# uncomment this line to enable support for LDAP referrals in libldap
LDAP_REFERRALS=-DLDAP_REFERRALS
+# uncomment this line to enable support for CRYPT passwords in LDBM
+# requires UNIX crypt(3)
+LDAP_CRYPT=-DLDAP_CRYPT
+
# uncomment this line to use soundex for approximate matches in slapd.
# the default is to use the metaphone algorithm.
#PHONETIC=-DSOUNDEX
# DEFS are included in CFLAGS
DEFS = $(PLATFORMCFLAGS) $(LDAP_DEBUG) $(KERBEROS) $(AFSKERBEROS) \
$(UOFM) $(UOFA) $(NO_USERINTERFACE) $(CLDAP) $(NO_CACHE) \
- $(LDAP_REFERRALS) $(LDAP_DNS) $(STR_TRANSLATION) \
+ $(LDAP_REFERRALS) $(LDAP_CRYPT) $(LDAP_DNS) $(STR_TRANSLATION) \
$(LIBLDAP_CHARSETS) $(LIBLDAP_DEF_CHARSET) \
$(SLAPD_BACKENDS) $(LDBMBACKEND) $(LDBMINCLUDE) $(PHONETIC)
#include "krb.h"
#endif
+#ifdef LDAP_CRYPT
+/* change for crypted passwords -- lukeh */
+#ifdef __NeXT__
+extern char *crypt (char *key, char *salt);
+#else
+#include <unistd.h>
+#endif
+#endif /* LDAP_CRYPT */
+
extern Entry *dn2entry();
extern Attribute *attr_find();
extern int krbv4_ldap_auth();
#endif
+#ifdef LDAP_CRYPT
+pthread_mutex_t crypt_mutex;
+
+static int
+crypted_value_find(
+ struct berval **vals,
+ struct berval *v,
+ int syntax,
+ int normalize,
+ struct berval *cred
+)
+{
+ int i;
+ for ( i = 0; vals[i] != NULL; i++ ) {
+ if ( syntax != SYNTAX_BIN &&
+ strncasecmp( "{CRYPT}", vals[i]->bv_val, (sizeof("{CRYPT}") - 1 ) ) == 0 ) {
+ char *userpassword = vals[i]->bv_val + sizeof("{CRYPT}") - 1;
+ pthread_mutex_lock( &crypt_mutex );
+ if ( ( !strcmp( userpassword, crypt( cred->bv_val, userpassword ) ) != 0 ) ) {
+ pthread_mutex_unlock( &crypt_mutex );
+ return ( 0 );
+ }
+ pthread_mutex_unlock( &crypt_mutex );
+ } else {
+ if ( value_cmp( vals[i], v, syntax, normalize ) == 0 ) {
+ return( 0 );
+ }
+ }
+ }
+
+ return( 1 );
+}
+#endif /* LDAP_CRYPT */
+
int
ldbm_back_bind(
Backend *be,
return( 1 );
}
- if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 ) {
+#ifdef LDAP_CRYPT
+ if ( crypted_value_find( a->a_vals, cred, a->a_syntax, 0, cred ) != 0 )
+#else
+ if ( value_find( a->a_vals, cred, a->a_syntax, 0 ) != 0 )
+#endif
+{
if ( be_isroot_pw( be, dn, cred ) ) {
/* front end will send result */
return( 0 );
}
send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
- NULL, NULL );
+ NULL, NULL );
cache_return_entry( &li->li_cache, e );
return( 1 );
}
char *argv[ 4 ];
int i;
+#ifdef LDAP_CRYPT
+ extern pthread_mutex_t crypt_mutex;
+#endif /* LDAP_CRYPT */
+
/* allocate backend-specific stuff */
li = (struct ldbminfo *) ch_calloc( 1, sizeof(struct ldbminfo) );
pthread_mutex_init( &li->li_cache.c_mutex, pthread_mutexattr_default );
pthread_mutex_init( &li->li_nextid_mutex, pthread_mutexattr_default );
pthread_mutex_init( &li->li_dbcache_mutex, pthread_mutexattr_default );
+#ifdef LDAP_CRYPT
+ pthread_mutex_init( &crypt_mutex, pthread_mutexattr_default );
+#endif /* LDAP_CRYPT */
pthread_cond_init( &li->li_dbcache_cv, pthread_condattr_default );
for ( i = 0; i < MAXDBCACHE; i++ ) {
pthread_mutex_init( &li->li_dbcache[i].dbc_mutex,
projects / openldap / commitdiff