From bbad1de8e1b56bc1138d8ce5b419da312c3e0931 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 11 Mar 2003 05:58:53 +0000 Subject: [PATCH] Added lutil_passwd_init, _destroy, _add for dynamically adding passwd schemes. Declarations in lutil.h require lutil.h never be included before lber.h, always after. --- include/lutil.h | 33 +++++++- libraries/liblutil/passwd.c | 154 ++++++++++++++++++++-------------- servers/slapd/back-bdb/init.c | 3 +- servers/slapd/config.c | 2 +- servers/slapd/lock.c | 2 +- servers/slapd/modify.c | 4 +- 6 files changed, 126 insertions(+), 72 deletions(-) diff --git a/include/lutil.h b/include/lutil.h index ae629eb1a6..c3a1221624 100644 --- a/include/lutil.h +++ b/include/lutil.h @@ -57,7 +57,12 @@ lutil_entropy LDAP_P(( ber_len_t nbytes )); /* passfile.c */ -struct berval; /* avoid pulling in lber.h */ +#ifndef _LBER_H +struct berval { /* avoid pulling in lber.h */ + ber_len_t bv_len; + char *bv_val; +}; +#endif LDAP_LUTIL_F( int ) lutil_get_filed_password LDAP_P(( @@ -65,6 +70,32 @@ lutil_get_filed_password LDAP_P(( struct berval * )); /* passwd.c */ +struct lutil_pw_scheme; + +typedef int (*LUTIL_PASSWD_CHK_FUNC)( + const struct lutil_pw_scheme *scheme, + const struct berval *passwd, + const struct berval *cred ); + +typedef struct berval * (*LUTIL_PASSWD_HASH_FUNC) ( + const struct lutil_pw_scheme *scheme, + const struct berval *passwd ); + +struct lutil_pw_scheme { + struct berval name; + LUTIL_PASSWD_CHK_FUNC chk_fn; + LUTIL_PASSWD_HASH_FUNC hash_fn; +}; + +LDAP_LUTIL_F( int ) +lutil_passwd_add LDAP_P(( struct lutil_pw_scheme *s )); + +LDAP_LUTIL_F( void ) +lutil_passwd_init LDAP_P(( void )); + +LDAP_LUTIL_F( void ) +lutil_passwd_destroy LDAP_P(( void )); + LDAP_LUTIL_F( int ) lutil_authpasswd LDAP_P(( const struct berval *passwd, /* stored password */ diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c index 144dd1afe5..a5464ed2b1 100644 --- a/libraries/liblutil/passwd.c +++ b/libraries/liblutil/passwd.c @@ -78,83 +78,71 @@ static const unsigned char crypt64[] = static char *salt_format = NULL; #endif -struct pw_scheme; - -typedef int (*PASSWD_CHK_FUNC)( - const struct pw_scheme *scheme, - const struct berval *passwd, - const struct berval *cred ); - -typedef struct berval * (*PASSWD_HASH_FUNC) ( - const struct pw_scheme *scheme, - const struct berval *passwd ); - -struct pw_scheme { - struct berval name; - PASSWD_CHK_FUNC chk_fn; - PASSWD_HASH_FUNC hash_fn; +struct pw_slist { + struct pw_slist *next; + struct lutil_pw_scheme s; }; /* password check routines */ static int chk_md5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); static int chk_smd5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #ifdef LUTIL_SHA1_BYTES static int chk_ssha1( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); static int chk_sha1( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #endif #ifdef SLAPD_LMHASH static int chk_lanman( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #endif #ifdef SLAPD_NS_MTA_MD5 static int chk_ns_mta_md5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #endif #ifdef SLAPD_SPASSWD static int chk_sasl( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #endif #ifdef SLAPD_KPASSWD static int chk_kerberos( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #endif #ifdef SLAPD_CRYPT static int chk_crypt( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) static int chk_unix( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ); #endif @@ -164,41 +152,43 @@ static int chk_unix( #ifdef LUTIL_SHA1_BYTES /* password hash routines */ static struct berval *hash_sha1( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ); static struct berval *hash_ssha1( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ); #endif static struct berval *hash_smd5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ); static