Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Nadezhda Ivanova
OpenLDAP
Commits
ce1dcf80
Commit
ce1dcf80
authored
Mar 31, 2003
by
Kurt Zeilenga
Browse files
Add more password file support
Update cache shell routines Misc cleanup
parent
a18dbe98
Changes
11
Expand all
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
ce1dcf80
...
...
@@ -12,9 +12,12 @@ OpenLDAP 2.1.17 Engineering
Fixed slurpd core dump on exit (ITS#2363)
Fixed slapadd oidm destory bug (ITS#2409)
Fixed clients critical argument handling
Updated clients password file support
Added slappasswd password file support
Removed lint (ITS#2382)
Build Environment
Updated versioning system
Added LDAP cache shell-only routines
Documentation
Updated slurpd(8) -u usage
Misc man page updates
...
...
clients/tools/common.c
View file @
ce1dcf80
...
...
@@ -84,11 +84,11 @@ tool_common_usage( void )
" -U authcid SASL authentication identity
\n
"
,
" -v run in verbose mode (diagnostics to standard output)
\n
"
,
" -V print version info (-VV only)
\n
"
,
" -w passwd bind passwd (for simple authentication)
\n
"
,
" -W prompt for bind passwd
\n
"
,
" -w passwd bind passw
or
d (for simple authentication)
\n
"
,
" -W prompt for bind passw
or
d
\n
"
,
" -x Simple authentication
\n
"
,
" -X authzid SASL authorization identity (
\"
dn:<dn>
\"
or
\"
u:<user>
\"
)
\n
"
,
" -y file Read passwd from file
\n
"
,
" -y file Read passw
or
d from file
\n
"
,
" -Y mech SASL mechanism
\n
"
,
" -Z Start TLS request (-ZZ to require successful response)
\n
"
,
NULL
...
...
clients/tools/ldappasswd.c
View file @
ce1dcf80
...
...
@@ -24,11 +24,14 @@
#include
"common.h"
static
char
*
newpw
=
NULL
;
static
char
*
oldpw
=
NULL
;
static
struct
berval
newpw
=
{
0
,
NULL
};
static
struct
berval
oldpw
=
{
0
,
NULL
};
static
int
want_newpw
=
0
;
static
int
want_oldpw
=
0
;
static
char
*
oldpwfile
=
NULL
;
static
char
*
newpwfile
=
NULL
;
void
usage
(
void
)
...
...
@@ -40,25 +43,27 @@ usage( void )
"Password change options:
\n
"
" -a secret old password
\n
"
" -A prompt for old password
\n
"
" -t file read file for old password
\n
"
" -s secret new password
\n
"
" -S prompt for new password
\n
"
" -T file read file for new password
\n
"
,
prog
);
tool_common_usage
();
exit
(
EXIT_FAILURE
);
}
const
char
options
[]
=
"a:As:S"
"Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:Y:Z"
;
const
char
options
[]
=
"a:As:S
t:T:
"
"Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:
y:
Y:Z"
;
int
handle_private_option
(
int
i
)
{
switch
(
i
)
{
#if 0
case 'E': /* passwd controls */ {
int crit;
char *control, *cvalue;
case 'E': /* passwd controls */
if( protocol == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -E incompatible with LDAPv%d\n",
prog, protocol );
...
...
@@ -80,19 +85,21 @@ handle_private_option( int i )
if ( (cvalue = strchr( control, '=' )) != NULL ) {
*cvalue++ = '\0';
}
fprintf( stderr, "Invalid passwd control name: %s\n", control );
usage();
}
#endif
case
'a'
:
/* old password (secret) */
oldpw
=
strdup
(
optarg
);
oldpw
.
bv_val
=
strdup
(
optarg
);
{
char
*
p
;
for
(
p
=
optarg
;
*
p
!=
'\0'
;
p
++
)
{
*
p
=
'\0'
;
}
}
oldpw
.
bv_len
=
strlen
(
oldpw
.
bv_val
);
break
;
case
'A'
:
/* prompt for old password */
...
...
@@ -100,19 +107,28 @@ handle_private_option( int i )
break
;
case
's'
:
/* new password (secret) */
newpw
=
strdup
(
optarg
);
newpw
.
bv_val
=
strdup
(
optarg
);
{
char
*
p
;
for
(
p
=
optarg
;
*
p
!=
'\0'
;
p
++
)
{
*
p
=
'\0'
;
}
}
newpw
.
bv_len
=
strlen
(
newpw
.
bv_val
);
break
;
case
'S'
:
/* prompt for user password */
want_newpw
++
;
break
;
case
't'
:
oldpwfile
=
optarg
;
break
;
case
'T'
:
newpwfile
=
optarg
;
break
;
default:
return
0
;
}
...
...
