Commit 58d4f7fc authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

base64 encode passwords in back-config

parent a2a28f7b
......@@ -85,6 +85,13 @@ ldif_read_record LDAP_P((
char **bufp,
int *buflen ));
LDAP_LDIF_F( int )
ldif_must_b64_encode_register LDAP_P((
LDAP_CONST char *name,
LDAP_CONST char *oid ));
LDAP_LDIF_F( void )
ldif_must_b64_encode_release LDAP_P(( void ));
#define LDIF_PUT_NOVALUE 0x0000 /* no value */
#define LDIF_PUT_VALUE 0x0001 /* value w/ auto detection */
......
......@@ -359,6 +359,131 @@ ldif_getline( char **next )
return( line );
}
/*
* name and OID of attributeTypes that must be base64 encoded in any case
*/
typedef struct must_b64_encode_s {
struct berval name;
struct berval oid;
} must_b64_encode_s;
static must_b64_encode_s default_must_b64_encode[] = {
{ BER_BVC( "userPassword" ), BER_BVC( "2.5.4.35" ) },
{ BER_BVNULL, BER_BVNULL }
};
static must_b64_encode_s *must_b64_encode = default_must_b64_encode;
/*
* register name and OID of attributeTypes that must always be base64
* encoded
*
* NOTE: this routine mallocs memory in a static struct which must
* be explicitly freed when no longer required
*/
int
ldif_must_b64_encode_register( LDAP_CONST char *name, LDAP_CONST char *oid )
{
int i;
ber_len_t len;
assert( must_b64_encode );
assert( name );
assert( oid );
len = strlen( name );
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
if ( len != must_b64_encode[i].name.bv_len ) {
continue;
}
if ( strcasecmp( name, must_b64_encode[i].name.bv_val ) == 0 ) {
break;
}
}
if ( !BER_BVISNULL( &must_b64_encode[i].name ) ) {
return 1;
}
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ )
/* just count */ ;
if ( must_b64_encode == default_must_b64_encode ) {
must_b64_encode = ber_memalloc( sizeof( must_b64_encode_s ) * ( i + 2 ) );
for ( i = 0; !BER_BVISNULL( &default_must_b64_encode[i].name ); i++ ) {
ber_dupbv( &must_b64_encode[i].name, &default_must_b64_encode[i].name );
ber_dupbv( &must_b64_encode[i].oid, &default_must_b64_encode[i].oid );
}
} else {
must_b64_encode_s *tmp;
tmp = ber_memrealloc( must_b64_encode,
sizeof( must_b64_encode_s ) * ( i + 2 ) );
if ( tmp == NULL ) {
return 1;
}
must_b64_encode = tmp;
}
ber_str2bv( name, len, 1, &must_b64_encode[i].name );
ber_str2bv( oid, 0, 1, &must_b64_encode[i].oid );
BER_BVZERO( &must_b64_encode[i + 1].name );
return 0;
}
void
ldif_must_b64_encode_release( void )
{
int i;
assert( must_b64_encode );
if ( must_b64_encode == default_must_b64_encode ) {
return;
}
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
ber_memfree( must_b64_encode[i].name.bv_val );
ber_memfree( must_b64_encode[i].oid.bv_val );
}
ber_memfree( must_b64_encode );
must_b64_encode = default_must_b64_encode;
}
/*
* returns 1 iff the string corresponds to the name or the OID of any
* of the attributeTypes listed in must_b64_encode
*/
static int
ldif_must_b64_encode( LDAP_CONST char *s )
{
int i;
struct berval bv;
assert( must_b64_encode );
assert( s );
ber_str2bv( s, 0, 0, &bv );
for ( i = 0; !BER_BVISNULL( &must_b64_encode[i].name ); i++ ) {
if ( ber_bvstrcasecmp( &must_b64_encode[i].name, &bv ) == 0
|| ber_bvstrcasecmp( &must_b64_encode[i].oid, &bv ) == 0 )
{
return 1;
}
}
return 0;
}
/* compatibility with U-Mich off by one bug */
#define LDIF_KLUDGE 1
......@@ -479,10 +604,7 @@ ldif_sput(
&& strstr( name, ";binary" ) == NULL
#endif
#ifndef LDAP_PASSWD_DEBUG
&& (namelen != (sizeof("userPassword")-1)
|| strcasecmp( name, "userPassword" ) != 0) /* encode userPassword */
&& (namelen != (sizeof("2.5.4.35")-1)
|| strcasecmp( name, "2.5.4.35" ) != 0) /* encode userPassword */
&& !ldif_must_b64_encode( name )
#endif
) {
int b64 = 0;
......
......@@ -4031,6 +4031,13 @@ config_back_db_init( Backend *be )
return 0;
}
static int
config_back_destroy( BackendInfo *bi )
{
ldif_must_b64_encode_release();
return 0;
}
static struct {
char *name;
AttributeDescription **desc;
......@@ -4068,10 +4075,12 @@ static struct {
int
config_back_initialize( BackendInfo *bi )
{
ConfigTable *ct = config_back_cf_table;
char *argv[4];
int i;
static char *controls[] = {
ConfigTable *ct = config_back_cf_table;
char *argv[4];
int i;
AttributeDescription *ad = NULL;
const char *text;
static char *controls[] = {
LDAP_CONTROL_MANAGEDSAIT,
NULL
};
......@@ -4081,7 +4090,7 @@ config_back_initialize( BackendInfo *bi )
bi->bi_open = 0;
bi->bi_close = 0;
bi->bi_config = 0;
bi->bi_destroy = 0;
bi->bi_destroy = config_back_destroy;
bi->bi_db_init = config_back_db_init;
bi->bi_db_config = 0;
......@@ -4118,6 +4127,18 @@ config_back_initialize( BackendInfo *bi )
i = config_register_schema( ct, cf_ocs );
if ( i ) return i;
i = slap_str2ad( "olcRootPW", &ad, &text );
/* basically, we don't care if it fails */
if ( i ) {
Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
"warning, unable to get \"olcRootPW\" "
"attribute description: %d: %s\n",
i, text, 0 );
} else {
(void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
ad->ad_type->sat_oid );
}
/* set up the notable AttributeDescriptions */
i = 0;
for (;ct->name;ct++) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment