upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-08 08:02:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added errmsg arg to lutil_passwd_{check,hash} functions

Browse source
This commit is contained in:
Howard Chu 2003-04-30 07:52:05 +00:00
parent cfaf127eaa
commit 7e2273b30e
12 changed files with 79 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
include/lutil.h
View file

@ -70,11 +70,13 @@ struct lutil_pw_scheme;
typedef int (LUTIL_PASSWD_CHK_FUNC)(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred );
const struct berval *cred,
const char **text );
typedef struct berval * (LUTIL_PASSWD_HASH_FUNC) (
const struct berval *scheme,
const struct berval *passwd );
const struct berval *passwd,
const char **text );
LDAP_LUTIL_F( int )
lutil_passwd_add LDAP_P((
@ -110,7 +112,8 @@ LDAP_LUTIL_F( int )
lutil_passwd LDAP_P((
const struct berval *passwd, /* stored password */
const struct berval *cred, /* user supplied value */
const char **methods ));
const char **methods,
const char **text )); /* error message */
LDAP_LUTIL_F( struct berval * )
lutil_passwd_generate LDAP_P(( ber_len_t ));
@ -118,7 +121,8 @@ lutil_passwd_generate LDAP_P(( ber_len_t ));
LDAP_LUTIL_F( struct berval * )
lutil_passwd_hash LDAP_P((
const struct berval *passwd,
const char *method ));
const char *method,
const char **text ));
LDAP_LUTIL_F( int )
lutil_passwd_scheme LDAP_P((

67
libraries/liblutil/passwd.c
View file

@ -288,10 +288,13 @@ int
lutil_passwd(
const struct berval *passwd, /* stored passwd */
const struct berval *cred, /* user cred */
const char **schemes )
const char **schemes,
const char **text )
{
struct pw_slist *pws;
if ( text ) *text = NULL;
if (cred == NULL || cred->bv_len == 0 ||
passwd == NULL || passwd->bv_len == 0 )
{
@ -307,7 +310,7 @@ lutil_passwd(
passwd, &x, schemes );
if( p != NULL ) {
return (pws->s.chk_fn)( &(pws->s.name), p, cred );
return (pws->s.chk_fn)( &(pws->s.name), p, cred, text );
}
}
}
@ -357,14 +360,16 @@ struct berval * lutil_passwd_generate( ber_len_t len )
struct berval * lutil_passwd_hash(
const struct berval * passwd,
const char * method )
const char * method,
const char **text )
{
const struct pw_scheme *sc = get_scheme( method );
if( text ) *text = NULL;
if( sc == NULL ) return NULL;
if( ! sc->hash_fn ) return NULL;
return (sc->hash_fn)( &sc->name, passwd );
return (sc->hash_fn)( &sc->name, passwd, text );
}
/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
@ -459,7 +464,8 @@ static struct berval * pw_string64(
static int chk_ssha1(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -502,7 +508,8 @@ static int chk_ssha1(
static int chk_sha1(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -538,7 +545,8 @@ static int chk_sha1(
static int chk_smd5(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -582,7 +590,8 @@ static int chk_smd5(
static int chk_md5(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -618,7 +627,8 @@ static int chk_md5(
static int chk_lanman(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred )
const struct berval *cred,
const char **text )
{
struct berval *hash;
@ -631,7 +641,8 @@ static int chk_lanman(
static int chk_ns_mta_md5(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred )
const struct berval *cred,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES], c;
@ -683,7 +694,8 @@ sasl_conn_t *lutil_passwd_sasl_conn = NULL;
static int chk_sasl(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
unsigned int i;
int rtn;
@ -714,11 +726,10 @@ static int chk_sasl(
if( lutil_passwd_sasl_conn != NULL ) {
int sc;
# if SASL_VERSION_MAJOR < 2
const char *errstr = NULL;
sc = sasl_checkpass( lutil_passwd_sasl_conn,
passwd->bv_val, passwd->bv_len,
cred->bv_val, cred->bv_len,
&errstr );
text );
# else
sc = sasl_checkpass( lutil_passwd_sasl_conn,
passwd->bv_val, passwd->bv_len,
@ -736,7 +747,8 @@ static int chk_sasl(
static int chk_kerberos(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
unsigned int i;
int rtn;
@ -909,7 +921,8 @@ static int chk_kerberos(
static int chk_crypt(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
char *cr;
unsigned int i;
@ -952,7 +965,8 @@ static int chk_crypt(
static int chk_unix(
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
unsigned int i;
char *pw,*cr;
@ -1027,7 +1041,8 @@ static int chk_unix(
#ifdef LUTIL_SHA1_BYTES
static struct berval *hash_ssha1(
const struct berval *scheme,
const struct berval *passwd )
const struct berval *passwd,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -1056,7 +1071,8 @@ static struct berval *hash_ssha1(
static struct berval *hash_sha1(
const struct berval *scheme,
const struct berval *passwd )
const struct berval *passwd,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -1075,7 +1091,8 @@ static struct berval *hash_sha1(
static struct berval *hash_smd5(
const struct berval *scheme,
const struct berval *passwd )
const struct berval *passwd,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -1104,7 +1121,8 @@ static struct berval *hash_smd5(
static struct berval *hash_md5(
const struct berval *scheme,
const struct berval *passwd )
const struct berval *passwd,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -1201,7 +1219,8 @@ static void lmPasswd_to_key(
static struct berval *hash_lanman(
const struct berval *scheme,
const struct berval *passwd )
const struct berval *passwd,
const char **text )
{
int i;
@ -1249,7 +1268,8 @@ static struct berval *hash_lanman(
#ifdef SLAPD_CRYPT
static struct berval *hash_crypt(
const struct berval *scheme,
const struct berval *passwd )
const struct berval *passwd,
const char **text )
{
struct berval hash;
unsigned char salt[32]; /* salt suitable for most anything */
@ -1310,7 +1330,8 @@ int lutil_salt_format(const char *format)
#ifdef SLAPD_CLEARTEXT
static struct berval *hash_clear(
const struct berval *scheme,
const struct berval *passwd )
const struct berval *passwd,
const char **text )
{
return ber_bvdup( (struct berval *) passwd );
}

