static int ndmp_get_password(char **password) { char *pw1, pw2[257]; int i; for (i = 0; i < NDMP_PASSWORD_RETRIES; i++) { /* * getpassphrase use the same buffer to return password, so * copy the result in different buffer, before calling the * getpassphrase again. */ if ((pw1 = getpassphrase(gettext("Enter new password: "******"Re-enter password: "******"Both password did not " "match.\n")); } } } } return (-1); }
/* * Prompt the user for a ldap bind password. */ static int get_ldap_bindPassword(char **ret_bindPass) { char bindPassword[BUFSIZ]; char prompt[BUFSIZ]; char *bindPass = NULL; /* set the initial value for bindPassword buffer */ (void) memset(bindPassword, 0, BUFSIZ); *ret_bindPass = NULL; (void) snprintf(prompt, BUFSIZ, "Please enter LDAP bind password: "******"Re-enter LDAP bind password to confirm: "); bindPass = getpassphrase(prompt); if (bindPass == NULL) { (void) memset(bindPassword, 0, BUFSIZ); return (PASSWD_UNMATCHED); } if (strcmp(bindPass, bindPassword) != 0) { (void) memset(bindPassword, 0, BUFSIZ); (void) memset(bindPass, 0, strlen(bindPass)); return (PASSWD_UNMATCHED); } else { (void) memset(bindPass, 0, strlen(bindPass)); if ((*ret_bindPass = (char *)malloc(strlen(bindPassword)+1)) == NULL) { (void) memset(bindPassword, 0, BUFSIZ); return (PROMPTGET_MEMORY_FAIL); } (void) strlcpy(*ret_bindPass, bindPassword, strlen(bindPassword)+1); /* Clean up and erase the credential info */ (void) memset(bindPassword, 0, BUFSIZ); return (PROMPTGET_SUCCESS); } }
static void GetPasswordText(wchar *Str,uint MaxLength) { if (MaxLength==0) return; #ifdef _WIN_ALL HANDLE hConIn=GetStdHandle(STD_INPUT_HANDLE); HANDLE hConOut=GetStdHandle(STD_OUTPUT_HANDLE); DWORD ConInMode,ConOutMode; DWORD Read=0; GetConsoleMode(hConIn,&ConInMode); GetConsoleMode(hConOut,&ConOutMode); SetConsoleMode(hConIn,ENABLE_LINE_INPUT); SetConsoleMode(hConOut,ENABLE_PROCESSED_OUTPUT|ENABLE_WRAP_AT_EOL_OUTPUT); ReadConsole(hConIn,Str,MaxLength-1,&Read,NULL); Str[Read]=0; SetConsoleMode(hConIn,ConInMode); SetConsoleMode(hConOut,ConOutMode); #else char StrA[MAXPASSWORD]; #if defined(_EMX) || defined (__VMS) || defined(__AROS__) fgets(StrA,ASIZE(StrA)-1,stdin); #elif defined(__sun) strncpyz(StrA,getpassphrase(""),ASIZE(StrA)); #else strncpyz(StrA,getpass(""),ASIZE(StrA)); #endif CharToWide(StrA,Str,MaxLength); cleandata(StrA,sizeof(StrA)); #endif Str[MaxLength-1]=0; RemoveLF(Str); }
APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_size_t *bufsiz) { apr_status_t rv = APR_SUCCESS; #if defined(HAVE_GETPASS_R) if (getpass_r(prompt, pwbuf, *bufsiz) == NULL) return APR_EINVAL; #else #if defined(HAVE_GETPASSPHRASE) char *pw_got = getpassphrase(prompt); #elif defined(HAVE_GETPASS) char *pw_got = getpass(prompt); #else /* use the replacement implementation above */ char *pw_got = get_password(prompt); #endif if (!pw_got) return APR_EINVAL; if (strlen(pw_got) >= *bufsiz) { rv = APR_ENAMETOOLONG; } apr_cpystrn(pwbuf, pw_got, *bufsiz); memset(pw_got, 0, strlen(pw_got)); #endif /* HAVE_GETPASS_R */ return rv; }
static int my_conv(int num_msg, PAM_CONST struct pam_message **msg, struct pam_response **response, void *appdata_ptr) { PAM_CONST struct pam_message *m; struct pam_response *r; char *p; m = *msg; if (response) { *response = calloc(num_msg, sizeof(struct pam_response)); if (*response == NULL) return PAM_BUF_ERR; r = *response; } else { r = NULL; } while (num_msg--) { switch (m->msg_style) { case PAM_PROMPT_ECHO_OFF: #ifdef __hpux /* ON HP's we still read 8 chars */ if (r) r->resp = strdup(getpass(m->msg)); #else if (r) r->resp = strdup(getpassphrase(m->msg)); #endif break; case PAM_PROMPT_ECHO_ON: fputs(m->msg, stdout); if (r) { r->resp = malloc(PAM_MAX_RESP_SIZE); if (fgets(r->resp, PAM_MAX_RESP_SIZE, stdin) == NULL) { fprintf(stderr, "fgets did not work as expected\n"); exit(1); } r->resp[PAM_MAX_RESP_SIZE - 1] = '\0'; p = &r->resp[strlen(r->resp) - 1]; while (*p == '\n' && p >= r->resp) *(p--) = '\0'; } break; case PAM_ERROR_MSG: fputs(m->msg, stderr); break; case PAM_TEXT_INFO: fputs(m->msg, stdout); break; default: break; } m++; if (r) r++; } return PAM_SUCCESS; }
wchar_t *isqlt_wgetpassphrase( const wchar_t * prompt ) { char *nret; char *nprompt = malloc_wide_as_narrow (prompt); nret = getpassphrase (nprompt); free (nprompt); return malloc_narrow_as_wide (nret); }
int pamtestConv(int num_msg, struct pam_message **msgv, struct pam_response **respv, void *appdata_ptr) { int i; char buf[PAM_MAX_MSG_SIZE]; fprintf(stderr, "%s:%d pamtestConv num_msg=%d\n", __FILE__, __LINE__, num_msg); *respv = (struct pam_response *)calloc(num_msg, sizeof(struct pam_response)); if (*respv == NULL) { return PAM_BUF_ERR; } for (i = 0; i < num_msg; i++) { const struct pam_message *msg = msgv[i]; struct pam_response *resp = &((*respv)[i]); char *p = NULL; switch (msg->msg_style) { case PAM_PROMPT_ECHO_OFF: #if defined(__linux__) || defined(__APPLE__) p = getpass(msg->msg); #else p = getpassphrase(msg->msg); #endif break; case PAM_PROMPT_ECHO_ON: printf("%s", msg->msg); p = fgets(buf, sizeof(buf), stdin); if (p != NULL) p[strlen(p) - 1] = '\0'; break; case PAM_ERROR_MSG: fprintf(stderr, "%s\n", msg->msg); break; case PAM_TEXT_INFO: #ifdef PAM_MSG_NOCONF case PAM_MSG_NOCONF: #endif printf("%s\n", msg->msg); break; default: #ifdef PAM_CONV_INTERRUPT case PAM_CONV_INTERRUPT: #endif return PAM_CONV_ERR; } resp->resp = (p == NULL) ? NULL : strdup(p); resp->resp_retcode = 0; } return PAM_SUCCESS; }
static int read_password(const char *prompt, char *pwbuf, size_t pwbuf_len) { char *pass; #if HAVE_GETPASSPHRASE && !defined(PREFER_GETPASS) pass = getpassphrase(prompt); #else pass = getpass(prompt); #endif if (pass == NULL || strlen(pass) >= pwbuf_len) return 1; strcpy(pwbuf, pass); return 0; }
int main (int argc, char **argv) { char *pass; if (argc !=2) err_quit ("Usage: passwd_comp username"); pass = getpassphrase ("Password: "******"Password = \"%s\"\n", pass); if (compare_passwd (argv [1], pass)) printf ("Passwords match\n"); else printf ("Passwords don't match\n"); return (0); }
int cmd_crypt(int argc, char *argv[]) { char *cp, *psw; if (argc < 2) psw = getpassphrase(gettext("Password:"******"out of memory")); smb_simplecrypt(cp, psw); printf("%s\n", cp); free(cp); return (0); }
int main (int argc, char **argv) { char *pass; char *salt; char *secret; struct passwd *pwd; if (argc !=2) err_quit ("Usage: new_crypt username"); if ((pwd = getpwnam (argv [1])) == NULL) err_quit ("%s: No such user", argv [1]); pass = getpassphrase ("Password: "******"Password = \"%s\"\n", pass); printf ("Salt = \"%s\"\n", salt); printf ("Secret = \"%s\"\n", secret); return (0); }
static int interaction( unsigned flags, sasl_interact_t *interact, lutilSASLdefaults *defaults ) { const char *dflt = interact->defresult; char input[1024]; int noecho=0; int challenge=0; switch( interact->id ) { case SASL_CB_GETREALM: if( defaults ) dflt = defaults->realm; break; case SASL_CB_AUTHNAME: if( defaults ) dflt = defaults->authcid; break; case SASL_CB_PASS: if( defaults ) dflt = defaults->passwd; noecho = 1; break; case SASL_CB_USER: if( defaults ) dflt = defaults->authzid; break; case SASL_CB_NOECHOPROMPT: noecho = 1; challenge = 1; break; case SASL_CB_ECHOPROMPT: challenge = 1; break; } if( dflt && !*dflt ) dflt = NULL; if( flags != LDAP_SASL_INTERACTIVE && ( dflt || interact->id == SASL_CB_USER ) ) { goto use_default; } if( flags == LDAP_SASL_QUIET ) { /* don't prompt */ return LDAP_OTHER; } if( challenge ) { if( interact->challenge ) { fprintf( stderr, _("Challenge: %s\n"), interact->challenge ); } } if( dflt ) { fprintf( stderr, _("Default: %s\n"), dflt ); } snprintf( input, sizeof input, "%s: ", interact->prompt ? interact->prompt : _("Interact") ); if( noecho ) { interact->result = (char *) getpassphrase( input ); interact->len = interact->result ? strlen( interact->result ) : 0; } else { /* prompt user */ fputs( input, stderr ); /* get input */ interact->result = fgets( input, sizeof(input), stdin ); if( interact->result == NULL ) { interact->len = 0; return LDAP_UNAVAILABLE; } /* len of input */ interact->len = strlen(input); if( interact->len > 0 && input[interact->len - 1] == '\n' ) { /* input includes '\n', trim it */ interact->len--; input[interact->len] = '\0'; } } if( interact->len > 0 ) { /* duplicate */ char *p = (char *)interact->result; ldap_charray_add(&defaults->resps, interact->result); interact->result = defaults->resps[defaults->nresps++]; /* zap */ memset( p, '\0', interact->len ); } else { use_default: /* input must be empty */ interact->result = (dflt && *dflt) ? dflt : ""; interact->len = strlen( interact->result ); } return LDAP_SUCCESS; }
