From: Kurt Zeilenga Date: Mon, 31 Mar 2003 06:29:59 +0000 (+0000) Subject: Add additional password file support. X-Git-Tag: AUTOCONF_2_57~142 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=02028df6c61cefa48041f2e71ddf7504a28c9b23;p=openldap Add additional password file support. --- diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index baf18f6b6a..85ef979468 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -24,11 +24,14 @@ #include "common.h" -static char *newpw = NULL; -static char *oldpw = NULL; +static struct berval newpw = { 0, NULL }; +static struct berval oldpw = { 0, NULL }; + static int want_newpw = 0; static int want_oldpw = 0; +static char *oldpwfile = NULL; +static char *newpwfile = NULL; void usage( void ) @@ -40,15 +43,17 @@ usage( void ) "Password change options:\n" " -a secret old password\n" " -A prompt for old password\n" +" -t file read file for old password\n" " -s secret new password\n" " -S prompt for new password\n" +" -T file read file for new password\n" , prog ); tool_common_usage(); exit( EXIT_FAILURE ); } -const char options[] = "a:As:S" +const char options[] = "a:As:St:T:" "Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z"; int @@ -56,9 +61,9 @@ handle_private_option( int i ) { switch ( i ) { #if 0 + case 'E': /* passwd controls */ { int crit; char *control, *cvalue; - case 'E': /* passwd controls */ if( protocol == LDAP_VERSION2 ) { fprintf( stderr, "%s: -E incompatible with LDAPv%d\n", prog, protocol ); @@ -80,19 +85,21 @@ handle_private_option( int i ) if ( (cvalue = strchr( control, '=' )) != NULL ) { *cvalue++ = '\0'; } + fprintf( stderr, "Invalid passwd control name: %s\n", control ); usage(); + } #endif case 'a': /* old password (secret) */ - oldpw = strdup (optarg); - + oldpw.bv_val = strdup( optarg ); { char* p; for( p = optarg; *p != '\0'; p++ ) { *p = '\0'; } } + oldpw.bv_len = strlen( oldpw.bv_val ); break; case 'A': /* prompt for old password */ @@ -100,19 +107,28 @@ handle_private_option( int i ) break; case 's': /* new password (secret) */ - newpw = strdup (optarg); + newpw.bv_val = strdup (optarg); { char* p; for( p = optarg; *p != '\0'; p++ ) { *p = '\0'; } } + newpw.bv_len = strlen( newpw.bv_val ); break; case 'S': /* prompt for user password */ want_newpw++; break; + case 't': + oldpwfile = optarg; + break; + + case 'T': + newpwfile = optarg; + break; + default: return 0; } @@ -151,35 +167,49 @@ main( int argc, char *argv[] ) user = NULL; } - if( want_oldpw && oldpw == NULL ) { + if( oldpwfile ) { + rc = lutil_get_filed_password( prog, &oldpw ); + if( rc ) return EXIT_FAILURE; + } + + if( want_oldpw && oldpw.bv_val == NULL ) { /* prompt for old password */ char *ckoldpw; - oldpw = strdup(getpassphrase("Old password: ")); + oldpw.bv_val = strdup(getpassphrase("Old password: ")); ckoldpw = getpassphrase("Re-enter old password: "); - if( oldpw== NULL || ckoldpw == NULL || - strcmp( oldpw, ckoldpw )) + if( oldpw.bv_val == NULL || ckoldpw == NULL || + strcmp( oldpw.bv_val, ckoldpw )) { fprintf( stderr, "passwords do not match\n" ); return EXIT_FAILURE; } + + oldpw.bv_len = strlen( oldpw.bv_val ); + } + + if( newpwfile ) { + rc = lutil_get_filed_password( prog, &newpw ); + if( rc ) return EXIT_FAILURE; } - if( want_newpw && newpw == NULL ) { + if( want_newpw && newpw.bv_val == NULL ) { /* prompt for new password */ char *cknewpw; - newpw = strdup(getpassphrase("New password: ")); + newpw.bv_val = strdup(getpassphrase("New password: ")); cknewpw = getpassphrase("Re-enter new password: "); - if( newpw== NULL || cknewpw == NULL || - strcmp( newpw, cknewpw )) + if( newpw.bv_val == NULL || cknewpw == NULL || + strcmp( newpw.bv_val, cknewpw )) { fprintf( stderr, "passwords do not match\n" ); return EXIT_FAILURE; } + + newpw.bv_len = strlen( newpw.bv_val ); } - if (want_bindpw && passwd.bv_val == NULL ) { + if( want_bindpw && passwd.bv_val == NULL ) { /* handle bind password */ passwd.bv_val = strdup( getpassphrase("Enter bind password: ")); passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; @@ -192,7 +222,7 @@ main( int argc, char *argv[] ) if ( authzid || manageDSAit || noop ) tool_server_controls( ld, NULL, 0 ); - if( user != NULL || oldpw != NULL || newpw != NULL ) { + if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) { /* build change password control */ ber = ber_alloc_t( LBER_USE_DER ); @@ -210,16 +240,16 @@ main( int argc, char *argv[] ) free(user); } - if( oldpw != NULL ) { - ber_printf( ber, "ts", - LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw ); - free(oldpw); + if( oldpw.bv_val != NULL ) { + ber_printf( ber, "tO", + LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw ); + free(oldpw.bv_val); } - if( newpw != NULL ) { - ber_printf( ber, "ts", - LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw ); - free(newpw); + if( newpw.bv_val != NULL ) { + ber_printf( ber, "tO", + LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw ); + free(newpw.bv_val); } ber_printf( ber, /*{*/ "N}" ); @@ -256,7 +286,8 @@ main( int argc, char *argv[] ) return rc; } - rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 ); + rc = ldap_parse_result( ld, res, + &code, &matcheddn, &text, &refs, NULL, 0 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); diff --git a/doc/devel/args b/doc/devel/args index 6bc3bfa477..a9dd91ebf7 100644 --- a/doc/devel/args +++ b/doc/devel/args @@ -1,21 +1,22 @@ Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz -ldapcompare * DE *HI*K M*OPQR UVWXYZ de *h**k *n*p* vwx z -ldapdelete *CDE *HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy -ldapmodify *CDEF*HI*K M*OPQRS UVWXYZabcdef*h**k *n*p*r t vwxy -ldapmodrdn *CDE *HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy -ldappasswd A*CDE *HI* *O QRS UVWXYZa de *h** * * * s vwxy -ldapsearch A*CDE *HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz -ldapwhoami * DE *HI* *O QR UVWXYZ def*h** *n*p* vwx +ldapcompare * DE**HI*K M*OPQR UVWXYZ de *h**k *n*p* vwxyz +ldapdelete *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy +ldapmodify *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *n*p*r t vwxy +ldapmodrdn *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy +ldappasswd A*CDE**HI* *O QRS UVWXYZa def*h** * * * s vwxy +ldapsearch A*CDE**HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz +ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *n*p* vwxy * reserved - GJNgijmoqy01235789 + BFGJNgijmoq01235789 * General flags: -C Chase Referrals -D Bind DN -E Tool-specific Extensions (e.g., -E <[!]oid[=options]>*) -e General Extensions (e.g., -e <[!]oid[=options]>*) + -f file -H URI -P protocol version -V version information diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1 index 6efc120aaa..252c80816a 100644 --- a/doc/man/man1/ldappasswd.1 +++ b/doc/man/man1/ldappasswd.1 @@ -11,6 +11,8 @@ ldappasswd \- change the password of an LDAP entry [\c .BI \-a \ oldPasswd\fR] [\c +.BI \-t \ oldpasswdfile\fR] +[\c .BI \-D \ binddn\fR] [\c .BI \-d \ debuglevel\fR] @@ -27,12 +29,16 @@ ldappasswd \- change the password of an LDAP entry [\c .BI \-s \ newPasswd\fR] [\c +.BI \-T \ newpasswdfile\fR] +[\c .BR \-v ] [\c .BR \-W ] [\c .BI \-w \ passwd\fR] [\c +.BI \-y \ passwdfile\fR] +[\c .BR \-O \ security-properties ] [\c .BR \-I ] @@ -82,6 +88,9 @@ This is used instead of specifying the password on the command line. .BI \-a \ oldPasswd Set the old password to \fIoldPasswd\fP. .TP +.BI \-t \ oldPasswdFile +Set the old password to the contents of \fIoldPasswdFile\fP. +.TP .B \-x Use simple authentication instead of SASL. .TP @@ -116,6 +125,9 @@ This is used instead of specifying the password on the command line. .BI \-s \ newPasswd Set the new password to \fInewPasswd\fP. .TP +.BI \-T \ newPasswdFile +Set the new password to the contents of \fInewPasswdFile\fP. +.TP .B \-v Increase the verbosity of output. Can be specified multiple times. .TP @@ -126,6 +138,10 @@ This is used instead of specifying the password on the command line. .BI \-w \ passwd Use \fIpasswd\fP as the password to bind with. .TP +.BI \-y \ passwdfile +Use complete contents of \fIpasswdfile\fP as the password for +simple authentication. +.TP .BI \-O \ security-properties Specify SASL security properties. .TP diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8 index 41fd51e277..737689fbc1 100644 --- a/doc/man/man8/slappasswd.8 +++ b/doc/man/man8/slappasswd.8 @@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility .B SBINDIR/slappasswd .B [\-v] .B [\-u] -.B [\-s secret] +.B [\-s secret|\-T file] .B [\-h hash] .B [\-c salt-format] .B @@ -34,8 +34,24 @@ versions of this program may generate alternative syntaxes by default. This option is provided for forward compatibility. .TP .BI \-s " secret" -The secret to hash. If not provided, the user will be prompted -for the secret to hash. +The secret to hash. +If this and +.B \-T +are absent, the user will be prompted for the secret to hash. +.B \-s +and +.B \-T +and mutually exclusive flags. +.TP +.BI \-T " file" +Hash the contents of the file. +If this and +.B \-s +are absent, the user will be prompted for the secret to hash. +.B \-s +and +.B \-T +and mutually exclusive flags. .TP .BI \-h " scheme" If -h is specified, one of the following RFC 2307 schemes may diff --git a/servers/slapd/tools/slappasswd.c b/servers/slapd/tools/slappasswd.c index d6b9bc1b13..c183068b30 100644 --- a/servers/slapd/tools/slappasswd.c +++ b/servers/slapd/tools/slappasswd.c @@ -34,6 +34,7 @@ usage(const char *s) " -c format\tcrypt(3) salt format\n" " -u\t\tgenerate RFC2307 values (default)\n" " -v\t\tincrease verbosity\n" + " -T file\tread password from verbosity\n" , s ); exit( EXIT_FAILURE ); @@ -44,13 +45,14 @@ main( int argc, char *argv[] ) { char *scheme = "{SSHA}"; char *newpw = NULL; + char *pwfile = NULL; int i; struct berval passwd; struct berval *hash = NULL; while( (i = getopt( argc, argv, - "c:d:h:s:vu" )) != EOF ) + "c:d:h:s:T:vu" )) != EOF ) { switch (i) { case 'c': /* crypt salt format */ @@ -70,9 +72,12 @@ main( int argc, char *argv[] ) for( p = optarg; *p != '\0'; p++ ) { *p = '\0'; } - } break; + case 'T': /* password file */ + pwfile = optarg; + break; + case 'u': /* RFC2307 userPassword */ break; @@ -89,20 +94,26 @@ main( int argc, char *argv[] ) usage( argv[0] ); } - if( newpw == NULL ) { - /* prompt for new password */ - char *cknewpw; - newpw = strdup(getpassphrase("New password: ")); - cknewpw = getpassphrase("Re-enter new password: "); - - if( strcmp( newpw, cknewpw )) { - fprintf( stderr, "Password values do not match\n" ); + if( pwfile != NULL ) { + if( lutil_get_filed_password( pwfile, &passwd )) { return EXIT_FAILURE; } - } + } else { + if( newpw == NULL ) { + /* prompt for new password */ + char *cknewpw; + newpw = strdup(getpassphrase("New password: ")); + cknewpw = getpassphrase("Re-enter new password: "); + + if( strcmp( newpw, cknewpw )) { + fprintf( stderr, "Password values do not match\n" ); + return EXIT_FAILURE; + } + } - passwd.bv_val = newpw; - passwd.bv_len = strlen(passwd.bv_val); + passwd.bv_val = newpw; + passwd.bv_len = strlen(passwd.bv_val); + } hash = lutil_passwd_hash( &passwd, scheme );