Commit 1317a23b authored by Howard Chu's avatar Howard Chu
Browse files

ITS#4081 (Import ITS#4021 patch)

parent 8a465da1
...@@ -79,6 +79,10 @@ static const unsigned char crypt64[] = ...@@ -79,6 +79,10 @@ static const unsigned char crypt64[] =
static char *salt_format = NULL; static char *salt_format = NULL;
#endif #endif
/* KLUDGE:
* chk_fn is NULL iff name is {CLEARTEXT}
* otherwise, things will break
*/
struct pw_scheme { struct pw_scheme {
struct berval name; struct berval name;
LUTIL_PASSWD_CHK_FUNC *chk_fn; LUTIL_PASSWD_CHK_FUNC *chk_fn;
...@@ -161,7 +165,7 @@ static const struct pw_scheme pw_schemes_default[] = ...@@ -161,7 +165,7 @@ static const struct pw_scheme pw_schemes_default[] =
#ifdef SLAPD_CLEARTEXT #ifdef SLAPD_CLEARTEXT
/* pseudo scheme */ /* pseudo scheme */
{ {0, "{CLEARTEXT}"}, NULL, hash_clear }, { BER_BVC("{CLEARTEXT}"), NULL, hash_clear },
#endif #endif
{ BER_BVNULL, NULL, NULL } { BER_BVNULL, NULL, NULL }
...@@ -223,9 +227,7 @@ static const struct pw_scheme *get_scheme( ...@@ -223,9 +227,7 @@ static const struct pw_scheme *get_scheme(
bv.bv_val = (char *) scheme; bv.bv_val = (char *) scheme;
for( pws=pw_schemes; pws; pws=pws->next ) { for( pws=pw_schemes; pws; pws=pws->next ) {
if( bv.bv_len != pws->s.name.bv_len ) if ( ber_bvstrcasecmp(&bv, &pws->s.name ) == 0 ) {
continue;
if( strncasecmp(bv.bv_val, pws->s.name.bv_val, bv.bv_len ) == 0 ) {
return &(pws->s); return &(pws->s);
} }
} }
...@@ -317,10 +319,17 @@ lutil_passwd( ...@@ -317,10 +319,17 @@ lutil_passwd(
} }
#ifdef SLAPD_CLEARTEXT #ifdef SLAPD_CLEARTEXT
/* Do we think there is a scheme specifier here that we
* didn't recognize? Assume a scheme name is at least 1 character.
*/
if (( passwd->bv_val[0] == '{' ) &&
( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
{
return 1;
}
if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) { if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
return (( passwd->bv_len == cred->bv_len ) && return ( passwd->bv_len == cred->bv_len ) ?
( passwd->bv_val[0] != '{' /*'}'*/ )) memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
: 1; : 1;
} }
#endif #endif
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment