X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Fliblutil%2Fpasswd.c;h=739c833bc6db2fa7883084f7e1b2afa8415556b3;hb=6456e5f5593c09bf6a446e82e690181beed3d077;hp=bf78b247a8cede2a9b74e29fecc395c01494be8b;hpb=df7804debc93139a534ce105b0b0d67e49397962;p=openldap

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index bf78b247a8..739c833bc6 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -21,6 +21,7 @@
 #include <stdio.h>
 #include <ac/stdlib.h>
 #include <ac/string.h>
+#include <ac/unistd.h>
 
 #ifdef SLAPD_LMHASH
 #	include <openssl/des.h>
@@ -37,17 +38,20 @@
 
 #include <ac/param.h>
 
-#include <ac/unistd.h>
-#include <ac/crypt.h>
+#ifdef SLAPD_CRYPT
+# include <ac/crypt.h>
 
-#ifdef HAVE_SHADOW_H
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
+#  ifdef HAVE_SHADOW_H
 #	include <shadow.h>
-#endif
-#ifdef HAVE_PWD_H
+#  endif
+#  ifdef HAVE_PWD_H
 #	include <pwd.h>
-#endif
-#ifdef HAVE_AIX_SECURITY
+#  endif
+#  ifdef HAVE_AIX_SECURITY
 #	include <userpw.h>
+#  endif
+# endif
 #endif
 
 #include <lber.h>
@@ -61,6 +65,10 @@
 static const unsigned char crypt64[] =
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./";
 
+#ifdef SLAPD_CRYPT
+static char *salt_format = NULL;
+#endif
+
 struct pw_scheme;
 
 typedef int (*PASSWD_CHK_FUNC)(
@@ -89,6 +97,7 @@ static int chk_smd5(
 	const struct berval *passwd,
 	const struct berval *cred );
 
+#ifdef LUTIL_SHA1_BYTES
 static int chk_ssha1(
 	const struct pw_scheme *scheme,
 	const struct berval *passwd,
@@ -98,6 +107,7 @@ static int chk_sha1(
 	const struct pw_scheme *scheme,
 	const struct berval *passwd,
 	const struct berval *cred );
+#endif
 
 #ifdef SLAPD_LMHASH
 static int chk_lanman(
@@ -135,6 +145,7 @@ static int chk_unix(
 #endif
 
 
+#ifdef LUTIL_SHA1_BYTES
 /* password hash routines */
 static struct berval *hash_sha1(
 	const struct pw_scheme *scheme,
@@ -143,6 +154,7 @@ static struct berval *hash_sha1(
 static struct berval *hash_ssha1(
 	const struct pw_scheme *scheme,
 	const struct berval *passwd );
+#endif
 
 static struct berval *hash_smd5(
 	const struct pw_scheme *scheme,
@@ -167,8 +179,10 @@ static struct berval *hash_crypt(
 
 static const struct pw_scheme pw_schemes[] =
 {
+#ifdef LUTIL_SHA1_BYTES
 	{ {sizeof("{SSHA}")-1, "{SSHA}"},	chk_ssha1, hash_ssha1 },
 	{ {sizeof("{SHA}")-1, "{SHA}"},		chk_sha1, hash_sha1 },
+#endif
 
 	{ {sizeof("{SMD5}")-1, "{SMD5}"},	chk_smd5, hash_smd5 },
 	{ {sizeof("{MD5}")-1, "{MD5}"},		chk_md5, hash_md5 },
@@ -359,6 +373,8 @@ struct berval * lutil_passwd_hash(
 	return (sc->hash_fn)( sc, passwd );
 }
 
+/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
+#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT)
 static struct berval * pw_string(
 	const struct pw_scheme *sc,
 	const struct berval *passwd )
@@ -380,6 +396,7 @@ static struct berval * pw_string(
 	pw->bv_val[pw->bv_len] = '\0';
 	return pw;
 }
+#endif /* SLAPD_LMHASH || SLAPD_CRYPT */
 
 static struct berval * pw_string64(
 	const struct pw_scheme *sc,
@@ -444,6 +461,7 @@ static struct berval * pw_string64(
 
 /* PASSWORD CHECK ROUTINES */
 
+#ifdef LUTIL_SHA1_BYTES
 static int chk_ssha1(
 	const struct pw_scheme *sc,
 	const struct berval * passwd,
@@ -516,6 +534,7 @@ static int chk_sha1(
 	ber_memfree(orig_pass);
 	return rc ? 1 : 0;
 }
+#endif
 
 static int chk_smd5(
 	const struct pw_scheme *sc,
@@ -948,6 +967,7 @@ static int chk_unix(
 
