Add more password file support

Update cache shell routines
Misc cleanup

CHANGES

@@ -12,9 +12,12 @@ OpenLDAP 2.1.17 Engineering
 	Fixed slurpd core dump on exit (ITS#2363)
 	Fixed slapadd oidm destory bug (ITS#2409)
 	Fixed clients critical argument handling
+	Updated clients password file support
+	Added slappasswd password file support
 	Removed lint (ITS#2382)
 	Build Environment
 		Updated versioning system
+		Added LDAP cache shell-only routines
 	Documentation
 		Updated slurpd(8) -u usage
 		Misc man page updates

clients/tools/common.c

@@ -84,11 +84,11 @@ tool_common_usage( void )
 "  -U authcid SASL authentication identity\n",
 "  -v         run in verbose mode (diagnostics to standard output)\n",
 "  -V         print version info (-VV only)\n",
-"  -w passwd  bind passwd (for simple authentication)\n",
-"  -W         prompt for bind passwd\n",
+"  -w passwd  bind password (for simple authentication)\n",
+"  -W         prompt for bind password\n",
 "  -x         Simple authentication\n",
 "  -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n",
-"  -y file    Read passwd from file\n",
+"  -y file    Read password from file\n",
 "  -Y mech    SASL mechanism\n",
 "  -Z         Start TLS request (-ZZ to require successful response)\n",
 NULL

clients/tools/ldappasswd.c

@@ -24,11 +24,14 @@
 #include "common.h"
 
 
-static char	*newpw = NULL;
-static char	*oldpw = NULL;
+static struct berval newpw = { 0, NULL };
+static struct berval oldpw = { 0, NULL };
+
 static int   want_newpw = 0;
 static int   want_oldpw = 0;
 
+static char *oldpwfile = NULL;
+static char *newpwfile = NULL;
 
 void
 usage( void )
@@ -40,25 +43,27 @@ usage( void )
 "Password change options:\n"
 "  -a secret  old password\n"
 "  -A         prompt for old password\n"
+"  -t file    read file for old password\n"
 "  -s secret  new password\n"
 "  -S         prompt for new password\n"
+"  -T file    read file for new password\n"
 	        , prog );
 	tool_common_usage();
 	exit( EXIT_FAILURE );
 }
 
 
-const char options[] = "a:As:S"
-	"Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:Y:Z";
+const char options[] = "a:As:St:T:"
+	"Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
 
 int
 handle_private_option( int i )
 {
 	switch ( i ) {
 #if 0
+	case 'E': /* passwd controls */ {
 		int		crit;
 		char	*control, *cvalue;
-	case 'E': /* passwd controls */
 		if( protocol == LDAP_VERSION2 ) {
 			fprintf( stderr, "%s: -E incompatible with LDAPv%d\n",
 			         prog, protocol );
@@ -80,19 +85,21 @@ handle_private_option( int i )
 		if ( (cvalue = strchr( control, '=' )) != NULL ) {
 			*cvalue++ = '\0';
 		}
+
 		fprintf( stderr, "Invalid passwd control name: %s\n", control );
 		usage();
+		}
 #endif
 
 	case 'a':	/* old password (secret) */
-		oldpw = strdup (optarg);
-
+		oldpw.bv_val = strdup( optarg );
 		{
 			char* p;
 			for( p = optarg; *p != '\0'; p++ ) {
 				*p = '\0';
 			}
 		}
+		oldpw.bv_len = strlen( oldpw.bv_val );
 		break;
 
 	case 'A':	/* prompt for old password */
@@ -100,19 +107,28 @@ handle_private_option( int i )
 		break;
 
 	case 's':	/* new password (secret) */
-		newpw = strdup (optarg);
+		newpw.bv_val = strdup (optarg);
 		{
 			char* p;
 			for( p = optarg; *p != '\0'; p++ ) {
 				*p = '\0';
 			}
 		}
+		newpw.bv_len = strlen( newpw.bv_val );
 		break;
 
 	case 'S':	/* prompt for user password */
 		want_newpw++;
 		break;
 
+	case 't':
+		oldpwfile = optarg;
+		break;
+
+	case 'T':
+		newpwfile = optarg;
+		break;
+
 	default:
 		return 0;
 	}
@@ -151,35 +167,49 @@ main( int argc, char *argv[] )
 		user = NULL;
 	}
 
-	if( want_oldpw && oldpw == NULL ) {
+	if( oldpwfile ) {
+		rc = lutil_get_filed_password( prog, &oldpw );
+		if( rc ) return EXIT_FAILURE;
+	}
+
+	if( want_oldpw && oldpw.bv_val == NULL ) {
 		/* prompt for old password */
 		char *ckoldpw;
-		oldpw = strdup(getpassphrase("Old password: "));
+		oldpw.bv_val = strdup(getpassphrase("Old password: "));
 		ckoldpw = getpassphrase("Re-enter old password: ");
 
-		if( oldpw== NULL || ckoldpw == NULL ||
-			strcmp( oldpw, ckoldpw ))
+		if( oldpw.bv_val == NULL || ckoldpw == NULL ||
+			strcmp( oldpw.bv_val, ckoldpw ))
 		{
 			fprintf( stderr, "passwords do not match\n" );
 			return EXIT_FAILURE;
 		}
+
+		oldpw.bv_len = strlen( oldpw.bv_val );
+	}
+
+	if( newpwfile ) {
+		rc = lutil_get_filed_password( prog, &newpw );
+		if( rc ) return EXIT_FAILURE;
 	}
 
-	if( want_newpw && newpw == NULL ) {
+	if( want_newpw && newpw.bv_val == NULL ) {
 		/* prompt for new password */
 		char *cknewpw;
-		newpw = strdup(getpassphrase("New password: "));
+		newpw.bv_val = strdup(getpassphrase("New password: "));
 		cknewpw = getpassphrase("Re-enter new password: ");
 
-		if( newpw== NULL || cknewpw == NULL ||
-			strcmp( newpw, cknewpw ))
+		if( newpw.bv_val == NULL || cknewpw == NULL ||
+			strcmp( newpw.bv_val, cknewpw ))
 		{
 			fprintf( stderr, "passwords do not match\n" );
 			return EXIT_FAILURE;
 		}
+
+		newpw.bv_len = strlen( newpw.bv_val );
 	}
 
-	if (want_bindpw && passwd.bv_val == NULL ) {
+	if( want_bindpw && passwd.bv_val == NULL ) {
 		/* handle bind password */
 		passwd.bv_val = strdup( getpassphrase("Enter bind password: "));
 		passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
@@ -192,7 +222,7 @@ main( int argc, char *argv[] )
 	if ( authzid || manageDSAit || noop )
 		tool_server_controls( ld, NULL, 0 );
 
-	if( user != NULL || oldpw != NULL || newpw != NULL ) {
+	if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) {
 		/* build change password control */
 		ber = ber_alloc_t( LBER_USE_DER );
 
@@ -210,16 +240,16 @@ main( int argc, char *argv[] )
 			free(user);
 		}
 
-		if( oldpw != NULL ) {
-			ber_printf( ber, "ts",
-				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
-			free(oldpw);
+		if( oldpw.bv_val != NULL ) {
+			ber_printf( ber, "tO",
+				LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
+			free(oldpw.bv_val);
 		}
 
-		if( newpw != NULL ) {
-			ber_printf( ber, "ts",
-				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
-			free(newpw);
+		if( newpw.bv_val != NULL ) {
+			ber_printf( ber, "tO",
+				LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
+			free(newpw.bv_val);
 		}
 
 		ber_printf( ber, /*{*/ "N}" );
@@ -256,7 +286,8 @@ main( int argc, char *argv[] )
 		return rc;
 	}
 
-	rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 );
+	rc = ldap_parse_result( ld, res,
+		&code, &matcheddn, &text, &refs, NULL, 0 );
 
 	if( rc != LDAP_SUCCESS ) {
 		ldap_perror( ld, "ldap_parse_result" );

doc/devel/args

 Tools           ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-ldapcompare		 * DE *HI*K M*OPQR  UVWXYZ   de *h**k *n*p*    vwx z
-ldapdelete       *CDE *HI*K M*OPQR  UVWXYZ  cdef*h**k *n*p*    vwxy
-ldapmodify       *CDEF*HI*K M*OPQRS UVWXYZabcdef*h**k *n*p*r t vwxy
-ldapmodrdn       *CDE *HI*K M*OPQR  UVWXYZ  cdef*h**k *n*p*rs  vwxy
-ldappasswd      A*CDE *HI*   *O QRS UVWXYZa  de *h**  * * * s  vwxy  
-ldapsearch      A*CDE *HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
-ldapwhoami		 * DE *HI*   *O QR  UVWXYZ   def*h**  *n*p*    vwx  
+ldapcompare		 * DE**HI*K M*OPQR  UVWXYZ   de *h**k *n*p*    vwxyz
+ldapdelete       *CDE**HI*K M*OPQR  UVWXYZ  cdef*h**k *n*p*    vwxy
+ldapmodify       *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *n*p*r t vwxy
+ldapmodrdn       *CDE**HI*K M*OPQR  UVWXYZ  cdef*h**k *n*p*rs  vwxy
+ldappasswd      A*CDE**HI*   *O QRS UVWXYZa  def*h**  * * * s  vwxy  
+ldapsearch      A*CDE**HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
+ldapwhoami		 * DE**HI*   *O QR  UVWXYZ   def*h**  *n*p*    vwxy 
 
 
 * reserved
-	GJNgijmoqy01235789
+	BFGJNgijmoq01235789
 
 * General flags:
 	-C Chase Referrals
 	-D Bind DN
-	-E CommandSpecific Extensions	(e.g., -E <[!]oid[=options]>*)
-	-e General Extensions			(e.g., -e <[!]oid[=options]>*)
+	-E Tool-specific Extensions	(e.g., -E <[!]oid[=options]>*)
+	-e General Extensions		(e.g., -e <[!]oid[=options]>*)
+	-f file
 	-H URI
 	-P protocol version
 	-V version information

doc/man/man1/ldappasswd.1

@@ -11,6 +11,8 @@ ldappasswd \- change the password of an LDAP entry
 [\c
 .BI \-a \ oldPasswd\fR]
 [\c
+.BI \-t \ oldpasswdfile\fR]
+[\c
 .BI \-D \ binddn\fR]
 [\c
 .BI \-d \ debuglevel\fR]
@@ -27,12 +29,16 @@ ldappasswd \- change the password of an LDAP entry
 [\c
 .BI \-s \ newPasswd\fR]
 [\c
+.BI \-T \ newpasswdfile\fR]
+[\c
 .BR \-v ]
 [\c
 .BR \-W ]
 [\c
 .BI \-w \ passwd\fR]
 [\c
+.BI \-y \ passwdfile\fR]
+[\c
 .BR \-O \ security-properties ]
 [\c
 .BR \-I ]
@@ -82,6 +88,9 @@ This is used instead of specifying the password on the command line.
 .BI \-a \ oldPasswd
 Set the old password to \fIoldPasswd\fP.
 .TP
+.BI \-t \ oldPasswdFile
+Set the old password to the contents of \fIoldPasswdFile\fP.
+.TP
 .B \-x 
 Use simple authentication instead of SASL.
 .TP
@@ -116,6 +125,9 @@ This is used instead of specifying the password on the command line.
 .BI \-s \ newPasswd
 Set the new password to \fInewPasswd\fP.
 .TP
+.BI \-T \ newPasswdFile
+Set the new password to the contents of \fInewPasswdFile\fP.
+.TP
 .B \-v
 Increase the verbosity of output.  Can be specified multiple times.
 .TP
@@ -126,6 +138,10 @@ This is used instead of specifying the password on the command line.
 .BI \-w \ passwd
 Use \fIpasswd\fP as the password to bind with.
 .TP
+.BI \-y \ passwdfile
+Use complete contents of \fIpasswdfile\fP as the password for
+simple authentication.
+.TP
 .BI \-O \ security-properties
 Specify SASL security properties.
 .TP

doc/man/man8/slappasswd.8

@@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility
 .B SBINDIR/slappasswd
 .B [\-v]
 .B [\-u]
-.B [\-s secret]
+.B [\-s secret|\-T file]
 .B [\-h hash]
 .B [\-c salt-format]
 .B 
@@ -34,8 +34,24 @@ versions of this program may generate alternative syntaxes
 by default.  This option is provided for forward compatibility.
 .TP
 .BI \-s " secret"
-The secret to hash.  If not provided, the user will be prompted
-for the secret to hash.
+The secret to hash.
+If this and
+.B \-T
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
+.TP
+.BI \-T " file"
+Hash the contents of the file.
+If this and
+.B \-s
+are absent, the user will be prompted for the secret to hash.
+.B \-s
+and
+.B \-T
+and mutually exclusive flags.
 .TP
 .BI \-h " scheme"
 If -h is specified, one of the following RFC 2307 schemes may

libraries/libldap/cache.c

@@ -31,7 +31,7 @@ ldap_enable_cache( LDAP *ld, long timeout, ber_len_t maxmem )
 	assert( LDAP_VALID( ld ) );
 
 	if (!(called++)) {
-		fprintf( stderr, "ldap_enable_cache: function is obsoleted."
+		fprintf( stderr, "ldap_enable_cache: routine is obsoleted.\n");
 	}
 
 	return -1;

servers/slapd/Makefile.in

@@ -348,6 +348,11 @@ all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS) tools
 
 install-schema: FORCE
 	@-$(MKDIR) $(DESTDIR)$(schemadir)
+	i="$(srcdir)/schema/README" ; \
+	SF=`basename $$i` ; \
+	SD="$(DESTDIR)$(schemadir)/$$SF" ; \
+	echo $(INSTALL) $(INSTALLFLAGS) -m 444 $$i $$SD ; \
+	$(INSTALL) $(INSTALLFLAGS) -m 444 $$i $$SD
 	for i in $(srcdir)/schema/*.schema ; do \
 		SF=`basename $$i` ; \
 		SD="$(DESTDIR)$(schemadir)/$$SF" ; \

servers/slapd/back-bdb/Makefile.in

@@ -4,12 +4,12 @@ SRCS = init.c tools.c config.c \
 	add.c bind.c compare.c delete.c modify.c modrdn.c search.c \
 	extended.c passwd.c referral.c attribute.c group.c operational.c \
 	attr.c index.c key.c dbcache.c filterindex.c \
-	dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c psearch.c
+	dn2entry.c dn2id.c error.c id2entry.c idl.c nextid.c cache.c
 OBJS = init.lo tools.lo config.lo \
 	add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo \
 	extended.lo passwd.lo referral.lo attribute.lo group.lo operational.lo \
 	attr.lo index.lo key.lo dbcache.lo filterindex.lo \
-	dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo psearch.lo
+	dn2entry.lo dn2id.lo error.lo id2entry.lo idl.lo nextid.lo cache.lo
 
 LDAP_INCDIR= ../../../include       
 LDAP_LIBDIR= ../../../libraries

servers/slapd/tools/slappasswd.c

@@ -34,6 +34,7 @@ usage(const char *s)
 		"  -c format\tcrypt(3) salt format\n"
 		"  -u\t\tgenerate RFC2307 values (default)\n"
 		"  -v\t\tincrease verbosity\n"
+		"  -T file\tread password from verbosity\n"
 		, s );
 
 	exit( EXIT_FAILURE );
@@ -44,13 +45,14 @@ main( int argc, char *argv[] )
 {
 	char	*scheme = "{SSHA}";
 	char	*newpw = NULL;
+	char	*pwfile = NULL;
 
 	int		i;
 	struct berval passwd;
 	struct berval *hash = NULL;
 
 	while( (i = getopt( argc, argv,
-		"c:d:h:s:vu" )) != EOF )
+		"c:d:h:s:T:vu" )) != EOF )
 	{
 		switch (i) {
 		case 'c':	/* crypt salt format */
@@ -70,9 +72,12 @@ main( int argc, char *argv[] )
 				for( p = optarg; *p != '\0'; p++ ) {
 					*p = '\0';
 				}
-
 			} break;
 
+		case 'T':	/* password file */
+			pwfile = optarg;
+			break;
+
 		case 'u':	/* RFC2307 userPassword */
 			break;
 
@@ -89,20 +94,26 @@ main( int argc, char *argv[] )
 		usage( argv[0] );
 	} 
 
-	if( newpw == NULL ) {
-		/* prompt for new password */
-		char *cknewpw;
-		newpw = strdup(getpassphrase("New password: "));
-		cknewpw = getpassphrase("Re-enter new password: ");
-
-		if( strcmp( newpw, cknewpw )) {
-			fprintf( stderr, "Password values do not match\n" );
+	if( pwfile != NULL ) {
+		if( lutil_get_filed_password( pwfile, &passwd )) {
 			return EXIT_FAILURE;
 		}
-	}
+	} else {
+		if( newpw == NULL ) {
+			/* prompt for new password */
+			char *cknewpw;
+			newpw = strdup(getpassphrase("New password: "));
+			cknewpw = getpassphrase("Re-enter new password: ");
+	
+			if( strcmp( newpw, cknewpw )) {
+				fprintf( stderr, "Password values do not match\n" );
+				return EXIT_FAILURE;
+			}
+		}
 
-	passwd.bv_val = newpw;
-	passwd.bv_len = strlen(passwd.bv_val);
+		passwd.bv_val = newpw;
+		passwd.bv_len = strlen(passwd.bv_val);
+	}
 
 	hash = lutil_passwd_hash( &passwd, scheme );