upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Import lutil_passwd changes from HEAD

Browse source
This commit is contained in:
Howard Chu 2003-10-29 22:32:16 +00:00
parent b823ab6207
commit 839e0e76f3
14 changed files with 218 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
include/lutil.h
View file

@ -57,7 +57,7 @@ lutil_entropy LDAP_P((
ber_len_t nbytes ));
/* passfile.c */
struct berval; /* avoid pulling in lber.h */
struct berval; /* avoid pulling in lber.h */
LDAP_LUTIL_F( int )
lutil_get_filed_password LDAP_P((
@ -65,6 +65,31 @@ lutil_get_filed_password LDAP_P((
struct berval * ));
/* passwd.c */
struct lutil_pw_scheme;
typedef int (LUTIL_PASSWD_CHK_FUNC)(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred,
const char **text );
typedef struct berval * (LUTIL_PASSWD_HASH_FUNC) (
const struct berval *scheme,
const struct berval *passwd,
const char **text );
LDAP_LUTIL_F( int )
lutil_passwd_add LDAP_P((
struct berval *scheme,
LUTIL_PASSWD_CHK_FUNC *chk_fn,
LUTIL_PASSWD_HASH_FUNC *hash_fn ));
LDAP_LUTIL_F( void )
lutil_passwd_init LDAP_P(( void ));
LDAP_LUTIL_F( void )
lutil_passwd_destroy LDAP_P(( void ));
LDAP_LUTIL_F( int )
lutil_authpasswd LDAP_P((
const struct berval *passwd, /* stored password */
@ -87,7 +112,8 @@ LDAP_LUTIL_F( int )
lutil_passwd LDAP_P((
const struct berval *passwd, /* stored password */
const struct berval *cred, /* user supplied value */
const char **methods ));
const char **methods,
const char **text )); /* error message */
LDAP_LUTIL_F( struct berval * )
lutil_passwd_generate LDAP_P(( ber_len_t ));
@ -95,7 +121,8 @@ lutil_passwd_generate LDAP_P(( ber_len_t ));
LDAP_LUTIL_F( struct berval * )
lutil_passwd_hash LDAP_P((
const struct berval *passwd,
const char *method ));
const char *method,
const char **text ));
LDAP_LUTIL_F( int )
lutil_passwd_scheme LDAP_P((

