# $OpenLDAP$
CPPFLAGS+=-I../../../include -I../../../servers/slapd
-all: kerberos.la netscape.la radius.la
+all: kerberos.la netscape.la radius.la apr1.la
kerberos.lo: kerberos.c
$(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -DHAVE_KRB5 -Wall -c $?
$(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
-rpath $(PREFIX)/lib -module -o $@ $? -lradius
+apr1.lo: apr1.c
+ $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $?
+
+apr1.la: apr1.lo
+ $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+ -rpath $(PREFIX)/lib -module -o $@ $?
+
clean:
rm -f kerberos.lo kerberos.la
rm -f netscape.lo netscape.la
rm -f radius.lo radius.la
+ rm -f apr1.lo apr1.la
-install: kerberos.la netscape.la radius.la
+install: kerberos.la netscape.la radius.la apr1.la
mkdir -p $(PREFIX)/lib/openldap
$(LIBTOOL) --mode=install cp kerberos.la $(PREFIX)/lib/openldap
$(LIBTOOL) --mode=install cp netscape.la $(PREFIX)/lib/openldap
$(LIBTOOL) --mode=install cp radius.la $(PREFIX)/lib/openldap
+ $(LIBTOOL) --mode=install cp apr1.la $(PREFIX)/lib/openldap
$(LIBTOOL) --finish $(PREFIX)/lib
This directory contains native slapd plugins for password mechanisms that
are not actively supported by the project. Currently this includes the
-Kerberos, Netscape MTA-MD5 and RADIUS password mechanisms.
+Kerberos, Netscape MTA-MD5 and RADIUS password mechanisms. The Apache
+APR1 MD5 and BSD/Paul Henning Kamp MD5 mechanisms are also included.
To use the Kerberos plugin, add:
to your slapd configuration file.
+To use the APR1/BSD/MD5 plugin, add:
+
+moduleload pw-apr1.so
+
+to your slapd configuration file.
+
To use the RADIUS plugin, add:
moduleload pw-radius.so
(Actually, you might want to statically link the RADIUS client library
libradius.a into the module).
+The corresponding command for the APR1 plugin would be:
+
+gcc -shared -I../../../include -Wall -g -o pw-apr1.so apr1.c
+
---
This work is part of OpenLDAP Software <http://www.openldap.org/>.
\r
#include <assert.h>\r
\r
+/* the only difference between this and straight PHK is the magic */\r
static LUTIL_PASSWD_CHK_FUNC chk_apr1;\r
static LUTIL_PASSWD_HASH_FUNC hash_apr1;\r
-static const struct berval scheme = BER_BVC("{APR1}");\r
+static const struct berval scheme_apr1 = BER_BVC("{APR1}");\r
+static const struct berval magic_apr1 = BER_BVC("$apr1$");\r
+\r
+static LUTIL_PASSWD_CHK_FUNC chk_bsdmd5;\r
+static LUTIL_PASSWD_HASH_FUNC hash_bsdmd5;\r
+static const struct berval scheme_bsdmd5 = BER_BVC("{BSDMD5}");\r
+static const struct berval magic_bsdmd5 = BER_BVC("$1$");\r
\r
static const unsigned char apr64[] =\r
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";\r
* this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp\r
* ----------------------------------------------------------------------------\r
*/\r
-static void do_apr_hash(\r
+static void do_phk_hash(\r
const struct berval *passwd,\r
const struct berval *salt,\r
+ const struct berval *magic,\r
unsigned char *digest)\r
{\r
lutil_MD5_CTX ctx, ctx1;\r
/* Start hashing */\r
lutil_MD5Init(&ctx);\r
lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
- lutil_MD5Update(&ctx, "$apr1$", 6);\r
+ lutil_MD5Update(&ctx, (const unsigned char *) magic->bv_val, magic->bv_len);\r
lutil_MD5Update(&ctx, (const unsigned char *) salt->bv_val, salt->bv_len);\r
/* Inner hash */\r
lutil_MD5Init(&ctx1);\r
}\r
}\r
\r
-static int chk_apr1(\r
+static int chk_phk(\r
const struct berval *scheme,\r
+ const struct berval *magic,\r
const struct berval *passwd,\r
const struct berval *cred,\r
const char **text)\r
salt.bv_len = rc - sizeof(digest);\r
\r
/* the only difference between this and straight PHK is the magic */\r
- do_apr_hash(cred, &salt, digest);\r
+ do_phk_hash(cred, magic, &salt, digest);\r
\r
if (text)\r
*text = NULL;\r
return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;\r
}\r
\r
-static int hash_apr1(\r
+static int chk_apr1(\r
+ const struct berval *scheme,\r
+ const struct berval *passwd,\r
+ const struct berval *cred,\r
+ const char **text)\r
+{\r
+ return chk_phk(scheme, &magic_apr1, passwd, cred, text);\r
+}\r
+\r
+static int chk_bsdmd5(\r
+ const struct berval *scheme,\r
+ const struct berval *passwd,\r
+ const struct berval *cred,\r
+ const char **text)\r
+{\r
+ return chk_phk(scheme, &magic_bsdmd5, passwd, cred, text);\r
+}\r
+\r
+static int hash_phk(\r
const struct berval *scheme,\r
+ const struct berval *magic,\r
const struct berval *passwd,\r
struct berval *hash,\r
const char **text)\r
for (n = 0; n < salt.bv_len; n++)\r
salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];\r
\r
- /* the only difference between this and straight PHK is the magic */\r
- do_apr_hash(passwd, &salt, digest_buf);\r
+ do_phk_hash(passwd, magic, &salt, digest_buf);\r
\r
if (text)\r
*text = NULL;\r
return lutil_passwd_string64(scheme, &digest, hash, &salt);\r
}\r
\r
+static int hash_apr1(\r
+ const struct berval *scheme,\r
+ const struct berval *passwd,\r
+ struct berval *hash,\r
+ const char **text)\r
+{\r
+ return hash_phk(scheme, &magic_apr1, passwd, hash, text);\r
+}\r
+\r
+static int hash_bsdmd5(\r
+ const struct berval *scheme,\r
+ const struct berval *passwd,\r
+ struct berval *hash,\r
+ const char **text)\r
+{\r
+ return hash_phk(scheme, &magic_bsdmd5, passwd, hash, text);\r
+}\r
+\r
int init_module(int argc, char *argv[]) {\r
- return lutil_passwd_add((struct berval *) &scheme, chk_apr1, hash_apr1);\r
+ int rc;\r
+ rc = lutil_passwd_add((struct berval *) &scheme_apr1, chk_apr1, hash_apr1);\r
+ if ( !rc )\r
+ rc = lutil_passwd_add((struct berval *) &scheme_bsdmd5,\r
+ chk_bsdmd5, hash_bsdmd5);\r
+ return rc;\r
}\r
projects / openldap / commitdiff