[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Upgrade issue ("{CLEARTEXT}" not available) PATCH
On Tue, Oct 11, 2005 at 08:30:08PM -0400, Aaron Richton wrote:
> > > libraries/liblutil/passwd.c r1.103
> >
> > Please excuse my ignorance but a diff (attached) between 1.103 and
> > 1.74.2.13 (v2.2.8) shows quite a few changes. I'm not enough of a 'C'
> > programmer to know what is applicable or not.
>
> At severe risk of shooting myself in the foot by not looking at the CVS,
> I'm going to guess that you should look at and apply the diff 1.102 ->
> 1.103, which will likely be smaller.
Much smaller, but it relies on other previous changes.
FWIW, I weeded through the changes and came up with a patch, compiled,
and installed it. Its now running on one of my servers with no
apparent issues.
The patch is attached, maybe it could be reviewed and applied?
PS: Thanks for the help, Aaron and Howard.
--
Man who walk through airport turnstile sideways going to Bangkok.
Mike Hall,
System Admin - Rock Island Communications <mikeh@rockisland.com>
System Admin - riverside.org, ssdd.org <mhall@riverside.org>
--- libraries/liblutil/passwd.c.orig Tue Oct 11 16:22:46 2005
+++ libraries/liblutil/passwd.c Tue Oct 11 19:27:24 2005
@@ -79,6 +79,10 @@
static char *salt_format = NULL;
#endif
+/* KLUDGE:
+ * chk_fn is NULL iff name is {CLEARTEXT}
+ * otherwise, things will break
+ */
struct pw_scheme {
struct berval name;
LUTIL_PASSWD_CHK_FUNC *chk_fn;
@@ -161,7 +165,7 @@
#ifdef SLAPD_CLEARTEXT
/* pseudo scheme */
- { {0, "{CLEARTEXT}"}, NULL, hash_clear },
+ { BER_BVC("{CLEARTEXT}"), NULL, hash_clear },
#endif
{ BER_BVNULL, NULL, NULL }
@@ -223,9 +227,7 @@
bv.bv_val = (char *) scheme;
for( pws=pw_schemes; pws; pws=pws->next ) {
- if( bv.bv_len != pws->s.name.bv_len )
- continue;
- if( strncasecmp(bv.bv_val, pws->s.name.bv_val, bv.bv_len ) == 0 ) {
+ if ( ber_bvstrcasecmp(&bv, &pws->s.name ) == 0 ) {
return &(pws->s);
}
}
@@ -317,10 +319,17 @@
}
#ifdef SLAPD_CLEARTEXT
+ /* Do we think there is a scheme specifier here that we
+ * didn't recognize? Assume a scheme name is at least 1 character.
+ */
+ if (( passwd->bv_val[0] == '{' ) &&
+ ( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
+ {
+ return 1;
+ }
if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
- return (( passwd->bv_len == cred->bv_len ) &&
- ( passwd->bv_val[0] != '{' /*'}'*/ ))
- ? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
+ return ( passwd->bv_len == cred->bv_len ) ?
+ memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
: 1;
}
#endif