int main( int argc, char **argv ) { int i, j; char *uri = NULL; char *host = "localhost"; char *port = NULL; char *manager = NULL; char *passwd = NULL; char *dirname = NULL; char *progdir = NULL; int loops = LOOPS; char *outerloops = OUTERLOOPS; char *retries = RETRIES; char *delay = "0"; DIR *datadir; struct dirent *file; int friendly = 0; int chaserefs = 0; int noattrs = 0; int nobind = 0; int noinit = 1; char *ignore = NULL; /* search */ char *sfile = NULL; char *sreqs[MAXREQS]; char *sattrs[MAXREQS]; char *sbase[MAXREQS]; LDAPURLDesc *slud[MAXREQS]; int snum = 0; char *sargs[MAXARGS]; int sanum; int sextra_args = 0; char scmd[MAXPATHLEN]; int swamp = 0; char swampopt[sizeof("-SSS")]; /* static so that its address can be used in initializer below. */ static char sloops[LDAP_PVT_INTTYPE_CHARS(unsigned long)]; /* read */ char *rfile = NULL; char *rreqs[MAXREQS]; int rnum = 0; char *rargs[MAXARGS]; char *rflts[MAXREQS]; int ranum; int rextra_args = 0; char rcmd[MAXPATHLEN]; static char rloops[LDAP_PVT_INTTYPE_CHARS(unsigned long)]; /* addel */ char *afiles[MAXREQS]; int anum = 0; char *aargs[MAXARGS]; int aanum; char acmd[MAXPATHLEN]; static char aloops[LDAP_PVT_INTTYPE_CHARS(unsigned long)]; /* modrdn */ char *nfile = NULL; char *nreqs[MAXREQS]; int nnum = 0; char *nargs[MAXARGS]; int nanum; char ncmd[MAXPATHLEN]; static char nloops[LDAP_PVT_INTTYPE_CHARS(unsigned long)]; /* modify */ char *mfile = NULL; char *mreqs[MAXREQS]; char *mdn[MAXREQS]; int mnum = 0; char *margs[MAXARGS]; int manum; char mcmd[MAXPATHLEN]; static char mloops[LDAP_PVT_INTTYPE_CHARS(unsigned long)]; /* bind */ char *bfile = NULL; char *breqs[MAXREQS]; char *bcreds[MAXREQS]; char *battrs[MAXREQS]; int bnum = 0; char *bargs[MAXARGS]; int banum; char bcmd[MAXPATHLEN]; static char bloops[LDAP_PVT_INTTYPE_CHARS(unsigned long)]; char **bargs_extra = NULL; char *friendlyOpt = NULL; int pw_ask = 0; char *pw_file = NULL; /* extra action to do after bind... */ typedef struct extra_t { char *action; struct extra_t *next; } extra_t; extra_t *extra = NULL; int nextra = 0; tester_init( "slapd-tester", TESTER_TESTER ); sloops[0] = '\0'; rloops[0] = '\0'; aloops[0] = '\0'; nloops[0] = '\0'; mloops[0] = '\0'; bloops[0] = '\0'; while ( ( i = getopt( argc, argv, "AB:CD:d:FH:h:Ii:j:L:l:NP:p:r:St:Ww:y:" ) ) != EOF ) { switch ( i ) { case 'A': noattrs++; break; case 'B': { char **p, **b = ldap_str2charray( optarg, "," ); extra_t **epp; for ( epp = &extra; *epp; epp = &(*epp)->next ) ; for ( p = b; p[0]; p++ ) { *epp = calloc( 1, sizeof( extra_t ) ); (*epp)->action = p[0]; epp = &(*epp)->next; nextra++; } ldap_memfree( b ); } break; case 'C': chaserefs++; break; case 'D': /* slapd manager */ manager = ArgDup( optarg ); break; case 'd': /* data directory */ dirname = strdup( optarg ); break; case 'F': friendly++; break; case 'H': /* slapd uri */ uri = strdup( optarg ); break; case 'h': /* slapd host */ host = strdup( optarg ); break; case 'I': noinit = 0; break; case 'i': ignore = optarg; break; case 'j': /* the number of parallel clients */ if ( lutil_atoi( &maxkids, optarg ) != 0 ) { usage( argv[0], 'j' ); } break; case 'l': /* the number of loops per client */ if ( !isdigit( (unsigned char) optarg[0] ) ) { char **p, **l = ldap_str2charray( optarg, "," ); for ( p = l; p[0]; p++) { struct { struct berval type; char *buf; } types[] = { { BER_BVC( "add=" ), aloops }, { BER_BVC( "bind=" ), bloops }, { BER_BVC( "modify=" ), mloops }, { BER_BVC( "modrdn=" ), nloops }, { BER_BVC( "read=" ), rloops }, { BER_BVC( "search=" ), sloops }, { BER_BVNULL, NULL } }; int c, n; for ( c = 0; types[c].type.bv_val; c++ ) { if ( strncasecmp( p[0], types[c].type.bv_val, types[c].type.bv_len ) == 0 ) { break; } } if ( types[c].type.bv_val == NULL ) { usage( argv[0], 'l' ); } if ( lutil_atoi( &n, &p[0][types[c].type.bv_len] ) != 0 ) { usage( argv[0], 'l' ); } snprintf( types[c].buf, sizeof( aloops ), "%d", n ); } ldap_charray_free( l ); } else if ( lutil_atoi( &loops, optarg ) != 0 ) { usage( argv[0], 'l' ); } break; case 'L': /* the number of outerloops per client */ outerloops = strdup( optarg ); break; case 'N': nobind++; break; case 'P': /* prog directory */ progdir = strdup( optarg ); break; case 'p': /* the servers port number */ port = strdup( optarg ); break; case 'r': /* the number of retries in case of error */ retries = strdup( optarg ); break; case 'S': swamp++; break; case 't': /* the delay in seconds between each retry */ delay = strdup( optarg ); break; case 'w': /* the managers passwd */ passwd = ArgDup( optarg ); memset( optarg, '*', strlen( optarg ) ); break; case 'W': pw_ask++; break; case 'y': pw_file = optarg; break; default: usage( argv[0], '\0' ); break; } } if (( dirname == NULL ) || ( port == NULL && uri == NULL ) || ( manager == NULL ) || ( passwd == NULL ) || ( progdir == NULL )) { usage( argv[0], '\0' ); } #ifdef HAVE_WINSOCK children = malloc( maxkids * sizeof(HANDLE) ); #endif /* get the file list */ if ( ( datadir = opendir( dirname )) == NULL ) { fprintf( stderr, "%s: couldn't open data directory \"%s\".\n", argv[0], dirname ); exit( EXIT_FAILURE ); } /* look for search, read, modrdn, and add/delete files */ for ( file = readdir( datadir ); file; file = readdir( datadir )) { if ( !strcasecmp( file->d_name, TSEARCHFILE )) { sfile = get_file_name( dirname, file->d_name ); continue; } else if ( !strcasecmp( file->d_name, TREADFILE )) { rfile = get_file_name( dirname, file->d_name ); continue; } else if ( !strcasecmp( file->d_name, TMODRDNFILE )) { nfile = get_file_name( dirname, file->d_name ); continue; } else if ( !strcasecmp( file->d_name, TMODIFYFILE )) { mfile = get_file_name( dirname, file->d_name ); continue; } else if ( !strncasecmp( file->d_name, TADDFILE, strlen( TADDFILE )) && ( anum < MAXREQS )) { afiles[anum++] = get_file_name( dirname, file->d_name ); continue; } else if ( !strcasecmp( file->d_name, TBINDFILE )) { bfile = get_file_name( dirname, file->d_name ); continue; } } closedir( datadir ); if ( pw_ask ) { passwd = getpassphrase( _("Enter LDAP Password: "******"no data files found.\n" ); exit( EXIT_FAILURE ); } /* look for search requests */ if ( sfile ) { snum = get_search_filters( sfile, sreqs, sattrs, sbase, slud ); if ( snum < 0 ) { fprintf( stderr, "unable to parse file \"%s\" line %d\n", sfile, -2*(snum + 1)); exit( EXIT_FAILURE ); } } /* look for read requests */ if ( rfile ) { rnum = get_read_entries( rfile, rreqs, rflts ); if ( rnum < 0 ) { fprintf( stderr, "unable to parse file \"%s\" line %d\n", rfile, -2*(rnum + 1) ); exit( EXIT_FAILURE ); } } /* look for modrdn requests */ if ( nfile ) { nnum = get_read_entries( nfile, nreqs, NULL ); if ( nnum < 0 ) { fprintf( stderr, "unable to parse file \"%s\" line %d\n", nfile, -2*(nnum + 1) ); exit( EXIT_FAILURE ); } } /* look for modify requests */ if ( mfile ) { mnum = get_search_filters( mfile, mreqs, NULL, mdn, NULL ); if ( mnum < 0 ) { fprintf( stderr, "unable to parse file \"%s\" line %d\n", mfile, -2*(mnum + 1) ); exit( EXIT_FAILURE ); } } /* look for bind requests */ if ( bfile ) { bnum = get_search_filters( bfile, bcreds, battrs, breqs, NULL ); if ( bnum < 0 ) { fprintf( stderr, "unable to parse file \"%s\" line %d\n", bfile, -2*(bnum + 1) ); exit( EXIT_FAILURE ); } } /* setup friendly option */ switch ( friendly ) { case 0: break; case 1: friendlyOpt = "-F"; break; default: /* NOTE: right now we don't need it more than twice */ case 2: friendlyOpt = "-FF"; break; } /* setup swamp option */ if ( swamp ) { swampopt[0] = '-'; if ( swamp > 3 ) swamp = 3; swampopt[swamp + 1] = '\0'; for ( ; swamp-- > 0; ) swampopt[swamp + 1] = 'S'; } /* setup loop options */ if ( sloops[0] == '\0' ) snprintf( sloops, sizeof( sloops ), "%d", 10 * loops ); if ( rloops[0] == '\0' ) snprintf( rloops, sizeof( rloops ), "%d", 20 * loops ); if ( aloops[0] == '\0' ) snprintf( aloops, sizeof( aloops ), "%d", loops ); if ( nloops[0] == '\0' ) snprintf( nloops, sizeof( nloops ), "%d", loops ); if ( mloops[0] == '\0' ) snprintf( mloops, sizeof( mloops ), "%d", loops ); if ( bloops[0] == '\0' ) snprintf( bloops, sizeof( bloops ), "%d", 20 * loops ); /* * generate the search clients */ sanum = 0; snprintf( scmd, sizeof scmd, "%s" LDAP_DIRSEP SEARCHCMD, progdir ); sargs[sanum++] = scmd; if ( uri ) { sargs[sanum++] = "-H"; sargs[sanum++] = uri; } else { sargs[sanum++] = "-h"; sargs[sanum++] = host; sargs[sanum++] = "-p"; sargs[sanum++] = port; } sargs[sanum++] = "-D"; sargs[sanum++] = manager; sargs[sanum++] = "-w"; sargs[sanum++] = passwd; sargs[sanum++] = "-l"; sargs[sanum++] = sloops; sargs[sanum++] = "-L"; sargs[sanum++] = outerloops; sargs[sanum++] = "-r"; sargs[sanum++] = retries; sargs[sanum++] = "-t"; sargs[sanum++] = delay; if ( friendly ) { sargs[sanum++] = friendlyOpt; } if ( chaserefs ) { sargs[sanum++] = "-C"; } if ( noattrs ) { sargs[sanum++] = "-A"; } if ( nobind ) { sargs[sanum++] = "-N"; } if ( ignore ) { sargs[sanum++] = "-i"; sargs[sanum++] = ignore; } if ( swamp ) { sargs[sanum++] = swampopt; } sargs[sanum++] = "-b"; sargs[sanum++] = NULL; /* will hold the search base */ sargs[sanum++] = "-s"; sargs[sanum++] = NULL; /* will hold the search scope */ sargs[sanum++] = "-f"; sargs[sanum++] = NULL; /* will hold the search request */ sargs[sanum++] = NULL; sargs[sanum++] = NULL; /* might hold the "attr" request */ sextra_args += 2; sargs[sanum] = NULL; /* * generate the read clients */ ranum = 0; snprintf( rcmd, sizeof rcmd, "%s" LDAP_DIRSEP READCMD, progdir ); rargs[ranum++] = rcmd; if ( uri ) { rargs[ranum++] = "-H"; rargs[ranum++] = uri; } else { rargs[ranum++] = "-h"; rargs[ranum++] = host; rargs[ranum++] = "-p"; rargs[ranum++] = port; } rargs[ranum++] = "-D"; rargs[ranum++] = manager; rargs[ranum++] = "-w"; rargs[ranum++] = passwd; rargs[ranum++] = "-l"; rargs[ranum++] = rloops; rargs[ranum++] = "-L"; rargs[ranum++] = outerloops; rargs[ranum++] = "-r"; rargs[ranum++] = retries; rargs[ranum++] = "-t"; rargs[ranum++] = delay; if ( friendly ) { rargs[ranum++] = friendlyOpt; } if ( chaserefs ) { rargs[ranum++] = "-C"; } if ( noattrs ) { rargs[ranum++] = "-A"; } if ( ignore ) { rargs[ranum++] = "-i"; rargs[ranum++] = ignore; } if ( swamp ) { rargs[ranum++] = swampopt; } rargs[ranum++] = "-e"; rargs[ranum++] = NULL; /* will hold the read entry */ rargs[ranum++] = NULL; rargs[ranum++] = NULL; /* might hold the filter arg */ rextra_args += 2; rargs[ranum] = NULL; /* * generate the modrdn clients */ nanum = 0; snprintf( ncmd, sizeof ncmd, "%s" LDAP_DIRSEP MODRDNCMD, progdir ); nargs[nanum++] = ncmd; if ( uri ) { nargs[nanum++] = "-H"; nargs[nanum++] = uri; } else { nargs[nanum++] = "-h"; nargs[nanum++] = host; nargs[nanum++] = "-p"; nargs[nanum++] = port; } nargs[nanum++] = "-D"; nargs[nanum++] = manager; nargs[nanum++] = "-w"; nargs[nanum++] = passwd; nargs[nanum++] = "-l"; nargs[nanum++] = nloops; nargs[nanum++] = "-L"; nargs[nanum++] = outerloops; nargs[nanum++] = "-r"; nargs[nanum++] = retries; nargs[nanum++] = "-t"; nargs[nanum++] = delay; if ( friendly ) { nargs[nanum++] = friendlyOpt; } if ( chaserefs ) { nargs[nanum++] = "-C"; } if ( ignore ) { nargs[nanum++] = "-i"; nargs[nanum++] = ignore; } nargs[nanum++] = "-e"; nargs[nanum++] = NULL; /* will hold the modrdn entry */ nargs[nanum] = NULL; /* * generate the modify clients */ manum = 0; snprintf( mcmd, sizeof mcmd, "%s" LDAP_DIRSEP MODIFYCMD, progdir ); margs[manum++] = mcmd; if ( uri ) { margs[manum++] = "-H"; margs[manum++] = uri; } else { margs[manum++] = "-h"; margs[manum++] = host; margs[manum++] = "-p"; margs[manum++] = port; } margs[manum++] = "-D"; margs[manum++] = manager; margs[manum++] = "-w"; margs[manum++] = passwd; margs[manum++] = "-l"; margs[manum++] = mloops; margs[manum++] = "-L"; margs[manum++] = outerloops; margs[manum++] = "-r"; margs[manum++] = retries; margs[manum++] = "-t"; margs[manum++] = delay; if ( friendly ) { margs[manum++] = friendlyOpt; } if ( chaserefs ) { margs[manum++] = "-C"; } if ( ignore ) { margs[manum++] = "-i"; margs[manum++] = ignore; } margs[manum++] = "-e"; margs[manum++] = NULL; /* will hold the modify entry */ margs[manum++] = "-a";; margs[manum++] = NULL; /* will hold the ava */ margs[manum] = NULL; /* * generate the add/delete clients */ aanum = 0; snprintf( acmd, sizeof acmd, "%s" LDAP_DIRSEP ADDCMD, progdir ); aargs[aanum++] = acmd; if ( uri ) { aargs[aanum++] = "-H"; aargs[aanum++] = uri; } else { aargs[aanum++] = "-h"; aargs[aanum++] = host; aargs[aanum++] = "-p"; aargs[aanum++] = port; } aargs[aanum++] = "-D"; aargs[aanum++] = manager; aargs[aanum++] = "-w"; aargs[aanum++] = passwd; aargs[aanum++] = "-l"; aargs[aanum++] = aloops; aargs[aanum++] = "-L"; aargs[aanum++] = outerloops; aargs[aanum++] = "-r"; aargs[aanum++] = retries; aargs[aanum++] = "-t"; aargs[aanum++] = delay; if ( friendly ) { aargs[aanum++] = friendlyOpt; } if ( chaserefs ) { aargs[aanum++] = "-C"; } if ( ignore ) { aargs[aanum++] = "-i"; aargs[aanum++] = ignore; } aargs[aanum++] = "-f"; aargs[aanum++] = NULL; /* will hold the add data file */ aargs[aanum] = NULL; /* * generate the bind clients */ banum = 0; snprintf( bcmd, sizeof bcmd, "%s" LDAP_DIRSEP BINDCMD, progdir ); bargs[banum++] = bcmd; if ( !noinit ) { bargs[banum++] = "-I"; /* init on each bind */ } if ( uri ) { bargs[banum++] = "-H"; bargs[banum++] = uri; } else { bargs[banum++] = "-h"; bargs[banum++] = host; bargs[banum++] = "-p"; bargs[banum++] = port; } bargs[banum++] = "-l"; bargs[banum++] = bloops; bargs[banum++] = "-L"; bargs[banum++] = outerloops; #if 0 bargs[banum++] = "-r"; bargs[banum++] = retries; bargs[banum++] = "-t"; bargs[banum++] = delay; #endif if ( friendly ) { bargs[banum++] = friendlyOpt; } if ( chaserefs ) { bargs[banum++] = "-C"; } if ( ignore ) { bargs[banum++] = "-i"; bargs[banum++] = ignore; } if ( nextra ) { bargs[banum++] = "-B"; bargs_extra = &bargs[banum++]; } bargs[banum++] = "-D"; bargs[banum++] = NULL; bargs[banum++] = "-w"; bargs[banum++] = NULL; bargs[banum] = NULL; #define DOREQ(n,j) ((n) && ((maxkids > (n)) ? ((j) < maxkids ) : ((j) < (n)))) for ( j = 0; j < MAXREQS; j++ ) { /* search */ if ( DOREQ( snum, j ) ) { int jj = j % snum; int x = sanum - sextra_args; /* base */ if ( sbase[jj] != NULL ) { sargs[sanum - 7] = sbase[jj]; } else { sargs[sanum - 7] = slud[jj]->lud_dn; } /* scope */ if ( slud[jj] != NULL ) { sargs[sanum - 5] = (char *)ldap_pvt_scope2str( slud[jj]->lud_scope ); } else { sargs[sanum - 5] = "sub"; } /* filter */ if ( sreqs[jj] != NULL ) { sargs[sanum - 3] = sreqs[jj]; } else if ( slud[jj]->lud_filter != NULL ) { sargs[sanum - 3] = slud[jj]->lud_filter; } else { sargs[sanum - 3] = "(objectClass=*)"; } /* extras */ sargs[x] = NULL; /* attr */ if ( sattrs[jj] != NULL ) { sargs[x++] = "-a"; sargs[x++] = sattrs[jj]; } /* attrs */ if ( slud[jj] != NULL && slud[jj]->lud_attrs != NULL ) { int i; for ( i = 0; slud[jj]->lud_attrs[ i ] != NULL && x + i < MAXARGS - 1; i++ ) { sargs[x + i] = slud[jj]->lud_attrs[ i ]; } sargs[x + i] = NULL; } fork_child( scmd, sargs ); } /* read */ if ( DOREQ( rnum, j ) ) { int jj = j % rnum; int x = ranum - rextra_args; rargs[ranum - 3] = rreqs[jj]; if ( rflts[jj] != NULL ) { rargs[x++] = "-f"; rargs[x++] = rflts[jj]; } rargs[x] = NULL; fork_child( rcmd, rargs ); } /* rename */ if ( j < nnum ) { nargs[nanum - 1] = nreqs[j]; fork_child( ncmd, nargs ); } /* modify */ if ( j < mnum ) { margs[manum - 3] = mdn[j]; margs[manum - 1] = mreqs[j]; fork_child( mcmd, margs ); } /* add/delete */ if ( j < anum ) { aargs[aanum - 1] = afiles[j]; fork_child( acmd, aargs ); } /* bind */ if ( DOREQ( bnum, j ) ) { int jj = j % bnum; if ( nextra ) { int n = ((double)nextra)*rand()/(RAND_MAX + 1.0); extra_t *e; for ( e = extra; n-- > 0; e = e->next ) ; *bargs_extra = e->action; } if ( battrs[jj] != NULL ) { bargs[banum - 3] = manager ? manager : ""; bargs[banum - 1] = passwd ? passwd : ""; bargs[banum + 0] = "-b"; bargs[banum + 1] = breqs[jj]; bargs[banum + 2] = "-f"; bargs[banum + 3] = bcreds[jj]; bargs[banum + 4] = "-a"; bargs[banum + 5] = battrs[jj]; bargs[banum + 6] = NULL; } else { bargs[banum - 3] = breqs[jj]; bargs[banum - 1] = bcreds[jj]; bargs[banum] = NULL; } fork_child( bcmd, bargs ); bargs[banum] = NULL; } } wait4kids( -1 ); exit( EXIT_SUCCESS ); }
/* * Domains comprise a centrally administered group of computers and accounts * that share a common security and administration policy and database. * Computers must join a domain and become domain members, which requires * an administrator level account name. * * The '+' character is invalid within a username. We allow the password * to be appended to the username using '+' as a scripting convenience. */ static int smbadm_join_domain(const char *domain, const char *username) { smb_joininfo_t jdi; uint32_t status; char *prompt; char *p; int len; bzero(&jdi, sizeof (jdi)); jdi.mode = SMB_SECMODE_DOMAIN; (void) strlcpy(jdi.domain_name, domain, sizeof (jdi.domain_name)); (void) strtrim(jdi.domain_name, " \t\n"); if (smb_name_validate_domain(jdi.domain_name) != ERROR_SUCCESS) { (void) fprintf(stderr, gettext("domain name is invalid\n")); smbadm_usage(B_FALSE); } if (!smbadm_join_prompt(jdi.domain_name)) return (0); if ((p = strchr(username, '+')) != NULL) { ++p; len = (int)(p - username); if (len > sizeof (jdi.domain_name)) len = sizeof (jdi.domain_name); (void) strlcpy(jdi.domain_username, username, len); (void) strlcpy(jdi.domain_passwd, p, sizeof (jdi.domain_passwd)); } else { (void) strlcpy(jdi.domain_username, username, sizeof (jdi.domain_username)); } if (smb_name_validate_account(jdi.domain_username) != ERROR_SUCCESS) { (void) fprintf(stderr, gettext("username contains invalid characters\n")); smbadm_usage(B_FALSE); } if (*jdi.domain_passwd == '\0') { prompt = gettext("Enter domain password: "******"missing password\n")); smbadm_usage(B_FALSE); } (void) strlcpy(jdi.domain_passwd, p, sizeof (jdi.domain_passwd)); } (void) printf(gettext("Joining %s ... this may take a minute ...\n"), jdi.domain_name); status = smb_join(&jdi); switch (status) { case NT_STATUS_SUCCESS: (void) printf(gettext("Successfully joined %s\n"), jdi.domain_name); bzero(&jdi, sizeof (jdi)); smbadm_restart_service(); return (0); case NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND: (void) fprintf(stderr, gettext("failed to find any domain controllers for %s\n"), jdi.domain_name); bzero(&jdi, sizeof (jdi)); return (1); default: (void) fprintf(stderr, gettext("failed to join %s: %s\n"), jdi.domain_name, xlate_nt_status(status)); (void) fprintf(stderr, gettext("Please refer to the system log" " for more information.\n")); bzero(&jdi, sizeof (jdi)); return (1); } }
int main( int argc, char **argv ) { char *rbuf = NULL, *rejbuf = NULL; FILE *rejfp; struct LDIFFP *ldiffp, ldifdummy = {0}; char *matched_msg, *error_msg; int rc, retval; int len; int i = 0; int lineno, nextline = 0, lmax = 0; LDAPControl c[1]; prog = lutil_progname( "ldapmodify", argc, argv ); /* strncmp instead of strcmp since NT binaries carry .exe extension */ ldapadd = ( strncasecmp( prog, "ldapadd", sizeof("ldapadd")-1 ) == 0 ); tool_init( ldapadd ? TOOL_ADD : TOOL_MODIFY ); tool_args( argc, argv ); if ( argc != optind ) usage(); if ( rejfile != NULL ) { if (( rejfp = fopen( rejfile, "w" )) == NULL ) { perror( rejfile ); return( EXIT_FAILURE ); } } else { rejfp = NULL; } if ( infile != NULL ) { if (( ldiffp = ldif_open( infile, "r" )) == NULL ) { perror( infile ); return( EXIT_FAILURE ); } } else { ldifdummy.fp = stdin; ldiffp = &ldifdummy; } if ( debug ) ldif_debug = debug; ld = tool_conn_setup( dont, 0 ); if ( !dont ) { if ( pw_file || want_bindpw ) { if ( pw_file ) { rc = lutil_get_filed_password( pw_file, &passwd ); if( rc ) return EXIT_FAILURE; } else { passwd.bv_val = getpassphrase( _("Enter LDAP Password: "******"ldap_txn_start_s", rc, NULL, NULL, NULL, NULL ); if( txn > 1 ) return EXIT_FAILURE; txn = 0; } } #endif if ( 0 #ifdef LDAP_X_TXN || txn #endif ) { #ifdef LDAP_X_TXN if( txn ) { c[i].ldctl_oid = LDAP_CONTROL_X_TXN_SPEC; c[i].ldctl_value = *txn_id; c[i].ldctl_iscritical = 1; i++; } #endif } tool_server_controls( ld, c, i ); rc = 0; retval = 0; lineno = 1; while (( rc == 0 || contoper ) && ldif_read_record( ldiffp, &nextline, &rbuf, &lmax )) { if ( rejfp ) { len = strlen( rbuf ); if (( rejbuf = (char *)ber_memalloc( len+1 )) == NULL ) { perror( "malloc" ); exit( EXIT_FAILURE ); } memcpy( rejbuf, rbuf, len+1 ); } rc = process_ldif_rec( rbuf, lineno ); lineno = nextline+1; if ( rc ) retval = rc; if ( rc && rejfp ) { fprintf(rejfp, _("# Error: %s (%d)"), ldap_err2string(rc), rc); matched_msg = NULL; ldap_get_option(ld, LDAP_OPT_MATCHED_DN, &matched_msg); if ( matched_msg != NULL ) { if ( *matched_msg != '\0' ) { fprintf( rejfp, _(", matched DN: %s"), matched_msg ); } ldap_memfree( matched_msg ); } error_msg = NULL; ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &error_msg); if ( error_msg != NULL ) { if ( *error_msg != '\0' ) { fprintf( rejfp, _(", additional info: %s"), error_msg ); } ldap_memfree( error_msg ); } fprintf( rejfp, "\n%s\n", rejbuf ); } if (rejfp) ber_memfree( rejbuf ); } ber_memfree( rbuf ); #ifdef LDAP_X_TXN if( retval == 0 && txn ) { rc = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, NULL ); if ( rc != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not unset controls for ldap_txn_end\n"); } /* create transaction */ rc = ldap_txn_end_s( ld, !txnabort, txn_id, NULL, NULL, NULL ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_txn_end_s", rc, NULL, NULL, NULL, NULL ); retval = rc; } } #endif if ( !dont ) { tool_unbind( ld ); } if ( rejfp != NULL ) { fclose( rejfp ); } tool_destroy(); return( retval ); }
int slappasswd( int argc, char *argv[] ) { #ifdef LUTIL_SHA1_BYTES char *default_scheme = "{SSHA}"; #else char *default_scheme = "{SMD5}"; #endif char *scheme = default_scheme; char *newpw = NULL; char *pwfile = NULL; const char *text; const char *progname = "slappasswd"; int i; char *newline = "\n"; struct berval passwd = BER_BVNULL; struct berval hash; while( (i = getopt( argc, argv, "c:d:gh:ns:T:vu" )) != EOF ) { switch (i) { case 'c': /* crypt salt format */ scheme = "{CRYPT}"; lutil_salt_format( optarg ); break; case 'g': /* new password (generate) */ if ( pwfile != NULL ) { fprintf( stderr, "Option -g incompatible with -T\n" ); return EXIT_FAILURE; } else if ( newpw != NULL ) { fprintf( stderr, "New password already provided\n" ); return EXIT_FAILURE; } else if ( lutil_passwd_generate( &passwd, 8 )) { fprintf( stderr, "Password generation failed\n" ); return EXIT_FAILURE; } break; case 'h': /* scheme */ if ( scheme != default_scheme ) { fprintf( stderr, "Scheme already provided\n" ); return EXIT_FAILURE; } else { scheme = ch_strdup( optarg ); } break; case 'n': newline = ""; break; case 's': /* new password (secret) */ if ( pwfile != NULL ) { fprintf( stderr, "Option -s incompatible with -T\n" ); return EXIT_FAILURE; } else if ( newpw != NULL ) { fprintf( stderr, "New password already provided\n" ); return EXIT_FAILURE; } else { char* p; newpw = ch_strdup( optarg ); for( p = optarg; *p != '\0'; p++ ) { *p = '\0'; } } break; case 'T': /* password file */ if ( pwfile != NULL ) { fprintf( stderr, "Password file already provided\n" ); return EXIT_FAILURE; } else if ( newpw != NULL ) { fprintf( stderr, "Option -T incompatible with -s/-g\n" ); return EXIT_FAILURE; } pwfile = optarg; break; case 'u': /* RFC2307 userPassword */ break; case 'v': /* verbose */ verbose++; break; default: usage ( progname ); } } if( argc - optind != 0 ) { usage( progname ); } if( pwfile != NULL ) { if( lutil_get_filed_password( pwfile, &passwd )) { return EXIT_FAILURE; } } else if ( BER_BVISEMPTY( &passwd )) { if( newpw == NULL ) { /* prompt for new password */ char *cknewpw; newpw = ch_strdup(getpassphrase("New password: "******"Re-enter new password: "******"Password values do not match\n" ); return EXIT_FAILURE; } } passwd.bv_val = newpw; passwd.bv_len = strlen(passwd.bv_val); } else { hash = passwd; goto print_pw; } lutil_passwd_hash( &passwd, scheme, &hash, &text ); if( hash.bv_val == NULL ) { fprintf( stderr, "Password generation failed for scheme %s: %s\n", scheme, text ? text : "" ); return EXIT_FAILURE; } if( lutil_passwd( &hash, &passwd, NULL, &text ) ) { fprintf( stderr, "Password verification failed. %s\n", text ? text : "" ); return EXIT_FAILURE; } print_pw:; printf( "%s%s" , hash.bv_val, newline ); return EXIT_SUCCESS; }
