From 0a7ca1e8d2f575f1a0c65932eb1e26136656c128 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 29 Dec 1998 23:02:18 +0000
Subject: [PATCH] Apply --disable-crypt & -disable-cleartext fixes from devel.

---
 libraries/liblutil/passwd.c            | 15 +++++++++------
 servers/slapd/back-ldbm/bind.c         |  6 ++++--
 servers/slapd/back-ldbm/init.c         |  7 -------
 servers/slapd/backend.c                | 14 +++++++++++++-
 servers/slapd/init.c                   |  3 +++
 servers/slapd/main.c                   |  3 +++
 servers/slapd/proto-slap.h             |  3 +++
 servers/slapd/tools/ldbmtest.c         |  3 +++
 servers/slapd/tools/ldif2id2children.c |  3 +++
 servers/slapd/tools/ldif2id2entry.c    |  3 +++
 servers/slapd/tools/ldif2index.c       |  3 +++
 servers/slapd/tools/ldif2ldbm.c        |  3 +++
 12 files changed, 50 insertions(+), 16 deletions(-)

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 7a74aa9989..ff698f944a 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -31,12 +31,7 @@ lutil_passwd(
 		return -1;
 	}
 
-	if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
-		const char *p = passwd + (sizeof("{CRYPT}") - 1);
-
-		return( strcmp(p, crypt(cred, p)) );
-
-	} else if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
+	if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
 		lutil_MD5_CTX MD5context;
 		unsigned char MD5digest[16];
 		char base64digest[25];  /* ceiling(sizeof(input)/3) * 4 + 1 */
@@ -74,6 +69,14 @@ lutil_passwd(
 		}
 
 		return( strcmp(p, base64digest) );
+
+#ifdef SLAPD_CRYPT
+	} else if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
+		const char *p = passwd + (sizeof("{CRYPT}") - 1);
+
+		return( strcmp(p, crypt(cred, p)) );
+
+#endif
 	}
 
 #ifdef SLAPD_CLEARTEXT
diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c
index 144650686b..23bb40491a 100644
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -19,8 +19,6 @@
 extern int	krbv4_ldap_auth();
 #endif
 
-pthread_mutex_t crypt_mutex;
-
 static int
 crypted_value_find(
 	struct berval       **vals,
@@ -35,13 +33,17 @@ crypted_value_find(
 		if ( syntax != SYNTAX_BIN ) {
 			int result;
 
+#ifdef SLAPD_CRYPT
 			pthread_mutex_lock( &crypt_mutex );
+#endif
 
 			result = lutil_passwd(
 				(char*) cred->bv_val,
 				(char*) vals[i]->bv_val);
 
+#ifdef SLAPD_CRYPT
 			pthread_mutex_unlock( &crypt_mutex );
+#endif
 
 			return result;
 
diff --git a/servers/slapd/back-ldbm/init.c b/servers/slapd/back-ldbm/init.c
index 6580fa5331..36ebbc963c 100644
--- a/servers/slapd/back-ldbm/init.c
+++ b/servers/slapd/back-ldbm/init.c
@@ -19,10 +19,6 @@ ldbm_back_init(
 	char		*argv[ 4 ];
 	int		i;
 
-#ifdef SLAPD_CRYPT
-	extern pthread_mutex_t crypt_mutex;
-#endif /* SLAPD_CRYPT */
-
 	/* allocate backend-specific stuff */
 	li = (struct ldbminfo *) ch_calloc( 1, sizeof(struct ldbminfo) );
 
@@ -70,9 +66,6 @@ ldbm_back_init(
 	pthread_mutex_init( &li->li_cache.c_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &li->li_nextid_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &li->li_dbcache_mutex, pthread_mutexattr_default );
-#ifdef SLAPD_CRYPT
-	pthread_mutex_init( &crypt_mutex, pthread_mutexattr_default );
-#endif /* SLAPD_CRYPT */
 	pthread_cond_init( &li->li_dbcache_cv, pthread_condattr_default );
 	for ( i = 0; i < MAXDBCACHE; i++ ) {
 		pthread_mutex_init( &li->li_dbcache[i].dbc_mutex,
diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 9bc09c94b2..35f8b22a64 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -209,11 +209,23 @@ be_isroot( Backend *be, char *dn )
 int
 be_isroot_pw( Backend *be, char *dn, struct berval *cred )
 {
+	int result;
+
 	if ( ! be_isroot( be, dn ) ) {
 		return( 0 );
 	}
 
