[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Upgrade issue ("{CLEARTEXT}" not available) PATCH



On Tue, Oct 11, 2005 at 08:30:08PM -0400, Aaron Richton wrote:

> > > libraries/liblutil/passwd.c r1.103
> >
> > Please excuse my ignorance but a diff (attached) between 1.103 and
> > 1.74.2.13 (v2.2.8) shows quite a few changes. I'm not enough of a 'C'
> > programmer to know what is applicable or not.
> 
> At severe risk of shooting myself in the foot by not looking at the CVS,
> I'm going to guess that you should look at and apply the diff 1.102 ->
> 1.103, which will likely be smaller.

Much smaller, but it relies on other previous changes.

FWIW, I weeded through the changes and came up with a patch, compiled,
and installed it. Its now running on one of my servers with no
apparent issues.

The patch is attached, maybe it could be reviewed and applied?

PS: Thanks for the help, Aaron and Howard.

--
Man who walk through airport turnstile sideways going to Bangkok.

Mike Hall,
System Admin - Rock Island Communications           <mikeh@rockisland.com>
System Admin - riverside.org, ssdd.org              <mhall@riverside.org>
--- libraries/liblutil/passwd.c.orig	Tue Oct 11 16:22:46 2005
+++ libraries/liblutil/passwd.c	Tue Oct 11 19:27:24 2005
@@ -79,6 +79,10 @@
 static char *salt_format = NULL;
 #endif
 
+/* KLUDGE:
+ *  chk_fn is NULL iff name is {CLEARTEXT}
+ *     otherwise, things will break
+ */
 struct pw_scheme {
 	struct berval name;
 	LUTIL_PASSWD_CHK_FUNC *chk_fn;
@@ -161,7 +165,7 @@
 
 #ifdef SLAPD_CLEARTEXT
 	/* pseudo scheme */
-	{ {0, "{CLEARTEXT}"},		NULL, hash_clear },
+	{ BER_BVC("{CLEARTEXT}"),	NULL, hash_clear },
 #endif
 
 	{ BER_BVNULL, NULL, NULL }
@@ -223,9 +227,7 @@
 	bv.bv_val = (char *) scheme;
 
 	for( pws=pw_schemes; pws; pws=pws->next ) {
-		if( bv.bv_len != pws->s.name.bv_len )
-			continue;
-		if( strncasecmp(bv.bv_val, pws->s.name.bv_val, bv.bv_len ) == 0 ) {
+		if ( ber_bvstrcasecmp(&bv, &pws->s.name ) == 0 ) {
 			return &(pws->s);
 		}
 	}
@@ -317,10 +319,17 @@
 	}
 
 #ifdef SLAPD_CLEARTEXT
+	/* Do we think there is a scheme specifier here that we
+	* didn't recognize? Assume a scheme name is at least 1 character.
+	*/
+	if (( passwd->bv_val[0] == '{' ) &&
+		( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
+	{
+		return 1;
+	}
 	if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
-		return (( passwd->bv_len == cred->bv_len ) &&
-				( passwd->bv_val[0] != '{' /*'}'*/ ))
-			? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
+		return ( passwd->bv_len == cred->bv_len ) ?
+			memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
 			: 1;
 	}
 #endif