From: Kurt Zeilenga <kurt@openldap.org>
Date: Wed, 13 Jun 2001 05:40:24 +0000 (+0000)
Subject: Misc updates to password codes / docs
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1319
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ff993c7ddbda3e42b077638c091e1e7b5eff064a;p=openldap

Misc updates to password codes / docs
---

diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index bef621936b..6e55a7fd92 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -240,6 +240,20 @@ and
 The default is
 .BR {SSHA} .
 .TP
+.B password-crypt-salt-format <format>
+Specify the format of the salt passed to
+.BR crypt (3)
+when generating {CRYPT} passwords.  
+This string needs to be in
+.BR sprintf (3)
+format and may include one (and only one) %s conversion.
+This conversion will be substituted with a string random
+characters from [A\-Za\-z0\-9./].  For example, "%.2s"
+provides a two character salt and "$1$%.8s" tells some
+versions of crypt(3) to use an MD5 algorithm and provides
+8 random characters of salt.  The default is "%s", which
+provides 31 characters of salt.
+.TP
 .B pidfile <filename>
 The ( absolute ) name of a file that will hold the 
 .B slapd
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index 77ffd39490..8321419b42 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -10,6 +10,7 @@ slappasswd \- OpenLDAP password utility
 .B [\-u]
 .B [\-s secret]
 .B [\-h hash]
+.B [\-c salt-format]
 .B 
 .LP
 .SH DESCRIPTION
@@ -21,13 +22,14 @@ suitable for use with
 or
 .BR slapd.conf (5)
 .I rootpw
-coniguration directive.
+configuration directive.
 .SH OPTIONS
 .TP
 .B \-v
 enable verbose mode.
+.TP
 .B \-u
-generate RFC2307 userPassword values (the default).  Future
+Generate RFC2307 userPassword values (the default).  Future
 versions of this program may generate alternative syntaxes
 by default.  This option is provided for forward compatibility.
 .TP
@@ -35,6 +37,7 @@ by default.  This option is provided for forward compatibility.
 The secret to hash.  If not provided, the user will be prompted
 for the secret to hash.
 .TP
+.BI \-h " scheme"
 If -h is specified, one of the following RFC2307 schemes may
 be specified:
 .IR {CRYPT} ,
@@ -44,7 +47,20 @@ be specified:
 .IR {SHA} .
 The default is 
 .IR {SSHA} .
-.LP
+.TP
+.BI \-c " crypt-salt-format"
+Specify the format of the salt passed to
+.BR crypt (3)
+when generating {CRYPT} passwords.  
+This string needs to be in
+.BR sprintf (3)
+format and may include one (and only one) %s conversion.
+This conversion will be substituted with a string random
+characters from [A\-Za\-z0\-9./].  For example, "%.2s"
+provides a two character salt and "$1$%.8s" tells some
+versions of crypt(3) to use an MD5 algorithm and provides
+8 random characters of salt.  The default is "%s", which
+provides 31 characters of salt.
 .SH LIMITATIONS
 The practice storing hashed passwords in userPassword violates
 Standard Track (RFC2256) schema specifications and may hinder
diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 5a04acfdcc..f3ad3bce0f 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -1239,15 +1239,9 @@ static struct berval *hash_crypt(
 int lutil_salt_format(const char *format)
 {
 #ifdef SLAPD_CRYPT
-	if (format) {
-		if (salt_format)
-			free(salt_format);
-		salt_format = strdup(format);
-	} else {  // unset if they pass in NULL
-		if (salt_format)
-			free(salt_format);
-		salt_format = NULL;
-	}
+	free(salt_format);
+
+	salt_format = format != NULL ? strdup(format) : NULL;
 #endif
 
 	return 0;
diff --git a/servers/slapd/tools/slappasswd.c b/servers/slapd/tools/slappasswd.c
index 686132ef84..98d859a32e 100644
--- a/servers/slapd/tools/slappasswd.c
+++ b/servers/slapd/tools/slappasswd.c
@@ -31,6 +31,7 @@ usage(const char *s)
 		"Usage: %s [options]\n"
 		"  -h hash\tpassword scheme\n"
 		"  -s secret\tnew password\n"
+		"  -c format\tcrypt(3) salt format\n"
 		"  -u\t\tgenerate RFC2307 values (default)\n"
 		"  -v\t\tincrease verbosity\n"
 		, s );
@@ -51,24 +52,28 @@ main( int argc, char *argv[] )
 	struct berval *hash = NULL;
 
 	while( (i = getopt( argc, argv,
-		"d:h:s:vu" )) != EOF )
+		"c:d:h:s:vu" )) != EOF )
 	{
 		switch (i) {
+		case 'c':	/* crypt salt format */
+			scheme = "{CRYPT}";
+			lutil_salt_format( optarg );
+			break;
+
 		case 'h':	/* scheme */
-			scheme = strdup (optarg);
+			scheme = strdup( optarg );
 			break;
 
 		case 's':	/* new password (secret) */
-			newpw = strdup (optarg);
-
 			{
 				char* p;
+				newpw = strdup( optarg );
 
 				for( p = optarg; *p != '\0'; p++ ) {
 					*p = '\0';
 				}
-			}
-			break;
+
+			} break;
 
 		case 'u':	/* RFC2307 userPassword */
 			break;