mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-20 22:59:34 -05:00
Rework passwd routines to allow callers to determine which
schemes are supported. This should facilate server rootDSE advertisement of supported schemes, etc..
This commit is contained in:
Kurt Zeilenga
parent
6e6eb52591
commit
3c00fd6d23
2 changed files with 45 additions and 20 deletions
|
|
@ -50,6 +50,11 @@ lutil_passwd LDAP_P((
|
||||||
const char *passwd,
|
const char *passwd,
|
||||||
const char **methods ));
|
const char **methods ));
|
||||||
|
|
||||||
|
extern const char* lutil_passwd_schemes[];
|
||||||
|
|
||||||
|
LDAP_F( int )
|
||||||
|
lutil_passwd_scheme LDAP_P((char *scheme));
|
||||||
|
|
||||||
/* utils.c */
|
/* utils.c */
|
||||||
LDAP_F( char* )
|
LDAP_F( char* )
|
||||||
lutil_progname LDAP_P((
|
lutil_progname LDAP_P((
|
||||||
|
|
|
||||||
|
|
@ -31,18 +31,18 @@
|
||||||
# include <pwd.h>
|
# include <pwd.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int supported_hash(
|
static int is_allowed_scheme(
|
||||||
const char* method,
|
const char* scheme,
|
||||||
const char** methods )
|
const char** schemes )
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if(methods == NULL) {
|
if(schemes == NULL) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
for(i=0; methods[i] != NULL; i++) {
|
for(i=0; schemes[i] != NULL; i++) {
|
||||||
if(strcasecmp(method, methods[i]) == 0) {
|
if(strcasecmp(scheme, schemes[i]) == 0) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -50,20 +50,40 @@ static int supported_hash(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char *passwd_hash(
|
const char *lutil_passwd_schemes[] = {
|
||||||
|
#ifdef SLAPD_CRYPT
|
||||||
|
"{CRYPT}",
|
||||||
|
#endif
|
||||||
|
"{MD5}", "{SMD5}",
|
||||||
|
"{SHA}", "{SSHA}",
|
||||||
|
# if defined( HAVE_GETSPNAM ) \
|
||||||
|
|| ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
|
||||||
|
"{UNIX}",
|
||||||
|
#endif
|
||||||
|
#ifdef SLAPD_CLEARTEXT
|
||||||
|
"{CLEARTEXT}", /* psuedo scheme */
|
||||||
|
#endif
|
||||||
|
NULL,
|
||||||
|
};
|
||||||
|
|
||||||
|
int lutil_passwd_scheme( char *scheme ) {
|
||||||
|
return is_allowed_scheme( scheme, lutil_passwd_schemes );
|
||||||
|
}
|
||||||
|
|
||||||
|
static const char *passwd_scheme(
|
||||||
const char* passwd,
|
const char* passwd,
|
||||||
const char* method,
|
const char* scheme,
|
||||||
const char** methods )
|
const char** schemes )
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
if( !supported_hash( method, methods ) ) {
|
if( !is_allowed_scheme( scheme, schemes ) ) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
len = strlen(method);
|
len = strlen(scheme);
|
||||||
|
|
||||||
if( strncasecmp( passwd, method, len ) == 0 ) {
|
if( strncasecmp( passwd, scheme, len ) == 0 ) {
|
||||||
return &passwd[len];
|
return &passwd[len];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -77,7 +97,7 @@ int
|
||||||
lutil_passwd(
|
lutil_passwd(
|
||||||
const char *cred,
|
const char *cred,
|
||||||
const char *passwd,
|
const char *passwd,
|
||||||
const char **methods)
|
const char **schemes)
|
||||||
{
|
{
|
||||||
const char *p;
|
const char *p;
|
||||||
|
|
||||||
|
|
@ -85,7 +105,7 @@ lutil_passwd(
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((p = passwd_hash( passwd, "{MD5}", methods )) != NULL ) {
|
if ((p = passwd_scheme( passwd, "{MD5}", schemes )) != NULL ) {
|
||||||
lutil_MD5_CTX MD5context;
|
lutil_MD5_CTX MD5context;
|
||||||
unsigned char MD5digest[16];
|
unsigned char MD5digest[16];
|
||||||
char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */
|
char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */
|
||||||
|
|
@ -103,7 +123,7 @@ lutil_passwd(
|
||||||
|
|
||||||
return( strcmp(p, base64digest) );
|
return( strcmp(p, base64digest) );
|
||||||
|
|
||||||
} else if ((p = passwd_hash( passwd, "{SHA}", methods )) != NULL ) {
|
} else if ((p = passwd_scheme( passwd, "{SHA}", schemes )) != NULL ) {
|
||||||
lutil_SHA1_CTX SHA1context;
|
lutil_SHA1_CTX SHA1context;
|
||||||
unsigned char SHA1digest[20];
|
unsigned char SHA1digest[20];
|
||||||
char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
|
char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
|
||||||
|
|
@ -121,7 +141,7 @@ lutil_passwd(
|
||||||
|
|
||||||
return( strcmp(p, base64digest) );
|
return( strcmp(p, base64digest) );
|
||||||
|
|
||||||
} else if ((p = passwd_hash( passwd, "{SSHA}", methods )) != NULL ) {
|
} else if ((p = passwd_scheme( passwd, "{SSHA}", schemes )) != NULL ) {
|
||||||
lutil_SHA1_CTX SHA1context;
|
lutil_SHA1_CTX SHA1context;
|
||||||
unsigned char SHA1digest[20];
|
unsigned char SHA1digest[20];
|
||||||
int pw_len = strlen(p);
|
int pw_len = strlen(p);
|
||||||
|
|
@ -150,7 +170,7 @@ lutil_passwd(
|
||||||
free(orig_pass);
|
free(orig_pass);
|
||||||
return(rc);
|
return(rc);
|
||||||
|
|
||||||
} else if ((p = passwd_hash( passwd, "{SMD5}", methods )) != NULL ) {
|
} else if ((p = passwd_scheme( passwd, "{SMD5}", schemes )) != NULL ) {
|
||||||
lutil_MD5_CTX MD5context;
|
lutil_MD5_CTX MD5context;
|
||||||
unsigned char MD5digest[16];
|
unsigned char MD5digest[16];
|
||||||
int pw_len = strlen(p);
|
int pw_len = strlen(p);
|
||||||
|
|
@ -180,12 +200,12 @@ lutil_passwd(
|
||||||
return ( rc );
|
return ( rc );
|
||||||
|
|
||||||
#ifdef SLAPD_CRYPT
|
#ifdef SLAPD_CRYPT
|
||||||
} else if ((p = passwd_hash( passwd, "{CRYPT}", methods )) != NULL ) {
|
} else if ((p = passwd_scheme( passwd, "{CRYPT}", schemes )) != NULL ) {
|
||||||
return( strcmp(p, crypt(cred, p)) );
|
return( strcmp(p, crypt(cred, p)) );
|
||||||
|
|
||||||
# if defined( HAVE_GETSPNAM ) \
|
# if defined( HAVE_GETSPNAM ) \
|
||||||
|| ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
|
|| ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
|
||||||
} else if ((p = passwd_hash( passwd, "{UNIX}", methods )) != NULL ) {
|
} else if ((p = passwd_scheme( passwd, "{UNIX}", schemes )) != NULL ) {
|
||||||
|
|
||||||
# ifdef HAVE_GETSPNAM
|
# ifdef HAVE_GETSPNAM
|
||||||
struct spwd *spwd = getspnam(p);
|
struct spwd *spwd = getspnam(p);
|
||||||
|
|
@ -209,7 +229,7 @@ lutil_passwd(
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SLAPD_CLEARTEXT
|
#ifdef SLAPD_CLEARTEXT
|
||||||
return supported_hash("{CLEARTEXT}", methods ) &&
|
return is_allowed_scheme("{CLEARTEXT}", schemes ) &&
|
||||||
strcmp(passwd, cred) != 0;
|
strcmp(passwd, cred) != 0;
|
||||||
#else
|
#else
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue