From 9449c5709e19753fd5ea2cbaeca923d1f2d2a9c7 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 29 Sep 2005 20:30:09 +0000
Subject: [PATCH] ITS#4021: add new {CLEARTEXT} kludge as bv_len=0 kludge no
 longer works well.

---
 libraries/liblutil/passwd.c  | 8 +++++++-
 servers/slapd/bconfig.c      | 2 +-
 servers/slapd/passwd.c       | 2 ++
 tests/scripts/test010-passwd | 2 +-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 23d001f7d5..269df67ed1 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -73,6 +73,10 @@ static lutil_cryptfunc lutil_crypt;
 lutil_cryptfunc *lutil_cryptptr = lutil_crypt;
 #endif
 
+/* KLUDGE:
+ *  chk_fn is NULL iff name is {CLEARTEXT}
+ *	otherwise, things will break
+ */
 struct pw_scheme {
 	struct berval name;
 	LUTIL_PASSWD_CHK_FUNC *chk_fn;
@@ -147,7 +151,7 @@ static const struct pw_scheme pw_schemes_default[] =
 
 #ifdef SLAPD_CLEARTEXT
 	/* pseudo scheme */
-	{ {0, "{CLEARTEXT}"},		NULL, hash_clear },
+	{ BER_BVC("{CLEARTEXT}"),	NULL, hash_clear },
 #endif
 
 	{ BER_BVNULL, NULL, NULL }
@@ -306,7 +310,9 @@ lutil_passwd(
 	 */
 	if (( passwd->bv_val[0] == '{' ) &&
 		( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
+	{
 		return 1;
+	}
 	if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
 		return ( passwd->bv_len == cred->bv_len ) ?
 			memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index e2be24c8f8..be9de3f5ea 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -1379,7 +1379,7 @@ config_passwd_hash(ConfigArgs *c) {
 	}
 	for(i = 1; i < c->argc; i++) {
 		if(!lutil_passwd_scheme(c->argv[i])) {
-			sprintf( c->msg, "<%s> schema not available", c->argv[0] );
+			sprintf( c->msg, "<%s> scheme not available", c->argv[0] );
 			Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
 				c->log, c->msg, c->argv[i]);
 		} else {
diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 5ada68fa92..385e2be3c1 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -68,7 +68,9 @@ int passwd_extop(
 		return LDAP_STRONG_AUTH_REQUIRED;
 	}
 
+	qpw->rs_old.bv_len = 0;
 	qpw->rs_old.bv_val = NULL;
+	qpw->rs_new.bv_len = 0;
 	qpw->rs_new.bv_val = NULL;
 	qpw->rs_mods = NULL;
 	qpw->rs_modtail = NULL;
diff --git a/tests/scripts/test010-passwd b/tests/scripts/test010-passwd
index 8de9baaaf8..9abf3d93c2 100755
--- a/tests/scripts/test010-passwd
+++ b/tests/scripts/test010-passwd
@@ -171,7 +171,7 @@ fi
 
 echo "Logging end state with ldapsearch..."
 echo "" >> $TESTOUT
-echo "++ Initial search" >> $TESTOUT
+echo "++ End search" >> $TESTOUT
 $LDAPSEARCH -h $LOCALHOST -p $PORT1 \
 	-D "$MANAGERDN" -w $PASSWD \
 	-b "$BASEDN" \
-- 
2.39.5