remove = want_bindpw =
prog = lutil_progname( "ldapmodrdn", argc, argv );
while (( i = getopt( argc, argv, "cf:rs:"
- "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF )
+ "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch( i ) {
/* Modrdn Options */
case 'W':
want_bindpw++;
break;
+ case 'y':
+ pw_file = optarg;
+ break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
}
}
- if (want_bindpw) {
- passwd.bv_val = getpassphrase("Enter LDAP Password: ");
- passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
}
if ( authmethod == LDAP_AUTH_SASL ) {
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s, def_urlpre, def_tmpdir );
BerElement *ber = NULL;
struct berval *bvalp = NULL;
char *vrFilter = NULL, *control = NULL, *s;
+ char *pw_file = NULL;
infile = NULL;
urlize( def_urlpre );
while (( i = getopt( argc, argv, "Aa:b:E:F:f:Ll:S:s:T:tuz:"
- "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z")) != EOF )
+ "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z")) != EOF )
{
switch( i ) {
/* Search Options */
case 'W':
want_bindpw++;
break;
+ case 'y':
+ pw_file = optarg;
+ break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
}
}
- if (want_bindpw) {
- passwd.bv_val = getpassphrase("Enter LDAP Password: ");
- passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
}
if ( authmethod == LDAP_AUTH_SASL ) {
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
char *binddn = NULL;
struct berval passwd = { 0, NULL };
- char *newpw = NULL;
- char *oldpw = NULL;
+ char *pw_file = NULL;
int want_bindpw = 0;
- int want_newpw = 0;
- int want_oldpw = 0;
int not = 0;
int i;
prog = lutil_progname( "ldapwhoami", argc, argv );
- while( (i = getopt( argc, argv, "Aa:Ss:"
- "Cd:D:h:H:InO:p:QR:U:vw:WxX:Y:Z" )) != EOF )
+ while( (i = getopt( argc, argv,
+ "Cd:D:h:H:InO:p:QR:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch (i) {
- /* Password Options */
- case 'A': /* prompt for old password */
- want_oldpw++;
- break;
-
- case 'a': /* old password (secret) */
- oldpw = strdup (optarg);
-
- {
- char* p;
-
- for( p = optarg; *p != '\0'; p++ ) {
- *p = '\0';
- }
- }
- break;
-
- case 'S': /* prompt for user password */
- want_newpw++;
- break;
-
- case 's': /* new password (secret) */
- newpw = strdup (optarg);
- {
- char* p;
-
- for( p = optarg; *p != '\0'; p++ ) {
- *p = '\0';
- }
- }
- break;
-
/* Common Options (including options we don't use) */
case 'C':
referrals++;
case 'W':
want_bindpw++;
break;
+ case 'y':
+ pw_file = optarg;
+ break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
user = NULL;
}
- if( want_oldpw && oldpw == NULL ) {
- /* prompt for old password */
- char *ckoldpw;
- oldpw = strdup(getpassphrase("Old password: "));
- ckoldpw = getpassphrase("Re-enter old password: ");
-
- if( oldpw== NULL || ckoldpw == NULL ||
- strcmp( oldpw, ckoldpw ))
- {
- fprintf( stderr, "passwords do not match\n" );
- return EXIT_FAILURE;
- }
- }
-
- if( want_newpw && newpw == NULL ) {
- /* prompt for new password */
- char *cknewpw;
- newpw = strdup(getpassphrase("New password: "));
- cknewpw = getpassphrase("Re-enter new password: ");
-
- if( newpw== NULL || cknewpw == NULL ||
- strcmp( newpw, cknewpw ))
- {
- fprintf( stderr, "passwords do not match\n" );
- return EXIT_FAILURE;
+ if ( pw_file || want_bindpw ) {
+ if ( pw_file ) {
+ rc = lutil_get_filed_password( pw_file, &passwd );
+ if( rc ) return EXIT_FAILURE;
+ } else {
+ passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
}
- if (want_bindpw && passwd.bv_val == NULL ) {
- /* handle bind password */
- passwd.bv_val = strdup( getpassphrase("Enter bind password: "));
- passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
- }
-
if ( debug ) {
if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
endpwent \
fcntl \
flock \
+ fstat \
getdtablesize \
getgrgid \
gethostname \
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:22464: checking for $ac_func" >&5
+echo "configure:22465: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22469 "configure"
+#line 22470 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
; return 0; }
EOF
-if { (eval echo configure:22493: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:22494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
for ac_func in getopt
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:22521: checking for $ac_func" >&5
+echo "configure:22522: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22526 "configure"
+#line 22527 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
; return 0; }
EOF
-if { (eval echo configure:22550: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:22551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
# Check Configuration
echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6
-echo "configure:22583: checking declaration of sys_errlist" >&5
+echo "configure:22584: checking declaration of sys_errlist" >&5
if eval "test \"\${ol_cv_dcl_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22589 "configure"
