From: Kurt Zeilenga Date: Fri, 9 Jan 2004 04:11:57 +0000 (+0000) Subject: ITS#2906: report invalid userPassword schemes, clarify documentation X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~56 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=c8408d3c6a9125a27657f56062def492d526fe9e;p=openldap ITS#2906: report invalid userPassword schemes, clarify documentation --- diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8 index 8eade745e6..ee83f09d09 100644 --- a/doc/man/man8/slappasswd.8 +++ b/doc/man/man8/slappasswd.8 @@ -64,6 +64,12 @@ be specified: The default is .IR {SSHA} . +Note that scheme names may need to be protected, due to +.B { +and +.BR } , +from expansion by the user's command interpreter. + .B {SHA} and .B {SSHA} diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c index abf26784e7..064343cbc3 100644 --- a/libraries/liblutil/passwd.c +++ b/libraries/liblutil/passwd.c @@ -377,9 +377,17 @@ struct berval * lutil_passwd_hash( { const struct pw_scheme *sc = get_scheme( method ); + if( sc == NULL ) { + *text = "scheme not recognized"; + return NULL; + } + + if( ! sc->hash_fn ) { + *text = "scheme provided no hash function"; + return NULL; + } + if( text ) *text = NULL; - if( sc == NULL ) return NULL; - if( ! sc->hash_fn ) return NULL; return (sc->hash_fn)( &sc->name, passwd, text ); } diff --git a/servers/slapd/tools/slappasswd.c b/servers/slapd/tools/slappasswd.c index 92443e2051..b144ae5937 100644 --- a/servers/slapd/tools/slappasswd.c +++ b/servers/slapd/tools/slappasswd.c @@ -131,10 +131,10 @@ main( int argc, char *argv[] ) } hash = lutil_passwd_hash( &passwd, scheme, &text ); - if( hash == NULL || hash->bv_val == NULL ) { - fprintf( stderr, "Password generation failed. %s\n", - text ? text : "" ); + fprintf( stderr, + "Password generation failed for scheme %s: %s\n", + scheme, text ? text : "" ); return EXIT_FAILURE; }