From 65e4923d75dff251baff9db28424f8e3e653400d Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 14 Dec 1998 10:10:41 +0000 Subject: [PATCH] Backout previous changes made by Dave as they excessive reformatting, reindentation, and use of spaces instead of tab. Diffs will be reviewed to identify and commit only functional changes as time permits. Note: this is more my fault than Dave's. I should have provided clearer guidance. Live and learn. --- clients/tools/ldapdelete.c | 221 ++++++------- clients/tools/ldapmodify.c | 161 ++++------ clients/tools/ldapmodrdn.c | 243 ++++++-------- clients/tools/ldappasswd.c | 626 ++++++++++++------------------------- clients/tools/ldapsearch.c | 311 +++++++++--------- 5 files changed, 597 insertions(+), 965 deletions(-) diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index 4d3bc54c39..6638fee629 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -12,32 +12,17 @@ #include #include +static char *binddn = NULL; +static char *passwd = NULL; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; static int not, verbose, contoper; +static LDAP *ld; #define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ realloc( ptr, size )) -static void -usage(char *s) -{ - fprintf(stderr, "Usage: %s [options] [dn]...", s); - fprintf(stderr, " -c\t\tcontinuous operation mode\n"); - fprintf(stderr, " -D bindnd\tbind dn\n"); - fprintf(stderr, " -d level\tdebugging level\n"); - fprintf(stderr, " -f file\t\t\n"); - fprintf(stderr, " -h host\tldap sever\n"); -#ifdef HAVE_KERBEROS - fprintf(stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n"); -#endif - fprintf(stderr, " -n\t\t make no modifications\n"); - fprintf(stderr, " -p port\tldap port\n"); - fprintf(stderr, " -v\t\tverbose\n"); - fprintf(stderr, " -W\t\tprompt for bind password\n"); - fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n"); - exit(1); -} - static int dodelete LDAP_P(( LDAP *ld, char *dn)); @@ -45,146 +30,132 @@ static int dodelete LDAP_P(( int main( int argc, char **argv ) { - FILE *fp = NULL; - LDAP *ld = NULL; - char buf[4096]; - char *binddn = NULL; - char *passwd = NULL; - char *ldaphost = NULL; - int authmethod = LDAP_AUTH_SIMPLE; - int deref = LDAP_DEREF_NEVER; - int i, rc, want_passwd; - int ldapport = LDAP_PORT; - - rc = not = verbose = contoper = want_passwd = 0; - - while ((i = getopt( argc, argv, "cD:d:f:h:Kknp:vWw:")) != EOF ) - { - switch(i) - { - case 'c': /* continuous operation mode */ - contoper++; + char *usage = "usage: %s [-n] [-v] [-k] [-d debug-level] [-f file] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [dn]...\n"; + char buf[ 4096 ]; + FILE *fp; + int i, rc, kerberos, authmethod; + + kerberos = not = verbose = contoper = 0; + fp = NULL; + + while (( i = getopt( argc, argv, "nvkKch:p:D:w:d:f:" )) != EOF ) { + switch( i ) { + case 'k': /* kerberos bind */ + kerberos = 2; break; - - case 'D': /* bind DN */ - binddn = strdup(optarg); + case 'K': /* kerberos bind, part one only */ + kerberos = 1; break; - - case 'd': -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi(optarg); -#else - fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); -#endif + case 'c': /* continuous operation mode */ + ++contoper; break; - - case 'f': /* read DNs from a file */ - if ((fp = fopen(optarg, "r")) == NULL) - { - perror(optarg); - return(1); - } + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); break; - - case 'h': /* ldap host */ - ldaphost = strdup(optarg); + case 'D': /* bind DN */ + binddn = strdup( optarg ); break; - - case 'K': /* kerberos bind, part one only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif + case 'w': /* password */ + passwd = strdup( optarg ); break; - - case 'k': /* kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'n': /* print deletes, don't actually do them */ - not++; + case 'f': /* read DNs from a file */ + if (( fp = fopen( optarg, "r" )) == NULL ) { + perror( optarg ); + exit( 1 ); + } break; - - case 'p': + case 'd': +#ifdef LDAP_DEBUG + ldap_debug = lber_debug = atoi( optarg ); /* */ +#else /* LDAP_DEBUG */ + fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); +#endif /* LDAP_DEBUG */ + break; + case 'p': ldapport = atoi( optarg ); break; - - case 'v': /* verbose mode */ - verbose++; + case 'n': /* print deletes, don't actually do them */ + ++not; break; - - case 'W': - want_passwd++; - break; - - case 'w': /* password */ - passwd = strdup(optarg); + case 'v': /* verbose mode */ + verbose++; break; - - default: - usage(argv[0]); + default: + fprintf( stderr, usage, argv[0] ); + exit( 1 ); } } - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP Password: ")); - - if (fp == NULL && optind >= argc) - fp = stdin; + if ( fp == NULL ) { + if ( optind >= argc ) { + fp = stdin; + } + } - if ((ld = ldap_open(ldaphost, ldapport)) == NULL) { - perror("ldap_open"); - return(1); + if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { + perror( "ldap_open" ); + exit( 1 ); } - /* this seems prudent */ - ldap_set_option(ld, LDAP_OPT_DEREF, &deref); + { + /* this seems prudent */ + int deref = LDAP_DEREF_NEVER; + ldap_set_option( ld, LDAP_OPT_DEREF, &deref ); + } - if (ldap_bind_s(ld, binddn, passwd, authmethod) != LDAP_SUCCESS) { - ldap_perror(ld, "ldap_bind"); - return(1); + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } + if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_bind" ); + exit( 1 ); } - if (fp == NULL) { - for (; optind < argc; ++optind) - rc = dodelete(ld, argv[optind]); + if ( fp == NULL ) { + for ( ; optind < argc; ++optind ) { + rc = dodelete( ld, argv[ optind ] ); + } } else { rc = 0; while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) { - buf[strlen(buf) - 1] = '\0'; /* remove trailing newline */ - if ( *buf != '\0' ) - rc = dodelete( ld, buf ); + buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */ + if ( *buf != '\0' ) { + rc = dodelete( ld, buf ); + } } } - ldap_unbind(ld); + ldap_unbind( ld ); + + exit( rc ); - return(rc); + /* UNREACHABLE */ + return(0); } -static int -dodelete( + +static int dodelete( LDAP *ld, char *dn) { int rc; - if (verbose) + if ( verbose ) { printf( "%sdeleting entry %s\n", not ? "!" : "", dn ); - - if (not) + } + if ( not ) { rc = LDAP_SUCCESS; - else { - if ((rc = ldap_delete_s(ld, dn)) != LDAP_SUCCESS) - ldap_perror(ld, "ldap_delete"); - else if (verbose) - printf("entry removed\n"); + } else { + if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_delete" ); + } else if ( verbose ) { + printf( "entry removed\n" ); + } } - return(rc); + return( rc ); } diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index b57d212b4b..88756ada24 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -22,13 +22,13 @@ #include #include -static LDAP *ld = NULL; static char *prog; static char *binddn = NULL; static char *passwd = NULL; static char *ldaphost = NULL; -static int ldapport = LDAP_PORT; +static int ldapport = 0; static int new, replace, not, verbose, contoper, force, valsfromfiles; +static LDAP *ld; #define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ realloc( ptr, size )) @@ -50,30 +50,6 @@ static int new, replace, not, verbose, contoper, force, valsfromfiles; #define T_NEWRDNSTR "newrdn" #define T_DELETEOLDRDNSTR "deleteoldrdn" -static void -usage(char *s) -{ - fprintf(stderr, "Usage: %s [options] [dn]...\n", s); - fprintf(stderr, " -a\t\tadd new entries\n"); - fprintf(stderr, " -b\t\tread in binary\n"); - fprintf(stderr, " -c\t\tcontinuous operation mode\n"); - fprintf(stderr, " -D bindnd\tbind dn\n"); - fprintf(stderr, " -d level\tdebugging level\n"); - fprintf(stderr, " -F\t\tforce changes regardless of input\n"); - fprintf(stderr, " -f file\tread from file\n"); - fprintf(stderr, " -h host\tldap sever\n"); -#ifdef HAVE_KERBEROS - fprintf(stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n"); -#endif - fprintf(stderr, " -n\t\tmake no modifications\n"); - fprintf(stderr, " -p port\tldap port\n"); - fprintf(stderr, " -r\t\tremove old RDN\n"); - fprintf(stderr, " -v\t\tverbose\n"); - fprintf(stderr, " -W\t\tprompt for bind password\n"); - fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n"); - exit(1); -} static int process_ldapmod_rec LDAP_P(( char *rbuf )); static int process_ldif_rec LDAP_P(( char *rbuf )); @@ -86,45 +62,58 @@ static void freepmods LDAP_P(( LDAPMod **pmods )); static int fromfile LDAP_P(( char *path, struct berval *bv )); static char *read_one_record LDAP_P(( FILE *fp )); + int -main(int argc, char **argv) +main( int argc, char **argv ) { - char *infile = NULL; - char *rbuf, *start, *p, *q; - FILE *fp = NULL; - int rc, i, use_ldif, want_passwd; - int authmethod = LDAP_AUTH_SIMPLE; - - if ((prog = strrchr(argv[0], '/')) == NULL) - prog = argv[0]; - else - prog++; + char *infile, *rbuf, *start, *p, *q; + FILE *fp; + int rc, i, kerberos, use_ldif, authmethod; + char *usage = "usage: %s [-abcknrvF] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile ]\n"; - new = (strcmp(prog, "ldapadd") == 0); + if (( prog = strrchr( argv[ 0 ], '/' )) == NULL ) { + prog = argv[ 0 ]; + } else { + ++prog; + } + new = ( strcmp( prog, "ldapadd" ) == 0 ); - not = verbose = valsfromfiles = want_passwd = 0; + infile = NULL; + kerberos = not = verbose = valsfromfiles = 0; - while ((i = getopt(argc, argv, "abcD:d:Ff:h:Kknp:rtvWw:")) != EOF) - { - switch(i) - { + while (( i = getopt( argc, argv, "FabckKnrtvh:p:D:w:d:f:" )) != EOF ) { + switch( i ) { case 'a': /* add */ new = 1; break; - - case 'b': /* read values from files (for binary attributes) */ + case 'b': /* read values from files (for binary attributes) */ valsfromfiles = 1; break; - - case 'c': /* continuous operation */ + case 'c': /* continuous operation */ contoper = 1; break; - - case 'D': /* bind DN */ + case 'r': /* default is to replace rather than add values */ + replace = 1; + break; + case 'k': /* kerberos bind */ + kerberos = 2; + break; + case 'K': /* kerberos bind, part 1 only */ + kerberos = 1; + break; + case 'F': /* force all changes records to be used */ + force = 1; + break; + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); + break; + case 'D': /* bind DN */ binddn = strdup( optarg ); break; - - case 'd': + case 'w': /* password */ + passwd = strdup( optarg ); + break; + case 'd': #ifdef LDAP_DEBUG ldap_debug = lber_debug = atoi( optarg ); /* */ #else /* LDAP_DEBUG */ @@ -132,69 +121,28 @@ main(int argc, char **argv) prog ); #endif /* LDAP_DEBUG */ break; - - case 'F': /* force all changes records to be used */ - force = 1; - break; - case 'f': /* read from file */ infile = strdup( optarg ); break; - - case 'h': /* ldap host */ - ldaphost = strdup( optarg ); - break; - - case 'k': /* kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'K': /* kerberos bind, part 1 only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif + case 'p': + ldapport = atoi( optarg ); break; - case 'n': /* print adds, don't actually do them */ ++not; break; - - case 'p': - ldapport = atoi( optarg ); - break; - - case 'r': /* default is to replace rather than add values */ - replace = 1; - break; - - case 'v': /* verbose mode */ + case 'v': /* verbose mode */ verbose++; break; - - case 'W': - want_passwd++; - break; - - case 'w': /* password */ - passwd = strdup( optarg ); - break; - - default: - usage(prog); + default: + fprintf( stderr, usage, prog ); + exit( 1 ); } } - if (argc - optind != 0) - usage(prog); - - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP password: ")); + if ( argc - optind != 0 ) { + fprintf( stderr, usage, prog ); + exit( 1 ); + } if ( infile != NULL ) { if (( fp = fopen( infile, "r" )) == NULL ) { @@ -215,6 +163,13 @@ main(int argc, char **argv) /* this seems prudent */ ldap_set_option( ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER); + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); exit( 1 ); @@ -280,7 +235,7 @@ process_ldif_rec( char *rbuf ) new_entry = new; - modop = rc = got_all = saw_replica = delete_entry = expect_modop = 0; + rc = got_all = saw_replica = delete_entry = expect_modop = 0; expect_deleteoldrdn = expect_newrdn = expect_sep = expect_ct = 0; linenum = 0; deleteoldrdn = 1; diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 7c91641431..4697b283cd 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -12,33 +12,17 @@ #include #include +static char *binddn = NULL; +static char *passwd = NULL; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; static int not, verbose, contoper; +static LDAP *ld; #define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ realloc( ptr, size )) -static void -usage(char *s) -{ - fprintf(stderr, "Usage: %s [options] [dn]...