294
libraries/liblutil/passwd.c
View file

@ -78,127 +78,67 @@ static const unsigned char crypt64[] =
static char *salt_format = NULL;
#endif
struct pw_scheme;
typedef int (*PASSWD_CHK_FUNC)(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
typedef struct berval * (*PASSWD_HASH_FUNC) (
const struct pw_scheme *scheme,
const struct berval *passwd );
struct pw_scheme {
struct berval name;
PASSWD_CHK_FUNC chk_fn;
PASSWD_HASH_FUNC hash_fn;
LUTIL_PASSWD_CHK_FUNC *chk_fn;
LUTIL_PASSWD_HASH_FUNC *hash_fn;
};
struct pw_slist {
struct pw_slist *next;
struct pw_scheme s;
};
/* password check routines */
static int chk_md5(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static int chk_smd5(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_md5;
static LUTIL_PASSWD_CHK_FUNC chk_smd5;
static LUTIL_PASSWD_HASH_FUNC hash_smd5;
static LUTIL_PASSWD_HASH_FUNC hash_md5;
#ifdef LUTIL_SHA1_BYTES
static int chk_ssha1(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static int chk_sha1(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_ssha1;
static LUTIL_PASSWD_CHK_FUNC chk_sha1;
static LUTIL_PASSWD_HASH_FUNC hash_sha1;
static LUTIL_PASSWD_HASH_FUNC hash_ssha1;
#endif
#ifdef SLAPD_LMHASH
static int chk_lanman(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_lanman;
static LUTIL_PASSWD_HASH_FUNC hash_lanman;
#endif
#ifdef SLAPD_NS_MTA_MD5
static int chk_ns_mta_md5(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5;
#endif
#ifdef SLAPD_SPASSWD
static int chk_sasl(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_sasl;
#endif
#ifdef SLAPD_KPASSWD
static int chk_kerberos(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_kerberos;
#endif
#ifdef SLAPD_CRYPT
static int chk_crypt(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_crypt;
static LUTIL_PASSWD_HASH_FUNC hash_crypt;
#if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
static int chk_unix(
const struct pw_scheme *scheme,
const struct berval *passwd,
const struct berval *cred );
static LUTIL_PASSWD_CHK_FUNC chk_unix;
#endif
#endif
#ifdef LUTIL_SHA1_BYTES
/* password hash routines */
static struct berval *hash_sha1(
const struct pw_scheme *scheme,
const struct berval *passwd );
static struct berval *hash_ssha1(
const struct pw_scheme *scheme,
const struct berval *passwd );
#endif
static struct berval *hash_smd5(
const struct pw_scheme *scheme,
const struct berval *passwd );
static struct berval *hash_md5(
const struct pw_scheme *scheme,
const struct berval *passwd );
#ifdef SLAPD_LMHASH
static struct berval *hash_lanman(
const struct pw_scheme *scheme,
const struct berval *passwd );
#endif
#ifdef SLAPD_CRYPT
static struct berval *hash_crypt(
const struct pw_scheme *scheme,
const struct berval *passwd );
#endif
#ifdef SLAPD_CLEARTEXT
static struct berval *hash_clear(
const struct pw_scheme *scheme,
const struct berval *passwd );
static LUTIL_PASSWD_HASH_FUNC hash_clear;
#endif
static const struct pw_scheme pw_schemes[] =
static struct pw_slist *pw_schemes;
static const struct pw_scheme pw_schemes_default[] =
{
#ifdef LUTIL_SHA1_BYTES
{ BER_BVC("{SSHA}"), chk_ssha1, hash_ssha1 },
@ -232,23 +172,60 @@ static const struct pw_scheme pw_schemes[] =
#endif
#ifdef SLAPD_CLEARTEXT
/* psuedo scheme */
/* pseudo scheme */
{ {0, "{CLEARTEXT}"}, NULL, hash_clear },
#endif
{ BER_BVNULL, NULL, NULL }
};
int lutil_passwd_add(
struct berval *scheme,
LUTIL_PASSWD_CHK_FUNC *chk,
LUTIL_PASSWD_HASH_FUNC *hash )
{
struct pw_slist *ptr;
ptr = ber_memalloc( sizeof( struct pw_slist ));
if (!ptr) return -1;
ptr->next = pw_schemes;
ptr->s.name = *scheme;
ptr->s.chk_fn = chk;
ptr->s.hash_fn = hash;
pw_schemes = ptr;
return 0;
}
void lutil_passwd_init()
{
struct pw_slist *ptr;
struct pw_scheme *s;
for( s=(struct pw_scheme *)pw_schemes_default; s->name.bv_val; s++) {
if ( lutil_passwd_add( &s->name, s->chk_fn, s->hash_fn )) break;
}
}
void lutil_passwd_destroy()
{
struct pw_slist *ptr, *next;
for( ptr=pw_schemes; ptr; ptr=next ) {
next = ptr->next;
ber_memfree( ptr );
}
}
static const struct pw_scheme *get_scheme(
const char* scheme )
{
int i;
struct pw_slist *pws;
for( i=0; pw_schemes[i].name.bv_val; i++) {
if( pw_schemes[i].name.bv_val == NULL ) continue;
if (!pw_schemes) lutil_passwd_init();
if( strcasecmp(scheme, pw_schemes[i].name.bv_val ) == 0 ) {
return &pw_schemes[i];
for( pws=pw_schemes; pws; pws=pws->next ) {
if( strcasecmp(scheme, pws->s.name.bv_val ) == 0 ) {
return &(pws->s);
}
}
@ -311,9 +288,12 @@ int
lutil_passwd(
const struct berval *passwd, /* stored passwd */
const struct berval *cred, /* user cred */
const char **schemes )
const char **schemes,
const char **text )
{
int i;
struct pw_slist *pws;
if ( text ) *text = NULL;
if (cred == NULL || cred->bv_len == 0 ||
passwd == NULL || passwd->bv_len == 0 )
@ -321,14 +301,16 @@ lutil_passwd(
return -1;
}
for( i=0; pw_schemes[i].name.bv_val != NULL; i++ ) {
if( pw_schemes[i].chk_fn ) {
if (!pw_schemes) lutil_passwd_init();
for( pws=pw_schemes; pws; pws=pws->next ) {
if( pws->s.chk_fn ) {
struct berval x;
struct berval *p = passwd_scheme( &pw_schemes[i],
struct berval *p = passwd_scheme( &(pws->s),
passwd, &x, schemes );
if( p != NULL ) {
return (pw_schemes[i].chk_fn)( &pw_schemes[i], p, cred );
return (pws->s.chk_fn)( &(pws->s.name), p, cred, text );
}
}
}
@ -378,26 +360,28 @@ struct berval * lutil_passwd_generate( ber_len_t len )
struct berval * lutil_passwd_hash(
const struct berval * passwd,
const char * method )
const char * method,
const char **text )
{
const struct pw_scheme *sc = get_scheme( method );
if( text ) *text = NULL;
if( sc == NULL ) return NULL;
if( ! sc->hash_fn ) return NULL;
return (sc->hash_fn)( sc, passwd );
return (sc->hash_fn)( &sc->name, passwd, text );
}
/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT)
static struct berval * pw_string(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval *passwd )
{
struct berval *pw = ber_memalloc( sizeof( struct berval ) );
if( pw == NULL ) return NULL;
pw->bv_len = sc->name.bv_len + passwd->bv_len;
pw->bv_len = sc->bv_len + passwd->bv_len;
pw->bv_val = ber_memalloc( pw->bv_len + 1 );
if( pw->bv_val == NULL ) {
@ -405,8 +389,8 @@ static struct berval * pw_string(
return NULL;
}
AC_MEMCPY( pw->bv_val, sc->name.bv_val, sc->name.bv_len );
AC_MEMCPY( &pw->bv_val[sc->name.bv_len], passwd->bv_val, passwd->bv_len );
AC_MEMCPY( pw->bv_val, sc->bv_val, sc->bv_len );
AC_MEMCPY( &pw->bv_val[sc->bv_len], passwd->bv_val, passwd->bv_len );
pw->bv_val[pw->bv_len] = '\0';
return pw;
@ -414,7 +398,7 @@ static struct berval * pw_string(
#endif /* SLAPD_LMHASH || SLAPD_CRYPT */
static struct berval * pw_string64(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval *hash,
const struct berval *salt )
{
@ -446,7 +430,7 @@ static struct berval * pw_string64(
}
b64len = LUTIL_BASE64_ENCODE_LEN( string.bv_len ) + 1;
b64->bv_len = b64len + sc->name.bv_len;
b64->bv_len = b64len + sc->bv_len;
b64->bv_val = ber_memalloc( b64->bv_len + 1 );
if( b64->bv_val == NULL ) {
@ -455,11 +439,11 @@ static struct berval * pw_string64(
return NULL;
}
AC_MEMCPY(b64->bv_val, sc->name.bv_val, sc->name.bv_len);
AC_MEMCPY(b64->bv_val, sc->bv_val, sc->bv_len);
rc = lutil_b64_ntop(
string.bv_val, string.bv_len,
&b64->bv_val[sc->name.bv_len], b64len );
&b64->bv_val[sc->bv_len], b64len );
if( salt ) ber_memfree( string.bv_val );
@ -469,7 +453,7 @@ static struct berval * pw_string64(
}
/* recompute length */
b64->bv_len = sc->name.bv_len + rc;
b64->bv_len = sc->bv_len + rc;
assert( strlen(b64->bv_val) == b64->bv_len );
return b64;
}
@ -478,9 +462,10 @@ static struct berval * pw_string64(
#ifdef LUTIL_SHA1_BYTES
static int chk_ssha1(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -521,9 +506,10 @@ static int chk_ssha1(
}
static int chk_sha1(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -557,9 +543,10 @@ static int chk_sha1(
#endif
static int chk_smd5(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -601,9 +588,10 @@ static int chk_smd5(
}
static int chk_md5(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -712,9 +700,10 @@ static void lmPasswd_to_key(
}
static int chk_lanman(
const struct pw_scheme *scheme,
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred )
const struct berval *cred,
const char **text )
{
int i;
char UcasePassword[15];
@ -763,9 +752,10 @@ static int chk_lanman(
#ifdef SLAPD_NS_MTA_MD5
static int chk_ns_mta_md5(
const struct pw_scheme *scheme,
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred )
const struct berval *cred,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES], c;
@ -819,9 +809,10 @@ sasl_conn_t *lutil_passwd_sasl_conn = NULL;
#endif
static int chk_sasl(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
unsigned int i;
int rtn;
@ -852,11 +843,10 @@ static int chk_sasl(
if( lutil_passwd_sasl_conn != NULL ) {
int sc;
# if SASL_VERSION_MAJOR < 2
const char *errstr = NULL;
sc = sasl_checkpass( lutil_passwd_sasl_conn,
passwd->bv_val, passwd->bv_len,
cred->bv_val, cred->bv_len,
&errstr );
text );
# else
sc = sasl_checkpass( lutil_passwd_sasl_conn,
passwd->bv_val, passwd->bv_len,
@ -872,9 +862,10 @@ static int chk_sasl(
#ifdef SLAPD_KPASSWD
static int chk_kerberos(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
unsigned int i;
int rtn;
@ -1045,9 +1036,10 @@ static int chk_kerberos(
#ifdef SLAPD_CRYPT
static int chk_crypt(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
char *cr;
unsigned int i;
@ -1088,9 +1080,10 @@ static int chk_crypt(
# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
static int chk_unix(
const struct pw_scheme *sc,
const struct berval *sc,
const struct berval * passwd,
const struct berval * cred )
const struct berval * cred,
const char **text )
{
unsigned int i;
char *pw,*cr;
@ -1164,8 +1157,9 @@ static int chk_unix(
#ifdef LUTIL_SHA1_BYTES
static struct berval *hash_ssha1(
const struct pw_scheme *scheme,
const struct berval *passwd )
const struct berval *scheme,
const struct berval *passwd,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -1193,8 +1187,9 @@ static struct berval *hash_ssha1(
}
static struct berval *hash_sha1(
const struct pw_scheme *scheme,
const struct berval *passwd )
const struct berval *scheme,
const struct berval *passwd,
const char **text )
{
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[LUTIL_SHA1_BYTES];
@ -1212,8 +1207,9 @@ static struct berval *hash_sha1(
#endif
static struct berval *hash_smd5(
const struct pw_scheme *scheme,
const struct berval *passwd )
const struct berval *scheme,
const struct berval *passwd,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -1241,8 +1237,9 @@ static struct berval *hash_smd5(
}
static struct berval *hash_md5(
const struct pw_scheme *scheme,
const struct berval *passwd )
const struct berval *scheme,
const struct berval *passwd,
const char **text )
{
lutil_MD5_CTX MD5context;
unsigned char MD5digest[LUTIL_MD5_BYTES];
@ -1263,8 +1260,9 @@ static struct berval *hash_md5(
#ifdef SLAPD_LMHASH
static struct berval *hash_lanman(
const struct pw_scheme *scheme,
const struct berval *passwd )
const struct berval *scheme,
const struct berval *passwd,
const char **text )
{
int i;
@ -1313,8 +1311,9 @@ static struct berval *hash_lanman(
#ifdef SLAPD_CRYPT
static struct berval *hash_crypt(
const struct pw_scheme *scheme,
const struct berval *passwd )
const struct berval *scheme,
const struct berval *passwd,
const char **text )
{
struct berval hash;
unsigned char salt[32]; /* salt suitable for most anything */
@ -1374,8 +1373,9 @@ int lutil_salt_format(const char *format)
#ifdef SLAPD_CLEARTEXT
static struct berval *hash_clear(
const struct pw_scheme *scheme,
const struct berval *passwd )
const struct berval *scheme,
const struct berval *passwd,
const char **text )
{
return ber_bvdup( (struct berval *) passwd );
}

6
servers/slapd/back-bdb/bind.c
View file

@ -225,11 +225,13 @@ dn2entry_retry:
goto done;
}
if ( slap_passwd_check( conn, a, cred ) != 0 ) {
{ const char *err = NULL;
if ( slap_passwd_check( conn, a, cred, &err ) != 0 ) {
send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
NULL, err, NULL, NULL );
goto done;
}
}
rc = 0;
break;

4
servers/slapd/back-bdb/passwd.c
View file

@ -74,10 +74,10 @@ bdb_exop_passwd(
*rspdata = slap_passwd_return( &new );
}
slap_passwd_hash( &new, &hash );
slap_passwd_hash( &new, &hash, text );
if( hash.bv_len == 0 ) {
*text = "password hash failed";
if ( !*text ) *text = "password hash failed";
rc = LDAP_OTHER;
goto done;
}

6
servers/slapd/back-ldbm/bind.c
View file

@ -186,13 +186,15 @@ ldbm_back_bind(
goto return_results;
}
if ( slap_passwd_check( conn, a, cred ) != 0 ) {
{ const char *err = NULL;
if ( slap_passwd_check( conn, a, cred, &err ) != 0 ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
NULL, err, NULL, NULL );
/* stop front end from sending result */
rc = 1;
goto return_results;
}
}
rc = 0;
break;

4
servers/slapd/back-ldbm/passwd.c
View file

@ -72,10 +72,10 @@ ldbm_back_exop_passwd(
*rspdata = slap_passwd_return( &new );
}
slap_passwd_hash( &new, &hash );
slap_passwd_hash( &new, &hash, text );
if( hash.bv_len == 0 ) {
*text = "password hash failed";
if ( !*text ) *text = "password hash failed";
rc = LDAP_OTHER;
goto done;
}

6
servers/slapd/back-sql/bind.c
View file

@ -105,11 +105,13 @@ backsql_bind(
return 1;
}
if ( slap_passwd_check( conn, a, cred ) != 0 ) {
{ const char *err = NULL;
if ( slap_passwd_check( conn, a, cred, &err ) != 0 ) {
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
NULL, NULL, NULL, NULL );
NULL, err, NULL, NULL );
return 1;
}
}
Debug(LDAP_DEBUG_TRACE,"<==backsql_bind()\n",0,0,0);
return 0;

3
servers/slapd/backend.c
View file

@ -654,6 +654,7 @@ be_isroot_pw( Backend *be,
struct berval *cred )
{
int result;
char *errmsg;
if ( ! be_isroot( be, ndn ) ) {
return 0;
@ -670,7 +671,7 @@ be_isroot_pw( Backend *be,
#endif
#endif
result = lutil_passwd( &be->be_rootpw, cred, NULL );
result = lutil_passwd( &be->be_rootpw, cred, NULL, NULL );
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
#ifdef SLAPD_SPASSWD

10
servers/slapd/daemon.c
View file

@ -2029,19 +2029,11 @@ slap_sig_shutdown( int sig )
* SIGBREAK is generated when a user logs out.
*/
#if 0
#if HAVE_NT_SERVICE_MANAGER && SIGBREAK
if (is_NT_Service && sig == SIGBREAK)
#ifdef NEW_LOGGING
LDAP_LOG( CONNECTION, CRIT,
"slap_sig_shutdown: SIGBREAK ignored.\n", 0, 0, 0 );
#else
Debug(LDAP_DEBUG_TRACE, "slap_sig_shutdown: SIGBREAK ignored.\n",
0, 0, 0);
#endif
;
else
#endif
#endif
#ifdef SIGHUP
if (sig == SIGHUP && global_gentlehup && slapd_gentle_shutdown == 0)
slapd_gentle_shutdown = 1;

3
servers/slapd/main.c
View file

@ -361,6 +361,7 @@ int main( int argc, char **argv )
extops_init();
slap_op_init();
lutil_passwd_init();
#ifdef SLAPD_MODULES
if ( module_init() != 0 ) {
@ -603,6 +604,8 @@ stop:
schema_destroy();
lutil_passwd_destroy();
#ifdef HAVE_TLS
ldap_pvt_tls_destroy();
#endif

10
servers/slapd/passwd.c
View file

@ -271,7 +271,8 @@ int
slap_passwd_check(
Connection *conn,
Attribute *a,
struct berval *cred )
struct berval *cred,
const char **text )
{
int result = 1;
struct berval *bv;
@ -284,7 +285,7 @@ slap_passwd_check(
#endif
for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
if( !lutil_passwd( bv, cred, NULL ) ) {
if( !lutil_passwd( bv, cred, NULL, text ) ) {
result = 0;
break;
}
@ -326,7 +327,8 @@ slap_passwd_generate( struct berval *pass )
void
slap_passwd_hash(
struct berval * cred,
struct berval * new )
struct berval * new,
const char **text )
{
struct berval *tmp;
#ifdef LUTIL_SHA1_BYTES
@ -340,7 +342,7 @@ slap_passwd_hash(
ldap_pvt_thread_mutex_lock( &passwd_mutex );
#endif
tmp = lutil_passwd_hash( cred , hash );
tmp = lutil_passwd_hash( cred , hash, text );
#if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
ldap_pvt_thread_mutex_unlock( &passwd_mutex );

6
servers/slapd/proto-slap.h
View file

@ -745,13 +745,15 @@ LDAP_SLAPD_F (SLAP_EXTOP_MAIN_FN) passwd_extop;
LDAP_SLAPD_F (int) slap_passwd_check(
Connection *conn,
Attribute *attr,
struct berval *cred );
struct berval *cred,
const char **text);
LDAP_SLAPD_F (void) slap_passwd_generate( struct berval * );
LDAP_SLAPD_F (void) slap_passwd_hash(
struct berval *cred,
struct berval *hash );
struct berval *hash,
const char **text);
LDAP_SLAPD_F (struct berval *) slap_passwd_return(
struct berval *cred );

3
servers/slapd/sasl.c
View file

@ -501,6 +501,7 @@ sasl_cb_checkpass(
checkpass_info *ci = tmp->sc_private;
Attribute *a;
struct berval *bv;
const char *text;
ci->rc = SASL_NOVERIFY;
@ -510,7 +511,7 @@ sasl_cb_checkpass(
NULL, ACL_AUTH, NULL ) ) return 0;
for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
if ( !lutil_passwd( bv, &ci->cred, NULL ) ) {
if ( !lutil_passwd( bv, &ci->cred, NULL, &text ) ) {
ci->rc = SASL_OK;
break;
}

11
servers/slapd/tools/slappasswd.c
View file

@ -46,6 +46,7 @@ main( int argc, char *argv[] )
char *scheme = "{SSHA}";
char *newpw = NULL;
char *pwfile = NULL;
const char *text;
int i;
struct berval passwd;
@ -115,15 +116,17 @@ main( int argc, char *argv[] )
passwd.bv_len = strlen(passwd.bv_val);
}
hash = lutil_passwd_hash( &passwd, scheme );
hash = lutil_passwd_hash( &passwd, scheme, &text );
if( hash == NULL || hash->bv_val == NULL ) {
fprintf( stderr, "Password generation failed.\n");
fprintf( stderr, "Password generation failed. %s\n",
text ? text : "" );
return EXIT_FAILURE;
}
if( lutil_passwd( hash, &passwd, NULL ) ) {
fprintf( stderr, "Password verification failed.\n");
if( lutil_passwd( hash, &passwd, NULL, &text ) ) {
fprintf( stderr, "Password verification failed. %s\n",
text ? text : "" );
return EXIT_FAILURE;
}