detect unavailable hash algorithms at startup

2025-01-06 10:46:21 +08:00 · 2002-03-09 11:02:32 +00:00 · 2002-03-09 11:02:32 +00:00 · a1b65bcdfe
commit a1b65bcdfe
parent 6d7556180d
2 changed files with 17 additions and 3 deletions
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@ -44,7 +44,7 @@ int		global_idletimeout = 0;
 char	*global_host = NULL;
 char	*global_realm = NULL;
 char		*ldap_srvtab = "";
-char		*default_passwd_hash;
+char		*default_passwd_hash = NULL;
 struct berval default_search_base = { 0, NULL };
 struct berval default_search_nbase = { 0, NULL };
 unsigned		num_subordinates = 0;
@ -520,10 +520,23 @@ read_config( const char *fname )

 				return 1;

-			} else {
-				default_passwd_hash = ch_strdup( cargv[1] );
 			}

+			if ( lutil_passwd_scheme( cargv[1] ) == NULL ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+					   "%s: line %d: password scheme \"%s\" not available\n",
+					   fname, lineno, cargv[1] ));
+#else
+				Debug( LDAP_DEBUG_ANY,
+					"%s: line %d: password scheme \"%s\" not available\n",
+					fname, lineno, cargv[1] );
+#endif
+				return 1;
+			}
+
+			default_passwd_hash = ch_strdup( cargv[1] );
+
 		} else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 ) 
 		{
 			if ( cargc < 2 ) {
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@ -314,6 +314,7 @@ slap_passwd_hash(
 #endif

 	tmp = lutil_passwd_hash( cred , hash );
+	assert( tmp != NULL );
 	
 #if defined( SLAPD_CRYPT ) || defined( SLAPD_SPASSWD )
 	ldap_pvt_thread_mutex_unlock( &passwd_mutex );