mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-07 14:18:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add additional password file support.

Browse Source
This commit is contained in:
Kurt Zeilenga 2003-03-31 06:29:59 +00:00
parent f80114af02
commit 02028df6c6
5 changed files with 125 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
clients/tools/ldappasswd.c
View File

@ -24,11 +24,14 @@
#include "common.h"
static char *newpw = NULL;
static char *oldpw = NULL;
static struct berval newpw = { 0, NULL };
static struct berval oldpw = { 0, NULL };
static int want_newpw = 0;
static int want_oldpw = 0;
static char *oldpwfile = NULL;
static char *newpwfile = NULL;
void
usage( void )
@ -40,15 +43,17 @@ usage( void )
"Password change options:\n"
" -a secret old password\n"
" -A prompt for old password\n"
" -t file read file for old password\n"
" -s secret new password\n"
" -S prompt for new password\n"
" -T file read file for new password\n"
, prog );
tool_common_usage();
exit( EXIT_FAILURE );
}
const char options[] = "a:As:S"
const char options[] = "a:As:St:T:"
"Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
int
@ -56,9 +61,9 @@ handle_private_option( int i )
{
switch ( i ) {
#if 0
case 'E': /* passwd controls */ {
int crit;
char *control, *cvalue;
case 'E': /* passwd controls */
if( protocol == LDAP_VERSION2 ) {
fprintf( stderr, "%s: -E incompatible with LDAPv%d\n",
prog, protocol );
@ -80,19 +85,21 @@ handle_private_option( int i )
if ( (cvalue = strchr( control, '=' )) != NULL ) {
*cvalue++ = '\0';
}
fprintf( stderr, "Invalid passwd control name: %s\n", control );
usage();
}
#endif
case 'a': /* old password (secret) */
oldpw = strdup (optarg);
oldpw.bv_val = strdup( optarg );
{
char* p;
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
}
oldpw.bv_len = strlen( oldpw.bv_val );
break;
case 'A': /* prompt for old password */
@ -100,19 +107,28 @@ handle_private_option( int i )
break;
case 's': /* new password (secret) */
newpw = strdup (optarg);
newpw.bv_val = strdup (optarg);
{
char* p;
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
}
newpw.bv_len = strlen( newpw.bv_val );
break;
case 'S': /* prompt for user password */
want_newpw++;
break;
case 't':
oldpwfile = optarg;
break;
case 'T':
newpwfile = optarg;
break;
default:
return 0;
}
@ -151,35 +167,49 @@ main( int argc, char *argv[] )
user = NULL;
}
if( want_oldpw && oldpw == NULL ) {
if( oldpwfile ) {
rc = lutil_get_filed_password( prog, &oldpw );
if( rc ) return EXIT_FAILURE;
}
if( want_oldpw && oldpw.bv_val == NULL ) {
/* prompt for old password */
char *ckoldpw;
oldpw = strdup(getpassphrase("Old password: "));
oldpw.bv_val = strdup(getpassphrase("Old password: "));
ckoldpw = getpassphrase("Re-enter old password: ");
if( oldpw== NULL || ckoldpw == NULL ||
strcmp( oldpw, ckoldpw ))
if( oldpw.bv_val == NULL || ckoldpw == NULL ||
strcmp( oldpw.bv_val, ckoldpw ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
}
oldpw.bv_len = strlen( oldpw.bv_val );
}
if( want_newpw && newpw == NULL ) {
if( newpwfile ) {
rc = lutil_get_filed_password( prog, &newpw );
if( rc ) return EXIT_FAILURE;
}
if( want_newpw && newpw.bv_val == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
newpw.bv_val = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( newpw== NULL || cknewpw == NULL ||
strcmp( newpw, cknewpw ))
if( newpw.bv_val == NULL || cknewpw == NULL ||
strcmp( newpw.bv_val, cknewpw ))
{
fprintf( stderr, "passwords do not match\n" );
return EXIT_FAILURE;
}
newpw.bv_len = strlen( newpw.bv_val );
}
if (want_bindpw && passwd.bv_val == NULL ) {
if( want_bindpw && passwd.bv_val == NULL ) {
/* handle bind password */
passwd.bv_val = strdup( getpassphrase("Enter bind password: "));
passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
@ -192,7 +222,7 @@ main( int argc, char *argv[] )
if ( authzid || manageDSAit || noop )
tool_server_controls( ld, NULL, 0 );
if( user != NULL || oldpw != NULL || newpw != NULL ) {
if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) {
/* build change password control */
ber = ber_alloc_t( LBER_USE_DER );
@ -210,16 +240,16 @@ main( int argc, char *argv[] )
free(user);
}
if( oldpw != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, oldpw );
free(oldpw);
if( oldpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw );
free(oldpw.bv_val);
}
if( newpw != NULL ) {
ber_printf( ber, "ts",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, newpw );
free(newpw);
if( newpw.bv_val != NULL ) {
ber_printf( ber, "tO",
LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw );
free(newpw.bv_val);
}
ber_printf( ber, /*{*/ "N}" );
@ -256,7 +286,8 @@ main( int argc, char *argv[] )
return rc;
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 );
rc = ldap_parse_result( ld, res,
&code, &matcheddn, &text, &refs, NULL, 0 );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_parse_result" );

17
doc/devel/args
View File

@ -1,21 +1,22 @@
Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
ldapcompare * DE *HI*K M*OPQR UVWXYZ de *h**k *n*p* vwx z
ldapdelete *CDE *HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
ldapmodify *CDEF*HI*K M*OPQRS UVWXYZabcdef*h**k *n*p*r t vwxy
ldapmodrdn *CDE *HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
ldappasswd A*CDE *HI* *O QRS UVWXYZa de *h** * * * s vwxy
ldapsearch A*CDE *HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
ldapwhoami * DE *HI* *O QR UVWXYZ def*h** *n*p* vwx
ldapcompare * DE**HI*K M*OPQR UVWXYZ de *h**k *n*p* vwxyz
ldapdelete *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p* vwxy
ldapmodify *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *n*p*r t vwxy
ldapmodrdn *CDE**HI*K M*OPQR UVWXYZ cdef*h**k *n*p*rs vwxy
ldappasswd A*CDE**HI* *O QRS UVWXYZa def*h** * * * s vwxy
ldapsearch A*CDE**HI*KLM*OPQRSTUVWXYZab*def*h**kl*n*p* stuvwxyz
ldapwhoami * DE**HI* *O QR UVWXYZ def*h** *n*p* vwxy
* reserved
GJNgijmoqy01235789
BFGJNgijmoq01235789
* General flags:
-C Chase Referrals
-D Bind DN
-E Tool-specific Extensions (e.g., -E <[!]oid[=options]>*)
-e General Extensions (e.g., -e <[!]oid[=options]>*)
-f file
-H URI
-P protocol version
-V version information

16
doc/man/man1/ldappasswd.1
View File

@ -11,6 +11,8 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-a \ oldPasswd\fR]
[\c
.BI \-t \ oldpasswdfile\fR]
[\c
.BI \-D \ binddn\fR]
[\c
.BI \-d \ debuglevel\fR]
@ -27,12 +29,16 @@ ldappasswd \- change the password of an LDAP entry
[\c
.BI \-s \ newPasswd\fR]
[\c
.BI \-T \ newpasswdfile\fR]
[\c
.BR \-v ]
[\c
.BR \-W ]
[\c
.BI \-w \ passwd\fR]
[\c
.BI \-y \ passwdfile\fR]
[\c
.BR \-O \ security-properties ]
[\c
.BR \-I ]
@ -82,6 +88,9 @@ This is used instead of specifying the password on the command line.
.BI \-a \ oldPasswd
Set the old password to \fIoldPasswd\fP.
.TP
.BI \-t \ oldPasswdFile
Set the old password to the contents of \fIoldPasswdFile\fP.
.TP
.B \-x
Use simple authentication instead of SASL.
.TP
@ -116,6 +125,9 @@ This is used instead of specifying the password on the command line.
.BI \-s \ newPasswd
Set the new password to \fInewPasswd\fP.
.TP
.BI \-T \ newPasswdFile
Set the new password to the contents of \fInewPasswdFile\fP.
.TP
.B \-v
Increase the verbosity of output. Can be specified multiple times.
.TP
@ -126,6 +138,10 @@ This is used instead of specifying the password on the command line.
.BI \-w \ passwd
Use \fIpasswd\fP as the password to bind with.
.TP
.BI \-y \ passwdfile
Use complete contents of \fIpasswdfile\fP as the password for
simple authentication.
.TP
.BI \-O \ security-properties
Specify SASL security properties.
.TP

22
doc/man/man8/slappasswd.8
View File

@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility
.B SBINDIR/slappasswd
.B [\-v]
.B [\-u]
.B [\-s secret]
.B [\-s secret|\-T file]
.B [\-h hash]
.B [\-c salt-format]
.B
@ -34,8 +34,24 @@ versions of this program may generate alternative syntaxes
by default. This option is provided for forward compatibility.
.TP
.BI \-s " secret"
The secret to hash. If not provided, the user will be prompted
for the secret to hash.
The secret to hash.
If this and
.B \-T
are absent, the user will be prompted for the secret to hash.
.B \-s
and
.B \-T
and mutually exclusive flags.
.TP
.BI \-T " file"
Hash the contents of the file.
If this and
.B \-s
are absent, the user will be prompted for the secret to hash.
.B \-s
and
.B \-T
and mutually exclusive flags.
.TP
.BI \-h " scheme"
If -h is specified, one of the following RFC 2307 schemes may

37
servers/slapd/tools/slappasswd.c
View File

@ -34,6 +34,7 @@ usage(const char *s)
" -c format\tcrypt(3) salt format\n"
" -u\t\tgenerate RFC2307 values (default)\n"
" -v\t\tincrease verbosity\n"
" -T file\tread password from verbosity\n"
, s );
exit( EXIT_FAILURE );
@ -44,13 +45,14 @@ main( int argc, char *argv[] )
{
char *scheme = "{SSHA}";
char *newpw = NULL;
char *pwfile = NULL;
int i;
struct berval passwd;
struct berval *hash = NULL;
while( (i = getopt( argc, argv,
"c:d:h:s:vu" )) != EOF )
"c:d:h:s:T:vu" )) != EOF )
{
switch (i) {
case 'c': /* crypt salt format */
@ -70,9 +72,12 @@ main( int argc, char *argv[] )
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
} break;
case 'T': /* password file */
pwfile = optarg;
break;
case 'u': /* RFC2307 userPassword */
break;
@ -89,20 +94,26 @@ main( int argc, char *argv[] )
usage( argv[0] );
}
if( newpw == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( strcmp( newpw, cknewpw )) {
fprintf( stderr, "Password values do not match\n" );
if( pwfile != NULL ) {
if( lutil_get_filed_password( pwfile, &passwd )) {
return EXIT_FAILURE;
}
}
} else {
if( newpw == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( strcmp( newpw, cknewpw )) {
fprintf( stderr, "Password values do not match\n" );
return EXIT_FAILURE;
}
}
passwd.bv_val = newpw;
passwd.bv_len = strlen(passwd.bv_val);
passwd.bv_val = newpw;
passwd.bv_len = strlen(passwd.bv_val);
}
hash = lutil_passwd_hash( &passwd, scheme );