Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
openldap
OpenLDAP
Commits
58d4f7fc
Commit
58d4f7fc
authored
Apr 09, 2005
by
Pierangelo Masarati
Browse files
base64 encode passwords in back-config
parent
a2a28f7b
Changes
3
Hide whitespace changes
Inline
Side-by-side
include/ldif.h
View file @
58d4f7fc
...
...
@@ -85,6 +85,13 @@ ldif_read_record LDAP_P((
char
**
bufp
,
int
*
buflen
));
LDAP_LDIF_F
(
int
)
ldif_must_b64_encode_register
LDAP_P
((
LDAP_CONST
char
*
name
,
LDAP_CONST
char
*
oid
));
LDAP_LDIF_F
(
void
)
ldif_must_b64_encode_release
LDAP_P
((
void
));
#define LDIF_PUT_NOVALUE 0x0000
/* no value */
#define LDIF_PUT_VALUE 0x0001
/* value w/ auto detection */
...
...
libraries/liblutil/ldif.c
View file @
58d4f7fc
...
...
@@ -359,6 +359,131 @@ ldif_getline( char **next )
return
(
line
);
}
/*
* name and OID of attributeTypes that must be base64 encoded in any case
*/
typedef
struct
must_b64_encode_s
{
struct
berval
name
;
struct
berval
oid
;
}
must_b64_encode_s
;
static
must_b64_encode_s
default_must_b64_encode
[]
=
{
{
BER_BVC
(
"userPassword"
),
BER_BVC
(
"2.5.4.35"
)
},
{
BER_BVNULL
,
BER_BVNULL
}
};
static
must_b64_encode_s
*
must_b64_encode
=
default_must_b64_encode
;
/*
* register name and OID of attributeTypes that must always be base64
* encoded
*
* NOTE: this routine mallocs memory in a static struct which must
* be explicitly freed when no longer required
*/
int
ldif_must_b64_encode_register
(
LDAP_CONST
char
*
name
,
LDAP_CONST
char
*
oid
)
{
int
i
;
ber_len_t
len
;
assert
(
must_b64_encode
);
assert
(
name
);
assert
(
oid
);
len
=
strlen
(
name
);
for
(
i
=
0
;
!
BER_BVISNULL
(
&
must_b64_encode
[
i
].
name
);
i
++
)
{
if
(
len
!=
must_b64_encode
[
i
].
name
.
bv_len
)
{
continue
;
}
if
(
strcasecmp
(
name
,
must_b64_encode
[
i
].
name
.
bv_val
)
==
0
)
{
break
;
}
}
if
(
!
BER_BVISNULL
(
&
must_b64_encode
[
i
].
name
)
)
{
return
1
;
}
for
(
i
=
0
;
!
BER_BVISNULL
(
&
must_b64_encode
[
i
].
name
);
i
++
)
/* just count */
;
if
(
must_b64_encode
==
default_must_b64_encode
)
{
must_b64_encode
=
ber_memalloc
(
sizeof
(
must_b64_encode_s
)
*
(
i
+
2
)
);
for
(
i
=
0
;
!
BER_BVISNULL
(
&
default_must_b64_encode
[
i
].
name
);
i
++
)
{
ber_dupbv
(
&
must_b64_encode
[
i
].
name
,
&
default_must_b64_encode
[
i
].
name
);
ber_dupbv
(
&
must_b64_encode
[
i
].
oid
,
&
default_must_b64_encode
[
i
].
oid
);
}
}
else
{
must_b64_encode_s
*
tmp
;
tmp
=
ber_memrealloc
(
must_b64_encode
,
sizeof
(
must_b64_encode_s
)
*
(
i
+
2
)
);
if
(
tmp
==
NULL
)
{
return
1
;
}
must_b64_encode
=
tmp
;
}
ber_str2bv
(
name
,
len
,
1
,
&
must_b64_encode
[
i
].
name
);
ber_str2bv
(
oid
,
0
,
1
,
&
must_b64_encode
[
i
].
oid
);
BER_BVZERO
(
&
must_b64_encode
[
i
+
1
].
name
);
return
0
;
}
void
ldif_must_b64_encode_release
(
void
)
{
int
i
;
assert
(
must_b64_encode
);
if
(
must_b64_encode
==
default_must_b64_encode
)
{
return
;
}
for
(
i
=
0
;
!
BER_BVISNULL
(
&
must_b64_encode
[
i
].
name
);
i
++
)
{
ber_memfree
(
must_b64_encode
[
i
].
name
.
bv_val
);
ber_memfree
(
must_b64_encode
[
i
].
oid
.
bv_val
);
}
ber_memfree
(
must_b64_encode
);
must_b64_encode
=
default_must_b64_encode
;
}
/*
* returns 1 iff the string corresponds to the name or the OID of any
* of the attributeTypes listed in must_b64_encode
*/
static
int
ldif_must_b64_encode
(
LDAP_CONST
char
*
s
)
{
int
i
;
struct
berval
bv
;
assert
(
must_b64_encode
);
assert
(
s
);
ber_str2bv
(
s
,
0
,
0
,
&
bv
);
for
(
i
=
0
;
!
BER_BVISNULL
(
&
must_b64_encode
[
i
].
name
);
i
++
)
{
if
(
ber_bvstrcasecmp
(
&
must_b64_encode
[
i
].
name
,
&
bv
)
==
0
||
ber_bvstrcasecmp
(
&
must_b64_encode
[
i
].
oid
,
&
bv
)
==
0
)
{
return
1
;
}
}
return
0
;
}
/* compatibility with U-Mich off by one bug */
#define LDIF_KLUDGE 1
...
...
@@ -479,10 +604,7 @@ ldif_sput(
&&
strstr
(
name
,
";binary"
)
==
NULL
#endif
#ifndef LDAP_PASSWD_DEBUG
&&
(
namelen
!=
(
sizeof
(
"userPassword"
)
-
1
)
||
strcasecmp
(
name
,
"userPassword"
)
!=
0
)
/* encode userPassword */
&&
(
namelen
!=
(
sizeof
(
"2.5.4.35"
)
-
1
)
||
strcasecmp
(
name
,
"2.5.4.35"
)
!=
0
)
/* encode userPassword */
&&
!
ldif_must_b64_encode
(
name
)
#endif
)
{
int
b64
=
0
;
...
...
servers/slapd/bconfig.c
View file @
58d4f7fc
...
...
@@ -4031,6 +4031,13 @@ config_back_db_init( Backend *be )
return
0
;
}
static
int
config_back_destroy
(
BackendInfo
*
bi
)
{
ldif_must_b64_encode_release
();
return
0
;
}
static
struct
{
char
*
name
;
AttributeDescription
**
desc
;
...
...
@@ -4068,10 +4075,12 @@ static struct {
int
config_back_initialize
(
BackendInfo
*
bi
)
{
ConfigTable
*
ct
=
config_back_cf_table
;
char
*
argv
[
4
];
int
i
;
static
char
*
controls
[]
=
{
ConfigTable
*
ct
=
config_back_cf_table
;
char
*
argv
[
4
];
int
i
;
AttributeDescription
*
ad
=
NULL
;
const
char
*
text
;
static
char
*
controls
[]
=
{
LDAP_CONTROL_MANAGEDSAIT
,
NULL
};
...
...
@@ -4081,7 +4090,7 @@ config_back_initialize( BackendInfo *bi )
bi
->
bi_open
=
0
;
bi
->
bi_close
=
0
;
bi
->
bi_config
=
0
;
bi
->
bi_destroy
=
0
;
bi
->
bi_destroy
=
config_back_destroy
;
bi
->
bi_db_init
=
config_back_db_init
;
bi
->
bi_db_config
=
0
;
...
...
@@ -4118,6 +4127,18 @@ config_back_initialize( BackendInfo *bi )
i
=
config_register_schema
(
ct
,
cf_ocs
);
if
(
i
)
return
i
;
i
=
slap_str2ad
(
"olcRootPW"
,
&
ad
,
&
text
);
/* basically, we don't care if it fails */
if
(
i
)
{
Debug
(
LDAP_DEBUG_ANY
,
"config_back_initialize: "
"warning, unable to get
\"
olcRootPW
\"
"
"attribute description: %d: %s
\n
"
,
i
,
text
,
0
);
}
else
{
(
void
)
ldif_must_b64_encode_register
(
ad
->
ad_cname
.
bv_val
,
ad
->
ad_type
->
sat_oid
);
}
/* set up the notable AttributeDescriptions */
i
=
0
;
for
(;
ct
->
name
;
ct
++
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment