Commits (13)
#! /bin/sh
# From configure.in Id: a1f2cd419d8a3be4c692600bef1a69a03d860268 .
# From configure.in Id: c4f9dbe3dd538f85d7a57f40fe1d492df83dfb4a .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69.
#
......@@ -994,7 +994,6 @@ enable_dynacl
enable_aci
enable_cleartext
enable_crypt
enable_lmpasswd
enable_spasswd
enable_modules
enable_rewrite
......@@ -1703,7 +1702,6 @@ SLAPD (Standalone LDAP Daemon) Options:
--enable-aci enable per-object ACIs (experimental) no|yes|mod [no]
--enable-cleartext enable cleartext passwords [yes]
--enable-crypt enable crypt(3) passwords [no]
--enable-lmpasswd enable LAN Manager passwords [no]
--enable-spasswd enable (Cyrus) SASL password verification [no]
--enable-modules enable dynamic module support [no]
--enable-rewrite enable DN rewriting in back-ldap and rwm overlay [auto]
......@@ -3926,27 +3924,6 @@ else
fi
 
# end --enable-crypt
# OpenLDAP --enable-lmpasswd
# Check whether --enable-lmpasswd was given.
if test "${enable_lmpasswd+set}" = set; then :
enableval=$enable_lmpasswd;
ol_arg=invalid
for ol_val in auto yes no ; do
if test "$enableval" = "$ol_val" ; then
ol_arg="$ol_val"
fi
done
if test "$ol_arg" = "invalid" ; then
as_fn_error $? "bad value $enableval for --enable-lmpasswd" "$LINENO" 5
fi
ol_enable_lmpasswd="$ol_arg"
else
ol_enable_lmpasswd=no
fi
# end --enable-lmpasswd
# OpenLDAP --enable-spasswd
 
# Check whether --enable-spasswd was given.
......@@ -5119,12 +5096,6 @@ if test $ol_enable_asyncmeta/$ol_enable_ldap = yes/no ; then
as_fn_error $? "--enable-asyncmeta requires --enable-ldap" "$LINENO" 5
fi
 
if test $ol_enable_lmpasswd = yes ; then
if test $ol_with_tls = no ; then
as_fn_error $? "LAN Manager passwords require OpenSSL" "$LINENO" 5
fi
fi
if test $ol_enable_spasswd = yes ; then
if test $ol_with_cyrus_sasl = no ; then
as_fn_error $? "options require --with-cyrus-sasl" "$LINENO" 5
......@@ -6985,7 +6956,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 6988 "configure"' > conftest.$ac_ext
echo '#line 6959 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
......@@ -8665,11 +8636,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8668: $lt_compile\"" >&5)
(eval echo "\"\$as_me:8639: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:8672: \$? = $ac_status" >&5
echo "$as_me:8643: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
......@@ -8927,11 +8898,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8930: $lt_compile\"" >&5)
(eval echo "\"\$as_me:8901: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:8934: \$? = $ac_status" >&5
echo "$as_me:8905: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
......@@ -8989,11 +8960,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8992: $lt_compile\"" >&5)
(eval echo "\"\$as_me:8963: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:8996: \$? = $ac_status" >&5
echo "$as_me:8967: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
......@@ -10861,7 +10832,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 10864 "configure"
#line 10835 "configure"
#include "confdefs.h"
 
#if HAVE_DLFCN_H
......@@ -10959,7 +10930,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 10962 "configure"
#line 10933 "configure"
#include "confdefs.h"
 
#if HAVE_DLFCN_H
......@@ -15913,15 +15884,6 @@ else
$as_echo "$as_me: WARNING: TLS data protection not supported!" >&2;}
fi
 
if test $ol_enable_lmpasswd != no; then
if test $ol_link_tls != yes ; then
as_fn_error $? "LAN Manager passwords require OpenSSL" "$LINENO" 5
fi
$as_echo "#define SLAPD_LMHASH 1" >>confdefs.h
fi
 
ol_link_threads=no
 
......