+#line 22590 "configure"
#include "confdefs.h"
#include <stdio.h>
char *c = (char *) *sys_errlist
; return 0; }
EOF
-if { (eval echo configure:22602: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:22603: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_dcl_sys_errlist=yes
ol_cv_have_sys_errlist=yes
echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6
-echo "configure:22625: checking existence of sys_errlist" >&5
+echo "configure:22626: checking existence of sys_errlist" >&5
if eval "test \"\${ol_cv_have_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 22631 "configure"
+#line 22632 "configure"
#include "confdefs.h"
#include <errno.h>
int main() {
char *c = (char *) *sys_errlist
; return 0; }
EOF
-if { (eval echo configure:22638: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:22639: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ol_cv_have_sys_errlist=yes
else
endpwent \
fcntl \
flock \
+ fstat \
getdtablesize \
getgrgid \
gethostname \
Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-ldapdelete *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p* vwx*
-ldapmodify *CDEF*HI*K M*OPQRS U*WXYZabcdef*h**k *n*p*r t vwx*
-ldapmodrdn *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p*rs vwx*
-ldappasswd A*CDE *HI* *O QRS U*WXYZa de *h** * * * s vwx*
-ldapsearch A*CDE *HI*KLM*OPQRSTU*WXYZab*def*h**kl*n*p* stuvwx*z
-
-Other Clients ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-fax500 * f h m
-finger * c f i l p t x
-go500 I * bcd f l p t x
-go500gw I P * a cd f h l p t x
-mail500 C * d f h lm v
-rcpt500 U* abc f h l p st z
-rp500 * ab d f x z
-ud D * cd f l p s uv
+ldapdelete *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p* vwxy
+ldapmodify *CDEF*HI*K M*OPQRS U*WXYZabcdef*h**k *n*p*r t vwxy
+ldapmodrdn *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p*rs vwxy
+ldappasswd A*CDE *HI* *O QRS U*WXYZa de *h** * * * s vwxy
+ldapsearch A*CDE *HI*KLM*OPQRSTU*WXYZab*def*h**kl*n*p* stuvwxyz
+ldapwhoami
* reserved
-n no-op
-p port
-v verbose
+ -y Bind password-file
-w Bind password
-4 IPv4 only
-6 IPv6 only
unsigned char *buf,
ber_len_t nbytes ));
-/* passwd.c */
+/* passfile.c */
struct berval; /* avoid pulling in lber.h */
+LDAP_LUTIL_F( int )
+lutil_get_filed_password LDAP_P((
+ const char *filename,
+ struct berval * ));
+
+/* passwd.c */
LDAP_LUTIL_F( int )
lutil_authpasswd LDAP_P((
const struct berval *passwd, /* stored password */
/* Define if you have the flock function. */
#undef HAVE_FLOCK
+/* Define if you have the fstat function. */
+#undef HAVE_FSTAT
+
/* Define if you have the gai_strerror function. */
#undef HAVE_GAI_STRERROR
/* Define if you have the flock function. */
/* #undef HAVE_FLOCK */
+/* Define if you have the fstat function. */
+/* #undef HAVE_FSTAT */
+
/* Define if you have the gai_strerror function. */
/* #undef HAVE_GAI_STRERROR */
UNIX_SRCS = detach.c
UNIX_OBJS = detach.o
-SRCS = base64.c csn.c entropy.c sasl.c signal.c hash.c \
+SRCS = base64.c csn.c entropy.c sasl.c signal.c hash.c passfile.c \
md5.c passwd.c sha1.c getpass.c lockf.c utils.c uuid.c sockpair.c \
@LIBSRCS@ $(@PLAT@_SRCS)
-OBJS = base64.o csn.o entropy.o sasl.o signal.o hash.o \
+OBJS = base64.o csn.o entropy.o sasl.o signal.o hash.o passfile.o \
md5.o passwd.o sha1.o getpass.o lockf.o utils.o uuid.o sockpair.o \
@LIBOBJS@ $(@PLAT@_OBJS)
--- /dev/null
+/* $OpenLDAP$ */
+/*
+ * Copyright 2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+
+#ifdef HAVE_FSTAT
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif /* HAVE_FSTAT */
+
+#include <lber.h>
+#include <lutil.h>
+
+/* Get a password from a file. */
+int
+lutil_get_filed_password(
+ const char *filename,
+ struct berval *passwd )
+{
+ int rc;
+ size_t nread, nleft, nr;
+ FILE *f = fopen( filename, "r" );
+
+ if( f == NULL ) {
+ perror( filename );
+ return -1;
+ }
+
+ passwd->bv_val = NULL;
+ passwd->bv_len = 4196;
+
+#ifdef HAVE_FSTAT
+ {
+ struct stat sb;
+ if ( fstat( fileno( f ), &sb ) == 0 ) {
+ if( sb.st_mode & 006 ) {
+ fprintf( stderr,
+ "Warning: Password file %s is publicly readable/writeable\n",
+ filename );
+ }
+
+ passwd->bv_len = sb.st_size;
+ }
+ }
+#endif /* HAVE_FSTAT */
+
+ passwd->bv_val = (char *) malloc( passwd->bv_len + 1 );
+ if( passwd->bv_val == NULL ) {
+ perror( filename );
+ return -1;
+ }
+
+ nread = 0;
+ nleft = passwd->bv_len;
+ do {
+ if( nleft == 0 ) {
+ /* double the buffer size */
+ char *p = (char *) realloc( passwd->bv_val,
+ 2 * passwd->bv_len + 1 );
+ if( p == NULL ) {
+ free( passwd->bv_val );
+ passwd->bv_val = NULL;
+ passwd->bv_len = 0;
+ return -1;
+ }
+ nleft = passwd->bv_len;
+ passwd->bv_len *= 2;
+ passwd->bv_val = p;
+ }
+
+ nr = fread( &passwd->bv_val[nread], 1, nleft, f );
+
+ if( nr < nleft && ferror( f ) ) {
+ free( passwd->bv_val );
+ passwd->bv_val = NULL;
+ passwd->bv_len = 0;
+ return -1;
+ }
+
+ nread += nr;
+ nleft -= nr;
+ } while ( !feof(f) );
+
+ passwd->bv_len = nread;
+ passwd->bv_val[nread] = '\0';
+
+ fclose( f );
+ return 0;
+}