\n", s); - fprintf(stderr, " -c\t\tcontinuous operation mode\n"); - fprintf(stderr, " -D bindnd\tbind dn\n"); - fprintf(stderr, " -d level\tdebugging level\n"); - fprintf(stderr, " -f file\tread from file\n"); - fprintf(stderr, " -h host\tldap sever\n"); -#ifdef HAVE_KERBEROS - fprintf(stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n"); -#endif - fprintf(stderr, " -n\t\tmake no modifications\n"); - fprintf(stderr, " -p port\tldap port\n"); - fprintf(stderr, " -r\t\tremove old RDN\n"); - fprintf(stderr, " -v\t\tverbose\n"); - fprintf(stderr, " -W\t\tprompt for bind password\n"); - fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n"); - exit(1); -} - static int domodrdn LDAP_P(( LDAP *ld, char *dn, @@ -48,172 +32,140 @@ static int domodrdn LDAP_P(( int main(int argc, char **argv) { - FILE *fp = NULL; - LDAP *ld = NULL; - char *myname, *infile, *entrydn, *rdn, buf[ 4096 ]; - char *binddn = NULL; - char *passwd = NULL; - char *ldaphost = NULL; - int rc, i, remove, havedn, want_passwd; - int authmethod = LDAP_AUTH_SIMPLE; - int ldapport = LDAP_PORT; - - infile = entrydn = rdn = NULL; - not = contoper = verbose = remove = want_passwd = 0; + char *usage = "usage: %s [-nvkc] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile | dn newrdn ]\n"; + char *myname,*infile, *entrydn, *rdn, buf[ 4096 ]; + FILE *fp; + int rc, i, kerberos, remove, havedn, authmethod; + + infile = NULL; + kerberos = not = contoper = verbose = remove = 0; + myname = (myname = strrchr(argv[0], '/')) == NULL ? argv[0] : ++myname; - while ((i = getopt(argc, argv, "cD:d:f:h:Kknp:rvWw:")) != EOF) - { - switch(i) - { + while (( i = getopt( argc, argv, "kKcnvrh:p:D:w:d:f:" )) != EOF ) { + switch( i ) { + case 'k': /* kerberos bind */ + kerberos = 2; + break; + case 'K': /* kerberos bind, part one only */ + kerberos = 1; + break; case 'c': /* continuous operation mode */ - contoper++; + ++contoper; break; - - case 'D': /* bind DN */ + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); + break; + case 'D': /* bind DN */ binddn = strdup( optarg ); break; - - case 'd': + case 'w': /* password */ + passwd = strdup( optarg ); + break; + case 'd': #ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi( optarg ); + ldap_debug = lber_debug = atoi( optarg ); /* */ #else /* LDAP_DEBUG */ fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); #endif /* LDAP_DEBUG */ break; - case 'f': /* read from file */ infile = strdup( optarg ); break; - - case 'h': /* ldap host */ - ldaphost = strdup( optarg ); - break; - - case 'K': /* kerberos bind, part one only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'k': /* kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'n': /* print adds, don't actually do them */ - not++; - break; - - case 'p': + case 'p': ldapport = atoi( optarg ); break; - - case 'r': /* remove old RDN */ - remove++; + case 'n': /* print adds, don't actually do them */ + ++not; break; - - case 'v': /* verbose mode */ + case 'v': /* verbose mode */ verbose++; break; - - case 'W': - want_passwd++; - break; - - case 'w': /* password */ - passwd = strdup(optarg); + case 'r': /* remove old RDN */ + remove++; break; - - default: - usage(argv[0]); + default: + fprintf( stderr, usage, argv[0] ); + exit( 1 ); } } havedn = 0; - if (argc - optind == 2) - { - if (( rdn = strdup( argv[argc - 1] )) == NULL ) - { + if (argc - optind == 2) { + if (( rdn = strdup( argv[argc - 1] )) == NULL ) { perror( "strdup" ); - return(1); + exit( 1 ); } - if (( entrydn = strdup( argv[argc - 2] )) == NULL ) - { + if (( entrydn = strdup( argv[argc - 2] )) == NULL ) { perror( "strdup" ); - return( 1 ); + exit( 1 ); } - havedn++; - } else if (argc - optind != 0) { - fprintf(stderr, "%s: invalid number of arguments, only two allowed\n", myname); - usage(argv[0]); + ++havedn; + } else if ( argc - optind != 0 ) { + fprintf( stderr, "%s: invalid number of arguments, only two allowed\n", myname); + fprintf( stderr, usage, argv[0] ); + exit( 1 ); } - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP password: ")); - - if (infile != NULL) - { - if ((fp = fopen( infile, "r" )) == NULL) - { - perror(infile); - return(1); + if ( infile != NULL ) { + if (( fp = fopen( infile, "r" )) == NULL ) { + perror( infile ); + exit( 1 ); } - } else + } else { fp = stdin; + } - if ((ld = ldap_open(ldaphost, ldapport)) == NULL) - { - perror("ldap_open"); - return(1); + if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { + perror( "ldap_open" ); + exit( 1 ); } - /* this seems prudent */ - ldap_set_option(ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER); + /* this seems prudent */ + ldap_set_option( ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER); - if (ldap_bind_s(ld, binddn, passwd, authmethod) != LDAP_SUCCESS) - { - ldap_perror(ld, "ldap_bind"); - return(1); + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } + if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_bind" ); + exit( 1 ); } rc = 0; if (havedn) rc = domodrdn(ld, entrydn, rdn, remove); else while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) { - if (*buf != '\0') { /* blank lines optional, skip */ - buf[strlen(buf) - 1] = '\0'; /* remove nl */ - - if (havedn) - { - /* have DN, get RDN */ - if (( rdn = strdup( buf )) == NULL) - { + if ( *buf != '\0' ) { /* blank lines optional, skip */ + buf[ strlen( buf ) - 1 ] = '\0'; /* remove nl */ + + if ( havedn ) { /* have DN, get RDN */ + if (( rdn = strdup( buf )) == NULL ) { perror( "strdup" ); exit( 1 ); } rc = domodrdn(ld, entrydn, rdn, remove); havedn = 0; - } else if (!havedn) { - /* don't have DN yet */ - if (( entrydn = strdup( buf )) == NULL ) - { + } else if ( !havedn ) { /* don't have DN yet */ + if (( entrydn = strdup( buf )) == NULL ) { perror( "strdup" ); exit( 1 ); } - havedn++; + ++havedn; } } } - ldap_unbind(ld); + ldap_unbind( ld ); - return(rc); + exit( rc ); + + /* UNREACHABLE */ + return(0); } static int domodrdn( @@ -222,25 +174,26 @@ static int domodrdn( char *rdn, int remove) /* flag: remove old RDN */ { - int rc = LDAP_SUCCESS; + int i; - if (verbose) - { - printf("modrdn %s:\n\t%s\n", dn, rdn); + if ( verbose ) { + printf( "modrdn %s:\n\t%s\n", dn, rdn ); if (remove) printf("removing old RDN\n"); else printf("keeping old RDN\n"); } - if (!not) - { - rc = ldap_modrdn2_s(ld, dn, rdn, remove); - if (rc != LDAP_SUCCESS) - ldap_perror(ld, "ldap_modrdn2_s"); - else if (verbose) - printf("modrdn complete\n"); + if ( !not ) { + i = ldap_modrdn2_s( ld, dn, rdn, remove ); + if ( i != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_modrdn2_s" ); + } else if ( verbose ) { + printf( "modrdn complete\n" ); + } + } else { + i = LDAP_SUCCESS; } - return(rc); + return( i ); } diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index ce7e3f89a4..d5d18e36bd 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -1,26 +1,24 @@ /* - * Copyright 1998, David E. Storey, All rights reserved. - * This software is not subject to any license of The Murphy Group, Inc. - * or George Mason University. + * Copyright 1998, David E. Storey, All rights reserved. + * This software is not subject to any license of The Murphy Group, Inc. + * or George Mason University. * - * Redistribution and use in source and binary forms are permitted only - * as authorized by the OpenLDAP Public License. A copy of this - * license is available at http://www.OpenLDAP.org/license.html or - * in file LICENSE in the top-level directory of the distribution. + * Redistribution and use in source and binary forms are permitted only + * as authorized by the OpenLDAP Public License. A copy of this + * license is available at http://www.OpenLDAP.org/license.html or + * in file LICENSE in the top-level directory of the distribution. * - * ldappasswd.c - program to modify passwords in an LDAP tree + * ldappasswd.c - program to modify passwords in an LDAP tree * - * Author: David E. Storey + * Author: David E. Storey * - * ToDo: - * use entry's current hash type - * output ldif update - * option for referral handling? - * salts {ssha},{smd5} - * cracklib support? - * update "shadow" fields? - * update from system? - * create/view/change password policies? + * ToDo: option for referral handling + * cracklib support? + * kerberos support? (is this really necessary?) + * update "shadow" fields? + * create/view/change password policies? + * + * Note: I am totally FOR comments and suggestions! */ #include "portable.h" @@ -40,404 +38,217 @@ #include "ldapconfig.h" -#define CEILING(x) ((double)x > (int)x ? (int)x + 1 : (int)x) - #define LDAP_PASSWD_ATTRIB "userPassword" -#define LDAP_PASSWD_CONF DEFAULT_SYSCONFDIR"/passwd.conf" - -#define HS_NONE 0 -#define HS_PLAIN 1 -#define HS_CONV 2 -typedef enum -{ +typedef enum { HASHTYPE_NONE, HASHTYPE_CRYPT, HASHTYPE_MD5, - HASHTYPE_SMD5, - HASHTYPE_SHA1, - HASHTYPE_SSHA1 -} -HashTypes; - -typedef struct salt_t -{ - unsigned char *salt; - unsigned int len; -} -Salt; + HASHTYPE_SHA1 +} HashTypes; -typedef struct hash_t -{ +struct hash_t { char *name; - unsigned int namesz; - char *(*func) (const char *, Salt *); - unsigned char takes_salt; + int namesz; + int (*func)(const char *, char *); HashTypes type; - HashTypes type_salted; - unsigned int default_salt_len; -} -Hash; +}; -const unsigned char crypt64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./"; -const unsigned char autogen[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.,"; -int noupdates = 0; -int verbose = 0; -int want_entryhash = 0; -int auto_gen_pw = 0; +const char crypt64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./"; +char *base = NULL; +char *binddn = NULL; +char *bindpw = NULL; +char *ldaphost = "localhost"; +char *pwattr = LDAP_PASSWD_ATTRIB; +char *targetdn = NULL; +char *filtpattern = NULL; +int ldapport = LDAP_PORT; +int noupdates = 0; +int verbose = 0; +int hashtype = HASHTYPE_CRYPT; +int scope = LDAP_SCOPE_SUBTREE; /*** functions ***/ /* * if you'd like to write a better salt generator, please, be my guest. + * I just needed *something*. It's actually halfway effective for small, + * two character salts and it can come up with sequentially different + * salts. */ void -make_salt (Salt * salt, unsigned int len) +crypt_make_salt(char *salt) { struct timeval tv; + int i; + char t_salt[5]; - if (!salt) - return; - - /* seed random number generator */ - gettimeofday (&tv, NULL); - srand (tv.tv_usec); + /* grab current time */ + gettimeofday(&tv, (struct timezone *) 0); + i += tv.tv_usec + (int)&salt; + strncpy(t_salt, (char *)&i, sizeof(i)); - salt->len = len; - salt->salt = (unsigned char *) malloc (len); - - for (len = 0; len < salt->len; len++) - salt->salt[len] = (tv.tv_usec ^ rand ()) & 0xff; + for (i = 0; i < sizeof(i); i++) + salt[i] = crypt64[t_salt[i] % (sizeof(crypt64) - 1)]; + salt[i] = '\0'; } -char * -gen_pass(unsigned int len) -{ - int i; - char *newpw = NULL; - Salt salt = {NULL, 0}; - - make_salt(&salt, len); - newpw = (char *)salt.salt; - - for (i = 0; i < len; i++) - newpw[i] = autogen[newpw[i] % (sizeof(autogen) - 1)]; - - return(newpw); -} - -char * -hash_none (const char *pw_in, Salt * salt) +int +hash_none(const char *pw_in, char *pw_out) { - return (strdup (pw_in)); + strcpy(pw_out, pw_in); + return(1); } -char * -hash_crypt (const char *pw_in, Salt * salt) -{ - char *crypted_pw = NULL; - if (salt && salt->salt && strlen ((char *) salt->salt) >= 2) - crypted_pw = crypt (pw_in, (char *) salt->salt); - else - { - Salt lsalt; - make_salt (&lsalt, 2); - lsalt.salt[0] = crypt64[lsalt.salt[0] % (sizeof (crypt64) - 1)]; - lsalt.salt[1] = crypt64[lsalt.salt[1] % (sizeof (crypt64) - 1)]; - crypted_pw = crypt (pw_in, (char *) lsalt.salt); - free (lsalt.salt); - } - return (strdup (crypted_pw)); -} - -char * -pw_encode(unsigned char *passwd, Salt *salt, unsigned int len) +int +hash_crypt(const char *pw_in, char *pw_out) { - int salted = salt && salt->salt && salt->len; - int b64_len = 0; - char *base64digest = NULL; - unsigned char *npasswd = passwd; - - if (salted) - { - npasswd = (unsigned char *)malloc(len + salt->len); - memcpy(npasswd, passwd, len); - memcpy(&npasswd[len], salt->salt, salt->len); - len += salt->len; - } - - b64_len = CEILING (len / 3) * 4 + 1; - base64digest = (char *) malloc (b64_len); - if (lutil_b64_ntop (npasswd, len, base64digest, b64_len) < 0) - { - free(base64digest); - base64digest = NULL; - } - - if (salted) - free(npasswd); - - return(base64digest); + char salt[5]; + crypt_make_salt(salt); + strcpy(pw_out, crypt(pw_in, salt)); + return(1); } -char * -hash_md5 (const char *pw_in, Salt *salt) +int +hash_md5(const char *pw_in, char *pw_out) { lutil_MD5_CTX MD5context; unsigned char MD5digest[16]; - unsigned char *hashing_pw = (unsigned char *)pw_in; - char *base64digest = NULL; - int tot_len = strlen (pw_in); - int salted = (salt && salt->salt && salt->len); + char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */ - /* append salt to password */ - if (salted) - { - hashing_pw = (unsigned char *) malloc (tot_len + salt->len); - memcpy (hashing_pw, pw_in, tot_len); - memcpy (&hashing_pw[tot_len], salt->salt, salt->len); - tot_len += salt->len; - } - - lutil_MD5Init (&MD5context); - lutil_MD5Update (&MD5context, hashing_pw, tot_len); - lutil_MD5Final (MD5digest, &MD5context); - - base64digest = pw_encode(MD5digest, salt, sizeof(MD5digest)); + lutil_MD5Init(&MD5context); + lutil_MD5Update(&MD5context, (unsigned char *)pw_in, strlen(pw_in)); + lutil_MD5Final(MD5digest, &MD5context); + if (lutil_b64_ntop(MD5digest, sizeof(MD5digest), base64digest, sizeof(base64digest)) < 0) + return (0); - if (salted) - free (hashing_pw); - - return (base64digest); + strcpy(pw_out, base64digest); + return(1); } -char * -hash_sha1 (const char *pw_in, Salt * salt) +int +hash_sha1(const char *pw_in, char *pw_out) { lutil_SHA1_CTX SHA1context; unsigned char SHA1digest[20]; - unsigned char *hashing_pw = (unsigned char *)pw_in; - char *base64digest = NULL; - int tot_len = strlen (pw_in); - int salted = (salt && salt->salt); + char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */ - /* append salt to password */ - if (salted) - { - hashing_pw = (unsigned char *) malloc (tot_len + salt->len); - memcpy (hashing_pw, pw_in, tot_len); - memcpy (&hashing_pw[tot_len], salt->salt, salt->len); - tot_len += salt->len; - } - - lutil_SHA1Init (&SHA1context); - lutil_SHA1Update (&SHA1context, hashing_pw, tot_len); - lutil_SHA1Final (SHA1digest, &SHA1context); - - base64digest = pw_encode(SHA1digest, salt, sizeof(SHA1digest)); + lutil_SHA1Init(&SHA1context); + lutil_SHA1Update(&SHA1context, (unsigned char *)pw_in, strlen(pw_in)); + lutil_SHA1Final(SHA1digest, &SHA1context); + if (lutil_b64_ntop(SHA1digest, sizeof(SHA1digest), base64digest, sizeof(base64digest)) < 0) + return(0); - if (salted) - free (hashing_pw); - - return (base64digest); + strcpy(pw_out, base64digest); + return(1); } -static Hash hashes[] = -{ - {"none", 4, hash_none, 0, HASHTYPE_NONE, HASHTYPE_NONE, 0}, - {"crypt", 5, hash_crypt, 1, HASHTYPE_CRYPT, HASHTYPE_CRYPT, 2}, - {"md5", 3, hash_md5, 0, HASHTYPE_MD5, HASHTYPE_SMD5, 0}, - {"smd5", 4, hash_md5, 1, HASHTYPE_SMD5, HASHTYPE_SMD5, 4}, - {"sha", 3, hash_sha1, 0, HASHTYPE_SHA1, HASHTYPE_SSHA1, 0}, - {"ssha", 4, hash_sha1, 1, HASHTYPE_SSHA1, HASHTYPE_SSHA1, 4}, - {NULL, 0, NULL, 0, HASHTYPE_NONE, HASHTYPE_NONE, 0} +static struct hash_t hashes[] = { + {"none", 4, hash_none, HASHTYPE_NONE}, + {"crypt", 5, hash_crypt, HASHTYPE_CRYPT}, + {"md5", 3, hash_md5, HASHTYPE_MD5}, + {"sha", 3, hash_sha1, HASHTYPE_SHA1}, + {NULL, 0, NULL, HASHTYPE_NONE} }; int -modify_dn (LDAP * ld, char *targetdn, char *pwattr, char *oldpw, - char *newpw, HashTypes htype, Salt * salt) +modify_dn(LDAP *ld, char *targetdn, char *newpw) { int ret = 0; - int salted = salt->salt ? 1 : 0; - int want_salt = salt->len && !salted; - char *buf = NULL; - char *hashed_pw = NULL; - char *strvals[2] = {NULL, NULL}; - LDAPMod mod, *mods[2] = {&mod, NULL}; + char hashed_pw[128] = {'\0'}; + char buf[128] = {'\0'}; + char *strvals[2] = {buf, NULL}; + LDAPMod mod, *mods[2] = {&mod, NULL}; if (!ld || !targetdn || !newpw) - return (1); - - /* auto-generate password */ - if (auto_gen_pw) - newpw = gen_pass(auto_gen_pw); - - /* handle salt */ - if (want_salt) - { - make_salt (salt, salt->len); - htype = hashes[htype].type_salted; - } - else if (hashes[htype].default_salt_len) - { - /* user chose a salted hash and needs a salt */ - if (!salted) - { - want_salt++; - salt->len = hashes[htype].default_salt_len; - make_salt(salt, salt->len); - } - } + return(1); /* hash password */ - hashed_pw = hashes[htype].func (newpw, salt->len ? salt : NULL); - - /* return salt back to it's original state */ - if (want_salt) - { - free (salt->salt); - salt->salt = NULL; - } - - buf = (char *) malloc (hashes[htype].namesz + 3 + strlen (hashed_pw)); - if (htype) - sprintf (buf, "{%s}%s", hashes[htype].name, hashed_pw); + hashes[hashtype].func(newpw, hashed_pw); + if (hashtype) + sprintf(buf, "{%s}%s", hashes[hashtype].name, hashed_pw); else - sprintf (buf, "%s", hashed_pw); + sprintf(buf, "%s", hashed_pw); if (verbose > 0) { - printf ("%s", targetdn); + printf("%s", targetdn); if (verbose > 1) { - printf (":%s", buf); + printf(":%s", buf); if (verbose > 2) - printf (":%s", newpw); + printf(":%s", newpw); } - printf ("\n"); + printf("\n"); } - strvals[0] = buf; - mod.mod_vals.modv_strvals = strvals; + mod.mod_vals.modv_strvals = strvals; mod.mod_type = pwattr; mod.mod_op = LDAP_MOD_REPLACE; - if (!noupdates && (ret = ldap_modify_s (ld, targetdn, mods)) != LDAP_SUCCESS) - ldap_perror (ld, "ldap_modify_s"); - - free (hashed_pw); - free (buf); - return (ret); + if (!noupdates && (ret = ldap_modify_s(ld, targetdn, mods)) != LDAP_SUCCESS) + ldap_perror(ld, "ldap_modify_s"); + return(ret); } void -usage (char *s) +usage(char *s) { - fprintf (stderr, "Usage: %s [options] [filter]\n", s); - fprintf (stderr, " -a attrib\tpassword attribute (default: %s)\n", LDAP_PASSWD_ATTRIB); - fprintf (stderr, " -b basedn\tbasedn to perform searches\n"); -/* fprintf (stderr, " -C\t\tuse entry's current hash mechanism\n"); */ - fprintf (stderr, " -D binddn\tbind dn\n"); - fprintf (stderr, " -d level\tdebugging level\n"); - fprintf (stderr, " -E\t\tprompt for new password\n"); - fprintf (stderr, " -e passwd\tnew password\n"); - fprintf (stderr, " -g passlen\tauto-generate passwords with length pwlen\n"); - fprintf (stderr, " -H hash\thash type (default: crypt)\n"); - fprintf (stderr, " -h host\tldap server (default: localhost)\n"); -#ifdef HAVE_KERBEROS - fprintf (stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf (stderr, " -k\t\tuse Kerberos\n"); -#endif - fprintf (stderr, " -l time\ttime limit\n"); - fprintf (stderr, " -n\t\tmake no modifications\n"); - fprintf (stderr, " -p port\tldap port\n"); - fprintf (stderr, " -s scope\tsearch scope: base, one, sub (default: sub)\n"); - fprintf (stderr, " -t targetdn\tdn to change password\n"); - fprintf (stderr, " -v\t\tverbose (more v's, more verbose)\n"); - fprintf (stderr, " -W\t\tprompt for bind password\n"); - fprintf (stderr, " -w passwd\tbind password (for simple authentication)\n"); - fprintf (stderr, " -Y saltlen\tsalt length to use\n"); -/* fprintf (stderr, " -y salt\tsalt to use\n"); */ - fprintf (stderr, " -z size\tsize limit\n"); - exit (1); + fprintf(stderr, "usage: %s [options] [filter]\n", s); + fprintf(stderr, "\t-a attrib password attribute (default: userPassword)\n"); + fprintf(stderr, "\t-b basedn basedn to perform searches\n"); + fprintf(stderr, "\t-c hash hash type: none, crypt, md5, sha (default: crypt)\n"); + fprintf(stderr, "\t-D binddn bind dn\n"); + fprintf(stderr, "\t-d level debugging level\n"); + fprintf(stderr, "\t-h host ldap server (default: localhost)\n"); + fprintf(stderr, "\t-l time time limit\n"); + fprintf(stderr, "\t-n make no modifications\n"); + fprintf(stderr, "\t-p port ldap port\n"); + fprintf(stderr, "\t-s scope search scope: base, one, sub (default: sub)\n"); + fprintf(stderr, "\t-t targetdn dn to change password\n"); + fprintf(stderr, "\t-W newpass new password\n"); + fprintf(stderr, "\t-w [passwd] bind password (for simple authentication)\n"); + fprintf(stderr, "\t-v verbose\n"); + fprintf(stderr, "\t-z size size limit\n"); + exit(1); } int -main (int argc, char *argv[]) +main(int argc, char *argv[]) { - char *base = NULL; - char *binddn = NULL; - char *bindpw = NULL; - char *filtpattern = NULL; - char *ldaphost = "localhost"; - char *targetdn = NULL; - char *pwattr = LDAP_PASSWD_ATTRIB; char *newpw = NULL; - int authmethod = LDAP_AUTH_SIMPLE; - int hashtype = HASHTYPE_CRYPT; int i, j; - int ldapport = LDAP_PORT; - int scope = LDAP_SCOPE_SUBTREE; int sizelimit = LDAP_NO_LIMIT; int timelimit = LDAP_NO_LIMIT; int want_bindpw = 0; - int want_newpw = 0; LDAP *ld; - Salt salt; - salt.salt = NULL; - salt.len = 0; - - if (argc == 1) - usage(argv[0]); - - while ((i = getopt (argc, argv, "a:b:C:D:d:Ee:g:H:h:Kkl:np:s:t:vWw:Y:y:z:")) != EOF) + while ((i = getopt(argc, argv, "D:W:a:b:c:d:h:l:np:s:t:vw::z:")) != EOF) { - switch (i) - { - case 'a': /* password attribute */ - pwattr = strdup (optarg); - break; - - case 'b': /* base search dn */ - base = strdup (optarg); + switch(i) + { + case 'D': /* bind distinguished name */ + binddn = strdup(optarg); break; - case 'C': - want_entryhash++; + case 'W': /* new password */ + newpw = strdup(optarg); break; - case 'D': /* bind distinguished name */ - binddn = strdup (optarg); + case 'a': /* password attribute */ + pwattr = strdup(optarg); break; - case 'd': /* debugging option */ -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi (optarg); /* */ -#else - fprintf (stderr, "compile with -DLDAP_DEBUG for debugging\n"); -#endif + case 'b': /* base search dn */ + base = strdup(optarg); break; - case 'E': /* prompt for new password */ - want_newpw++; - break; - - case 'e': /* new password */ - newpw = strdup (optarg); - break; - - case 'g': - auto_gen_pw = strtol(optarg, NULL, 10); - break; - - case 'H': /* hashes */ + case 'c': /* hashes */ for (j = 0; hashes[j].name; j++) { - if (!strncasecmp (optarg, hashes[j].name, hashes[j].namesz)) + if (!strncasecmp(optarg, hashes[j].name, hashes[j].namesz)) { hashtype = hashes[j].type; break; @@ -446,94 +257,75 @@ main (int argc, char *argv[]) if (!hashes[j].name) { - fprintf (stderr, "hash type: %s is unknown\n", optarg); - usage (argv[0]); + fprintf(stderr, "hash type: %s is unknown\n", optarg); + usage(argv[0]); } break; - case 'h': /* ldap host */ - ldaphost = strdup (optarg); - break; - - case 'K': /* use kerberos bind, 1st part only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; + case 'd': /* debugging option */ +#ifdef LDAP_DEBUG + ldap_debug = lber_debug = atoi(optarg); /* */ #else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); + fprintf(stderr, "compile with -DLDAP_DEBUG for debugging\n"); #endif - break; + break; - case 'k': /* use kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; + case 'h': /* ldap host */ + ldaphost = strdup(optarg); + break; - case 'l': /* time limit */ - timelimit = strtol (optarg, NULL, 10); + case 'l': /* time limit */ + timelimit = strtol(optarg, NULL, 10); break; - case 'n': /* don't update entry(s) */ + case 'n': /* don't update entry(s) */ noupdates++; break; - case 'p': /* ldap port */ - ldapport = strtol (optarg, NULL, 10); + case 'p': /* ldap port */ + ldapport = strtol(optarg, NULL, 10); break; - case 's': /* scope */ - if (strncasecmp (optarg, "base", 4) == 0) + case 's': /* scope */ + if (strncasecmp(optarg, "base", 4) == 0) scope = LDAP_SCOPE_BASE; - else if (strncasecmp (optarg, "one", 3) == 0) + else if (strncasecmp(optarg, "one", 3) == 0) scope = LDAP_SCOPE_ONELEVEL; - else if (strncasecmp (optarg, "sub", 3) == 0) + else if (strncasecmp(optarg, "sub", 3) == 0) scope = LDAP_SCOPE_SUBTREE; - else - { - fprintf (stderr, "scope should be base, one, or sub\n"); - usage (argv[0]); + else { + fprintf(stderr, "scope should be base, one, or sub\n" ); + usage(argv[0]); } break; - case 't': /* target dn */ - targetdn = strdup (optarg); + case 't': /* target dn */ + targetdn = strdup(optarg); break; - case 'v': /* verbose */ + case 'v': /* verbose */ verbose++; break; - case 'W': /* promt for bind password */ - want_bindpw++; - break; - - case 'w': /* bind password */ - bindpw = strdup (optarg); - break; - - case 'Y': /* salt length */ - salt.len = strtol (optarg, NULL, 10); - break; - - case 'y': /* user specified salt */ - salt.len = strlen (optarg); - salt.salt = (unsigned char *) strdup (optarg); - break; + case 'w': /* bind password */ + if (optarg) + bindpw = strdup(optarg); + else + want_bindpw++; + break; - case 'z': /* time limit */ - sizelimit = strtol (optarg, NULL, 10); + case 'z': /* time limit */ + sizelimit = strtol(optarg, NULL, 10); break; default: - usage (argv[0]); + usage(argv[0]); } } /* grab filter */ if (!(argc - optind < 1)) - filtpattern = strdup (argv[optind]); + filtpattern = strdup(argv[optind]); /* check for target(s) */ if (!filtpattern && !targetdn) @@ -541,86 +333,70 @@ main (int argc, char *argv[]) /* handle bind password */ if (want_bindpw) - bindpw = strdup (getpass ("Enter LDAP password: ")); + bindpw = strdup(getpass("Enter LDAP password: ")); /* handle new password */ if (!newpw) { char *cknewpw; - newpw = strdup (getpass ("New password: ")); - cknewpw = getpass ("Re-enter new password: "); + newpw = strdup(getpass("New password: ")); + cknewpw = getpass("Re-enter new password: "); - if (strncmp (newpw, cknewpw, strlen (newpw))) + if (strncmp(newpw, cknewpw, strlen(newpw))) { - fprintf (stderr, "passwords do not match\n"); - return (1); + fprintf(stderr, "passwords do not match\n"); + return(1); } } /* connect to server */ - if ((ld = ldap_open (ldaphost, ldapport)) == NULL) + if ((ld = ldap_open(ldaphost, ldapport)) == NULL) { - perror (ldaphost); - return (1); + perror(ldaphost); + return(1); } /* set options */ - ldap_set_option (ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit); - ldap_set_option (ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit); + ldap_set_option(ld, LDAP_OPT_TIMELIMIT, (void *)&timelimit); + ldap_set_option(ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit); - /* authenticate to server */ - if (ldap_bind_s (ld, binddn, bindpw, authmethod) != LDAP_SUCCESS) + /* authenticate to server */ + if (ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { - ldap_perror (ld, "ldap_bind"); - return (1); - } - - if (targetdn) - { - if (want_entryhash) - { - fprintf (stderr, "insert code here (this path not implemented yet)\n"); - return (1); - } - else - modify_dn (ld, targetdn, pwattr, NULL, newpw, hashtype, &salt); + ldap_perror(ld, "ldap_bind"); + return(1); } if (filtpattern) { char filter[BUFSIZ]; LDAPMessage *result = NULL, *e = NULL; - char *attrs[3] = {"dn", NULL, NULL}; - attrs[1] = pwattr; + char *attrs[] = {"dn", NULL}; /* search */ - sprintf (filter, "%s", filtpattern); - i = ldap_search_s (ld, base, scope, filter, attrs, 0, &result); - if (i != LDAP_SUCCESS && - i != LDAP_TIMELIMIT_EXCEEDED && - i != LDAP_SIZELIMIT_EXCEEDED) + sprintf(filter, "%s", filtpattern); + i = ldap_search_s(ld, base, scope, filter, attrs, 1, &result); + if (i != LDAP_SUCCESS && i != LDAP_TIMELIMIT_EXCEEDED && i != LDAP_SIZELIMIT_EXCEEDED) { - ldap_perror (ld, "ldap_search_s"); - return (1); + ldap_perror(ld, "ldap_search_s"); + return(1); } - for (e = ldap_first_entry (ld, result); e; e = ldap_next_entry (ld, e)) + for (e = ldap_first_entry(ld, result); e; e = ldap_next_entry(ld, e)) { - char *dn = ldap_get_dn (ld, e); + char *dn = ldap_get_dn(ld, e); if (dn) { - struct berval **pw_vals = ldap_get_values_len (ld, e, pwattr); - modify_dn (ld, dn, pwattr, - pw_vals ? pw_vals[0]->bv_val : NULL, - newpw, hashtype, &salt); - if (pw_vals) - ldap_value_free_len (pw_vals); - free (dn); + modify_dn(ld, dn, newpw); + free(dn); } } } + if (targetdn) + modify_dn(ld, targetdn, newpw); + /* disconnect from server */ - ldap_unbind (ld); - return (0); + ldap_unbind(ld); + return(0); } diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index a5731b7deb..7ae964cd76 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -13,43 +13,42 @@ #define DEFSEP "=" + static void -usage(char *s) +usage( char *s ) { fprintf( stderr, "usage: %s [options] filter [attributes...]\nwhere:\n", s ); - fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" ); - fprintf( stderr, " attributes\twhitespace-separated list of attributes to retrieve\n" ); + fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" ); + fprintf( stderr, " attributes\twhitespace-separated list of attributes to retrieve\n" ); fprintf( stderr, "\t\t(if no attribute list is given, all are retrieved)\n" ); fprintf( stderr, "options:\n" ); - fprintf( stderr, " -n\t\tshow what would be done but don't actually search\n" ); - fprintf( stderr, " -v\t\trun in verbose mode (diagnostics to standard output)\n" ); - fprintf( stderr, " -t\t\twrite values to files in /tmp\n" ); - fprintf( stderr, " -u\t\tinclude User Friendly entry names in the output\n" ); - fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" ); - fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" ); - fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" ); + fprintf( stderr, " -n\t\tshow what would be done but don't actually search\n" ); + fprintf( stderr, " -v\t\trun in verbose mode (diagnostics to standard output)\n" ); + fprintf( stderr, " -t\t\twrite values to files in /tmp\n" ); + fprintf( stderr, " -u\t\tinclude User Friendly entry names in the output\n" ); + fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" ); + fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" ); + fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" ); #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS - fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" ); + fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" ); #endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS */ - fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" ); - fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" ); - fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" ); - fprintf( stderr, " -f file\tperform sequence of searches listed in `file'\n" ); - fprintf( stderr, " -b basedn\tbase dn for search\n" ); - fprintf( stderr, " -s scope\tone of base, one, or sub (search scope)\n" ); - fprintf( stderr, " -a deref\tone of never, always, search, or find (alias dereferencing)\n" ); - fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" ); - fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" ); - fprintf( stderr, " -D binddn\tbind dn\n" ); - fprintf( stderr, " -W \t\tprompt for bind passwd\n" ); - fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" ); + fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" ); + fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" ); + fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" ); + fprintf( stderr, " -f file\tperform sequence of searches listed in `file'\n" ); + fprintf( stderr, " -b basedn\tbase dn for search\n" ); + fprintf( stderr, " -s scope\tone of base, one, or sub (search scope)\n" ); + fprintf( stderr, " -a deref\tone of never, always, search, or find (alias dereferencing)\n" ); + fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" ); + fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" ); + fprintf( stderr, " -D binddn\tbind dn\n" ); + fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" ); #ifdef HAVE_KERBEROS - fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" ); - fprintf( stderr, " -K\t\tuse Kerberos step 1\n" ); + fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" ); #endif - fprintf( stderr, " -h host\tldap server\n" ); - fprintf( stderr, " -p port\tport on ldap server\n" ); - exit(1); + fprintf( stderr, " -h host\tldap server\n" ); + fprintf( stderr, " -p port\tport on ldap server\n" ); + exit( 1 ); } static void print_entry LDAP_P(( @@ -71,71 +70,46 @@ static int dosearch LDAP_P(( char *filtpatt, char *value)); +static char *binddn = NULL; +static char *passwd = NULL; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; +static char *sep = DEFSEP; +static char *sortattr = NULL; static int skipsortattr = 0; static int verbose, not, includeufn, allow_binary, vals2tmp, ldif; -static char *sortattr = NULL; -static char *sep = DEFSEP; int -main(int argc, char **argv) +main( int argc, char **argv ) { - FILE *fp = NULL; - LDAP *ld = NULL; - char *infile = NULL; - char *filtpattern, **attrs, line[ BUFSIZ ]; - char *binddn = NULL; - char *passwd = NULL; - char *base = NULL; - char *ldaphost = NULL; - int rc, i, first, deref, attrsonly; - int referrals, timelimit, sizelimit, want_passwd; - int authmethod = LDAP_AUTH_SIMPLE; - int scope = LDAP_SCOPE_SUBTREE; - int ldapport = LDAP_PORT; - - deref = verbose = allow_binary = not = vals2tmp = - attrsonly = ldif = want_passwd = 0; - referrals = (int)LDAP_OPT_ON; + char *infile, *filtpattern, **attrs, line[ BUFSIZ ]; + FILE *fp; + int rc, i, first, scope, kerberos, deref, attrsonly; + int