@@ -151,35 +167,49 @@ main( int argc, char *argv[] )
user
=
NULL
;
}
if
(
want_oldpw
&&
oldpw
==
NULL
)
{
if
(
oldpwfile
)
{
rc
=
lutil_get_filed_password
(
prog
,
&
oldpw
);
if
(
rc
)
return
EXIT_FAILURE
;
}
if
(
want_oldpw
&&
oldpw
.
bv_val
==
NULL
)
{
/* prompt for old password */
char
*
ckoldpw
;
oldpw
=
strdup
(
getpassphrase
(
"Old password: "
));
oldpw
.
bv_val
=
strdup
(
getpassphrase
(
"Old password: "
));
ckoldpw
=
getpassphrase
(
"Re-enter old password: "
);
if
(
oldpw
==
NULL
||
ckoldpw
==
NULL
||
strcmp
(
oldpw
,
ckoldpw
))
if
(
oldpw
.
bv_val
==
NULL
||
ckoldpw
==
NULL
||
strcmp
(
oldpw
.
bv_val
,
ckoldpw
))
{
fprintf
(
stderr
,
"passwords do not match
\n
"
);
return
EXIT_FAILURE
;
}
oldpw
.
bv_len
=
strlen
(
oldpw
.
bv_val
);
}
if
(
newpwfile
)
{
rc
=
lutil_get_filed_password
(
prog
,
&
newpw
);
if
(
rc
)
return
EXIT_FAILURE
;
}
if
(
want_newpw
&&
newpw
==
NULL
)
{
if
(
want_newpw
&&
newpw
.
bv_val
==
NULL
)
{
/* prompt for new password */
char
*
cknewpw
;
newpw
=
strdup
(
getpassphrase
(
"New password: "
));
newpw
.
bv_val
=
strdup
(
getpassphrase
(
"New password: "
));
cknewpw
=
getpassphrase
(
"Re-enter new password: "
);
if
(
newpw
==
NULL
||
cknewpw
==
NULL
||
strcmp
(
newpw
,
cknewpw
))
if
(
newpw
.
bv_val
==
NULL
||
cknewpw
==
NULL
||
strcmp
(
newpw
.
bv_val
,
cknewpw
))
{
fprintf
(
stderr
,
"passwords do not match
\n
"
);
return
EXIT_FAILURE
;
}
newpw
.
bv_len
=
strlen
(
newpw
.
bv_val
);
}
if
(
want_bindpw
&&
passwd
.
bv_val
==
NULL
)
{
if
(
want_bindpw
&&
passwd
.
bv_val
==
NULL
)
{
/* handle bind password */
passwd
.
bv_val
=
strdup
(
getpassphrase
(
"Enter bind password: "
));
passwd
.
bv_len
=
passwd
.
bv_val
?
strlen
(
passwd
.
bv_val
)
:
0
;
...
...
@@ -192,7 +222,7 @@ main( int argc, char *argv[] )
if
(
authzid
||
manageDSAit
||
noop
)
tool_server_controls
(
ld
,
NULL
,
0
);
if
(
user
!=
NULL
||
oldpw
!=
NULL
||
newpw
!=
NULL
)
{
if
(
user
!=
NULL
||
oldpw
.
bv_val
!=
NULL
||
newpw
.
bv_val
!=
NULL
)
{
/* build change password control */
ber
=
ber_alloc_t
(
LBER_USE_DER
);
...
...
@@ -210,16 +240,16 @@ main( int argc, char *argv[] )
free
(
user
);
}
if
(
oldpw
!=
NULL
)
{
ber_printf
(
ber
,
"t
s
"
,
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD
,
oldpw
);
free
(
oldpw
);
if
(
oldpw
.
bv_val
!=
NULL
)
{
ber_printf
(
ber
,
"t
O
"
,
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD
,
&
oldpw
);
free
(
oldpw
.
bv_val
);
}
if
(
newpw
!=
NULL
)
{
ber_printf
(
ber
,
"t
s
"
,
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW
,
newpw
);
free
(
newpw
);
if
(
newpw
.
bv_val
!=
NULL
)
{
ber_printf
(
ber
,
"t
O
"
,
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW
,
&
newpw
);
free
(
newpw
.
bv_val
);
}
ber_printf
(
ber
,
/*{*/
"N}"
);
...
...
@@ -256,7 +286,8 @@ main( int argc, char *argv[] )
return
rc
;
}
rc
=
ldap_parse_result
(
ld
,
res
,
&
code
,
&
matcheddn
,
&
text
,
&
refs
,
NULL
,
0
);
rc
=
ldap_parse_result
(
ld
,
res
,
&
code
,
&
matcheddn
,
&
text
,
&
refs
,
NULL
,
0
);
if
(
rc
!=
LDAP_SUCCESS
)
{
ldap_perror
(
ld
,
"ldap_parse_result"
);
...
...
doc/devel/args
View file @
ce1dcf80
Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
ldapcompare * DE
*HI*K M*OPQR UVWXYZ de *h**k *n*p* vwx
z
ldapdelete *CDE
*HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
ldapmodify *CDE
F
*HI*K M*OPQRS UVWXYZabcde
f
*h**k *n*p*r t vwxy
ldapmodrdn *CDE
*HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
ldappasswd A*CDE
*HI* *O QRS UVWXYZa de
*h** * * * s vwxy
ldapsearch A*CDE
*HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
ldapwhoami * DE
*HI* *O QR UVWXYZ def*h** *n*p* vwx
ldapcompare * DE
*
*HI*K M*OPQR UVWXYZ de *h**k *n*p* vwx
y
z
ldapdelete *CDE
*
*HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
ldapmodify *CDE
*
*HI*K M*OPQRS UVWXYZabcde
*h**k *n*p*r t vwxy
ldapmodrdn *CDE
*
*HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
ldappasswd A*CDE
*
*HI* *O QRS UVWXYZa de
f
*h** * * * s vwxy
ldapsearch A*CDE
*
*HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
ldapwhoami * DE
*
*HI* *O QR UVWXYZ def*h** *n*p* vwx
y
* reserved
GJNgijmoq
y
01235789
BF
GJNgijmoq01235789
* General flags:
-C Chase Referrals
-D Bind DN
-E CommandSpecific Extensions (e.g., -E <[!]oid[=options]>*)
-e General Extensions (e.g., -e <[!]oid[=options]>*)
-E Tool-specific Extensions (e.g., -E <[!]oid[=options]>*)
-e General Extensions (e.g., -e <[!]oid[=options]>*)
-f file
-H URI
-P protocol version
-V version information
...
...
doc/man/man1/ldappasswd.1
View file @
ce1dcf80
...
...
@@ -11,6 +11,8 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-a \ oldPasswd\fR]
[\c
.BI \-t \ oldpasswdfile\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-d \ debuglevel\fR]
...
...
@@ -27,12 +29,16 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-s \ newPasswd\fR]
[\c
.BI \-T \ newpasswdfile\fR]
[\c
.BR \-v ]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
...
...
@@ -82,6 +88,9 @@ This is used instead of specifying the password on the command line.
.BI \-a \ oldPasswd
Set the old password to \fIoldPasswd\fP.
.TP
.BI \-t \ oldPasswdFile
Set the old password to the contents of \fIoldPasswdFile\fP.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
...
...
@@ -116,6 +125,9 @@ This is used instead of specifying the password on the command line.
.BI \-s \ newPasswd
Set the new password to \fInewPasswd\fP.
.TP
.BI \-T \ newPasswdFile
Set the new password to the contents of \fInewPasswdFile\fP.
.TP
.B \-v
Increase the verbosity of output. Can be specified multiple times.
.TP
...
...
@@ -126,6 +138,10 @@ This is used instead of specifying the password on the command line.
.BI \-w \ passwd
Use \fIpasswd\fP as the password to bind with.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
...
...
doc/man/man8/slappasswd.8
View file @
ce1dcf80
...
...
@@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility
.B SBINDIR/slappasswd
.B [\-v]
.B [\-u]
.B [\-s secret]
.B [\-s secret
|\-T file
]
.B [\-h hash]
.B [\-c salt-format]
.B
...
...
@@ -34,8 +34,24 @@ versions of this program may generate alternative syntaxes
by default. This option is provided for forward compatibility.
.TP
.BI \-s " secret"
The secret to hash. If not provided, the user will be prompted
for the secret to hash.
The secret to hash.
If this and
.B \-T
are absent, the user will be prompted for the secret to hash.
.B \-s
and
.B \-T
and mutually exclusive flags.
.TP
.BI \-T " file"
Hash the contents of the file.
If this and
.B \-s
are absent, the user will be prompted for the secret to hash.
.B \-s
and
.B \-T
and mutually exclusive flags.
.TP
.BI \-h " scheme"
If -h is specified, one of the following RFC 2307 schemes may
...
...
libraries/libldap/cache.c
View file @
ce1dcf80
...
...
@@ -31,7 +31,7 @@ ldap_enable_cache( LDAP *ld, long timeout, ber_len_t maxmem )
assert
(
LDAP_VALID
(
ld
)
);
if
(
!
(
called
++
))
{
fprintf
(
stderr
,
"ldap_enable_cache:
function
is obsoleted.
"
fprintf
(
stderr
,
"ldap_enable_cache:
routine
is obsoleted.
\n
"
);
}
return
-
1
;
...