......@@ -271,7 +271,6 @@ OL_ARG_ENABLE(dynacl,[ --enable-dynacl enable run-time loadable ACL support
OL_ARG_ENABLE(aci,[ --enable-aci enable per-object ACIs (experimental)], no, [no yes mod])dnl
OL_ARG_ENABLE(cleartext,[ --enable-cleartext enable cleartext passwords], yes)dnl
OL_ARG_ENABLE(crypt,[ --enable-crypt enable crypt(3) passwords], no)dnl
OL_ARG_ENABLE(lmpasswd,[ --enable-lmpasswd enable LAN Manager passwords], no)dnl
OL_ARG_ENABLE(spasswd,[ --enable-spasswd enable (Cyrus) SASL password verification], no)dnl
OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl
OL_ARG_ENABLE(rewrite,[ --enable-rewrite enable DN rewriting in back-ldap and rwm overlay], auto)dnl
......@@ -507,12 +506,6 @@ if test $ol_enable_asyncmeta/$ol_enable_ldap = yes/no ; then
AC_MSG_ERROR([--enable-asyncmeta requires --enable-ldap])
fi
if test $ol_enable_lmpasswd = yes ; then
if test $ol_with_tls = no ; then
AC_MSG_ERROR([LAN Manager passwords require OpenSSL])
fi
fi
if test $ol_enable_spasswd = yes ; then
if test $ol_with_cyrus_sasl = no ; then
AC_MSG_ERROR([options require --with-cyrus-sasl])
......@@ -1293,15 +1286,6 @@ else
AC_MSG_WARN([TLS data protection not supported!])
fi
dnl ----------------------------------------------------------------
dnl LAN Manger password checking requires DES from OpenSSL
if test $ol_enable_lmpasswd != no; then
if test $ol_link_tls != yes ; then
AC_MSG_ERROR([LAN Manager passwords require OpenSSL])
fi
AC_DEFINE(SLAPD_LMHASH, 1, [define to support LAN Manager passwords])
fi
dnl ----------------------------------------------------------------
dnl Threads?
......@@ -2940,7 +2924,7 @@ if test "$ol_enable_retcode" != no ; then
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS retcode.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_RETCODE,$MFLAG,[define for Referential Integrity overlay])
AC_DEFINE_UNQUOTED(SLAPD_OVER_RETCODE,$MFLAG,[define for Return Code overlay])
fi
if test "$ol_enable_rwm" != no ; then
......
......@@ -14,8 +14,8 @@ looked up from the Entry directly.
The Samba support is written using the Samba 3.0 LDAP schema. If a
PasswordModify is performed on an entry that has the sambaSamAccount
objectclass, then the sambaLMPassword, sambaNTPassword, and sambaPwdLastSet
attributes will be updated accordingly.
objectclass, then the sambaNTPassword and sambaPwdLastSet attributes
will be updated accordingly.
To use the overlay, add:
......
......@@ -89,8 +89,6 @@ attribute.
If the user is a
.B sambaSamAccount
object, synchronize the
.B sambaLMPassword
and
.B sambaNTPassword
to the password entered in the Password Modify operation, and update
.B sambaPwdLastSet
......
......@@ -66,18 +66,14 @@ static ObjectClass *oc_krb5KDCEntry;
#ifdef DO_SAMBA
#ifdef HAVE_GNUTLS
#include <nettle/des.h>
#include <nettle/md4.h>
typedef unsigned char DES_cblock[8];
#elif HAVE_OPENSSL
#include <openssl/des.h>
#include <openssl/md4.h>
#else
#error Unsupported crypto backend.
#endif
#include "ldap_utf8.h"
static AttributeDescription *ad_sambaLMPassword;
static AttributeDescription *ad_sambaNTPassword;
static AttributeDescription *ad_sambaPwdLastSet;
static AttributeDescription *ad_sambaPwdMustChange;
......@@ -135,29 +131,6 @@ static int smbk5pwd_modules_init( smbk5pwd_t *pi );
#ifdef DO_SAMBA
static const char hex[] = "0123456789abcdef";
/* From liblutil/passwd.c... */
static void lmPasswd_to_key(
const char *lmPasswd,
DES_cblock *key)
{
const unsigned char *lpw = (const unsigned char *)lmPasswd;
unsigned char *k = (unsigned char *)key;
/* make room for parity bits */
k[0] = lpw[0];
k[1] = ((lpw[0]&0x01)<<7) | (lpw[1]>>1);
k[2] = ((lpw[1]&0x03)<<6) | (lpw[2]>>2);
k[3] = ((lpw[2]&0x07)<<5) | (lpw[3]>>3);
k[4] = ((lpw[3]&0x0F)<<4) | (lpw[4]>>4);
k[5] = ((lpw[4]&0x1F)<<3) | (lpw[5]>>5);
k[6] = ((lpw[5]&0x3F)<<2) | (lpw[6]>>6);
k[7] = ((lpw[6]&0x7F)<<1);
#ifdef HAVE_OPENSSL
DES_set_odd_parity( key );
#endif
}
#define MAX_PWLEN 256
#define HASHLEN 16
......@@ -182,45 +155,6 @@ static void hexify(
*a++ = '\0';
}
static void lmhash(
struct berval *passwd,
struct berval *hash
)
{
char UcasePassword[15];
DES_cblock key;
DES_cblock StdText = "KGS!@#$%";
DES_cblock hbuf[2];
#ifdef HAVE_OPENSSL
DES_key_schedule schedule;
#elif defined(HAVE_GNUTLS)
struct des_ctx ctx;
#endif
strncpy( UcasePassword, passwd->bv_val, 14 );
UcasePassword[14] = '\0';
ldap_pvt_str2upper( UcasePassword );
lmPasswd_to_key( UcasePassword, &key );
#ifdef HAVE_GNUTLS
des_set_key( &ctx, key );
des_encrypt( &ctx, sizeof(key), hbuf[0], StdText );
lmPasswd_to_key( &UcasePassword[7], &key );
des_set_key( &ctx, key );
des_encrypt( &ctx, sizeof(key), hbuf[1], StdText );
#elif defined(HAVE_OPENSSL)
DES_set_key_unchecked( &key, &schedule );
DES_ecb_encrypt( &StdText, &hbuf[0], &schedule , DES_ENCRYPT );
lmPasswd_to_key( &UcasePassword[7], &key );
DES_set_key_unchecked( &key, &schedule );
DES_ecb_encrypt( &StdText, &hbuf[1], &schedule , DES_ENCRYPT );
#endif
hexify( (char *)hbuf, hash );
}
static void nthash(
struct berval *passwd,
struct berval *hash
......@@ -530,7 +464,7 @@ static int smbk5pwd_exop_passwd(
struct berval *keys;
ber_len_t j,l;
wchar_t *wcs, wc;
char *c, *d;
char *c;
struct berval pwd;
/* Expand incoming UTF8 string to UCS4 */
......@@ -568,33 +502,6 @@ static int smbk5pwd_exop_passwd(
ml->sml_values = keys;
ml->sml_nvalues = NULL;
/* Truncate UCS2 to 8-bit ASCII */
c = pwd.bv_val+1;
d = pwd.bv_val+2;
for (j=1; j<l; j++) {
*c++ = *d++;
d++;
}
pwd.bv_len /= 2;
pwd.bv_val[pwd.bv_len] = '\0';
ml = ch_malloc(sizeof(Modifications));
ml->sml_next = qpw->rs_mods;
qpw->rs_mods = ml;
keys = ch_malloc( 2 * sizeof(struct berval) );
BER_BVZERO( &keys[1] );
lmhash( &pwd, keys );
ml->sml_desc = ad_sambaLMPassword;
ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
ml->sml_numvals = 1;
ml->sml_values = keys;
ml->sml_nvalues = NULL;
ch_free(wcs);
ml = ch_malloc(sizeof(Modifications));
......@@ -949,7 +856,6 @@ smbk5pwd_modules_init( smbk5pwd_t *pi )
#endif /* DO_KRB5 */
#ifdef DO_SAMBA
samba_ad[] = {
{ "sambaLMPassword", &ad_sambaLMPassword },
{ "sambaNTPassword", &ad_sambaNTPassword },
{ "sambaPwdLastSet", &ad_sambaPwdLastSet },
{ "sambaPwdMustChange", &ad_sambaPwdMustChange },
......
......@@ -152,10 +152,13 @@ typedef HANDLE ldap_int_thread_mutex_t;
typedef HANDLE ldap_int_thread_cond_t;
typedef DWORD ldap_int_thread_key_t;
LDAP_F( int )
ldap_pvt_thread_mutex_init_first LDAP_P(( ldap_pvt_thread_mutex_t *mutex ));
#ifndef LDAP_INT_MUTEX_NULL
#define LDAP_INT_MUTEX_NULL ((HANDLE)0)
#define LDAP_INT_MUTEX_FIRSTCREATE(m) \
((void) ((m) || ldap_pvt_thread_mutex_init(&(m))))
ldap_pvt_thread_mutex_init_first(&(m))
#endif
LDAP_END_DECL
......
......@@ -48,6 +48,9 @@
/* end of portable.h.pre */
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
/* define to use both <string.h> and <strings.h> */
#undef BOTH_STRINGS_H
......@@ -111,21 +114,18 @@
/* define if crypt(3) is available */
#undef HAVE_CRYPT
/* define if crypt_r(3) is available */
#undef HAVE_CRYPT_R
/* Define to 1 if you have the <crypt.h> header file. */
#undef HAVE_CRYPT_H
/* define if crypt_r() is also available */
#undef HAVE_CRYPT_R
/* Define to 1 if you have the `ctime_r' function. */
#undef HAVE_CTIME_R
/* define if you have Cyrus SASL */
#undef HAVE_CYRUS_SASL
/* Define to 1 if you have the <db.h> header file. */
#undef HAVE_DB_H
/* define if your system supports /dev/poll */
#undef HAVE_DEVPOLL
......@@ -598,22 +598,22 @@
/* Define to 1 if you have the `strtouq' function. */
#undef HAVE_STRTOUQ
/* Define to 1 if `msg_accrightslen' is member of `struct msghdr'. */
/* Define to 1 if `msg_accrightslen' is a member of `struct msghdr'. */
#undef HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTSLEN
/* Define to 1 if `msg_control' is member of `struct msghdr'. */
/* Define to 1 if `msg_control' is a member of `struct msghdr'. */
#undef HAVE_STRUCT_MSGHDR_MSG_CONTROL
/* Define to 1 if `pw_gecos' is member of `struct passwd'. */
/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
#undef HAVE_STRUCT_PASSWD_PW_GECOS
/* Define to 1 if `pw_passwd' is member of `struct passwd'. */
/* Define to 1 if `pw_passwd' is a member of `struct passwd'. */
#undef HAVE_STRUCT_PASSWD_PW_PASSWD
/* Define to 1 if `st_blksize' is member of `struct stat'. */
/* Define to 1 if `st_blksize' is a member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_BLKSIZE
/* Define to 1 if `st_fstype' is member of `struct stat'. */
/* Define to 1 if `st_fstype' is a member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_FSTYPE
/* define to 1 if st_fstype is char * */
......@@ -622,7 +622,7 @@
/* define to 1 if st_fstype is int */
#undef HAVE_STRUCT_STAT_ST_FSTYPE_INT
/* Define to 1 if `st_vfstype' is member of `struct stat'. */
/* Define to 1 if `st_vfstype' is a member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_VFSTYPE
/* Define to 1 if you have the <synch.h> header file. */
......@@ -876,6 +876,9 @@
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
......@@ -927,9 +930,6 @@
/* define to support LDAP backend */
#undef SLAPD_LDAP
/* define to support LAN Manager passwords */
#undef SLAPD_LMHASH
/* define to support MDB backend */
#undef SLAPD_MDB
......@@ -993,7 +993,7 @@
/* define for Referential Integrity overlay */
#undef SLAPD_OVER_REFINT
/* define for Return Code Integrity overlay */
/* define for Return Code overlay */
#undef SLAPD_OVER_RETCODE
/* define for Rewrite/Remap overlay */
......@@ -1071,9 +1071,17 @@
/* define to use 'long long' for MP */
#undef USE_MP_LONG_LONG
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
# undef WORDS_BIGENDIAN
# endif
#endif
/* Define to the type of arg 3 for `accept'. */
#undef ber_socklen_t
......
......@@ -147,7 +147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement *ber,
/* skip sequence, snarf attribute type */
tag = ber_scanf( ber, vals ? "{mM}" : "{mx}", attr, vals,
&siz, 0 );
&siz, (ber_len_t)0 );
if( tag == LBER_ERROR ) {
rc = ld->ld_errno = LDAP_DECODING_ERROR;
}
......
......@@ -161,6 +161,17 @@ ldap_pvt_thread_mutex_init( ldap_pvt_thread_mutex_t *mutex )
return ( 0 );
}
int
ldap_pvt_thread_mutex_init_first( ldap_pvt_thread_mutex_t *mutex )
{
if ( *mutex == NULL ) {
HANDLE p = CreateMutex( NULL, 0, NULL );
if ( InterlockedCompareExchangePointer((PVOID*)mutex, (PVOID)p, NULL) != NULL)
CloseHandle( p );
}
return ( 0 );
}
int
ldap_pvt_thread_mutex_recursive_init( ldap_pvt_thread_mutex_t *mutex )
{
......
......@@ -32,36 +32,6 @@
#include <ac/stdlib.h>
#include <ac/string.h>
#include <ac/unistd.h>
#if defined(SLAPD_LMHASH)
#if defined(HAVE_OPENSSL)
# include <openssl/des.h>
typedef DES_cblock des_key;
typedef DES_cblock des_data_block;
typedef DES_key_schedule des_context[1];
#define des_failed(encrypted) 0
#define des_finish(key, schedule)
#elif defined(HAVE_MOZNSS)
/*
hack hack hack
We need to define this here so that nspr/obsolete/protypes.h will not be included
if that file is included, it will create a uint32 typedef that will cause the
one in lutil_sha1.h to blow up
*/
#define PROTYPES_H 1
# include <nss/pk11pub.h>
typedef PK11SymKey *des_key;
typedef unsigned char des_data_block[8];
typedef PK11Context *des_context[1];
#define DES_ENCRYPT CKA_ENCRYPT
#endif
#endif /* SLAPD_LMHASH */
#include <ac/param.h>
#ifdef SLAPD_CRYPT
......@@ -130,10 +100,6 @@ static LUTIL_PASSWD_HASH_FUNC hash_sha1;
static LUTIL_PASSWD_HASH_FUNC hash_ssha1;
#endif
#ifdef SLAPD_LMHASH
static LUTIL_PASSWD_CHK_FUNC chk_lanman;
static LUTIL_PASSWD_HASH_FUNC hash_lanman;
#endif
#ifdef SLAPD_CRYPT
static LUTIL_PASSWD_CHK_FUNC chk_crypt;
......@@ -163,10 +129,6 @@ static const struct pw_scheme pw_schemes_default[] =
{ BER_BVC("{SMD5}"), chk_smd5, hash_smd5 },
{ BER_BVC("{MD5}"), chk_md5, hash_md5 },
#ifdef SLAPD_LMHASH
{ BER_BVC("{LANMAN}"), chk_lanman, hash_lanman },
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_CRYPT
{ BER_BVC("{CRYPT}"), chk_crypt, hash_crypt },
# if defined( HAVE_GETPWNAM ) && defined( HAVE_STRUCT_PASSWD_PW_PASSWD )
......@@ -399,8 +361,8 @@ int lutil_passwd_hash(
return (sc->hash_fn)( &sc->name, passwd, hash, text );
}
/* pw_string is only called when SLAPD_LMHASH or SLAPD_CRYPT is defined */
#if defined(SLAPD_LMHASH) || defined(SLAPD_CRYPT)
/* pw_string is only called when SLAPD_CRYPT is defined */
#if defined(SLAPD_CRYPT)
static int pw_string(
const struct berval *sc,
struct berval *passwd )
......@@ -422,7 +384,7 @@ static int pw_string(
return LUTIL_PASSWD_OK;
}
#endif /* SLAPD_LMHASH || SLAPD_CRYPT */
#endif /* SLAPD_CRYPT */
int lutil_passwd_string64(
const struct berval *sc,
......@@ -656,245 +618,6 @@ static int chk_md5(
return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
#ifdef SLAPD_LMHASH
#if defined(HAVE_OPENSSL)
/*
* abstract away setting the parity.
