diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index 4d3bc54c39..6638fee629 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -12,32 +12,17 @@ #include #include +static char *binddn = NULL; +static char *passwd = NULL; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; static int not, verbose, contoper; +static LDAP *ld; #define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ realloc( ptr, size )) -static void -usage(char *s) -{ - fprintf(stderr, "Usage: %s [options] [dn]...", s); - fprintf(stderr, " -c\t\tcontinuous operation mode\n"); - fprintf(stderr, " -D bindnd\tbind dn\n"); - fprintf(stderr, " -d level\tdebugging level\n"); - fprintf(stderr, " -f file\t\t\n"); - fprintf(stderr, " -h host\tldap sever\n"); -#ifdef HAVE_KERBEROS - fprintf(stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n"); -#endif - fprintf(stderr, " -n\t\t make no modifications\n"); - fprintf(stderr, " -p port\tldap port\n"); - fprintf(stderr, " -v\t\tverbose\n"); - fprintf(stderr, " -W\t\tprompt for bind password\n"); - fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n"); - exit(1); -} - static int dodelete LDAP_P(( LDAP *ld, char *dn)); @@ -45,146 +30,132 @@ static int dodelete LDAP_P(( int main( int argc, char **argv ) { - FILE *fp = NULL; - LDAP *ld = NULL; - char buf[4096]; - char *binddn = NULL; - char *passwd = NULL; - char *ldaphost = NULL; - int authmethod = LDAP_AUTH_SIMPLE; - int deref = LDAP_DEREF_NEVER; - int i, rc, want_passwd; - int ldapport = LDAP_PORT; + char *usage = "usage: %s [-n] [-v] [-k] [-d debug-level] [-f file] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [dn]...\n"; + char buf[ 4096 ]; + FILE *fp; + int i, rc, kerberos, authmethod; - rc = not = verbose = contoper = want_passwd = 0; + kerberos = not = verbose = contoper = 0; + fp = NULL; - while ((i = getopt( argc, argv, "cD:d:f:h:Kknp:vWw:")) != EOF ) - { - switch(i) - { + while (( i = getopt( argc, argv, "nvkKch:p:D:w:d:f:" )) != EOF ) { + switch( i ) { + case 'k': /* kerberos bind */ + kerberos = 2; + break; + case 'K': /* kerberos bind, part one only */ + kerberos = 1; + break; case 'c': /* continuous operation mode */ - contoper++; + ++contoper; break; - - case 'D': /* bind DN */ - binddn = strdup(optarg); + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); break; - - case 'd': -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi(optarg); -#else - fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); -#endif + case 'D': /* bind DN */ + binddn = strdup( optarg ); break; - - case 'f': /* read DNs from a file */ - if ((fp = fopen(optarg, "r")) == NULL) - { - perror(optarg); - return(1); + case 'w': /* password */ + passwd = strdup( optarg ); + break; + case 'f': /* read DNs from a file */ + if (( fp = fopen( optarg, "r" )) == NULL ) { + perror( optarg ); + exit( 1 ); } break; - - case 'h': /* ldap host */ - ldaphost = strdup(optarg); + case 'd': +#ifdef LDAP_DEBUG + ldap_debug = lber_debug = atoi( optarg ); /* */ +#else /* LDAP_DEBUG */ + fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); +#endif /* LDAP_DEBUG */ break; - - case 'K': /* kerberos bind, part one only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'k': /* kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'n': /* print deletes, don't actually do them */ - not++; - break; - - case 'p': + case 'p': ldapport = atoi( optarg ); break; - - case 'v': /* verbose mode */ + case 'n': /* print deletes, don't actually do them */ + ++not; + break; + case 'v': /* verbose mode */ verbose++; break; - - case 'W': - want_passwd++; - break; - - case 'w': /* password */ - passwd = strdup(optarg); - break; - - default: - usage(argv[0]); + default: + fprintf( stderr, usage, argv[0] ); + exit( 1 ); } } - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP Password: ")); - - if (fp == NULL && optind >= argc) - fp = stdin; - - if ((ld = ldap_open(ldaphost, ldapport)) == NULL) { - perror("ldap_open"); - return(1); + if ( fp == NULL ) { + if ( optind >= argc ) { + fp = stdin; + } } - /* this seems prudent */ - ldap_set_option(ld, LDAP_OPT_DEREF, &deref); - - if (ldap_bind_s(ld, binddn, passwd, authmethod) != LDAP_SUCCESS) { - ldap_perror(ld, "ldap_bind"); - return(1); + if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { + perror( "ldap_open" ); + exit( 1 ); } - if (fp == NULL) { - for (; optind < argc; ++optind) - rc = dodelete(ld, argv[optind]); + { + /* this seems prudent */ + int deref = LDAP_DEREF_NEVER; + ldap_set_option( ld, LDAP_OPT_DEREF, &deref ); + } + + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } + if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_bind" ); + exit( 1 ); + } + + if ( fp == NULL ) { + for ( ; optind < argc; ++optind ) { + rc = dodelete( ld, argv[ optind ] ); + } } else { rc = 0; while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) { - buf[strlen(buf) - 1] = '\0'; /* remove trailing newline */ - if ( *buf != '\0' ) - rc = dodelete( ld, buf ); + buf[ strlen( buf ) - 1 ] = '\0'; /* remove trailing newline */ + if ( *buf != '\0' ) { + rc = dodelete( ld, buf ); + } } } - ldap_unbind(ld); + ldap_unbind( ld ); - return(rc); + exit( rc ); + + /* UNREACHABLE */ + return(0); } -static int -dodelete( + +static int dodelete( LDAP *ld, char *dn) { int rc; - if (verbose) + if ( verbose ) { printf( "%sdeleting entry %s\n", not ? "!" : "", dn ); - - if (not) + } + if ( not ) { rc = LDAP_SUCCESS; - else { - if ((rc = ldap_delete_s(ld, dn)) != LDAP_SUCCESS) - ldap_perror(ld, "ldap_delete"); - else if (verbose) - printf("entry removed\n"); + } else { + if (( rc = ldap_delete_s( ld, dn )) != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_delete" ); + } else if ( verbose ) { + printf( "entry removed\n" ); + } } - return(rc); + return( rc ); } diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index b57d212b4b..88756ada24 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -22,13 +22,13 @@ #include #include -static LDAP *ld = NULL; static char *prog; static char *binddn = NULL; static char *passwd = NULL; static char *ldaphost = NULL; -static int ldapport = LDAP_PORT; +static int ldapport = 0; static int new, replace, not, verbose, contoper, force, valsfromfiles; +static LDAP *ld; #define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ realloc( ptr, size )) @@ -50,30 +50,6 @@ static int new, replace, not, verbose, contoper, force, valsfromfiles; #define T_NEWRDNSTR "newrdn" #define T_DELETEOLDRDNSTR "deleteoldrdn" -static void -usage(char *s) -{ - fprintf(stderr, "Usage: %s [options] [dn]...\n", s); - fprintf(stderr, " -a\t\tadd new entries\n"); - fprintf(stderr, " -b\t\tread in binary\n"); - fprintf(stderr, " -c\t\tcontinuous operation mode\n"); - fprintf(stderr, " -D bindnd\tbind dn\n"); - fprintf(stderr, " -d level\tdebugging level\n"); - fprintf(stderr, " -F\t\tforce changes regardless of input\n"); - fprintf(stderr, " -f file\tread from file\n"); - fprintf(stderr, " -h host\tldap sever\n"); -#ifdef HAVE_KERBEROS - fprintf(stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n"); -#endif - fprintf(stderr, " -n\t\tmake no modifications\n"); - fprintf(stderr, " -p port\tldap port\n"); - fprintf(stderr, " -r\t\tremove old RDN\n"); - fprintf(stderr, " -v\t\tverbose\n"); - fprintf(stderr, " -W\t\tprompt for bind password\n"); - fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n"); - exit(1); -} static int process_ldapmod_rec LDAP_P(( char *rbuf )); static int process_ldif_rec LDAP_P(( char *rbuf )); @@ -86,45 +62,58 @@ static void freepmods LDAP_P(( LDAPMod **pmods )); static int fromfile LDAP_P(( char *path, struct berval *bv )); static char *read_one_record LDAP_P(( FILE *fp )); + int -main(int argc, char **argv) +main( int argc, char **argv ) { - char *infile = NULL; - char *rbuf, *start, *p, *q; - FILE *fp = NULL; - int rc, i, use_ldif, want_passwd; - int authmethod = LDAP_AUTH_SIMPLE; + char *infile, *rbuf, *start, *p, *q; + FILE *fp; + int rc, i, kerberos, use_ldif, authmethod; + char *usage = "usage: %s [-abcknrvF] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile ]\n"; - if ((prog = strrchr(argv[0], '/')) == NULL) - prog = argv[0]; - else - prog++; + if (( prog = strrchr( argv[ 0 ], '/' )) == NULL ) { + prog = argv[ 0 ]; + } else { + ++prog; + } + new = ( strcmp( prog, "ldapadd" ) == 0 ); - new = (strcmp(prog, "ldapadd") == 0); + infile = NULL; + kerberos = not = verbose = valsfromfiles = 0; - not = verbose = valsfromfiles = want_passwd = 0; - - while ((i = getopt(argc, argv, "abcD:d:Ff:h:Kknp:rtvWw:")) != EOF) - { - switch(i) - { + while (( i = getopt( argc, argv, "FabckKnrtvh:p:D:w:d:f:" )) != EOF ) { + switch( i ) { case 'a': /* add */ new = 1; break; - - case 'b': /* read values from files (for binary attributes) */ + case 'b': /* read values from files (for binary attributes) */ valsfromfiles = 1; break; - - case 'c': /* continuous operation */ + case 'c': /* continuous operation */ contoper = 1; break; - - case 'D': /* bind DN */ + case 'r': /* default is to replace rather than add values */ + replace = 1; + break; + case 'k': /* kerberos bind */ + kerberos = 2; + break; + case 'K': /* kerberos bind, part 1 only */ + kerberos = 1; + break; + case 'F': /* force all changes records to be used */ + force = 1; + break; + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); + break; + case 'D': /* bind DN */ binddn = strdup( optarg ); break; - - case 'd': + case 'w': /* password */ + passwd = strdup( optarg ); + break; + case 'd': #ifdef LDAP_DEBUG ldap_debug = lber_debug = atoi( optarg ); /* */ #else /* LDAP_DEBUG */ @@ -132,69 +121,28 @@ main(int argc, char **argv) prog ); #endif /* LDAP_DEBUG */ break; - - case 'F': /* force all changes records to be used */ - force = 1; - break; - case 'f': /* read from file */ infile = strdup( optarg ); break; - - case 'h': /* ldap host */ - ldaphost = strdup( optarg ); + case 'p': + ldapport = atoi( optarg ); break; - - case 'k': /* kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'K': /* kerberos bind, part 1 only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - case 'n': /* print adds, don't actually do them */ ++not; break; - - case 'p': - ldapport = atoi( optarg ); - break; - - case 'r': /* default is to replace rather than add values */ - replace = 1; - break; - - case 'v': /* verbose mode */ + case 'v': /* verbose mode */ verbose++; break; - - case 'W': - want_passwd++; - break; - - case 'w': /* password */ - passwd = strdup( optarg ); - break; - - default: - usage(prog); + default: + fprintf( stderr, usage, prog ); + exit( 1 ); } } - if (argc - optind != 0) - usage(prog); - - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP password: ")); + if ( argc - optind != 0 ) { + fprintf( stderr, usage, prog ); + exit( 1 ); + } if ( infile != NULL ) { if (( fp = fopen( infile, "r" )) == NULL ) { @@ -215,6 +163,13 @@ main(int argc, char **argv) /* this seems prudent */ ldap_set_option( ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER); + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); exit( 1 ); @@ -280,7 +235,7 @@ process_ldif_rec( char *rbuf ) new_entry = new; - modop = rc = got_all = saw_replica = delete_entry = expect_modop = 0; + rc = got_all = saw_replica = delete_entry = expect_modop = 0; expect_deleteoldrdn = expect_newrdn = expect_sep = expect_ct = 0; linenum = 0; deleteoldrdn = 1; diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 7c91641431..4697b283cd 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -12,33 +12,17 @@ #include #include +static char *binddn = NULL; +static char *passwd = NULL; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; static int not, verbose, contoper; +static LDAP *ld; #define safe_realloc( ptr, size ) ( ptr == NULL ? malloc( size ) : \ realloc( ptr, size )) -static void -usage(char *s) -{ - fprintf(stderr, "Usage: %s [options] [dn]...\n", s); - fprintf(stderr, " -c\t\tcontinuous operation mode\n"); - fprintf(stderr, " -D bindnd\tbind dn\n"); - fprintf(stderr, " -d level\tdebugging level\n"); - fprintf(stderr, " -f file\tread from file\n"); - fprintf(stderr, " -h host\tldap sever\n"); -#ifdef HAVE_KERBEROS - fprintf(stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf(stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n"); -#endif - fprintf(stderr, " -n\t\tmake no modifications\n"); - fprintf(stderr, " -p port\tldap port\n"); - fprintf(stderr, " -r\t\tremove old RDN\n"); - fprintf(stderr, " -v\t\tverbose\n"); - fprintf(stderr, " -W\t\tprompt for bind password\n"); - fprintf(stderr, " -w passwd\tbind password (for simple authentication)\n"); - exit(1); -} - static int domodrdn LDAP_P(( LDAP *ld, char *dn, @@ -48,172 +32,140 @@ static int domodrdn LDAP_P(( int main(int argc, char **argv) { - FILE *fp = NULL; - LDAP *ld = NULL; - char *myname, *infile, *entrydn, *rdn, buf[ 4096 ]; - char *binddn = NULL; - char *passwd = NULL; - char *ldaphost = NULL; - int rc, i, remove, havedn, want_passwd; - int authmethod = LDAP_AUTH_SIMPLE; - int ldapport = LDAP_PORT; + char *usage = "usage: %s [-nvkc] [-d debug-level] [-h ldaphost] [-p ldapport] [-D binddn] [-w passwd] [ -f file | < entryfile | dn newrdn ]\n"; + char *myname,*infile, *entrydn, *rdn, buf[ 4096 ]; + FILE *fp; + int rc, i, kerberos, remove, havedn, authmethod; + + infile = NULL; + kerberos = not = contoper = verbose = remove = 0; - infile = entrydn = rdn = NULL; - not = contoper = verbose = remove = want_passwd = 0; myname = (myname = strrchr(argv[0], '/')) == NULL ? argv[0] : ++myname; - while ((i = getopt(argc, argv, "cD:d:f:h:Kknp:rvWw:")) != EOF) - { - switch(i) - { - case 'c': /* continuous operation mode */ - contoper++; + while (( i = getopt( argc, argv, "kKcnvrh:p:D:w:d:f:" )) != EOF ) { + switch( i ) { + case 'k': /* kerberos bind */ + kerberos = 2; break; - - case 'D': /* bind DN */ + case 'K': /* kerberos bind, part one only */ + kerberos = 1; + break; + case 'c': /* continuous operation mode */ + ++contoper; + break; + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); + break; + case 'D': /* bind DN */ binddn = strdup( optarg ); break; - - case 'd': + case 'w': /* password */ + passwd = strdup( optarg ); + break; + case 'd': #ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi( optarg ); + ldap_debug = lber_debug = atoi( optarg ); /* */ #else /* LDAP_DEBUG */ fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); #endif /* LDAP_DEBUG */ break; - case 'f': /* read from file */ infile = strdup( optarg ); break; - - case 'h': /* ldap host */ - ldaphost = strdup( optarg ); - break; - - case 'K': /* kerberos bind, part one only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'k': /* kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'n': /* print adds, don't actually do them */ - not++; - break; - - case 'p': + case 'p': ldapport = atoi( optarg ); break; - - case 'r': /* remove old RDN */ - remove++; + case 'n': /* print adds, don't actually do them */ + ++not; break; - - case 'v': /* verbose mode */ + case 'v': /* verbose mode */ verbose++; break; - - case 'W': - want_passwd++; - break; - - case 'w': /* password */ - passwd = strdup(optarg); + case 'r': /* remove old RDN */ + remove++; break; - - default: - usage(argv[0]); + default: + fprintf( stderr, usage, argv[0] ); + exit( 1 ); } } havedn = 0; - if (argc - optind == 2) - { - if (( rdn = strdup( argv[argc - 1] )) == NULL ) - { + if (argc - optind == 2) { + if (( rdn = strdup( argv[argc - 1] )) == NULL ) { perror( "strdup" ); - return(1); + exit( 1 ); } - if (( entrydn = strdup( argv[argc - 2] )) == NULL ) - { + if (( entrydn = strdup( argv[argc - 2] )) == NULL ) { perror( "strdup" ); - return( 1 ); + exit( 1 ); } - havedn++; - } else if (argc - optind != 0) { - fprintf(stderr, "%s: invalid number of arguments, only two allowed\n", myname); - usage(argv[0]); + ++havedn; + } else if ( argc - optind != 0 ) { + fprintf( stderr, "%s: invalid number of arguments, only two allowed\n", myname); + fprintf( stderr, usage, argv[0] ); + exit( 1 ); } - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP password: ")); - - if (infile != NULL) - { - if ((fp = fopen( infile, "r" )) == NULL) - { - perror(infile); - return(1); + if ( infile != NULL ) { + if (( fp = fopen( infile, "r" )) == NULL ) { + perror( infile ); + exit( 1 ); } - } else + } else { fp = stdin; - - if ((ld = ldap_open(ldaphost, ldapport)) == NULL) - { - perror("ldap_open"); - return(1); } - /* this seems prudent */ - ldap_set_option(ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER); + if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { + perror( "ldap_open" ); + exit( 1 ); + } - if (ldap_bind_s(ld, binddn, passwd, authmethod) != LDAP_SUCCESS) - { - ldap_perror(ld, "ldap_bind"); - return(1); + /* this seems prudent */ + ldap_set_option( ld, LDAP_OPT_DEREF, LDAP_DEREF_NEVER); + + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } + if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_bind" ); + exit( 1 ); } rc = 0; if (havedn) rc = domodrdn(ld, entrydn, rdn, remove); else while ((rc == 0 || contoper) && fgets(buf, sizeof(buf), fp) != NULL) { - if (*buf != '\0') { /* blank lines optional, skip */ - buf[strlen(buf) - 1] = '\0'; /* remove nl */ + if ( *buf != '\0' ) { /* blank lines optional, skip */ + buf[ strlen( buf ) - 1 ] = '\0'; /* remove nl */ - if (havedn) - { - /* have DN, get RDN */ - if (( rdn = strdup( buf )) == NULL) - { + if ( havedn ) { /* have DN, get RDN */ + if (( rdn = strdup( buf )) == NULL ) { perror( "strdup" ); exit( 1 ); } rc = domodrdn(ld, entrydn, rdn, remove); havedn = 0; - } else if (!havedn) { - /* don't have DN yet */ - if (( entrydn = strdup( buf )) == NULL ) - { + } else if ( !havedn ) { /* don't have DN yet */ + if (( entrydn = strdup( buf )) == NULL ) { perror( "strdup" ); exit( 1 ); } - havedn++; + ++havedn; } } } - ldap_unbind(ld); + ldap_unbind( ld ); - return(rc); + exit( rc ); + + /* UNREACHABLE */ + return(0); } static int domodrdn( @@ -222,25 +174,26 @@ static int domodrdn( char *rdn, int remove) /* flag: remove old RDN */ { - int rc = LDAP_SUCCESS; + int i; - if (verbose) - { - printf("modrdn %s:\n\t%s\n", dn, rdn); + if ( verbose ) { + printf( "modrdn %s:\n\t%s\n", dn, rdn ); if (remove) printf("removing old RDN\n"); else printf("keeping old RDN\n"); } - if (!not) - { - rc = ldap_modrdn2_s(ld, dn, rdn, remove); - if (rc != LDAP_SUCCESS) - ldap_perror(ld, "ldap_modrdn2_s"); - else if (verbose) - printf("modrdn complete\n"); + if ( !not ) { + i = ldap_modrdn2_s( ld, dn, rdn, remove ); + if ( i != LDAP_SUCCESS ) { + ldap_perror( ld, "ldap_modrdn2_s" ); + } else if ( verbose ) { + printf( "modrdn complete\n" ); + } + } else { + i = LDAP_SUCCESS; } - return(rc); + return( i ); } diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index ce7e3f89a4..d5d18e36bd 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -1,26 +1,24 @@ /* - * Copyright 1998, David E. Storey, All rights reserved. - * This software is not subject to any license of The Murphy Group, Inc. - * or George Mason University. + * Copyright 1998, David E. Storey, All rights reserved. + * This software is not subject to any license of The Murphy Group, Inc. + * or George Mason University. * - * Redistribution and use in source and binary forms are permitted only - * as authorized by the OpenLDAP Public License. A copy of this - * license is available at http://www.OpenLDAP.org/license.html or - * in file LICENSE in the top-level directory of the distribution. + * Redistribution and use in source and binary forms are permitted only + * as authorized by the OpenLDAP Public License. A copy of this + * license is available at http://www.OpenLDAP.org/license.html or + * in file LICENSE in the top-level directory of the distribution. * - * ldappasswd.c - program to modify passwords in an LDAP tree + * ldappasswd.c - program to modify passwords in an LDAP tree * - * Author: David E. Storey + * Author: David E. Storey * - * ToDo: - * use entry's current hash type - * output ldif update - * option for referral handling? - * salts {ssha},{smd5} - * cracklib support? - * update "shadow" fields? - * update from system? - * create/view/change password policies? + * ToDo: option for referral handling + * cracklib support? + * kerberos support? (is this really necessary?) + * update "shadow" fields? + * create/view/change password policies? + * + * Note: I am totally FOR comments and suggestions! */ #include "portable.h" @@ -40,404 +38,217 @@ #include "ldapconfig.h" -#define CEILING(x) ((double)x > (int)x ? (int)x + 1 : (int)x) - #define LDAP_PASSWD_ATTRIB "userPassword" -#define LDAP_PASSWD_CONF DEFAULT_SYSCONFDIR"/passwd.conf" -#define HS_NONE 0 -#define HS_PLAIN 1 -#define HS_CONV 2 - -typedef enum -{ +typedef enum { HASHTYPE_NONE, HASHTYPE_CRYPT, HASHTYPE_MD5, - HASHTYPE_SMD5, - HASHTYPE_SHA1, - HASHTYPE_SSHA1 -} -HashTypes; + HASHTYPE_SHA1 +} HashTypes; -typedef struct salt_t -{ - unsigned char *salt; - unsigned int len; -} -Salt; - -typedef struct hash_t -{ +struct hash_t { char *name; - unsigned int namesz; - char *(*func) (const char *, Salt *); - unsigned char takes_salt; + int namesz; + int (*func)(const char *, char *); HashTypes type; - HashTypes type_salted; - unsigned int default_salt_len; -} -Hash; +}; -const unsigned char crypt64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./"; -const unsigned char autogen[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.,"; -int noupdates = 0; -int verbose = 0; -int want_entryhash = 0; -int auto_gen_pw = 0; +const char crypt64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./"; +char *base = NULL; +char *binddn = NULL; +char *bindpw = NULL; +char *ldaphost = "localhost"; +char *pwattr = LDAP_PASSWD_ATTRIB; +char *targetdn = NULL; +char *filtpattern = NULL; +int ldapport = LDAP_PORT; +int noupdates = 0; +int verbose = 0; +int hashtype = HASHTYPE_CRYPT; +int scope = LDAP_SCOPE_SUBTREE; /*** functions ***/ /* * if you'd like to write a better salt generator, please, be my guest. + * I just needed *something*. It's actually halfway effective for small, + * two character salts and it can come up with sequentially different + * salts. */ void -make_salt (Salt * salt, unsigned int len) +crypt_make_salt(char *salt) { struct timeval tv; + int i; + char t_salt[5]; - if (!salt) - return; + /* grab current time */ + gettimeofday(&tv, (struct timezone *) 0); + i += tv.tv_usec + (int)&salt; + strncpy(t_salt, (char *)&i, sizeof(i)); - /* seed random number generator */ - gettimeofday (&tv, NULL); - srand (tv.tv_usec); - - salt->len = len; - salt->salt = (unsigned char *) malloc (len); - - for (len = 0; len < salt->len; len++) - salt->salt[len] = (tv.tv_usec ^ rand ()) & 0xff; + for (i = 0; i < sizeof(i); i++) + salt[i] = crypt64[t_salt[i] % (sizeof(crypt64) - 1)]; + salt[i] = '\0'; } -char * -gen_pass(unsigned int len) +int +hash_none(const char *pw_in, char *pw_out) { - int i; - char *newpw = NULL; - Salt salt = {NULL, 0}; - - make_salt(&salt, len); - newpw = (char *)salt.salt; - - for (i = 0; i < len; i++) - newpw[i] = autogen[newpw[i] % (sizeof(autogen) - 1)]; - - return(newpw); + strcpy(pw_out, pw_in); + return(1); } -char * -hash_none (const char *pw_in, Salt * salt) +int +hash_crypt(const char *pw_in, char *pw_out) { - return (strdup (pw_in)); + char salt[5]; + crypt_make_salt(salt); + strcpy(pw_out, crypt(pw_in, salt)); + return(1); } -char * -hash_crypt (const char *pw_in, Salt * salt) -{ - char *crypted_pw = NULL; - if (salt && salt->salt && strlen ((char *) salt->salt) >= 2) - crypted_pw = crypt (pw_in, (char *) salt->salt); - else - { - Salt lsalt; - make_salt (&lsalt, 2); - lsalt.salt[0] = crypt64[lsalt.salt[0] % (sizeof (crypt64) - 1)]; - lsalt.salt[1] = crypt64[lsalt.salt[1] % (sizeof (crypt64) - 1)]; - crypted_pw = crypt (pw_in, (char *) lsalt.salt); - free (lsalt.salt); - } - return (strdup (crypted_pw)); -} - -char * -pw_encode(unsigned char *passwd, Salt *salt, unsigned int len) -{ - int salted = salt && salt->salt && salt->len; - int b64_len = 0; - char *base64digest = NULL; - unsigned char *npasswd = passwd; - - if (salted) - { - npasswd = (unsigned char *)malloc(len + salt->len); - memcpy(npasswd, passwd, len); - memcpy(&npasswd[len], salt->salt, salt->len); - len += salt->len; - } - - b64_len = CEILING (len / 3) * 4 + 1; - base64digest = (char *) malloc (b64_len); - if (lutil_b64_ntop (npasswd, len, base64digest, b64_len) < 0) - { - free(base64digest); - base64digest = NULL; - } - - if (salted) - free(npasswd); - - return(base64digest); -} - -char * -hash_md5 (const char *pw_in, Salt *salt) +int +hash_md5(const char *pw_in, char *pw_out) { lutil_MD5_CTX MD5context; unsigned char MD5digest[16]; - unsigned char *hashing_pw = (unsigned char *)pw_in; - char *base64digest = NULL; - int tot_len = strlen (pw_in); - int salted = (salt && salt->salt && salt->len); + char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */ - /* append salt to password */ - if (salted) - { - hashing_pw = (unsigned char *) malloc (tot_len + salt->len); - memcpy (hashing_pw, pw_in, tot_len); - memcpy (&hashing_pw[tot_len], salt->salt, salt->len); - tot_len += salt->len; - } + lutil_MD5Init(&MD5context); + lutil_MD5Update(&MD5context, (unsigned char *)pw_in, strlen(pw_in)); + lutil_MD5Final(MD5digest, &MD5context); + if (lutil_b64_ntop(MD5digest, sizeof(MD5digest), base64digest, sizeof(base64digest)) < 0) + return (0); - lutil_MD5Init (&MD5context); - lutil_MD5Update (&MD5context, hashing_pw, tot_len); - lutil_MD5Final (MD5digest, &MD5context); - - base64digest = pw_encode(MD5digest, salt, sizeof(MD5digest)); - - if (salted) - free (hashing_pw); - - return (base64digest); + strcpy(pw_out, base64digest); + return(1); } -char * -hash_sha1 (const char *pw_in, Salt * salt) +int +hash_sha1(const char *pw_in, char *pw_out) { lutil_SHA1_CTX SHA1context; unsigned char SHA1digest[20]; - unsigned char *hashing_pw = (unsigned char *)pw_in; - char *base64digest = NULL; - int tot_len = strlen (pw_in); - int salted = (salt && salt->salt); + char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */ - /* append salt to password */ - if (salted) - { - hashing_pw = (unsigned char *) malloc (tot_len + salt->len); - memcpy (hashing_pw, pw_in, tot_len); - memcpy (&hashing_pw[tot_len], salt->salt, salt->len); - tot_len += salt->len; - } + lutil_SHA1Init(&SHA1context); + lutil_SHA1Update(&SHA1context, (unsigned char *)pw_in, strlen(pw_in)); + lutil_SHA1Final(SHA1digest, &SHA1context); + if (lutil_b64_ntop(SHA1digest, sizeof(SHA1digest), base64digest, sizeof(base64digest)) < 0) + return(0); - lutil_SHA1Init (&SHA1context); - lutil_SHA1Update (&SHA1context, hashing_pw, tot_len); - lutil_SHA1Final (SHA1digest, &SHA1context); - - base64digest = pw_encode(SHA1digest, salt, sizeof(SHA1digest)); - - if (salted) - free (hashing_pw); - - return (base64digest); + strcpy(pw_out, base64digest); + return(1); } -static Hash hashes[] = -{ - {"none", 4, hash_none, 0, HASHTYPE_NONE, HASHTYPE_NONE, 0}, - {"crypt", 5, hash_crypt, 1, HASHTYPE_CRYPT, HASHTYPE_CRYPT, 2}, - {"md5", 3, hash_md5, 0, HASHTYPE_MD5, HASHTYPE_SMD5, 0}, - {"smd5", 4, hash_md5, 1, HASHTYPE_SMD5, HASHTYPE_SMD5, 4}, - {"sha", 3, hash_sha1, 0, HASHTYPE_SHA1, HASHTYPE_SSHA1, 0}, - {"ssha", 4, hash_sha1, 1, HASHTYPE_SSHA1, HASHTYPE_SSHA1, 4}, - {NULL, 0, NULL, 0, HASHTYPE_NONE, HASHTYPE_NONE, 0} +static struct hash_t hashes[] = { + {"none", 4, hash_none, HASHTYPE_NONE}, + {"crypt", 5, hash_crypt, HASHTYPE_CRYPT}, + {"md5", 3, hash_md5, HASHTYPE_MD5}, + {"sha", 3, hash_sha1, HASHTYPE_SHA1}, + {NULL, 0, NULL, HASHTYPE_NONE} }; int -modify_dn (LDAP * ld, char *targetdn, char *pwattr, char *oldpw, - char *newpw, HashTypes htype, Salt * salt) +modify_dn(LDAP *ld, char *targetdn, char *newpw) { int ret = 0; - int salted = salt->salt ? 1 : 0; - int want_salt = salt->len && !salted; - char *buf = NULL; - char *hashed_pw = NULL; - char *strvals[2] = {NULL, NULL}; - LDAPMod mod, *mods[2] = {&mod, NULL}; + char hashed_pw[128] = {'\0'}; + char buf[128] = {'\0'}; + char *strvals[2] = {buf, NULL}; + LDAPMod mod, *mods[2] = {&mod, NULL}; if (!ld || !targetdn || !newpw) - return (1); - - /* auto-generate password */ - if (auto_gen_pw) - newpw = gen_pass(auto_gen_pw); - - /* handle salt */ - if (want_salt) - { - make_salt (salt, salt->len); - htype = hashes[htype].type_salted; - } - else if (hashes[htype].default_salt_len) - { - /* user chose a salted hash and needs a salt */ - if (!salted) - { - want_salt++; - salt->len = hashes[htype].default_salt_len; - make_salt(salt, salt->len); - } - } + return(1); /* hash password */ - hashed_pw = hashes[htype].func (newpw, salt->len ? salt : NULL); - - /* return salt back to it's original state */ - if (want_salt) - { - free (salt->salt); - salt->salt = NULL; - } - - buf = (char *) malloc (hashes[htype].namesz + 3 + strlen (hashed_pw)); - if (htype) - sprintf (buf, "{%s}%s", hashes[htype].name, hashed_pw); + hashes[hashtype].func(newpw, hashed_pw); + if (hashtype) + sprintf(buf, "{%s}%s", hashes[hashtype].name, hashed_pw); else - sprintf (buf, "%s", hashed_pw); + sprintf(buf, "%s", hashed_pw); if (verbose > 0) { - printf ("%s", targetdn); + printf("%s", targetdn); if (verbose > 1) { - printf (":%s", buf); + printf(":%s", buf); if (verbose > 2) - printf (":%s", newpw); + printf(":%s", newpw); } - printf ("\n"); + printf("\n"); } - strvals[0] = buf; - mod.mod_vals.modv_strvals = strvals; + mod.mod_vals.modv_strvals = strvals; mod.mod_type = pwattr; mod.mod_op = LDAP_MOD_REPLACE; - if (!noupdates && (ret = ldap_modify_s (ld, targetdn, mods)) != LDAP_SUCCESS) - ldap_perror (ld, "ldap_modify_s"); - - free (hashed_pw); - free (buf); - return (ret); + if (!noupdates && (ret = ldap_modify_s(ld, targetdn, mods)) != LDAP_SUCCESS) + ldap_perror(ld, "ldap_modify_s"); + return(ret); } void -usage (char *s) +usage(char *s) { - fprintf (stderr, "Usage: %s [options] [filter]\n", s); - fprintf (stderr, " -a attrib\tpassword attribute (default: %s)\n", LDAP_PASSWD_ATTRIB); - fprintf (stderr, " -b basedn\tbasedn to perform searches\n"); -/* fprintf (stderr, " -C\t\tuse entry's current hash mechanism\n"); */ - fprintf (stderr, " -D binddn\tbind dn\n"); - fprintf (stderr, " -d level\tdebugging level\n"); - fprintf (stderr, " -E\t\tprompt for new password\n"); - fprintf (stderr, " -e passwd\tnew password\n"); - fprintf (stderr, " -g passlen\tauto-generate passwords with length pwlen\n"); - fprintf (stderr, " -H hash\thash type (default: crypt)\n"); - fprintf (stderr, " -h host\tldap server (default: localhost)\n"); -#ifdef HAVE_KERBEROS - fprintf (stderr, " -K\t\tuse Kerberos step 1\n"); - fprintf (stderr, " -k\t\tuse Kerberos\n"); -#endif - fprintf (stderr, " -l time\ttime limit\n"); - fprintf (stderr, " -n\t\tmake no modifications\n"); - fprintf (stderr, " -p port\tldap port\n"); - fprintf (stderr, " -s scope\tsearch scope: base, one, sub (default: sub)\n"); - fprintf (stderr, " -t targetdn\tdn to change password\n"); - fprintf (stderr, " -v\t\tverbose (more v's, more verbose)\n"); - fprintf (stderr, " -W\t\tprompt for bind password\n"); - fprintf (stderr, " -w passwd\tbind password (for simple authentication)\n"); - fprintf (stderr, " -Y saltlen\tsalt length to use\n"); -/* fprintf (stderr, " -y salt\tsalt to use\n"); */ - fprintf (stderr, " -z size\tsize limit\n"); - exit (1); + fprintf(stderr, "usage: %s [options] [filter]\n", s); + fprintf(stderr, "\t-a attrib password attribute (default: userPassword)\n"); + fprintf(stderr, "\t-b basedn basedn to perform searches\n"); + fprintf(stderr, "\t-c hash hash type: none, crypt, md5, sha (default: crypt)\n"); + fprintf(stderr, "\t-D binddn bind dn\n"); + fprintf(stderr, "\t-d level debugging level\n"); + fprintf(stderr, "\t-h host ldap server (default: localhost)\n"); + fprintf(stderr, "\t-l time time limit\n"); + fprintf(stderr, "\t-n make no modifications\n"); + fprintf(stderr, "\t-p port ldap port\n"); + fprintf(stderr, "\t-s scope search scope: base, one, sub (default: sub)\n"); + fprintf(stderr, "\t-t targetdn dn to change password\n"); + fprintf(stderr, "\t-W newpass new password\n"); + fprintf(stderr, "\t-w [passwd] bind password (for simple authentication)\n"); + fprintf(stderr, "\t-v verbose\n"); + fprintf(stderr, "\t-z size size limit\n"); + exit(1); } int -main (int argc, char *argv[]) +main(int argc, char *argv[]) { - char *base = NULL; - char *binddn = NULL; - char *bindpw = NULL; - char *filtpattern = NULL; - char *ldaphost = "localhost"; - char *targetdn = NULL; - char *pwattr = LDAP_PASSWD_ATTRIB; char *newpw = NULL; - int authmethod = LDAP_AUTH_SIMPLE; - int hashtype = HASHTYPE_CRYPT; int i, j; - int ldapport = LDAP_PORT; - int scope = LDAP_SCOPE_SUBTREE; int sizelimit = LDAP_NO_LIMIT; int timelimit = LDAP_NO_LIMIT; int want_bindpw = 0; - int want_newpw = 0; LDAP *ld; - Salt salt; - salt.salt = NULL; - salt.len = 0; - - if (argc == 1) - usage(argv[0]); - - while ((i = getopt (argc, argv, "a:b:C:D:d:Ee:g:H:h:Kkl:np:s:t:vWw:Y:y:z:")) != EOF) + while ((i = getopt(argc, argv, "D:W:a:b:c:d:h:l:np:s:t:vw::z:")) != EOF) { - switch (i) - { - case 'a': /* password attribute */ - pwattr = strdup (optarg); + switch(i) + { + case 'D': /* bind distinguished name */ + binddn = strdup(optarg); break; - case 'b': /* base search dn */ - base = strdup (optarg); + case 'W': /* new password */ + newpw = strdup(optarg); break; - case 'C': - want_entryhash++; + case 'a': /* password attribute */ + pwattr = strdup(optarg); break; - case 'D': /* bind distinguished name */ - binddn = strdup (optarg); + case 'b': /* base search dn */ + base = strdup(optarg); break; - case 'd': /* debugging option */ -#ifdef LDAP_DEBUG - ldap_debug = lber_debug = atoi (optarg); /* */ -#else - fprintf (stderr, "compile with -DLDAP_DEBUG for debugging\n"); -#endif - break; - - case 'E': /* prompt for new password */ - want_newpw++; - break; - - case 'e': /* new password */ - newpw = strdup (optarg); - break; - - case 'g': - auto_gen_pw = strtol(optarg, NULL, 10); - break; - - case 'H': /* hashes */ + case 'c': /* hashes */ for (j = 0; hashes[j].name; j++) { - if (!strncasecmp (optarg, hashes[j].name, hashes[j].namesz)) + if (!strncasecmp(optarg, hashes[j].name, hashes[j].namesz)) { hashtype = hashes[j].type; break; @@ -446,94 +257,75 @@ main (int argc, char *argv[]) if (!hashes[j].name) { - fprintf (stderr, "hash type: %s is unknown\n", optarg); - usage (argv[0]); + fprintf(stderr, "hash type: %s is unknown\n", optarg); + usage(argv[0]); } break; - case 'h': /* ldap host */ - ldaphost = strdup (optarg); + case 'd': /* debugging option */ +#ifdef LDAP_DEBUG + ldap_debug = lber_debug = atoi(optarg); /* */ +#else + fprintf(stderr, "compile with -DLDAP_DEBUG for debugging\n"); +#endif break; - case 'K': /* use kerberos bind, 1st part only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'k': /* use kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif - break; - - case 'l': /* time limit */ - timelimit = strtol (optarg, NULL, 10); + case 'h': /* ldap host */ + ldaphost = strdup(optarg); break; - case 'n': /* don't update entry(s) */ + case 'l': /* time limit */ + timelimit = strtol(optarg, NULL, 10); + break; + + case 'n': /* don't update entry(s) */ noupdates++; break; - case 'p': /* ldap port */ - ldapport = strtol (optarg, NULL, 10); + case 'p': /* ldap port */ + ldapport = strtol(optarg, NULL, 10); break; - case 's': /* scope */ - if (strncasecmp (optarg, "base", 4) == 0) + case 's': /* scope */ + if (strncasecmp(optarg, "base", 4) == 0) scope = LDAP_SCOPE_BASE; - else if (strncasecmp (optarg, "one", 3) == 0) + else if (strncasecmp(optarg, "one", 3) == 0) scope = LDAP_SCOPE_ONELEVEL; - else if (strncasecmp (optarg, "sub", 3) == 0) + else if (strncasecmp(optarg, "sub", 3) == 0) scope = LDAP_SCOPE_SUBTREE; - else - { - fprintf (stderr, "scope should be base, one, or sub\n"); - usage (argv[0]); + else { + fprintf(stderr, "scope should be base, one, or sub\n" ); + usage(argv[0]); } break; - case 't': /* target dn */ - targetdn = strdup (optarg); + case 't': /* target dn */ + targetdn = strdup(optarg); break; - case 'v': /* verbose */ + case 'v': /* verbose */ verbose++; break; - case 'W': /* promt for bind password */ - want_bindpw++; - break; + case 'w': /* bind password */ + if (optarg) + bindpw = strdup(optarg); + else + want_bindpw++; + break; - case 'w': /* bind password */ - bindpw = strdup (optarg); - break; - - case 'Y': /* salt length */ - salt.len = strtol (optarg, NULL, 10); - break; - - case 'y': /* user specified salt */ - salt.len = strlen (optarg); - salt.salt = (unsigned char *) strdup (optarg); - break; - - case 'z': /* time limit */ - sizelimit = strtol (optarg, NULL, 10); + case 'z': /* time limit */ + sizelimit = strtol(optarg, NULL, 10); break; default: - usage (argv[0]); + usage(argv[0]); } } /* grab filter */ if (!(argc - optind < 1)) - filtpattern = strdup (argv[optind]); + filtpattern = strdup(argv[optind]); /* check for target(s) */ if (!filtpattern && !targetdn) @@ -541,86 +333,70 @@ main (int argc, char *argv[]) /* handle bind password */ if (want_bindpw) - bindpw = strdup (getpass ("Enter LDAP password: ")); + bindpw = strdup(getpass("Enter LDAP password: ")); /* handle new password */ if (!newpw) { char *cknewpw; - newpw = strdup (getpass ("New password: ")); - cknewpw = getpass ("Re-enter new password: "); + newpw = strdup(getpass("New password: ")); + cknewpw = getpass("Re-enter new password: "); - if (strncmp (newpw, cknewpw, strlen (newpw))) + if (strncmp(newpw, cknewpw, strlen(newpw))) { - fprintf (stderr, "passwords do not match\n"); - return (1); + fprintf(stderr, "passwords do not match\n"); + return(1); } } /* connect to server */ - if ((ld = ldap_open (ldaphost, ldapport)) == NULL) + if ((ld = ldap_open(ldaphost, ldapport)) == NULL) { - perror (ldaphost); - return (1); + perror(ldaphost); + return(1); } /* set options */ - ldap_set_option (ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit); - ldap_set_option (ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit); + ldap_set_option(ld, LDAP_OPT_TIMELIMIT, (void *)&timelimit); + ldap_set_option(ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit); - /* authenticate to server */ - if (ldap_bind_s (ld, binddn, bindpw, authmethod) != LDAP_SUCCESS) + /* authenticate to server */ + if (ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { - ldap_perror (ld, "ldap_bind"); - return (1); - } - - if (targetdn) - { - if (want_entryhash) - { - fprintf (stderr, "insert code here (this path not implemented yet)\n"); - return (1); - } - else - modify_dn (ld, targetdn, pwattr, NULL, newpw, hashtype, &salt); + ldap_perror(ld, "ldap_bind"); + return(1); } if (filtpattern) { char filter[BUFSIZ]; LDAPMessage *result = NULL, *e = NULL; - char *attrs[3] = {"dn", NULL, NULL}; - attrs[1] = pwattr; + char *attrs[] = {"dn", NULL}; /* search */ - sprintf (filter, "%s", filtpattern); - i = ldap_search_s (ld, base, scope, filter, attrs, 0, &result); - if (i != LDAP_SUCCESS && - i != LDAP_TIMELIMIT_EXCEEDED && - i != LDAP_SIZELIMIT_EXCEEDED) + sprintf(filter, "%s", filtpattern); + i = ldap_search_s(ld, base, scope, filter, attrs, 1, &result); + if (i != LDAP_SUCCESS && i != LDAP_TIMELIMIT_EXCEEDED && i != LDAP_SIZELIMIT_EXCEEDED) { - ldap_perror (ld, "ldap_search_s"); - return (1); + ldap_perror(ld, "ldap_search_s"); + return(1); } - for (e = ldap_first_entry (ld, result); e; e = ldap_next_entry (ld, e)) + for (e = ldap_first_entry(ld, result); e; e = ldap_next_entry(ld, e)) { - char *dn = ldap_get_dn (ld, e); + char *dn = ldap_get_dn(ld, e); if (dn) { - struct berval **pw_vals = ldap_get_values_len (ld, e, pwattr); - modify_dn (ld, dn, pwattr, - pw_vals ? pw_vals[0]->bv_val : NULL, - newpw, hashtype, &salt); - if (pw_vals) - ldap_value_free_len (pw_vals); - free (dn); + modify_dn(ld, dn, newpw); + free(dn); } } } + if (targetdn) + modify_dn(ld, targetdn, newpw); + /* disconnect from server */ - ldap_unbind (ld); - return (0); + ldap_unbind(ld); + return(0); } diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index a5731b7deb..7ae964cd76 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -13,43 +13,42 @@ #define DEFSEP "=" + static void -usage(char *s) +usage( char *s ) { fprintf( stderr, "usage: %s [options] filter [attributes...]\nwhere:\n", s ); - fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" ); - fprintf( stderr, " attributes\twhitespace-separated list of attributes to retrieve\n" ); + fprintf( stderr, " filter\tRFC-1558 compliant LDAP search filter\n" ); + fprintf( stderr, " attributes\twhitespace-separated list of attributes to retrieve\n" ); fprintf( stderr, "\t\t(if no attribute list is given, all are retrieved)\n" ); fprintf( stderr, "options:\n" ); - fprintf( stderr, " -n\t\tshow what would be done but don't actually search\n" ); - fprintf( stderr, " -v\t\trun in verbose mode (diagnostics to standard output)\n" ); - fprintf( stderr, " -t\t\twrite values to files in /tmp\n" ); - fprintf( stderr, " -u\t\tinclude User Friendly entry names in the output\n" ); - fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" ); - fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" ); - fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" ); + fprintf( stderr, " -n\t\tshow what would be done but don't actually search\n" ); + fprintf( stderr, " -v\t\trun in verbose mode (diagnostics to standard output)\n" ); + fprintf( stderr, " -t\t\twrite values to files in /tmp\n" ); + fprintf( stderr, " -u\t\tinclude User Friendly entry names in the output\n" ); + fprintf( stderr, " -A\t\tretrieve attribute names only (no values)\n" ); + fprintf( stderr, " -B\t\tdo not suppress printing of non-ASCII values\n" ); + fprintf( stderr, " -L\t\tprint entries in LDIF format (-B is implied)\n" ); #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS - fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" ); + fprintf( stderr, " -R\t\tdo not automatically follow referrals\n" ); #endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_REFERRALS */ - fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" ); - fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" ); - fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" ); - fprintf( stderr, " -f file\tperform sequence of searches listed in `file'\n" ); - fprintf( stderr, " -b basedn\tbase dn for search\n" ); - fprintf( stderr, " -s scope\tone of base, one, or sub (search scope)\n" ); - fprintf( stderr, " -a deref\tone of never, always, search, or find (alias dereferencing)\n" ); - fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" ); - fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" ); - fprintf( stderr, " -D binddn\tbind dn\n" ); - fprintf( stderr, " -W \t\tprompt for bind passwd\n" ); - fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" ); + fprintf( stderr, " -d level\tset LDAP debugging level to `level'\n" ); + fprintf( stderr, " -F sep\tprint `sep' instead of `=' between attribute names and values\n" ); + fprintf( stderr, " -S attr\tsort the results by attribute `attr'\n" ); + fprintf( stderr, " -f file\tperform sequence of searches listed in `file'\n" ); + fprintf( stderr, " -b basedn\tbase dn for search\n" ); + fprintf( stderr, " -s scope\tone of base, one, or sub (search scope)\n" ); + fprintf( stderr, " -a deref\tone of never, always, search, or find (alias dereferencing)\n" ); + fprintf( stderr, " -l time lim\ttime limit (in seconds) for search\n" ); + fprintf( stderr, " -z size lim\tsize limit (in entries) for search\n" ); + fprintf( stderr, " -D binddn\tbind dn\n" ); + fprintf( stderr, " -w passwd\tbind passwd (for simple authentication)\n" ); #ifdef HAVE_KERBEROS - fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" ); - fprintf( stderr, " -K\t\tuse Kerberos step 1\n" ); + fprintf( stderr, " -k\t\tuse Kerberos instead of Simple Password authentication\n" ); #endif - fprintf( stderr, " -h host\tldap server\n" ); - fprintf( stderr, " -p port\tport on ldap server\n" ); - exit(1); + fprintf( stderr, " -h host\tldap server\n" ); + fprintf( stderr, " -p port\tport on ldap server\n" ); + exit( 1 ); } static void print_entry LDAP_P(( @@ -71,71 +70,46 @@ static int dosearch LDAP_P(( char *filtpatt, char *value)); +static char *binddn = NULL; +static char *passwd = NULL; +static char *base = NULL; +static char *ldaphost = NULL; +static int ldapport = 0; +static char *sep = DEFSEP; +static char *sortattr = NULL; static int skipsortattr = 0; static int verbose, not, includeufn, allow_binary, vals2tmp, ldif; -static char *sortattr = NULL; -static char *sep = DEFSEP; int -main(int argc, char **argv) +main( int argc, char **argv ) { - FILE *fp = NULL; - LDAP *ld = NULL; - char *infile = NULL; - char *filtpattern, **attrs, line[ BUFSIZ ]; - char *binddn = NULL; - char *passwd = NULL; - char *base = NULL; - char *ldaphost = NULL; - int rc, i, first, deref, attrsonly; - int referrals, timelimit, sizelimit, want_passwd; - int authmethod = LDAP_AUTH_SIMPLE; - int scope = LDAP_SCOPE_SUBTREE; - int ldapport = LDAP_PORT; + char *infile, *filtpattern, **attrs, line[ BUFSIZ ]; + FILE *fp; + int rc, i, first, scope, kerberos, deref, attrsonly; + int referrals, timelimit, sizelimit, authmethod; + LDAP *ld; - deref = verbose = allow_binary = not = vals2tmp = - attrsonly = ldif = want_passwd = 0; - referrals = (int)LDAP_OPT_ON; + infile = NULL; + deref = verbose = allow_binary = not = kerberos = vals2tmp = + attrsonly = ldif = 0; + referrals = (int) LDAP_OPT_ON; sizelimit = timelimit = 0; + scope = LDAP_SCOPE_SUBTREE; - while ((i = getopt(argc, argv, "Aa:Bb:D:d:h:f:F:KkLl:np:RS:s:tuvWw:z:")) != EOF) - { - switch(i) - { - case 'A': /* retrieve attribute names only -- no values */ - attrsonly++; + while (( i = getopt( argc, argv, +#ifdef HAVE_KERBEROS + "KknuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" +#else + "nuvtRABLD:s:f:h:b:d:p:F:a:w:l:z:S:" +#endif + )) != EOF ) { + switch( i ) { + case 'n': /* do Not do any searches */ + ++not; break; - - case 'a': /* set alias deref option */ - if (strncasecmp(optarg, "never", 5) == 0) { - deref = LDAP_DEREF_NEVER; - } else if (strncasecmp( optarg, "search", 5) == 0) { - deref = LDAP_DEREF_SEARCHING; - } else if (strncasecmp( optarg, "find", 4) == 0) { - deref = LDAP_DEREF_FINDING; - } else if (strncasecmp( optarg, "always", 6) == 0) { - deref = LDAP_DEREF_ALWAYS; - } else { - fprintf( stderr, "alias deref should be never, search, find, or always\n" ); - usage( argv[ 0 ] ); - } + case 'v': /* verbose mode */ + ++verbose; break; - - case 'L': /* print entries in LDIF format */ - ++ldif; - /* fall through -- always allow binary when outputting LDIF */ - case 'B': /* allow binary values to be printed */ - ++allow_binary; - break; - - case 'b': /* searchbase */ - base = strdup( optarg ); - break; - - case 'D': /* bind DN */ - binddn = strdup( optarg ); - break; - case 'd': #ifdef LDAP_DEBUG ldap_debug = lber_debug = atoi( optarg ); /* */ @@ -143,55 +117,32 @@ main(int argc, char **argv) fprintf( stderr, "compile with -DLDAP_DEBUG for debugging\n" ); #endif /* LDAP_DEBUG */ break; - - case 'F': /* field separator */ - sep = strdup( optarg ); +#ifdef HAVE_KERBEROS + case 'k': /* use kerberos bind */ + kerberos = 2; break; - - case 'f': /* input file */ - infile = strdup( optarg ); - break; - - case 'h': /* ldap host */ - ldaphost = strdup( optarg ); - break; - case 'K': /* use kerberos bind, 1st part only */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV41; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); + kerberos = 1; + break; #endif + case 'u': /* include UFN */ + ++includeufn; break; - - case 'k': /* use kerberos bind */ -#ifdef HAVE_KERBEROS - authmethod = LDAP_AUTH_KRBV4; -#else - fprintf(stderr, "%s was not compiled with Kerberos support\n", argv[0]); -#endif + case 't': /* write attribute values to /tmp files */ + ++vals2tmp; break; - - case 'l': /* time limit */ - timelimit = atoi( optarg ); + case 'R': /* don't automatically chase referrals */ + referrals = (int) LDAP_OPT_OFF; break; - - case 'n': /* do Not do any searches */ - ++not; + case 'A': /* retrieve attribute names only -- no values */ + ++attrsonly; break; - - case 'p': /* ldap port */ - ldapport = atoi( optarg ); + case 'L': /* print entries in LDIF format */ + ++ldif; + /* fall through -- always allow binary when outputting LDIF */ + case 'B': /* allow binary values to be printed */ + ++allow_binary; break; - - case 'R': /* don't automatically chase referrals */ - referrals = (int) LDAP_OPT_OFF; - break; - - case 'S': /* sort attribute */ - sortattr = strdup( optarg ); - break; - case 's': /* search scope */ if ( strncasecmp( optarg, "base", 4 ) == 0 ) { scope = LDAP_SCOPE_BASE; @@ -205,32 +156,53 @@ main(int argc, char **argv) } break; - case 't': /* write attribute values to /tmp files */ - ++vals2tmp; + case 'a': /* set alias deref option */ + if ( strncasecmp( optarg, "never", 5 ) == 0 ) { + deref = LDAP_DEREF_NEVER; + } else if ( strncasecmp( optarg, "search", 5 ) == 0 ) { + deref = LDAP_DEREF_SEARCHING; + } else if ( strncasecmp( optarg, "find", 4 ) == 0 ) { + deref = LDAP_DEREF_FINDING; + } else if ( strncasecmp( optarg, "always", 6 ) == 0 ) { + deref = LDAP_DEREF_ALWAYS; + } else { + fprintf( stderr, "alias deref should be never, search, find, or always\n" ); + usage( argv[ 0 ] ); + } break; - - case 'u': /* include UFN */ - ++includeufn; + + case 'F': /* field separator */ + sep = strdup( optarg ); break; - - case 'v': /* verbose mode */ - ++verbose; + case 'f': /* input file */ + infile = strdup( optarg ); break; - - case 'W': - want_passwd++; - break; - - case 'w': /* bind password */ + case 'h': /* ldap host */ + ldaphost = strdup( optarg ); + break; + case 'b': /* searchbase */ + base = strdup( optarg ); + break; + case 'D': /* bind DN */ + binddn = strdup( optarg ); + break; + case 'p': /* ldap port */ + ldapport = atoi( optarg ); + break; + case 'w': /* bind password */ passwd = strdup( optarg ); break; - - case 'z': /* size limit */ + case 'l': /* time limit */ + timelimit = atoi( optarg ); + break; + case 'z': /* size limit */ sizelimit = atoi( optarg ); break; - - default: - usage(argv[0]); + case 'S': /* sort attribute */ + sortattr = strdup( optarg ); + break; + default: + usage( argv[0] ); } } @@ -257,42 +229,47 @@ main(int argc, char **argv) attrs = &argv[ optind ]; } - if (want_passwd && !passwd) - passwd = strdup(getpass("Enter LDAP password: ")); - if ( infile != NULL ) { if ( infile[0] == '-' && infile[1] == '\0' ) { fp = stdin; - } else if ((fp = fopen(infile, "r")) == NULL) { - perror(infile); - exit(1); + } else if (( fp = fopen( infile, "r" )) == NULL ) { + perror( infile ); + exit( 1 ); } } - if (verbose) - printf("ldap_open(%s, %d)\n", ldaphost, ldapport); - - if ((ld = ldap_open(ldaphost, ldapport)) == NULL) { - perror(ldaphost); - return(1); + if ( verbose ) { + printf( "ldap_open( %s, %d )\n", ldaphost, ldapport ); } - if (ldap_set_option(ld, LDAP_OPT_DEREF, (void *)&deref) == -1 ) { - /* set option error */ - } - if (ldap_set_option(ld, LDAP_OPT_TIMELIMIT, (void *)&timelimit) == -1 ) { - /* set option error */ - } - if (ldap_set_option(ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit) == -1 ) { - /* set option error */ - } - if (ldap_set_option(ld, LDAP_OPT_REFERRALS, (void *)referrals) == -1 ) { - /* set option error */ + if (( ld = ldap_open( ldaphost, ldapport )) == NULL ) { + perror( ldaphost ); + exit( 1 ); } + if (ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) == -1 ) { + /* set option error */ + } + if (ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) == -1 ) { + /* set option error */ + } + if (ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) == -1 ) { + /* set option error */ + } + if (ldap_set_option( ld, LDAP_OPT_REFERRALS, (void *) referrals ) == -1 ) { + /* set option error */ + } + + if ( !kerberos ) { + authmethod = LDAP_AUTH_SIMPLE; + } else if ( kerberos == 1 ) { + authmethod = LDAP_AUTH_KRBV41; + } else { + authmethod = LDAP_AUTH_KRBV4; + } if ( ldap_bind_s( ld, binddn, passwd, authmethod ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_bind" ); - return(1); + exit( 1 ); } if ( verbose ) {