[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password-hash {CLEARTEXT} with slapd 2.3.7



Adam Pordzik wrote:



Pierangelo Masarati wrote:

The code where the {CLEARTEXT} scheme is defined differs from that of other schemes because the berval that contains the scheme name intentionally has 0 length; I guess this was a hack to allow no scheme


Do you mean liblutil/passwd.c ?

yes


and {CLEARTEXT} somehow appear as the same scheme, but it broke at some point. I'm not sure if setting that length to the actual length of {CLEARTEXT} will break anything else, but it'll surely fix this issue. I'd leave this to someone else.


Sorry, I cannot locate the point, I don't know the sources good enough
yet. Is there a blueprint, or map, helping me orient in the code?

libraries/libldap/passwd.c:150 in re23 code (2.3.7)


If you agree this as a bug, I'll drop an ITS on that.

I'm not saying it's a bug. I'm saying {CLEARTEXT} is being treated differently from other schemes, which prevents its use in password-hash. This may be intended, so I don't know if it is a bug or what, because I have never worked at that part of code, and I'm ot sure about the implications of making it work like all other schemes.


p.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497