/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#ifdef SLAPD_CRYPT
# include <ac/crypt.h>
-# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
# ifdef HAVE_SHADOW_H
# include <shadow.h>
# endif
lutil_cryptfunc *lutil_cryptptr = lutil_crypt;
#endif
+/* KLUDGE:
+ * chk_fn is NULL iff name is {CLEARTEXT}
+ * otherwise, things will break
+ */
struct pw_scheme {
struct berval name;
LUTIL_PASSWD_CHK_FUNC *chk_fn;
static LUTIL_PASSWD_CHK_FUNC chk_crypt;
static LUTIL_PASSWD_HASH_FUNC hash_crypt;
-#if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+#if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
static LUTIL_PASSWD_CHK_FUNC chk_unix;
#endif
#endif
#ifdef SLAPD_CRYPT
{ BER_BVC("{CRYPT}"), chk_crypt, hash_crypt },
-# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
{ BER_BVC("{UNIX}"), chk_unix, NULL },
# endif
#endif
#ifdef SLAPD_CLEARTEXT
/* pseudo scheme */
- { {0, "{CLEARTEXT}"}, NULL, hash_clear },
+ { BER_BVC("{CLEARTEXT}"), NULL, hash_clear },
#endif
{ BER_BVNULL, NULL, NULL }
bv.bv_val = (char *) scheme;
for( pws=pw_schemes; pws; pws=pws->next ) {
- if( bv.bv_len != pws->s.name.bv_len )
- continue;
- if( strncasecmp(bv.bv_val, pws->s.name.bv_val, bv.bv_len ) == 0 ) {
+ if ( ber_bvstrcasecmp(&bv, &pws->s.name ) == 0 ) {
return &(pws->s);
}
}
}
#ifdef SLAPD_CLEARTEXT
+ /* Do we think there is a scheme specifier here that we
+ * didn't recognize? Assume a scheme name is at least 1 character.
+ */
+ if (( passwd->bv_val[0] == '{' ) &&
+ ( ber_bvchr( passwd, '}' ) > passwd->bv_val+1 ))
+ {
+ return 1;
+ }
if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
- return (( passwd->bv_len == cred->bv_len ) &&
- ( passwd->bv_val[0] != '{' /*'}'*/ ))
- ? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
+ return ( passwd->bv_len == cred->bv_len ) ?
+ memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
: 1;
}
#endif
return lutil_cryptptr( cred->bv_val, passwd->bv_val, NULL );
}
-# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
static int chk_unix(
const struct berval *sc,
const struct berval * passwd,