Add -y passfile support

clients/tools/ldapcompare.c

@@ -66,6 +66,7 @@ usage( const char *s )
 "  -W         prompt for bind passwd\n"
 "  -x         Simple authentication\n"
 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+"  -y file    Read passwd from file\n"
 "  -Y mech    SASL mechanism\n"
 "  -Z         Start TLS request (-ZZ to require successful response)\n"
 , s );
@@ -109,6 +110,7 @@ main( int argc, char **argv )
 	int		authmethod, version, want_bindpw;
 	LDAP	*ld = NULL;
 	struct berval bvalue = { 0, NULL };
+	char	*pw_file = NULL;
 
 	debug = verbose = not = referrals =
 		manageDSAit = want_bindpw = quiet = 0;
@@ -120,7 +122,7 @@ main( int argc, char **argv )
 	prog = lutil_progname( "ldapcompare", argc, argv );
 
 	while (( i = getopt( argc, argv,
-		"Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:Y:zZ")) != EOF )
+		"Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:y:Y:zZ")) != EOF )
 	{
 		switch( i ) {
 
@@ -385,6 +387,9 @@ main( int argc, char **argv )
 		case 'W':
 			want_bindpw++;
 			break;
+		case 'y':
+			pw_file = optarg;
+			break;
 		case 'Y':
 #ifdef HAVE_CYRUS_SASL
 			if( sasl_mech != NULL ) {
@@ -587,9 +592,14 @@ main( int argc, char **argv )
 		}
 	}
 
-	if (want_bindpw) {
-		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
-		passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+	if ( pw_file || want_bindpw ) {
+		if ( pw_file ) {
+			rc = lutil_get_filed_password( pw_file, &passwd );
+			if( rc ) return EXIT_FAILURE;
+		} else {
+			passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+			passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+		}
 	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {

clients/tools/ldapdelete.c

@@ -81,6 +81,7 @@ usage( const char *s )
 "  -W         prompt for bind passwd\n"
 "  -x         Simple authentication\n"
 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+"  -y file    Read passwd from file\n"
 "  -Y mech    SASL mechanism\n"
 "  -Z         Start TLS request (-ZZ to require successful response)\n"
 ,		s );
@@ -95,16 +96,18 @@ main( int argc, char **argv )
 	char		buf[ 4096 ];
 	FILE		*fp;
 	int		i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit;
+	char	*pw_file;
 
     not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0;
     fp = NULL;
     authmethod = -1;
 	version = -1;
+	pw_file = NULL;
 
     prog = lutil_progname( "ldapdelete", argc, argv );
 
     while (( i = getopt( argc, argv, "cf:r"
-		"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF )
+		"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF )
 	{
 	switch( i ) {
 	/* Delete Specific Options */
@@ -386,6 +389,9 @@ main( int argc, char **argv )
 	case 'W':
 		want_bindpw++;
 		break;
+	case 'y':
+		pw_file = optarg;
+		break;
 	case 'Y':
 #ifdef HAVE_CYRUS_SASL
 		if( sasl_mech != NULL ) {
@@ -553,9 +559,14 @@ main( int argc, char **argv )
 		}
 	}
 
-	if (want_bindpw) {
-		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
-		passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+	if ( pw_file || want_bindpw ) {
+		if ( pw_file ) {
+			rc = lutil_get_filed_password( pw_file, &passwd );
+			if( rc ) return EXIT_FAILURE;
+		} else {
+			passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+			passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+		}
 	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {

clients/tools/ldapmodify.c

@@ -130,6 +130,7 @@ usage( const char *prog )
 "  -W         prompt for bind passwd\n"
 "  -x         Simple authentication\n"
 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+"  -y file    Read passwd from file\n"
 "  -Y mech    SASL mechanism\n"
 "  -Z         Start TLS request (-ZZ to require successful response)\n"
 	     , prog, (strcmp( prog, "ldapadd" ) ? " is to replace" : "") );
@@ -146,6 +147,7 @@ main( int argc, char **argv )
 	char		*matched_msg = NULL, *error_msg = NULL;
 	int		rc, i, authmethod, version, want_bindpw, debug, manageDSAit, referrals;
 	int count, len;
+	char	*pw_file = NULL;
 
     prog = lutil_progname( "ldapmodify", argc, argv );
 
@@ -162,7 +164,7 @@ main( int argc, char **argv )
 	version = -1;
 
     while (( i = getopt( argc, argv, "acrf:F"
-		"Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:Y:Z" )) != EOF )
+		"Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:y:Y:Z" )) != EOF )
 	{
 	switch( i ) {
 	/* Modify Options */
@@ -454,6 +456,9 @@ main( int argc, char **argv )
 	case 'W':
 		want_bindpw++;
 		break;
+	case 'y':
+		pw_file = optarg;
+		break;
 	case 'Y':
 #ifdef HAVE_CYRUS_SASL
 		if( sasl_mech != NULL ) {
@@ -636,9 +641,14 @@ main( int argc, char **argv )
 		}
 	}
 
-	if (want_bindpw) {
-		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
-		passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+	if ( pw_file || want_bindpw ) {
+		if ( pw_file ) {
+			rc = lutil_get_filed_password( pw_file, &passwd );
+			if( rc ) return EXIT_FAILURE;
+		} else {
+			passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+			passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+		}
 	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {

clients/tools/ldapmodrdn.c

@@ -95,6 +95,7 @@ usage( const char *s )
 "  -W         prompt for bind passwd\n"
 "  -x         Simple authentication\n"
 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+"  -y file    Read passwd from file\n"
 "  -Y mech    SASL mechanism\n"
 "  -Z         Start TLS request (-ZZ to require successful response)\n"
 ,		s );
@@ -110,6 +111,7 @@ main(int argc, char **argv)
 	int		rc, i, remove, havedn, authmethod, version, want_bindpw, debug, manageDSAit;
 	int		referrals;
     char	*newSuperior=NULL;
+	char	*pw_file = NULL;
 
     infile = NULL;
     not = contoper = verbose = remove = want_bindpw =
@@ -120,7 +122,7 @@ main(int argc, char **argv)
     prog = lutil_progname( "ldapmodrdn", argc, argv );
 
     while (( i = getopt( argc, argv, "cf:rs:"
-		"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF )
+		"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF )
 	{
 	switch( i ) {
 	/* Modrdn Options */
@@ -408,6 +410,9 @@ main(int argc, char **argv)
 	case 'W':
 		want_bindpw++;
 		break;
+	case 'y':
+		pw_file = optarg;
+		break;
 	case 'Y':
 #ifdef HAVE_CYRUS_SASL
 		if( sasl_mech != NULL ) {
@@ -590,9 +595,14 @@ main(int argc, char **argv)
 		}
 	}
 
-	if (want_bindpw) {
-		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
-		passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+	if ( pw_file || want_bindpw ) {
+		if ( pw_file ) {
+			rc = lutil_get_filed_password( pw_file, &passwd );
+			if( rc ) return EXIT_FAILURE;
+		} else {
+			passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+			passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+		}
 	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {

clients/tools/ldapsearch.c

@@ -90,6 +90,7 @@ usage( const char *s )
 "  -W         prompt for bind passwd\n"
 "  -x         Simple authentication\n"
 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+"  -y file    Read passwd from file\n"
 "  -Y mech    SASL mechanism\n"
 "  -Z         Start TLS request (-ZZ to require successful response)\n"
 , s, def_urlpre, def_tmpdir );
@@ -188,6 +189,7 @@ main( int argc, char **argv )
 	BerElement	*ber = NULL;
 	struct berval 	*bvalp = NULL;
 	char	*vrFilter  = NULL, *control  = NULL, *s;
+	char	*pw_file = NULL;
 
 
 	infile = NULL;
@@ -226,7 +228,7 @@ main( int argc, char **argv )
 	urlize( def_urlpre );
 
 	while (( i = getopt( argc, argv, "Aa:b:E:F:f:Ll:S:s:T:tuz:"
-		"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z")) != EOF )
+		"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z")) != EOF )
 	{
 	switch( i ) {
 	/* Search Options */
@@ -603,6 +605,9 @@ main( int argc, char **argv )
 	case 'W':
 		want_bindpw++;
 		break;
+	case 'y':
+		pw_file = optarg;
+		break;
 	case 'Y':
 #ifdef HAVE_CYRUS_SASL
 		if( sasl_mech != NULL ) {
@@ -824,9 +829,14 @@ main( int argc, char **argv )
 		}
 	}
 
-	if (want_bindpw) {
-		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
-		passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+	if ( pw_file || want_bindpw ) {
+		if ( pw_file ) {
+			rc = lutil_get_filed_password( pw_file, &passwd );
+			if( rc ) return EXIT_FAILURE;
+		} else {
+			passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+			passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+		}
 	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {

clients/tools/ldapwhoami.c

@@ -49,6 +49,7 @@ usage(const char *s)
 "  -W         prompt for bind passwd\n"
 "  -x         Simple authentication\n"
 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+"  -y file    Read passwd from file\n"
 "  -Y mech    SASL mechanism\n"
 "  -Z         Start TLS request (-ZZ to require successful response)\n"
 		, s );
@@ -68,12 +69,9 @@ main( int argc, char *argv[] )
 	char	*binddn = NULL;
 
 	struct berval passwd = { 0, NULL };
-	char	*newpw = NULL;
-	char	*oldpw = NULL;
 
+	char	*pw_file = NULL;
 	int		want_bindpw = 0;
-	int		want_newpw = 0;
-	int		want_oldpw = 0;
 
 	int		not = 0;
 	int		i;
@@ -81,7 +79,6 @@ main( int argc, char *argv[] )
 	int		debug = 0;
 	int		version = -1;
 	int		authmethod = -1;
-	int		manageDSAit = 0;
 #ifdef HAVE_CYRUS_SASL
 	unsigned	sasl_flags = LDAP_SASL_AUTOMATIC;
 	char		*sasl_realm = NULL;
@@ -102,42 +99,10 @@ main( int argc, char *argv[] )
 
 	prog = lutil_progname( "ldapwhoami", argc, argv );
 
-	while( (i = getopt( argc, argv, "Aa:Ss:"
-		"Cd:D:h:H:InO:p:QR:U:vw:WxX:Y:Z" )) != EOF )
+	while( (i = getopt( argc, argv, 
+		"Cd:D:h:H:InO:p:QR:U:vw:WxX:y:Y:Z" )) != EOF )
 	{
 		switch (i) {
-		/* Password Options */
-		case 'A':	/* prompt for old password */
-			want_oldpw++;
-			break;
-
-		case 'a':	/* old password (secret) */
-			oldpw = strdup (optarg);
-
-			{
-				char* p;
-
-				for( p = optarg; *p != '\0'; p++ ) {
-					*p = '\0';
-				}
-			}
-			break;
-
-		case 'S':	/* prompt for user password */
-			want_newpw++;
-			break;
-
-		case 's':	/* new password (secret) */
-			newpw = strdup (optarg);
-			{
-				char* p;
-
-				for( p = optarg; *p != '\0'; p++ ) {
-					*p = '\0';
-				}
-			}
-			break;
-
 	/* Common Options (including options we don't use) */
 	case 'C':
 		referrals++;
@@ -239,16 +204,6 @@ main( int argc, char *argv[] )
 		return( EXIT_FAILURE );
 #endif
 	    break;
-	case 'M':
-		/* enable Manage DSA IT */
-		if( version == LDAP_VERSION2 ) {
-			fprintf( stderr, "%s: -M incompatible with LDAPv%d\n",
-				prog, version );
-			return EXIT_FAILURE;
-		}
-		manageDSAit++;
-		version = LDAP_VERSION3;
-		break;
 	case 'n':	/* print deletes, don't actually do them */
 	    ++not;
 	    break;
@@ -399,6 +354,9 @@ main( int argc, char *argv[] )
 	case 'W':
 		want_bindpw++;
 		break;
+	case 'y':
+		pw_file = optarg;
+		break;
 	case 'Y':
 #ifdef HAVE_CYRUS_SASL
 		if( sasl_mech != NULL ) {
@@ -496,40 +454,16 @@ main( int argc, char *argv[] )
 		user = NULL;
 	}
 
-	if( want_oldpw && oldpw == NULL ) {
-		/* prompt for old password */
-		char *ckoldpw;
-		oldpw = strdup(getpassphrase("Old password: "));
-		ckoldpw = getpassphrase("Re-enter old password: ");
-
-		if( oldpw== NULL || ckoldpw == NULL ||
-			strcmp( oldpw, ckoldpw ))
-		{
-			fprintf( stderr, "passwords do not match\n" );
-			return EXIT_FAILURE;
-		}
-	}
-
-	if( want_newpw && newpw == NULL ) {
-		/* prompt for new password */
-		char *cknewpw;
-		newpw = strdup(getpassphrase("New password: "));
-		cknewpw = getpassphrase("Re-enter new password: ");
-
-		if( newpw== NULL || cknewpw == NULL ||
-			strcmp( newpw, cknewpw ))
-		{
-			fprintf( stderr, "passwords do not match\n" );
-			return EXIT_FAILURE;
+	if ( pw_file || want_bindpw ) {
+		if ( pw_file ) {
+			rc = lutil_get_filed_password( pw_file, &passwd );
+			if( rc ) return EXIT_FAILURE;
+		} else {
+			passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
+			passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
 		}
 	}
 
-	if (want_bindpw && passwd.bv_val == NULL ) {
-		/* handle bind password */
-		passwd.bv_val = strdup( getpassphrase("Enter bind password: "));
-		passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
-	}
-
 	if ( debug ) {
 		if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
 			fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );