Created
May 8, 2012 04:25
-
-
Save fumiyas/2632560 to your computer and use it in GitHub Desktop.
OpenLDAP: [PATCH] slappasswd: Read slapd.conf to load dynamic password hash modules (obsolete)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From a211ba9874f5706d2646c84d3af72f324d5d0333 Mon Sep 17 00:00:00 2001 | |
From: SATOH Fumiyasu <fumiyas@osstech.co.jp> | |
Date: Thu, 31 May 2012 01:56:08 +0900 | |
Subject: [PATCH] slappasswd: Read slapd.conf to load dynamic password hash | |
modules | |
--- | |
doc/man/man8/slappasswd.8 | 21 +++++++++++++++++++ | |
servers/slapd/slappasswd.c | 48 +++++++++++++++++++++++++++++++++++++++++++- | |
2 files changed, 68 insertions(+), 1 deletion(-) | |
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8 | |
index dbd28fd..d92f86e 100644 | |
--- a/doc/man/man8/slappasswd.8 | |
+++ b/doc/man/man8/slappasswd.8 | |
@@ -9,6 +9,10 @@ slappasswd \- OpenLDAP password utility | |
[\c | |
.BR \-v ] | |
[\c | |
+.BI \-f \ slapd.conf\fR] | |
+[\c | |
+.BI \-F \ confdir\fR] | |
+[\c | |
.BR \-u ] | |
[\c | |
.BR \-g \||\| \-s \ \fIsecret\fR \||\| \fB\-T \ \fIfile\fR] | |
@@ -38,6 +42,23 @@ configuration directive. | |
.B \-v | |
enable verbose mode. | |
.TP | |
+.BI \-f \ slapd.conf | |
+specify a | |
+.BR slapd.conf (5) | |
+file to load dynamically loadable password hash modules specified | |
+in it by \fBmoduleload\fP parameter. | |
+.TP | |
+.BI \-F \ confdir | |
+specify a config directory to load dynamically loadable password | |
+hash modules specified in it by \fBolcModuleLoad\fP attribute. | |
+If both | |
+.B \-f | |
+and | |
+.B \-F | |
+are specified, the config file will be read and converted to | |
+config directory format and written to the specified directory. | |
+If neither option is specified, no config is read. | |
+.TP | |
.B \-u | |
Generate RFC 2307 userPassword values (the default). Future | |
versions of this program may generate alternative syntaxes | |
diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c | |
index cfd6981..11ad10a 100644 | |
--- a/servers/slapd/slappasswd.c | |
+++ b/servers/slapd/slappasswd.c | |
@@ -62,6 +62,11 @@ usage(const char *s) | |
int | |
slappasswd( int argc, char *argv[] ) | |
{ | |
+ int rc; | |
+ int confread = 0; | |
+ char *conffile = NULL; | |
+ char *confdir = NULL; | |
+ int mode = SLAP_TOOL_MODE | SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY; | |
#ifdef LUTIL_SHA1_BYTES | |
char *default_scheme = "{SSHA}"; | |
#else | |
@@ -79,8 +84,15 @@ slappasswd( int argc, char *argv[] ) | |
struct berval passwd = BER_BVNULL; | |
struct berval hash; | |
+#ifdef LDAP_DEBUG | |
+ /* tools default to "none", so that at least LDAP_DEBUG_ANY | |
+ * messages show up; use -d 0 to reset */ | |
+ slap_debug = LDAP_DEBUG_NONE; | |
+#endif | |
+ ldap_syslog = 0; | |
+ | |
while( (i = getopt( argc, argv, | |
- "c:d:gh:ns:T:vu" )) != EOF ) | |
+ "c:d:f:F:gh:ns:T:vu" )) != EOF ) | |
{ | |
switch (i) { | |
case 'c': /* crypt salt format */ | |
@@ -88,6 +100,22 @@ slappasswd( int argc, char *argv[] ) | |
lutil_salt_format( optarg ); | |
break; | |
+ case 'f': /* specify a conf file */ | |
+ confread = 1; | |
+ /* Read the default one if "-" is specified */ | |
+ if ( strcmp( optarg, "-" ) ) { | |
+ conffile = ch_strdup( optarg ); | |
+ } | |
+ break; | |
+ | |
+ case 'F': /* specify a conf dir */ | |
+ confread = 1; | |
+ /* Read the default one if "-" is specified */ | |
+ if ( strcmp( optarg, "-" ) ) { | |
+ confdir = ch_strdup( optarg ); | |
+ } | |
+ break; | |
+ | |
case 'g': /* new password (generate) */ | |
if ( pwfile != NULL ) { | |
fprintf( stderr, "Option -g incompatible with -T\n" ); | |
@@ -165,6 +193,24 @@ slappasswd( int argc, char *argv[] ) | |
usage( progname ); | |
} | |
+ /* Read slapd.conf or cn=config if requested to load dynamically | |
+ * loadable password hash modules specified in config */ | |
+ if ( confread ) { | |
+ rc = slap_init( mode, progname ); | |
+ if ( rc != 0 ) { | |
+ fprintf( stderr, "%s: slap_init failed!\n", progname ); | |
+ exit( EXIT_FAILURE ); | |
+ } | |
+ | |
+ rc = read_config( conffile, confdir ); | |
+ | |
+ if ( rc != 0 ) { | |
+ fprintf( stderr, "%s: bad configuration %s!\n", | |
+ progname, confdir ? "directory" : "file" ); | |
+ exit( EXIT_FAILURE ); | |
+ } | |
+ } | |
+ | |
if( pwfile != NULL ) { | |
if( lutil_get_filed_password( pwfile, &passwd )) { | |
return EXIT_FAILURE; | |
-- | |
1.7.10 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment