X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Fliblutil%2Fpasswd.c;h=739c833bc6db2fa7883084f7e1b2afa8415556b3;hb=6456e5f5593c09bf6a446e82e690181beed3d077;hp=2d78acdbc45274378a76962cc91abc9b333ddc74;hpb=7f91ee936f2293170b0062465967d41bac696ae1;p=openldap diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c index 2d78acdbc4..739c833bc6 100644 --- a/libraries/liblutil/passwd.c +++ b/libraries/liblutil/passwd.c @@ -65,6 +65,10 @@ static const unsigned char crypt64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./"; +#ifdef SLAPD_CRYPT +static char *salt_format = NULL; +#endif + struct pw_scheme; typedef int (*PASSWD_CHK_FUNC)( @@ -93,6 +97,7 @@ static int chk_smd5( const struct berval *passwd, const struct berval *cred ); +#ifdef LUTIL_SHA1_BYTES static int chk_ssha1( const struct pw_scheme *scheme, const struct berval *passwd, @@ -102,6 +107,7 @@ static int chk_sha1( const struct pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); +#endif #ifdef SLAPD_LMHASH static int chk_lanman( @@ -139,6 +145,7 @@ static int chk_unix( #endif +#ifdef LUTIL_SHA1_BYTES /* password hash routines */ static struct berval *hash_sha1( const struct pw_scheme *scheme, @@ -147,6 +154,7 @@ static struct berval *hash_sha1( static struct berval *hash_ssha1( const struct pw_scheme *scheme, const struct berval *passwd ); +#endif static struct berval *hash_smd5( const struct pw_scheme *scheme, @@ -171,8 +179,10 @@ static struct berval *hash_crypt( static const struct pw_scheme pw_schemes[] = { +#ifdef LUTIL_SHA1_BYTES { {sizeof("{SSHA}")-1, "{SSHA}"}, chk_ssha1, hash_ssha1 }, { {sizeof("{SHA}")-1, "{SHA}"}, chk_sha1, hash_sha1 }, +#endif { {sizeof("{SMD5}")-1, "{SMD5}"}, chk_smd5, hash_smd5 }, { {sizeof("{MD5}")-1, "{MD5}"}, chk_md5, hash_md5 }, @@ -363,6 +373,8 @@ struct berval * lutil_passwd_hash( return (sc->hash_fn)( sc, passwd ); } +/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */ +#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT) static struct berval * pw_string( const struct pw_scheme *sc, const struct berval *passwd ) @@ -384,6 +396,7 @@ static struct berval * pw_string( pw->bv_val[pw->bv_len] = '\0'; return pw; } +#endif /* SLAPD_LMHASH || SLAPD_CRYPT */ static struct berval * pw_string64( const struct pw_scheme *sc, @@ -448,6 +461,7 @@ static struct berval * pw_string64( /* PASSWORD CHECK ROUTINES */ +#ifdef LUTIL_SHA1_BYTES static int chk_ssha1( const struct pw_scheme *sc, const struct berval * passwd, @@ -520,6 +534,7 @@ static int chk_sha1( ber_memfree(orig_pass); return rc ? 1 : 0; } +#endif static int chk_smd5( const struct pw_scheme *sc, @@ -952,6 +967,7 @@ static int chk_unix( /* PASSWORD GENERATION ROUTINES */ +#ifdef LUTIL_SHA1_BYTES static struct berval *hash_ssha1( const struct pw_scheme *scheme, const struct berval *passwd ) @@ -998,6 +1014,7 @@ static struct berval *hash_sha1( return pw_string64( scheme, &digest, NULL); } +#endif static struct berval *hash_smd5( const struct pw_scheme *scheme, @@ -1178,7 +1195,7 @@ static struct berval *hash_crypt( const struct berval *passwd ) { struct berval hash; - unsigned char salt[9]; /* salt suitable for anything */ + unsigned char salt[32]; /* salt suitable for most anything */ int i; for( i=0; ibv_len; i++) { @@ -1191,14 +1208,22 @@ static struct berval *hash_crypt( return NULL; /* passwd must behave like a string */ } - if( lutil_entropy( salt, 8) < 0 ) { + if( lutil_entropy( salt, sizeof( salt ) ) < 0 ) { return NULL; } - for( i=0; i<8; i++ ) { + for( i=0; i< ( sizeof(salt) - 1 ); i++ ) { salt[i] = crypt64[ salt[i] % (sizeof(crypt64)-1) ]; } - salt[8] = '\0'; + salt[sizeof( salt ) - 1 ] = '\0'; + + if( salt_format != NULL ) { + /* copy the salt we made into entropy before snprintfing + it back into the salt */ + char entropy[sizeof(salt)]; + strcpy( entropy, salt ); + snprintf( salt, sizeof(entropy), salt_format, entropy ); + } hash.bv_val = crypt( passwd->bv_val, salt ); @@ -1213,3 +1238,14 @@ static struct berval *hash_crypt( return pw_string( scheme, &hash ); } #endif + +int lutil_salt_format(const char *format) +{ +#ifdef SLAPD_CRYPT + free( salt_format ); + + salt_format = format != NULL ? strdup( format ) : NULL; +#endif + + return 0; +}