2
servers/slapd/back-bdb/bind.c
View file

@ -192,7 +192,7 @@ dn2entry_retry:
goto done;
}
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) {
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
goto done;

4
servers/slapd/back-bdb/passwd.c
View file

@ -65,10 +65,10 @@ bdb_exop_passwd( Operation *op, SlapReply *rs )
rs->sr_rspdata = slap_passwd_return( &new );
}
slap_passwd_hash( &new, &hash );
slap_passwd_hash( &new, &hash, &rs->sr_text );
if( hash.bv_len == 0 ) {
rs->sr_text = "password hash failed";
if( !rs->sr_text ) rs->sr_text = "password hash failed";
rc = LDAP_OTHER;
goto done;
}

2
servers/slapd/back-ldbm/bind.c
View file

@ -152,7 +152,7 @@ ldbm_back_bind(
goto return_results;
}
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) {
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
/* stop front end from sending result */
rc = 1;

4
servers/slapd/back-ldbm/passwd.c
View file

@ -63,10 +63,10 @@ ldbm_back_exop_passwd(
rs->sr_rspdata = slap_passwd_return( &new );
}
slap_passwd_hash( &new, &hash );
slap_passwd_hash( &new, &hash, &rs->sr_text );
if( hash.bv_len == 0 ) {
rs->sr_text = "password hash failed";
if( !rs->sr_text ) rs->sr_text = "password hash failed";
rc = LDAP_OTHER;
goto done;
}

2
servers/slapd/back-sql/bind.c
View file

@ -102,7 +102,7 @@ backsql_bind( Operation *op, SlapReply *rs )
return 1;
}
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred ) != 0 ) {
if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
return 1;

3
servers/slapd/backend.c
View file

@ -680,6 +680,7 @@ int
be_isroot_pw( Operation *op )
{
int result;
char *errmsg;
if ( ! be_isroot( op->o_bd, &op->o_req_ndn ) ) {
return 0;
@ -696,7 +697,7 @@ be_isroot_pw( Operation *op )
#endif
#endif
result = lutil_passwd( &op->o_bd->be_rootpw, &op->orb_cred, NULL );
result = lutil_passwd( &op->o_bd->be_rootpw, &op->orb_cred, NULL, NULL );
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
#ifdef SLAPD_SPASSWD

10
servers/slapd/passwd.c
View file

@ -250,7 +250,8 @@ int
slap_passwd_check(
Connection *conn,
Attribute *a,
struct berval *cred )
struct berval *cred,
const char **text )
{
int result = 1;
struct berval *bv;
@ -263,7 +264,7 @@ slap_passwd_check(
#endif
for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
if( !lutil_passwd( bv, cred, NULL ) ) {
if( !lutil_passwd( bv, cred, NULL, text ) ) {
result = 0;
break;
}
@ -305,7 +306,8 @@ slap_passwd_generate( struct berval *pass )
void
slap_passwd_hash(
struct berval * cred,
struct berval * new )
struct berval * new,
const char **text )
{
struct berval *tmp;
#ifdef LUTIL_SHA1_BYTES
@ -319,7 +321,7 @@ slap_passwd_hash(
ldap_pvt_thread_mutex_lock( &passwd_mutex );
#endif
tmp = lutil_passwd_hash( cred , hash );
tmp = lutil_passwd_hash( cred , hash, text );
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
ldap_pvt_thread_mutex_unlock( &passwd_mutex );

6
servers/slapd/proto-slap.h
View file

@ -744,13 +744,15 @@ LDAP_SLAPD_F (SLAP_EXTOP_MAIN_FN) passwd_extop;
LDAP_SLAPD_F (int) slap_passwd_check(
Connection *conn,
Attribute *attr,
struct berval *cred );
struct berval *cred,
const char **text );
LDAP_SLAPD_F (void) slap_passwd_generate( struct berval * );
LDAP_SLAPD_F (void) slap_passwd_hash(
struct berval *cred,
struct berval *hash );
struct berval *hash,
const char **text );
LDAP_SLAPD_F (struct berval *) slap_passwd_return(
struct berval *cred );

2
servers/slapd/sasl.c
View file

@ -502,7 +502,7 @@ sasl_cb_checkpass( Operation *op, SlapReply *rs )
NULL, ACL_AUTH, NULL ) ) return 0;
for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
if ( !lutil_passwd( bv, &ci->cred, NULL ) ) {
if ( !lutil_passwd( bv, &ci->cred, NULL, &rs->sr_text ) ) {
ci->rc = SASL_OK;
break;
}

11
servers/slapd/tools/slappasswd.c
View file

@ -46,6 +46,7 @@ main( int argc, char *argv[] )
char *scheme = "{SSHA}";
char *newpw = NULL;
char *pwfile = NULL;
const char *text;
int i;
struct berval passwd;
@ -115,15 +116,17 @@ main( int argc, char *argv[] )
passwd.bv_len = strlen(passwd.bv_val);
}
hash = lutil_passwd_hash( &passwd, scheme );
hash = lutil_passwd_hash( &passwd, scheme, &text );
if( hash == NULL || hash->bv_val == NULL ) {
fprintf( stderr, "Password generation failed.\n");
fprintf( stderr, "Password generation failed. %s\n",
text ? text : "" );
return EXIT_FAILURE;
}
if( lutil_passwd( hash, &passwd, NULL ) ) {
fprintf( stderr, "Password verification failed.\n");
if( lutil_passwd( hash, &passwd, NULL, &text ) ) {
fprintf( stderr, "Password verification failed. %s\n",
text ? text : "" );
return EXIT_FAILURE;
}