Change overlapping `strcpy( x, y )' to `SAFEMEMCPY( x, y, strlen( y ) + 1 )'

[openldap] / servers / slapd / back-ldbm / bind.c
diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c

index 8207cb59e9051dfee8d87803f8eef94d04d6df7f..144650686b944c6c77894dcbb3467c609b148c4f 100644 (file)
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -1,45 +1,24 @@
  /* bind.c - ldbm backend bind and unbind routines */
  
+#include "portable.h"
+
  #include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
+
+#include <ac/krb.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
  #include "slap.h"
  #include "back-ldbm.h"
  #include "proto-back-ldbm.h"
-#ifdef KERBEROS
-#ifdef KERBEROS_V
-#include <kerberosIV/krb.h>
-#else
-#include <krb.h>
-#endif /* KERBEROS_V */
-#endif /* KERBEROS */
-
-#ifdef LDAP_CRYPT
-/* change for crypted passwords -- lukeh */
-#ifdef __NeXT__
-extern char *crypt (char *key, char *salt);
-#else
-#include <unistd.h>
-#endif
-#endif /* LDAP_CRYPT */
-
-#ifdef LDAP_SHA1
-#include <lutil_sha1.h>
-#endif /* LDAP_SHA1 */
-#ifdef LDAP_MD5
-#include <lutil_md5.h>
-#endif /* LDAP_MD5 */
  
  #include <lutil.h>
  
-extern Attribute       *attr_find();
-
-#ifdef KERBEROS
+#ifdef HAVE_KERBEROS
  extern int     krbv4_ldap_auth();
  #endif
  
-#ifdef LDAP_CRYPT
  pthread_mutex_t crypt_mutex;
  
  static int
@@ -53,62 +32,19 @@ crypted_value_find(
  {
         int     i;
         for ( i = 0; vals[i] != NULL; i++ ) {
-               if ( syntax != SYNTAX_BIN && strncasecmp( "{CRYPT}",
-                       vals[i]->bv_val, (sizeof("{CRYPT}") - 1 ) ) == 0 ) {
-                               char *userpassword = vals[i]->bv_val + sizeof("{CRYPT}") - 1;
-                               pthread_mutex_lock( &crypt_mutex );
-                               if (strcmp(userpassword, crypt(cred->bv_val,
-                                               userpassword)) == 0) {
-                                       pthread_mutex_unlock( &crypt_mutex );
-                                       return ( 0 );
-                               }
-                               pthread_mutex_unlock( &crypt_mutex );
-#ifdef LDAP_MD5
-               } else if ( syntax != SYNTAX_BIN && strncasecmp( "{MD5}",
-                       vals[i]->bv_val, (sizeof("{MD5}") - 1 ) ) == 0 ) {
-                               MD5_CTX MD5context;
-                               unsigned char MD5digest[20];
-                               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
-
-                               char *userpassword = vals[i]->bv_val + sizeof("{MD5}") - 1;
+               if ( syntax != SYNTAX_BIN ) {
+                       int result;
  
-                               ldap_MD5Init(&MD5context);
-                               ldap_MD5Update(&MD5context, cred->bv_val, strlen(cred->bv_val));
-                               ldap_MD5Final(MD5digest, &MD5context);
+                       pthread_mutex_lock( &crypt_mutex );
  
-                               if (b64_ntop(MD5digest, sizeof(MD5digest),
-                                       base64digest, sizeof(base64digest)) < 0)
-                               {
-                                       return ( 1 );
-                               }
+                       result = lutil_passwd(
+                               (char*) cred->bv_val,
+                               (char*) vals[i]->bv_val);
  
-                               if (strcmp(userpassword, base64digest) == 0) {
-                                       return ( 0 );
-                               }
-#endif /* LDAP_MD5 */
-#ifdef LDAP_SHA1
-               } else if ( syntax != SYNTAX_BIN && strncasecmp( "{SHA}",
-                       vals[i]->bv_val, (sizeof("{SHA}") - 1 ) ) == 0 ) {
-                               SHA1_CTX SHA1context;
-                               unsigned char SHA1digest[20];
-                               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
+                       pthread_mutex_unlock( &crypt_mutex );
  
-                               char *userpassword = vals[i]->bv_val + sizeof("{SHA}") - 1;
+                       return result;
  
-                               ldap_SHA1Init(&SHA1context);
-                               ldap_SHA1Update(&SHA1context, cred->bv_val, strlen(cred->bv_val));
-                               ldap_SHA1Final(SHA1digest, &SHA1context);
-
-                               if (b64_ntop(SHA1digest, sizeof(SHA1digest),
-                                       base64digest, sizeof(base64digest)) < 0)
-                               {
-                                       return ( 1 );
-                               }
-
-                               if (strcmp(userpassword, base64digest) == 0) {
-                                       return ( 0 );
-                               }
-#endif /* LDAP_SHA1 */
                 } else {
                  if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
                          return( 0 );
@@ -118,7 +54,6 @@ crypted_value_find(
  
         return( 1 );
  }
-#endif /* LDAP_CRYPT */
  
  int
  ldbm_back_bind(
@@ -134,8 +69,8 @@ ldbm_back_bind(
         Entry           *e;
         Attribute       *a;
         int             rc;
-       char            *matched = NULL;
-#ifdef KERBEROS
+       char            *matched;
+#ifdef HAVE_KERBEROS
         char            krbname[MAX_K_NAME_SZ + 1];
         AUTH_DAT        ad;
  #endif
@@ -193,7 +128,7 @@ ldbm_back_bind(
                         goto return_results;
                 }
  
-#ifdef LDAP_CRYPT
+#ifdef SLAPD_CRYPT
                 if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
  #else
                 if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
@@ -212,7 +147,7 @@ ldbm_back_bind(
                 rc = 0;
                 break;
  
-#ifdef KERBEROS
+#ifdef HAVE_KERBEROS
         case LDAP_AUTH_KRBV41:
                 if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
                         send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
@@ -247,6 +182,7 @@ ldbm_back_bind(
                                 goto return_results;
                         }
                 }
+               rc = 0;
                 break;
  
         case LDAP_AUTH_KRBV42: