Re: commit: ldap/servers/slapd slappasswd.c

Wed, 10 May 2006 15:53:13 -0700

I had already done something like this; I think the generate option should ignore all other options and simply print the cleartext: 

[EMAIL PROTECTED] wrote:

Update of /repo/OpenLDAP/pkg/ldap/servers/slapd

Modified Files:
        slappasswd.c  1.5 -> 1.6

Log Message:
allow slappasswd to generate cleartext secret

CVS Web URLs:
  http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/
    http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/slappasswd.c

Changes are generally available on cvs.openldap.org (and CVSweb)
within 30 minutes of being committed.

.




--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/


Index: slappasswd.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/slappasswd.c,v
retrieving revision 1.5
diff -u -r1.5 slappasswd.c
--- slappasswd.c        3 Jan 2006 22:12:16 -0000       1.5
+++ slappasswd.c        10 May 2006 22:43:06 -0000
@@ -34,6 +34,7 @@
 #include <ldap.h>
 #include <lutil.h>
 #include <lutil_sha1.h>
+#include <lber_pvt.h>
 
 #include "ldap_defaults.h"
 
@@ -45,6 +46,7 @@
        fprintf(stderr,
                "Usage: %s [options]\n"
                "  -h hash\tpassword scheme\n"
+               "  -r\t\tgenerate random password\n"
                "  -s secret\tnew password\n"
                "  -c format\tcrypt(3) salt format\n"
                "  -u\t\tgenerate RFC2307 values (default)\n"
@@ -70,11 +72,11 @@
        const char *progname = "slappasswd";
 
        int             i;
-       struct berval passwd;
+       struct berval passwd = BER_BVNULL;
        struct berval hash;
 
        while( (i = getopt( argc, argv,
-               "c:d:h:s:T:vu" )) != EOF )
+               "c:d:h:rs:T:vu" )) != EOF )
        {
                switch (i) {
                case 'c':       /* crypt salt format */
@@ -86,6 +88,13 @@
                        scheme = strdup( optarg );
                        break;
 
+               case 'r':       /* generate random password */
+                       if ( lutil_passwd_generate( &passwd, 8 )) {
+                               fprintf( stderr, "random generation failed\n" );
+                               return EXIT_FAILURE;
+                       }
+                       break;
+
                case 's':       /* new password (secret) */
                        {
                                char* p;
@@ -120,7 +129,7 @@
                if( lutil_get_filed_password( pwfile, &passwd )) {
                        return EXIT_FAILURE;
                }
-       } else {
+       } else if ( BER_BVISEMPTY( &passwd )) {
                if( newpw == NULL ) {
                        /* prompt for new password */
                        char *cknewpw;
@@ -135,6 +144,10 @@
 
                passwd.bv_val = newpw;
                passwd.bv_len = strlen(passwd.bv_val);
+       } else {
+               /* Print the plaintext generated password */
+               printf( "%s\n", passwd.bv_val );
+               return EXIT_SUCCESS;
        }
 
        lutil_passwd_hash( &passwd, scheme, &hash, &text );

Reply via email to