Created
May 31, 2012 04:26
-
-
Save fumiyas/2841031 to your computer and use it in GitHub Desktop.
OpenLDAP: [PATCH] slappasswd: Add support loading a dynamically loadable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 9cb4cb040e77372ea892bba81136d2741a6707bb Mon Sep 17 00:00:00 2001 | |
From: SATOH Fumiyasu <fumiyas@osstech.co.jp> | |
Date: Thu, 31 May 2012 13:13:41 +0900 | |
Subject: [PATCH] slappasswd: Add support loading a dynamically loadable | |
module | |
Add "-o module-path=<pathspec>" and "-o module-load=<filename>" | |
options to load a dynamically loadable password hash module | |
(e.g., slapd-sha2). | |
--- | |
doc/man/man8/slappasswd.8 | 18 ++++++++- | |
servers/slapd/slappasswd.c | 89 ++++++++++++++++++++++++++++++++++++++++---- | |
2 files changed, 99 insertions(+), 8 deletions(-) | |
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8 | |
index dbd28fd..6a5b761 100644 | |
--- a/doc/man/man8/slappasswd.8 | |
+++ b/doc/man/man8/slappasswd.8 | |
@@ -18,7 +18,8 @@ slappasswd \- OpenLDAP password utility | |
.BI \-c \ salt-format\fR] | |
[\c | |
.BR \-n ] | |
-.B | |
+[\c | |
+.BI \-o \ option\fR[ = value\fR]] | |
.LP | |
.SH DESCRIPTION | |
.LP | |
@@ -154,6 +155,21 @@ which provides 31 characters of salt. | |
.BI \-n | |
Omit the trailing newline; useful to pipe the credentials | |
into a command. | |
+.TP | |
+.BI \-o \ option\fR[ = value\fR] | |
+Specify an | |
+.I option | |
+with a(n optional) | |
+.IR value . | |
+Possible generic options/values are: | |
+.LP | |
+.nf | |
+ module\-path=<pathspec> (see `\fBmodulepath\fP' in slapd.conf(5)) | |
+ module\-load=<filename> (see `\fBmoduleload\fP' in slapd.conf(5)) | |
+ | |
+.in | |
+You can load a dynamically loadable password hash module by | |
+using this option. | |
.SH LIMITATIONS | |
The practice of storing hashed passwords in userPassword violates | |
Standard Track (RFC 4519) schema specifications and may hinder | |
diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c | |
index cfd6981..4238f0c 100644 | |
--- a/servers/slapd/slappasswd.c | |
+++ b/servers/slapd/slappasswd.c | |
@@ -40,6 +40,8 @@ | |
#include "slap.h" | |
static int verbose = 0; | |
+static char *modulepath = NULL; | |
+static char *moduleload = NULL; | |
static void | |
usage(const char *s) | |
@@ -50,6 +52,9 @@ usage(const char *s) | |
" -g\t\tgenerate random password\n" | |
" -h hash\tpassword scheme\n" | |
" -n\t\tomit trailing newline\n" | |
+ " -o <opt>[=val] specify an option with a(n optional) value\n" | |
+ " \tmodule-path=<pathspec>\n" | |
+ " \tmodule-load=<filename>\n" | |
" -s secret\tnew password\n" | |
" -u\t\tgenerate RFC2307 values (default)\n" | |
" -v\t\tincrease verbosity\n" | |
@@ -59,9 +64,39 @@ usage(const char *s) | |
exit( EXIT_FAILURE ); | |
} | |
+static int | |
+parse_slappasswdopt( void ) | |
+{ | |
+ size_t len = 0; | |
+ char *p; | |
+ | |
+ p = strchr( optarg, '=' ); | |
+ if ( p != NULL ) { | |
+ len = p - optarg; | |
+ p++; | |
+ } | |
+ | |
+ if ( strncasecmp( optarg, "module-path", len ) == 0 ) { | |
+ if ( modulepath ) | |
+ ch_free( modulepath ); | |
+ modulepath = ch_strdup( p ); | |
+ | |
+ } else if ( strncasecmp( optarg, "module-load", len ) == 0 ) { | |
+ if ( moduleload ) | |
+ ch_free( moduleload ); | |
+ moduleload = ch_strdup( p ); | |
+ | |
+ } else { | |
+ return -1; | |
+ } | |
+ | |
+ return 0; | |
+} | |
+ | |
int | |
slappasswd( int argc, char *argv[] ) | |
{ | |
+ int rc = EXIT_SUCCESS; | |
#ifdef LUTIL_SHA1_BYTES | |
char *default_scheme = "{SSHA}"; | |
#else | |
@@ -79,8 +114,15 @@ slappasswd( int argc, char *argv[] ) | |
struct berval passwd = BER_BVNULL; | |
struct berval hash; | |
+#ifdef LDAP_DEBUG | |
+ /* tools default to "none", so that at least LDAP_DEBUG_ANY | |
+ * messages show up; use -d 0 to reset */ | |
+ slap_debug = LDAP_DEBUG_NONE; | |
+#endif | |
+ ldap_syslog = 0; | |
+ | |
while( (i = getopt( argc, argv, | |
- "c:d:gh:ns:T:vu" )) != EOF ) | |
+ "c:d:gh:no:s:T:vu" )) != EOF ) | |
{ | |
switch (i) { | |
case 'c': /* crypt salt format */ | |
@@ -117,6 +159,12 @@ slappasswd( int argc, char *argv[] ) | |
newline = ""; | |
break; | |
+ case 'o': | |
+ if ( parse_slappasswdopt() ) { | |
+ usage ( progname ); | |
+ } | |
+ break; | |
+ | |
case 's': /* new password (secret) */ | |
if ( pwfile != NULL ) { | |
fprintf( stderr, "Option -s incompatible with -T\n" ); | |
@@ -163,11 +211,29 @@ slappasswd( int argc, char *argv[] ) | |
if( argc - optind != 0 ) { | |
usage( progname ); | |
- } | |
+ } | |
+ | |
+#ifdef SLAPD_MODULES | |
+ if ( module_init() != 0 ) { | |
+ fprintf( stderr, "%s: module_init failed\n", progname ); | |
+ return EXIT_FAILURE; | |
+ } | |
+ | |
+ if ( modulepath && module_path(modulepath) ) { | |
+ rc = EXIT_FAILURE; | |
+ goto destroy; | |
+ } | |
+ | |
+ if ( moduleload && module_load(moduleload, 0, NULL) ) { | |
+ rc = EXIT_FAILURE; | |
+ goto destroy; | |
+ } | |
+#endif | |
if( pwfile != NULL ) { | |
if( lutil_get_filed_password( pwfile, &passwd )) { | |
- return EXIT_FAILURE; | |
+ rc = EXIT_FAILURE; | |
+ goto destroy; | |
} | |
} else if ( BER_BVISEMPTY( &passwd )) { | |
if( newpw == NULL ) { | |
@@ -178,7 +244,8 @@ slappasswd( int argc, char *argv[] ) | |
if( strcmp( newpw, cknewpw )) { | |
fprintf( stderr, "Password values do not match\n" ); | |
- return EXIT_FAILURE; | |
+ rc = EXIT_FAILURE; | |
+ goto destroy; | |
} | |
} | |
@@ -194,16 +261,24 @@ slappasswd( int argc, char *argv[] ) | |
fprintf( stderr, | |
"Password generation failed for scheme %s: %s\n", | |
scheme, text ? text : "" ); | |
- return EXIT_FAILURE; | |
+ rc = EXIT_FAILURE; | |
+ goto destroy; | |
} | |
if( lutil_passwd( &hash, &passwd, NULL, &text ) ) { | |
fprintf( stderr, "Password verification failed. %s\n", | |
text ? text : "" ); | |
- return EXIT_FAILURE; | |
+ rc = EXIT_FAILURE; | |
+ goto destroy; | |
} | |
print_pw:; | |
printf( "%s%s" , hash.bv_val, newline ); | |
- return EXIT_SUCCESS; | |
+ | |
+destroy:; | |
+#ifdef SLAPD_MODULES | |
+ module_kill(); | |
+#endif | |
+ | |
+ return rc; | |
} | |
-- | |
1.7.10 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment