upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sync with HEAD

Browse source
This commit is contained in:
Kurt Zeilenga 2004-03-17 21:10:49 +00:00
parent 32449de89d
commit 52493faf2d
31 changed files with 192 additions and 2371 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -11,10 +11,14 @@ OpenLDAP 2.2.7 Engineering
Fixed monitor backend crash when used with overlays (ITS#3023)
Fixed oracle-related issues in back-sql (ITS#2641)
Fixed '=' escape in DN (ITS#3009)
Updated ldapsearch paged results handling
Build Environment
Fixed libldap T_SRV portability bug
Fixed shared library soname versioning
Requires changes in linking practices of dependent applications
Documentation
Fixed ldapmodrdn(1) manpage (ITS#3003)
Updated release documents
OpenLDAP 2.2.6 Release
Fixed slapd SASL callback handling (ITS#2926)

18
INSTALL
View file

@ -43,7 +43,7 @@ Making and Installing the OpenLDAP Distribution
LIBS libraries -llib
PATH command path /usr/local/bin:/usr/bin:/bin
3. Configure the build system
3. Configure the build system:
% [env settings] ./configure [options]
@ -51,11 +51,11 @@ Making and Installing the OpenLDAP Distribution
the appropriate settings. However, you may need to specify
options and/or environment variables to obtain desired results.
4. Build dependencies
4. Build dependencies:
% make depend
5. Build the system
5. Build the system:
% make
@ -64,7 +64,7 @@ Making and Installing the OpenLDAP Distribution
may want to consult the Platform Hints subsection of the FAQ if
you have not done so already.
6. Test the standalone system
6. Test the standalone system:
This step requires the standalone LDAP server, slapd(8), with
BDB, HDB, and/or LDBM support.
@ -72,17 +72,17 @@ Making and Installing the OpenLDAP Distribution
% make test
If all goes well, the system has been built as configured. If
not, return to step 4 after reviewing your configuration
not, return to step 2 after reviewing your configuration
settings. You may want to consult the Installation section of
the FAQ if you have not done so already.
7. install the binaries and man pages. You may need to be come the
super-user (e.g. root) to do this (depending on where you are
installing things):
7. Install the software. You may need to be come the super-user
(e.g. root) to do this (depending on where you are installing
things):
% su root -c 'make install'
8. That's it!
8. That's it. Enjoy!
See the OpenLDAP Administrator's Guide and the manual pages for the
individual applications for configuration and use information. You may

2
build/top.mk
View file

@ -68,7 +68,7 @@ SHTOOL = $(top_srcdir)/build/shtool
LIBTOOL = @LIBTOOL@
LIBVERSION = @OPENLDAP_LIBVERSION@
LTVERSION = -version-info $(LIBVERSION)
LTVERSION = -release $(LIBVERSION)
# libtool --only flag for libraries: platform specific
NT_LTONLY_LIB = # --only-$(BUILD_LIBS_DYNAMIC)

2
build/version.sh
View file

@ -25,7 +25,7 @@ elif test $ol_minor != X ; then
else
ol_version=${ol_major}.${ol_minor}
ol_type=Devel
ol_api_lib=0:0:0
ol_api_lib=0
fi
ol_string="${ol_package} ${ol_version}-${ol_type}"

6
build/version.var
View file

@ -16,6 +16,6 @@ ol_package=OpenLDAP
ol_major=2
ol_minor=2
ol_patch=X
ol_api_inc=20204
ol_api_lib=202:4:3
ol_release_date="2004/02/25"
ol_api_inc=20206
ol_api_lib=2.2.6
ol_release_date="2004/03/16"

19
configure.in
View file

@ -183,8 +183,6 @@ OL_ARG_ENABLE(slapd,[ --enable-slapd enable building slapd], yes)dnl
OL_ARG_ENABLE(aci,[ --enable-aci enable per-object ACIs (experimental)], no)dnl
OL_ARG_ENABLE(cleartext,[ --enable-cleartext enable cleartext passwords], yes)dnl
OL_ARG_ENABLE(crypt,[ --enable-crypt enable crypt(3) passwords], no)dnl
dnl OL_ARG_ENABLE(kpasswd,[ --enable-kpasswd enable Kerberos password verification], no)dnl
ol_enable_kpasswd=${ol_enable_kpasswd-no}
OL_ARG_ENABLE(lmpasswd,[ --enable-lmpasswd enable LAN Manager passwords], no)dnl
OL_ARG_ENABLE(spasswd,[ --enable-spasswd enable (Cyrus) SASL password verification], no)dnl
OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl
@ -507,14 +505,14 @@ if test $ol_enable_lmpasswd = yes ; then
fi
fi
if test $ol_enable_kbind = yes -o $ol_enable_kpasswd = yes ; then
if test $ol_enable_kbind = yes ; then
if test $ol_with_kerberos = no ; then
AC_MSG_ERROR([options require --with-kerberos])
elif test $ol_with_kerberos = auto ; then
ol_with_kerberos=yes
fi
elif test $ol_enable_kbind = no -o $ol_enable_kpasswd = no ; then
elif test $ol_enable_kbind = no ; then
if test $ol_with_kerberos = auto ; then
ol_with_kerberos=no
elif test $ol_with_kerberos != no ; then
@ -1106,7 +1104,6 @@ fi
dnl ----------------------------------------------------------------
dnl Kerberos
ol_link_kbind=no
ol_link_kpasswd=no
ol_link_krb5=no
ol_link_krb4=no
@ -1161,10 +1158,6 @@ if test $ol_with_kerberos = yes -o $ol_with_kerberos = auto \
AC_DEFINE(HAVE_KRB5, 1,
[define if you have Kerberos V])
if test $ol_enable_kpasswd != no ; then
ol_link_kpasswd=yes;
fi
if test $ol_with_kerberos = k5only ; then
ol_with_kerberos=found
fi
@ -1261,10 +1254,6 @@ if test $ol_with_kerberos = yes -o $ol_with_kerberos = auto \
fi
fi
if test $ol_link_krb4 = yes -a $ol_enable_kpasswd != no ; then
ol_link_kpasswd=yes
fi
if test $ol_link_krb4 = yes -a $ol_enable_kbind != no ; then
ol_link_kbind=yes
@ -2525,9 +2514,6 @@ fi
if test "$ol_enable_crypt" != no ; then
AC_DEFINE(SLAPD_CRYPT,1,[define to support crypt(3) passwords])
fi
if test "$ol_link_kpasswd" != no ; then
AC_DEFINE(SLAPD_KPASSWD,1,[define to support Kerberos passwords])
fi
if test "$ol_link_spasswd" != no ; then
AC_DEFINE(SLAPD_SPASSWD,1,[define to support SASL passwords])
fi
@ -2914,7 +2900,6 @@ servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:
servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk \
servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk \
servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk \
servers/slapd/tools/Makefile:build/top.mk:servers/slapd/tools/Makefile.in \
servers/slurpd/Makefile:build/top.mk:servers/slurpd/Makefile.in:build/srv.mk \
tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk \
tests/run \

2
include/lber.h
View file

@ -152,7 +152,7 @@ typedef struct lber_memory_fns {
#define LBER_OPT_SOCKBUF_DEBUG 0x1002
/* on/off values */
extern char ber_pvt_opt_on;
LBER_V( char ) ber_pvt_opt_on;
#define LBER_OPT_ON ((void *) &ber_pvt_opt_on)
#define LBER_OPT_OFF ((void *) 0)

6
include/ldap_cdefs.h
View file

@ -158,13 +158,9 @@
#endif
/* LDBM library */
#if defined(_WIN32) && defined(SLAPD_IMPORT)
# define LDAP_LDBM_F(type) extern __declspec(dllimport) type
# define LDAP_LDBM_V(type) extern __declspec(dllimport) type
#else
/* Not exported/imported any more */
# define LDAP_LDBM_F(type) extern type
# define LDAP_LDBM_V(type) extern type
#endif
/* LDIF library */
#if defined(_WIN32) && defined(SLAPD_IMPORT)

13
include/lutil.h
View file

@ -70,15 +70,19 @@ lutil_get_filed_password LDAP_P((
/* passwd.c */
struct lutil_pw_scheme;
#define LUTIL_PASSWD_OK (0)
#define LUTIL_PASSWD_ERR (-1)
typedef int (LUTIL_PASSWD_CHK_FUNC)(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred,
const char **text );
typedef struct berval * (LUTIL_PASSWD_HASH_FUNC) (
typedef int (LUTIL_PASSWD_HASH_FUNC) (
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text );
LDAP_LUTIL_F( int )
@ -118,13 +122,14 @@ lutil_passwd LDAP_P((
const char **methods,
const char **text )); /* error message */
LDAP_LUTIL_F( struct berval * )
lutil_passwd_generate LDAP_P(( ber_len_t ));
LDAP_LUTIL_F( int )
lutil_passwd_generate LDAP_P(( struct berval *pw, ber_len_t ));
LDAP_LUTIL_F( struct berval * )
LDAP_LUTIL_F( int )
lutil_passwd_hash LDAP_P((
const struct berval *passwd,
const char *method,
struct berval *hash,
const char **text ));
LDAP_LUTIL_F( int )

2
libraries/liblber/debug.c
View file

@ -146,8 +146,6 @@ void lutil_log_int(
time_t now;
struct tm *today;
#endif
size_t i;
char * tmp;
#ifdef LDAP_SYSLOG
/* we're configured to use syslog */

4
libraries/libldap/cancel.c
View file

@ -12,6 +12,10 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This program was orignally developed by Kurt D. Zeilenga for inclusion in
* OpenLDAP Software.
*/
/*
* LDAPv3 Cancel Operation Request

22
libraries/libldap/controls.c
View file

@ -26,9 +26,6 @@
* LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
* PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
*---
* Modification to OpenLDAP source by Novell, Inc.
* June 2000 sfs Added control utilities
*--
* Note: A verbatim copy of version 2.0.1 of the OpenLDAP Public License
* can be found in the file "build/LICENSE-2.0.1" in this distribution
* of OpenLDAP Software.
@ -392,6 +389,25 @@ ldap_control_dup( const LDAPControl *c )
return new;
}
LDAPControl *
ldap_find_control(
LDAP_CONST char *oid,
LDAPControl **ctrls )
{
if( ctrls == NULL || *ctrls == NULL ) {
return NULL;
}
for( ; *ctrls != NULL; ctrls++ ) {
if( strcmp( (*ctrls)->ldctl_oid, oid ) == 0 ) {
return *ctrls;
}
}
return NULL;
}
/*
ldap_create_control

2
libraries/libldap/cyrus.c
View file

@ -632,6 +632,7 @@ ldap_int_sasl_bind(
LDAP_FREE( authid.bv_val );
}
#if !defined(_WIN32)
/* Check for local */
if ( ldap_pvt_url_scheme2proto( ld->ld_defconn->lconn_server->lud_scheme ) == LDAP_PROTO_IPC ) {
char authid[sizeof("uidNumber=4294967295+gidNumber=4294967295,"
@ -641,6 +642,7 @@ ldap_int_sasl_bind(
(int) geteuid(), (int) getegid() );
(void) ldap_int_sasl_external( ld, ld->ld_defconn, authid, LDAP_PVT_SASL_LOCAL_SSF );
}
#endif
/* (re)set security properties */
sasl_setprop( ctx, SASL_SEC_PROPS,

13
libraries/libldap/dnssrv.c
View file

@ -174,11 +174,6 @@ int ldap_domain2dn(
return LDAP_SUCCESS;
}
/* Bind 4 interface */
#ifndef T_SRV
# define T_SRV 33
#endif
/*
* Lookup and return LDAP servers for domain (using the DNS
* SRV record _ldap._tcp.domain).
@ -215,7 +210,15 @@ int ldap_domain2hostlist(
#ifdef NS_HFIXEDSZ
/* Bind 8/9 interface */
len = res_query(request, ns_c_in, ns_t_srv, reply, sizeof(reply));
# ifndef T_SRV
# define T_SRV ns_t_srv
# endif
#else
/* Bind 4 interface */
# ifndef T_SRV
# define T_SRV 33
# endif
len = res_query(request, C_IN, T_SRV, reply, sizeof(reply));
#endif
if (len >= 0) {

1
libraries/libldap/os-ip.c
View file

@ -523,7 +523,6 @@ ldap_host_connected_to( Sockbuf *sb, const char *host )
struct sockaddr sabuf;
#endif
struct sockaddr *sa = (struct sockaddr *) &sabuf;
int rc;
ber_socket_t sd;
(void)memset( (char *)sa, '\0', sizeof sabuf );

4
libraries/libldap/passwd.c
View file

@ -12,6 +12,10 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This program was orignally developed by Kurt D. Zeilenga for inclusion in
* OpenLDAP Software.
*/
#include "portable.h"

2
libraries/libldap/search.c
View file

@ -217,7 +217,7 @@ ldap_build_search_req(
ber_int_t *idp)
{
BerElement *ber;
int err, id;
int err;
/*
* Create the search request. It looks like this:

4
libraries/libldap/whoami.c
View file

@ -12,6 +12,10 @@
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This program was orignally developed by Kurt D. Zeilenga for inclusion in
* OpenLDAP Software.
*/
#include "portable.h"

475
libraries/liblutil/passwd.c
View file

@ -41,16 +41,7 @@
# endif
#endif
#ifdef SLAPD_KPASSWD
# include <ac/krb.h>
# include <ac/krb5.h>
#endif
/* KPASSWD/krb.h brings in a conflicting des.h so don't use both.
* configure currently requires OpenSSL to enable LMHASH. Obviously
* this requirement can be fulfilled by the KRB DES library as well.
*/
#if defined(SLAPD_LMHASH) && !defined(DES_ENCRYPT)
#if defined(SLAPD_LMHASH)
# include <openssl/des.h>
#endif /* SLAPD_LMHASH */
@ -121,18 +112,10 @@ static LUTIL_PASSWD_CHK_FUNC chk_lanman;
static LUTIL_PASSWD_HASH_FUNC hash_lanman;
#endif
#ifdef SLAPD_NS_MTA_MD5
static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5;
#endif
#ifdef SLAPD_SPASSWD
static LUTIL_PASSWD_CHK_FUNC chk_sasl;
#endif
#ifdef SLAPD_KPASSWD
static LUTIL_PASSWD_CHK_FUNC chk_kerberos;
#endif
#ifdef SLAPD_CRYPT
static LUTIL_PASSWD_CHK_FUNC chk_crypt;
static LUTIL_PASSWD_HASH_FUNC hash_crypt;
@ -164,18 +147,10 @@ static const struct pw_scheme pw_schemes_default[] =
{ BER_BVC("{LANMAN}"), chk_lanman, hash_lanman },
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_NS_MTA_MD5
{ BER_BVC("{NS-MTA-MD5}"), chk_ns_mta_md5, NULL },
#endif /* SLAPD_NS_MTA_MD5 */
#ifdef SLAPD_SPASSWD
{ BER_BVC("{SASL}"), chk_sasl, NULL },
#endif
#ifdef SLAPD_KPASSWD
{ BER_BVC("{KERBEROS}"), chk_kerberos, NULL },
#endif
#ifdef SLAPD_CRYPT
{ BER_BVC("{CRYPT}"), chk_crypt, hash_crypt },
# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
@ -210,11 +185,10 @@ int lutil_passwd_add(
void lutil_passwd_init()
{
struct pw_slist *ptr;
struct pw_scheme *s;
for( s=(struct pw_scheme *)pw_schemes_default; s->name.bv_val; s++) {
if ( lutil_passwd_add( &s->name, s->chk_fn, s->hash_fn )) break;
if ( lutil_passwd_add( &s->name, s->chk_fn, s->hash_fn ) ) break;
}
}
@ -338,26 +312,20 @@ lutil_passwd(
return 1;
}
struct berval * lutil_passwd_generate( ber_len_t len )
int lutil_passwd_generate( struct berval *pw, ber_len_t len )
{
struct berval *pw;
if( len < 1 ) return NULL;
pw = ber_memalloc( sizeof( struct berval ) );
if( pw == NULL ) return NULL;
if( len < 1 ) return -1;
pw->bv_len = len;
pw->bv_val = ber_memalloc( len + 1 );
if( pw->bv_val == NULL ) {
ber_memfree( pw );
return NULL;
return -1;
}
if( lutil_entropy( (unsigned char *) pw->bv_val, pw->bv_len) < 0 ) {
ber_bvfree( pw );
return NULL;
return -1;
}
for( len = 0; len < pw->bv_len; len++ ) {
@ -367,76 +335,77 @@ struct berval * lutil_passwd_generate( ber_len_t len )
pw->bv_val[len] = '\0';
return pw;
return 0;
}
struct berval * lutil_passwd_hash(
int lutil_passwd_hash(
const struct berval * passwd,
const char * method,
struct berval *hash,
const char **text )
{
const struct pw_scheme *sc = get_scheme( method );
hash->bv_val = NULL;
hash->bv_len = 0;
if( sc == NULL ) {
if( text ) *text = "scheme not recognized";
return NULL;
return -1;
}
if( ! sc->hash_fn ) {
if( text ) *text = "scheme provided no hash function";
return NULL;
return -1;
}
if( text ) *text = NULL;
return (sc->hash_fn)( &sc->name, passwd, text );
return (sc->hash_fn)( &sc->name, passwd, hash, text );
}
/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT)
static struct berval * pw_string(
static int pw_string(
const struct berval *sc,
const struct berval *passwd )
struct berval *passwd )
{
struct berval *pw = ber_memalloc( sizeof( struct berval ) );
if( pw == NULL ) return NULL;
struct berval pw;
pw->bv_len = sc->bv_len + passwd->bv_len;
pw->bv_val = ber_memalloc( pw->bv_len + 1 );
pw.bv_len = sc->bv_len + passwd->bv_len;
pw.bv_val = ber_memalloc( pw.bv_len + 1 );
if( pw->bv_val == NULL ) {
ber_memfree( pw );
return NULL;
if( pw.bv_val == NULL ) {
return LUTIL_PASSWD_ERR;
}
AC_MEMCPY( pw->bv_val, sc->bv_val, sc->bv_len );
AC_MEMCPY( &pw->bv_val[sc->bv_len], passwd->bv_val, passwd->bv_len );
AC_MEMCPY( pw.bv_val, sc->bv_val, sc->bv_len );
AC_MEMCPY( &pw.bv_val[sc->bv_len], passwd->bv_val, passwd->bv_len );
pw->bv_val[pw->bv_len] = '\0';
return pw;
pw.bv_val[pw.bv_len] = '\0';
*passwd = pw;
return LUTIL_PASSWD_OK;
}
#endif /* SLAPD_LMHASH || SLAPD_CRYPT */
static struct berval * pw_string64(
static int pw_string64(
const struct berval *sc,
const struct berval *hash,
struct berval *b64,
const struct berval *salt )
{
int rc;
struct berval string;
struct berval *b64 = ber_memalloc( sizeof(struct berval) );
size_t b64len;
if( b64 == NULL ) return NULL;
if( salt ) {
/* need to base64 combined string */
string.bv_len = hash->bv_len + salt->bv_len;
string.bv_val = ber_memalloc( string.bv_len + 1 );
if( string.bv_val == NULL ) {
ber_memfree( b64 );
return NULL;
return LUTIL_PASSWD_ERR;
}
AC_MEMCPY( string.bv_val, hash->bv_val,
@ -455,8 +424,7 @@ static struct berval * pw_string64(
if( b64->bv_val == NULL ) {
if( salt ) ber_memfree( string.bv_val );
ber_memfree( b64 );
return NULL;
return LUTIL_PASSWD_ERR;
}
AC_MEMCPY(b64->bv_val, sc->bv_val, sc->bv_len);
@ -468,14 +436,13 @@ static struct berval * pw_string64(
if( salt ) ber_memfree( string.bv_val );
if( rc < 0 ) {
ber_bvfree( b64 );
return NULL;
return LUTIL_PASSWD_ERR;
}
/* recompute length */
b64->bv_len = sc->bv_len + rc;
assert( strlen(b64->bv_val) == b64->bv_len );
return b64;
return LUTIL_PASSWD_OK;
}
/* PASSWORD CHECK ROUTINES */
@ -495,20 +462,20 @@ static int chk_ssha1(
/* safety check */
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
sizeof(SHA1digest)+SALT_SIZE) {
return -1;
return LUTIL_PASSWD_ERR;
}
/* decode base64 password */
orig_pass = (unsigned char *) ber_memalloc( (size_t) (
LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
if( orig_pass == NULL ) return -1;
if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
if (rc < (int)(sizeof(SHA1digest)+SALT_SIZE)) {
ber_memfree(orig_pass);
return -1;
return LUTIL_PASSWD_ERR;
}
/* hash credentials with salt */
@ -523,7 +490,7 @@ static int chk_ssha1(
/* compare */
rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
ber_memfree(orig_pass);
return rc ? 1 : 0;
return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
static int chk_sha1(
@ -539,20 +506,20 @@ static int chk_sha1(
/* safety check */
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) < sizeof(SHA1digest)) {
return -1;
return LUTIL_PASSWD_ERR;
}
/* base64 un-encode password */
orig_pass = (unsigned char *) ber_memalloc( (size_t) (
LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
if( orig_pass == NULL ) return -1;
if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
if( rc != sizeof(SHA1digest) ) {
ber_memfree(orig_pass);
return -1;
return LUTIL_PASSWD_ERR;
}
/* hash credentials with salt */
@ -564,7 +531,7 @@ static int chk_sha1(
/* compare */
rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
ber_memfree(orig_pass);
return rc ? 1 : 0;
return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
#endif
@ -582,20 +549,20 @@ static int chk_smd5(
/* safety check */
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
sizeof(MD5digest)+SALT_SIZE) {
return -1;
return LUTIL_PASSWD_ERR;
}
/* base64 un-encode password */
orig_pass = (unsigned char *) ber_memalloc( (size_t) (
LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
if( orig_pass == NULL ) return -1;
if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
if (rc < (int)(sizeof(MD5digest)+SALT_SIZE)) {
ber_memfree(orig_pass);
return -1;
return LUTIL_PASSWD_ERR;
}
/* hash credentials with salt */
@ -611,7 +578,7 @@ static int chk_smd5(
/* compare */
rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
ber_memfree(orig_pass);
return rc ? 1 : 0;
return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
static int chk_md5(
@ -627,19 +594,19 @@ static int chk_md5(
/* safety check */
if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) < sizeof(MD5digest)) {
return -1;
return LUTIL_PASSWD_ERR;
}
/* base64 un-encode password */
orig_pass = (unsigned char *) ber_memalloc( (size_t) (
LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) );
if( orig_pass == NULL ) return -1;
if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
if ( rc != sizeof(MD5digest) ) {
ber_memfree(orig_pass);
return -1;
return LUTIL_PASSWD_ERR;
}
/* hash credentials with salt */
@ -652,7 +619,7 @@ static int chk_md5(
/* compare */
rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
ber_memfree(orig_pass);
return rc ? 1 : 0;
return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
#ifdef SLAPD_LMHASH
@ -747,12 +714,12 @@ static int chk_lanman(
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
return -1; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( cred->bv_val[i] != '\0' ) {
return -1; /* passwd must behave like a string */
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
strncpy( UcasePassword, cred->bv_val, 14 );
@ -778,64 +745,10 @@ static int chk_lanman(
storedPasswordHash[32] = '\0';
ldap_pvt_str2lower( storedPasswordHash );
return memcmp( PasswordHash, storedPasswordHash, 32) ? 1 : 0;
return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_NS_MTA_MD5
#define NS_MTA_MD5_PASSLEN 64
static int chk_ns_mta_md5(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES], c;
char buffer[LUTIL_MD5_BYTES*2];
int i;
if( passwd->bv_len != NS_MTA_MD5_PASSLEN ) {
return 1;
}
/* hash credentials with salt */
lutil_MD5Init(&MD5context);
lutil_MD5Update(&MD5context,
(const unsigned char *) &passwd->bv_val[32],
32 );
c = 0x59;
lutil_MD5Update(&MD5context,
(const unsigned char *) &c,
1 );
lutil_MD5Update(&MD5context,
(const unsigned char *) cred->bv_val,
cred->bv_len );
c = 0xF7;
lutil_MD5Update(&MD5context,
(const unsigned char *) &c,
1 );
lutil_MD5Update(&MD5context,
(const unsigned char *) &passwd->bv_val[32],
32 );
lutil_MD5Final(MD5digest, &MD5context);
for( i=0; i < sizeof( MD5digest ); i++ ) {
buffer[i+i] = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F];
buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F];
}
/* compare */
return memcmp((char *)passwd->bv_val,
(char *)buffer, sizeof(buffer)) ? 1 : 0;
}
#endif
#ifdef SLAPD_SPASSWD
#ifdef HAVE_CYRUS_SASL
sasl_conn_t *lutil_passwd_sasl_conn = NULL;
@ -852,25 +765,25 @@ static int chk_sasl(
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
return 1; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( cred->bv_val[i] != '\0' ) {
return 1; /* cred must behave like a string */
return LUTIL_PASSWD_ERR; /* cred must behave like a string */
}
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return 1; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return 1; /* passwd must behave like a string */
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
rtn = 1;
rtn = LUTIL_PASSWD_ERR;
#ifdef HAVE_CYRUS_SASL
if( lutil_passwd_sasl_conn != NULL ) {
@ -885,7 +798,7 @@ static int chk_sasl(
passwd->bv_val, passwd->bv_len,
cred->bv_val, cred->bv_len );
# endif
rtn = ( sc != SASL_OK );
rtn = ( sc != SASL_OK ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
#endif
@ -893,180 +806,6 @@ static int chk_sasl(
}
#endif
#ifdef SLAPD_KPASSWD
static int chk_kerberos(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred,
const char **text )
{
unsigned int i;
int rtn;
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
return 1; /* NUL character in password */
}
}
if( cred->bv_val[i] != '\0' ) {
return 1; /* cred must behave like a string */
}
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return 1; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return 1; /* passwd must behave like a string */
}
rtn = 1;
#ifdef HAVE_KRB5 /* HAVE_HEIMDAL_KRB5 */
{
/* Portions:
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xf6gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
krb5_context context;
krb5_error_code ret;
krb5_creds creds;
krb5_get_init_creds_opt get_options;
krb5_verify_init_creds_opt verify_options;
krb5_principal client, server;
#ifdef notdef
krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
#endif
ret = krb5_init_context( &context );
if (ret) {
return 1;
}
#ifdef notdef
krb5_get_init_creds_opt_set_preauth_list(&get_options,
pre_auth_types, 1);
#endif
krb5_get_init_creds_opt_init( &get_options );
krb5_verify_init_creds_opt_init( &verify_options );
ret = krb5_parse_name( context, passwd->bv_val, &client );
if (ret) {
krb5_free_context( context );
return 1;
}
ret = krb5_get_init_creds_password( context,
&creds, client, cred->bv_val, NULL,
NULL, 0, NULL, &get_options );
if (ret) {
krb5_free_principal( context, client );
krb5_free_context( context );
return 1;
}
{
char *host = ldap_pvt_get_fqdn( NULL );
if( host == NULL ) {
krb5_free_principal( context, client );
krb5_free_context( context );
return 1;
}
ret = krb5_sname_to_principal( context,
host, "ldap", KRB5_NT_SRV_HST, &server );
ber_memfree( host );
}
if (ret) {
krb5_free_principal( context, client );
krb5_free_context( context );
return 1;
}
ret = krb5_verify_init_creds( context,
&creds, server, NULL, NULL, &verify_options );
krb5_free_principal( context, client );
krb5_free_principal( context, server );
krb5_free_cred_contents( context, &creds );
krb5_free_context( context );
rtn = !!ret;
}
#elif defined(HAVE_KRB4)
{
/* Borrowed from Heimdal kpopper */
/* Portions:
* Copyright (c) 1989 Regents of the University of California.
* All rights reserved. The Berkeley software License Agreement
* specifies the terms and conditions for redistribution.
*/
int status;
char lrealm[REALM_SZ];
char tkt[MAXHOSTNAMELEN];
status = krb_get_lrealm(lrealm,1);
if (status == KFAILURE) {
return 1;
}
snprintf(tkt, sizeof(tkt), "%s_slapd.%u",
TKT_ROOT, (unsigned)getpid());
krb_set_tkt_string (tkt);
status = krb_verify_user( passwd->bv_val, "", lrealm,
cred->bv_val, 1, "ldap");
dest_tkt(); /* no point in keeping the tickets */
return status == KFAILURE;
}
#endif
return rtn;
}
#endif /* SLAPD_KPASSWD */
#ifdef SLAPD_CRYPT
static int chk_crypt(
const struct berval *sc,
@ -1079,36 +818,36 @@ static int chk_crypt(
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
return 1; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( cred->bv_val[i] != '\0' ) {
return -1; /* cred must behave like a string */
return LUTIL_PASSWD_ERR; /* cred must behave like a string */
}
if( passwd->bv_len < 2 ) {
return -1; /* passwd must be at least two characters long */
return LUTIL_PASSWD_ERR; /* passwd must be at least two characters long */
}
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return -1; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return -1; /* passwd must behave like a string */
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
cr = crypt( cred->bv_val, passwd->bv_val );
if( cr == NULL || cr[0] == '\0' ) {
/* salt must have been invalid */
return -1;
return LUTIL_PASSWD_ERR;
}
return strcmp( passwd->bv_val, cr ) ? 1 : 0;
return strcmp( passwd->bv_val, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
@ -1123,28 +862,28 @@ static int chk_unix(
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
return -1; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( cred->bv_val[i] != '\0' ) {
return -1; /* cred must behave like a string */
return LUTIL_PASSWD_ERR; /* cred must behave like a string */
}
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return -1; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return -1; /* passwd must behave like a string */
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
{
struct passwd *pwd = getpwnam(passwd->bv_val);
if(pwd == NULL) {
return -1; /* not found */
return LUTIL_PASSWD_ERR; /* not found */
}
pw = pwd->pw_passwd;
@ -1170,17 +909,17 @@ static int chk_unix(
if( pw == NULL || pw[0] == '\0' || pw[1] == '\0' ) {
/* password must must be at least two characters long */
return -1;
return LUTIL_PASSWD_ERR;
}
cr = crypt(cred->bv_val, pw);
if( cr == NULL || cr[0] == '\0' ) {
/* salt must have been invalid */
return -1;
return LUTIL_PASSWD_ERR;
}
return strcmp(pw, cr) ? 1 : 0;
return strcmp(pw, cr) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
# endif
@ -1189,9 +928,10 @@ static int chk_unix(
/* PASSWORD GENERATION ROUTINES */
#ifdef LUTIL_SHA1_BYTES
static struct berval *hash_ssha1(
static int hash_ssha1(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
lutil_SHA1_CTX SHA1context;
@ -1206,7 +946,7 @@ static struct berval *hash_ssha1(
salt.bv_len = sizeof(saltdata);
if( lutil_entropy( (unsigned char *) salt.bv_val, salt.bv_len) < 0 ) {
return NULL;
return LUTIL_PASSWD_ERR;
}
lutil_SHA1Init( &SHA1context );
@ -1216,12 +956,13 @@ static struct berval *hash_ssha1(
(const unsigned char *)salt.bv_val, salt.bv_len );
lutil_SHA1Final( SHA1digest, &SHA1context );
return pw_string64( scheme, &digest, &salt);
return pw_string64( scheme, &digest, hash, &salt);
}
static struct berval *hash_sha1(
static int hash_sha1(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
lutil_SHA1_CTX SHA1context;
@ -1235,13 +976,14 @@ static struct berval *hash_sha1(
(const unsigned char *)passwd->bv_val, passwd->bv_len );
lutil_SHA1Final( SHA1digest, &SHA1context );
return pw_string64( scheme, &digest, NULL);
return pw_string64( scheme, &digest, hash, NULL);
}
#endif
static struct berval *hash_smd5(
static int hash_smd5(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
lutil_MD5_CTX MD5context;
@ -1256,7 +998,7 @@ static struct berval *hash_smd5(
salt.bv_len = sizeof(saltdata);
if( lutil_entropy( (unsigned char *) salt.bv_val, salt.bv_len) < 0 ) {
return NULL;
return LUTIL_PASSWD_ERR;
}
lutil_MD5Init( &MD5context );
@ -1266,12 +1008,13 @@ static struct berval *hash_smd5(
(const unsigned char *) salt.bv_val, salt.bv_len );
lutil_MD5Final( MD5digest, &MD5context );
return pw_string64( scheme, &digest, &salt );
return pw_string64( scheme, &digest, hash, &salt );
}
static struct berval *hash_md5(
static int hash_md5(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
lutil_MD5_CTX MD5context;
@ -1287,14 +1030,15 @@ static struct berval *hash_md5(
(const unsigned char *) passwd->bv_val, passwd->bv_len );
lutil_MD5Final( MD5digest, &MD5context );
return pw_string64( scheme, &digest, NULL );
return pw_string64( scheme, &digest, hash, NULL );
;
}
#ifdef SLAPD_LMHASH
static struct berval *hash_lanman(
static int hash_lanman(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
@ -1305,16 +1049,15 @@ static struct berval *hash_lanman(
des_cblock StdText = "KGS!@#$%";
des_cblock PasswordHash1, PasswordHash2;
char PasswordHash[33];
struct berval hash;
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return NULL; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return NULL; /* passwd must behave like a string */
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
strncpy( UcasePassword, passwd->bv_val, 14 );
@ -1335,35 +1078,35 @@ static struct berval *hash_lanman(
PasswordHash2[0],PasswordHash2[1],PasswordHash2[2],PasswordHash2[3],
PasswordHash2[4],PasswordHash2[5],PasswordHash2[6],PasswordHash2[7] );
hash.bv_val = PasswordHash;
hash.bv_len = 32;
hash->bv_val = PasswordHash;
hash->bv_len = 32;
return pw_string( scheme, &hash );
return pw_string( scheme, hash );
}
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_CRYPT
static struct berval *hash_crypt(
static int hash_crypt(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
struct berval hash;
unsigned char salt[32]; /* salt suitable for most anything */
unsigned int i;
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return NULL; /* NUL character in password */
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return NULL; /* passwd must behave like a string */
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
if( lutil_entropy( salt, sizeof( salt ) ) < 0 ) {
return NULL;
return LUTIL_PASSWD_ERR;
}
for( i=0; i< ( sizeof(salt) - 1 ); i++ ) {
@ -1379,17 +1122,17 @@ static struct berval *hash_crypt(
snprintf( (char *) salt, sizeof(entropy), salt_format, entropy );
}
hash.bv_val = crypt( passwd->bv_val, (char *) salt );
hash->bv_val = crypt( passwd->bv_val, (char *) salt );
if( hash.bv_val == NULL ) return NULL;
if( hash->bv_val == NULL ) return -1;
hash.bv_len = strlen( hash.bv_val );
hash->bv_len = strlen( hash->bv_val );
if( hash.bv_len == 0 ) {
return NULL;
if( hash->bv_len == 0 ) {
return LUTIL_PASSWD_ERR;
}
return pw_string( scheme, &hash );
return pw_string( scheme, hash );
}
#endif
@ -1405,12 +1148,14 @@ int lutil_salt_format(const char *format)
}
#ifdef SLAPD_CLEARTEXT
static struct berval *hash_clear(
static int hash_clear(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
return ber_bvdup( (struct berval *) passwd );
ber_dupbv( hash, (struct berval *)passwd );
return LUTIL_PASSWD_OK;
}
#endif

2
libraries/librewrite/map.c
View file

@ -51,7 +51,7 @@ rewrite_map_parse(
* Go to the end of the map invocation (the right closing brace)
*/
for ( p = string, cnt = 1; p[ 0 ] != '\0' && cnt > 0; p++ ) {
if ( p[ 0 ] == REWRITE_SUBMATCH_ESCAPE ) {
if ( IS_REWRITE_SUBMATCH_ESCAPE( p[ 0 ] ) ) {
/*
* '%' marks the beginning of a new map
*/

5
libraries/librewrite/rewrite-int.h
View file

@ -55,7 +55,10 @@
*/
/* the '\' conflicts with slapd.conf parsing */
/* #define REWRITE_SUBMATCH_ESCAPE '\\' */
#define REWRITE_SUBMATCH_ESCAPE '%'
#define REWRITE_SUBMATCH_ESCAPE_ORIG '%'
#define REWRITE_SUBMATCH_ESCAPE '$'
#define IS_REWRITE_SUBMATCH_ESCAPE(c) \
((c) == REWRITE_SUBMATCH_ESCAPE || (c) == REWRITE_SUBMATCH_ESCAPE_ORIG)
/*
* REGEX flags

5
libraries/librewrite/subst.c
View file

@ -55,11 +55,11 @@ rewrite_subst_compile(
/*
* Keep only single escapes '%'
*/
if ( p[ 0 ] != REWRITE_SUBMATCH_ESCAPE ) {
if ( !IS_REWRITE_SUBMATCH_ESCAPE( p[ 0 ] ) ) {
continue;
}
if ( p[ 1 ] == REWRITE_SUBMATCH_ESCAPE ) {
if ( IS_REWRITE_SUBMATCH_ESCAPE( p[ 1 ] ) ) {
/* Pull &p[1] over p, including the trailing '\0' */
AC_MEMCPY((char *)p, &p[ 1 ], strlen( p ) );
continue;
@ -387,6 +387,7 @@ rewrite_subst_apply(
if ( rc != REWRITE_SUCCESS ) {
rc = REWRITE_REGEXEC_ERR;
goto cleanup;
}
/*

2
libraries/librewrite/xmap.c
View file

@ -95,7 +95,7 @@ rewrite_xmap_parse(
* Experimental file map:
* looks up key in a `key value' ascii file
*/
} else if ( strncasecmp(s, "xfile", 5 ) == 0 ) {
} else if ( strncasecmp( s, "xfile", 5 ) == 0 ) {
char *filename;
const char *p;
int l;

84
servers/slapd/tools/Makefile.in
View file

@ -1,84 +0,0 @@
# Makefile.in for slapd tools
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2004 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
SLAP_DIR=../
XDEFS = $(MODULES_CPPFLAGS)
XLDFLAGS = $(MODULES_LDFLAGS)
XLIBS = $(SLAPD_L) $(LDBM_LIBS)
XXLIBS = $(SLAPD_LIBS) \
$(LDBM_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
XXXLIBS = $(LTHREAD_LIBS)
SLAPI_DEP_LIBS = $(LIBS) @LIBSLAPITOOLS@ @SLAPI_LIBS@ $(MODULES_LIBS)
STATIC_DEPENDS=@SLAPD_NO_STATIC@ ../libbackends.a
PROGRAMS=slapadd slapcat slapindex slappasswd
SRCS = mimic.c slapcommon.c \
slapadd.c slapcat.c slapindex.c slappasswd.c
SLAPD_OBJS = ../globals.o ../config.o ../ch_malloc.o ../cr.o ../backend.o \
../module.o ../aclparse.o ../filterentry.o ../schema.o \
../schema_check.o ../schema_init.o ../schema_prep.o \
../schemaparse.o ../ad.o ../at.o ../mr.o ../oc.o \
../syntax.o ../acl.o ../phonetic.o ../attr.o ../value.o \
../entry.o ../dn.o ../filter.o ../str2filter.o ../ava.o \
../init.o ../controls.o ../kerberos.o ../passwd.o \
../index.o ../extended.o ../starttls.o ../sets.o ../mra.o \
../referral.o ../backglue.o ../oidm.o ../mods.o ../operation.o \
../cancel.o ../sl_malloc.o ../backover.o ../ctxcsn.o ../syncrepl.o \
../ldapsync.o ../sessionlog.o
SLAPOBJS = $(SLAPD_OBJS) slapcommon.o mimic.o
all-local: build-progs
build-progs: $(PROGRAMS)
#
# SLAP Tools
#
slapadd: slapadd.o $(STATIC_DEPENDS) $(SLAPOBJS) $(SLAPD_L)
$(LTLINK) -o $@ slapadd.o $(SLAPOBJS) $(STATIC_DEPENDS) \
$(SLAPI_DEP_LIBS)
slapcat: slapcat.o $(STATIC_DEPENDS) $(SLAPOBJS) $(SLAPD_L)
$(LTLINK) -o $@ slapcat.o $(SLAPOBJS) $(STATIC_DEPENDS) \
$(SLAPI_DEP_LIBS)
slapindex: slapindex.o $(STATIC_DEPENDS) $(SLAPOBJS) $(SLAPD_L)
$(LTLINK) -o $@ slapindex.o $(SLAPOBJS) $(STATIC_DEPENDS) \
$(SLAPI_DEP_LIBS)
slappasswd: slappasswd.o $(SLAPD_L)
$(LTLINK) -o $@ slappasswd.o $(LIBS)
clean-local: FORCE
$(RM) $(PROGRAMS) $(XPROGRAMS) $(XSRCS) *.o core .libs/* *.exe
depend-local: FORCE
$(MKDEP) $(DEFS) $(DEFINES) $(SRCS)
install-local: FORCE
-$(MKDIR) $(DESTDIR)$(sbindir)
@for bin in $(PROGRAMS); do \
$(LTINSTALL) $(INSTALLFLAGS) -s -m 755 \
$$bin$(EXEEXT) $(DESTDIR)$(sbindir); \
done

322
servers/slapd/tools/mimic.c
View file

@ -1,322 +0,0 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2004 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Kurt Zeilenga for inclusion
* in OpenLDAP Software.
*/
/*
* Mimic unused interfaces of slapd...
* needed for linking.
*/
#include "portable.h"
#include <stdio.h>
#include "../slap.h"
#include "ldap_rq.h"
/* needed by WIN32 and back-monitor */
time_t starttime;
/* because Versionstr is used in back-monitor */
const char Versionstr[] = "";
/* bogus ../results.c */
int str2result(
char* s,
int *code,
char **matched,
char **info )
{
assert(0);
return 0;
}
void
send_ldap_disconnect( Operation *op, SlapReply *rs )
{
assert(0);
}
int
slap_null_cb(
Operation *op, SlapReply *rs
)
{
assert(0);
}
int
slap_replog_cb(
Operation *op, SlapReply *rs
)
{
assert(0);
}
void
slap_send_ldap_extended(
Operation *op, SlapReply *rs
)
{
assert(0);
}
void
slap_send_ldap_intermediate_resp(
Operation *op, SlapReply *rs
)
{
assert(0);
}
void
send_ldap_sasl( Operation *op, SlapReply *rs )
{
assert(0);
}
void
slap_send_ldap_result( Operation *op, SlapReply *rs )
{
assert(0);
}
int
slap_send_search_entry( Operation *op, SlapReply *rs )
{
assert(0);
return -1;
}
int
slap_send_search_reference( Operation *op, SlapReply *rs )
{
assert(0);
return -1;
}
int slap_read_controls(
Operation *op,
SlapReply *rs,
Entry *e,
const struct berval *oid,
LDAPControl **c )
{
assert(0);
return -1;
}
int slap_sasl_init(void)
{
return LDAP_SUCCESS;
}
int slap_sasl_destroy(void)
{
return LDAP_SUCCESS;
}
int slap_sasl_setpass( Operation *op, SlapReply *rs )
{
return LDAP_SUCCESS;
}
int slap_sasl_config(
int cargc,
char **cargv,
char *line,
const char *fname,
int lineno )
{
return LDAP_SUCCESS;
}
int connection_client_setup(
ber_socket_t s,
Listener *l,
ldap_pvt_thread_start_t *func,
void *arg )
{
assert(0);
return 0;
}
void connection_client_enable( ber_socket_t s )
{
assert(0);
}
void connection_client_stop( ber_socket_t s )
{
assert(0);
}
void connection2anonymous( Connection *c )
{
assert(0);
}
Connection * connection_first( ber_socket_t *b )
{
assert(0);
return NULL;
}
Connection * connection_next( Connection *c, ber_socket_t *b )
{
assert(0);
return NULL;
}
unsigned long connections_nextid(void)
{
return 0;
}
void connection_done( Connection *c )
{
assert(0);
}
const char * connection_state2str( int state )
{
assert(0);
return NULL;
}
void replog( Operation *op )
{
assert(0);
}
int add_replica_info( Backend *be, const char *host )
{
return 0;
}
int add_replica_suffix( Backend *be, int nr, const char *suffix )
{
return 0;
}
int add_replica_attrs( Backend *be, int nr, char *attrs, int exclude )
{
return 0;
}
int parse_limits( Backend *be, const char *fname, int lineno, int argc, char **argv )
{
return 0;
}
int parse_limit( const char *arg, struct slap_limits_set *limit )
{
return 0;
}
int get_limits( Operation *op, struct berval *ndn, struct slap_limits_set **limit )
{
return 0;
}
int read_root_dse_file ( const char *file )
{
return 0;
}
Attribute *
slap_operational_subschemaSubentry( Backend *be )
{
return NULL;
}
Attribute *
slap_operational_hasSubordinate( int hs )
{
return NULL;
}
Listener **
slapd_get_listeners(void)
{
return NULL;
}
int
slap_modrdn2mods(
Operation *op, SlapReply *rs,
Entry *e,
LDAPRDN oldrdn,
LDAPRDN newrdn,
Modifications **pmod )
{
return 0;
}
int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len,
char *user_realm, struct berval *dn, int flags )
{
return -1;
}
int slap_sasl_authorized( Operation *op,
struct berval *authcDN, struct berval *authzDN )
{
return -1;
}
int root_dse_info( Connection *conn, Entry **entry, const char **text )
{
return -1;
}
int slap_entry2mods( Entry *e, Modifications **mods, const char **text,
char *textbuf, size_t textlen )
{
return -1;
}
volatile sig_atomic_t slapd_shutdown;
int slap_mods_check( Modifications *ml, int update, const char **text,
char *textbuf, size_t textlen, void *ctx )
{
return -1;
}
int slap_mods2entry( Modifications *mods, Entry **e, int repl_user,
int dup, const char **text, char *textbuf, size_t textlen )
{
return -1;
}
int slap_mods_opattrs( Operation *op, Modifications *mods,
Modifications **modtail, const char **text,
char *textbuf, size_t textlen )
{
return -1;
}
int slap_parse_user( struct berval *id, struct berval *user,
struct berval *realm, struct berval *mech )
{
return -1;
}

691
servers/slapd/tools/slapadd.c
View file

@ -1,691 +0,0 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2004 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Kurt Zeilenga for inclusion
* in OpenLDAP Software. Additional signficant contributors include
* Jong Hyuk Choi
* Pierangelo Masarati
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/socket.h>
#include <ac/unistd.h>
#include <lber.h>
#include <ldif.h>
#include <lutil.h>
#include "slapcommon.h"
static char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
static const struct berval slap_syncrepl_bvc = BER_BVC("syncreplxxx");
static const struct berval slap_syncrepl_cn_bvc = BER_BVC("cn=syncreplxxx");
static struct berval slap_syncrepl_bv = BER_BVNULL;
static struct berval slap_syncrepl_cn_bv = BER_BVNULL;
struct subentryinfo {
struct berval cn;
struct berval ndn;
struct berval rdn;
struct berval cookie;
LDAP_SLIST_ENTRY( subentryinfo ) sei_next;
};
int
main( int argc, char **argv )
{
char *buf = NULL;
int lineno;
int lmax;
int rc = EXIT_SUCCESS;
const char *text;
char textbuf[SLAP_TEXT_BUFLEN] = { '\0' };
size_t textlen = sizeof textbuf;
struct berval csn;
struct berval maxcsn = { 0, NULL };
struct berval ldifcsn = { 0, NULL };
int match;
int provider_subentry = 0;
struct subentryinfo *sei;
LDAP_SLIST_HEAD( consumer_subentry_slist, subentryinfo ) consumer_subentry;
Attribute *attr;
Entry *ctxcsn_e;
ID ctxcsn_id;
struct berval ctxcsn_ndn = { 0, NULL };
int ret;
struct berval bvtext;
int i;
#ifdef NEW_LOGGING
lutil_log_initialize(argc, argv );
#endif
slap_tool_init( "slapadd", SLAPADD, argc, argv );
LDAP_SLIST_INIT( &consumer_subentry );
if( !be->be_entry_open ||
!be->be_entry_close ||
!be->be_entry_put )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
exit( EXIT_FAILURE );
}
lmax = 0;
lineno = 0;
if( be->be_entry_open( be, 1 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
while( ldif_read_record( ldiffp, &lineno, &buf, &lmax ) ) {
Entry *e = str2entry( buf );
/*
* Initialize text buffer
*/
bvtext.bv_len = textlen;
bvtext.bv_val = textbuf;
bvtext.bv_val[0] = '\0';
if( e == NULL ) {
fprintf( stderr, "%s: could not parse entry (line=%d)\n",
progname, lineno );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
/* make sure the DN is not empty */
if( !e->e_nname.bv_len ) {
fprintf( stderr, "%s: empty dn=\"%s\" (line=%d)\n",
progname, e->e_dn, lineno );
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
break;
}
/* check backend */
if( select_backend( &e->e_nname, is_entry_referral(e), nosubordinates )
!= be )
{
fprintf( stderr, "%s: line %d: "
"database (%s) not configured to hold \"%s\"\n",
progname, lineno,
be ? be->be_suffix[0].bv_val : "<none>",
e->e_dn );
fprintf( stderr, "%s: line %d: "
"database (%s) not configured to hold \"%s\"\n",
progname, lineno,
be ? be->be_nsuffix[0].bv_val : "<none>",
e->e_ndn );
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
break;
}
if( global_schemacheck ) {
Attribute *sc = attr_find( e->e_attrs,
slap_schema.si_ad_structuralObjectClass );
Attribute *oc = attr_find( e->e_attrs,
slap_schema.si_ad_objectClass );
if( oc == NULL ) {
fprintf( stderr, "%s: dn=\"%s\" (line=%d): %s\n",
progname, e->e_dn, lineno,
"no objectClass attribute");
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
break;
}
if( sc == NULL ) {
struct berval vals[2];
rc = structural_class( oc->a_vals, vals,
NULL, &text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n",
progname, e->e_dn, lineno, rc, text );
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
break;
}
vals[1].bv_len = 0;
vals[1].bv_val = NULL;
attr_merge( e, slap_schema.si_ad_structuralObjectClass,
vals, NULL /* FIXME */ );
}
/* check schema */
rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n",
progname, e->e_dn, lineno, rc, text );
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
break;
}
}
if ( SLAP_LASTMOD(be) ) {
struct tm *ltm;
time_t now = slap_get_time();
char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
struct berval vals[ 2 ];
struct berval name, timestamp;
struct berval nvals[ 2 ];
struct berval nname;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
vals[1].bv_len = 0;
vals[1].bv_val = NULL;
nvals[1].bv_len = 0;
nvals[1].bv_val = NULL;
ltm = gmtime(&now);
lutil_gentime( timebuf, sizeof(timebuf), ltm );
csn.bv_len = lutil_csnstr( csnbuf, sizeof( csnbuf ), 0, 0 );
csn.bv_val = csnbuf;
timestamp.bv_val = timebuf;
timestamp.bv_len = strlen(timebuf);
if ( be->be_rootndn.bv_len == 0 ) {
name.bv_val = SLAPD_ANONYMOUS;
name.bv_len = sizeof(SLAPD_ANONYMOUS) - 1;
nname.bv_val = SLAPD_ANONYMOUS;
nname.bv_len = sizeof(SLAPD_ANONYMOUS) - 1;
} else {
name = be->be_rootdn;
nname = be->be_rootndn;
}
if( attr_find( e->e_attrs, slap_schema.si_ad_entryUUID )
== NULL )
{
vals[0].bv_len = lutil_uuidstr( uuidbuf, sizeof( uuidbuf ) );
vals[0].bv_val = uuidbuf;
attr_merge_normalize_one( e,
slap_schema.si_ad_entryUUID, vals, NULL );
}
if( attr_find( e->e_attrs, slap_schema.si_ad_creatorsName )
== NULL )
{
vals[0] = name;
nvals[0] = nname;
attr_merge( e, slap_schema.si_ad_creatorsName, vals, nvals );
}
if( attr_find( e->e_attrs, slap_schema.si_ad_modifiersName )
== NULL )
{
vals[0] = name;
nvals[0] = nname;
attr_merge( e, slap_schema.si_ad_modifiersName, vals, nvals );
}
if( attr_find( e->e_attrs, slap_schema.si_ad_createTimestamp )
== NULL )
{
vals[0] = timestamp;
attr_merge( e, slap_schema.si_ad_createTimestamp, vals, NULL );
}
if( attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp )
== NULL )
{
vals[0] = timestamp;
attr_merge( e, slap_schema.si_ad_modifyTimestamp, vals, NULL );
}
if( attr_find( e->e_attrs, slap_schema.si_ad_entryCSN )
== NULL )
{
vals[0] = csn;
attr_merge( e, slap_schema.si_ad_entryCSN, vals, NULL );
}
if ( !is_entry_syncProviderSubentry( e ) &&
!is_entry_syncConsumerSubentry( e ) &&
update_ctxcsn != SLAP_TOOL_CTXCSN_KEEP ) {
attr = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
if ( maxcsn.bv_len != 0 ) {
value_match( &match, slap_schema.si_ad_entryCSN,
slap_schema.si_ad_entryCSN->ad_type->sat_ordering,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
&maxcsn, &attr->a_nvals[0], &text );
} else {
match = -1;
}
if ( match < 0 ) {
if ( maxcsn.bv_val )
ch_free( maxcsn.bv_val );
ber_dupbv( &maxcsn, &attr->a_nvals[0] );
}
}
}
if ( update_ctxcsn == SLAP_TOOL_CTXCSN_KEEP &&
( replica_promotion || replica_demotion )) {
if ( is_entry_syncProviderSubentry( e )) {
if ( !LDAP_SLIST_EMPTY( &consumer_subentry )) {
fprintf( stderr, "%s: consumer and provider subentries "
"are both present\n", progname );
rc = EXIT_FAILURE;
entry_free( e );
sei = LDAP_SLIST_FIRST( &consumer_subentry );
while ( sei ) {
ch_free( sei->cn.bv_val );
ch_free( sei->ndn.bv_val );
ch_free( sei->rdn.bv_val );
ch_free( sei->cookie.bv_val );
LDAP_SLIST_REMOVE_HEAD( &consumer_subentry, sei_next );
ch_free( sei );
sei = LDAP_SLIST_FIRST( &consumer_subentry );
}
break;
}
if ( provider_subentry ) {
fprintf( stderr, "%s: multiple provider subentries are "
"present : add -w flag to refresh\n", progname );
rc = EXIT_FAILURE;
entry_free( e );
break;
}
attr = attr_find( e->e_attrs, slap_schema.si_ad_contextCSN );
if ( attr == NULL ) {
entry_free( e );
continue;
}
provider_subentry = 1;
ber_dupbv( &maxcsn, &attr->a_nvals[0] );
} else if ( is_entry_syncConsumerSubentry( e )) {
if ( provider_subentry ) {
fprintf( stderr, "%s: consumer and provider subentries "
"are both present\n", progname );
rc = EXIT_FAILURE;
entry_free( e );
break;
}
attr = attr_find( e->e_attrs, slap_schema.si_ad_cn );
if ( attr == NULL ) {
entry_free( e );
continue;
}
if ( !LDAP_SLIST_EMPTY( &consumer_subentry )) {
LDAP_SLIST_FOREACH( sei, &consumer_subentry, sei_next ) {
value_match( &match, slap_schema.si_ad_cn,
slap_schema.si_ad_cn->ad_type->sat_equality,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
&sei->cn, &attr->a_nvals[0], &text );
}
if ( !match ) {
fprintf( stderr, "%s: multiple consumer subentries "
"have the same id : add -w flag to refresh\n",
progname );
rc = EXIT_FAILURE;
entry_free( e );
sei = LDAP_SLIST_FIRST( &consumer_subentry );
while ( sei ) {
ch_free( sei->cn.bv_val );
ch_free( sei->ndn.bv_val );
ch_free( sei->rdn.bv_val );
ch_free( sei->cookie.bv_val );
LDAP_SLIST_REMOVE_HEAD( &consumer_subentry, sei_next );
ch_free( sei );
sei = LDAP_SLIST_FIRST( &consumer_subentry );
}
break;
}
}
sei = ch_calloc( 1, sizeof( struct subentryinfo ));
ber_dupbv( &sei->cn, &attr->a_nvals[0] );
ber_dupbv( &sei->ndn, &e->e_nname );
dnExtractRdn( &sei->ndn, &sei->rdn, NULL );
attr = attr_find( e->e_attrs, slap_schema.si_ad_syncreplCookie );
if ( attr == NULL ) {
ch_free( sei->cn.bv_val );
ch_free( sei->ndn.bv_val );
ch_free( sei->rdn.bv_val );
ch_free( sei->cookie.bv_val );
ch_free( sei );
entry_free( e );
continue;
}
ber_dupbv( &sei->cookie, &attr->a_nvals[0] );
LDAP_SLIST_INSERT_HEAD( &consumer_subentry, sei, sei_next );
}
}
if (( !is_entry_syncProviderSubentry( e ) &&
!is_entry_syncConsumerSubentry( e )) ||
( !replica_promotion && !replica_demotion )) {
if (!dryrun) {
ID id = be->be_entry_put( be, e, &bvtext );
if( id == NOID ) {
fprintf( stderr, "%s: could not add entry dn=\"%s\" "
"(line=%d): %s\n", progname, e->e_dn,
lineno, bvtext.bv_val );
rc = EXIT_FAILURE;
entry_free( e );
if( continuemode ) continue;
break;
}
if ( verbose ) {
fprintf( stderr, "added: \"%s\" (%08lx)\n",
e->e_dn, (long) id );
}
} else {
if ( verbose ) {
fprintf( stderr, "(dry) added: \"%s\"\n", e->e_dn );
}
}
}
entry_free( e );
}
bvtext.bv_len = textlen;
bvtext.bv_val = textbuf;
bvtext.bv_val[0] = '\0';
if ( !LDAP_SLIST_EMPTY( &consumer_subentry )) {
maxcsn.bv_len = 0;
maxcsn.bv_val = NULL;
LDAP_SLIST_FOREACH( sei, &consumer_subentry, sei_next ) {
if ( maxcsn.bv_len != 0 ) {
value_match( &match, slap_schema.si_ad_syncreplCookie,
slap_schema.si_ad_syncreplCookie->ad_type->sat_ordering,
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
&maxcsn, &sei->cookie, &text );
} else {
match = -1;
}
if ( match < 0 ) {
if ( maxcsn.bv_val )
ch_free( maxcsn.bv_val );
ber_dupbv( &maxcsn, &sei->cookie );
}
}
}
if ( SLAP_LASTMOD(be) && replica_promotion ) {
if ( provider_subentry || update_ctxcsn == SLAP_TOOL_CTXCSN_BATCH ||
!LDAP_SLIST_EMPTY( &consumer_subentry )) {
build_new_dn( &ctxcsn_ndn, &be->be_nsuffix[0],
(struct berval *)&slap_ldapsync_cn_bv, NULL );
ctxcsn_id = be->be_dn2id_get( be, &ctxcsn_ndn );
if ( ctxcsn_id == NOID ) {
ctxcsn_e = slap_create_context_csn_entry( be, &maxcsn );
if ( !dryrun ) {
ctxcsn_id = be->be_entry_put( be, ctxcsn_e, &bvtext );
if( ctxcsn_id == NOID ) {
fprintf( stderr, "%s: could not add ctxcsn subentry\n",
progname);
rc = EXIT_FAILURE;
}
if ( verbose ) {
fprintf( stderr, "added: \"%s\" (%08lx)\n",
ctxcsn_e->e_dn, (long) ctxcsn_id );
}
} else {
if ( verbose ) {
fprintf( stderr, "(dry) added: \"%s\"\n", ctxcsn_e->e_dn );
}
}
entry_free( ctxcsn_e );
} else {
ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
if ( ret == LDAP_SUCCESS ) {
attr = attr_find( ctxcsn_e->e_attrs,
slap_schema.si_ad_contextCSN );
AC_MEMCPY( attr->a_vals[0].bv_val, maxcsn.bv_val, maxcsn.bv_len );
attr->a_vals[0].bv_val[maxcsn.bv_len] = '\0';
attr->a_vals[0].bv_len = maxcsn.bv_len;
if ( !dryrun ) {
ctxcsn_id = be->be_entry_modify( be, ctxcsn_e, &bvtext );
if( ctxcsn_id == NOID ) {
fprintf( stderr, "%s: could not modify ctxcsn "
"subentry\n", progname);
rc = EXIT_FAILURE;
}
if ( verbose ) {
fprintf( stderr, "modified: \"%s\" (%08lx)\n",
ctxcsn_e->e_dn, (long) ctxcsn_id );
}
} else {
if ( verbose ) {
fprintf( stderr, "(dry) modified: \"%s\"\n",
ctxcsn_e->e_dn );
}
}
} else {
fprintf( stderr, "%s: could not modify ctxcsn subentry\n",
progname);
rc = EXIT_FAILURE;
}
}
}
} else if ( SLAP_LASTMOD(be) && replica_demotion &&
( update_ctxcsn == SLAP_TOOL_CTXCSN_BATCH ||
provider_subentry )) {
ber_dupbv( &slap_syncrepl_bv, (struct berval *) &slap_syncrepl_bvc );
ber_dupbv( &slap_syncrepl_cn_bv,
(struct berval *) &slap_syncrepl_cn_bvc );
if ( replica_id_list == NULL ) {
replica_id_list = ch_calloc( 2, sizeof( int ));
replica_id_list[0] = 0;
replica_id_list[1] = -1;
}
for ( i = 0; replica_id_list[i] > -1 ; i++ ) {
slap_syncrepl_bv.bv_len = snprintf( slap_syncrepl_bv.bv_val,
slap_syncrepl_bvc.bv_len,
"syncrepl%d", replica_id_list[i] );
slap_syncrepl_cn_bv.bv_len = snprintf( slap_syncrepl_cn_bv.bv_val,
slap_syncrepl_cn_bvc.bv_len,
"cn=syncrepl%d", replica_id_list[i] );
build_new_dn( &ctxcsn_ndn, &be->be_nsuffix[0],
(struct berval *)&slap_syncrepl_cn_bv, NULL );
ctxcsn_id = be->be_dn2id_get( be, &ctxcsn_ndn );
if ( ctxcsn_id == NOID ) {
ctxcsn_e = slap_create_syncrepl_entry( be, &maxcsn,
&slap_syncrepl_cn_bv,
&slap_syncrepl_bv );
if ( !dryrun ) {
ctxcsn_id = be->be_entry_put( be, ctxcsn_e, &bvtext );
if( ctxcsn_id == NOID ) {
fprintf( stderr, "%s: could not add ctxcsn subentry\n",
progname);
rc = EXIT_FAILURE;
}
if ( verbose ) {
fprintf( stderr, "added: \"%s\" (%08lx)\n",
ctxcsn_e->e_dn, (long) ctxcsn_id );
}
} else {
if ( verbose ) {
fprintf( stderr, "(dry) added: \"%s\"\n",
ctxcsn_e->e_dn );
}
}
entry_free( ctxcsn_e );
} else {
ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
if ( ret == LDAP_SUCCESS ) {
attr = attr_find( ctxcsn_e->e_attrs,
slap_schema.si_ad_syncreplCookie );
AC_MEMCPY( attr->a_vals[0].bv_val, maxcsn.bv_val, maxcsn.bv_len );
attr->a_vals[0].bv_val[maxcsn.bv_len] = '\0';
attr->a_vals[0].bv_len = maxcsn.bv_len;
if ( !dryrun ) {
ctxcsn_id = be->be_entry_modify( be,
ctxcsn_e, &bvtext );
if( ctxcsn_id == NOID ) {
fprintf( stderr, "%s: could not modify ctxcsn "
"subentry\n", progname);
rc = EXIT_FAILURE;
}
if ( verbose ) {
fprintf( stderr, "modified: \"%s\" (%08lx)\n",
ctxcsn_e->e_dn, (long) ctxcsn_id );
}
} else {
if ( verbose ) {
fprintf( stderr, "(dry) modified: \"%s\"\n",
ctxcsn_e->e_dn );
}
}
} else {
fprintf( stderr, "%s: could not modify ctxcsn subentry\n",
progname);
rc = EXIT_FAILURE;
}
}
}
if ( slap_syncrepl_bv.bv_val ) {
ch_free( slap_syncrepl_bv.bv_val );
}
if ( slap_syncrepl_cn_bv.bv_val ) {
ch_free( slap_syncrepl_cn_bv.bv_val );
}
} else if ( SLAP_LASTMOD(be) && replica_demotion &&
!LDAP_SLIST_EMPTY( &consumer_subentry )) {
LDAP_SLIST_FOREACH( sei, &consumer_subentry, sei_next ) {
ctxcsn_id = be->be_dn2id_get( be, &sei->ndn );
if ( ctxcsn_id == NOID ) {
ctxcsn_e = slap_create_syncrepl_entry( be, &sei->cookie,
&sei->rdn, &sei->cn );
if ( !dryrun ) {
ctxcsn_id = be->be_entry_put( be, ctxcsn_e, &bvtext );
if( ctxcsn_id == NOID ) {
fprintf( stderr, "%s: could not add ctxcsn subentry\n",
progname);
rc = EXIT_FAILURE;
}
if ( verbose ) {
fprintf( stderr, "added: \"%s\" (%08lx)\n",
ctxcsn_e->e_dn, (long) ctxcsn_id );
}
} else {
if ( verbose ) {
fprintf( stderr, "(dry) added: \"%s\"\n",
ctxcsn_e->e_dn );
}
}
entry_free( ctxcsn_e );
} else {
ret = be->be_id2entry_get( be, ctxcsn_id, &ctxcsn_e );
if ( ret == LDAP_SUCCESS ) {
attr = attr_find( ctxcsn_e->e_attrs,
slap_schema.si_ad_syncreplCookie );
AC_MEMCPY( attr->a_vals[0].bv_val, maxcsn.bv_val, maxcsn.bv_len );
attr->a_vals[0].bv_val[maxcsn.bv_len] = '\0';
attr->a_vals[0].bv_len = maxcsn.bv_len;
if ( !dryrun ) {
ctxcsn_id = be->be_entry_modify( be,
ctxcsn_e, &bvtext );
if( ctxcsn_id == NOID ) {
fprintf( stderr, "%s: could not modify ctxcsn "
"subentry\n", progname);
rc = EXIT_FAILURE;
}
if ( verbose ) {
fprintf( stderr, "modified: \"%s\" (%08lx)\n",
ctxcsn_e->e_dn, (long) ctxcsn_id );
}
} else {
if ( verbose ) {
fprintf( stderr, "(dry) modified: \"%s\"\n",
ctxcsn_e->e_dn );
}
}
} else {
fprintf( stderr, "%s: could not modify ctxcsn subentry\n",
progname);
rc = EXIT_FAILURE;
}
}
}
if ( slap_syncrepl_bv.bv_val ) {
ch_free( slap_syncrepl_bv.bv_val );
}
if ( slap_syncrepl_cn_bv.bv_val ) {
ch_free( slap_syncrepl_cn_bv.bv_val );
}
}
sei = LDAP_SLIST_FIRST( &consumer_subentry );
while ( sei ) {
ch_free( sei->cn.bv_val );
ch_free( sei->ndn.bv_val );
ch_free( sei->rdn.bv_val );
ch_free( sei->cookie.bv_val );
LDAP_SLIST_REMOVE_HEAD( &consumer_subentry, sei_next );
ch_free( sei );
sei = LDAP_SLIST_FIRST( &consumer_subentry );
}
ch_free( buf );
if( be->be_entry_close( be )) rc = EXIT_FAILURE;
if( be->be_sync ) {
be->be_sync( be );
}
slap_tool_destroy();
return rc;
}

117
servers/slapd/tools/slapcat.c
View file

@ -1,117 +0,0 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2004 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Kurt Zeilenga for inclusion
* in OpenLDAP Software. Additional signficant contributors include
* Jong Hyuk Choi
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/socket.h>
#include <ac/string.h>
#include "slapcommon.h"
int
main( int argc, char **argv )
{
ID id;
int rc = EXIT_SUCCESS;
Operation op = {0};
slap_tool_init( "slapcat", SLAPCAT, argc, argv );
if( !be->be_entry_open ||
!be->be_entry_close ||
!be->be_entry_first ||
!be->be_entry_next ||
!be->be_entry_get )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
exit( EXIT_FAILURE );
}
if( be->be_entry_open( be, 0 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
for ( id = be->be_entry_first( be );
id != NOID;
id = be->be_entry_next( be ) )
{
char *data;
int len;
Entry* e = be->be_entry_get( be, id );
op.o_bd = be;
if ( e == NULL ) {
printf("# no data for entry id=%08lx\n\n", (long) id );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
if( sub_ndn.bv_len && !dnIsSuffix( &e->e_nname, &sub_ndn ) ) {
be_entry_release_r( &op, e );
continue;
}
if ( retrieve_ctxcsn == 0 ) {
if ( is_entry_syncProviderSubentry( e ) ) {
be_entry_release_r( &op, e );
continue;
}
}
if ( retrieve_synccookie == 0 ) {
if ( is_entry_syncConsumerSubentry( e ) ) {
be_entry_release_r( &op, e );
continue;
}
}
if( verbose ) {
printf( "# id=%08lx\n", (long) id );
}
data = entry2str( e, &len );
be_entry_release_r( &op, e );
if ( data == NULL ) {
printf("# bad data for entry id=%08lx\n\n", (long) id );
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
fputs( data, ldiffp );
fputs( "\n", ldiffp );
}
be->be_entry_close( be );
slap_tool_destroy();
return rc;
}

441
servers/slapd/tools/slapcommon.c
View file

@ -1,441 +0,0 @@
/* slapcommon.c - common routine for the slap tools */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2004 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Kurt Zeilenga for inclusion
* in OpenLDAP Software. Additional signficant contributors include
* Jong Hyuk Choi
* Hallvard B. Furuseth
* Howard Chu
* Pierangelo Masarati
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/socket.h>
#include <ac/unistd.h>
#include "slapcommon.h"
#include "lutil.h"
char *progname = NULL;
char *conffile = SLAPD_DEFAULT_CONFIGFILE;
int truncatemode = 0;
int verbose = 0;
int update_ctxcsn = SLAP_TOOL_CTXCSN_KEEP;
int retrieve_ctxcsn = 0;
int retrieve_synccookie = 0;
int replica_promotion = 0;
int replica_demotion = 0;
char *replica_id_string = NULL;
char **replica_id_strlist = NULL;
int *replica_id_list = NULL;
int continuemode = 0;
int nosubordinates = 0;
int dryrun = 0;
struct berval sub_ndn = { 0, NULL };
char *ldiffile = NULL;
FILE *ldiffp = NULL;
#ifdef CSRIMALLOC
char *leakfilename;
FILE *leakfile;
#endif
Backend *be = NULL;
static void
usage( int tool )
{
char *options = NULL;
fprintf( stderr,
"usage: %s [-v] [-c] [-d debuglevel] [-f configfile]\n"
"\t[-n databasenumber | -b suffix]", progname );
switch( tool ) {
case SLAPADD:
options = "\n\t[-l ldiffile] [-u] [-p [-w] | -r [-i syncreplidlist] [-w]]\n";
break;
case SLAPCAT:
options = "\t[-l ldiffile] [-m] [-k]\n";
break;
case SLAPINDEX:
options = "\n";
break;
}
if( options != NULL ) {
fputs( options, stderr );
}
exit( EXIT_FAILURE );
}
/*
* slap_tool_init - initialize slap utility, handle program options.
* arguments:
* name program name
* tool tool code
* argc, argv command line arguments
*/
void
slap_tool_init(
const char* name,
int tool,
int argc, char **argv )
{
char *options;
struct berval base = { 0, NULL };
char *subtree = NULL;
int rc, i, dbnum;
int mode = SLAP_TOOL_MODE;
progname = lutil_progname( name, argc, argv );
#ifdef CSRIMALLOC
leakfilename = malloc( strlen( progname ) + sizeof(".leak") );
sprintf( leakfilename, "%s.leak", progname );
if( ( leakfile = fopen( leakfilename, "w" )) == NULL ) {
leakfile = stderr;
}
free( leakfilename );
#endif
switch( tool ) {
case SLAPADD:
options = "b:cd:f:i:l:n:prtuvWw";
break;
case SLAPINDEX:
options = "b:cd:f:n:v";
mode |= SLAP_TOOL_READMAIN;
break;
case SLAPCAT:
options = "b:cd:f:kl:mn:s:v";
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
break;
default:
fprintf( stderr, "%s: unknown tool mode (%d)\n",
progname, tool );
exit( EXIT_FAILURE );
}
ldiffile = NULL;
conffile = SLAPD_DEFAULT_CONFIGFILE;
dbnum = -1;
while ( (i = getopt( argc, argv, options )) != EOF ) {
switch ( i ) {
case 'b':
base.bv_val = strdup( optarg );
base.bv_len = strlen( base.bv_val );
break;
case 'c': /* enable continue mode */
continuemode++;
break;
case 'd': /* turn on debugging */
ldap_debug += atoi( optarg );
break;
case 'f': /* specify a conf file */
conffile = strdup( optarg );
break;
case 'i': /* specify syncrepl id list */
replica_id_string = strdup( optarg );
if ( !isdigit( (unsigned char) *replica_id_string )) {
usage( tool );
exit( EXIT_FAILURE );
}
str2clist( &replica_id_strlist, replica_id_string, "," );
for ( i = 0; replica_id_strlist && replica_id_strlist[i]; i++ ) ;
replica_id_list = ch_calloc( i + 1, sizeof( int ) );
for ( i = 0; replica_id_strlist && replica_id_strlist[i]; i++ ) {
replica_id_list[i] = atoi( replica_id_strlist[i] );
if ( replica_id_list[i] >= 1000 ) {
fprintf(stderr,
"%s: syncrepl id %d is out of range [0..999]\n",
progname, replica_id_list[i] );
exit( EXIT_FAILURE );
}
}
replica_id_list[i] = -1;
break;
case 'k': /* Retrieve sync cookie entry */
retrieve_synccookie = 1;
break;
case 'l': /* LDIF file */
ldiffile = strdup( optarg );
break;
case 'm': /* Retrieve ldapsync entry */
retrieve_ctxcsn = 1;
break;
case 'n': /* which config file db to index */
dbnum = atoi( optarg ) - 1;
break;
case 'p': /* replica promotion */
replica_promotion = 1;
break;
case 'r': /* replica demotion */
replica_demotion = 1;
break;
case 's': /* dump subtree */
subtree = strdup( optarg );
break;
case 't': /* turn on truncate */
truncatemode++;
mode |= SLAP_TRUNCATE_MODE;
break;
case 'u': /* dry run */
dryrun++;
break;
case 'v': /* turn on verbose */
verbose++;
break;
case 'W': /* write context csn on every entry add */
update_ctxcsn = SLAP_TOOL_CTXCSN_BATCH;
/* FIXME : update_ctxcsn = SLAP_TOOL_CTXCSN_ENTRY; */
break;
case 'w': /* write context csn on at the end */
update_ctxcsn = SLAP_TOOL_CTXCSN_BATCH;
break;
default:
usage( tool );
break;
}
}
if ( ( argc != optind ) || (dbnum >= 0 && base.bv_val != NULL ) ) {
usage( tool );
}
if ( replica_promotion && replica_demotion ) {
usage( tool );
} else if ( !replica_promotion && !replica_demotion ) {
if ( update_ctxcsn != SLAP_TOOL_CTXCSN_KEEP ) {
usage( tool );
}
}
if ( ldiffile == NULL ) {
ldiffp = tool == SLAPCAT ? stdout : stdin;
} else if( (ldiffp = fopen( ldiffile, tool == SLAPCAT ? "w" : "r" ))
== NULL )
{
perror( ldiffile );
exit( EXIT_FAILURE );
}
/*
* initialize stuff and figure out which backend we're dealing with
*/
#ifdef SLAPD_MODULES
if ( module_init() != 0 ) {
fprintf( stderr, "%s: module_init failed!\n", progname );
exit( EXIT_FAILURE );
}
#endif
rc = slap_init( mode, progname );
if ( rc != 0 ) {
fprintf( stderr, "%s: slap_init failed!\n", progname );
exit( EXIT_FAILURE );
}
rc = slap_schema_init();
if ( rc != 0 ) {
fprintf( stderr, "%s: slap_schema_init failed!\n", progname );
exit( EXIT_FAILURE );
}
rc = read_config( conffile, 0 );
if ( rc != 0 ) {
fprintf( stderr, "%s: bad configuration file!\n", progname );
exit( EXIT_FAILURE );
}
if ( !nbackends ) {
fprintf( stderr, "No databases found in config file\n" );
exit( EXIT_FAILURE );
}
rc = glue_sub_init();
if ( rc != 0 ) {
fprintf( stderr, "Subordinate configuration error\n" );
exit( EXIT_FAILURE );
}
rc = slap_schema_check();
if ( rc != 0 ) {
fprintf( stderr, "%s: slap_schema_prep failed!\n", progname );
exit( EXIT_FAILURE );
}
if( subtree ) {
struct berval val;
val.bv_val = subtree;
val.bv_len = strlen( subtree );
rc = dnNormalize( 0, NULL, NULL, &val, &sub_ndn, NULL );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "Invalid subtree DN '%s'\n", optarg );
exit( EXIT_FAILURE );
}
if( base.bv_val == NULL && dbnum == -1 )
base = val;
else
free( subtree );
}
if( base.bv_val != NULL ) {
struct berval nbase;
rc = dnNormalize( 0, NULL, NULL, &base, &nbase, NULL );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: slap_init invalid suffix (\"%s\")\n",
progname, base.bv_val );
exit( EXIT_FAILURE );
}
be = select_backend( &nbase, 0, 0 );
ber_memfree( nbase.bv_val );
if( be == NULL ) {
fprintf( stderr, "%s: slap_init no backend for \"%s\"\n",
progname, base.bv_val );
exit( EXIT_FAILURE );
}
/* If the named base is a glue master, operate on the
* entire context
*/
if (SLAP_GLUE_INSTANCE(be)) {
nosubordinates = 1;
}
} else if ( dbnum == -1 ) {
if ( nbackends <= 0 ) {
fprintf( stderr, "No available databases\n" );
exit( EXIT_FAILURE );
}
be = &backends[dbnum=0];
/* If just doing the first by default and it is a
* glue subordinate, find the master.
*/
while (SLAP_GLUE_SUBORDINATE(be) || SLAP_MONITOR(be)) {
if (SLAP_GLUE_SUBORDINATE(be)) {
nosubordinates = 1;
}
be++;
dbnum++;
}
if ( dbnum >= nbackends ) {
fprintf( stderr, "Available database(s) "
"do not allow %s\n", name );
exit( EXIT_FAILURE );
}
if ( nosubordinates == 0 && dbnum > 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACKEND, ERR,
"The first database does not allow %s; using the first available one (%d)\n",
name, dbnum + 1, 0 );
#else
Debug( LDAP_DEBUG_ANY,
"The first database does not allow %s; using the first available one (%d)\n",
name, dbnum + 1, 0 );
#endif
}
} else if ( dbnum < 0 || dbnum > (nbackends-1) ) {
fprintf( stderr,
"Database number selected via -n is out of range\n"
"Must be in the range 1 to %d"
" (number of databases in the config file)\n",
nbackends );
exit( EXIT_FAILURE );
} else {
be = &backends[dbnum];
}
#ifdef CSRIMALLOC
mal_leaktrace(1);
#endif
if ( slap_startup( be ) ) {
fprintf( stderr, "slap_startup failed\n" );
exit( EXIT_FAILURE );
}
}
void slap_tool_destroy( void )
{
slap_shutdown( be );
slap_destroy();
#ifdef SLAPD_MODULES
if ( slapMode == SLAP_SERVER_MODE ) {
/* always false. just pulls in necessary symbol references. */
lutil_uuidstr(NULL, 0);
}
module_kill();
#endif
schema_destroy();
#ifdef HAVE_TLS
ldap_pvt_tls_destroy();
#endif
config_destroy();
#ifdef CSRIMALLOC
mal_dumpleaktrace( leakfile );
#endif
}

62
servers/slapd/tools/slapcommon.h
View file

@ -1,62 +0,0 @@
/* slapcommon.h - common definitions for the slap tools */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2004 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
#ifndef SLAPCOMMON_H_
#define SLAPCOMMON_H_ 1
#define SLAPD_TOOLS 1
#include "../slap.h"
enum slaptool {
SLAPCAT=1, /* database -> LDIF tool */
SLAPADD, /* LDIF -> database tool */
SLAPINDEX, /* database index tool */
SLAPTEST /* database testing tool */
};
#define SLAP_TOOL_CTXCSN_KEEP 0
#define SLAP_TOOL_CTXCSN_ENTRY 1
#define SLAP_TOOL_CTXCSN_BATCH 2
extern char *progname;
extern char *conffile;
extern Backend *be;
extern int appendmode;
extern int verbose;
extern int update_ctxcsn;
extern int retrieve_ctxcsn;
extern int retrieve_synccookie;
extern int replica_promotion;
extern int replica_demotion;
extern char *replica_id_string;
extern char **replica_id_strlist;
extern int *replica_id_list;
extern int continuemode;
extern int nosubordinates;
extern int dryrun;
extern struct berval sub_ndn;
extern char *ldiffile;
extern FILE *ldiffp;
void slap_tool_init LDAP_P((
const char* name,
int tool,
int argc, char **argv ));
void slap_tool_destroy LDAP_P((void));
#endif /* SLAPCOMMON_H_ */

82
servers/slapd/tools/slapindex.c
View file

@ -1,82 +0,0 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2004 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Kurt Zeilenga for inclusion
* in OpenLDAP Software.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/socket.h>
#include <ac/unistd.h>
#include "slapcommon.h"
int
main( int argc, char **argv )
{
ID id;
int rc = EXIT_SUCCESS;
slap_tool_init( "slapindex", SLAPINDEX, argc, argv );
if( !be->be_entry_open ||
!be->be_entry_close ||
!be->be_entry_first ||
!be->be_entry_next ||
!be->be_entry_reindex )
{
fprintf( stderr, "%s: database doesn't support necessary operations.\n",
progname );
exit( EXIT_FAILURE );
}
if( be->be_entry_open( be, 0 ) != 0 ) {
fprintf( stderr, "%s: could not open database.\n",
progname );
exit( EXIT_FAILURE );
}
for ( id = be->be_entry_first( be );
id != NOID;
id = be->be_entry_next( be ) )
{
int rtn;
if( verbose ) {
printf("indexing id=%08lx\n", (long) id );
}
rtn = be->be_entry_reindex( be, id );
if( rtn != LDAP_SUCCESS ) {
rc = EXIT_FAILURE;
if( continuemode ) continue;
break;
}
}
(void) be->be_entry_close( be );
slap_tool_destroy();
return( rc );
}

149
servers/slapd/tools/slappasswd.c
View file

@ -1,149 +0,0 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2004 The OpenLDAP Foundation.
* Portions Copyright 1998-2003 Kurt D. Zeilenga.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Kurt Zeilenga for inclusion
* in OpenLDAP Software.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/signal.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>
#include <ac/unistd.h>
#include <ldap.h>
#include <lutil.h>
#include "ldap_defaults.h"
static int verbose = 0;
static void
usage(const char *s)
{
fprintf(stderr,
"Usage: %s [options]\n"
" -h hash\tpassword scheme\n"
" -s secret\tnew password\n"
" -c format\tcrypt(3) salt format\n"
" -u\t\tgenerate RFC2307 values (default)\n"
" -v\t\tincrease verbosity\n"
" -T file\tread file for new password\n"
, s );
exit( EXIT_FAILURE );
}
int
main( int argc, char *argv[] )
{
char *scheme = "{SSHA}";
char *newpw = NULL;
char *pwfile = NULL;
const char *text;
int i;
struct berval passwd;
struct berval *hash = NULL;
while( (i = getopt( argc, argv,
"c:d:h:s:T:vu" )) != EOF )
{
switch (i) {
case 'c': /* crypt salt format */
scheme = "{CRYPT}";
lutil_salt_format( optarg );
break;
case 'h': /* scheme */
scheme = strdup( optarg );
break;
case 's': /* new password (secret) */
{
char* p;
newpw = strdup( optarg );
for( p = optarg; *p != '\0'; p++ ) {
*p = '\0';
}
} break;
case 'T': /* password file */
pwfile = optarg;
break;
case 'u': /* RFC2307 userPassword */
break;
case 'v': /* verbose */
verbose++;
break;
default:
usage (argv[0]);
}
}
if( argc - optind != 0 ) {
usage( argv[0] );
}
if( pwfile != NULL ) {
if( lutil_get_filed_password( pwfile, &passwd )) {
return EXIT_FAILURE;
}
} else {
if( newpw == NULL ) {
/* prompt for new password */
char *cknewpw;
newpw = strdup(getpassphrase("New password: "));
cknewpw = getpassphrase("Re-enter new password: ");
if( strcmp( newpw, cknewpw )) {
fprintf( stderr, "Password values do not match\n" );
return EXIT_FAILURE;
}
}
passwd.bv_val = newpw;
passwd.bv_len = strlen(passwd.bv_val);
}
hash = lutil_passwd_hash( &passwd, scheme, &text );
if( hash == NULL || hash->bv_val == NULL ) {
fprintf( stderr,
"Password generation failed for scheme %s: %s\n",
scheme, text ? text : "" );
return EXIT_FAILURE;
}
if( lutil_passwd( hash, &passwd, NULL, &text ) ) {
fprintf( stderr, "Password verification failed. %s\n",
text ? text : "" );
return EXIT_FAILURE;
}
printf( "%s\n" , hash->bv_val );
return EXIT_SUCCESS;
}