Apply --disable-crypt & -disable-cleartext fixes from devel.

2025-04-06 15:00:40 +08:00 · 1998-12-29 23:02:18 +00:00 · 1998-12-29 23:02:18 +00:00 · 0a7ca1e8d2
commit 0a7ca1e8d2
parent f56d685880
12 changed files with 50 additions and 16 deletions
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@ -31,12 +31,7 @@ lutil_passwd(
 		return -1;
 	}

-	if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
-		const char *p = passwd + (sizeof("{CRYPT}") - 1);
-
-		return( strcmp(p, crypt(cred, p)) );
-
-	} else if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
+	if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
 		lutil_MD5_CTX MD5context;
 		unsigned char MD5digest[16];
 		char base64digest[25];  /* ceiling(sizeof(input)/3) * 4 + 1 */
@ -74,6 +69,14 @@ lutil_passwd(
 		}

 		return( strcmp(p, base64digest) );
+
+#ifdef SLAPD_CRYPT
+	} else if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
+		const char *p = passwd + (sizeof("{CRYPT}") - 1);
+
+		return( strcmp(p, crypt(cred, p)) );
+
+#endif
 	}

 #ifdef SLAPD_CLEARTEXT
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@ -19,8 +19,6 @@
 extern int	krbv4_ldap_auth();
 #endif

-pthread_mutex_t crypt_mutex;
-
 static int
 crypted_value_find(
 	struct berval       **vals,
@ -35,13 +33,17 @@ crypted_value_find(
 		if ( syntax != SYNTAX_BIN ) {
 			int result;

+#ifdef SLAPD_CRYPT
 			pthread_mutex_lock( &crypt_mutex );
+#endif

 			result = lutil_passwd(
 				(char*) cred->bv_val,
 				(char*) vals[i]->bv_val);

+#ifdef SLAPD_CRYPT
 			pthread_mutex_unlock( &crypt_mutex );
+#endif

 			return result;

--- a/servers/slapd/back-ldbm/init.c
+++ b/servers/slapd/back-ldbm/init.c
@ -19,10 +19,6 @@ ldbm_back_init(
 	char		*argv[ 4 ];
 	int		i;

-#ifdef SLAPD_CRYPT
-	extern pthread_mutex_t crypt_mutex;
-#endif /* SLAPD_CRYPT */
-
 	/* allocate backend-specific stuff */
 	li = (struct ldbminfo *) ch_calloc( 1, sizeof(struct ldbminfo) );

@ -70,9 +66,6 @@ ldbm_back_init(
 	pthread_mutex_init( &li->li_cache.c_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &li->li_nextid_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &li->li_dbcache_mutex, pthread_mutexattr_default );
-#ifdef SLAPD_CRYPT
-	pthread_mutex_init( &crypt_mutex, pthread_mutexattr_default );
-#endif /* SLAPD_CRYPT */
 	pthread_cond_init( &li->li_dbcache_cv, pthread_condattr_default );
 	for ( i = 0; i < MAXDBCACHE; i++ ) {
 		pthread_mutex_init( &li->li_dbcache[i].dbc_mutex,
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@ -209,11 +209,23 @@ be_isroot( Backend *be, char *dn )
 int
 be_isroot_pw( Backend *be, char *dn, struct berval *cred )
 {
+	int result;
+
 	if ( ! be_isroot( be, dn ) ) {
 		return( 0 );
 	}

-	return( lutil_passwd( cred->bv_val, be->be_rootpw ) == 0 );
+#ifdef SLAPD_CRYPT
+	pthread_mutex_lock( &crypt_mutex );
+#endif
+
+	result = lutil_passwd( cred->bv_val, be->be_rootpw );
+
+#ifdef SLAPD_CRYPT
+	pthread_mutex_unlock( &crypt_mutex );
+#endif
+
+	return result == 0;
 }

 void
--- a/servers/slapd/init.c
+++ b/servers/slapd/init.c
@ -21,4 +21,7 @@ init( void )
 	pthread_mutex_init( &replog_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &ops_mutex, pthread_mutexattr_default );
 	pthread_mutex_init( &num_sent_mutex, pthread_mutexattr_default );
+#ifdef SLAPD_CRYPT
+	pthread_mutex_init( &crypt_mutex, pthread_mutexattr_default );
+#endif
 }
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@ -39,6 +39,9 @@ pthread_mutex_t	currenttime_mutex;
 int		active_threads;
 pthread_mutex_t	active_threads_mutex;
 pthread_mutex_t	new_conn_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t crypt_mutex;
+#endif
 long		ops_initiated;
 long		ops_completed;
 int		num_conns;
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -246,6 +246,9 @@ extern pthread_mutex_t	new_conn_mutex;
 extern pthread_mutex_t	num_sent_mutex;
 extern pthread_mutex_t	ops_mutex;
 extern pthread_mutex_t	replog_mutex;
+#ifdef SLAPD_CRYPT
+extern pthread_mutex_t	crypt_mutex;
+#endif
 extern pthread_t	listener_tid;
 extern struct acl	*global_acl;
 extern struct objclass	*global_oc;
--- a/servers/slapd/tools/ldbmtest.c
+++ b/servers/slapd/tools/ldbmtest.c
@ -52,6 +52,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif

 int
 main( int argc, char **argv )
--- a/servers/slapd/tools/ldif2id2children.c
+++ b/servers/slapd/tools/ldif2id2children.c
@ -34,6 +34,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif

 static char	*tailorfile;
 static char	*inputfile;
--- a/servers/slapd/tools/ldif2id2entry.c
+++ b/servers/slapd/tools/ldif2id2entry.c
@ -31,6 +31,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif

 static char	*tailorfile;
 static char	*inputfile;
--- a/servers/slapd/tools/ldif2index.c
+++ b/servers/slapd/tools/ldif2index.c
@ -33,6 +33,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif


 static void
--- a/servers/slapd/tools/ldif2ldbm.c
+++ b/servers/slapd/tools/ldif2ldbm.c
@ -37,6 +37,9 @@ pthread_mutex_t	currenttime_mutex;
 pthread_mutex_t	replog_mutex;
 pthread_mutex_t	ops_mutex;
 pthread_mutex_t	regex_mutex;
+#ifdef SLAPD_CRYPT
+pthread_mutex_t	crypt_mutex;
+#endif

 static void fork_child( char *prog, char *args[] );
 static void	wait4kids( int nkidval );