-	return( lutil_passwd( cred->bv_val, be->be_rootpw ) == 0 );
+#ifdef SLAPD_CRYPT
+	pthread_mutex_lock( &crypt_mutex );
+#endif
+
+	result = lutil_passwd( cred->bv_val, be->be_rootpw );
+
+#ifdef SLAPD_CRYPT
+	pthread_mutex_unlock( &crypt_mutex );
+#endif
+
+	return result == 0;
 }
 
 void
diff --git a/servers/slapd/init.c b/servers/slapd/init.c
index 05c965f078..e93479432c 100644
--- a/servers/slapd/init.c
+++ b/servers/slapd/init.c
@@ -21,4 +21,7 @@ init( void )
 	pthread_mutex_init( &replog_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &ops_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &num_sent_mutex, pthread_mutexattr_default );
+#ifdef SLAPD_CRYPT
+	pthread_mutex_init( &crypt_mutex, pthread_mutexattr_default );
+#endif
 }
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 543676bda9..76f8cd9acd 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -39,6 +39,9 @@ pthread_mutex_t	currenttime_mutex;
 int		active_threads;
 pthread_mutex_t	active_threads_mutex;
 pthread_mutex_t	new_conn_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t crypt_mutex;
+#endif
 long		ops_initiated;
 long		ops_completed;
 int		num_conns;
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 87a570fb6d..8d47589abc 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -246,6 +246,9 @@ extern pthread_mutex_t	new_conn_mutex;
 extern pthread_mutex_t	num_sent_mutex;
 extern pthread_mutex_t	ops_mutex;
 extern pthread_mutex_t	replog_mutex;
+#ifdef SLAPD_CRYPT
+extern pthread_mutex_t	crypt_mutex;
+#endif
 extern pthread_t	listener_tid;
 extern struct acl	*global_acl;
 extern struct objclass	*global_oc;
diff --git a/servers/slapd/tools/ldbmtest.c b/servers/slapd/tools/ldbmtest.c
index c3bc60153e..5978e91e1a 100644
--- a/servers/slapd/tools/ldbmtest.c
+++ b/servers/slapd/tools/ldbmtest.c
@@ -52,6 +52,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif
 
 int
 main( int argc, char **argv )
diff --git a/servers/slapd/tools/ldif2id2children.c b/servers/slapd/tools/ldif2id2children.c
index 806cb4a089..7877f65927 100644
--- a/servers/slapd/tools/ldif2id2children.c
+++ b/servers/slapd/tools/ldif2id2children.c
@@ -34,6 +34,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif
 
 static char	*tailorfile;
 static char	*inputfile;
diff --git a/servers/slapd/tools/ldif2id2entry.c b/servers/slapd/tools/ldif2id2entry.c
index 70653f0edb..a34eb0a553 100644
--- a/servers/slapd/tools/ldif2id2entry.c
+++ b/servers/slapd/tools/ldif2id2entry.c
@@ -31,6 +31,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif
 
 static char	*tailorfile;
 static char	*inputfile;
diff --git a/servers/slapd/tools/ldif2index.c b/servers/slapd/tools/ldif2index.c
index 8fb0511a75..ab05644cbc 100644
--- a/servers/slapd/tools/ldif2index.c
+++ b/servers/slapd/tools/ldif2index.c
@@ -33,6 +33,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif
 
 
 static void
diff --git a/servers/slapd/tools/ldif2ldbm.c b/servers/slapd/tools/ldif2ldbm.c
index 33b34bd8a2..41b93676b0 100644
--- a/servers/slapd/tools/ldif2ldbm.c
+++ b/servers/slapd/tools/ldif2ldbm.c
@@ -37,6 +37,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif
 
 static void fork_child( char *prog, char *args[] );
 static void	wait4kids( int nkidval );
-- 
GitLab