referrals, timelimit, sizelimit, authmethod; + LDAP *ld; + + infile = NULL; + deref = verbose = allow_binary = not = kerberos = vals2tmp = + attrsonly = ldif = 0; + referrals = (int) LDAP_OPT_ON; sizelimit = timelimit = 0; + scope = LDAP_SCOPE_SUBTREE; - while ((i = getopt(argc, argv, "Aa:Bb:D:d:h:f:F:KkLl:np:RS:s:tuvWw:z:")) != EOF) - { - switch(i) - { - case 'A': /* retrieve attribute names only -- no values */ - attrsonly++; - break; - - case 'a': /* set alias deref option */ - if (strncasecmp(optarg, "never", 5) == 0) { - deref = LDAP_DEREF_NEVER; - } else if (strncasecmp( optarg, "search", 5) == 0) { - deref = LDAP_DEREF_SEARCHING; - } else if (strncasecmp( optarg, "find", 4) == 0) { - deref = LDAP_DEREF_FINDING; - } else if (strncasecmp( optarg, "always", 6) == 0) { - deref = LDAP_DEREF_ALWAYS; - } else { - fprintf( stderr, "alias deref should be never, search, find, or always\n" ); - usage( argv[ 0 ] ); - } - break; - - case 'L': /* print entries in LDIF format */ - ++ldif; - /* fall through -- always allow binary when outputting LDIF */ - case 'B': /* allow binary values to be printed */ - ++allow_binary; - break; - - case 'b': /* searchbase */ - base = strdup( optarg ); + while (( i = getopt( argc, argv, +#ifdef HAVE_KERBEROS + "KknuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" +#else + "nuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" +#endif + )) != EOF ) { + switch( i ) { + case 'n': /* do Not do any searches */ + ++not; break; - - case 'D': /* bind DN */ - binddn = strdup( optarg ); + case 'v': /* verbose mode */ + ++verbose; break; - case 'd': #ifdef LDAP_DEBUG ldap_debug = lber_debug = atoi( optarg ); /* */ @@ -143,55 +117,32 @@ main(int argc, char **argv) fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); #endif /* LDAP_DEBUG */ break; - - case 'F': /* field separator */ - sep = strdup( optarg ); - break; - - case 'f': /* input file */ - infile = strdup( optarg ); - break; - - case 'h': /* ldap host */ - ldaphost = strdup( optarg ); +#ifdef HAVE_KERBEROS + case 'k': /* use kerberos bind */ + kerberos = 2; break; - case 'K': /* use kerberos bind, 1st part only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif + kerberos = 1; break; - - case 'k': /* use kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); #endif + case 'u': /* include UFN */ + ++includeufn; break; - - case 'l': /* time limit */ - timelimit = atoi( optarg ); - break; - - case 'n': /* do Not do any searches */ - ++not; + case 't': /* write attribute values to /tmp files */ + ++vals2tmp; break; - - case 'p': /* ldap port */ - ldapport = atoi( optarg ); + case 'R': /* don't automatically chase referrals */ + referrals = (int) LDAP_OPT_OFF; break; - - case 'R': /* don't automatically chase referrals */ - referrals = (int) LDAP_OPT_OFF; + case 'A': /* retrieve attribute names only -- no values */ + ++attrsonly; break; - - case 'S': /* sort attribute */ - sortattr = strdup( optarg ); + case 'L': /* print entries in LDIF format */ + ++ldif; + /* fall through -- always allow binary when outputting LDIF */ + case 'B': /* allow binary values to be printed */ + ++allow_binary; break; - case 's': /* search scope */ if ( strncasecmp( optarg, "base", 4 ) == 0 ) { scope = LDAP_SCOPE_BASE; @@ -205,32 +156,53 @@ main(int argc, char **argv) } break; - case 't': /* write attribute values to /tmp files */ - ++vals2tmp; + case 'a': /* set alias deref option */ + if ( strncasecmp( optarg, "never", 5 ) == 0 ) { + deref = LDAP_DEREF_NEVER; + } else if ( strncasecmp( optarg, "search", 5 ) == 0 ) { + deref = LDAP_DEREF_SEARCHING; + } else if ( strncasecmp( optarg, "find", 4 ) == 0 ) { + deref = LDAP_DEREF_FINDING; + } else if ( strncasecmp( optarg, "always", 6 ) == 0 ) { + deref = LDAP_DEREF_ALWAYS; + } else { + fprintf( stderr, "alias deref should be never, search, find, or always\n" ); + usage( argv[ 0 ] ); + } break; - - case 'u': /* include UFN */ - ++includeufn; + + case 'F': /* field separator */ + sep = strdup( optarg ); break; - - case 'v': /* verbose mode */ - ++verbose; + case 'f': /* input file */ + infile = strdup( optarg ); break; - - case 'W': - want_passwd++; - break; - - case 'w': /* bind password */ + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); + break; + case 'b': /* searchbase */ + base = strdup( optarg ); + break; + case 'D': /* bind DN */ + binddn = strdup( optarg ); + break; + case 'p': /* ldap port */ + ldapport = atoi( optarg ); + break; + case 'w': /* bind password */ passwd = strdup( optarg ); break; - - case 'z': /* size limit */ + case 'l': /* time limit */ + timelimit = atoi( optarg ); + break; + case 'z': /* size limit */ sizelimit = atoi( optarg ); break; - - default: - usage(argv[0]); + case 'S': /* sort attribute */ + sortattr = strdup( optarg ); + break; + default: + usage( argv[0] ); } } @@ -257,42 +229,47 @@ main(int argc, char **argv) attrs = &argv[ optind ]; } - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP password: ")); - if ( infile != NULL ) { if ( infile[0] == '-' && infile[1] == '\0' ) { fp = stdin; - } else if ((fp = fopen(infile, "r")) == NULL) { - perror(infile); - exit(1); + } else if (( fp = fopen( infile, "r" )) == NULL ) { + perror( infile ); + exit( 1 ); } } - if (verbose) - printf("ldap_open(%s, %d)\n", ldaphost, ldapport); - - if ((ld = ldap_open(ldaphost, ldapport)) == NULL) { - perror(ldaphost); - return(1); + if ( verbose ) { + printf( "ldap_open( %s, %d )\n", ldaphost, ldapport ); } - if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *)&deref) == -1 ) { - /* set option error */ - } - if (ldap_set_option(ld, LDAP_OPT_TIMELIMIT, (void *)&timelimit) == -1 ) { - /* set option error */ - } - if (ldap_set_option(ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit) == -1 ) { - /* set option error */ - } - if (ldap_set_option(ld, LDAP_OPT_REFERRALS, (void *)referrals) == -1 ) { - /* set option error */ + if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { + perror( ldaphost ); + exit( 1 ); } + if (ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) == -1 ) { + /* set option error */ + } + if (ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) == -1 ) { + /* set option error */ + } + if (ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) == -1 ) { + /* set option error */ + } + if (ldap_set_option( ld, LDAP_OPT_REFERRALS, (void *) referrals ) == -1 ) { + /* set option error */ + } + + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); - return(1); + exit( 1 ); } if ( verbose ) { -- 2.39.5