From 8de258d2e272dcfca1c934b298f3d63d8a28dd4b Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sat, 24 Aug 2002 05:47:17 +0000 Subject: [PATCH] Patch: 'ldapmodify -y file' reads password from file (ITS#2031) ================ Written by Hallvard B. Furuseth and placed into the public domain. This software is not subject to any license of the University of Oslo. ================ Adapted by Kurt Zeilenga for inclusion in OpenLDAP. My comments are marked with enclosed with square brackets (e.g. [Kurt's comment] below. ================ If I run ldapmodify & co from a script, I don't want to use '-W password' because the password shows up in the output of 'ps' for everyone, and I can't pipe the password to 'ldapmodify -w' because -w uses getpassphrase() which reads from the tty instead of stdin. So I added '-y file' which reads the password from file. The programs exit if the file cannot be read. [Complete contents of file is used as password. Use: echo -n "secret" > password to create a file with "secret" as the password. The -n avoids adding a newline (which would invalidate the password). Note that echo is a builtin and hence its arguments are not visible to 'ps'.] I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare. I did not bother to change ldappasswd and ldapwhoami, because they prompt for many passwords. [I fixed up ldapwhoami.] Rerun autoconf after applying this patch. [Done.] Note: I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to undef in portable.nt. (fstat() is used to warn if the file is publicly readable or writeable.) [I used fstat() to set the buffer size to read.] [Note: using the contents of a file extends the tools to support passwords which could not normally be provided using getpassphrase() or via the command line.] Hallvard B. Furuseth , Aug 2002. [Kurt D. Zeilenga , Aug 2002.] --- clients/tools/ldapcompare.c | 18 +++++-- clients/tools/ldapdelete.c | 19 +++++-- clients/tools/ldapmodify.c | 18 +++++-- clients/tools/ldapmodrdn.c | 18 +++++-- clients/tools/ldapsearch.c | 18 +++++-- clients/tools/ldapwhoami.c | 83 +++++------------------------ configure | 25 ++++----- configure.in | 1 + doc/devel/args | 22 +++----- include/lutil.h | 8 ++- include/portable.h.in | 3 ++ include/portable.nt | 3 ++ libraries/liblutil/Makefile.in | 4 +- libraries/liblutil/passfile.c | 97 ++++++++++++++++++++++++++++++++++ 14 files changed, 218 insertions(+), 119 deletions(-) create mode 100644 libraries/liblutil/passfile.c diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c index 3b731f9346..c47f609ea4 100644 --- a/clients/tools/ldapcompare.c +++ b/clients/tools/ldapcompare.c @@ -66,6 +66,7 @@ usage( const char *s ) " -W prompt for bind passwd\n" " -x Simple authentication\n" " -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" +" -y file Read passwd from file\n" " -Y mech SASL mechanism\n" " -Z Start TLS request (-ZZ to require successful response)\n" , s ); @@ -109,6 +110,7 @@ main( int argc, char **argv ) int authmethod, version, want_bindpw; LDAP *ld = NULL; struct berval bvalue = { 0, NULL }; + char *pw_file = NULL; debug = verbose = not = referrals = manageDSAit = want_bindpw = quiet = 0; @@ -120,7 +122,7 @@ main( int argc, char **argv ) prog = lutil_progname( "ldapcompare", argc, argv ); while (( i = getopt( argc, argv, - "Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:Y:zZ")) != EOF ) + "Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:y:Y:zZ")) != EOF ) { switch( i ) { @@ -385,6 +387,9 @@ main( int argc, char **argv ) case 'W': want_bindpw++; break; + case 'y': + pw_file = optarg; + break; case 'Y': #ifdef HAVE_CYRUS_SASL if( sasl_mech != NULL ) { @@ -587,9 +592,14 @@ main( int argc, char **argv ) } } - if (want_bindpw) { - passwd.bv_val = getpassphrase("Enter LDAP Password: "); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + } } if ( authmethod == LDAP_AUTH_SASL ) { diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index bc04de2b5b..35e3d9f8b7 