 /* PASSWORD GENERATION ROUTINES */
 
+#ifdef LUTIL_SHA1_BYTES
 static struct berval *hash_ssha1(
 	const struct pw_scheme *scheme,
 	const struct berval  *passwd )
@@ -994,6 +1014,7 @@ static struct berval *hash_sha1(
             
 	return pw_string64( scheme, &digest, NULL);
 }
+#endif
 
 static struct berval *hash_smd5(
 	const struct pw_scheme *scheme,
@@ -1104,24 +1125,27 @@ static struct berval *hash_md5(
  *    }
  */
 
+static void lmPasswd_to_key(
+	const unsigned char *lmPasswd,
+	des_cblock *key)
+{
+	/* make room for parity bits */
+	((char *)key)[0] = lmPasswd[0];
+	((char *)key)[1] = ((lmPasswd[0]&0x01)<<7) | (lmPasswd[1]>>1);
+	((char *)key)[2] = ((lmPasswd[1]&0x03)<<6) | (lmPasswd[2]>>2);
+	((char *)key)[3] = ((lmPasswd[2]&0x07)<<5) | (lmPasswd[3]>>3);
+	((char *)key)[4] = ((lmPasswd[3]&0x0F)<<4) | (lmPasswd[4]>>4);
+	((char *)key)[5] = ((lmPasswd[4]&0x1F)<<3) | (lmPasswd[5]>>5);
+	((char *)key)[6] = ((lmPasswd[5]&0x3F)<<2) | (lmPasswd[6]>>6);
+	((char *)key)[7] = ((lmPasswd[6]&0x7F)<<1);
+		
+	des_set_odd_parity( key );
+}	
+
 static struct berval *hash_lanman(
 	const struct pw_scheme *scheme,
 	const struct berval *passwd )
 {
-	static void lmPasswd_to_key(const unsigned char *lmPasswd, des_cblock *key)
-	{
-		/* make room for parity bits */
-		((char *)key)[0] = lmPasswd[0];
-		((char *)key)[1] = ((lmPasswd[0]&0x01)<<7) | (lmPasswd[1]>>1);
-		((char *)key)[2] = ((lmPasswd[1]&0x03)<<6) | (lmPasswd[2]>>2);
-		((char *)key)[3] = ((lmPasswd[2]&0x07)<<5) | (lmPasswd[3]>>3);
-		((char *)key)[4] = ((lmPasswd[3]&0x0F)<<4) | (lmPasswd[4]>>4);
-		((char *)key)[5] = ((lmPasswd[4]&0x1F)<<3) | (lmPasswd[5]>>5);
-		((char *)key)[6] = ((lmPasswd[5]&0x3F)<<2) | (lmPasswd[6]>>6);
-		((char *)key)[7] = ((lmPasswd[6]&0x7F)<<1);
-		
-		des_set_odd_parity( key );
-	}	
 
 	int i;
 	char UcasePassword[15];
@@ -1171,7 +1195,7 @@ static struct berval *hash_crypt(
 	const struct berval *passwd )
 {
 	struct berval hash;
-	unsigned char salt[3];
+	unsigned char salt[32];	/* salt suitable for most anything */
 	int i;
 
 	for( i=0; i<passwd->bv_len; i++) {
@@ -1184,13 +1208,22 @@ static struct berval *hash_crypt(
 		return NULL;	/* passwd must behave like a string */
 	}
 
-	if( lutil_entropy( salt, sizeof(salt)) < 0 ) {
+	if( lutil_entropy( salt, sizeof( salt ) ) < 0 ) {
 		return NULL; 
 	}
 
-	salt[0] = crypt64[ salt[0] % (sizeof(crypt64)-1) ];
-	salt[1] = crypt64[ salt[1] % (sizeof(crypt64)-1) ];
-	salt[2] = '\0';
+	for( i=0; i< ( sizeof(salt) - 1 ); i++ ) {
+		salt[i] = crypt64[ salt[i] % (sizeof(crypt64)-1) ];
+	}
+	salt[sizeof( salt ) - 1 ] = '\0';
+
+	if( salt_format != NULL ) {
+		/* copy the salt we made into entropy before snprintfing
+		   it back into the salt */
+		char entropy[sizeof(salt)];
+		strcpy( entropy, salt );
+		snprintf( salt, sizeof(entropy), salt_format, entropy );
+	}
 
 	hash.bv_val = crypt( passwd->bv_val, salt );
 
@@ -1205,3 +1238,14 @@ static struct berval *hash_crypt(
 	return pw_string( scheme, &hash );
 }
 #endif
+
+int lutil_salt_format(const char *format)
+{
+#ifdef SLAPD_CRYPT
+	free( salt_format );
+
+	salt_format = format != NULL ? strdup( format ) : NULL;
+#endif
+
+	return 0;
+}