Commit Graph

57 Commits

Author SHA1 Message Date
Howard Chu
e5eb270e6c from jon@symas.com - misc Windows cleanup 2001-12-17 22:42:55 +00:00
Kurt Zeilenga
7ee53eb12e Remove const from salt_format 2001-06-14 02:20:05 +00:00
Kurt Zeilenga
ff993c7ddb Misc updates to password codes / docs 2001-06-13 05:40:24 +00:00
Kurt Zeilenga
8d4c20cd6d Adding crypt(3) salt format (ITS#1202) from Jeff Costlow <j.costlow@f5.com>
with minor changes by committer
---
Copyright 2001, F5 Networks, Inc, All rights reserved.
This software is not subject to any license of F5 Networks.

This is free software; you can redistribute and use it
under the same terms as OpenLDAP itself.
2001-06-13 03:47:17 +00:00
Kurt Zeilenga
9ed2b33e2b optional SHA1 2001-05-02 19:49:44 +00:00
Kurt Zeilenga
7f91ee936f Clean up header inclusion 2001-03-15 03:09:52 +00:00
Gary Williams
36880023b6 fix NT build by moving unistd.h 2001-02-02 16:07:12 +00:00
Kurt Zeilenga
90c9d543a8 Provide extra salt for crypt(3) 2001-01-20 01:15:28 +00:00
Kurt Zeilenga
319a75ef39 Fix LMPASSWD code
Move <ac/unistd.h> and <ac/crypt.h> behind SLAPD_CRYPT
2001-01-18 00:35:09 +00:00
Kurt Zeilenga
df7804debc ITS#899 LANMAN password contribution from Norbert Klasen 2000-11-22 20:18:50 +00:00
Kurt Zeilenga
7fad68f7b4 remove lint 2000-10-18 00:29:21 +00:00
Kurt Zeilenga
f319444df0 MIT Kerberos and krb5_free_creds_contents (ITS#715)
fix suggested by Norbert Klasen <klasen@zdv.uni-tuebingen.de>
2000-09-06 18:21:39 +00:00
Kurt Zeilenga
3b03b64b77 Add char* ldap_pvt_get_fqdn(char*) which returns the FQDN of the
input.  In input==NULL, returns FQDN of local host.
Fixed copy_hostent() uninitialized pointer bug.
Replaced gethostname calls with ldap_pvt_get_fqdn( NULL ) calls.
2000-08-15 01:55:43 +00:00
Kurt Zeilenga
5b856458a2 s/SAFEMEMCPY/AC_MEMCPY/
Use AC_FMEMCPY where appropriate (-llber)
2000-07-28 01:07:07 +00:00
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session.
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
c5765e3827 Use provided macros and comment 2000-06-03 17:24:21 +00:00
Kurt Zeilenga
29d9fa20a2 Y2k copyright update 2000-05-13 02:36:07 +00:00
Howard Chu
3f618bfe03 Fix ambiguous return value in lutil_passwd 2000-05-13 00:10:24 +00:00
Howard Chu
7ca81c0a03 Fix one more chk_unix ifdef 2000-05-11 20:00:47 +00:00
Kurt Zeilenga
cdb709fd27 Fix unbalanced #endif 2000-05-11 16:06:41 +00:00
Howard Chu
605832eaa5 Added support for AIX security database:
configure.in: check for AIX security library, set in AUTH_LIBS macro
  top.mk: add AUTH_LIBS macro to SECURITY_LIBS
  portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
  passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
  	getpwnam must always succeed for the given user. It is not a
	fatal error if getspnam returns no result for the user: On
	systems that support /etc/shadow, its usage is optional. The
	same logic applies for AIX, SCO/HP SecureWare, etc.
2000-05-11 10:10:53 +00:00
Kurt Zeilenga
3553f9aab6 Fix #ifdefs when --disable-crypt 2000-05-10 23:26:42 +00:00
Kurt Zeilenga
f224e69558 Add experimental code to check simple bind passwords
against Cyrus SASLdb.  Like other cleartext mechanisms,
should be protected from eavesdropping.
2000-05-10 04:29:51 +00:00
Kurt Zeilenga
802ee714e4 Framework for authpasswd. Needs work. Behind #ifdef 2000-04-25 13:28:03 +00:00
Kurt Zeilenga
4c0be829e1 Fix usage in comment 2000-03-17 02:07:59 +00:00
Kurt Zeilenga
5967cc5658 Even more checks around use of crypt(3). 2000-01-17 17:09:33 +00:00
Kurt Zeilenga
c17b89f431 Add additional crypt() sanity checks. 2000-01-17 16:53:15 +00:00
Kurt Zeilenga
34fe70cc71 Validate krb5_init_context 2000-01-10 21:37:04 +00:00
Kurt Zeilenga
38f0b890ab Borrowed a bit to literally... s/pop/ldap/ s/popper/slapd/ 2000-01-09 00:20:00 +00:00
Kurt Zeilenga
e988e175a6 Minor fixes. 2000-01-08 18:51:27 +00:00
Kurt Zeilenga
6437785a82 Initial implementation of Kerberos password verification for
simple bind via:
	{KERBEROS}principal
Code is disabled by default (for security reasons).  Use
--enable-kpasswd to enable.  Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support.  Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
2000-01-08 18:42:11 +00:00
Kurt Zeilenga
30411f8402 Add slappasswd to generate rootpw. 1999-12-16 02:18:50 +00:00
Kurt Zeilenga
b1639dadd6 Remove lint
Add copyrights
1999-12-13 04:53:59 +00:00
Kurt Zeilenga
431dad371c Fix slapd SASL/ExternalOps encoding
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
1999-12-10 04:52:32 +00:00
Kurt Zeilenga
b973e61dda Fix {CRYPT} and {UNIX} passwords 1999-12-09 01:24:38 +00:00
Kurt Zeilenga
5e12c84a6f Add simple password test program.
Rework lutil_passwd routines to use struct berval instead of strings.
1999-12-09 01:11:16 +00:00
Kurt Zeilenga
aeb2de33d7 Found and fixed stupid bug in seeded hash generation. 1999-12-08 19:23:32 +00:00
Kurt Zeilenga
96a126e36a Need to adjust len by saltlen 1999-12-08 07:07:18 +00:00
Kurt Zeilenga
26c7d69e8c Update for new password codes for MSVC5 1999-12-08 06:44:22 +00:00
Kurt Zeilenga
d5edb4bff6 Reengineered ldappasswd(1). Uses extended operation to set
user password.  Likely to be modified to use bind control
instead.  Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
1999-12-08 04:37:59 +00:00
Kurt Zeilenga
f4a0699311 Add macros to compute base64 encode/decode lengths. 1999-10-25 01:44:47 +00:00
Kurt Zeilenga
a284b641b7 Move crypt(3) prototypes from <ac/unistd.h> to <ac/crypt.h> (new) to
avoid clashes with Kth Kerberos.
1999-10-01 04:48:30 +00:00
Kurt Zeilenga
3c00fd6d23 Rework passwd routines to allow callers to determine which
schemes are supported.  This should facilate server rootDSE
advertisement of supported schemes, etc..
1999-09-25 22:13:25 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00
Kurt Zeilenga
e4f6d54877 New dn2id format with base/one/subtree indices (ldbm/bdb2)
New id2entry (id-less) format (ldbm/bdb2)
Removed id2children (ldbm/bdb2)
Added nextid database (ldbm)
Broke ldbmtest
Removed ldif2* tools (ldbm/bdb2)
Added slap tools (slapadd, slapcat, slapindex)
1999-08-17 19:00:59 +00:00
Kurt Zeilenga
9225707a06 Modify lutil_passwd to accept a third argument char** methods to
specific which methods may be used.  This will facilate development
of a slapd config directive "passwordMethod ..." to specify which
methods should be allowed.
1999-06-29 22:24:53 +00:00
Kurt Zeilenga
ab10099fc1 Added support for "userPassword: {UNIX}uid". getpwnam("uid") is
used to fetch the pw_passwd which is than passwd to crypt().
getspnam() is used instead of getpwnam() when available.
Added configration detection of pw_passwd, shadow.h, getpwnam()
and getspnam().
1999-06-26 20:52:59 +00:00
Kurt Zeilenga
21c70857f1 s/<stdlib.h>/<ac/stdlib.h>/ 1999-06-03 00:37:44 +00:00
Kurt Zeilenga
e8116a8a74 Use memcmp not strncmp for non-string comparisons. 1999-05-24 22:51:13 +00:00
Kurt Zeilenga
dda1fb4ba0 Updates for NT4 (MSVC5++).
Removed external include/library paths from projects.  External paths should
be set via Tools | Options | Directories.  This allows each developer the
freedom to install external libraries where they desire.
Used libdb.lib instead of libdbs.lib to avoid thread conflicts.
Added hs_regex.lib to library input.  We require some form of regex, this
library works (and is relatively easy for the user to install).
Removed a little lint which MCVC5 detected.
Need to sort out single-threaded vs multithreaded library generation.
1999-04-01 20:26:09 +00:00