From: Howard Chu Date: Thu, 26 Feb 2004 03:10:53 +0000 (+0000) Subject: Deleted Kerberos and Netscape support X-Git-Tag: OPENLDAP_REL_ENG_2_2_BP~410 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9c6428b29e4c963df0f2597d7917a5bdc35dcb04;p=openldap Deleted Kerberos and Netscape support --- diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c index e00a07d2f0..8e727a4111 100644 --- a/libraries/liblutil/passwd.c +++ b/libraries/liblutil/passwd.c @@ -41,16 +41,7 @@ # endif #endif -#ifdef SLAPD_KPASSWD -# include -# include -#endif - -/* KPASSWD/krb.h brings in a conflicting des.h so don't use both. - * configure currently requires OpenSSL to enable LMHASH. Obviously - * this requirement can be fulfilled by the KRB DES library as well. - */ -#if defined(SLAPD_LMHASH) && !defined(DES_ENCRYPT) +#if defined(SLAPD_LMHASH) # include #endif /* SLAPD_LMHASH */ @@ -121,18 +112,10 @@ static LUTIL_PASSWD_CHK_FUNC chk_lanman; static LUTIL_PASSWD_HASH_FUNC hash_lanman; #endif -#ifdef SLAPD_NS_MTA_MD5 -static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5; -#endif - #ifdef SLAPD_SPASSWD static LUTIL_PASSWD_CHK_FUNC chk_sasl; #endif -#ifdef SLAPD_KPASSWD -static LUTIL_PASSWD_CHK_FUNC chk_kerberos; -#endif - #ifdef SLAPD_CRYPT static LUTIL_PASSWD_CHK_FUNC chk_crypt; static LUTIL_PASSWD_HASH_FUNC hash_crypt; @@ -164,18 +147,10 @@ static const struct pw_scheme pw_schemes_default[] = { BER_BVC("{LANMAN}"), chk_lanman, hash_lanman }, #endif /* SLAPD_LMHASH */ -#ifdef SLAPD_NS_MTA_MD5 - { BER_BVC("{NS-MTA-MD5}"), chk_ns_mta_md5, NULL }, -#endif /* SLAPD_NS_MTA_MD5 */ - #ifdef SLAPD_SPASSWD { BER_BVC("{SASL}"), chk_sasl, NULL }, #endif -#ifdef SLAPD_KPASSWD - { BER_BVC("{KERBEROS}"), chk_kerberos, NULL }, -#endif - #ifdef SLAPD_CRYPT { BER_BVC("{CRYPT}"), chk_crypt, hash_crypt }, # if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) @@ -782,60 +757,6 @@ static int chk_lanman( } #endif /* SLAPD_LMHASH */ -#ifdef SLAPD_NS_MTA_MD5 -#define NS_MTA_MD5_PASSLEN 64 -static int chk_ns_mta_md5( - const struct berval *scheme, - const struct berval *passwd, - const struct berval *cred, - const char **text ) -{ - lutil_MD5_CTX MD5context; - unsigned char MD5digest[LUTIL_MD5_BYTES], c; - char buffer[LUTIL_MD5_BYTES*2]; - int i; - - if( passwd->bv_len != NS_MTA_MD5_PASSLEN ) { - return 1; - } - - /* hash credentials with salt */ - lutil_MD5Init(&MD5context); - lutil_MD5Update(&MD5context, - (const unsigned char *) &passwd->bv_val[32], - 32 ); - - c = 0x59; - lutil_MD5Update(&MD5context, - (const unsigned char *) &c, - 1 ); - - lutil_MD5Update(&MD5context, - (const unsigned char *) cred->bv_val, - cred->bv_len ); - - c = 0xF7; - lutil_MD5Update(&MD5context, - (const unsigned char *) &c, - 1 ); - - lutil_MD5Update(&MD5context, - (const unsigned char *) &passwd->bv_val[32], - 32 ); - - lutil_MD5Final(MD5digest, &MD5context); - - for( i=0; i < sizeof( MD5digest ); i++ ) { - buffer[i+i] = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F]; - buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F]; - } - - /* compare */ - return memcmp((char *)passwd->bv_val, - (char *)buffer, sizeof(buffer)) ? 