*/
static void
des_set_key_and_parity( des_key *key, unsigned char *keyData)
{
memcpy(key, keyData, 8);
DES_set_odd_parity( key );
}
#elif defined(HAVE_MOZNSS)
/*
* implement MozNSS wrappers for the openSSL calls
*/
static void
des_set_key_and_parity( des_key *key, unsigned char *keyData)
{
SECItem keyDataItem;
PK11SlotInfo *slot;
*key = NULL;
keyDataItem.data = keyData;
keyDataItem.len = 8;
slot = PK11_GetBestSlot(CKM_DES_ECB, NULL);
if (slot == NULL) {
return;
}
/* NOTE: this will not work in FIPS mode. In order to make lmhash
* work in fips mode we need to define a LMHASH pbe mechanism and
* do the fulll key derivation inside the token */
*key = PK11_ImportSymKey(slot, CKM_DES_ECB, PK11_OriginGenerated,
CKA_ENCRYPT, &keyDataItem, NULL);
}
static void
DES_set_key_unchecked( des_key *key, des_context ctxt )
{
ctxt[0] = NULL;
/* handle error conditions from previous call */
if (!*key) {
return;
}
ctxt[0] = PK11_CreateContextBySymKey(CKM_DES_ECB, CKA_ENCRYPT, *key, NULL);
}
static void
DES_ecb_encrypt( des_data_block *plain, des_data_block *encrypted,
des_context ctxt, int op)
{
SECStatus rv;
int size;
if (ctxt[0] == NULL) {
/* need to fail here... */
memset(encrypted, 0, sizeof(des_data_block));
return;
}
rv = PK11_CipherOp(ctxt[0], (unsigned char *)&encrypted[0],
&size, sizeof(des_data_block),
(unsigned char *)&plain[0], sizeof(des_data_block));
if (rv != SECSuccess) {
/* signal failure */
memset(encrypted, 0, sizeof(des_data_block));
return;
}
return;
}
static int
des_failed(des_data_block *encrypted)
{
static const des_data_block zero = { 0 };
return memcmp(encrypted, zero, sizeof(zero)) == 0;
}
static void
des_finish(des_key *key, des_context ctxt)
{
if (*key) {
PK11_FreeSymKey(*key);
*key = NULL;
}
if (ctxt[0]) {
PK11_Finalize(ctxt[0]);
PK11_DestroyContext(ctxt[0], PR_TRUE);
ctxt[0] = NULL;
}
}
#endif
/* pseudocode from RFC2433
* A.2 LmPasswordHash()
*
* LmPasswordHash(
* IN 0-to-14-oem-char Password,
* OUT 16-octet PasswordHash )
* {
* Set UcasePassword to the uppercased Password
* Zero pad UcasePassword to 14 characters
*
* DesHash( 1st 7-octets of UcasePassword,
* giving 1st 8-octets of PasswordHash )
*
* DesHash( 2nd 7-octets of UcasePassword,
* giving 2nd 8-octets of PasswordHash )
* }
*
*
* A.3 DesHash()
*
* DesHash(
* IN 7-octet Clear,
* OUT 8-octet Cypher )
* {
* *
* * Make Cypher an irreversibly encrypted form of Clear by
* * encrypting known text using Clear as the secret key.
* * The known text consists of the string
* *
* * KGS!@#$%
* *
*
* Set StdText to "KGS!@#$%"
* DesEncrypt( StdText, Clear, giving Cypher )
* }
*
*
* A.4 DesEncrypt()
*
* DesEncrypt(
* IN 8-octet Clear,
* IN 7-octet Key,
* OUT 8-octet Cypher )
* {
* *
* * Use the DES encryption algorithm [4] in ECB mode [9]
* * to encrypt Clear into Cypher such that Cypher can
* * only be decrypted back to Clear by providing Key.
* * Note that the DES algorithm takes as input a 64-bit
* * stream where the 8th, 16th, 24th, etc. bits are
* * parity bits ignored by the encrypting algorithm.
* * Unless you write your own DES to accept 56-bit input
* * without parity, you will need to insert the parity bits
* * yourself.
* *
* }
*/
static void lmPasswd_to_key(
const char *lmPasswd,
des_key *key)
{
const unsigned char *lpw = (const unsigned char *) lmPasswd;
unsigned char k[8];
/* make room for parity bits */
k[0] = lpw[0];
k[1] = ((lpw[0] & 0x01) << 7) | (lpw[1] >> 1);
k[2] = ((lpw[1] & 0x03) << 6) | (lpw[2] >> 2);
k[3] = ((lpw[2] & 0x07) << 5) | (lpw[3] >> 3);
k[4] = ((lpw[3] & 0x0F) << 4) | (lpw[4] >> 4);
k[5] = ((lpw[4] & 0x1F) << 3) | (lpw[5] >> 5);
k[6] = ((lpw[5] & 0x3F) << 2) | (lpw[6] >> 6);
k[7] = ((lpw[6] & 0x7F) << 1);
des_set_key_and_parity( key, k );
}
static int chk_lanman(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred,
const char **text )
{
ber_len_t i;
char UcasePassword[15];
des_key key;
des_context schedule;
des_data_block StdText = "KGS!@#$%";
des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33], storedPasswordHash[33];
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( cred->bv_val[i] != '\0' ) {
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
strncpy( UcasePassword, cred->bv_val, 14 );
UcasePassword[14] = '\0';
ldap_pvt_str2upper( UcasePassword );
lmPasswd_to_key( UcasePassword, &key );
DES_set_key_unchecked( &key, schedule );
DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
if (des_failed(&PasswordHash1)) {
return LUTIL_PASSWD_ERR;
}
lmPasswd_to_key( &UcasePassword[7], &key );
DES_set_key_unchecked( &key, schedule );
DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
if (des_failed(&PasswordHash2)) {
return LUTIL_PASSWD_ERR;
}
des_finish( &key, schedule );
sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
PasswordHash1[4],PasswordHash1[5],PasswordHash1[6],PasswordHash1[7],
PasswordHash2[0],PasswordHash2[1],PasswordHash2[2],PasswordHash2[3],
PasswordHash2[4],PasswordHash2[5],PasswordHash2[6],PasswordHash2[7] );
/* as a precaution convert stored password hash to lower case */
strncpy( storedPasswordHash, passwd->bv_val, 32 );
storedPasswordHash[32] = '\0';
ldap_pvt_str2lower( storedPasswordHash );
return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_CRYPT
static int lutil_crypt(
const char *key,
......@@ -1129,57 +852,6 @@ static int hash_md5(
;
}
#ifdef SLAPD_LMHASH
static int hash_lanman(
const struct berval *scheme,
const struct berval *passwd,
struct berval *hash,
const char **text )
{
ber_len_t i;
char UcasePassword[15];
des_key key;
des_context schedule;
des_data_block StdText = "KGS!@#$%";
des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33];
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return LUTIL_PASSWD_ERR; /* NUL character in password */
}
}
if( passwd->bv_val[i] != '\0' ) {
return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
}
strncpy( UcasePassword, passwd->bv_val, 14 );
UcasePassword[14] = '\0';
ldap_pvt_str2upper( UcasePassword );
lmPasswd_to_key( UcasePassword, &key );
DES_set_key_unchecked( &key, schedule );
DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );
lmPasswd_to_key( &UcasePassword[7], &key );
DES_set_key_unchecked( &key, schedule );
DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );
sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3],
PasswordHash1[4],PasswordHash1[5],PasswordHash1[6],PasswordHash1[7],
PasswordHash2[0],PasswordHash2[1],PasswordHash2[2],PasswordHash2[3],
PasswordHash2[4],PasswordHash2[5],PasswordHash2[6],PasswordHash2[7] );
hash->bv_val = PasswordHash;
hash->bv_len = 32;
return pw_string( scheme, hash );
}
#endif /* SLAPD_LMHASH */
#ifdef SLAPD_CRYPT
static int hash_crypt(
const struct berval *scheme,
......
......@@ -103,7 +103,7 @@ dynlist_make_filter( Operation *op, Entry *e, dynlist_info_t *dli, const char *u
assert( !BER_BVISEMPTY( oldf ) );
if ( oldf->bv_val[0] != '(' ) {
Debug( LDAP_DEBUG_ANY, "%s: dynlist, DN=\"%s\": missing brackets in URI=\"%s\" filter\n",
Debug( LDAP_DEBUG_ANY, "%s: dynlist, DN=\"%s\": missing parentheses in URI=\"%s\" filter\n",
op->o_log_prefix, e->e_name.bv_val, url );
needBrackets = 2;
}
......@@ -1029,6 +1029,8 @@ dynlist_search2resp( Operation *op, SlapReply *rs )
rs->sr_err = send_search_entry( op, &r );
if ( rs->sr_err != LDAP_SUCCESS )
break;
} else {
rs_flush_entry( op, &r, NULL );
}
}
rs->sr_nentries = r.sr_nentries;
......
......@@ -4508,6 +4508,7 @@ pcache_db_init(
SLAP_DBFLAGS(&cm->db) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
cm->db.be_private = NULL;
cm->db.bd_self = &cm->db;
cm->db.be_pending_csn_list = NULL;
cm->qm = qm;
cm->numattrsets = 0;
cm->num_entries_limit = 5;
......
......@@ -1663,9 +1663,8 @@ ppolicy_bind( Operation *op, SlapReply *rs )
/* Setup a callback so we can munge the result */
cb->sc_response = ppolicy_bind_response;
cb->sc_next = op->o_callback->sc_next;
cb->sc_private = ppb;
op->o_callback->sc_next = cb;
overlay_callback_after_backover( op, cb, 1 );
/* Did we receive a password policy request control? */
if ( op->o_ctrlflag[ppolicy_cid] ) {
......@@ -1809,9 +1808,8 @@ ppolicy_compare(
/* Setup a callback so we can munge the result */
cb->sc_response = ppolicy_compare_response;
cb->sc_next = op->o_callback->sc_next;
cb->sc_private = ppb;
op->o_callback->sc_next = cb;
overlay_callback_after_backover( op, cb, 1 );
op->o_bd->bd_info = (BackendInfo *)on;
ppolicy_get( op, e, &ppb->pp );
......
......@@ -46,7 +46,7 @@
#define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\
(SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)
#if SASL_VERSION_MINOR >= 0x020119 /* 2.1.25 */
#if SASL_VERSION_FULL >= 0x020119 /* 2.1.25 */
typedef sasl_callback_ft slap_sasl_cb_ft;
#else
typedef int (*slap_sasl_cb_ft)();
......