# endif
#endif
-#ifdef SLAPD_KPASSWD
-# include <ac/krb.h>
-# include <ac/krb5.h>
-#endif
-
-/* KPASSWD/krb.h brings in a conflicting des.h so don't use both.
- * configure currently requires OpenSSL to enable LMHASH. Obviously
- * this requirement can be fulfilled by the KRB DES library as well.
- */
-#if defined(SLAPD_LMHASH) && !defined(DES_ENCRYPT)
+#if defined(SLAPD_LMHASH)
# include <openssl/des.h>
#endif /* SLAPD_LMHASH */
static LUTIL_PASSWD_HASH_FUNC hash_lanman;
#endif
-#ifdef SLAPD_NS_MTA_MD5
-static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5;
-#endif
-
#ifdef SLAPD_SPASSWD
static LUTIL_PASSWD_CHK_FUNC chk_sasl;
#endif
-#ifdef SLAPD_KPASSWD
-static LUTIL_PASSWD_CHK_FUNC chk_kerberos;
-#endif
-
#ifdef SLAPD_CRYPT
static LUTIL_PASSWD_CHK_FUNC chk_crypt;
static LUTIL_PASSWD_HASH_FUNC hash_crypt;
{ BER_BVC("{LANMAN}"), chk_lanman, hash_lanman },
#endif /* SLAPD_LMHASH */
-#ifdef SLAPD_NS_MTA_MD5
- { BER_BVC("{NS-MTA-MD5}"), chk_ns_mta_md5, NULL },
-#endif /* SLAPD_NS_MTA_MD5 */
-
#ifdef SLAPD_SPASSWD
{ BER_BVC("{SASL}"), chk_sasl, NULL },
#endif
-#ifdef SLAPD_KPASSWD
- { BER_BVC("{KERBEROS}"), chk_kerberos, NULL },
-#endif
-
#ifdef SLAPD_CRYPT
{ BER_BVC("{CRYPT}"), chk_crypt, hash_crypt },
# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
}
#endif /* SLAPD_LMHASH */
-#ifdef SLAPD_NS_MTA_MD5
-#define NS_MTA_MD5_PASSLEN 64
-static int chk_ns_mta_md5(
- const struct berval *scheme,
- const struct berval *passwd,
- const struct berval *cred,
- const char **text )
-{
- lutil_MD5_CTX MD5context;
- unsigned char MD5digest[LUTIL_MD5_BYTES], c;
- char buffer[LUTIL_MD5_BYTES*2];
- int i;
-
- if( passwd->bv_len != NS_MTA_MD5_PASSLEN ) {
- return 1;
- }
-
- /* hash credentials with salt */
- lutil_MD5Init(&MD5context);
- lutil_MD5Update(&MD5context,
- (const unsigned char *) &passwd->bv_val[32],
- 32 );
-
- c = 0x59;
- lutil_MD5Update(&MD5context,
- (const unsigned char *) &c,
- 1 );
-
- lutil_MD5Update(&MD5context,
- (const unsigned char *) cred->bv_val,
- cred->bv_len );
-
- c = 0xF7;
- lutil_MD5Update(&MD5context,
- (const unsigned char *) &c,
- 1 );
-
- lutil_MD5Update(&MD5context,
- (const unsigned char *) &passwd->bv_val[32],
- 32 );
-
- lutil_MD5Final(MD5digest, &MD5context);
-
- for( i=0; i < sizeof( MD5digest ); i++ ) {
- buffer[i+i] = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F];
- buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F];
- }
-
- /* compare */
- return memcmp((char *)passwd->bv_val,
- (char *)buffer, sizeof(buffer)) ? 1 : 0;
-}
-#endif
-
#ifdef SLAPD_SPASSWD
#ifdef HAVE_CYRUS_SASL
sasl_conn_t *lutil_passwd_sasl_conn = NULL;
}
#endif
-#ifdef SLAPD_KPASSWD
-static int chk_kerberos(
- const struct berval *sc,
- const struct berval * passwd,
- const struct berval * cred,
- const char **text )
-{
- unsigned int i;
- int rtn;
-
- for( i=0; i<cred->bv_len; i++) {
- if(cred->bv_val[i] == '\0') {
- return 1; /* NUL character in password */
- }
- }
-
- if( cred->bv_val[i] != '\0' ) {
- return 1; /* cred must behave like a string */
- }
-
- for( i=0; i<passwd->bv_len; i++) {
- if(passwd->bv_val[i] == '\0') {
- return 1; /* NUL character in password */
- }
- }
-
- if( passwd->bv_val[i] != '\0' ) {
- return 1; /* passwd must behave like a string */
- }
-
- rtn = 1;
-
-#ifdef HAVE_KRB5 /* HAVE_HEIMDAL_KRB5 */
- {
-/* Portions:
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xf6gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
- krb5_context context;
- krb5_error_code ret;
- krb5_creds creds;
- krb5_get_init_creds_opt get_options;
- krb5_verify_init_creds_opt verify_options;
- krb5_principal client, server;
-#ifdef notdef
- krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
-#endif
-
- ret = krb5_init_context( &context );
- if (ret) {
- return 1;
- }
-
-#ifdef notdef
- krb5_get_init_creds_opt_set_preauth_list(&get_options,
- pre_auth_types, 1);
-#endif
-
- krb5_get_init_creds_opt_init( &get_options );
-
- krb5_verify_init_creds_opt_init( &verify_options );
-
- ret = krb5_parse_name( context, passwd->bv_val, &client );
-
- if (ret) {
- krb5_free_context( context );
- return 1;
- }
-
- ret = krb5_get_init_creds_password( context,
- &creds, client, cred->bv_val, NULL,
- NULL, 0, NULL, &get_options );
-
- if (ret) {
- krb5_free_principal( context, client );
- krb5_free_context( context );
- return 1;
- }
-
- {
- char *host = ldap_pvt_get_fqdn( NULL );
-
- if( host == NULL ) {
- krb5_free_principal( context, client );
- krb5_free_context( context );
- return 1;
- }
-
- ret = krb5_sname_to_principal( context,
- host, "ldap", KRB5_NT_SRV_HST, &server );
-
- ber_memfree( host );
- }
-
- if (ret) {
- krb5_free_principal( context, client );
- krb5_free_context( context );
- return 1;
- }
-
- ret = krb5_verify_init_creds( context,
- &creds, server, NULL, NULL, &verify_options );
-
- krb5_free_principal( context, client );
- krb5_free_principal( context, server );
- krb5_free_cred_contents( context, &creds );
- krb5_free_context( context );
-
- rtn = !!ret;
- }
-#elif defined(HAVE_KRB4)
- {
- /* Borrowed from Heimdal kpopper */
-/* Portions:
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved. The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
- int status;
- char lrealm[REALM_SZ];
- char tkt[MAXHOSTNAMELEN];
-
- status = krb_get_lrealm(lrealm,1);
- if (status == KFAILURE) {
- return 1;
- }
-
- snprintf(tkt, sizeof(tkt), "%s_slapd.%u",
- TKT_ROOT, (unsigned)getpid());
- krb_set_tkt_string (tkt);
-
- status = krb_verify_user( passwd->bv_val, "", lrealm,
- cred->bv_val, 1, "ldap");
-
- dest_tkt(); /* no point in keeping the tickets */
-
- return status == KFAILURE;
- }
-#endif
-
- return rtn;
-}
-#endif /* SLAPD_KPASSWD */
-
#ifdef SLAPD_CRYPT
static int chk_crypt(
const struct berval *sc,
projects / openldap / commitdiff