1 : 0; -} -#endif - #ifdef SLAPD_SPASSWD #ifdef HAVE_CYRUS_SASL sasl_conn_t *lutil_passwd_sasl_conn = NULL; @@ -893,180 +814,6 @@ static int chk_sasl( } #endif -#ifdef SLAPD_KPASSWD -static int chk_kerberos( - const struct berval *sc, - const struct berval * passwd, - const struct berval * cred, - const char **text ) -{ - unsigned int i; - int rtn; - - for( i=0; ibv_len; i++) { - if(cred->bv_val[i] == '\0') { - return 1; /* NUL character in password */ - } - } - - if( cred->bv_val[i] != '\0' ) { - return 1; /* cred must behave like a string */ - } - - for( i=0; ibv_len; i++) { - if(passwd->bv_val[i] == '\0') { - return 1; /* NUL character in password */ - } - } - - if( passwd->bv_val[i] != '\0' ) { - return 1; /* passwd must behave like a string */ - } - - rtn = 1; - -#ifdef HAVE_KRB5 /* HAVE_HEIMDAL_KRB5 */ - { -/* Portions: - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xf6gskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - - krb5_context context; - krb5_error_code ret; - krb5_creds creds; - krb5_get_init_creds_opt get_options; - krb5_verify_init_creds_opt verify_options; - krb5_principal client, server; -#ifdef notdef - krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP}; -#endif - - ret = krb5_init_context( &context ); - if (ret) { - return 1; - } - -#ifdef notdef - krb5_get_init_creds_opt_set_preauth_list(&get_options, - pre_auth_types, 1); -#endif - - krb5_get_init_creds_opt_init( &get_options ); - - krb5_verify_init_creds_opt_init( &verify_options ); - - ret = krb5_parse_name( context, passwd->bv_val, &client ); - - if (ret) { - krb5_free_context( context ); - return 1; - } - - ret = krb5_get_init_creds_password( context, - &creds, client, cred->bv_val, NULL, - NULL, 0, NULL, &get_options ); - - if (ret) { - krb5_free_principal( context, client ); - krb5_free_context( context ); - return 1; - } - - { - char *host = ldap_pvt_get_fqdn( NULL ); - - if( host == NULL ) { - krb5_free_principal( context, client ); - krb5_free_context( context ); - return 1; - } - - ret = krb5_sname_to_principal( context, - host, "ldap", KRB5_NT_SRV_HST, &server ); - - ber_memfree( host ); - } - - if (ret) { - krb5_free_principal( context, client ); - krb5_free_context( context ); - return 1; - } - - ret = krb5_verify_init_creds( context, - &creds, server, NULL, NULL, &verify_options ); - - krb5_free_principal( context, client ); - krb5_free_principal( context, server ); - krb5_free_cred_contents( context, &creds ); - krb5_free_context( context ); - - rtn = !!ret; - } -#elif defined(HAVE_KRB4) - { - /* Borrowed from Heimdal kpopper */ -/* Portions: - * Copyright (c) 1989 Regents of the University of California. - * All rights reserved. The Berkeley software License Agreement - * specifies the terms and conditions for redistribution. - */ - - int status; - char lrealm[REALM_SZ]; - char tkt[MAXHOSTNAMELEN]; - - status = krb_get_lrealm(lrealm,1); - if (status == KFAILURE) { - return 1; - } - - snprintf(tkt, sizeof(tkt), "%s_slapd.%u", - TKT_ROOT, (unsigned)getpid()); - krb_set_tkt_string (tkt); - - status = krb_verify_user( passwd->bv_val, "", lrealm, - cred->bv_val, 1, "ldap"); - - dest_tkt(); /* no point in keeping the tickets */ - - return status == KFAILURE; - } -#endif - - return rtn; -} -#endif /* SLAPD_KPASSWD */ - #ifdef SLAPD_CRYPT static int chk_crypt( const struct berval *sc,