upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Backout previous changes made by Dave as they excessive reformatting,

Browse source 
reindentation, and use of spaces instead of tab.  Diffs will be reviewed
to identify and commit only functional changes as time permits.
Note: this is more my fault than Dave's.   I should have provided
clearer guidance.   Live and learn.
This commit is contained in:
Kurt Zeilenga 1998-12-14 10:10:41 +00:00
parent 9df2f4f424
commit 65e4923d75
5 changed files with 599 additions and 967 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

221
clients/tools/ldapdelete.c
View file

@ -12,32 +12,17 @@
#include <lber.h>
#include <ldap.h>
static char *binddn = NULL;
static char *passwd = NULL;
static char *base = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
static int not, verbose, contoper;
static LDAP *ld;
#define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \
realloc( ptr, size ))
static void
usage(char *s)
{
fprintf(stderr, "Usage: %s [options] [dn]...", s);
fprintf(stderr, " -c\t\tcontinuous operation mode\n");
fprintf(stderr, " -D bindnd\tbind dn\n");
fprintf(stderr, " -d level\tdebugging level\n");
fprintf(stderr, " -f file\t\t\n");
fprintf(stderr, " -h host\tldap sever\n");
#ifdef HAVE_KERBEROS
fprintf(stderr, " -K\t\tuse Kerberos step 1\n");
fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n");
#endif
fprintf(stderr, " -n\t\t make no modifications\n");
fprintf(stderr, " -p port\tldap port\n");
fprintf(stderr, " -v\t\tverbose\n");
fprintf(stderr, " -W\t\tprompt for bind password\n");
fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n");
exit(1);
}
static int dodelete LDAP_P((
LDAP *ld,
char *dn));
@ -45,146 +30,132 @@ static int dodelete LDAP_P((
int
main( int argc, char **argv )
{
FILE *fp = NULL;
LDAP *ld = NULL;
char buf[4096];
char *binddn = NULL;
char *passwd = NULL;
char *ldaphost = NULL;
int authmethod = LDAP_AUTH_SIMPLE;
int deref = LDAP_DEREF_NEVER;
int i, rc, want_passwd;
int ldapport = LDAP_PORT;
char *usage = "usage: %s [-n] [-v] [-k] [-d debug-level] [-f file] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [dn]...\n";
char buf[ 4096 ];
FILE *fp;
int i, rc, kerberos, authmethod;
rc = not = verbose = contoper = want_passwd = 0;
kerberos = not = verbose = contoper = 0;
fp = NULL;
while ((i = getopt( argc, argv, "cD:d:f:h:Kknp:vWw:")) != EOF )
{
switch(i)
{
while (( i = getopt( argc, argv, "nvkKch:p:D:w:d:f:" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
kerberos = 2;
break;
case 'K': /* kerberos bind, part one only */
kerberos = 1;
break;
case 'c': /* continuous operation mode */
contoper++;
++contoper;
break;
case 'D': /* bind DN */
binddn = strdup(optarg);
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'd':
#ifdef LDAP_DEBUG
ldap_debug = lber_debug = atoi(optarg);
#else
fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" );
#endif
case 'D': /* bind DN */
binddn = strdup( optarg );
break;
case 'f': /* read DNs from a file */
if ((fp = fopen(optarg, "r")) == NULL)
{
perror(optarg);
return(1);
case 'w': /* password */
passwd = strdup( optarg );
break;
case 'f': /* read DNs from a file */
if (( fp = fopen( optarg, "r" )) == NULL ) {
perror( optarg );
exit( 1 );
}
break;
case 'h': /* ldap host */
ldaphost = strdup(optarg);
case 'd':
#ifdef LDAP_DEBUG
ldap_debug = lber_debug = atoi( optarg ); /* */
#else /* LDAP_DEBUG */
fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" );
#endif /* LDAP_DEBUG */
break;
case 'K': /* kerberos bind, part one only */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'k': /* kerberos bind */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'n': /* print deletes, don't actually do them */
not++;
break;
case 'p':
case 'p':
ldapport = atoi( optarg );
break;
case 'v': /* verbose mode */
case 'n': /* print deletes, don't actually do them */
++not;
break;
case 'v': /* verbose mode */
verbose++;
break;
case 'W':
want_passwd++;
break;
case 'w': /* password */
passwd = strdup(optarg);
break;
default:
usage(argv[0]);
default:
fprintf( stderr, usage, argv[0] );
exit( 1 );
}
}
if (want_passwd && !passwd)
passwd = strdup(getpass("Enter LDAP Password: "));
if (fp == NULL && optind >= argc)
fp = stdin;
if ((ld = ldap_open(ldaphost, ldapport)) == NULL) {
perror("ldap_open");
return(1);
if ( fp == NULL ) {
if ( optind >= argc ) {
fp = stdin;
}
}
/* this seems prudent */
ldap_set_option(ld, LDAP_OPT_DEREF, &deref);
if (ldap_bind_s(ld, binddn, passwd, authmethod) != LDAP_SUCCESS) {
ldap_perror(ld, "ldap_bind");
return(1);
if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) {
perror( "ldap_open" );
exit( 1 );
}
if (fp == NULL) {
for (; optind < argc; ++optind)
rc = dodelete(ld, argv[optind]);
{
/* this seems prudent */
int deref = LDAP_DEREF_NEVER;
ldap_set_option( ld, LDAP_OPT_DEREF, &deref );
}
if ( !kerberos ) {
authmethod = LDAP_AUTH_SIMPLE;
} else if ( kerberos == 1 ) {
authmethod = LDAP_AUTH_KRBV41;
} else {
authmethod = LDAP_AUTH_KRBV4;
}
if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
exit( 1 );
}
if ( fp == NULL ) {
for ( ; optind < argc; ++optind ) {
rc = dodelete( ld, argv[ optind ] );
}
} else {
rc = 0;
while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
buf[strlen(buf) - 1] = '\0'; /* remove trailing newline */
if ( *buf != '\0' )
rc = dodelete( ld, buf );
buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */
if ( *buf != '\0' ) {
rc = dodelete( ld, buf );
}
}
}
ldap_unbind(ld);
ldap_unbind( ld );
return(rc);
exit( rc );
/* UNREACHABLE */
return(0);
}
static int
dodelete(
static int dodelete(
LDAP *ld,
char *dn)
{
int rc;
if (verbose)
if ( verbose ) {
printf( "%sdeleting entry %s\n", not ? "!" : "", dn );
if (not)
}
if ( not ) {
rc = LDAP_SUCCESS;
else {
if ((rc = ldap_delete_s(ld, dn)) != LDAP_SUCCESS)
ldap_perror(ld, "ldap_delete");
else if (verbose)
printf("entry removed\n");
} else {
if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_delete" );
} else if ( verbose ) {
printf( "entry removed\n" );
}
}
return(rc);
return( rc );
}

161
clients/tools/ldapmodify.c
View file

@ -22,13 +22,13 @@
#include <ldap.h>
#include <ldif.h>
static LDAP *ld = NULL;
static char *prog;
static char *binddn = NULL;
static char *passwd = NULL;
static char *ldaphost = NULL;
static int ldapport = LDAP_PORT;
static int ldapport = 0;
static int new, replace, not, verbose, contoper, force, valsfromfiles;
static LDAP *ld;
#define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \
realloc( ptr, size ))
@ -50,30 +50,6 @@ static int new, replace, not, verbose, contoper, force, valsfromfiles;
#define T_NEWRDNSTR "newrdn"
#define T_DELETEOLDRDNSTR "deleteoldrdn"
static void
usage(char *s)
{
fprintf(stderr, "Usage: %s [options] [dn]...\n", s);
fprintf(stderr, " -a\t\tadd new entries\n");
fprintf(stderr, " -b\t\tread in binary\n");
fprintf(stderr, " -c\t\tcontinuous operation mode\n");
fprintf(stderr, " -D bindnd\tbind dn\n");
fprintf(stderr, " -d level\tdebugging level\n");
fprintf(stderr, " -F\t\tforce changes regardless of input\n");
fprintf(stderr, " -f file\tread from file\n");
fprintf(stderr, " -h host\tldap sever\n");
#ifdef HAVE_KERBEROS
fprintf(stderr, " -K\t\tuse Kerberos step 1\n");
fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n");
#endif
fprintf(stderr, " -n\t\tmake no modifications\n");
fprintf(stderr, " -p port\tldap port\n");
fprintf(stderr, " -r\t\tremove old RDN\n");
fprintf(stderr, " -v\t\tverbose\n");
fprintf(stderr, " -W\t\tprompt for bind password\n");
fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n");
exit(1);
}
static int process_ldapmod_rec LDAP_P(( char *rbuf ));
static int process_ldif_rec LDAP_P(( char *rbuf ));
@ -86,45 +62,58 @@ static void freepmods LDAP_P(( LDAPMod **pmods ));
static int fromfile LDAP_P(( char *path, struct berval *bv ));
static char *read_one_record LDAP_P(( FILE *fp ));
int
main(int argc, char **argv)
main( int argc, char **argv )
{
char *infile = NULL;
char *rbuf, *start, *p, *q;
FILE *fp = NULL;
int rc, i, use_ldif, want_passwd;
int authmethod = LDAP_AUTH_SIMPLE;
char *infile, *rbuf, *start, *p, *q;
FILE *fp;
int rc, i, kerberos, use_ldif, authmethod;
char *usage = "usage: %s [-abcknrvF] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile ]\n";
if ((prog = strrchr(argv[0], '/')) == NULL)
prog = argv[0];
else
prog++;
if (( prog = strrchr( argv[ 0 ], '/' )) == NULL ) {
prog = argv[ 0 ];
} else {
++prog;
}
new = ( strcmp( prog, "ldapadd" ) == 0 );
new = (strcmp(prog, "ldapadd") == 0);
infile = NULL;
kerberos = not = verbose = valsfromfiles = 0;
not = verbose = valsfromfiles = want_passwd = 0;
while ((i = getopt(argc, argv, "abcD:d:Ff:h:Kknp:rtvWw:")) != EOF)
{
switch(i)
{
while (( i = getopt( argc, argv, "FabckKnrtvh:p:D:w:d:f:" )) != EOF ) {
switch( i ) {
case 'a': /* add */
new = 1;
break;
case 'b': /* read values from files (for binary attributes) */
case 'b': /* read values from files (for binary attributes) */
valsfromfiles = 1;
break;
case 'c': /* continuous operation */
case 'c': /* continuous operation */
contoper = 1;
break;
case 'D': /* bind DN */
case 'r': /* default is to replace rather than add values */
replace = 1;
break;
case 'k': /* kerberos bind */
kerberos = 2;
break;
case 'K': /* kerberos bind, part 1 only */
kerberos = 1;
break;
case 'F': /* force all changes records to be used */
force = 1;
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'D': /* bind DN */
binddn = strdup( optarg );
break;
case 'd':
case 'w': /* password */
passwd = strdup( optarg );
break;
case 'd':
#ifdef LDAP_DEBUG
ldap_debug = lber_debug = atoi( optarg ); /* */
#else /* LDAP_DEBUG */
@ -132,69 +121,28 @@ main(int argc, char **argv)
prog );
#endif /* LDAP_DEBUG */
break;
case 'F': /* force all changes records to be used */
force = 1;
break;
case 'f': /* read from file */
infile = strdup( optarg );
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
case 'p':
ldapport = atoi( optarg );
break;
case 'k': /* kerberos bind */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'K': /* kerberos bind, part 1 only */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'n': /* print adds, don't actually do them */
++not;
break;
case 'p':
ldapport = atoi( optarg );
break;
case 'r': /* default is to replace rather than add values */
replace = 1;
break;
case 'v': /* verbose mode */
case 'v': /* verbose mode */
verbose++;
break;
case 'W':
want_passwd++;
break;
case 'w': /* password */
passwd = strdup( optarg );
break;
default:
usage(prog);
default:
fprintf( stderr, usage, prog );
exit( 1 );
}
}
if (argc - optind != 0)
usage(prog);
if (want_passwd && !passwd)
passwd = strdup(getpass("Enter LDAP password: "));
if ( argc - optind != 0 ) {
fprintf( stderr, usage, prog );
exit( 1 );
}
if ( infile != NULL ) {
if (( fp = fopen( infile, "r" )) == NULL ) {
@ -215,6 +163,13 @@ main(int argc, char **argv)
/* this seems prudent */
ldap_set_option( ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER);
if ( !kerberos ) {
authmethod = LDAP_AUTH_SIMPLE;
} else if ( kerberos == 1 ) {
authmethod = LDAP_AUTH_KRBV41;
} else {
authmethod = LDAP_AUTH_KRBV4;
}
if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
exit( 1 );
@ -280,7 +235,7 @@ process_ldif_rec( char *rbuf )
new_entry = new;
modop = rc = got_all = saw_replica = delete_entry = expect_modop = 0;
rc = got_all = saw_replica = delete_entry = expect_modop = 0;
expect_deleteoldrdn = expect_newrdn = expect_sep = expect_ct = 0;
linenum = 0;
deleteoldrdn = 1;

243
clients/tools/ldapmodrdn.c
View file

@ -12,33 +12,17 @@
#include <lber.h>
#include <ldap.h>
static char *binddn = NULL;
static char *passwd = NULL;
static char *base = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
static int not, verbose, contoper;
static LDAP *ld;
#define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \
realloc( ptr, size ))
static void
usage(char *s)
{
fprintf(stderr, "Usage: %s [options] [dn]...\n", s);
fprintf(stderr, " -c\t\tcontinuous operation mode\n");
fprintf(stderr, " -D bindnd\tbind dn\n");
fprintf(stderr, " -d level\tdebugging level\n");
fprintf(stderr, " -f file\tread from file\n");
fprintf(stderr, " -h host\tldap sever\n");
#ifdef HAVE_KERBEROS
fprintf(stderr, " -K\t\tuse Kerberos step 1\n");
fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n");
#endif
fprintf(stderr, " -n\t\tmake no modifications\n");
fprintf(stderr, " -p port\tldap port\n");
fprintf(stderr, " -r\t\tremove old RDN\n");
fprintf(stderr, " -v\t\tverbose\n");
fprintf(stderr, " -W\t\tprompt for bind password\n");
fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n");
exit(1);
}
static int domodrdn LDAP_P((
LDAP *ld,
char *dn,
@ -48,172 +32,140 @@ static int domodrdn LDAP_P((
int
main(int argc, char **argv)
{
FILE *fp = NULL;
LDAP *ld = NULL;
char *myname, *infile, *entrydn, *rdn, buf[ 4096 ];
char *binddn = NULL;
char *passwd = NULL;
char *ldaphost = NULL;
int rc, i, remove, havedn, want_passwd;
int authmethod = LDAP_AUTH_SIMPLE;
int ldapport = LDAP_PORT;
char *usage = "usage: %s [-nvkc] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile | dn newrdn ]\n";
char *myname,*infile, *entrydn, *rdn, buf[ 4096 ];
FILE *fp;
int rc, i, kerberos, remove, havedn, authmethod;
infile = NULL;
kerberos = not = contoper = verbose = remove = 0;
infile = entrydn = rdn = NULL;
not = contoper = verbose = remove = want_passwd = 0;
myname = (myname = strrchr(argv[0], '/')) == NULL ? argv[0] : ++myname;
while ((i = getopt(argc, argv, "cD:d:f:h:Kknp:rvWw:")) != EOF)
{
switch(i)
{
case 'c': /* continuous operation mode */
contoper++;
while (( i = getopt( argc, argv, "kKcnvrh:p:D:w:d:f:" )) != EOF ) {
switch( i ) {
case 'k': /* kerberos bind */
kerberos = 2;
break;
case 'D': /* bind DN */
case 'K': /* kerberos bind, part one only */
kerberos = 1;
break;
case 'c': /* continuous operation mode */
++contoper;
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'D': /* bind DN */
binddn = strdup( optarg );
break;
case 'd':
case 'w': /* password */
passwd = strdup( optarg );
break;
case 'd':
#ifdef LDAP_DEBUG
ldap_debug = lber_debug = atoi( optarg );
ldap_debug = lber_debug = atoi( optarg ); /* */
#else /* LDAP_DEBUG */
fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" );
#endif /* LDAP_DEBUG */
break;
case 'f': /* read from file */
infile = strdup( optarg );
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'K': /* kerberos bind, part one only */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'k': /* kerberos bind */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'n': /* print adds, don't actually do them */
not++;
break;
case 'p':
case 'p':
ldapport = atoi( optarg );
break;
case 'r': /* remove old RDN */
remove++;
case 'n': /* print adds, don't actually do them */
++not;
break;
case 'v': /* verbose mode */
case 'v': /* verbose mode */
verbose++;
break;
case 'W':
want_passwd++;
break;
case 'w': /* password */
passwd = strdup(optarg);
case 'r': /* remove old RDN */
remove++;
break;
default:
usage(argv[0]);
default:
fprintf( stderr, usage, argv[0] );
exit( 1 );
}
}
havedn = 0;
if (argc - optind == 2)
{
if (( rdn = strdup( argv[argc - 1] )) == NULL )
{
if (argc - optind == 2) {
if (( rdn = strdup( argv[argc - 1] )) == NULL ) {
perror( "strdup" );
return(1);
exit( 1 );
}
if (( entrydn = strdup( argv[argc - 2] )) == NULL )
{
if (( entrydn = strdup( argv[argc - 2] )) == NULL ) {
perror( "strdup" );
return( 1 );
exit( 1 );
}
havedn++;
} else if (argc - optind != 0) {
fprintf(stderr, "%s: invalid number of arguments, only two allowed\n", myname);
usage(argv[0]);
++havedn;
} else if ( argc - optind != 0 ) {
fprintf( stderr, "%s: invalid number of arguments, only two allowed\n", myname);
fprintf( stderr, usage, argv[0] );
exit( 1 );
}
if (want_passwd && !passwd)
passwd = strdup(getpass("Enter LDAP password: "));
if (infile != NULL)
{
if ((fp = fopen( infile, "r" )) == NULL)
{
perror(infile);
return(1);
if ( infile != NULL ) {
if (( fp = fopen( infile, "r" )) == NULL ) {
perror( infile );
exit( 1 );
}
} else
} else {
fp = stdin;
if ((ld = ldap_open(ldaphost, ldapport)) == NULL)
{
perror("ldap_open");
return(1);
}
/* this seems prudent */
ldap_set_option(ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER);
if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) {
perror( "ldap_open" );
exit( 1 );
}
if (ldap_bind_s(ld, binddn, passwd, authmethod) != LDAP_SUCCESS)
{
ldap_perror(ld, "ldap_bind");
return(1);
/* this seems prudent */
ldap_set_option( ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER);
if ( !kerberos ) {
authmethod = LDAP_AUTH_SIMPLE;
} else if ( kerberos == 1 ) {
authmethod = LDAP_AUTH_KRBV41;
} else {
authmethod = LDAP_AUTH_KRBV4;
}
if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
exit( 1 );
}
rc = 0;
if (havedn)
rc = domodrdn(ld, entrydn, rdn, remove);
else while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) {
if (*buf != '\0') { /* blank lines optional, skip */
buf[strlen(buf) - 1] = '\0'; /* remove nl */
if ( *buf != '\0' ) { /* blank lines optional, skip */
buf[ strlen( buf ) - 1 ] = '\0'; /* remove nl */
if (havedn)
{
/* have DN, get RDN */
if (( rdn = strdup( buf )) == NULL)
{
if ( havedn ) { /* have DN, get RDN */
if (( rdn = strdup( buf )) == NULL ) {
perror( "strdup" );
exit( 1 );
}
rc = domodrdn(ld, entrydn, rdn, remove);
havedn = 0;
} else if (!havedn) {
/* don't have DN yet */
if (( entrydn = strdup( buf )) == NULL )
{
} else if ( !havedn ) { /* don't have DN yet */
if (( entrydn = strdup( buf )) == NULL ) {
perror( "strdup" );
exit( 1 );
}
havedn++;
++havedn;
}
}
}
ldap_unbind(ld);
ldap_unbind( ld );
return(rc);
exit( rc );
/* UNREACHABLE */
return(0);
}
static int domodrdn(
@ -222,25 +174,26 @@ static int domodrdn(
char *rdn,
int remove) /* flag: remove old RDN */
{
int rc = LDAP_SUCCESS;
int i;
if (verbose)
{
printf("modrdn %s:\n\t%s\n", dn, rdn);
if ( verbose ) {
printf( "modrdn %s:\n\t%s\n", dn, rdn );
if (remove)
printf("removing old RDN\n");
else
printf("keeping old RDN\n");
}
if (!not)
{
rc = ldap_modrdn2_s(ld, dn, rdn, remove);
if (rc != LDAP_SUCCESS)
ldap_perror(ld, "ldap_modrdn2_s");
else if (verbose)
printf("modrdn complete\n");
if ( !not ) {
i = ldap_modrdn2_s( ld, dn, rdn, remove );
if ( i != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_modrdn2_s" );
} else if ( verbose ) {
printf( "modrdn complete\n" );
}
} else {
i = LDAP_SUCCESS;
}
return(rc);
return( i );
}

630
clients/tools/ldappasswd.c
View file

@ -1,26 +1,24 @@
/*
* Copyright 1998, David E. Storey, All rights reserved.
* This software is not subject to any license of The Murphy Group, Inc.
* or George Mason University.
* Copyright 1998, David E. Storey, All rights reserved.
* This software is not subject to any license of The Murphy Group, Inc.
* or George Mason University.
*
* Redistribution and use in source and binary forms are permitted only
* as authorized by the OpenLDAP Public License. A copy of this
* license is available at http://www.OpenLDAP.org/license.html or
* in file LICENSE in the top-level directory of the distribution.
* Redistribution and use in source and binary forms are permitted only
* as authorized by the OpenLDAP Public License. A copy of this
* license is available at http://www.OpenLDAP.org/license.html or
* in file LICENSE in the top-level directory of the distribution.
*
* ldappasswd.c - program to modify passwords in an LDAP tree
* ldappasswd.c - program to modify passwords in an LDAP tree
*
* Author: David E. Storey <dave@tamos.net>
* Author: David E. Storey <dave@tamos.net>
*
* ToDo:
* use entry's current hash type
* output ldif update
* option for referral handling?
* salts {ssha},{smd5}
* cracklib support?
* update "shadow" fields?
* update from system?
* create/view/change password policies?
* ToDo: option for referral handling
* cracklib support?
* kerberos support? (is this really necessary?)
* update "shadow" fields?
* create/view/change password policies?
*
* Note: I am totally FOR comments and suggestions!
*/
#include "portable.h"
@ -40,404 +38,217 @@
#include "ldapconfig.h"
#define CEILING(x) ((double)x > (int)x ? (int)x + 1 : (int)x)
#define LDAP_PASSWD_ATTRIB "userPassword"
#define LDAP_PASSWD_CONF DEFAULT_SYSCONFDIR"/passwd.conf"
#define HS_NONE 0
#define HS_PLAIN 1
#define HS_CONV 2
typedef enum
{
typedef enum {
HASHTYPE_NONE,
HASHTYPE_CRYPT,
HASHTYPE_MD5,
HASHTYPE_SMD5,
HASHTYPE_SHA1,
HASHTYPE_SSHA1
}
HashTypes;
HASHTYPE_SHA1
} HashTypes;
typedef struct salt_t
{
unsigned char *salt;
unsigned int len;
}
Salt;
typedef struct hash_t
{
struct hash_t {
char *name;
unsigned int namesz;
char *(*func) (const char *, Salt *);
unsigned char takes_salt;
int namesz;
int (*func)(const char *, char *);
HashTypes type;
HashTypes type_salted;
unsigned int default_salt_len;
}
Hash;
};
const unsigned char crypt64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./";
const unsigned char autogen[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.,";
int noupdates = 0;
int verbose = 0;
int want_entryhash = 0;
int auto_gen_pw = 0;
const char crypt64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";
char *base = NULL;
char *binddn = NULL;
char *bindpw = NULL;
char *ldaphost = "localhost";
char *pwattr = LDAP_PASSWD_ATTRIB;
char *targetdn = NULL;
char *filtpattern = NULL;
int ldapport = LDAP_PORT;
int noupdates = 0;
int verbose = 0;
int hashtype = HASHTYPE_CRYPT;
int scope = LDAP_SCOPE_SUBTREE;
/*** functions ***/
/*
* if you'd like to write a better salt generator, please, be my guest.
* I just needed *something*. It's actually halfway effective for small,
* two character salts and it can come up with sequentially different
* salts.
*/
void
make_salt (Salt * salt, unsigned int len)
crypt_make_salt(char *salt)
{
struct timeval tv;
int i;
char t_salt[5];
if (!salt)
return;
/* grab current time */
gettimeofday(&tv, (struct timezone *) 0);
i += tv.tv_usec + (int)&salt;
strncpy(t_salt, (char *)&i, sizeof(i));
/* seed random number generator */
gettimeofday (&tv, NULL);
srand (tv.tv_usec);
salt->len = len;
salt->salt = (unsigned char *) malloc (len);
for (len = 0; len < salt->len; len++)
salt->salt[len] = (tv.tv_usec ^ rand ()) & 0xff;
for (i = 0; i < sizeof(i); i++)
salt[i] = crypt64[t_salt[i] % (sizeof(crypt64) - 1)];
salt[i] = '\0';
}
char *
gen_pass(unsigned int len)
int
hash_none(const char *pw_in, char *pw_out)
{
int i;
char *newpw = NULL;
Salt salt = {NULL, 0};
make_salt(&salt, len);
newpw = (char *)salt.salt;
for (i = 0; i < len; i++)
newpw[i] = autogen[newpw[i] % (sizeof(autogen) - 1)];
return(newpw);
strcpy(pw_out, pw_in);
return(1);
}
char *
hash_none (const char *pw_in, Salt * salt)
int
hash_crypt(const char *pw_in, char *pw_out)
{
return (strdup (pw_in));
char salt[5];
crypt_make_salt(salt);
strcpy(pw_out, crypt(pw_in, salt));
return(1);
}
char *
hash_crypt (const char *pw_in, Salt * salt)
{
char *crypted_pw = NULL;
if (salt && salt->salt && strlen ((char *) salt->salt) >= 2)
crypted_pw = crypt (pw_in, (char *) salt->salt);
else
{
Salt lsalt;
make_salt (&lsalt, 2);
lsalt.salt[0] = crypt64[lsalt.salt[0] % (sizeof (crypt64) - 1)];
lsalt.salt[1] = crypt64[lsalt.salt[1] % (sizeof (crypt64) - 1)];
crypted_pw = crypt (pw_in, (char *) lsalt.salt);
free (lsalt.salt);
}
return (strdup (crypted_pw));
}
char *
pw_encode(unsigned char *passwd, Salt *salt, unsigned int len)
{
int salted = salt && salt->salt && salt->len;
int b64_len = 0;
char *base64digest = NULL;
unsigned char *npasswd = passwd;
if (salted)
{
npasswd = (unsigned char *)malloc(len + salt->len);
memcpy(npasswd, passwd, len);
memcpy(&npasswd[len], salt->salt, salt->len);
len += salt->len;
}
b64_len = CEILING (len / 3) * 4 + 1;
base64digest = (char *) malloc (b64_len);
if (lutil_b64_ntop (npasswd, len, base64digest, b64_len) < 0)
{
free(base64digest);
base64digest = NULL;
}
if (salted)
free(npasswd);
return(base64digest);
}
char *
hash_md5 (const char *pw_in, Salt *salt)
int
hash_md5(const char *pw_in, char *pw_out)
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[16];
unsigned char *hashing_pw = (unsigned char *)pw_in;
char *base64digest = NULL;
int tot_len = strlen (pw_in);
int salted = (salt && salt->salt && salt->len);
char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */
/* append salt to password */
if (salted)
{
hashing_pw = (unsigned char *) malloc (tot_len + salt->len);
memcpy (hashing_pw, pw_in, tot_len);
memcpy (&hashing_pw[tot_len], salt->salt, salt->len);
tot_len += salt->len;
}
lutil_MD5Init(&MD5context);
lutil_MD5Update(&MD5context, (unsigned char *)pw_in, strlen(pw_in));
lutil_MD5Final(MD5digest, &MD5context);
if (lutil_b64_ntop(MD5digest, sizeof(MD5digest), base64digest, sizeof(base64digest)) < 0)
return (0);
lutil_MD5Init (&MD5context);
lutil_MD5Update (&MD5context, hashing_pw, tot_len);
lutil_MD5Final (MD5digest, &MD5context);
base64digest = pw_encode(MD5digest, salt, sizeof(MD5digest));
if (salted)
free (hashing_pw);
return (base64digest);
strcpy(pw_out, base64digest);
return(1);
}
char *
hash_sha1 (const char *pw_in, Salt * salt)
int
hash_sha1(const char *pw_in, char *pw_out)
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[20];
unsigned char *hashing_pw = (unsigned char *)pw_in;
char *base64digest = NULL;
