X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Fliblutil%2Fpasswd.c;h=739c833bc6db2fa7883084f7e1b2afa8415556b3;hb=6456e5f5593c09bf6a446e82e690181beed3d077;hp=0e18a098c83229086ea12057978af89147357b4e;hpb=34fe70cc718a61019ee78f39b6e972e69ba4d916;p=openldap diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c index 0e18a098c8..739c833bc6 100644 --- a/libraries/liblutil/passwd.c +++ b/libraries/liblutil/passwd.c @@ -1,13 +1,16 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* - * lutil_password(credentials, password) + * int lutil_passwd( + * const struct berval *passwd, + * const struct berval *cred, + * const char **schemes ) * - * Returns true if user supplied credentials matches - * the stored password. + * Returns true if user supplied credentials (cred) matches + * the stored password (passwd). * * Due to the use of the crypt(3) function * this routine is NOT thread-safe. @@ -18,6 +21,15 @@ #include #include #include +#include + +#ifdef SLAPD_LMHASH +# include +#endif /* SLAPD_LMHASH */ + +#ifdef SLAPD_SPASSWD +# include +#endif #ifdef SLAPD_KPASSWD # include @@ -26,18 +38,26 @@ #include -#include -#include +#ifdef SLAPD_CRYPT +# include -#ifdef HAVE_SHADOW_H +# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) +# ifdef HAVE_SHADOW_H # include -#endif -#ifdef HAVE_PWD_H +# endif +# ifdef HAVE_PWD_H # include +# endif +# ifdef HAVE_AIX_SECURITY +# include +# endif +# endif #endif #include +#include "ldap_pvt.h" + #include "lutil_md5.h" #include "lutil_sha1.h" #include "lutil.h" @@ -45,6 +65,10 @@ static const unsigned char crypt64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./"; +#ifdef SLAPD_CRYPT +static char *salt_format = NULL; +#endif + struct pw_scheme; typedef int (*PASSWD_CHK_FUNC)( @@ -73,6 +97,7 @@ static int chk_smd5( const struct berval *passwd, const struct berval *cred ); +#ifdef LUTIL_SHA1_BYTES static int chk_ssha1( const struct pw_scheme *scheme, const struct berval *passwd, @@ -82,23 +107,45 @@ static int chk_sha1( const struct pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); +#endif + +#ifdef SLAPD_LMHASH +static int chk_lanman( + const struct pw_scheme *scheme, + const struct berval *passwd, + const struct berval *cred ); +#endif + +#ifdef SLAPD_SPASSWD +static int chk_sasl( + const struct pw_scheme *scheme, + const struct berval *passwd, + const struct berval *cred ); +#endif +#ifdef SLAPD_KPASSWD static int chk_kerberos( const struct pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); +#endif +#ifdef SLAPD_CRYPT static int chk_crypt( const struct pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); +#if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) static int chk_unix( const struct pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); +#endif +#endif +#ifdef LUTIL_SHA1_BYTES /* password hash routines */ static struct berval *hash_sha1( const struct pw_scheme *scheme, @@ -107,6 +154,7 @@ static struct berval *hash_sha1( static struct berval *hash_ssha1( const struct pw_scheme *scheme, const struct berval *passwd ); +#endif static struct berval *hash_smd5( const struct pw_scheme *scheme, @@ -116,29 +164,46 @@ static struct berval *hash_md5( const struct pw_scheme *scheme, const struct berval *passwd ); +#ifdef SLAPD_LMHASH +static struct berval *hash_lanman( + const struct pw_scheme *scheme, + const struct berval *passwd ); +#endif + +#ifdef SLAPD_CRYPT static struct berval *hash_crypt( const struct pw_scheme *scheme, const struct berval *passwd ); +#endif static const struct pw_scheme pw_schemes[] = { +#ifdef LUTIL_SHA1_BYTES { {sizeof("{SSHA}")-1, "{SSHA}"}, chk_ssha1, hash_ssha1 }, { {sizeof("{SHA}")-1, "{SHA}"}, chk_sha1, hash_sha1 }, +#endif { {sizeof("{SMD5}")-1, "{SMD5}"}, chk_smd5, hash_smd5 }, { {sizeof("{MD5}")-1, "{MD5}"}, chk_md5, hash_md5 }, +#ifdef SLAPD_LMHASH + { {sizeof("{LANMAN}")-1, "{LANMAN}"}, chk_lanman, hash_lanman }, +#endif /* SLAPD_LMHASH */ + +#ifdef SLAPD_SPASSWD + { {sizeof("{SASL}")-1, "{SASL}"}, chk_sasl, NULL }, +#endif + #ifdef SLAPD_KPASSWD { {sizeof("{KERBEROS}")-1, "{KERBEROS}"}, chk_kerberos, NULL }, #endif #ifdef SLAPD_CRYPT { {sizeof("{CRYPT}")-1, "{CRYPT}"}, chk_crypt, hash_crypt }, -#endif -# if defined( HAVE_GETSPNAM ) \ - || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) ) +# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) { {sizeof("{UNIX}")-1, "{UNIX}"}, chk_unix, NULL }, +# endif #endif #ifdef SLAPD_CLEARTEXT @@ -260,10 +325,8 @@ lutil_passwd( ? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len ) : 1; } -#else - return 1; #endif - + return 1; } struct berval * lutil_passwd_generate( ber_len_t len ) @@ -310,6 +373,8 @@ struct berval * lutil_passwd_hash( return (sc->hash_fn)( sc, passwd ); } +/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */ +#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT) static struct berval * pw_string( const struct pw_scheme *sc, const struct berval *passwd ) @@ -325,12 +390,13 @@ static struct berval * pw_string( return NULL; } - memcpy( pw->bv_val, sc->name.bv_val, sc->name.bv_len ); - memcpy( &pw->bv_val[sc->name.bv_len], passwd->bv_val, passwd->bv_len ); + AC_MEMCPY( pw->bv_val, sc->name.bv_val, sc->name.bv_len ); + AC_MEMCPY( &pw->bv_val[sc->name.bv_len], passwd->bv_val, passwd->bv_len ); pw->bv_val[pw->bv_len] = '\0'; return pw; } +#endif /* SLAPD_LMHASH || SLAPD_CRYPT */ static struct berval * pw_string64( const struct pw_scheme *sc, @@ -354,9 +420,9 @@ static struct berval * pw_string64( return NULL; } - memcpy( string.bv_val, hash->bv_val, + AC_MEMCPY( string.bv_val, hash->bv_val, hash->bv_len ); - memcpy( &string.bv_val[hash->bv_len], salt->bv_val, + AC_MEMCPY( &string.bv_val[hash->bv_len], salt->bv_val, salt->bv_len ); string.bv_val[string.bv_len] = '\0'; @@ -374,26 +440,28 @@ static struct berval * pw_string64( return NULL; } - memcpy(b64->bv_val, sc->name.bv_val, sc->name.bv_len); + AC_MEMCPY(b64->bv_val, sc->name.bv_val, sc->name.bv_len); rc = lutil_b64_ntop( string.bv_val, string.bv_len, &b64->bv_val[sc->name.bv_len], b64len ); - b64->bv_val[b64->bv_len] = '\0'; - if( salt ) ber_memfree( string.bv_val ); - + if( rc < 0 ) { ber_bvfree( b64 ); return NULL; } + /* recompute length */ + b64->bv_len = sc->name.bv_len + rc; + assert( strlen(b64->bv_val) == b64->bv_len ); return b64; } /* PASSWORD CHECK ROUTINES */ +#ifdef LUTIL_SHA1_BYTES static int chk_ssha1( const struct pw_scheme *sc, const struct berval * passwd, @@ -404,7 +472,7 @@ static int chk_ssha1( int rc; unsigned char *orig_pass = NULL; - /* base64 un-encode password */ + /* decode base64 password */ orig_pass = (unsigned char *) ber_memalloc( (size_t) ( LUTIL_BASE64_DECODE_LEN(passwd->bv_len) + 1) ); @@ -414,7 +482,7 @@ static int chk_ssha1( if(rc < 0) { ber_memfree(orig_pass); - return 1; + return -1; } /* hash credentials with salt */ @@ -429,7 +497,7 @@ static int chk_ssha1( /* compare */ rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest)); ber_memfree(orig_pass); - return rc; + return rc ? 1 : 0; } static int chk_sha1( @@ -452,7 +520,7 @@ static int chk_sha1( if( rc != sizeof(SHA1digest) ) { ber_memfree(orig_pass); - return 1; + return -1; } /* hash credentials with salt */ @@ -464,8 +532,9 @@ static int chk_sha1( /* compare */ rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest)); ber_memfree(orig_pass); - return rc; + return rc ? 1 : 0; } +#endif static int chk_smd5( const struct pw_scheme *sc, @@ -486,22 +555,23 @@ static int chk_smd5( rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len); if ( rc < 0 ) { ber_memfree(orig_pass); - return 1; + return -1; } /* hash credentials with salt */ lutil_MD5Init(&MD5context); lutil_MD5Update(&MD5context, - (const unsigned char *) cred->bv_val, cred->bv_len ); + (const unsigned char *) cred->bv_val, + cred->bv_len ); lutil_MD5Update(&MD5context, - (const unsigned char *) &orig_pass[sizeof(MD5digest)], + &orig_pass[sizeof(MD5digest)], rc - sizeof(MD5digest)); lutil_MD5Final(MD5digest, &MD5context); /* compare */ rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest)); ber_memfree(orig_pass); - return rc; + return rc ? 1 : 0; } static int chk_md5( @@ -523,21 +593,88 @@ static int chk_md5( rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len); if ( rc != sizeof(MD5digest) ) { ber_memfree(orig_pass); - return 1; + return -1; } /* hash credentials with salt */ lutil_MD5Init(&MD5context); lutil_MD5Update(&MD5context, - (const unsigned char *) cred->bv_val, cred->bv_len ); + (const unsigned char *) cred->bv_val, + cred->bv_len ); lutil_MD5Final(MD5digest, &MD5context); /* compare */ rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest)); ber_memfree(orig_pass); - return rc; + return rc ? 1 : 0; } +#ifdef SLAPD_LMHASH +static int chk_lanman( + const struct pw_scheme *scheme, + const struct berval *passwd, + const struct berval *cred ) +{ + struct berval *hash; + + hash = hash_lanman( scheme, cred ); + return memcmp( &hash->bv_val[scheme->name.bv_len], passwd->bv_val, 32); +} +#endif /* SLAPD_LMHASH */ + +#ifdef SLAPD_SPASSWD +#ifdef HAVE_CYRUS_SASL +sasl_conn_t *lutil_passwd_sasl_conn = NULL; +#endif + +static int chk_sasl( + const struct pw_scheme *sc, + const struct berval * passwd, + const struct berval * cred ) +{ + int i; + int rtn; + + for( i=0; ibv_len; i++) { + if(cred->bv_val[i] == '\0') { + return 1; /* NUL character in password */ + } + } + + if( cred->bv_val[i] != '\0' ) { + return 1; /* cred must behave like a string */ + } + + for( i=0; ibv_len; i++) { + if(passwd->bv_val[i] == '\0') { + return 1; /* NUL character in password */ + } + } + + if( passwd->bv_val[i] != '\0' ) { + return 1; /* passwd must behave like a string */ + } + + rtn = 1; + +#ifdef HAVE_CYRUS_SASL + if( lutil_passwd_sasl_conn != NULL ) { + const char *errstr = NULL; + int sc; + + sc = sasl_checkpass( lutil_passwd_sasl_conn, + passwd->bv_val, passwd->bv_len, + cred->bv_val, cred->bv_len, + &errstr ); + + rtn = ( sc != SASL_OK ); + } +#endif + + return rtn; +} +#endif + #ifdef SLAPD_KPASSWD static int chk_kerberos( const struct pw_scheme *sc, @@ -646,9 +783,9 @@ static int chk_kerberos( } { - char host[MAXHOSTNAMELEN]; + char *host = ldap_pvt_get_fqdn( NULL ); - if( gethostname( host, MAXHOSTNAMELEN ) != 0 ) { + if( host == NULL ) { krb5_free_principal( context, client ); krb5_free_context( context ); return 1; @@ -656,6 +793,8 @@ static int chk_kerberos( ret = krb5_sname_to_principal( context, host, "ldap", KRB5_NT_SRV_HST, &server ); + + ber_memfree( host ); } if (ret) { @@ -669,7 +808,7 @@ static int chk_kerberos( krb5_free_principal( context, client ); krb5_free_principal( context, server ); - krb5_free_creds_contents( context, &creds ); + krb5_free_cred_contents( context, &creds ); krb5_free_context( context ); rtn = !!ret; @@ -715,6 +854,7 @@ static int chk_crypt( const struct berval * passwd, const struct berval * cred ) { + char *cr; int i; for( i=0; ibv_len; i++) { @@ -724,83 +864,110 @@ static int chk_crypt( } if( cred->bv_val[i] != '\0' ) { - return 1; /* cred must behave like a string */ + return -1; /* cred must behave like a string */ + } + + if( passwd->bv_len < 2 ) { + return -1; /* passwd must be at least two characters long */ } for( i=0; ibv_len; i++) { if(passwd->bv_val[i] == '\0') { - return 1; /* NUL character in password */ + return -1; /* NUL character in password */ } } if( passwd->bv_val[i] != '\0' ) { - return 1; /* passwd must behave like a string */ + return -1; /* passwd must behave like a string */ } - return strcmp(passwd->bv_val, crypt(cred->bv_val, passwd->bv_val)); + cr = crypt( cred->bv_val, passwd->bv_val ); + + if( cr == NULL || cr[0] == '\0' ) { + /* salt must have been invalid */ + return -1; + } + + return strcmp( passwd->bv_val, cr ) ? 1 : 0; } -# if defined( HAVE_GETSPNAM ) \ - || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) ) +# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) static int chk_unix( const struct pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { int i; - char *pw; + char *pw,*cr; for( i=0; ibv_len; i++) { if(cred->bv_val[i] == '\0') { - return 1; /* NUL character in password */ + return -1; /* NUL character in password */ } } if( cred->bv_val[i] != '\0' ) { - return 1; /* cred must behave like a string */ + return -1; /* cred must behave like a string */ } for( i=0; ibv_len; i++) { if(passwd->bv_val[i] == '\0') { - return 1; /* NUL character in password */ + return -1; /* NUL character in password */ } } if( passwd->bv_val[i] != '\0' ) { - return 1; /* passwd must behave like a string */ + return -1; /* passwd must behave like a string */ } -# ifdef HAVE_GETSPNAM { - struct spwd *spwd = getspnam(passwd->bv_val); + struct passwd *pwd = getpwnam(passwd->bv_val); - if(spwd == NULL) { - return 1; /* not found */ + if(pwd == NULL) { + return -1; /* not found */ } - pw = spwd->sp_pwdp; + pw = pwd->pw_passwd; } - -# else +# ifdef HAVE_GETSPNAM { - struct passwd *pwd = getpwnam(passwd->bv_val); + struct spwd *spwd = getspnam(passwd->bv_val); - if(pwd == NULL) { - return 1; /* not found */ + if(spwd != NULL) { + pw = spwd->sp_pwdp; } + } +# endif +# ifdef HAVE_AIX_SECURITY + { + struct userpw *upw = getuserpw(passwd->bv_val); - pw = pwd->pw_passwd; + if (upw != NULL) { + pw = upw->upw_passwd; + } } # endif - if( pw == NULL || *pw == '\0' ) return 1; + if( pw == NULL || pw[0] == '\0' || pw[1] == '\0' ) { + /* password must must be at least two characters long */ + return -1; + } - return strcmp(pw, crypt(cred->bv_val, pw)); + cr = crypt(cred->bv_val, pw); + + if( cr == NULL || cr[0] == '\0' ) { + /* salt must have been invalid */ + return -1; + } + + return strcmp(pw, cr) ? 1 : 0; } # endif #endif -/* PASSWORD CHECK ROUTINES */ +/* PASSWORD GENERATION ROUTINES */ + +#ifdef LUTIL_SHA1_BYTES static struct berval *hash_ssha1( const struct pw_scheme *scheme, const struct berval *passwd ) @@ -835,7 +1002,7 @@ static struct berval *hash_sha1( const struct berval *passwd ) { lutil_SHA1_CTX SHA1context; - unsigned char SHA1digest[20]; + unsigned char SHA1digest[LUTIL_SHA1_BYTES]; struct berval digest; digest.bv_val = SHA1digest; digest.bv_len = sizeof(SHA1digest); @@ -847,13 +1014,14 @@ static struct berval *hash_sha1( return pw_string64( scheme, &digest, NULL); } +#endif static struct berval *hash_smd5( const struct pw_scheme *scheme, const struct berval *passwd ) { lutil_MD5_CTX MD5context; - unsigned char MD5digest[16]; + unsigned char MD5digest[LUTIL_MD5_BYTES]; unsigned char saltdata[4]; struct berval digest; struct berval salt; @@ -882,7 +1050,7 @@ static struct berval *hash_md5( const struct berval *passwd ) { lutil_MD5_CTX MD5context; - unsigned char MD5digest[16]; + unsigned char MD5digest[LUTIL_MD5_BYTES]; struct berval digest; @@ -898,13 +1066,136 @@ static struct berval *hash_md5( ; } +#ifdef SLAPD_LMHASH +/* pseudocode from RFC2433 + * A.2 LmPasswordHash() + * + * LmPasswordHash( + * IN 0-to-14-oem-char Password, + * OUT 16-octet PasswordHash ) + * { + * Set UcasePassword to the uppercased Password + * Zero pad UcasePassword to 14 characters + * + * DesHash( 1st 7-octets of UcasePassword, + * giving 1st 8-octets of PasswordHash ) + * + * DesHash( 2nd 7-octets of UcasePassword, + * giving 2nd 8-octets of PasswordHash ) + * } + * + * + * A.3 DesHash() + * + * DesHash( + * IN 7-octet Clear, + * OUT 8-octet Cypher ) + * { + * * + * * Make Cypher an irreversibly encrypted form of Clear by + * * encrypting known text using Clear as the secret key. + * * The known text consists of the string + * * + * * KGS!@#$% + * * + * + * Set StdText to "KGS!@#$%" + * DesEncrypt( StdText, Clear, giving Cypher ) + * } + * + * + * A.4 DesEncrypt() + * + * DesEncrypt( + * IN 8-octet Clear, + * IN 7-octet Key, + * OUT 8-octet Cypher ) + * { + * * + * * Use the DES encryption algorithm [4] in ECB mode [9] + * * to encrypt Clear into Cypher such that Cypher can + * * only be decrypted back to Clear by providing Key. + * * Note that the DES algorithm takes as input a 64-bit + * * stream where the 8th, 16th, 24th, etc. bits are + * * parity bits ignored by the encrypting algorithm. + * * Unless you write your own DES to accept 56-bit input + * * without parity, you will need to insert the parity bits + * * yourself. + * * + * } + */ + +static void lmPasswd_to_key( + const unsigned char *lmPasswd, + des_cblock *key) +{ + /* make room for parity bits */ + ((char *)key)[0] = lmPasswd[0]; + ((char *)key)[1] = ((lmPasswd[0]&0x01)<<7) | (lmPasswd[1]>>1); + ((char *)key)[2] = ((lmPasswd[1]&0x03)<<6) | (lmPasswd[2]>>2); + ((char *)key)[3] = ((lmPasswd[2]&0x07)<<5) | (lmPasswd[3]>>3); + ((char *)key)[4] = ((lmPasswd[3]&0x0F)<<4) | (lmPasswd[4]>>4); + ((char *)key)[5] = ((lmPasswd[4]&0x1F)<<3) | (lmPasswd[5]>>5); + ((char *)key)[6] = ((lmPasswd[5]&0x3F)<<2) | (lmPasswd[6]>>6); + ((char *)key)[7] = ((lmPasswd[6]&0x7F)<<1); + + des_set_odd_parity( key ); +} + +static struct berval *hash_lanman( + const struct pw_scheme *scheme, + const struct berval *passwd ) +{ + + int i; + char UcasePassword[15]; + des_cblock key; + des_key_schedule schedule; + des_cblock StdText = "KGS!@#$%"; + des_cblock hash1, hash2; + char lmhash[33]; + struct berval hash; + + for( i=0; ibv_len; i++) { + if(passwd->bv_val[i] == '\0') { + return NULL; /* NUL character in password */ + } + } + + if( passwd->bv_val[i] != '\0' ) { + return NULL; /* passwd must behave like a string */ + } + + strncpy( UcasePassword, passwd->bv_val, 14 ); + UcasePassword[14] = '\0'; + ldap_pvt_str2upper( UcasePassword ); + + lmPasswd_to_key( UcasePassword, &key ); + des_set_key_unchecked( &key, schedule ); + des_ecb_encrypt( &StdText, &hash1, schedule , DES_ENCRYPT ); + + lmPasswd_to_key( &UcasePassword[7], &key ); + des_set_key_unchecked( &key, schedule ); + des_ecb_encrypt( &StdText, &hash2, schedule , DES_ENCRYPT ); + + sprintf( lmhash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + hash1[0],hash1[1],hash1[2],hash1[3],hash1[4],hash1[5],hash1[6],hash1[7], + hash2[0],hash2[1],hash2[2],hash2[3],hash2[4],hash2[5],hash2[6],hash2[7] ); + + hash.bv_val = lmhash; + hash.bv_len = 32; + + return pw_string( scheme, &hash ); +} +#endif /* SLAPD_LMHASH */ + #ifdef SLAPD_CRYPT static struct berval *hash_crypt( const struct pw_scheme *scheme, const struct berval *passwd ) { struct berval hash; - unsigned char salt[3]; + unsigned char salt[32]; /* salt suitable for most anything */ int i; for( i=0; ibv_len; i++) { @@ -917,19 +1208,44 @@ static struct berval *hash_crypt( return NULL; /* passwd must behave like a string */ } - if( lutil_entropy( salt, sizeof(salt)) < 0 ) { + if( lutil_entropy( salt, sizeof( salt ) ) < 0 ) { return NULL; } - salt[0] = crypt64[ salt[0] % (sizeof(crypt64)-1) ]; - salt[1] = crypt64[ salt[1] % (sizeof(crypt64)-1) ]; - salt[2] = '\0'; + for( i=0; i< ( sizeof(salt) - 1 ); i++ ) { + salt[i] = crypt64[ salt[i] % (sizeof(crypt64)-1) ]; + } + salt[sizeof( salt ) - 1 ] = '\0'; + + if( salt_format != NULL ) { + /* copy the salt we made into entropy before snprintfing + it back into the salt */ + char entropy[sizeof(salt)]; + strcpy( entropy, salt ); + snprintf( salt, sizeof(entropy), salt_format, entropy ); + } hash.bv_val = crypt( passwd->bv_val, salt ); if( hash.bv_val == NULL ) return NULL; + hash.bv_len = strlen( hash.bv_val ); + if( hash.bv_len == 0 ) { + return NULL; + } + return pw_string( scheme, &hash ); } #endif + +int lutil_salt_format(const char *format) +{ +#ifdef SLAPD_CRYPT + free( salt_format ); + + salt_format = format != NULL ? strdup( format ) : NULL; +#endif + + return 0; +}