public

OpenLDAP: [PATCH] slappasswd: Read slapd.conf to load dynamic password hash modules (obsolete)

  • Download Gist
openldap-2.4.31-slappasswd-read-config.patch
Diff
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
From a211ba9874f5706d2646c84d3af72f324d5d0333 Mon Sep 17 00:00:00 2001
From: SATOH Fumiyasu <fumiyas@osstech.co.jp>
Date: Thu, 31 May 2012 01:56:08 +0900
Subject: [PATCH] slappasswd: Read slapd.conf to load dynamic password hash
modules
 
---
doc/man/man8/slappasswd.8 | 21 +++++++++++++++++++
servers/slapd/slappasswd.c | 48 +++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 68 insertions(+), 1 deletion(-)
 
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index dbd28fd..d92f86e 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -9,6 +9,10 @@ slappasswd \- OpenLDAP password utility
[\c
.BR \-v ]
[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
.BR \-u ]
[\c
.BR \-g \||\| \-s \ \fIsecret\fR \||\| \fB\-T \ \fIfile\fR]
@@ -38,6 +42,23 @@ configuration directive.
.B \-v
enable verbose mode.
.TP
+.BI \-f \ slapd.conf
+specify a
+.BR slapd.conf (5)
+file to load dynamically loadable password hash modules specified
+in it by \fBmoduleload\fP parameter.
+.TP
+.BI \-F \ confdir
+specify a config directory to load dynamically loadable password
+hash modules specified in it by \fBolcModuleLoad\fP attribute.
+If both
+.B \-f
+and
+.B \-F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, no config is read.
+.TP
.B \-u
Generate RFC 2307 userPassword values (the default). Future
versions of this program may generate alternative syntaxes
diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c
index cfd6981..11ad10a 100644
--- a/servers/slapd/slappasswd.c
+++ b/servers/slapd/slappasswd.c
@@ -62,6 +62,11 @@ usage(const char *s)
int
slappasswd( int argc, char *argv[] )
{
+ int rc;
+ int confread = 0;
+ char *conffile = NULL;
+ char *confdir = NULL;
+ int mode = SLAP_TOOL_MODE | SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
#ifdef LUTIL_SHA1_BYTES
char *default_scheme = "{SSHA}";
#else
@@ -79,8 +84,15 @@ slappasswd( int argc, char *argv[] )
struct berval passwd = BER_BVNULL;
struct berval hash;
+#ifdef LDAP_DEBUG
+ /* tools default to "none", so that at least LDAP_DEBUG_ANY
+ * messages show up; use -d 0 to reset */
+ slap_debug = LDAP_DEBUG_NONE;
+#endif
+ ldap_syslog = 0;
+
while( (i = getopt( argc, argv,
- "c:d:gh:ns:T:vu" )) != EOF )
+ "c:d:f:F:gh:ns:T:vu" )) != EOF )
{
switch (i) {
case 'c': /* crypt salt format */
@@ -88,6 +100,22 @@ slappasswd( int argc, char *argv[] )
lutil_salt_format( optarg );
break;
+ case 'f': /* specify a conf file */
+ confread = 1;
+ /* Read the default one if "-" is specified */
+ if ( strcmp( optarg, "-" ) ) {
+ conffile = ch_strdup( optarg );
+ }
+ break;
+
+ case 'F': /* specify a conf dir */
+ confread = 1;
+ /* Read the default one if "-" is specified */
+ if ( strcmp( optarg, "-" ) ) {
+ confdir = ch_strdup( optarg );
+ }
+ break;
+
case 'g': /* new password (generate) */
if ( pwfile != NULL ) {
fprintf( stderr, "Option -g incompatible with -T\n" );
@@ -165,6 +193,24 @@ slappasswd( int argc, char *argv[] )
usage( progname );
}
+ /* Read slapd.conf or cn=config if requested to load dynamically
+ * loadable password hash modules specified in config */
+ if ( confread ) {
+ rc = slap_init( mode, progname );
+ if ( rc != 0 ) {
+ fprintf( stderr, "%s: slap_init failed!\n", progname );
+ exit( EXIT_FAILURE );
+ }
+
+ rc = read_config( conffile, confdir );
+
+ if ( rc != 0 ) {
+ fprintf( stderr, "%s: bad configuration %s!\n",
+ progname, confdir ? "directory" : "file" );
+ exit( EXIT_FAILURE );
+ }
+ }
+
if( pwfile != NULL ) {
if( lutil_get_filed_password( pwfile, &passwd )) {
return EXIT_FAILURE;
--
1.7.10

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.