]> git.sur5r.net Git - openldap/blob - servers/slapd/slappasswd.c
Merge remote-tracking branch 'origin/mdb.master'
[openldap] / servers / slapd / slappasswd.c
1 /* $OpenLDAP$ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3  *
4  * Copyright 1998-2013 The OpenLDAP Foundation.
5  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was initially developed by Kurt Zeilenga for inclusion
18  * in OpenLDAP Software.
19  */
20
21 #include "portable.h"
22
23 #include <stdio.h>
24
25 #include <ac/stdlib.h>
26
27 #include <ac/ctype.h>
28 #include <ac/signal.h>
29 #include <ac/socket.h>
30 #include <ac/string.h>
31 #include <ac/time.h>
32 #include <ac/unistd.h>
33
34 #include <ldap.h>
35 #include <lber_pvt.h>
36 #include <lutil.h>
37 #include <lutil_sha1.h>
38
39 #include "ldap_defaults.h"
40 #include "slap.h"
41
42 static int      verbose = 0;
43 static char     *modulepath = NULL;
44 static char     *moduleload = NULL;
45
46 static void
47 usage(const char *s)
48 {
49         fprintf(stderr,
50                 "Usage: %s [options]\n"
51                 "  -c format\tcrypt(3) salt format\n"
52                 "  -g\t\tgenerate random password\n"
53                 "  -h hash\tpassword scheme\n"
54                 "  -n\t\tomit trailing newline\n"
55                 "  -o <opt>[=val] specify an option with a(n optional) value\n"
56                 "  \tmodule-path=<pathspec>\n"
57                 "  \tmodule-load=<filename>\n"
58                 "  -s secret\tnew password\n"
59                 "  -u\t\tgenerate RFC2307 values (default)\n"
60                 "  -v\t\tincrease verbosity\n"
61                 "  -T file\tread file for new password\n"
62                 , s );
63
64         exit( EXIT_FAILURE );
65 }
66
67 static int
68 parse_slappasswdopt( void )
69 {
70         size_t  len = 0;
71         char    *p;
72
73         p = strchr( optarg, '=' );
74         if ( p != NULL ) {
75                 len = p - optarg;
76                 p++;
77         }
78
79         if ( strncasecmp( optarg, "module-path", len ) == 0 ) {
80                 if ( modulepath )
81                         ch_free( modulepath );
82                 modulepath = ch_strdup( p );
83
84         } else if ( strncasecmp( optarg, "module-load", len ) == 0 ) {
85                 if ( moduleload )
86                         ch_free( moduleload );
87                 moduleload = ch_strdup( p );
88
89         } else {
90                 return -1;
91         }
92
93         return 0;
94 }
95
96 int
97 slappasswd( int argc, char *argv[] )
98 {
99         int rc = EXIT_SUCCESS;
100 #ifdef LUTIL_SHA1_BYTES
101         char    *default_scheme = "{SSHA}";
102 #else
103         char    *default_scheme = "{SMD5}";
104 #endif
105         char    *scheme = default_scheme;
106
107         char    *newpw = NULL;
108         char    *pwfile = NULL;
109         const char *text;
110         const char *progname = "slappasswd";
111
112         int             i;
113         char            *newline = "\n";
114         struct berval passwd = BER_BVNULL;
115         struct berval hash;
116
117 #ifdef LDAP_DEBUG
118         /* tools default to "none", so that at least LDAP_DEBUG_ANY
119          * messages show up; use -d 0 to reset */
120         slap_debug = LDAP_DEBUG_NONE;
121 #endif
122         ldap_syslog = 0;
123
124         while( (i = getopt( argc, argv,
125                 "c:d:gh:no:s:T:vu" )) != EOF )
126         {
127                 switch (i) {
128                 case 'c':       /* crypt salt format */
129                         scheme = "{CRYPT}";
130                         lutil_salt_format( optarg );
131                         break;
132
133                 case 'g':       /* new password (generate) */
134                         if ( pwfile != NULL ) {
135                                 fprintf( stderr, "Option -g incompatible with -T\n" );
136                                 return EXIT_FAILURE;
137
138                         } else if ( newpw != NULL ) {
139                                 fprintf( stderr, "New password already provided\n" );
140                                 return EXIT_FAILURE;
141
142                         } else if ( lutil_passwd_generate( &passwd, 8 )) {
143                                 fprintf( stderr, "Password generation failed\n" );
144                                 return EXIT_FAILURE;
145                         }
146                         break;
147
148                 case 'h':       /* scheme */
149                         if ( scheme != default_scheme ) {
150                                 fprintf( stderr, "Scheme already provided\n" );
151                                 return EXIT_FAILURE;
152
153                         } else {
154                                 scheme = ch_strdup( optarg );
155                         }
156                         break;
157
158                 case 'n':
159                         newline = "";
160                         break;
161
162                 case 'o':
163                         if ( parse_slappasswdopt() ) {
164                                 usage ( progname );
165                         }
166                         break;
167
168                 case 's':       /* new password (secret) */
169                         if ( pwfile != NULL ) {
170                                 fprintf( stderr, "Option -s incompatible with -T\n" );
171                                 return EXIT_FAILURE;
172
173                         } else if ( newpw != NULL ) {
174                                 fprintf( stderr, "New password already provided\n" );
175                                 return EXIT_FAILURE;
176
177                         } else {
178                                 char* p;
179                                 newpw = ch_strdup( optarg );
180
181                                 for( p = optarg; *p != '\0'; p++ ) {
182                                         *p = '\0';
183                                 }
184                         }
185                         break;
186
187                 case 'T':       /* password file */
188                         if ( pwfile != NULL ) {
189                                 fprintf( stderr, "Password file already provided\n" );
190                                 return EXIT_FAILURE;
191
192                         } else if ( newpw != NULL ) {
193                                 fprintf( stderr, "Option -T incompatible with -s/-g\n" );
194                                 return EXIT_FAILURE;
195
196                         }
197                         pwfile = optarg;
198                         break;
199
200                 case 'u':       /* RFC2307 userPassword */
201                         break;
202
203                 case 'v':       /* verbose */
204                         verbose++;
205                         break;
206
207                 default:
208                         usage ( progname );
209                 }
210         }
211
212         if( argc - optind != 0 ) {
213                 usage( progname );
214         }
215
216 #ifdef SLAPD_MODULES
217         if ( module_init() != 0 ) {
218                 fprintf( stderr, "%s: module_init failed\n", progname );
219                 return EXIT_FAILURE;
220         }
221
222         if ( modulepath && module_path(modulepath) ) {
223                 rc = EXIT_FAILURE;
224                 goto destroy;
225         }
226
227         if ( moduleload && module_load(moduleload, 0, NULL) ) {
228                 rc = EXIT_FAILURE;
229                 goto destroy;
230         }
231 #endif
232
233         if( pwfile != NULL ) {
234                 if( lutil_get_filed_password( pwfile, &passwd )) {
235                         rc = EXIT_FAILURE;
236                         goto destroy;
237                 }
238         } else if ( BER_BVISEMPTY( &passwd )) {
239                 if( newpw == NULL ) {
240                         /* prompt for new password */
241                         char *cknewpw;
242                         newpw = ch_strdup(getpassphrase("New password: "));
243                         cknewpw = getpassphrase("Re-enter new password: ");
244         
245                         if( strcmp( newpw, cknewpw )) {
246                                 fprintf( stderr, "Password values do not match\n" );
247                                 rc = EXIT_FAILURE;
248                                 goto destroy;
249                         }
250                 }
251
252                 passwd.bv_val = newpw;
253                 passwd.bv_len = strlen(passwd.bv_val);
254         } else {
255                 hash = passwd;
256                 goto print_pw;
257         }
258
259         lutil_passwd_hash( &passwd, scheme, &hash, &text );
260         if( hash.bv_val == NULL ) {
261                 fprintf( stderr,
262                         "Password generation failed for scheme %s: %s\n",
263                         scheme, text ? text : "" );
264                 rc = EXIT_FAILURE;
265                 goto destroy;
266         }
267
268         if( lutil_passwd( &hash, &passwd, NULL, &text ) ) {
269                 fprintf( stderr, "Password verification failed. %s\n",
270                         text ? text : "" );
271                 rc = EXIT_FAILURE;
272                 goto destroy;
273         }
274
275 print_pw:;
276         printf( "%s%s" , hash.bv_val, newline );
277
278 destroy:;
279 #ifdef SLAPD_MODULES
280         module_kill();
281 #endif
282
283         return rc;
284 }