X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Fliblutil%2Fpasswd.c;h=739c833bc6db2fa7883084f7e1b2afa8415556b3;hb=6456e5f5593c09bf6a446e82e690181beed3d077;hp=4ba96e2da876243af8eaff80d2ba7db8b576a913;hpb=9ed2b33e2b44667cc3261f9219bd2481993cd523;p=openldap

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 4ba96e2da8..739c833bc6 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -65,6 +65,10 @@
 static const unsigned char crypt64[] =
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./";
 
+#ifdef SLAPD_CRYPT
+static char *salt_format = NULL;
+#endif
+
 struct pw_scheme;
 
 typedef int (*PASSWD_CHK_FUNC)(
@@ -369,6 +373,8 @@ struct berval * lutil_passwd_hash(
 	return (sc->hash_fn)( sc, passwd );
 }
 
+/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
+#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT)
 static struct berval * pw_string(
 	const struct pw_scheme *sc,
 	const struct berval *passwd )
@@ -390,6 +396,7 @@ static struct berval * pw_string(
 	pw->bv_val[pw->bv_len] = '\0';
 	return pw;
 }
+#endif /* SLAPD_LMHASH || SLAPD_CRYPT */
 
 static struct berval * pw_string64(
 	const struct pw_scheme *sc,
@@ -1188,7 +1195,7 @@ static struct berval *hash_crypt(
 	const struct berval *passwd )
 {
 	struct berval hash;
-	unsigned char salt[9];	/* salt suitable for anything */
+	unsigned char salt[32];	/* salt suitable for most anything */
 	int i;
 
 	for( i=0; i<passwd->bv_len; i++) {
@@ -1201,14 +1208,22 @@ static struct berval *hash_crypt(
 		return NULL;	/* passwd must behave like a string */
 	}
 
-	if( lutil_entropy( salt, 8) < 0 ) {
+	if( lutil_entropy( salt, sizeof( salt ) ) < 0 ) {
 		return NULL; 
 	}
 
-	for( i=0; i<8; i++ ) {
+	for( i=0; i< ( sizeof(salt) - 1 ); i++ ) {
 		salt[i] = crypt64[ salt[i] % (sizeof(crypt64)-1) ];
 	}
-	salt[8] = '\0';
+	salt[sizeof( salt ) - 1 ] = '\0';
+
+	if( salt_format != NULL ) {
+		/* copy the salt we made into entropy before snprintfing
+		   it back into the salt */
+		char entropy[sizeof(salt)];
+		strcpy( entropy, salt );
+		snprintf( salt, sizeof(entropy), salt_format, entropy );
+	}
 
 	hash.bv_val = crypt( passwd->bv_val, salt );
 
@@ -1223,3 +1238,14 @@ static struct berval *hash_crypt(
 	return pw_string( scheme, &hash );
 }
 #endif
+
+int lutil_salt_format(const char *format)
+{
+#ifdef SLAPD_CRYPT
+	free( salt_format );
+
+	salt_format = format != NULL ? strdup( format ) : NULL;
+#endif
+
+	return 0;
+}