X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Fliblutil%2Fpasswd.c;h=2ccad563b2047984233644c87cd6821118eb1b29;hb=10595e7e5877b224077ae388913f96dbf26e9138;hp=4d12404e66db9992d27f8a14a3626655deffc8cb;hpb=2340954bd05632c32983513c5ee13f81e50ea970;p=openldap

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 4d12404e66..2ccad563b2 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -42,7 +42,7 @@
 #ifdef SLAPD_CRYPT
 # include <ac/crypt.h>
 
-# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
 #  ifdef HAVE_SHADOW_H
 #	include <shadow.h>
 #  endif
@@ -73,6 +73,10 @@ static lutil_cryptfunc lutil_crypt;
 lutil_cryptfunc *lutil_cryptptr = lutil_crypt;
 #endif
 
+/* KLUDGE:
+ *  chk_fn is NULL iff name is {CLEARTEXT}
+ *	otherwise, things will break
+ */
 struct pw_scheme {
 	struct berval name;
 	LUTIL_PASSWD_CHK_FUNC *chk_fn;
@@ -110,7 +114,7 @@ static LUTIL_PASSWD_HASH_FUNC hash_lanman;
 static LUTIL_PASSWD_CHK_FUNC chk_crypt;
 static LUTIL_PASSWD_HASH_FUNC hash_crypt;
 
-#if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+#if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
 static LUTIL_PASSWD_CHK_FUNC chk_unix;
 #endif
 #endif
@@ -140,14 +144,14 @@ static const struct pw_scheme pw_schemes_default[] =
 
 #ifdef SLAPD_CRYPT
 	{ BER_BVC("{CRYPT}"),		chk_crypt, hash_crypt },
-# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
 	{ BER_BVC("{UNIX}"),		chk_unix, NULL },
 # endif
 #endif
 
 #ifdef SLAPD_CLEARTEXT
 	/* pseudo scheme */
-	{ {0, "{CLEARTEXT}"},		NULL, hash_clear },
+	{ BER_BVC("{CLEARTEXT}"),	NULL, hash_clear },
 #endif
 
 	{ BER_BVNULL, NULL, NULL }
@@ -209,9 +213,7 @@ static const struct pw_scheme *get_scheme(
 	bv.bv_val = (char *) scheme;
 
 	for( pws=pw_schemes; pws; pws=pws->next ) {
-		if( bv.bv_len != pws->s.name.bv_len )
-			continue;
-		if( strncasecmp(bv.bv_val, pws->s.name.bv_val, bv.bv_len ) == 0 ) {
+		if ( ber_bvstrcasecmp(&bv, &pws->s.name ) == 0 ) {
 			return &(pws->s);
 		}
 	}
@@ -303,10 +305,17 @@ lutil_passwd(
 	}
 
 #ifdef SLAPD_CLEARTEXT
+	/* Do we think there is a scheme specifier here that we
+	 * didn't recognize? Assume a scheme name is at least 1 character.
+	 */
+	if (( passwd->bv_val[0] == '{' ) &&
+		( ber_bvchr( passwd, '}' ) > passwd->bv_val+1 ))
+	{
+		return 1;
+	}
 	if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
-		return (( passwd->bv_len == cred->bv_len ) &&
-				( passwd->bv_val[0] != '{' /*'}'*/ ))
-			? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
+		return ( passwd->bv_len == cred->bv_len ) ?
+			memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
 			: 1;
 	}
 #endif
@@ -810,7 +819,7 @@ static int chk_crypt(
 	return lutil_cryptptr( cred->bv_val, passwd->bv_val, NULL );
 }
 
-# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
 static int chk_unix(
 	const struct berval *sc,
 	const struct berval * passwd,