int main( int argc, char *argv[] ) { int rc; LDAP *ld = NULL; char *matcheddn = NULL, *text = NULL, **refs = NULL; int rcode; char * diag = NULL; struct berval *scookie = NULL; struct berval *scred = NULL; int id, code = 0; LDAPMessage *res; LDAPControl **ctrls = NULL; LDAPControl **vcctrls = NULL; int nvcctrls = 0; tool_init( TOOL_VC ); prog = lutil_progname( "ldapvc", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if (argc - optind > 0) { dn = argv[optind++]; } if (argc - optind > 0) { cred.bv_val = strdup(argv[optind++]); cred.bv_len = strlen(cred.bv_val); } if (argc - optind > 0) { usage(); } if (dn #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE && !vc_sasl_mech #endif && !cred.bv_val) { cred.bv_val = strdup(getpassphrase(_("User's password: "******"ldap_verify_credentials_interactive", rc, NULL, NULL, text, NULL); ldap_memfree(text); tool_exit(ld, rc); } } while (rc == LDAP_SASL_BIND_IN_PROGRESS); lutil_sasl_freedefs(defaults); if( rc != LDAP_SUCCESS ) { ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); tool_perror( "ldap_verify_credentials", rc, NULL, NULL, text, NULL ); rc = EXIT_FAILURE; goto skip; } } else #endif #endif { rc = ldap_verify_credentials( ld, NULL, dn, NULL, cred.bv_val ? &cred: NULL, vcctrls, NULL, NULL, &id ); if( rc != LDAP_SUCCESS ) { ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*) &text); tool_perror( "ldap_verify_credentials", rc, NULL, NULL, text, NULL ); rc = EXIT_FAILURE; goto skip; } for ( ; ; ) { struct timeval tv; if ( tool_check_abandon( ld, id ) ) { tool_exit( ld, LDAP_CANCELLED ); } tv.tv_sec = 0; tv.tv_usec = 100000; rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); if ( rc < 0 ) { tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); tool_exit( ld, rc ); } if ( rc != 0 ) { break; } } } ldap_controls_free(vcctrls); vcctrls = NULL; rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 0 ); if (rc == LDAP_SUCCESS) rc = code; if (rc != LDAP_SUCCESS) { tool_perror( "ldap_parse_result", rc, NULL, matcheddn, text, refs ); rc = EXIT_FAILURE; goto skip; } rc = ldap_parse_verify_credentials( ld, res, &rcode, &diag, &scookie, &scred, &vcctrls ); ldap_msgfree(res); if (rc != LDAP_SUCCESS) { tool_perror( "ldap_parse_verify_credentials", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto skip; } if (rcode != LDAP_SUCCESS) { printf(_("Failed: %s (%d)\n"), ldap_err2string(rcode), rcode); } if (diag && *diag) { printf(_("Diagnostic: %s\n"), diag); } if (vcctrls) { tool_print_ctrls( ld, vcctrls ); } skip: if ( verbose || code != LDAP_SUCCESS || ( matcheddn && *matcheddn ) || ( text && *text ) || refs || ctrls ) { printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); if( text && *text ) { printf( _("Additional info: %s\n"), text ); } if( matcheddn && *matcheddn ) { printf( _("Matched DN: %s\n"), matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf(_("Referral: %s\n"), refs[i] ); } } if (ctrls) { tool_print_ctrls( ld, ctrls ); ldap_controls_free( ctrls ); } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); ber_bvfree( scookie ); ber_bvfree( scred ); ber_memfree( diag ); free( cred.bv_val ); /* disconnect from server */ tool_exit( ld, code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE ); }
static int prompt_pkcs11_pin(libzfs_handle_t *hdl, zfs_cmd_t *zc, zfs_crypto_zckey_t cmd, pkcs11_uri_t *p11uri, char **pin, uint32_t *pinlen) { char prompt[MAXPROMPTLEN]; char *input; char dsname[MAXNAMELEN]; /* * If the PKCS#11 uri has a pinfile argument read the pin from * there. * * Otherwise if the libzfs_handle_t has crypto data we assume this is * the PIN given we can only be in here with a PKCS#11 uri. * * Finally if that is empty then if we can prompt then do so using * getpassphrase(). * * Abuse zfs_can_prompt_if_needed() by pretending we are * "passphrase,prompt". */ if (p11uri->pinfile) { struct stat sbuf; int pinfd = open(p11uri->pinfile, O_RDONLY); char *pbuf; if (pinfd == -1) return (-1); if (fstat(pinfd, &sbuf) != 0) return (-1); pbuf = zfs_alloc(hdl, sbuf.st_size); if (read(pinfd, pbuf, sbuf.st_size) != sbuf.st_size) { free(pbuf); return (-1); } (void) close(pinfd); pbuf[sbuf.st_size] = '\0'; *pinlen = sbuf.st_size; if (pbuf[sbuf.st_size - 1] == '\n' || pbuf[sbuf.st_size - 1] == '\r') { *pinlen = *pinlen - 1; } *pin = pbuf; return (0); } if (hdl->libzfs_crypt.zc_key_data != NULL && hdl->libzfs_crypt.zc_key_data_len != 0) { *pinlen = hdl->libzfs_crypt.zc_key_data_len; *pin = zfs_alloc(hdl, *pinlen); bcopy(hdl->libzfs_crypt.zc_key_data, *pin, *pinlen); return (0); } if (!zfs_can_prompt_if_needed("passphrase,prompt")) { errno = ENOTTY; return (-1); } zfs_cmd_target_dsname(zc, cmd, dsname, sizeof (dsname)); if (p11uri->token) { (void) snprintf(prompt, MAXPROMPTLEN, dgettext(TEXT_DOMAIN, "Enter '%s' PKCS#11 token PIN for '%s': "), p11uri->token, dsname); } else { (void) snprintf(prompt, MAXPROMPTLEN, dgettext(TEXT_DOMAIN, "Enter PKCS#11 token PIN for '%s': "), dsname); } input = getpassphrase(prompt); if (input != NULL) { *pin = strdup(input); *pinlen = strlen(*pin); } else { return (-1); } return (0); }
static int get_passphrase(libzfs_handle_t *hdl, char **passphrase, size_t *passphraselen, key_format_t format, zfs_cmd_t *zc, zfs_crypto_zckey_t cmd) { char prompt[MAXPROMPTLEN]; char *tmpbuf = NULL; int min_psize = 8; char dsname[MAXNAMELEN]; fprintf(stderr, "in get_assphrase\r\n"); zfs_cmd_target_dsname(zc, cmd, dsname, sizeof (dsname)); if (format == KEY_FORMAT_HEX) { min_psize = 2 * zio_crypt_table[zc->zc_crypto.zic_crypt].ci_keylen; if (hdl->libzfs_crypt.zc_is_key_change) { (void) snprintf(prompt, MAXPROMPTLEN, "%s \'%s\': ", dgettext(TEXT_DOMAIN, "Enter new hexadecimal key for"), dsname); } else { (void) snprintf(prompt, MAXPROMPTLEN, "%s \'%s\': ", dgettext(TEXT_DOMAIN, "Enter hexadecimal key for"), dsname); } } else { if (hdl->libzfs_crypt.zc_is_key_change) { (void) snprintf(prompt, MAXPROMPTLEN, "%s \'%s\': ", dgettext(TEXT_DOMAIN, "Enter new passphrase for"), dsname); } else { (void) snprintf(prompt, MAXPROMPTLEN, "%s \'%s\': ", dgettext(TEXT_DOMAIN, "Enter passphrase for"), dsname); } } tmpbuf = getpassphrase(prompt); if (tmpbuf == NULL && errno == ENXIO) return (EAGAIN); if (tmpbuf == NULL || strlen(tmpbuf) < min_psize) { (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Must be at least %d characters.\n"), min_psize); return (EAGAIN); } *passphrase = strdup(tmpbuf); tmpbuf = NULL; /* * A create/clone/recv or wrapping key change needs to reprompt. * Loading the key is the only case were we don't reprompt. */ if (cmd != ZFS_CRYPTO_KEY_LOAD) { (void) snprintf(prompt, MAXPROMPTLEN, dgettext(TEXT_DOMAIN, "Enter again: ")); tmpbuf = getpassphrase(prompt); if (tmpbuf == NULL || strcmp(*passphrase, tmpbuf) != 0) { /* clean up */ free(*passphrase); *passphrase = NULL; (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "They don't match.\n")); return (EAGAIN); } } *passphraselen = strlen(*passphrase); return (0); }
