]> git.sur5r.net Git - openldap/commitdiff
base64 encode passwords in back-config
authorPierangelo Masarati <ando@openldap.org>
Sat, 9 Apr 2005 15:19:36 +0000 (15:19 +0000)
committerPierangelo Masarati <ando@openldap.org>
Sat, 9 Apr 2005 15:19:36 +0000 (15:19 +0000)
include/ldif.h
libraries/liblutil/ldif.c
servers/slapd/bconfig.c

index fec4b65ae910cb8ce79087660f420316fd0124e3..a51e1cf4d3a0315f43c15d903dd023345b45b7c0 100644 (file)
@@ -85,6 +85,13 @@ ldif_read_record LDAP_P((
        char **bufp,
        int *buflen ));
 
+LDAP_LDIF_F( int )
+ldif_must_b64_encode_register LDAP_P((
+       LDAP_CONST char *name,
+       LDAP_CONST char *oid ));
+
+LDAP_LDIF_F( void )
+ldif_must_b64_encode_release LDAP_P(( void ));
 
 #define LDIF_PUT_NOVALUE       0x0000  /* no value */
 #define LDIF_PUT_VALUE         0x0001  /* value w/ auto detection */
index e0412b2ae903be75121a7a7deed3ee4d413065bf..c24fa18e0cdcf71759e52e0a67520463a5d0207a 100644 (file)
@@ -359,6 +359,131 @@ ldif_getline( char **next )
        return( line );
 }
 
+/*
+ * name and OID of attributeTypes that must be base64 encoded in any case
+ */
+typedef struct must_b64_encode_s {
+       struct berval   name;
+       struct berval   oid;
+} must_b64_encode_s;
+
+static must_b64_encode_s       default_must_b64_encode[] = {
+       { BER_BVC( "userPassword" ), BER_BVC( "2.5.4.35" ) },
+       { BER_BVNULL, BER_BVNULL }
+};
+
+static must_b64_encode_s       *must_b64_encode = default_must_b64_encode;
+
+/*
+ * register name and OID of attributeTypes that must always be base64 
+ * encoded
+ *
+ * NOTE: this routine mallocs memory in a static struct which must 
+ * be explicitly freed when no longer required
+ */
+int
+ldif_must_b64_encode_register( LDAP_CONST char *name, LDAP_CONST char *oid )
+{
+       int             i;
+       ber_len_t       len;
+
+       assert( must_b64_encode );
+       assert( name );
+       assert( oid );
+
+       len = strlen( name );
+
+       for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
+               if ( len != must_b64_encode[i].name.bv_len ) {
+                       continue;
+               }
+
+               if ( strcasecmp( name, must_b64_encode[i].name.bv_val ) == 0 ) {
+                       break;
+               }
+       }
+
+       if ( !BER_BVISNULL( &must_b64_encode[i].name ) ) {
+               return 1;
+       }
+
+       for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ )
+               /* just count */ ;
+
+       if ( must_b64_encode == default_must_b64_encode ) {
+               must_b64_encode = ber_memalloc( sizeof( must_b64_encode_s ) * ( i + 2 ) );
+
+               for ( i = 0; !BER_BVISNULL( &default_must_b64_encode[i].name ); i++ ) {
+                       ber_dupbv( &must_b64_encode[i].name, &default_must_b64_encode[i].name );
+                       ber_dupbv( &must_b64_encode[i].oid, &default_must_b64_encode[i].oid );
+               }
+
+       } else {
+               must_b64_encode_s       *tmp;
+
+               tmp = ber_memrealloc( must_b64_encode,
+                       sizeof( must_b64_encode_s ) * ( i + 2 ) );
+               if ( tmp == NULL ) {
+                       return 1;
+               }
+               must_b64_encode = tmp;
+       }
+
+       ber_str2bv( name, len, 1, &must_b64_encode[i].name );
+       ber_str2bv( oid, 0, 1, &must_b64_encode[i].oid );
+
+       BER_BVZERO( &must_b64_encode[i + 1].name );
+
+       return 0;
+}
+
+void
+ldif_must_b64_encode_release( void )
+{
+       int     i;
+
+       assert( must_b64_encode );
+
+       if ( must_b64_encode == default_must_b64_encode ) {
+               return;
+       }
+
+       for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
+               ber_memfree( must_b64_encode[i].name.bv_val );
+               ber_memfree( must_b64_encode[i].oid.bv_val );
+       }
+
+       ber_memfree( must_b64_encode );
+
+       must_b64_encode = default_must_b64_encode;
+}
+
+/*
+ * returns 1 iff the string corresponds to the name or the OID of any 
+ * of the attributeTypes listed in must_b64_encode
+ */
+static int
+ldif_must_b64_encode( LDAP_CONST char *s )
+{
+       int             i;
+       struct berval   bv;
+
+       assert( must_b64_encode );
+       assert( s );
+
+       ber_str2bv( s, 0, 0, &bv );
+
+       for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
+               if ( ber_bvstrcasecmp( &must_b64_encode[i].name, &bv ) == 0
+                               || ber_bvstrcasecmp( &must_b64_encode[i].oid, &bv ) == 0 )
+               {
+                       return 1;
+               }
+       }
+
+       return 0;
+}
+
 /* compatibility with U-Mich off by one bug */
 #define LDIF_KLUDGE 1
 
@@ -479,10 +604,7 @@ ldif_sput(
                && strstr( name, ";binary" ) == NULL
 #endif
 #ifndef LDAP_PASSWD_DEBUG
-               && (namelen != (sizeof("userPassword")-1)
-               || strcasecmp( name, "userPassword" ) != 0)     /* encode userPassword */
-               && (namelen != (sizeof("2.5.4.35")-1) 
-               || strcasecmp( name, "2.5.4.35" ) != 0)         /* encode userPassword */
+               && !ldif_must_b64_encode( name )
 #endif
        ) {
                int b64 = 0;
index b987df1d7ae383683e82c020f6e2bbaa71279beb..a1835cea31becaf6d1fac594a1ae03fc57289e38 100644 (file)
@@ -4031,6 +4031,13 @@ config_back_db_init( Backend *be )
        return 0;
 }
 
+static int
+config_back_destroy( BackendInfo *bi )
+{
+       ldif_must_b64_encode_release();
+       return 0;
+}
+
 static struct {
        char *name;
        AttributeDescription **desc;
@@ -4068,10 +4075,12 @@ static struct {
 int
 config_back_initialize( BackendInfo *bi )
 {
-       ConfigTable *ct = config_back_cf_table;
-       char *argv[4];
-       int i;
-       static char *controls[] = {
+       ConfigTable             *ct = config_back_cf_table;
+       char                    *argv[4];
+       int                     i;
+       AttributeDescription    *ad = NULL;
+       const char              *text;
+       static char             *controls[] = {
                LDAP_CONTROL_MANAGEDSAIT,
                NULL
        };
@@ -4081,7 +4090,7 @@ config_back_initialize( BackendInfo *bi )
        bi->bi_open = 0;
        bi->bi_close = 0;
        bi->bi_config = 0;
-       bi->bi_destroy = 0;
+       bi->bi_destroy = config_back_destroy;
 
        bi->bi_db_init = config_back_db_init;
        bi->bi_db_config = 0;
@@ -4118,6 +4127,18 @@ config_back_initialize( BackendInfo *bi )
        i = config_register_schema( ct, cf_ocs );
        if ( i ) return i;
 
+       i = slap_str2ad( "olcRootPW", &ad, &text );
+       /* basically, we don't care if it fails */
+       if ( i ) {
+               Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
+                       "warning, unable to get \"olcRootPW\" "
+                       "attribute description: %d: %s\n",
+                       i, text, 0 );
+       } else {
+               (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
+                       ad->ad_type->sat_oid );
+       }
+
        /* set up the notable AttributeDescriptions */
        i = 0;
        for (;ct->name;ct++) {