Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
OpenLDAP: [PATCH] slappasswd: Read slapd.conf to load dynamic password hash modules (obsolete)
From a211ba9874f5706d2646c84d3af72f324d5d0333 Mon Sep 17 00:00:00 2001
From: SATOH Fumiyasu <fumiyas@osstech.co.jp>
Date: Thu, 31 May 2012 01:56:08 +0900
Subject: [PATCH] slappasswd: Read slapd.conf to load dynamic password hash
modules
---
doc/man/man8/slappasswd.8 | 21 +++++++++++++++++++
servers/slapd/slappasswd.c | 48 +++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 68 insertions(+), 1 deletion(-)
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index dbd28fd..d92f86e 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -9,6 +9,10 @@ slappasswd \- OpenLDAP password utility
[\c
.BR \-v ]
[\c
+.BI \-f \ slapd.conf\fR]
+[\c
+.BI \-F \ confdir\fR]
+[\c
.BR \-u ]
[\c
.BR \-g \||\| \-s \ \fIsecret\fR \||\| \fB\-T \ \fIfile\fR]
@@ -38,6 +42,23 @@ configuration directive.
.B \-v
enable verbose mode.
.TP
+.BI \-f \ slapd.conf
+specify a
+.BR slapd.conf (5)
+file to load dynamically loadable password hash modules specified
+in it by \fBmoduleload\fP parameter.
+.TP
+.BI \-F \ confdir
+specify a config directory to load dynamically loadable password
+hash modules specified in it by \fBolcModuleLoad\fP attribute.
+If both
+.B \-f
+and
+.B \-F
+are specified, the config file will be read and converted to
+config directory format and written to the specified directory.
+If neither option is specified, no config is read.
+.TP
.B \-u
Generate RFC 2307 userPassword values (the default). Future
versions of this program may generate alternative syntaxes
diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c
index cfd6981..11ad10a 100644
--- a/servers/slapd/slappasswd.c
+++ b/servers/slapd/slappasswd.c
@@ -62,6 +62,11 @@ usage(const char *s)
int
slappasswd( int argc, char *argv[] )
{
+ int rc;
+ int confread = 0;
+ char *conffile = NULL;
+ char *confdir = NULL;
+ int mode = SLAP_TOOL_MODE | SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
#ifdef LUTIL_SHA1_BYTES
char *default_scheme = "{SSHA}";
#else
@@ -79,8 +84,15 @@ slappasswd( int argc, char *argv[] )
struct berval passwd = BER_BVNULL;
struct berval hash;
+#ifdef LDAP_DEBUG
+ /* tools default to "none", so that at least LDAP_DEBUG_ANY
+ * messages show up; use -d 0 to reset */
+ slap_debug = LDAP_DEBUG_NONE;
+#endif
+ ldap_syslog = 0;
+
while( (i = getopt( argc, argv,
- "c:d:gh:ns:T:vu" )) != EOF )
+ "c:d:f:F:gh:ns:T:vu" )) != EOF )
{
switch (i) {
case 'c': /* crypt salt format */
@@ -88,6 +100,22 @@ slappasswd( int argc, char *argv[] )
lutil_salt_format( optarg );
break;
+ case 'f': /* specify a conf file */
+ confread = 1;
+ /* Read the default one if "-" is specified */
+ if ( strcmp( optarg, "-" ) ) {
+ conffile = ch_strdup( optarg );
+ }
+ break;
+
+ case 'F': /* specify a conf dir */
+ confread = 1;
+ /* Read the default one if "-" is specified */
+ if ( strcmp( optarg, "-" ) ) {
+ confdir = ch_strdup( optarg );
+ }
+ break;
+
case 'g': /* new password (generate) */
if ( pwfile != NULL ) {
fprintf( stderr, "Option -g incompatible with -T\n" );
@@ -165,6 +193,24 @@ slappasswd( int argc, char *argv[] )
usage( progname );
}
+ /* Read slapd.conf or cn=config if requested to load dynamically
+ * loadable password hash modules specified in config */
+ if ( confread ) {
+ rc = slap_init( mode, progname );
+ if ( rc != 0 ) {
+ fprintf( stderr, "%s: slap_init failed!\n", progname );
+ exit( EXIT_FAILURE );
+ }
+
+ rc = read_config( conffile, confdir );
+
+ if ( rc != 0 ) {
+ fprintf( stderr, "%s: bad configuration %s!\n",
+ progname, confdir ? "directory" : "file" );
+ exit( EXIT_FAILURE );
+ }
+ }
+
if( pwfile != NULL ) {
if( lutil_get_filed_password( pwfile, &passwd )) {
return EXIT_FAILURE;
--
1.7.10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.