string g_GetPasswordFromConsole(const string& prompt) { string password; CMutex lock; CMutexGuard guard(lock); #if defined(NCBI_OS_UNIX) // UNIX implementation #if defined(HAVE_READPASSPHRASE) char password_buffer[1024]; char* raw_password = readpassphrase(prompt.c_str(), password_buffer, sizeof(password_buffer), RPP_ECHO_OFF | RPP_REQUIRE_TTY); #elif defined(HAVE_GETPASSPHRASE) char* raw_password = getpassphrase(prompt.c_str()); #elif defined(HAVE_GETPASS) char* raw_password = getpass(prompt.c_str()); #else # error "Unsupported Unix platform; the getpass, getpassphrase, and readpassphrase functions are all absent" #endif if (!raw_password) NCBI_THROW (CGetPasswordFromConsoleException, eGetPassError, "g_GetPasswordFromConsole(): error getting password"); password = string(raw_password); #elif defined(NCBI_OS_MSWIN) // Windows implementation for (size_t index = 0; index < prompt.size(); ++index) { _putch(prompt[index]); } for (;;) { char ch; ch = _getch(); if (ch == '\r' || ch == '\n') break; if (ch == '\003') NCBI_THROW(CGetPasswordFromConsoleException, eKeyboardInterrupt, "g_GetPasswordFromConsole(): keyboard interrupt"); if (ch == '\b') { if ( !password.empty() ) { password.resize(password.size() - 1); } } else password.append(1, ch); } _putch('\r'); _putch('\n'); #endif return password; }
// Get a password from the user void getPW(char *pin, char *newPIN, CK_ULONG userType) { // Keep a copy of the PIN because getpass/getpassphrase // will overwrite the previous PIN. char password[MAX_PIN_LEN+1]; int length = 0; if (pin) { length = strlen(pin); } while (length < MIN_PIN_LEN || length > MAX_PIN_LEN) { if (userType == CKU_SO) { printf("*** SO PIN (%i-%i characters) ***\n", MIN_PIN_LEN, MAX_PIN_LEN); } else { printf("*** User PIN (%i-%i characters) ***\n", MIN_PIN_LEN, MAX_PIN_LEN); } #ifdef HAVE_GETPASSPHRASE if (userType == CKU_SO) { pin = getpassphrase("Please enter SO PIN: "); } else { pin = getpassphrase("Please enter user PIN: "); } #else if (userType == CKU_SO) { pin = getpass("Please enter SO PIN: "); } else { pin = getpass("Please enter user PIN: "); } #endif length = strlen(pin); if (length < MIN_PIN_LEN || length > MAX_PIN_LEN) { fprintf(stderr, "ERROR: The length of the PIN is out of range.\n"); length = 0; continue; } strcpy(password, pin); #ifdef HAVE_GETPASSPHRASE if (userType == CKU_SO) { pin = getpassphrase("Please reenter SO PIN: "); } else { pin = getpassphrase("Please reenter user PIN: "); } #else if (userType == CKU_SO) { pin = getpass("Please reenter SO PIN: "); } else { pin = getpass("Please reenter user PIN: "); } #endif if (strcmp(password, pin)) { fprintf(stderr, "ERROR: The entered PINs are not equal.\n"); length = 0; continue; } } strcpy(newPIN, pin); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_OBJECT_HANDLE *hKey; CK_OBJECT_CLASS kClass = CKO_PUBLIC_KEY; CK_KEY_TYPE kType = CKK_RSA; CK_ATTRIBUTE kTemplate[] = { { CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) }, { CKA_KEY_TYPE, &kType, (CK_ULONG) sizeof(kType) }, { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_LABEL, (CK_BYTE_PTR) label, (CK_ULONG) sizeof(label) }, { CKA_VERIFY, &truevalue, (CK_ULONG) sizeof(truevalue) }, { CKA_MODULUS, modulus, (CK_ULONG) sizeof(modulus) }, { CKA_PUBLIC_EXPONENT, exponent, (CK_ULONG) sizeof(exponent) } }; pk11_context_t pctx; char *lib_name = NULL; char *pin = NULL; int error = 0; int c, errflg = 0; int ontoken = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); break; case 'p': pin = isc_commandline_argument; break; case 't': ontoken = 1; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tpubrsa [-m module] [-s slot] [-p pin] " "[-t] [-n count]\n"); exit(1); } /* Allocate hanles */ hKey = (CK_SESSION_HANDLE *) malloc(count * sizeof(CK_SESSION_HANDLE)); if (hKey == NULL) { perror("malloc"); exit(1); } for (i = 0; i < count; i++) hKey[i] = CK_INVALID_HANDLE; /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE, (const char *) pin, slot); if (result != ISC_R_SUCCESS) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); free(hKey); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; if (ontoken) kTemplate[2].pValue = &truevalue; if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_objects; } for (i = 0; i < count; i++) { (void) snprintf(label, sizeof(label), "obj%u", i); kTemplate[4].ulValueLen = strlen(label); rv = pkcs_C_CreateObject(hSession, kTemplate, 8, &hKey[i]); if (rv != CKR_OK) { fprintf(stderr, "C_CreateObject[%u]: Error = 0x%.8lX\n", i, rv); error = 1; if (i == 0) goto exit_objects; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_objects; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%u public RSA keys in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g public RSA keys/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_objects: for (i = 0; i < count; i++) { /* Destroy objects */ if (hKey[i] == CK_INVALID_HANDLE) continue; rv = pkcs_C_DestroyObject(hSession, hKey[i]); if ((rv != CKR_OK) && !errflg) { fprintf(stderr, "C_DestroyObject[%u]: Error = 0x%.8lX\n", i, rv); errflg = 1; } } free(hKey); pk11_return_session(&pctx); pk11_shutdown(); exit(error); }
int main(int argc, char **argv) { char *entrydn = NULL, *rdn = NULL, buf[ 4096 ]; FILE *fp; LDAP *ld; int rc, retval, havedn; prog = lutil_progname( "ldapmodrdn", argc, argv ); tool_args( argc, argv ); havedn = 0; if (argc - optind == 2) { if (( rdn = strdup( argv[argc - 1] )) == NULL ) { perror( "strdup" ); return( EXIT_FAILURE ); } if (( entrydn = strdup( argv[argc - 2] )) == NULL ) { perror( "strdup" ); return( EXIT_FAILURE ); } ++havedn; } else if ( argc - optind != 0 ) { fprintf( stderr, "%s: invalid number of arguments (%d), " "only two allowed\n", prog, argc-optind ); usage(); } if ( infile != NULL ) { if (( fp = fopen( infile, "r" )) == NULL ) { perror( infile ); return( EXIT_FAILURE ); } } else { fp = stdin; } ld = tool_conn_setup( 0, 0 ); if ( pw_file || want_bindpw ) { if ( pw_file ) { rc = lutil_get_filed_password( pw_file, &passwd ); if( rc ) return EXIT_FAILURE; } else { passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"strdup" ); return( EXIT_FAILURE ); } rc = domodrdn(ld, entrydn, rdn, newSuperior, remove_old_RDN ); if ( rc != 0 ) retval = rc; havedn = 0; } else if ( !havedn ) { /* don't have DN yet */ if (( entrydn = strdup( buf )) == NULL ) { perror( "strdup" ); return( EXIT_FAILURE ); } ++havedn; } } } ldap_unbind( ld ); return( retval ); }
int main( int argc, char *argv[] ) { int rc; char *user = NULL; LDAP *ld = NULL; struct berval bv = {0, NULL}; BerElement *ber = NULL; int id, code = LDAP_OTHER; LDAPMessage *res; char *matcheddn = NULL, *text = NULL, **refs = NULL; char *retoid = NULL; struct berval *retdata = NULL; LDAPControl **ctrls = NULL; tool_init( TOOL_PASSWD ); prog = lutil_progname( "ldappasswd", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if( argc - optind > 1 ) { usage(); } else if ( argc - optind == 1 ) { user = strdup( argv[optind] ); } else { user = NULL; } if( oldpwfile ) { rc = lutil_get_filed_password( oldpwfile, &oldpw ); if( rc ) { rc = EXIT_FAILURE; goto done; } } if( want_oldpw && oldpw.bv_val == NULL ) { /* prompt for old password */ char *ckoldpw; oldpw.bv_val = strdup(getpassphrase(_("Old password: "******"Re-enter old password: "******"passwords do not match\n") ); rc = EXIT_FAILURE; goto done; } oldpw.bv_len = strlen( oldpw.bv_val ); } if( newpwfile ) { rc = lutil_get_filed_password( newpwfile, &newpw ); if( rc ) { rc = EXIT_FAILURE; goto done; } } if( want_newpw && newpw.bv_val == NULL ) { /* prompt for new password */ char *cknewpw; newpw.bv_val = strdup(getpassphrase(_("New password: "******"Re-enter new password: "******"passwords do not match\n") ); rc = EXIT_FAILURE; goto done; } newpw.bv_len = strlen( newpw.bv_val ); } ld = tool_conn_setup( 0, 0 ); tool_bind( ld ); if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) { /* build the password modify request data */ ber = ber_alloc_t( LBER_USE_DER ); if( ber == NULL ) { perror( "ber_alloc_t" ); rc = EXIT_FAILURE; goto done; } ber_printf( ber, "{" /*}*/ ); if( user != NULL ) { ber_printf( ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); free(user); } if( oldpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw ); free(oldpw.bv_val); } if( newpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw ); free(newpw.bv_val); } ber_printf( ber, /*{*/ "N}" ); rc = ber_flatten2( ber, &bv, 0 ); if( rc < 0 ) { perror( "ber_flatten2" ); rc = EXIT_FAILURE; goto done; } } if ( dont ) { rc = LDAP_SUCCESS; goto done; } tool_server_controls( ld, NULL, 0); rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, NULL, NULL, &id ); ber_free( ber, 1 