openldap/include/lutil.h
Kurt Zeilenga 8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00

178 lines
4.1 KiB
C

/* $OpenLDAP$ */
/*
* Copyright 1998-2002 The OpenLDAP Foundation, Redwood City, California, USA
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License. A copy of this license is available at
* http://www.OpenLDAP.org/license.html or in file LICENSE in the
* top-level directory of the distribution.
*/
#ifndef _LUTIL_H
#define _LUTIL_H 1
#include <ldap_cdefs.h>
#include <lber_types.h>
/*
* Include file for LDAP utility routine
*/
LDAP_BEGIN_DECL
/* n octets encode into ceiling(n/3) * 4 bytes */
/* Avoid floating point math by through extra padding */
#define LUTIL_BASE64_ENCODE_LEN(n) ((n)/3 * 4 + 4)
#define LUTIL_BASE64_DECODE_LEN(n) ((n)/4 * 3)
/* ISC Base64 Routines */
/* base64.c */
LDAP_LUTIL_F( int )
lutil_b64_ntop LDAP_P((
unsigned char const *,
size_t,
char *,
size_t));
LDAP_LUTIL_F( int )
lutil_b64_pton LDAP_P((
char const *,
unsigned char *,
size_t));
/* detach.c */
LDAP_LUTIL_F( void )
lutil_detach LDAP_P((
int debug,
int do_close));
/* entropy.c */
LDAP_LUTIL_F( int )
lutil_entropy LDAP_P((
unsigned char *buf,
ber_len_t nbytes ));
/* passfile.c */
struct berval; /* avoid pulling in lber.h */
LDAP_LUTIL_F( int )
lutil_get_filed_password LDAP_P((
const char *filename,
struct berval * ));
/* passwd.c */
LDAP_LUTIL_F( int )
lutil_authpasswd LDAP_P((
const struct berval *passwd, /* stored password */
const struct berval *cred, /* user supplied value */
const char **methods ));
LDAP_LUTIL_F( int )
lutil_authpasswd_hash LDAP_P((
const struct berval *cred,
struct berval **passwd, /* password to store */
struct berval **salt, /* salt to store */
const char *method ));
#if defined( SLAPD_SPASSWD ) && defined( HAVE_CYRUS_SASL )
/* cheat to avoid pulling in <sasl.h> */
LDAP_LUTIL_V( struct sasl_conn * ) lutil_passwd_sasl_conn;
#endif
LDAP_LUTIL_F( int )
lutil_passwd LDAP_P((
const struct berval *passwd, /* stored password */
const struct berval *cred, /* user supplied value */
const char **methods ));
LDAP_LUTIL_F( struct berval * )
lutil_passwd_generate LDAP_P(( ber_len_t ));
LDAP_LUTIL_F( struct berval * )
lutil_passwd_hash LDAP_P((
const struct berval *passwd,
const char *method ));
LDAP_LUTIL_F( int )
lutil_passwd_scheme LDAP_P((
const char *scheme ));
LDAP_LUTIL_F( int )
lutil_salt_format LDAP_P((
const char *format ));
/* utils.c */
LDAP_LUTIL_F( char* )
lutil_progname LDAP_P((
const char* name,
int argc,
char *argv[] ));
LDAP_LUTIL_F( char* )
lutil_strcopy LDAP_P(( char *dst, const char *src ));
LDAP_LUTIL_F( char* )
lutil_strncopy LDAP_P(( char *dst, const char *src, size_t n ));
struct tm;
LDAP_LUTIL_F( size_t )
lutil_gentime LDAP_P(( char *s, size_t max, const struct tm *tm ));
#ifndef HAVE_MKSTEMP
LDAP_LUTIL_F( int )
mkstemp LDAP_P (( char * template ));
#endif
/* sockpair.c */
LDAP_LUTIL_F( int )
lutil_pair( ber_socket_t sd[2] );
/* uuid.c */
LDAP_LUTIL_F( size_t )
lutil_uuidstr( char *buf, size_t len );
/* csn.c */
LDAP_LUTIL_F( size_t )
lutil_csnstr( char *buf, size_t len, unsigned int replica, unsigned int mod );
/*
* Sometimes not all declarations in a header file are needed.
* An indicator to this is whether or not the symbol's type has
* been defined. Thus, we don't need to include a symbol if
* its type has not been defined through another header file.
*/
#ifdef HAVE_NT_SERVICE_MANAGER
LDAP_LUTIL_V (int) is_NT_Service;
#ifdef _LDAP_PVT_THREAD_H
LDAP_LUTIL_V (ldap_pvt_thread_cond_t) started_event;
#endif /* _LDAP_PVT_THREAD_H */
/* macros are different between Windows and Mingw */
#if defined(_WINSVC_H) || defined(_WINSVC_)
LDAP_LUTIL_V (SERVICE_STATUS) SLAPDServiceStatus;
LDAP_LUTIL_V (SERVICE_STATUS_HANDLE) hSLAPDServiceStatus;
#endif /* _WINSVC_H */
#endif /* HAVE_NT_SERVICE_MANAGER */
#ifdef HAVE_EBCDIC
/* Generally this has only been used to put '\n' to stdout. We need to
* make sure it is output in EBCDIC.
*/
#undef putchar
#undef putc
#define putchar(c) putc((c), stdout)
#define putc(c,fp) do { char x=(c); __atoe_l(&x,1); putc(x,fp); } while(0)
#endif
LDAP_END_DECL
#endif /* _LUTIL_H */