struct berval *hash_md5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ); #ifdef SLAPD_LMHASH static struct berval *hash_lanman( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ); #endif #ifdef SLAPD_CRYPT static struct berval *hash_crypt( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ); #endif #ifdef SLAPD_CLEARTEXT static struct berval *hash_clear( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ); #endif -static const struct pw_scheme pw_schemes[] = +static struct pw_slist *pw_schemes; + +static const struct lutil_pw_scheme pw_schemes_default[] = { #ifdef LUTIL_SHA1_BYTES { BER_BVC("{SSHA}"), chk_ssha1, hash_ssha1 }, @@ -239,16 +229,48 @@ static const struct pw_scheme pw_schemes[] = { BER_BVNULL, NULL, NULL } }; -static const struct pw_scheme *get_scheme( +int lutil_passwd_add(struct lutil_pw_scheme *s) +{ + struct pw_slist *ptr; + + ptr = ber_memalloc( sizeof( struct pw_slist )); + if (!ptr) return -1; + ptr->next = pw_schemes; + ptr->s = *s; + pw_schemes = ptr; + return 0; +} + +void lutil_passwd_init() +{ + struct pw_slist *ptr; + struct lutil_pw_scheme *s; + + for( s=(struct lutil_pw_scheme *)pw_schemes_default; s->name.bv_val; s++) { + if ( lutil_passwd_add( s )) break; + } +} + +void lutil_passwd_destroy() +{ + struct pw_slist *ptr, *next; + + for( ptr=pw_schemes; ptr; ptr=next ) { + next = ptr->next; + ber_memfree( ptr ); + } +} + +static const struct lutil_pw_scheme *get_scheme( const char* scheme ) { - int i; + struct pw_slist *pws; - for( i=0; pw_schemes[i].name.bv_val; i++) { - if( pw_schemes[i].name.bv_val == NULL ) continue; + if (!pw_schemes) lutil_passwd_init(); - if( strcasecmp(scheme, pw_schemes[i].name.bv_val ) == 0 ) { - return &pw_schemes[i]; + for( pws=pw_schemes; pws; pws=pws->next ) { + if( strcasecmp(scheme, pws->s.name.bv_val ) == 0 ) { + return &(pws->s); } } @@ -283,7 +305,7 @@ static int is_allowed_scheme( } static struct berval *passwd_scheme( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval * passwd, struct berval *bv, const char** allowed ) @@ -313,7 +335,7 @@ lutil_passwd( const struct berval *cred, /* user cred */ const char **schemes ) { - int i; + struct pw_slist *pws; if (cred == NULL || cred->bv_len == 0 || passwd == NULL || passwd->bv_len == 0 ) @@ -321,14 +343,16 @@ lutil_passwd( return -1; } - for( i=0; pw_schemes[i].name.bv_val != NULL; i++ ) { - if( pw_schemes[i].chk_fn ) { + if (!pw_schemes) lutil_passwd_init(); + + for( pws=pw_schemes; pws; pws=pws->next ) { + if( pws->s.chk_fn ) { struct berval x; - struct berval *p = passwd_scheme( &pw_schemes[i], + struct berval *p = passwd_scheme( &(pws->s), passwd, &x, schemes ); if( p != NULL ) { - return (pw_schemes[i].chk_fn)( &pw_schemes[i], p, cred ); + return (pws->s.chk_fn)( &(pws->s), p, cred ); } } } @@ -380,7 +404,7 @@ struct berval * lutil_passwd_hash( const struct berval * passwd, const char * method ) { - const struct pw_scheme *sc = get_scheme( method ); + const struct lutil_pw_scheme *sc = get_scheme( method ); if( sc == NULL ) return NULL; if( ! sc->hash_fn ) return NULL; @@ -391,7 +415,7 @@ struct berval * lutil_passwd_hash( /* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */ #if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT) static struct berval * pw_string( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval *passwd ) { struct berval *pw = ber_memalloc( sizeof( struct berval ) ); @@ -414,7 +438,7 @@ static struct berval * pw_string( #endif /* SLAPD_LMHASH || SLAPD_CRYPT */ static struct berval * pw_string64( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval *hash, const struct berval *salt ) { @@ -478,7 +502,7 @@ static struct berval * pw_string64( #ifdef LUTIL_SHA1_BYTES static int chk_ssha1( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -521,7 +545,7 @@ static int chk_ssha1( } static int chk_sha1( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -557,7 +581,7 @@ static int chk_sha1( #endif static int chk_smd5( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -601,7 +625,7 @@ static int chk_smd5( } static int chk_md5( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -637,7 +661,7 @@ static int chk_md5( #ifdef SLAPD_LMHASH static int chk_lanman( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ) { @@ -650,7 +674,7 @@ static int chk_lanman( #ifdef SLAPD_NS_MTA_MD5 static int chk_ns_mta_md5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd, const struct berval *cred ) { @@ -702,7 +726,7 @@ sasl_conn_t *lutil_passwd_sasl_conn = NULL; #endif static int chk_sasl( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -755,7 +779,7 @@ static int chk_sasl( #ifdef SLAPD_KPASSWD static int chk_kerberos( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -928,7 +952,7 @@ static int chk_kerberos( #ifdef SLAPD_CRYPT static int chk_crypt( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -971,7 +995,7 @@ static int chk_crypt( # if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) static int chk_unix( - const struct pw_scheme *sc, + const struct lutil_pw_scheme *sc, const struct berval * passwd, const struct berval * cred ) { @@ -1047,7 +1071,7 @@ static int chk_unix( #ifdef LUTIL_SHA1_BYTES static struct berval *hash_ssha1( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ) { lutil_SHA1_CTX SHA1context; @@ -1076,7 +1100,7 @@ static struct berval *hash_ssha1( } static struct berval *hash_sha1( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ) { lutil_SHA1_CTX SHA1context; @@ -1095,7 +1119,7 @@ static struct berval *hash_sha1( #endif static struct berval *hash_smd5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ) { lutil_MD5_CTX MD5context; @@ -1124,7 +1148,7 @@ static struct berval *hash_smd5( } static struct berval *hash_md5( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ) { lutil_MD5_CTX MD5context; @@ -1221,7 +1245,7 @@ static void lmPasswd_to_key( } static struct berval *hash_lanman( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ) { @@ -1269,7 +1293,7 @@ static struct berval *hash_lanman( #ifdef SLAPD_CRYPT static struct berval *hash_crypt( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ) { struct berval hash; @@ -1330,7 +1354,7 @@ int lutil_salt_format(const char *format) #ifdef SLAPD_CLEARTEXT static struct berval *hash_clear( - const struct pw_scheme *scheme, + const struct lutil_pw_scheme *scheme, const struct berval *passwd ) { return ber_bvdup( (struct berval *) passwd ); diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c index 8e0669ea02..d6e30bd6b6 100644 --- a/servers/slapd/back-bdb/init.c +++ b/servers/slapd/back-bdb/init.c @@ -12,10 +12,9 @@ #include #include -#include - #include "back-bdb.h" #include "external.h" +#include static struct bdbi_database { char *file; diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 6aa83ee433..21ef05484b 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -15,12 +15,12 @@ #include #include -#include "lutil.h" #include "ldap_pvt.h" #include "slap.h" #ifdef LDAP_SLAPI #include "slapi.h" #endif +#include "lutil.h" #define ARGS_STEP 512 diff --git a/servers/slapd/lock.c b/servers/slapd/lock.c index afc6ba5dcb..4688b50e3d 100644 --- a/servers/slapd/lock.c +++ b/servers/slapd/lock.c @@ -18,8 +18,8 @@ #include #endif -#include #include "slap.h" +#include FILE * lock_fopen( const char *fname, const char *type, FILE **lfp ) diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index 00e91a3767..1d3c7b325f 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -23,13 +23,13 @@ #include #include -#include "lutil.h" - #include "ldap_pvt.h" #include "slap.h" #ifdef LDAP_SLAPI #include "slapi.h" #endif +#include "lutil.h" + int do_modify( -- 2.39.5