Commit 8de258d2 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Patch: 'ldapmodify -y file' reads password from file (ITS#2031)

            ================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
parent 8c30114d
......@@ -66,6 +66,7 @@ usage( const char *s )
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
......@@ -109,6 +110,7 @@ main( int argc, char **argv )
int authmethod, version, want_bindpw;
LDAP *ld = NULL;
struct berval bvalue = { 0, NULL };
char *pw_file = NULL;
debug = verbose = not = referrals =
manageDSAit = want_bindpw = quiet = 0;
......@@ -120,7 +122,7 @@ main( int argc, char **argv )
prog = lutil_progname( "ldapcompare", argc, argv );
while (( i = getopt( argc, argv,
"Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:Y:zZ")) != EOF )
"Cd:D:h:H:IkKMnO:p:P:qQR:U:vw:WxX:y:Y:zZ")) != EOF )
{
switch( i ) {
......@@ -385,6 +387,9 @@ main( int argc, char **argv )
case 'W':
want_bindpw++;
break;
case 'y':
pw_file = optarg;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
......@@ -587,9 +592,14 @@ main( int argc, char **argv )
}
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
if ( pw_file || want_bindpw ) {
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
}
if ( authmethod == LDAP_AUTH_SASL ) {
......
......@@ -81,6 +81,7 @@ usage( const char *s )
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
......@@ -95,16 +96,18 @@ main( int argc, char **argv )
char buf[ 4096 ];
FILE *fp;
int i, rc, authmethod, referrals, want_bindpw, version, debug, manageDSAit;
char *pw_file;
not = verbose = contoper = want_bindpw = debug = manageDSAit = referrals = 0;
fp = NULL;
authmethod = -1;
version = -1;
pw_file = NULL;
prog = lutil_progname( "ldapdelete", argc, argv );
while (( i = getopt( argc, argv, "cf:r"
"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF )
"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch( i ) {
/* Delete Specific Options */
......@@ -386,6 +389,9 @@ main( int argc, char **argv )
case 'W':
want_bindpw++;
break;
case 'y':
pw_file = optarg;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
......@@ -553,9 +559,14 @@ main( int argc, char **argv )
}
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
if ( pw_file || want_bindpw ) {
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
}
if ( authmethod == LDAP_AUTH_SASL ) {
......
......@@ -130,6 +130,7 @@ usage( const char *prog )
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, prog, (strcmp( prog, "ldapadd" ) ? " is to replace" : "") );
......@@ -146,6 +147,7 @@ main( int argc, char **argv )
char *matched_msg = NULL, *error_msg = NULL;
int rc, i, authmethod, version, want_bindpw, debug, manageDSAit, referrals;
int count, len;
char *pw_file = NULL;
prog = lutil_progname( "ldapmodify", argc, argv );
......@@ -162,7 +164,7 @@ main( int argc, char **argv )
version = -1;
while (( i = getopt( argc, argv, "acrf:F"
"Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:Y:Z" )) != EOF )
"Cd:D:h:H:IkKMnO:p:P:QR:S:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch( i ) {
/* Modify Options */
......@@ -454,6 +456,9 @@ main( int argc, char **argv )
case 'W':
want_bindpw++;
break;
case 'y':
pw_file = optarg;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
......@@ -636,9 +641,14 @@ main( int argc, char **argv )
}
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
if ( pw_file || want_bindpw ) {
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
}
if ( authmethod == LDAP_AUTH_SASL ) {
......
......@@ -95,6 +95,7 @@ usage( const char *s )
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
......@@ -110,6 +111,7 @@ main(int argc, char **argv)
int rc, i, remove, havedn, authmethod, version, want_bindpw, debug, manageDSAit;
int referrals;
char *newSuperior=NULL;
char *pw_file = NULL;
infile = NULL;
not = contoper = verbose = remove = want_bindpw =
......@@ -120,7 +122,7 @@ main(int argc, char **argv)
prog = lutil_progname( "ldapmodrdn", argc, argv );
while (( i = getopt( argc, argv, "cf:rs:"
"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z" )) != EOF )
"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch( i ) {
/* Modrdn Options */
......@@ -408,6 +410,9 @@ main(int argc, char **argv)
case 'W':
want_bindpw++;
break;
case 'y':
pw_file = optarg;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
......@@ -590,9 +595,14 @@ main(int argc, char **argv)
}
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
if ( pw_file || want_bindpw ) {
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
}
if ( authmethod == LDAP_AUTH_SASL ) {
......
......@@ -90,6 +90,7 @@ usage( const char *s )
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s, def_urlpre, def_tmpdir );
......@@ -188,6 +189,7 @@ main( int argc, char **argv )
BerElement *ber = NULL;
struct berval *bvalp = NULL;
char *vrFilter = NULL, *control = NULL, *s;
char *pw_file = NULL;
infile = NULL;
......@@ -226,7 +228,7 @@ main( int argc, char **argv )
urlize( def_urlpre );
while (( i = getopt( argc, argv, "Aa:b:E:F:f:Ll:S:s:T:tuz:"
"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:Y:Z")) != EOF )
"Cd:D:h:H:IkKMnO:p:P:QR:U:vw:WxX:y:Y:Z")) != EOF )
{
switch( i ) {
/* Search Options */
......@@ -603,6 +605,9 @@ main( int argc, char **argv )
case 'W':
want_bindpw++;
break;
case 'y':
pw_file = optarg;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
......@@ -824,9 +829,14 @@ main( int argc, char **argv )
}
}
if (want_bindpw) {
passwd.bv_val = getpassphrase("Enter LDAP Password: ");
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
if ( pw_file || want_bindpw ) {
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
}
if ( authmethod == LDAP_AUTH_SASL ) {
......
......@@ -49,6 +49,7 @@ usage(const char *s)
" -W prompt for bind passwd\n"
" -x Simple authentication\n"
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -y file Read passwd from file\n"
" -Y mech SASL mechanism\n"
" -Z Start TLS request (-ZZ to require successful response)\n"
, s );
......@@ -68,12 +69,9 @@ main( int argc, char *argv[] )
char *binddn = NULL;
struct berval passwd = { 0, NULL };
char *newpw = NULL;
char *oldpw = NULL;
char *pw_file = NULL;
int want_bindpw = 0;
int want_newpw = 0;
int want_oldpw = 0;
int not = 0;
int i;
......@@ -102,42 +100,10 @@ main( int argc, char *argv[] )
prog = lutil_progname( "ldapwhoami", argc, argv );
while( (i = getopt( argc, argv, "Aa:Ss:"
"Cd:D:h:H:InO:p:QR:U:vw:WxX:Y:Z" )) != EOF )
while( (i = getopt( argc, argv,
"Cd:D:h:H:InO:p:QR:U:vw:WxX:y:Y:Z" )) != EOF )
{
switch (i) {
/* Password Options */
case 'A': /* prompt for old password */
want_oldpw++;
break;
case 'a': /* old password (secret) */
oldpw = strdup (optarg);
{
char* p;
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
}
break;
case 'S': /* prompt for user password */
want_newpw++;
break;
case 's': /* new password (secret) */
newpw = strdup (optarg);
{
char* p;
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
}
break;
/* Common Options (including options we don't use) */
case 'C':
referrals++;
......@@ -399,6 +365,9 @@ main( int argc, char *argv[] )
case 'W':
want_bindpw++;
break;
case 'y':
pw_file = optarg;
break;
case 'Y':
#ifdef HAVE_CYRUS_SASL
if( sasl_mech != NULL ) {
......@@ -496,40 +465,16 @@ main( int argc, char *argv[] )
user = NULL;
}
if( want_oldpw && oldpw == NULL ) {
/* prompt for old password */
char *ckoldpw;
oldpw = strdup(getpassphrase("Old password: "));
ckoldpw = getpassphrase("Re-enter old password: ");
if( oldpw== NULL || ckoldpw == NULL ||
strcmp( oldpw, ckoldpw ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
}
}
if( want_newpw && newpw == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( newpw== NULL || cknewpw == NULL ||
strcmp( newpw, cknewpw ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
if ( pw_file || want_bindpw ) {
if ( pw_file ) {
rc = lutil_get_filed_password( pw_file, &passwd );
if( rc ) return EXIT_FAILURE;
} else {
passwd.bv_val = getpassphrase( "Enter LDAP Password: " );
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
}
if (want_bindpw && passwd.bv_val == NULL ) {
/* handle bind password */
passwd.bv_val = strdup( getpassphrase("Enter bind password: "));
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
}
if ( debug ) {
if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &debug ) != LBER_OPT_SUCCESS ) {
fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", debug );
......
......@@ -22412,6 +22412,7 @@ for ac_func in \
endpwent \
fcntl \
flock \
fstat \
getdtablesize \
getgrgid \
gethostname \
......@@ -22460,12 +22461,12 @@ for ac_func in \
 