int tot_len = strlen (pw_in);
int salted = (salt && salt->salt);
char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
/* append salt to password */
if (salted)
{
hashing_pw = (unsigned char *) malloc (tot_len + salt->len);
memcpy (hashing_pw, pw_in, tot_len);
memcpy (&hashing_pw[tot_len], salt->salt, salt->len);
tot_len += salt->len;
}
lutil_SHA1Init(&SHA1context);
lutil_SHA1Update(&SHA1context, (unsigned char *)pw_in, strlen(pw_in));
lutil_SHA1Final(SHA1digest, &SHA1context);
if (lutil_b64_ntop(SHA1digest, sizeof(SHA1digest), base64digest, sizeof(base64digest)) < 0)
return(0);
lutil_SHA1Init (&SHA1context);
lutil_SHA1Update (&SHA1context, hashing_pw, tot_len);
lutil_SHA1Final (SHA1digest, &SHA1context);
base64digest = pw_encode(SHA1digest, salt, sizeof(SHA1digest));
if (salted)
free (hashing_pw);
return (base64digest);
strcpy(pw_out, base64digest);
return(1);
}
static Hash hashes[] =
{
{"none", 4, hash_none, 0, HASHTYPE_NONE, HASHTYPE_NONE, 0},
{"crypt", 5, hash_crypt, 1, HASHTYPE_CRYPT, HASHTYPE_CRYPT, 2},
{"md5", 3, hash_md5, 0, HASHTYPE_MD5, HASHTYPE_SMD5, 0},
{"smd5", 4, hash_md5, 1, HASHTYPE_SMD5, HASHTYPE_SMD5, 4},
{"sha", 3, hash_sha1, 0, HASHTYPE_SHA1, HASHTYPE_SSHA1, 0},
{"ssha", 4, hash_sha1, 1, HASHTYPE_SSHA1, HASHTYPE_SSHA1, 4},
{NULL, 0, NULL, 0, HASHTYPE_NONE, HASHTYPE_NONE, 0}
static struct hash_t hashes[] = {
{"none", 4, hash_none, HASHTYPE_NONE},
{"crypt", 5, hash_crypt, HASHTYPE_CRYPT},
{"md5", 3, hash_md5, HASHTYPE_MD5},
{"sha", 3, hash_sha1, HASHTYPE_SHA1},
{NULL, 0, NULL, HASHTYPE_NONE}
};
int
modify_dn (LDAP * ld, char *targetdn, char *pwattr, char *oldpw,
char *newpw, HashTypes htype, Salt * salt)
modify_dn(LDAP *ld, char *targetdn, char *newpw)
{
int ret = 0;
int salted = salt->salt ? 1 : 0;
int want_salt = salt->len && !salted;
char *buf = NULL;
char *hashed_pw = NULL;
char *strvals[2] = {NULL, NULL};
LDAPMod mod, *mods[2] = {&mod, NULL};
char hashed_pw[128] = {'\0'};
char buf[128] = {'\0'};
char *strvals[2] = {buf, NULL};
LDAPMod mod, *mods[2] = {&mod, NULL};
if (!ld || !targetdn || !newpw)
return (1);
/* auto-generate password */
if (auto_gen_pw)
newpw = gen_pass(auto_gen_pw);
/* handle salt */
if (want_salt)
{
make_salt (salt, salt->len);
htype = hashes[htype].type_salted;
}
else if (hashes[htype].default_salt_len)
{
/* user chose a salted hash and needs a salt */
if (!salted)
{
want_salt++;
salt->len = hashes[htype].default_salt_len;
make_salt(salt, salt->len);
}
}
return(1);
/* hash password */
hashed_pw = hashes[htype].func (newpw, salt->len ? salt : NULL);
/* return salt back to it's original state */
if (want_salt)
{
free (salt->salt);
salt->salt = NULL;
}
buf = (char *) malloc (hashes[htype].namesz + 3 + strlen (hashed_pw));
if (htype)
sprintf (buf, "{%s}%s", hashes[htype].name, hashed_pw);
hashes[hashtype].func(newpw, hashed_pw);
if (hashtype)
sprintf(buf, "{%s}%s", hashes[hashtype].name, hashed_pw);
else
sprintf (buf, "%s", hashed_pw);
sprintf(buf, "%s", hashed_pw);
if (verbose > 0)
{
printf ("%s", targetdn);
printf("%s", targetdn);
if (verbose > 1)
{
printf (":%s", buf);
printf(":%s", buf);
if (verbose > 2)
printf (":%s", newpw);
printf(":%s", newpw);
}
printf ("\n");
printf("\n");
}
strvals[0] = buf;
mod.mod_vals.modv_strvals = strvals;
mod.mod_vals.modv_strvals = strvals;
mod.mod_type = pwattr;
mod.mod_op = LDAP_MOD_REPLACE;
if (!noupdates && (ret = ldap_modify_s (ld, targetdn, mods)) != LDAP_SUCCESS)
ldap_perror (ld, "ldap_modify_s");
free (hashed_pw);
free (buf);
return (ret);
if (!noupdates && (ret = ldap_modify_s(ld, targetdn, mods)) != LDAP_SUCCESS)
ldap_perror(ld, "ldap_modify_s");
return(ret);
}
void
usage (char *s)
usage(char *s)
{
fprintf (stderr, "Usage: %s [options] [filter]\n", s);
fprintf (stderr, " -a attrib\tpassword attribute (default: %s)\n", LDAP_PASSWD_ATTRIB);
fprintf (stderr, " -b basedn\tbasedn to perform searches\n");
/* fprintf (stderr, " -C\t\tuse entry's current hash mechanism\n"); */
fprintf (stderr, " -D binddn\tbind dn\n");
fprintf (stderr, " -d level\tdebugging level\n");
fprintf (stderr, " -E\t\tprompt for new password\n");
fprintf (stderr, " -e passwd\tnew password\n");
fprintf (stderr, " -g passlen\tauto-generate passwords with length pwlen\n");
fprintf (stderr, " -H hash\thash type (default: crypt)\n");
fprintf (stderr, " -h host\tldap server (default: localhost)\n");
#ifdef HAVE_KERBEROS
fprintf (stderr, " -K\t\tuse Kerberos step 1\n");
fprintf (stderr, " -k\t\tuse Kerberos\n");
#endif
fprintf (stderr, " -l time\ttime limit\n");
fprintf (stderr, " -n\t\tmake no modifications\n");
fprintf (stderr, " -p port\tldap port\n");
fprintf (stderr, " -s scope\tsearch scope: base, one, sub (default: sub)\n");
fprintf (stderr, " -t targetdn\tdn to change password\n");
fprintf (stderr, " -v\t\tverbose (more v's, more verbose)\n");
fprintf (stderr, " -W\t\tprompt for bind password\n");
fprintf (stderr, " -w passwd\tbind password (for simple authentication)\n");
fprintf (stderr, " -Y saltlen\tsalt length to use\n");
/* fprintf (stderr, " -y salt\tsalt to use\n"); */
fprintf (stderr, " -z size\tsize limit\n");
exit (1);
fprintf(stderr, "usage: %s [options] [filter]\n", s);
fprintf(stderr, "\t-a attrib password attribute (default: userPassword)\n");
fprintf(stderr, "\t-b basedn basedn to perform searches\n");
fprintf(stderr, "\t-c hash hash type: none, crypt, md5, sha (default: crypt)\n");
fprintf(stderr, "\t-D binddn bind dn\n");
fprintf(stderr, "\t-d level debugging level\n");
fprintf(stderr, "\t-h host ldap server (default: localhost)\n");
fprintf(stderr, "\t-l time time limit\n");
fprintf(stderr, "\t-n make no modifications\n");
fprintf(stderr, "\t-p port ldap port\n");
fprintf(stderr, "\t-s scope search scope: base, one, sub (default: sub)\n");
fprintf(stderr, "\t-t targetdn dn to change password\n");
fprintf(stderr, "\t-W newpass new password\n");
fprintf(stderr, "\t-w [passwd] bind password (for simple authentication)\n");
fprintf(stderr, "\t-v verbose\n");
fprintf(stderr, "\t-z size size limit\n");
exit(1);
}
int
main (int argc, char *argv[])
main(int argc, char *argv[])
{
char *base = NULL;
char *binddn = NULL;
char *bindpw = NULL;
char *filtpattern = NULL;
char *ldaphost = "localhost";
char *targetdn = NULL;
char *pwattr = LDAP_PASSWD_ATTRIB;
char *newpw = NULL;
int authmethod = LDAP_AUTH_SIMPLE;
int hashtype = HASHTYPE_CRYPT;
int i, j;
int ldapport = LDAP_PORT;
int scope = LDAP_SCOPE_SUBTREE;
int sizelimit = LDAP_NO_LIMIT;
int timelimit = LDAP_NO_LIMIT;
int want_bindpw = 0;
int want_newpw = 0;
LDAP *ld;
Salt salt;
salt.salt = NULL;
salt.len = 0;
if (argc == 1)
usage(argv[0]);
while ((i = getopt (argc, argv, "a:b:C:D:d:Ee:g:H:h:Kkl:np:s:t:vWw:Y:y:z:")) != EOF)
while ((i = getopt(argc, argv, "D:W:a:b:c:d:h:l:np:s:t:vw::z:")) != EOF)
{
switch (i)
{
case 'a': /* password attribute */
pwattr = strdup (optarg);
switch(i)
{
case 'D': /* bind distinguished name */
binddn = strdup(optarg);
break;
case 'b': /* base search dn */
base = strdup (optarg);
case 'W': /* new password */
newpw = strdup(optarg);
break;
case 'C':
want_entryhash++;
case 'a': /* password attribute */
pwattr = strdup(optarg);
break;
case 'D': /* bind distinguished name */
binddn = strdup (optarg);
case 'b': /* base search dn */
base = strdup(optarg);
break;
case 'd': /* debugging option */
#ifdef LDAP_DEBUG
ldap_debug = lber_debug = atoi (optarg); /* */
#else
fprintf (stderr, "compile with -DLDAP_DEBUG for debugging\n");
#endif
break;
case 'E': /* prompt for new password */
want_newpw++;
break;
case 'e': /* new password */
newpw = strdup (optarg);
break;
case 'g':
auto_gen_pw = strtol(optarg, NULL, 10);
break;
case 'H': /* hashes */
case 'c': /* hashes */
for (j = 0; hashes[j].name; j++)
{
if (!strncasecmp (optarg, hashes[j].name, hashes[j].namesz))
if (!strncasecmp(optarg, hashes[j].name, hashes[j].namesz))
{
hashtype = hashes[j].type;
break;
@ -446,94 +257,75 @@ main (int argc, char *argv[])
if (!hashes[j].name)
{
fprintf (stderr, "hash type: %s is unknown\n", optarg);
usage (argv[0]);
fprintf(stderr, "hash type: %s is unknown\n", optarg);
usage(argv[0]);
}
break;
case 'h': /* ldap host */
ldaphost = strdup (optarg);
case 'd': /* debugging option */
#ifdef LDAP_DEBUG
ldap_debug = lber_debug = atoi(optarg); /* */
#else
fprintf(stderr, "compile with -DLDAP_DEBUG for debugging\n");
#endif
break;
case 'K': /* use kerberos bind, 1st part only */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'k': /* use kerberos bind */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
break;
case 'l': /* time limit */
timelimit = strtol (optarg, NULL, 10);
case 'h': /* ldap host */
ldaphost = strdup(optarg);
break;
case 'n': /* don't update entry(s) */
case 'l': /* time limit */
timelimit = strtol(optarg, NULL, 10);
break;
case 'n': /* don't update entry(s) */
noupdates++;
break;
case 'p': /* ldap port */
ldapport = strtol (optarg, NULL, 10);
case 'p': /* ldap port */
ldapport = strtol(optarg, NULL, 10);
break;
case 's': /* scope */
if (strncasecmp (optarg, "base", 4) == 0)
case 's': /* scope */
if (strncasecmp(optarg, "base", 4) == 0)
scope = LDAP_SCOPE_BASE;
else if (strncasecmp (optarg, "one", 3) == 0)
else if (strncasecmp(optarg, "one", 3) == 0)
scope = LDAP_SCOPE_ONELEVEL;
else if (strncasecmp (optarg, "sub", 3) == 0)
else if (strncasecmp(optarg, "sub", 3) == 0)
scope = LDAP_SCOPE_SUBTREE;
else
{
fprintf (stderr, "scope should be base, one, or sub\n");
usage (argv[0]);
else {
fprintf(stderr, "scope should be base, one, or sub\n" );
usage(argv[0]);
}
break;
case 't': /* target dn */
targetdn = strdup (optarg);
case 't': /* target dn */
targetdn = strdup(optarg);
break;
case 'v': /* verbose */
case 'v': /* verbose */
verbose++;
break;
case 'W': /* promt for bind password */
want_bindpw++;
break;
case 'w': /* bind password */
if (optarg)
bindpw = strdup(optarg);
else
want_bindpw++;
break;
case 'w': /* bind password */
bindpw = strdup (optarg);
break;
case 'Y': /* salt length */
salt.len = strtol (optarg, NULL, 10);
break;
case 'y': /* user specified salt */
salt.len = strlen (optarg);
salt.salt = (unsigned char *) strdup (optarg);
break;
case 'z': /* time limit */
sizelimit = strtol (optarg, NULL, 10);
case 'z': /* time limit */
sizelimit = strtol(optarg, NULL, 10);
break;
default:
usage (argv[0]);
usage(argv[0]);
}
}
/* grab filter */
if (!(argc - optind < 1))
filtpattern = strdup (argv[optind]);
filtpattern = strdup(argv[optind]);
/* check for target(s) */
if (!filtpattern && !targetdn)
@ -541,86 +333,70 @@ main (int argc, char *argv[])
/* handle bind password */
if (want_bindpw)
bindpw = strdup (getpass ("Enter LDAP password: "));
bindpw = strdup(getpass("Enter LDAP password: "));
/* handle new password */
if (!newpw)
{
char *cknewpw;
newpw = strdup (getpass ("New password: "));
cknewpw = getpass ("Re-enter new password: ");
newpw = strdup(getpass("New password: "));
cknewpw = getpass("Re-enter new password: ");
if (strncmp (newpw, cknewpw, strlen (newpw)))
if (strncmp(newpw, cknewpw, strlen(newpw)))
{
fprintf (stderr, "passwords do not match\n");
return (1);
fprintf(stderr, "passwords do not match\n");
return(1);
}
}
/* connect to server */
if ((ld = ldap_open (ldaphost, ldapport)) == NULL)
if ((ld = ldap_open(ldaphost, ldapport)) == NULL)
{
perror (ldaphost);
return (1);
perror(ldaphost);
return(1);
}
/* set options */
ldap_set_option (ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit);
ldap_set_option (ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit);
ldap_set_option(ld, LDAP_OPT_TIMELIMIT, (void *)&timelimit);
ldap_set_option(ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit);
/* authenticate to server */
if (ldap_bind_s (ld, binddn, bindpw, authmethod) != LDAP_SUCCESS)
/* authenticate to server */
if (ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS)
{
ldap_perror (ld, "ldap_bind");
return (1);
}
if (targetdn)
{
if (want_entryhash)
{
fprintf (stderr, "insert code here (this path not implemented yet)\n");
return (1);
}
else
modify_dn (ld, targetdn, pwattr, NULL, newpw, hashtype, &salt);
ldap_perror(ld, "ldap_bind");
return(1);
}
if (filtpattern)
{
char filter[BUFSIZ];
LDAPMessage *result = NULL, *e = NULL;
char *attrs[3] = {"dn", NULL, NULL};
attrs[1] = pwattr;
char *attrs[] = {"dn", NULL};
/* search */
sprintf (filter, "%s", filtpattern);
i = ldap_search_s (ld, base, scope, filter, attrs, 0, &result);
if (i != LDAP_SUCCESS &&
i != LDAP_TIMELIMIT_EXCEEDED &&
i != LDAP_SIZELIMIT_EXCEEDED)
sprintf(filter, "%s", filtpattern);
i = ldap_search_s(ld, base, scope, filter, attrs, 1, &result);
if (i != LDAP_SUCCESS && i != LDAP_TIMELIMIT_EXCEEDED && i != LDAP_SIZELIMIT_EXCEEDED)
{
ldap_perror (ld, "ldap_search_s");
return (1);
ldap_perror(ld, "ldap_search_s");
return(1);
}
for (e = ldap_first_entry (ld, result); e; e = ldap_next_entry (ld, e))
for (e = ldap_first_entry(ld, result); e; e = ldap_next_entry(ld, e))
{
char *dn = ldap_get_dn (ld, e);
char *dn = ldap_get_dn(ld, e);
if (dn)
{
struct berval **pw_vals = ldap_get_values_len (ld, e, pwattr);
modify_dn (ld, dn, pwattr,
pw_vals ? pw_vals[0]->bv_val : NULL,
newpw, hashtype, &salt);
if (pw_vals)
ldap_value_free_len (pw_vals);
free (dn);
modify_dn(ld, dn, newpw);
free(dn);
}
}
}
if (targetdn)
modify_dn(ld, targetdn, newpw);
/* disconnect from server */
ldap_unbind (ld);
return (0);
ldap_unbind(ld);
return(0);
}

311
clients/tools/ldapsearch.c
View file

@ -13,43 +13,42 @@
#define DEFSEP "="
static void
usage(char *s)
usage( char *s )
{
fprintf( stderr, "usage: %s [options] filter [attributes...]\nwhere:\n", s );
fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" );
fprintf( stderr, " attributes\twhitespace-separated list of attributes to retrieve\n" );
fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" );
fprintf( stderr, " attributes\twhitespace-separated list of attributes to retrieve\n" );
fprintf( stderr, "\t\t(if no attribute list is given, all are retrieved)\n" );
fprintf( stderr, "options:\n" );
fprintf( stderr, " -n\t\tshow what would be done but don't actually search\n" );
fprintf( stderr, " -v\t\trun in verbose mode (diagnostics to standard output)\n" );
fprintf( stderr, " -t\t\twrite values to files in /tmp\n" );
fprintf( stderr, " -u\t\tinclude User Friendly entry names in the output\n" );
fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" );
fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" );
fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" );
fprintf( stderr, " -n\t\tshow what would be done but don't actually search\n" );
fprintf( stderr, " -v\t\trun in verbose mode (diagnostics to standard output)\n" );
fprintf( stderr, " -t\t\twrite values to files in /tmp\n" );
fprintf( stderr, " -u\t\tinclude User Friendly entry names in the output\n" );
fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" );
fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" );
fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" );
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS
fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" );
fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" );
#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS */
fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" );
fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" );
fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" );
fprintf( stderr, " -f file\tperform sequence of searches listed in `file'\n" );
fprintf( stderr, " -b basedn\tbase dn for search\n" );
fprintf( stderr, " -s scope\tone of base, one, or sub (search scope)\n" );
fprintf( stderr, " -a deref\tone of never, always, search, or find (alias dereferencing)\n" );
fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" );
fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" );
fprintf( stderr, " -D binddn\tbind dn\n" );
fprintf( stderr, " -W \t\tprompt for bind passwd\n" );
fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" );
fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" );
fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" );
fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" );
fprintf( stderr, " -f file\tperform sequence of searches listed in `file'\n" );
fprintf( stderr, " -b basedn\tbase dn for search\n" );
fprintf( stderr, " -s scope\tone of base, one, or sub (search scope)\n" );
fprintf( stderr, " -a deref\tone of never, always, search, or find (alias dereferencing)\n" );
fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" );
fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" );
fprintf( stderr, " -D binddn\tbind dn\n" );
fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" );
#ifdef HAVE_KERBEROS
fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" );
fprintf( stderr, " -K\t\tuse Kerberos step 1\n" );
fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" );
#endif
fprintf( stderr, " -h host\tldap server\n" );
fprintf( stderr, " -p port\tport on ldap server\n" );
exit(1);
fprintf( stderr, " -h host\tldap server\n" );
fprintf( stderr, " -p port\tport on ldap server\n" );
exit( 1 );
}
static void print_entry LDAP_P((
@ -71,71 +70,46 @@ static int dosearch LDAP_P((
char *filtpatt,
char *value));
static char *binddn = NULL;
static char *passwd = NULL;
static char *base = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
static char *sep = DEFSEP;
static char *sortattr = NULL;
static int skipsortattr = 0;
static int verbose, not, includeufn, allow_binary, vals2tmp, ldif;
static char *sortattr = NULL;
static char *sep = DEFSEP;
int
main(int argc, char **argv)
main( int argc, char **argv )
{
FILE *fp = NULL;
LDAP *ld = NULL;
char *infile = NULL;
char *filtpattern, **attrs, line[ BUFSIZ ];
char *binddn = NULL;
char *passwd = NULL;
char *base = NULL;
char *ldaphost = NULL;
int rc, i, first, deref, attrsonly;
int referrals, timelimit, sizelimit, want_passwd;
int authmethod = LDAP_AUTH_SIMPLE;
int scope = LDAP_SCOPE_SUBTREE;
int ldapport = LDAP_PORT;
char *infile, *filtpattern, **attrs, line[ BUFSIZ ];
FILE *fp;
int rc, i, first, scope, kerberos, deref, attrsonly;
int referrals, timelimit, sizelimit, authmethod;
LDAP *ld;
deref = verbose = allow_binary = not = vals2tmp =
attrsonly = ldif = want_passwd = 0;
referrals = (int)LDAP_OPT_ON;
infile = NULL;
deref = verbose = allow_binary = not = kerberos = vals2tmp =
attrsonly = ldif = 0;
referrals = (int) LDAP_OPT_ON;
sizelimit = timelimit = 0;
scope = LDAP_SCOPE_SUBTREE;
while ((i = getopt(argc, argv, "Aa:Bb:D:d:h:f:F:KkLl:np:RS:s:tuvWw:z:")) != EOF)
{
switch(i)
{
case 'A': /* retrieve attribute names only -- no values */
attrsonly++;
while (( i = getopt( argc, argv,
#ifdef HAVE_KERBEROS
"KknuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:"
#else
"nuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:"
#endif
)) != EOF ) {
switch( i ) {
case 'n': /* do Not do any searches */
++not;
break;
case 'a': /* set alias deref option */
if (strncasecmp(optarg, "never", 5) == 0) {
deref = LDAP_DEREF_NEVER;
} else if (strncasecmp( optarg, "search", 5) == 0) {
deref = LDAP_DEREF_SEARCHING;
} else if (strncasecmp( optarg, "find", 4) == 0) {
deref = LDAP_DEREF_FINDING;
} else if (strncasecmp( optarg, "always", 6) == 0) {
deref = LDAP_DEREF_ALWAYS;
} else {
fprintf( stderr, "alias deref should be never, search, find, or always\n" );
usage( argv[ 0 ] );
}
case 'v': /* verbose mode */
++verbose;
break;
case 'L': /* print entries in LDIF format */
++ldif;
/* fall through -- always allow binary when outputting LDIF */
case 'B': /* allow binary values to be printed */
++allow_binary;
break;
case 'b': /* searchbase */
base = strdup( optarg );
break;
case 'D': /* bind DN */
binddn = strdup( optarg );
break;
case 'd':
#ifdef LDAP_DEBUG
ldap_debug = lber_debug = atoi( optarg ); /* */
@ -143,55 +117,32 @@ main(int argc, char **argv)
fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" );
#endif /* LDAP_DEBUG */
break;
case 'F': /* field separator */
sep = strdup( optarg );
#ifdef HAVE_KERBEROS
case 'k': /* use kerberos bind */
kerberos = 2;
break;
case 'f': /* input file */
infile = strdup( optarg );
break;
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'K': /* use kerberos bind, 1st part only */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV41;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
kerberos = 1;
break;
#endif
case 'u': /* include UFN */
++includeufn;
break;
case 'k': /* use kerberos bind */
#ifdef HAVE_KERBEROS
authmethod = LDAP_AUTH_KRBV4;
#else
fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]);
#endif
case 't': /* write attribute values to /tmp files */
++vals2tmp;
break;
case 'l': /* time limit */
timelimit = atoi( optarg );
case 'R': /* don't automatically chase referrals */
referrals = (int) LDAP_OPT_OFF;
break;
case 'n': /* do Not do any searches */
++not;
case 'A': /* retrieve attribute names only -- no values */
++attrsonly;
break;
case 'p': /* ldap port */
ldapport = atoi( optarg );
case 'L': /* print entries in LDIF format */
++ldif;
/* fall through -- always allow binary when outputting LDIF */
case 'B': /* allow binary values to be printed */
++allow_binary;
break;
case 'R': /* don't automatically chase referrals */
referrals = (int) LDAP_OPT_OFF;
break;
case 'S': /* sort attribute */
sortattr = strdup( optarg );
break;
case 's': /* search scope */
if ( strncasecmp( optarg, "base", 4 ) == 0 ) {
scope = LDAP_SCOPE_BASE;
@ -205,32 +156,53 @@ main(int argc, char **argv)
}
break;
case 't': /* write attribute values to /tmp files */
++vals2tmp;
case 'a': /* set alias deref option */
if ( strncasecmp( optarg, "never", 5 ) == 0 ) {
deref = LDAP_DEREF_NEVER;
} else if ( strncasecmp( optarg, "search", 5 ) == 0 ) {
deref = LDAP_DEREF_SEARCHING;
} else if ( strncasecmp( optarg, "find", 4 ) == 0 ) {
deref = LDAP_DEREF_FINDING;
} else if ( strncasecmp( optarg, "always", 6 ) == 0 ) {
deref = LDAP_DEREF_ALWAYS;
} else {
fprintf( stderr, "alias deref should be never, search, find, or always\n" );
usage( argv[ 0 ] );
}
break;
case 'u': /* include UFN */
++includeufn;
case 'F': /* field separator */
sep = strdup( optarg );
break;
case 'v': /* verbose mode */
++verbose;
case 'f': /* input file */
infile = strdup( optarg );
break;
case 'W':
want_passwd++;
break;
case 'w': /* bind password */
case 'h': /* ldap host */
ldaphost = strdup( optarg );
break;
case 'b': /* searchbase */
base = strdup( optarg );
break;
case 'D': /* bind DN */
binddn = strdup( optarg );
break;
case 'p': /* ldap port */
ldapport = atoi( optarg );
break;
case 'w': /* bind password */
passwd = strdup( optarg );
break;
case 'z': /* size limit */
case 'l': /* time limit */
timelimit = atoi( optarg );
break;
case 'z': /* size limit */
sizelimit = atoi( optarg );
break;
default:
usage(argv[0]);
case 'S': /* sort attribute */
sortattr = strdup( optarg );
break;
default:
usage( argv[0] );
}
}
@ -257,42 +229,47 @@ main(int argc, char **argv)
attrs = &argv[ optind ];
}
if (want_passwd && !passwd)
passwd = strdup(getpass("Enter LDAP password: "));
if ( infile != NULL ) {
if ( infile[0] == '-' && infile[1] == '\0' ) {
fp = stdin;
} else if ((fp = fopen(infile, "r")) == NULL) {
perror(infile);
exit(1);
} else if (( fp = fopen( infile, "r" )) == NULL ) {
perror( infile );
exit( 1 );
}
}
if (verbose)
printf("ldap_open(%s, %d)\n", ldaphost, ldapport);
if ((ld = ldap_open(ldaphost, ldapport)) == NULL) {
perror(ldaphost);
return(1);
if ( verbose ) {
printf( "ldap_open( %s, %d )\n", ldaphost, ldapport );
}
if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *)&deref) == -1 ) {
/* set option error */
}
if (ldap_set_option(ld, LDAP_OPT_TIMELIMIT, (void *)&timelimit) == -1 ) {
/* set option error */
}
if (ldap_set_option(ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit) == -1 ) {
/* set option error */
}
if (ldap_set_option(ld, LDAP_OPT_REFERRALS, (void *)referrals) == -1 ) {
/* set option error */
if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) {
perror( ldaphost );
exit( 1 );
}
if (ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) == -1 ) {
/* set option error */
}
if (ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) == -1 ) {
/* set option error */
}
if (ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) == -1 ) {
/* set option error */
}
if (ldap_set_option( ld, LDAP_OPT_REFERRALS, (void *) referrals ) == -1 ) {
/* set option error */
}
if ( !kerberos ) {
authmethod = LDAP_AUTH_SIMPLE;
} else if ( kerberos == 1 ) {
authmethod = LDAP_AUTH_KRBV41;
} else {
authmethod = LDAP_AUTH_KRBV4;
}
if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
return(1);
exit( 1 );
}
if ( verbose ) {