...
servers/slapd/Makefile.in
View file @
ce1dcf80
...
...
@@ -348,6 +348,11 @@ all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS) tools
install-schema
:
FORCE
@
-
$(MKDIR)
$(DESTDIR)$(schemadir)
i
=
"
$(srcdir)
/schema/README"
;
\
SF
=
`
basename
$$
i
`
;
\
SD
=
"
$(DESTDIR)$(schemadir)
/
$$
SF"
;
\
echo
$(INSTALL)
$(INSTALLFLAGS)
-m
444
$$
i
$$
SD
;
\
$(INSTALL)
$(INSTALLFLAGS)
-m
444
$$
i
$$
SD
for
i
in
$(srcdir)
/schema/
*
.schema
;
do
\
SF
=
`
basename
$$
i
`
;
\
SD
=
"
$(DESTDIR)$(schemadir)
/
$$
SF"
;
\
...
...
servers/slapd/back-bdb/Makefile.in
View file @
ce1dcf80
...
...
@@ -4,12 +4,12 @@ SRCS = init.c tools.c config.c \
add.c bind.c compare.c delete.c modify.c modrdn.c search.c
\
extended.c passwd.c referral.c attribute.c group.c operational.c
\
attr.c index.c key.c dbcache.c filterindex.c
\
dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c
psearch.c
dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c
OBJS
=
init.lo tools.lo config.lo
\
add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo
\
extended.lo passwd.lo referral.lo attribute.lo group.lo operational.lo
\
attr.lo index.lo key.lo dbcache.lo filterindex.lo
\
dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo
psearch.lo
dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo
LDAP_INCDIR
=
../../../include
LDAP_LIBDIR
=
../../../libraries
...
...
servers/slapd/back-bdb/psearch.c
deleted
100644 → 0
View file @
a18dbe98
This diff is collapsed.
Click to expand it.
servers/slapd/tools/slappasswd.c
View file @
ce1dcf80
...
...
@@ -34,6 +34,7 @@ usage(const char *s)
" -c format
\t
crypt(3) salt format
\n
"
" -u
\t\t
generate RFC2307 values (default)
\n
"
" -v
\t\t
increase verbosity
\n
"
" -T file
\t
read password from verbosity
\n
"
,
s
);
exit
(
EXIT_FAILURE
);
...
...
@@ -44,13 +45,14 @@ main( int argc, char *argv[] )
{
char
*
scheme
=
"{SSHA}"
;
char
*
newpw
=
NULL
;
char
*
pwfile
=
NULL
;
int
i
;
struct
berval
passwd
;
struct
berval
*
hash
=
NULL
;
while
(
(
i
=
getopt
(
argc
,
argv
,
"c:d:h:s:vu"
))
!=
EOF
)
"c:d:h:s:
T:
vu"
))
!=
EOF
)
{
switch
(
i
)
{
case
'c'
:
/* crypt salt format */
...
...
@@ -70,9 +72,12 @@ main( int argc, char *argv[] )
for
(
p
=
optarg
;
*
p
!=
'\0'
;
p
++
)
{
*
p
=
'\0'
;
}
}
break
;
case
'T'
:
/* password file */
pwfile
=
optarg
;
break
;
case
'u'
:
/* RFC2307 userPassword */
break
;
...
...
@@ -89,20 +94,26 @@ main( int argc, char *argv[] )
usage
(
argv
[
0
]
);
}
if
(
newpw
==
NULL
)
{
/* prompt for new password */
char
*
cknewpw
;
newpw
=
strdup
(
getpassphrase
(
"New password: "
));
cknewpw
=
getpassphrase
(
"Re-enter new password: "
);
if
(
strcmp
(
newpw
,
cknewpw
))
{
fprintf
(
stderr
,
"Password values do not match
\n
"
);
if
(
pwfile
!=
NULL
)
{
if
(
lutil_get_filed_password
(
pwfile
,
&
passwd
))
{
return
EXIT_FAILURE
;
}
}
}
else
{
if
(
newpw
==
NULL
)
{
/* prompt for new password */
char
*
cknewpw
;
newpw
=
strdup
(
getpassphrase
(
"New password: "
));
cknewpw
=
getpassphrase
(
"Re-enter new password: "
);
if
(
strcmp
(
newpw
,
cknewpw
))
{
fprintf
(
stderr
,
"Password values do not match
\n
"
);
return
EXIT_FAILURE
;
}
}
passwd
.
bv_val
=
newpw
;
passwd
.
bv_len
=
strlen
(
passwd
.
bv_val
);
passwd
.
bv_val
=
newpw
;
passwd
.
bv_len
=
strlen
(
passwd
.
bv_val
);
}
hash
=
lutil_passwd_hash
(
&
passwd
,
scheme
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment