X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Fliblutil%2Fpasswd.c;h=739c833bc6db2fa7883084f7e1b2afa8415556b3;hb=6456e5f5593c09bf6a446e82e690181beed3d077;hp=2c6546421bd8962c759ccc506cc94e7628486f0b;hpb=36880023b63b54b6f021bca95c3da419129ffa93;p=openldap

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 2c6546421b..739c833bc6 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -39,17 +39,19 @@
 #include <ac/param.h>
 
 #ifdef SLAPD_CRYPT
-#include <ac/crypt.h>
-#endif
+# include <ac/crypt.h>
 
-#ifdef HAVE_SHADOW_H
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+#  ifdef HAVE_SHADOW_H
 #	include <shadow.h>
-#endif
-#ifdef HAVE_PWD_H
+#  endif
+#  ifdef HAVE_PWD_H
 #	include <pwd.h>
-#endif
-#ifdef HAVE_AIX_SECURITY
+#  endif
+#  ifdef HAVE_AIX_SECURITY
 #	include <userpw.h>
+#  endif
+# endif
 #endif
 
 #include <lber.h>
@@ -63,6 +65,10 @@
 static const unsigned char crypt64[] =
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./";
 
+#ifdef SLAPD_CRYPT
+static char *salt_format = NULL;
+#endif
+
 struct pw_scheme;
 
 typedef int (*PASSWD_CHK_FUNC)(
@@ -91,6 +97,7 @@ static int chk_smd5(
 	const struct berval *passwd,
 	const struct berval *cred );
 
+#ifdef LUTIL_SHA1_BYTES
 static int chk_ssha1(
 	const struct pw_scheme *scheme,
 	const struct berval *passwd,
@@ -100,6 +107,7 @@ static int chk_sha1(
 	const struct pw_scheme *scheme,
 	const struct berval *passwd,
 	const struct berval *cred );
+#endif
 
 #ifdef SLAPD_LMHASH
 static int chk_lanman(
@@ -137,6 +145,7 @@ static int chk_unix(
 #endif
 
 
+#ifdef LUTIL_SHA1_BYTES
 /* password hash routines */
 static struct berval *hash_sha1(
 	const struct pw_scheme *scheme,
@@ -145,6 +154,7 @@ static struct berval *hash_sha1(
 static struct berval *hash_ssha1(
 	const struct pw_scheme *scheme,
 	const struct berval *passwd );
+#endif
 
 static struct berval *hash_smd5(
 	const struct pw_scheme *scheme,
@@ -169,8 +179,10 @@ static struct berval *hash_crypt(
 
 static const struct pw_scheme pw_schemes[] =
 {
+#ifdef LUTIL_SHA1_BYTES
 	{ {sizeof("{SSHA}")-1, "{SSHA}"},	chk_ssha1, hash_ssha1 },
 	{ {sizeof("{SHA}")-1, "{SHA}"},		chk_sha1, hash_sha1 },
+#endif
 
 	{ {sizeof("{SMD5}")-1, "{SMD5}"},	chk_smd5, hash_smd5 },
 	{ {sizeof("{MD5}")-1, "{MD5}"},		chk_md5, hash_md5 },
@@ -361,6 +373,8 @@ struct berval * lutil_passwd_hash(
 	return (sc->hash_fn)( sc, passwd );
 }
 
+/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
+#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT)
 static struct berval * pw_string(
 	const struct pw_scheme *sc,
 	const struct berval *passwd )
@@ -382,6 +396,7 @@ static struct berval * pw_string(
 	pw->bv_val[pw->bv_len] = '\0';
 	return pw;
 }
+#endif /* SLAPD_LMHASH || SLAPD_CRYPT */
 
 static struct berval * pw_string64(
 	const struct pw_scheme *sc,
@@ -446,6 +461,7 @@ static struct berval * pw_string64(
 
 /* PASSWORD CHECK ROUTINES */
 
+#ifdef LUTIL_SHA1_BYTES
 static int chk_ssha1(
 	const struct pw_scheme *sc,
 	const struct berval * passwd,
@@ -518,6 +534,7 @@ static int chk_sha1(
 	ber_memfree(orig_pass);
 	return rc ? 1 : 0;
 }
+#endif
 
 static int chk_smd5(
 	const struct pw_scheme *sc,
@@ -950,6 +967,7 @@ static int chk_unix(
 
 /* PASSWORD GENERATION ROUTINES */
 
+#ifdef LUTIL_SHA1_BYTES
 static struct berval *hash_ssha1(
 	const struct pw_scheme *scheme,
 	const struct berval  *passwd )
@@ -996,6 +1014,7 @@ static struct berval *hash_sha1(
             
 	return pw_string64( scheme, &digest, NULL);
 }
+#endif
 
 static struct berval *hash_smd5(
 	const struct pw_scheme *scheme,
@@ -1176,7 +1195,7 @@ static struct berval *hash_crypt(
 	const struct berval *passwd )
 {
 	struct berval hash;
-	unsigned char salt[9];	/* salt suitable for anything */
+	unsigned char salt[32];	/* salt suitable for most anything */
 	int i;
 
 	for( i=0; i<passwd->bv_len; i++) {
@@ -1189,14 +1208,22 @@ static struct berval *hash_crypt(
 		return NULL;	/* passwd must behave like a string */
 	}
 
-	if( lutil_entropy( salt, 8) < 0 ) {
+	if( lutil_entropy( salt, sizeof( salt ) ) < 0 ) {
 		return NULL; 
 	}
 
-	for( i=0; i<8; i++ ) {
+	for( i=0; i< ( sizeof(salt) - 1 ); i++ ) {
 		salt[i] = crypt64[ salt[i] % (sizeof(crypt64)-1) ];
 	}
-	salt[8] = '\0';
+	salt[sizeof( salt ) - 1 ] = '\0';
+
+	if( salt_format != NULL ) {
+		/* copy the salt we made into entropy before snprintfing
+		   it back into the salt */
+		char entropy[sizeof(salt)];
+		strcpy( entropy, salt );
+		snprintf( salt, sizeof(entropy), salt_format, entropy );
+	}
 
 	hash.bv_val = crypt( passwd->bv_val, salt );
 
@@ -1211,3 +1238,14 @@ static struct berval *hash_crypt(
 	return pw_string( scheme, &hash );
 }
 #endif
+
+int lutil_salt_format(const char *format)
+{
+#ifdef SLAPD_CRYPT
+	free( salt_format );
+
+	salt_format = format != NULL ? strdup( format ) : NULL;
+#endif
+
+	return 0;
+}