mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
allow slappasswd to generate cleartext secret
This commit is contained in:
parent
e849a6ebb8
commit
7cc29d2547
@ -8,7 +8,7 @@ slappasswd \- OpenLDAP password utility
|
||||
.B SBINDIR/slappasswd
|
||||
.B [\-v]
|
||||
.B [\-u]
|
||||
.B [\-s secret|\-T file]
|
||||
.B [\-g|\-s secret|\-T file]
|
||||
.B [\-h hash]
|
||||
.B [\-c salt-format]
|
||||
.B
|
||||
@ -35,20 +35,46 @@ by default. This option is provided for forward compatibility.
|
||||
.TP
|
||||
.BI \-s " secret"
|
||||
The secret to hash.
|
||||
If this and
|
||||
If this,
|
||||
.B \-g
|
||||
and
|
||||
.B \-T
|
||||
are absent, the user will be prompted for the secret to hash.
|
||||
.B \-s
|
||||
.BR \-s ,
|
||||
.B \-g
|
||||
and
|
||||
.B \-T
|
||||
and mutually exclusive flags.
|
||||
.TP
|
||||
.BI \-g
|
||||
Generate the secret.
|
||||
If this,
|
||||
.B \-s
|
||||
and
|
||||
.B \-T
|
||||
are absent, the user will be prompted for the secret to hash.
|
||||
.BR \-s ,
|
||||
.B \-g
|
||||
and
|
||||
.B \-T
|
||||
and mutually exclusive flags.
|
||||
If this is present,
|
||||
.I {CLEARTEXT}
|
||||
is used as scheme.
|
||||
.B \-g
|
||||
and
|
||||
.B \-h
|
||||
are mutually exclusive flags.
|
||||
.TP
|
||||
.BI \-T " file"
|
||||
Hash the contents of the file.
|
||||
If this and
|
||||
If this,
|
||||
.B \-g
|
||||
and
|
||||
.B \-s
|
||||
are absent, the user will be prompted for the secret to hash.
|
||||
.B \-s
|
||||
.BR \-s ,
|
||||
.B \-g
|
||||
and
|
||||
.B \-T
|
||||
and mutually exclusive flags.
|
||||
@ -87,6 +113,10 @@ uses the
|
||||
.B {CLEARTEXT}
|
||||
indicates that the new password should be added to userPassword as
|
||||
clear text.
|
||||
Unless
|
||||
.I {CLEARTEXT}
|
||||
is used, this flag is incompatible with
|
||||
.BR \-g .
|
||||
.TP
|
||||
.BI \-c " crypt-salt-format"
|
||||
Specify the format of the salt passed to
|
||||
|
@ -32,6 +32,7 @@
|
||||
#include <ac/unistd.h>
|
||||
|
||||
#include <ldap.h>
|
||||
#include <lber_pvt.h>
|
||||
#include <lutil.h>
|
||||
#include <lutil_sha1.h>
|
||||
|
||||
@ -44,9 +45,10 @@ usage(const char *s)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s [options]\n"
|
||||
" -c format\tcrypt(3) salt format\n"
|
||||
" -g\n"
|
||||
" -h hash\tpassword scheme\n"
|
||||
" -s secret\tnew password\n"
|
||||
" -c format\tcrypt(3) salt format\n"
|
||||
" -u\t\tgenerate RFC2307 values (default)\n"
|
||||
" -v\t\tincrease verbosity\n"
|
||||
" -T file\tread file for new password\n"
|
||||
@ -58,11 +60,13 @@ usage(const char *s)
|
||||
int
|
||||
slappasswd( int argc, char *argv[] )
|
||||
{
|
||||
char *cleartext_scheme = "{CLEARTEXT}";
|
||||
#ifdef LUTIL_SHA1_BYTES
|
||||
char *scheme = "{SSHA}";
|
||||
char *default_scheme = "{SSHA}";
|
||||
#else
|
||||
char *scheme = "{SMD5}";
|
||||
char *default_scheme = "{SMD5}";
|
||||
#endif
|
||||
char *scheme = default_scheme;
|
||||
|
||||
char *newpw = NULL;
|
||||
char *pwfile = NULL;
|
||||
@ -74,7 +78,7 @@ slappasswd( int argc, char *argv[] )
|
||||
struct berval hash;
|
||||
|
||||
while( (i = getopt( argc, argv,
|
||||
"c:d:h:s:T:vu" )) != EOF )
|
||||
"c:d:gh:s:T:vu" )) != EOF )
|
||||
{
|
||||
switch (i) {
|
||||
case 'c': /* crypt salt format */
|
||||
@ -82,21 +86,75 @@ slappasswd( int argc, char *argv[] )
|
||||
lutil_salt_format( optarg );
|
||||
break;
|
||||
|
||||
case 'g': /* new password (generate) */
|
||||
if ( pwfile != NULL ) {
|
||||
fprintf( stderr, "Option -s incompatible with -T\n" );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
} else if ( newpw != NULL ) {
|
||||
fprintf( stderr, "New password already provided\n" );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
} else if ( scheme != default_scheme && strcmp( scheme, cleartext_scheme ) != 0 ) {
|
||||
fprintf( stderr, "Option -g incompatible with scheme \"%s\"\n", scheme );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
} else {
|
||||
struct berval p = BER_BVNULL;
|
||||
|
||||
lutil_passwd_generate( &p, 8 );
|
||||
|
||||
newpw = p.bv_val;
|
||||
|
||||
scheme = cleartext_scheme;
|
||||
}
|
||||
break;
|
||||
|
||||
case 'h': /* scheme */
|
||||
scheme = strdup( optarg );
|
||||
if ( scheme == cleartext_scheme ) {
|
||||
if ( strcmp( optarg, cleartext_scheme ) != 0 ) {
|
||||
fprintf( stderr, "Option -h incompatible with -g\n" );
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
} else if ( scheme != default_scheme ) {
|
||||
fprintf( stderr, "Scheme already provided\n" );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
} else {
|
||||
scheme = strdup( optarg );
|
||||
}
|
||||
break;
|
||||
|
||||
case 's': /* new password (secret) */
|
||||
{
|
||||
if ( pwfile != NULL ) {
|
||||
fprintf( stderr, "Option -s incompatible with -T\n" );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
} else if ( newpw != NULL ) {
|
||||
fprintf( stderr, "New password already provided\n" );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
} else {
|
||||
char* p;
|
||||
newpw = strdup( optarg );
|
||||
|
||||
for( p = optarg; *p != '\0'; p++ ) {
|
||||
*p = '\0';
|
||||
}
|
||||
} break;
|
||||
}
|
||||
break;
|
||||
|
||||
case 'T': /* password file */
|
||||
if ( pwfile != NULL ) {
|
||||
fprintf( stderr, "Password file already provided\n" );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
} else if ( newpw != NULL ) {
|
||||
fprintf( stderr, "Option -T incompatible with -s/-g\n" );
|
||||
return EXIT_FAILURE;
|
||||
|
||||
}
|
||||
pwfile = optarg;
|
||||
break;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user