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_extended_operation", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto done; } for ( ; ; ) { struct timeval tv; if ( tool_check_abandon( ld, id ) ) { tool_exit( ld, LDAP_CANCELLED ); } tv.tv_sec = 0; tv.tv_usec = 100000; rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res ); if ( rc < 0 ) { tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL ); tool_exit( ld, rc ); } if ( rc != 0 ) { break; } } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 0 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto done; } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); if( rc != LDAP_SUCCESS ) { tool_perror( "ldap_parse_extended_result", rc, NULL, NULL, NULL, NULL ); rc = EXIT_FAILURE; goto done; } if( retdata != NULL ) { ber_tag_t tag; char *s; ber = ber_init( retdata ); if( ber == NULL ) { perror( "ber_init" ); rc = EXIT_FAILURE; goto done; } /* we should check the tag */ tag = ber_scanf( ber, "{a}", &s); if( tag == LBER_ERROR ) { perror( "ber_scanf" ); } else { printf(_("New password: %s\n"), s); ber_memfree( s ); } ber_free( ber, 1 ); } else if ( code == LDAP_SUCCESS && newpw.bv_val == NULL ) { tool_perror( "ldap_parse_extended_result", LDAP_DECODING_ERROR, " new password expected", NULL, NULL, NULL ); } if( verbose || code != LDAP_SUCCESS || ( matcheddn && *matcheddn ) || ( text && *text ) || refs || ctrls ) { printf( _("Result: %s (%d)\n"), ldap_err2string( code ), code ); if( text && *text ) { printf( _("Additional info: %s\n"), text ); } if( matcheddn && *matcheddn ) { printf( _("Matched DN: %s\n"), matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf(_("Referral: %s\n"), refs[i] ); } } if( ctrls ) { tool_print_ctrls( ld, ctrls ); ldap_controls_free( ctrls ); } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); ber_memfree( retoid ); ber_bvfree( retdata ); rc = ( code == LDAP_SUCCESS ) ? EXIT_SUCCESS : EXIT_FAILURE; done: /* disconnect from server */ tool_exit( ld, rc ); }
int slappasswd( int argc, char *argv[] ) { int rc = EXIT_SUCCESS; #ifdef LUTIL_SHA1_BYTES char *default_scheme = "{SSHA}"; #else char *default_scheme = "{SMD5}"; #endif char *scheme = default_scheme; char *newpw = NULL; char *pwfile = NULL; const char *text; const char *progname = "slappasswd"; int i; char *newline = "\n"; struct berval passwd = BER_BVNULL; struct berval hash; #ifdef LDAP_DEBUG /* tools default to "none", so that at least LDAP_DEBUG_ANY * messages show up; use -d 0 to reset */ slap_debug = LDAP_DEBUG_NONE; #endif ldap_syslog = 0; while( (i = getopt( argc, argv, "c:d:gh:no:s:T:vu" )) != EOF ) { switch (i) { case 'c': /* crypt salt format */ scheme = "{CRYPT}"; lutil_salt_format( optarg ); break; case 'g': /* new password (generate) */ if ( pwfile != NULL ) { fprintf( stderr, "Option -g incompatible with -T\n" ); return EXIT_FAILURE; } else if ( newpw != NULL ) { fprintf( stderr, "New password already provided\n" ); return EXIT_FAILURE; } else if ( lutil_passwd_generate( &passwd, 8 )) { fprintf( stderr, "Password generation failed\n" ); return EXIT_FAILURE; } break; case 'h': /* scheme */ if ( scheme != default_scheme ) { fprintf( stderr, "Scheme already provided\n" ); return EXIT_FAILURE; } else { scheme = ch_strdup( optarg ); } break; case 'n': newline = ""; break; case 'o': if ( parse_slappasswdopt() ) { usage ( progname ); } break; case 's': /* new password (secret) */ if ( pwfile != NULL ) { fprintf( stderr, "Option -s incompatible with -T\n" ); return EXIT_FAILURE; } else if ( newpw != NULL ) { fprintf( stderr, "New password already provided\n" ); return EXIT_FAILURE; } else { char* p; newpw = ch_strdup( optarg ); for( p = optarg; *p != '\0'; p++ ) { *p = '\0'; } } break; case 'T': /* password file */ if ( pwfile != NULL ) { fprintf( stderr, "Password file already provided\n" ); return EXIT_FAILURE; } else if ( newpw != NULL ) { fprintf( stderr, "Option -T incompatible with -s/-g\n" ); return EXIT_FAILURE; } pwfile = optarg; break; case 'u': /* RFC2307 userPassword */ break; case 'v': /* verbose */ verbose++; break; default: usage ( progname ); } } if( argc - optind != 0 ) { usage( progname ); } #ifdef SLAPD_MODULES if ( module_init() != 0 ) { fprintf( stderr, "%s: module_init failed\n", progname ); return EXIT_FAILURE; } if ( modulepath && module_path(modulepath) ) { rc = EXIT_FAILURE; goto destroy; } if ( moduleload && module_load(moduleload, 0, NULL) ) { rc = EXIT_FAILURE; goto destroy; } #endif if( pwfile != NULL ) { if( lutil_get_filed_password( pwfile, &passwd )) { rc = EXIT_FAILURE; goto destroy; } } else if ( BER_BVISEMPTY( &passwd )) { if( newpw == NULL ) { /* prompt for new password */ char *cknewpw; newpw = ch_strdup(getpassphrase("New password: "******"Re-enter new password: "******"Password values do not match\n" ); rc = EXIT_FAILURE; goto destroy; } } passwd.bv_val = newpw; passwd.bv_len = strlen(passwd.bv_val); } else { hash = passwd; goto print_pw; } lutil_passwd_hash( &passwd, scheme, &hash, &text ); if( hash.bv_val == NULL ) { fprintf( stderr, "Password generation failed for scheme %s: %s\n", scheme, text ? text : "" ); rc = EXIT_FAILURE; goto destroy; } if( lutil_passwd( &hash, &passwd, NULL, &text ) ) { fprintf( stderr, "Password verification failed. %s\n", text ? text : "" ); rc = EXIT_FAILURE; goto destroy; } print_pw:; printf( "%s%s" , hash.bv_val, newline ); destroy:; #ifdef SLAPD_MODULES module_kill(); #endif return rc; }
int main( int argc, char *argv[] ) { int rc; char *user = NULL; LDAP *ld = NULL; struct berval bv = {0, NULL}; BerElement *ber = NULL; int id, code = LDAP_OTHER; LDAPMessage *res; char *matcheddn = NULL, *text = NULL, **refs = NULL; char *retoid = NULL; struct berval *retdata = NULL; prog = lutil_progname( "ldappasswd", argc, argv ); /* LDAPv3 only */ protocol = LDAP_VERSION3; tool_args( argc, argv ); if( argc - optind > 1 ) { usage(); } else if ( argc - optind == 1 ) { user = strdup( argv[optind] ); } else { user = NULL; } if( oldpwfile ) { rc = lutil_get_filed_password( prog, &oldpw ); if( rc ) return EXIT_FAILURE; } if( want_oldpw && oldpw.bv_val == NULL ) { /* prompt for old password */ char *ckoldpw; oldpw.bv_val = strdup(getpassphrase("Old password: "******"Re-enter old password: "******"passwords do not match\n" ); return EXIT_FAILURE; } oldpw.bv_len = strlen( oldpw.bv_val ); } if( newpwfile ) { rc = lutil_get_filed_password( prog, &newpw ); if( rc ) return EXIT_FAILURE; } if( want_newpw && newpw.bv_val == NULL ) { /* prompt for new password */ char *cknewpw; newpw.bv_val = strdup(getpassphrase("New password: "******"Re-enter new password: "******"passwords do not match\n" ); return EXIT_FAILURE; } newpw.bv_len = strlen( newpw.bv_val ); } if( want_bindpw && passwd.bv_val == NULL ) { /* handle bind password */ if ( pw_file ) { rc = lutil_get_filed_password( pw_file, &passwd ); if( rc ) return EXIT_FAILURE; } else { passwd.bv_val = getpassphrase( "Enter LDAP Password: "******"ber_alloc_t" ); ldap_unbind( ld ); return EXIT_FAILURE; } ber_printf( ber, "{" /*}*/ ); if( user != NULL ) { ber_printf( ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user ); free(user); } if( oldpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &oldpw ); free(oldpw.bv_val); } if( newpw.bv_val != NULL ) { ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &newpw ); free(newpw.bv_val); } ber_printf( ber, /*{*/ "N}" ); rc = ber_flatten2( ber, &bv, 0 ); if( rc < 0 ) { perror( "ber_flatten2" ); ldap_unbind( ld ); return EXIT_FAILURE; } } if ( not ) { rc = LDAP_SUCCESS; goto skip; } rc = ldap_extended_operation( ld, LDAP_EXOP_MODIFY_PASSWD, bv.bv_val ? &bv : NULL, NULL, NULL, &id ); ber_free( ber, 1 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_extended_operation" ); ldap_unbind( ld ); return EXIT_FAILURE; } rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, NULL, &res ); if ( rc < 0 ) { ldap_perror( ld, "ldappasswd: ldap_result" ); return rc; } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, NULL, 0 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); return rc; } rc = ldap_parse_extended_result( ld, res, &retoid, &retdata, 1 ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_parse_result" ); return rc; } if( retdata != NULL ) { ber_tag_t tag; char *s; ber = ber_init( retdata ); if( ber == NULL ) { perror( "ber_init" ); ldap_unbind( ld ); return EXIT_FAILURE; } /* we should check the tag */ tag = ber_scanf( ber, "{a}", &s); if( tag == LBER_ERROR ) { perror( "ber_scanf" ); } else { printf("New password: %s\n", s); free( s ); } ber_free( ber, 1 ); } if( verbose || code != LDAP_SUCCESS || matcheddn || text || refs ) { printf( "Result: %s (%d)\n", ldap_err2string( code ), code ); if( text && *text ) { printf( "Additional info: %s\n", text ); } if( matcheddn && *matcheddn ) { printf( "Matched DN: %s\n", matcheddn ); } if( refs ) { int i; for( i=0; refs[i]; i++ ) { printf("Referral: %s\n", refs[i] ); } } } ber_memfree( text ); ber_memfree( matcheddn ); ber_memvfree( (void **) refs ); ber_memfree( retoid ); ber_bvfree( retdata ); skip: /* disconnect from server */ ldap_unbind (ld); return code == LDAP_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession; CK_MECHANISM mech = { CKM_MD5, NULL, 0 }; CK_ULONG len; pk11_context_t pctx; pk11_optype_t op_type = OP_DIGEST; char *lib_name = NULL; char *pin = NULL; int error = 0; isc_boolean_t logon = ISC_TRUE; int c, errflg = 0; size_t sum = 0; unsigned int i; while ((c = isc_commandline_parse(argc, argv, ":m:s:np:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'n': logon = ISC_FALSE; break; case 'p': pin = isc_commandline_argument; break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tpkcs11-md5sum [-m module] [-s slot] [-n|-p pin]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (logon && pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; rv = pkcs_C_DigestInit(hSession, &mech); if (rv != CKR_OK) { fprintf(stderr, "C_DigestInit: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } for (;;) { size_t n; for (;;) { n = fread(buffer + sum, 1, BLOCKSIZE - sum, stdin); sum += n; if (sum == BLOCKSIZE) break; if (n == 0) { if (ferror(stdin)) { fprintf(stderr, "fread failed\n"); error = 1; goto exit_session; } goto partial_block; } if (feof(stdin)) goto partial_block; } rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer, (CK_ULONG) BLOCKSIZE); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } } partial_block: if (sum > 0) { rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer, (CK_ULONG) sum); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } } len = 16; rv = pkcs_C_DigestFinal(hSession, (CK_BYTE_PTR) digest, &len); if (rv != CKR_OK) { fprintf(stderr, "C_DigestFinal: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } if (len != 16) { fprintf(stderr, "C_DigestFinal: bad length = %lu\n", len); error = 1; } for (i = 0; i < 16; i++) printf("%02x", digest[i] & 0xff); printf("\n"); exit_session: pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int pk11_get_pin(char *dialog, char **pin) { /* Initialize as an error. */ *pin = NULL; if (strcmp(dialog, BUILTIN_SPEC) == 0) { /* The getpassphrase() function is not MT safe. */ (void) pthread_mutex_lock(uri_lock); /* Note that OpenSSL is not localized at all. */ *pin = getpassphrase("Enter token PIN: "); if (*pin == NULL) { PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN); (void) pthread_mutex_unlock(uri_lock); goto err; } else { char *pw; /* * getpassphrase() uses an internal buffer to hold the * entered password. Note that it terminates the buffer * with '\0'. */ if ((pw = strdup(*pin)) == NULL) { PK11err(PK11_F_GET_PIN, PK11_R_MALLOC_FAILURE); (void) pthread_mutex_unlock(uri_lock); goto err; } /* Zero the internal buffer to get rid of the PIN. */ memset(*pin, 0, strlen(*pin)); *pin = pw; (void) pthread_mutex_unlock(uri_lock); } } else { /* * This is the "exec:" case. We will get the PIN from the output * of an external command. */ if (strncmp(dialog, EXEC_SPEC, strlen(EXEC_SPEC)) == 0) { dialog += strlen(EXEC_SPEC); if ((*pin = run_askpass(dialog)) == NULL) goto err; } else { /* * Invalid specification in the passphrasedialog * keyword. */ PK11err(PK11_F_GET_PIN, PK11_R_BAD_PASSPHRASE_SPEC); goto err; } } return (1); err: return (0); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_ULONG len; CK_ULONG slen; CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; CK_OBJECT_CLASS kClass = CKO_PUBLIC_KEY; CK_KEY_TYPE kType = CKK_RSA; CK_ATTRIBUTE kTemplate[] = { { CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) }, { CKA_KEY_TYPE, &kType, (CK_ULONG) sizeof(kType) }, { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_VERIFY, &truevalue, (CK_ULONG) sizeof(truevalue) }, { CKA_MODULUS, modulus, (CK_ULONG) sizeof(modulus) }, { CKA_PUBLIC_EXPONENT, exponent, (CK_ULONG) sizeof(exponent) } }; CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 }; pk11_context_t pctx; pk11_optype_t op_type = OP_RSA; char *lib_name = NULL; char *pin = NULL; int error = 0; int c, errflg = 0; int ontoken = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'p': pin = isc_commandline_argument; break; case 't': ontoken = 1; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tverify [-m module] [-s slot] [-p pin] " "[-t] [-n count]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE, ISC_TRUE, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NODIGESTSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; /* Create the private RSA key */ if (ontoken) kTemplate[2].pValue = &truevalue; rv = pkcs_C_CreateObject(hSession, kTemplate, 7, &hKey); if (rv != CKR_OK) { fprintf(stderr, "C_CreateObject: Error = 0x%.8lX\n", rv); error = 1; goto exit_key; } /* Randomize the buffer */ len = (CK_ULONG) sizeof(buf); rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom: Error = 0x%.8lX\n", rv); goto exit_key; } if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_key; } for (i = 0; i < count; i++) { /* Initialize Verify */ rv = pkcs_C_VerifyInit(hSession, &mech, hKey); if (rv != CKR_OK) { fprintf(stderr, "C_VerifyInit[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } /* Perform Verify */ slen = (CK_ULONG) sizeof(sig); rv = pkcs_C_Verify(hSession, buf, len, sig, slen); if ((rv != CKR_OK) && (rv != CKR_SIGNATURE_INVALID)) { fprintf(stderr, "C_Verify[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_key; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%u RSA verify in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g RSA verify/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_key: if (hKey != CK_INVALID_HANDLE) { rv = pkcs_C_DestroyObject(hSession, hKey); if (rv != CKR_OK) { fprintf(stderr, "C_DestroyObject: Error = 0x%.8lX\n", rv); errflg = 1; } } pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_ATTRIBUTE sTemplate[] = { { CKA_LABEL, label, (CK_ULONG) sizeof(label) }, }; CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE; CK_ULONG found = 0; pk11_context_t pctx; char *lib_name = NULL; char *pin = NULL; int error = 0; int c, errflg = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:p:n:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); break; case 'p': pin = isc_commandline_argument; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tfind [-m module] [-s slot] [-p pin] [-n count]\n"); exit(1); } /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_TRUE, (const char *) pin, slot); if (result != ISC_R_SUCCESS) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_objects; } for (i = 0; !error && (i < count); i++) { rv = pkcs_C_FindObjectsInit(hSession, sTemplate, 1); if (rv != CKR_OK) { fprintf(stderr, "C_FindObjectsInit[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } rv = pkcs_C_FindObjects(hSession, &sKey, 1, &found); if (rv != CKR_OK) { fprintf(stderr, "C_FindObjects[%u]: Error = 0x%.8lX\n", i, rv); error = 1; /* no break here! */ } rv = pkcs_C_FindObjectsFinal(hSession); if (rv != CKR_OK) { fprintf(stderr, "C_FindObjectsFinal[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_objects; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%u object searches in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g object searches/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_objects: pk11_return_session(&pctx); pk11_shutdown(); exit(error); }