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:22464: checking for $ac_func" >&5
echo "configure:22465: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22469 "configure"
#line 22470 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
......@@ -22489,7 +22490,7 @@ f = $ac_func;
 
; return 0; }
EOF
if { (eval echo configure:22493: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:22494: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
......@@ -22517,12 +22518,12 @@ done
for ac_func in getopt
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:22521: checking for $ac_func" >&5
echo "configure:22522: checking for $ac_func" >&5
if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22526 "configure"
#line 22527 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
......@@ -22546,7 +22547,7 @@ f = $ac_func;
 
; return 0; }
EOF
if { (eval echo configure:22550: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:22551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
......@@ -22579,13 +22580,13 @@ fi
 
# Check Configuration
echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6
echo "configure:22583: checking declaration of sys_errlist" >&5
echo "configure:22584: checking declaration of sys_errlist" >&5
if eval "test \"\${ol_cv_dcl_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22589 "configure"
#line 22590 "configure"
#include "confdefs.h"
 
#include <stdio.h>
......@@ -22598,7 +22599,7 @@ int main() {
char *c = (char *) *sys_errlist
; return 0; }
EOF
if { (eval echo configure:22602: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
if { (eval echo configure:22603: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ol_cv_dcl_sys_errlist=yes
ol_cv_have_sys_errlist=yes
......@@ -22621,20 +22622,20 @@ EOF
 
 
echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6
echo "configure:22625: checking existence of sys_errlist" >&5
echo "configure:22626: checking existence of sys_errlist" >&5
if eval "test \"\${ol_cv_have_sys_errlist+set}\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 22631 "configure"
#line 22632 "configure"
#include "confdefs.h"
#include <errno.h>
int main() {
char *c = (char *) *sys_errlist
; return 0; }
EOF
if { (eval echo configure:22638: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:22639: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ol_cv_have_sys_errlist=yes
else
......
......@@ -2411,6 +2411,7 @@ AC_CHECK_FUNCS( \
endpwent \
fcntl \
flock \
fstat \
getdtablesize \
getgrgid \
gethostname \
......
Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
ldapdelete *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p* vwx*
ldapmodify *CDEF*HI*K M*OPQRS U*WXYZabcdef*h**k *n*p*r t vwx*
ldapmodrdn *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p*rs vwx*
ldappasswd A*CDE *HI* *O QRS U*WXYZa de *h** * * * s vwx*
ldapsearch A*CDE *HI*KLM*OPQRSTU*WXYZab*def*h**kl*n*p* stuvwx*z
Other Clients ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
fax500 * f h m
finger * c f i l p t x
go500 I * bcd f l p t x
go500gw I P * a cd f h l p t x
mail500 C * d f h lm v
rcpt500 U* abc f h l p st z
rp500 * ab d f x z
ud D * cd f l p s uv
ldapdelete *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p* vwxy
ldapmodify *CDEF*HI*K M*OPQRS U*WXYZabcdef*h**k *n*p*r t vwxy
ldapmodrdn *CDE *HI*K M*OPQR U*WXYZ cdef*h**k *n*p*rs vwxy
ldappasswd A*CDE *HI* *O QRS U*WXYZa de *h** * * * s vwxy
ldapsearch A*CDE *HI*KLM*OPQRSTU*WXYZab*def*h**kl*n*p* stuvwxyz
ldapwhoami
* reserved
......@@ -33,6 +24,7 @@ ud D * cd f l p s uv
-n no-op
-p port
-v verbose
-y Bind password-file
-w Bind password
-4 IPv4 only
-6 IPv6 only
......
......@@ -56,9 +56,15 @@ lutil_entropy LDAP_P((
unsigned char *buf,
ber_len_t nbytes ));
/* passwd.c */
/* passfile.c */
struct berval; /* avoid pulling in lber.h */
LDAP_LUTIL_F( int )
lutil_get_filed_password LDAP_P((
const char *filename,
struct berval * ));
/* passwd.c */
LDAP_LUTIL_F( int )
lutil_authpasswd LDAP_P((
const struct berval *passwd, /* stored password */
......
......@@ -131,6 +131,9 @@
/* Define if you have the flock function. */
#undef HAVE_FLOCK
/* Define if you have the fstat function. */
#undef HAVE_FSTAT
/* Define if you have the gai_strerror function. */
#undef HAVE_GAI_STRERROR
......
......@@ -150,6 +150,9 @@
/* Define if you have the flock function. */
/* #undef HAVE_FLOCK */
/* Define if you have the fstat function. */
/* #undef HAVE_FSTAT */
/* Define if you have the gai_strerror function. */
/* #undef HAVE_GAI_STRERROR */
......
......@@ -13,11 +13,11 @@ NT_OBJS = ntservice.o slapdmsg.res
UNIX_SRCS = detach.c
UNIX_OBJS = detach.o
SRCS = base64.c csn.c entropy.c sasl.c signal.c hash.c \
SRCS = base64.c csn.c entropy.c sasl.c signal.c hash.c passfile.c \
md5.c passwd.c sha1.c getpass.c lockf.c utils.c uuid.c sockpair.c \
@LIBSRCS@ $(@PLAT@_SRCS)
OBJS = base64.o csn.o entropy.o sasl.o signal.o hash.o \
OBJS = base64.o csn.o entropy.o sasl.o signal.o hash.o passfile.o \
md5.o passwd.o sha1.o getpass.o lockf.o utils.o uuid.o sockpair.o \
@LIBOBJS@ $(@PLAT@_OBJS)
......
/* $OpenLDAP$ */
/*
* Copyright 2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "portable.h"
#include <stdio.h>
#include <ac/ctype.h>
#include <ac/string.h>
#ifdef HAVE_FSTAT
#include <sys/types.h>
#include <sys/stat.h>
#endif /* HAVE_FSTAT */
#include <lber.h>
#include <lutil.h>
/* Get a password from a file. */
int
lutil_get_filed_password(
const char *filename,
struct berval *passwd )
{
int rc;
size_t nread, nleft, nr;
FILE *f = fopen( filename, "r" );
if( f == NULL ) {
perror( filename );
return -1;
}
passwd->bv_val = NULL;
passwd->bv_len = 4196;
#ifdef HAVE_FSTAT
{
struct stat sb;
if ( fstat( fileno( f ), &sb ) == 0 ) {
if( sb.st_mode & 006 ) {
fprintf( stderr,