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -81,6 +81,7 @@ usage( const char *s ) " -W prompt for bind passwd\n" " -x Simple authentication\n" " -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" +" -y file Read passwd from file\n" " -Y mech SASL mechanism\n" " -Z Start TLS request (-ZZ to require successful response)\n" , s ); @@ -95,16 +96,18 @@ main( int argc, char **argv ) char buf[ 4096 ]; FILE *fp; int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit; + char *pw_file; not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0; fp = NULL; authmethod = -1; version = -1; + pw_file = NULL; prog = lutil_progname( "ldapdelete", argc, argv ); while (( i = getopt( argc, argv, "cf:r" - "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF ) + "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF ) { switch( i ) { /* Delete Specific Options */ @@ -386,6 +389,9 @@ main( int argc, char **argv ) case 'W': want_bindpw++; break; + case 'y': + pw_file = optarg; + break; case 'Y': #ifdef HAVE_CYRUS_SASL if( sasl_mech != NULL ) { @@ -553,9 +559,14 @@ main( int argc, char **argv ) } } - if (want_bindpw) { - passwd.bv_val = getpassphrase("Enter LDAP Password: "); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + } } if ( authmethod == LDAP_AUTH_SASL ) { diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index c00f542546..17ad97179a 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -130,6 +130,7 @@ usage( const char *prog ) " -W prompt for bind passwd\n" " -x Simple authentication\n" " -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" +" -y file Read passwd from file\n" " -Y mech SASL mechanism\n" " -Z Start TLS request (-ZZ to require successful response)\n" , prog, (strcmp( prog, "ldapadd" ) ? " is to replace" : "") ); @@ -146,6 +147,7 @@ main( int argc, char **argv ) char *matched_msg = NULL, *error_msg = NULL; int rc, i, authmethod, version, want_bindpw, debug, manageDSAit, referrals; int count, len; + char *pw_file = NULL; prog = lutil_progname( "ldapmodify", argc, argv ); @@ -162,7 +164,7 @@ main( int argc, char **argv ) version = -1; while (( i = getopt( argc, argv, "acrf:F" - "Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:Y:Z" )) != EOF ) + "Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:y:Y:Z" )) != EOF ) { switch( i ) { /* Modify Options */ @@ -454,6 +456,9 @@ main( int argc, char **argv ) case 'W': want_bindpw++; break; + case 'y': + pw_file = optarg; + break; case 'Y': #ifdef HAVE_CYRUS_SASL if( sasl_mech != NULL ) { @@ -636,9 +641,14 @@ main( int argc, char **argv ) } } - if (want_bindpw) { - passwd.bv_val = getpassphrase("Enter LDAP Password: "); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + } } if ( authmethod == LDAP_AUTH_SASL ) { diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index b5d2d59283..5e69273144 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -95,6 +95,7 @@ usage( const char *s ) " -W prompt for bind passwd\n" " -x Simple authentication\n" " -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" +" -y file Read passwd from file\n" " -Y mech SASL mechanism\n" " -Z Start TLS request (-ZZ to require successful response)\n" , s ); @@ -110,6 +111,7 @@ main(int argc, char **argv) int rc, i, remove, havedn, authmethod, version, want_bindpw, debug, manageDSAit; int referrals; char *newSuperior=NULL; + char *pw_file = NULL; infile = NULL; not = contoper = verbose = remove = want_bindpw = @@ -120,7 +122,7 @@ main(int argc, char **argv) prog = lutil_progname( "ldapmodrdn", argc, argv ); while (( i = getopt( argc, argv, "cf:rs:" - "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF ) + "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF ) { switch( i ) { /* Modrdn Options */ @@ -408,6 +410,9 @@ main(int argc, char **argv) case 'W': want_bindpw++; break; + case 'y': + pw_file = optarg; + break; case 'Y': #ifdef HAVE_CYRUS_SASL if( sasl_mech != NULL ) { @@ -590,9 +595,14 @@ main(int argc, char **argv) } } - if (want_bindpw) { - passwd.bv_val = getpassphrase("Enter LDAP Password: "); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + } } if ( authmethod == LDAP_AUTH_SASL ) { diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index d991a9a97d..2dd5615eb7 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -90,6 +90,7 @@ usage( const char *s ) " -W prompt for bind passwd\n" " -x Simple authentication\n" " -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" +" -y file Read passwd from file\n" " -Y mech SASL mechanism\n" " -Z Start TLS request (-ZZ to require successful response)\n" , s, def_urlpre, def_tmpdir ); @@ -188,6 +189,7 @@ main( int argc, char **argv ) BerElement *ber = NULL; struct berval *bvalp = NULL; char *vrFilter = NULL, *control = NULL, *s; + char *pw_file = NULL; infile = NULL; @@ -226,7 +228,7 @@ main( int argc, char **argv ) urlize( def_urlpre ); while (( i = getopt( argc, argv, "Aa:b:E:F:f:Ll:S:s:T:tuz:" - "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z")) != EOF ) + "Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z")) != EOF ) { switch( i ) { /* Search Options */ @@ -603,6 +605,9 @@ main( int argc, char **argv ) case 'W': want_bindpw++; break; + case 'y': + pw_file = optarg; + break; case 'Y': #ifdef HAVE_CYRUS_SASL if( sasl_mech != NULL ) { @@ -824,9 +829,14 @@ main( int argc, char **argv ) } } - if (want_bindpw) { - passwd.bv_val = getpassphrase("Enter LDAP Password: "); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; + } } if ( authmethod == LDAP_AUTH_SASL ) { diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c index 58d926fb34..1107a84342 100644 --- a/clients/tools/ldapwhoami.c +++ b/clients/tools/ldapwhoami.c @@ -49,6 +49,7 @@ usage(const char *s) " -W prompt for bind passwd\n" " -x Simple authentication\n" " -X authzid SASL authorization identity (\"dn:\" or \"u:\")\n" +" -y file Read passwd from file\n" " -Y mech SASL mechanism\n" " -Z Start TLS request (-ZZ to require successful response)\n" , s ); @@ -68,12 +69,9 @@ main( int argc, char *argv[] ) char *binddn = NULL; struct berval passwd = { 0, NULL }; - char *newpw = NULL; - char *oldpw = NULL; + char *pw_file = NULL; int want_bindpw = 0; - int want_newpw = 0; - int want_oldpw = 0; int not = 0; int i; @@ -102,42 +100,10 @@ main( int argc, char *argv[] ) prog = lutil_progname( "ldapwhoami", argc, argv ); - while( (i = getopt( argc, argv, "Aa:Ss:" - "Cd:D:h:H:InO:p:QR:U:vw:WxX:Y:Z" )) != EOF ) + while( (i = getopt( argc, argv, + "Cd:D:h:H:InO:p:QR:U:vw:WxX:y:Y:Z" )) != EOF ) { switch (i) { - /* Password Options */ - case 'A': /* prompt for old password */ - want_oldpw++; - break; - - case 'a': /* old password (secret) */ - oldpw = strdup (optarg); - - { - char* p; - - for( p = optarg; *p != '\0'; p++ ) { - *p = '\0'; - } - } - break; - - case 'S': /* prompt for user password */ - want_newpw++; - break; - - case 's': /* new password (secret) */ - newpw = strdup (optarg); - { - char* p; - - for( p = optarg; *p != '\0'; p++ ) { - *p = '\0'; - } - } - break; - /* Common Options (including options we don't use) */ case 'C': referrals++; @@ -399,6 +365,9 @@ main( int argc, char *argv[] ) case 'W': want_bindpw++; break; + case 'y': + pw_file = optarg; + break; case 'Y': #ifdef HAVE_CYRUS_SASL if( sasl_mech != NULL ) { @@ -496,40 +465,16 @@ main( int argc, char *argv[] ) user = NULL; } - if( want_oldpw && oldpw == NULL ) { - /* prompt for old password */ - char *ckoldpw; - oldpw = strdup(getpassphrase("Old password: ")); - ckoldpw = getpassphrase("Re-enter old password: "); - - if( oldpw== NULL || ckoldpw == NULL || - strcmp( oldpw, ckoldpw )) - { - fprintf( stderr, "passwords do not match\n" ); - return EXIT_FAILURE; - } - } - - if( want_newpw && newpw == NULL ) { - /* prompt for new password */ - char *cknewpw; - newpw = strdup(getpassphrase("New password: ")); - cknewpw = getpassphrase("Re-enter new password: "); - - if( newpw== NULL || cknewpw == NULL || - strcmp( newpw, cknewpw )) - { - fprintf( stderr, "passwords do not match\n" ); - return EXIT_FAILURE; + if ( pw_file || want_bindpw ) { + if ( pw_file ) { + rc = lutil_get_filed_password( pw_file, &passwd ); + if( rc ) return EXIT_FAILURE; + } else { + passwd.bv_val = getpassphrase( "Enter LDAP Password: " ); + passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; } } - if (want_bindpw && passwd.bv_val == NULL ) { - /* handle bind password */ - passwd.bv_val = strdup( getpassphrase("Enter bind password: ")); - passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0; - } - if ( debug ) { if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) { fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug ); diff --git a/configure b/configure index e74c82bdca..5ece917748 100755 --- a/configure +++ b/configure @@ -22412,6 +22412,7 @@ for ac_func in \ endpwent \ fcntl \ flock \ + fstat \ getdtablesize \ getgrgid \ gethostname \ @@ -22460,12 +22461,12 @@ for ac_func in \ do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:22464: checking for $ac_func" >&5 +echo "configure:22465: checking for $ac_func" >&5 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:22494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -22517,12 +22518,12 @@ done for ac_func in getopt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:22521: checking for $ac_func" >&5 +echo "configure:22522: checking for $ac_func" >&5 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:22551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -22579,13 +22580,13 @@ fi # Check Configuration echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6 -echo "configure:22583: checking declaration of sys_errlist" >&5 +echo "configure:22584: checking declaration of sys_errlist" >&5 if eval "test \"\${ol_cv_dcl_sys_errlist+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -22598,7 +22599,7 @@ int main() { char *c = (char *) *sys_errlist ; return 0; } EOF -if { (eval echo configure:22602: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:22603: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ol_cv_dcl_sys_errlist=yes ol_cv_have_sys_errlist=yes @@ -22621,20 +22622,20 @@ EOF echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6 -echo "configure:22625: checking existence of sys_errlist" >&5 +echo "configure:22626: checking existence of sys_errlist" >&5 if eval "test \"\${ol_cv_have_sys_errlist+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *c = (char *) *sys_errlist ; return 0; } EOF -if { (eval echo configure:22638: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:22639: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ol_cv_have_sys_errlist=yes else diff --git a/configure.in b/configure.in index 662b874b91..2bb836f0f7 100644 --- a/configure.in +++ b/configure.in @@ -2411,6 +2411,7 @@ AC_CHECK_FUNCS( \ endpwent \ fcntl \ flock \ + fstat \ getdtablesize \ getgrgid \ gethostname \ diff --git a/doc/devel/args b/doc/devel/args index a8edaeae60..18a7c5ec86 100644 --- a/doc/devel/args +++ b/doc/devel/args @@ -1,19 +1,10 @@ Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz -ldapdelete *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p* vwx* -ldapmodify *CDEF*HI*K M*OPQRS U*WXYZabcdef*h**k *n*p*r t vwx* -ldapmodrdn *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p*rs vwx* -ldappasswd A*CDE *HI* *O QRS U*WXYZa de *h** * * * s vwx* -ldapsearch A*CDE *HI*KLM*OPQRSTU*WXYZab*def*h**kl*n*p* stuvwx*z - -Other Clients ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz -fax500 * f h m -finger * c f i l p t x -go500 I * bcd f l p t x -go500gw I P * a cd f h l p t x -mail500 C * d f h lm v -rcpt500 U* abc f h l p st z -rp500 * ab d f x z -ud D * cd f l p s uv +ldapdelete *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p* vwxy +ldapmodify *CDEF*HI*K M*OPQRS U*WXYZabcdef*h**k *n*p*r t vwxy +ldapmodrdn *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p*rs vwxy +ldappasswd A*CDE *HI* *O QRS U*WXYZa de *h** * * * s vwxy +ldapsearch A*CDE *HI*KLM*OPQRSTU*WXYZab*def*h**kl*n*p* stuvwxyz +ldapwhoami * reserved @@ -33,6 +24,7 @@ ud D * cd f l p s uv -n no-op -p port -v verbose + -y Bind password-file -w Bind password -4 IPv4 only -6 IPv6 only diff --git a/include/lutil.h b/include/lutil.h index 86efb69931..4c8f425543 100644 --- a/include/lutil.h +++ b/include/lutil.h @@ -56,9 +56,15 @@ lutil_entropy LDAP_P(( unsigned char *buf, ber_len_t nbytes )); -/* passwd.c */ +/* passfile.c */ struct berval; /* avoid pulling in lber.h */ +LDAP_LUTIL_F( int ) +lutil_get_filed_password LDAP_P(( + const char *filename, + struct berval * )); + +/* passwd.c */ LDAP_LUTIL_F( int ) lutil_authpasswd LDAP_P(( const struct berval *passwd, /* stored password */ diff --git a/include/portable.h.in b/include/portable.h.in index d18827e0ae..7a1203b687 100644 --- a/include/portable.h.in +++ b/include/portable.h.in @@ -131,6 +131,9 @@ /* Define if you have the flock function. */ #undef HAVE_FLOCK +/* Define if you have the fstat function. */ +#undef HAVE_FSTAT + /* Define if you have the gai_strerror function. */ #undef HAVE_GAI_STRERROR diff --git a/include/portable.nt b/include/portable.nt index 8715d81a97..ae2c2ae107 100644 --- a/include/portable.nt +++ b/include/portable.nt @@ -150,6 +150,9 @@ /* Define if you have the flock function. */ /* #undef HAVE_FLOCK */ +/* Define if you have the fstat function. */ +/* #undef HAVE_FSTAT */ + /* Define if you have the gai_strerror function. */ /* #undef HAVE_GAI_STRERROR */ diff --git a/libraries/liblutil/Makefile.in b/libraries/liblutil/Makefile.in index ba9f3ec5e7..a96d8d8bc8 100644 --- a/libraries/liblutil/Makefile.in +++ b/libraries/liblutil/Makefile.in @@ -13,11 +13,11 @@ NT_OBJS = ntservice.o slapdmsg.res UNIX_SRCS = detach.c UNIX_OBJS = detach.o -SRCS = base64.c csn.c entropy.c sasl.c signal.c hash.c \ +SRCS = base64.c csn.c entropy.c sasl.c signal.c hash.c passfile.c \ md5.c passwd.c sha1.c getpass.c lockf.c utils.c uuid.c sockpair.c \ @LIBSRCS@ $(@PLAT@_SRCS) -OBJS = base64.o csn.o entropy.o sasl.o signal.o hash.o \ +OBJS = base64.o csn.o entropy.o sasl.o signal.o hash.o passfile.o \ md5.o passwd.o sha1.o getpass.o lockf.o utils.o uuid.o sockpair.o \ @LIBOBJS@ $(@PLAT@_OBJS) diff --git a/libraries/liblutil/passfile.c b/libraries/liblutil/passfile.c new file mode 100644 index 0000000000..44c73a6625 --- /dev/null +++ b/libraries/liblutil/passfile.c @@ -0,0 +1,97 @@ +/* $OpenLDAP$ */ +/* + * Copyright 2002 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + +#include "portable.h" + +#include + +#include +#include + +#ifdef HAVE_FSTAT +#include +#include +#endif /* HAVE_FSTAT */ + +#include +#include + +/* Get a password from a file. */ +int +lutil_get_filed_password( + const char *filename, + struct berval *passwd ) +{ + int rc; + size_t nread, nleft, nr; + FILE *f = fopen( filename, "r" ); + + if( f == NULL ) { + perror( filename ); + return -1; + } + + passwd->bv_val = NULL; + passwd->bv_len = 4196; + +#ifdef HAVE_FSTAT + { + struct stat sb; + if ( fstat( fileno( f ), &sb ) == 0 ) { + if( sb.st_mode & 006 ) { + fprintf( stderr, + "Warning: Password file %s is publicly readable/writeable\n", + filename ); + } + + passwd->bv_len = sb.st_size; + } + } +#endif /* HAVE_FSTAT */ + + passwd->bv_val = (char *) malloc( passwd->bv_len + 1 ); + if( passwd->bv_val == NULL ) { + perror( filename ); + return -1; + } + + nread = 0; + nleft = passwd->bv_len; + do { + if( nleft == 0 ) { + /* double the buffer size */ + char *p = (char *) realloc( passwd->bv_val, + 2 * passwd->bv_len + 1 ); + if( p == NULL ) { + free( passwd->bv_val ); + passwd->bv_val = NULL; + passwd->bv_len = 0; + return -1; + } + nleft = passwd->bv_len; + passwd->bv_len *= 2; + passwd->bv_val = p; + } + + nr = fread( &passwd->bv_val[nread], 1, nleft, f ); + + if( nr < nleft && ferror( f ) ) { + free( passwd->bv_val ); + passwd->bv_val = NULL; + passwd->bv_len = 0; + return -1; + } + + nread += nr; + nleft -= nr; + } while ( !feof(f) ); + + passwd->bv_len = nread; + passwd->bv_val[nread] = '\0'; + + fclose( f ); + return 0; +} -- 2.39.5