Commit ce1dcf80 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add more password file support

Update cache shell routines
Misc cleanup
parent a18dbe98
......@@ -12,9 +12,12 @@ OpenLDAP 2.1.17 Engineering
Fixed slurpd core dump on exit (ITS#2363)
Fixed slapadd oidm destory bug (ITS#2409)
Fixed clients critical argument handling
Updated clients password file support
Added slappasswd password file support
Removed lint (ITS#2382)
Build Environment
Updated versioning system
Added LDAP cache shell-only routines
Documentation
Updated slurpd(8) -u usage
Misc man page updates
......
......@@ -84,11 +84,11 @@ tool_common_usage( void )
" -U authcid SASL authentication identity\n",
" -v run in verbose mode (diagnostics to standard output)\n",
" -V print version info (-VV only)\n",
" -w passwd bind passwd (for simple authentication)\n",
" -W prompt for bind passwd\n",
" -w passwd bind password (for simple authentication)\n",
" -W prompt for bind password\n",
" -x Simple authentication\n",
" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n",
" -y file Read passwd from file\n",
" -y file Read password from file\n",
" -Y mech SASL mechanism\n",
" -Z Start TLS request (-ZZ to require successful response)\n",
NULL
......
......@@ -24,11 +24,14 @@
#include "common.h"
static char *newpw = NULL;
static char *oldpw = NULL;
static struct berval newpw = { 0, NULL };
static struct berval oldpw = { 0, NULL };
static int want_newpw = 0;
static int want_oldpw = 0;
static char *oldpwfile = NULL;
static char *newpwfile = NULL;
void
usage( void )
......@@ -40,25 +43,27 @@ usage( void )
"Password change options:\n"
" -a secret old password\n"
" -A prompt for old password\n"
" -t file read file for old password\n"
" -s secret new password\n"
" -S prompt for new password\n"
" -T file read file for new password\n"
, prog );
tool_common_usage();
exit( EXIT_FAILURE );
}
const char options[] = "a:As:S"
"Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:Y:Z";
const char options[] = "a:As:St:T:"
"Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
{
switch ( i ) {
#if 0
case 'E': /* passwd controls */ {
int crit;
char *control, *cvalue;
case 'E': /* passwd controls */
if( protocol == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -E incompatible with LDAPv%d\n",
prog, protocol );
......@@ -80,19 +85,21 @@ handle_private_option( int i )
if ( (cvalue = strchr( control, '=' )) != NULL ) {
*cvalue++ = '\0';
}
fprintf( stderr, "Invalid passwd control name: %s\n", control );
usage();
}
#endif
case 'a': /* old password (secret) */
oldpw = strdup (optarg);
oldpw.bv_val = strdup( optarg );
{
char* p;
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
}
oldpw.bv_len = strlen( oldpw.bv_val );
break;
case 'A': /* prompt for old password */
......@@ -100,19 +107,28 @@ handle_private_option( int i )
break;
case 's': /* new password (secret) */
newpw = strdup (optarg);
newpw.bv_val = strdup (optarg);
{
char* p;
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
}
newpw.bv_len = strlen( newpw.bv_val );
break;
case 'S': /* prompt for user password */
want_newpw++;
break;
case 't':
oldpwfile = optarg;
break;
case 'T':
newpwfile = optarg;
break;
default:
return 0;
}
......@@ -151,35 +167,49 @@ main( int argc, char *argv[] )
user = NULL;
}
if( want_oldpw && oldpw == NULL ) {
if( oldpwfile ) {
rc = lutil_get_filed_password( prog, &oldpw );
if( rc ) return EXIT_FAILURE;
}
if( want_oldpw && oldpw.bv_val == NULL ) {
/* prompt for old password */
char *ckoldpw;
oldpw = strdup(getpassphrase("Old password: "));
oldpw.bv_val = strdup(getpassphrase("Old password: "));
ckoldpw = getpassphrase("Re-enter old password: ");
if( oldpw== NULL || ckoldpw == NULL ||
strcmp( oldpw, ckoldpw ))
if( oldpw.bv_val == NULL || ckoldpw == NULL ||
strcmp( oldpw.bv_val, ckoldpw ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
}
oldpw.bv_len = strlen( oldpw.bv_val );
}
if( newpwfile ) {
rc = lutil_get_filed_password( prog, &newpw );
if( rc ) return EXIT_FAILURE;
}
if( want_newpw && newpw == NULL ) {
if( want_newpw && newpw.bv_val == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
newpw.bv_val = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( newpw== NULL || cknewpw == NULL ||
strcmp( newpw, cknewpw ))
if( newpw.bv_val == NULL || cknewpw == NULL ||
strcmp( newpw.bv_val, cknewpw ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
}
newpw.bv_len = strlen( newpw.bv_val );
}
if (want_bindpw && passwd.bv_val == NULL ) {
if( want_bindpw && passwd.bv_val == NULL ) {
/* handle bind password */
passwd.bv_val = strdup( getpassphrase("Enter bind password: "));
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
......@@ -192,7 +222,7 @@ main( int argc, char *argv[] )
if ( authzid || manageDSAit || noop )
tool_server_controls( ld, NULL, 0 );
if( user != NULL || oldpw != NULL || newpw != NULL ) {
if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) {
/* build change password control */
ber = ber_alloc_t( LBER_USE_DER );
......@@ -210,16 +240,16 @@ main( int argc, char *argv[] )
free(user);
}
if( oldpw != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
free(oldpw);
if( oldpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
free(oldpw.bv_val);
}
if( newpw != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
free(newpw);
if( newpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
free(newpw.bv_val);
}
ber_printf( ber, /*{*/ "N}" );
......@@ -256,7 +286,8 @@ main( int argc, char *argv[] )
return rc;
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 );
rc = ldap_parse_result( ld, res,
&code, &matcheddn, &text, &refs, NULL, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );
......
Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
ldapcompare * DE *HI*K M*OPQR UVWXYZ de *h**k *n*p* vwx z
ldapdelete *CDE *HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
ldapmodify *CDEF*HI*K M*OPQRS UVWXYZabcdef*h**k *n*p*r t vwxy
ldapmodrdn *CDE *HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
ldappasswd A*CDE *HI* *O QRS UVWXYZa de *h** * * * s vwxy
ldapsearch A*CDE *HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
ldapwhoami * DE *HI* *O QR UVWXYZ def*h** *n*p* vwx
ldapcompare * DE**HI*K M*OPQR UVWXYZ de *h**k *n*p* vwxyz
ldapdelete *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
ldapmodify *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *n*p*r t vwxy
ldapmodrdn *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
ldappasswd A*CDE**HI* *O QRS UVWXYZa def*h** * * * s vwxy
ldapsearch A*CDE**HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *n*p* vwxy
* reserved
GJNgijmoqy01235789
BFGJNgijmoq01235789
* General flags:
-C Chase Referrals
-D Bind DN
-E CommandSpecific Extensions (e.g., -E <[!]oid[=options]>*)
-e General Extensions (e.g., -e <[!]oid[=options]>*)
-E Tool-specific Extensions (e.g., -E <[!]oid[=options]>*)
-e General Extensions (e.g., -e <[!]oid[=options]>*)
-f file
-H URI
-P protocol version
-V version information
......
......@@ -11,6 +11,8 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-a \ oldPasswd\fR]
[\c
.BI \-t \ oldpasswdfile\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-d \ debuglevel\fR]
......@@ -27,12 +29,16 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-s \ newPasswd\fR]
[\c
.BI \-T \ newpasswdfile\fR]
[\c
.BR \-v ]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
......@@ -82,6 +88,9 @@ This is used instead of specifying the password on the command line.
.BI \-a \ oldPasswd
Set the old password to \fIoldPasswd\fP.
.TP
.BI \-t \ oldPasswdFile
Set the old password to the contents of \fIoldPasswdFile\fP.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
......@@ -116,6 +125,9 @@ This is used instead of specifying the password on the command line.
.BI \-s \ newPasswd
Set the new password to \fInewPasswd\fP.
.TP
.BI \-T \ newPasswdFile
Set the new password to the contents of \fInewPasswdFile\fP.
.TP
.B \-v
Increase the verbosity of output. Can be specified multiple times.
.TP
......@@ -126,6 +138,10 @@ This is used instead of specifying the password on the command line.
.BI \-w \ passwd
Use \fIpasswd\fP as the password to bind with.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP
......
......@@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility
.B SBINDIR/slappasswd
.B [\-v]
.B [\-u]
.B [\-s secret]
.B [\-s secret|\-T file]
.B [\-h hash]
.B [\-c salt-format]
.B
......@@ -34,8 +34,24 @@ versions of this program may generate alternative syntaxes
by default. This option is provided for forward compatibility.
.TP
.BI \-s " secret"
The secret to hash. If not provided, the user will be prompted
for the secret to hash.
The secret to hash.
If this and
.B \-T
are absent, the user will be prompted for the secret to hash.
.B \-s
and
.B \-T
and mutually exclusive flags.
.TP
.BI \-T " file"
Hash the contents of the file.
If this and
.B \-s
are absent, the user will be prompted for the secret to hash.
.B \-s
and
.B \-T
and mutually exclusive flags.
.TP
.BI \-h " scheme"
If -h is specified, one of the following RFC 2307 schemes may
......
......@@ -31,7 +31,7 @@ ldap_enable_cache( LDAP *ld, long timeout, ber_len_t maxmem )
assert( LDAP_VALID( ld ) );
if (!(called++)) {
fprintf( stderr, "ldap_enable_cache: function is obsoleted."
fprintf( stderr, "ldap_enable_cache: routine is obsoleted.\n");
}
return -1;
......
......@@ -348,6 +348,11 @@ all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS) tools
install-schema: FORCE
@-$(MKDIR) $(DESTDIR)$(schemadir)
i="$(srcdir)/schema/README" ; \
SF=`basename $$i` ; \
SD="$(DESTDIR)$(schemadir)/$$SF" ; \
echo $(INSTALL) $(INSTALLFLAGS) -m 444 $$i $$SD ; \
$(INSTALL) $(INSTALLFLAGS) -m 444 $$i $$SD
for i in $(srcdir)/schema/*.schema ; do \
SF=`basename $$i` ; \
SD="$(DESTDIR)$(schemadir)/$$SF" ; \
......
......@@ -4,12 +4,12 @@ SRCS = init.c tools.c config.c \
add.c bind.c compare.c delete.c modify.c modrdn.c search.c \
extended.c passwd.c referral.c attribute.c group.c operational.c \
attr.c index.c key.c dbcache.c filterindex.c \
dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c psearch.c
dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c
OBJS = init.lo tools.lo config.lo \
add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo \
extended.lo passwd.lo referral.lo attribute.lo group.lo operational.lo \
attr.lo index.lo key.lo dbcache.lo filterindex.lo \
dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo psearch.lo
dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
......
This diff is collapsed.
......@@ -34,6 +34,7 @@ usage(const char *s)
" -c format\tcrypt(3) salt format\n"
" -u\t\tgenerate RFC2307 values (default)\n"
" -v\t\tincrease verbosity\n"
" -T file\tread password from verbosity\n"
, s );
exit( EXIT_FAILURE );
......@@ -44,13 +45,14 @@ main( int argc, char *argv[] )
{
char *scheme = "{SSHA}";
char *newpw = NULL;
char *pwfile = NULL;
int i;
struct berval passwd;
struct berval *hash = NULL;
while( (i = getopt( argc, argv,
"c:d:h:s:vu" )) != EOF )
"c:d:h:s:T:vu" )) != EOF )
{
switch (i) {
case 'c': /* crypt salt format */
......@@ -70,9 +72,12 @@ main( int argc, char *argv[] )
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
} break;
case 'T': /* password file */
pwfile = optarg;
break;
case 'u': /* RFC2307 userPassword */
break;
......@@ -89,20 +94,26 @@ main( int argc, char *argv[] )
usage( argv[0] );
}
if( newpw == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( strcmp( newpw, cknewpw )) {
fprintf( stderr, "Password values do not match\n" );
if( pwfile != NULL ) {
if( lutil_get_filed_password( pwfile, &passwd )) {
return EXIT_FAILURE;
}
}
} else {
if( newpw == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( strcmp( newpw, cknewpw )) {
fprintf( stderr, "Password values do not match\n" );
return EXIT_FAILURE;
}
}
passwd.bv_val = newpw;
passwd.bv_len = strlen(passwd.bv_val);
passwd.bv_val = newpw;
passwd.bv_len = strlen(passwd.bv_val);
}
hash = lutil_passwd_hash( &passwd, scheme );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment