Commit Graph

43 Commits

Author SHA1 Message Date
Kurt Zeilenga
5fc22599e2 Update SASL code to reuse context through life of session.
Replace 'negotiated' with 'interactive' bind
Add hooks for SASL/EXTERNAL
Disable SASL security layers
Rework SASL command line and config file parameters
2000-07-13 22:54:38 +00:00
Kurt Zeilenga
c5765e3827 Use provided macros and comment 2000-06-03 17:24:21 +00:00
Kurt Zeilenga
29d9fa20a2 Y2k copyright update 2000-05-13 02:36:07 +00:00
Howard Chu
3f618bfe03 Fix ambiguous return value in lutil_passwd 2000-05-13 00:10:24 +00:00
Howard Chu
7ca81c0a03 Fix one more chk_unix ifdef 2000-05-11 20:00:47 +00:00
Kurt Zeilenga
cdb709fd27 Fix unbalanced #endif 2000-05-11 16:06:41 +00:00
Howard Chu
605832eaa5 Added support for AIX security database:
configure.in: check for AIX security library, set in AUTH_LIBS macro
  top.mk: add AUTH_LIBS macro to SECURITY_LIBS
  portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
  passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
  	getpwnam must always succeed for the given user. It is not a
	fatal error if getspnam returns no result for the user: On
	systems that support /etc/shadow, its usage is optional. The
	same logic applies for AIX, SCO/HP SecureWare, etc.
2000-05-11 10:10:53 +00:00
Kurt Zeilenga
3553f9aab6 Fix #ifdefs when --disable-crypt 2000-05-10 23:26:42 +00:00
Kurt Zeilenga
f224e69558 Add experimental code to check simple bind passwords
against Cyrus SASLdb.  Like other cleartext mechanisms,
should be protected from eavesdropping.
2000-05-10 04:29:51 +00:00
Kurt Zeilenga
802ee714e4 Framework for authpasswd. Needs work. Behind #ifdef 2000-04-25 13:28:03 +00:00
Kurt Zeilenga
4c0be829e1 Fix usage in comment 2000-03-17 02:07:59 +00:00
Kurt Zeilenga
5967cc5658 Even more checks around use of crypt(3). 2000-01-17 17:09:33 +00:00
Kurt Zeilenga
c17b89f431 Add additional crypt() sanity checks. 2000-01-17 16:53:15 +00:00
Kurt Zeilenga
34fe70cc71 Validate krb5_init_context 2000-01-10 21:37:04 +00:00
Kurt Zeilenga
38f0b890ab Borrowed a bit to literally... s/pop/ldap/ s/popper/slapd/ 2000-01-09 00:20:00 +00:00
Kurt Zeilenga
e988e175a6 Minor fixes. 2000-01-08 18:51:27 +00:00
Kurt Zeilenga
6437785a82 Initial implementation of Kerberos password verification for
simple bind via:
	{KERBEROS}principal
Code is disabled by default (for security reasons).  Use
--enable-kpasswd to enable.  Behind SLAPD_KPASSWD.
Reworked Kerberos detection and split out KBIND as independent
feature (--disable-kbind) (LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND).
KBIND depends upon detection of KRB4 (or KRB425) support.  Detection,
building with eBones (as distributed with FreeBSD 3.4) okay, but
wasn't able to test as I don't have a K4 KDC handy.
--with-kerberos has a number of detection options... most likely
don't work properly.
2000-01-08 18:42:11 +00:00
Kurt Zeilenga
30411f8402 Add slappasswd to generate rootpw. 1999-12-16 02:18:50 +00:00
Kurt Zeilenga
b1639dadd6 Remove lint
Add copyrights
1999-12-13 04:53:59 +00:00
Kurt Zeilenga
431dad371c Fix slapd SASL/ExternalOps encoding
Add controls to extended ops API signatures, need impl.
Update password to support optional server side generation of
new password, verification of old password, and changing of
non-bound user's passwords.
1999-12-10 04:52:32 +00:00
Kurt Zeilenga
b973e61dda Fix {CRYPT} and {UNIX} passwords 1999-12-09 01:24:38 +00:00
Kurt Zeilenga
5e12c84a6f Add simple password test program.
Rework lutil_passwd routines to use struct berval instead of strings.
1999-12-09 01:11:16 +00:00
Kurt Zeilenga
aeb2de33d7 Found and fixed stupid bug in seeded hash generation. 1999-12-08 19:23:32 +00:00
Kurt Zeilenga
96a126e36a Need to adjust len by saltlen 1999-12-08 07:07:18 +00:00
Kurt Zeilenga
26c7d69e8c Update for new password codes for MSVC5 1999-12-08 06:44:22 +00:00
Kurt Zeilenga
d5edb4bff6 Reengineered ldappasswd(1). Uses extended operation to set
user password.  Likely to be modified to use bind control
instead.  Use of modify deprecated in favor mechanisms that
support passwords stored externally to the directory (such
as in a SASL service).
Modified slapd extended operation infrastructure to support
backend provided extended operations.
1999-12-08 04:37:59 +00:00
Kurt Zeilenga
f4a0699311 Add macros to compute base64 encode/decode lengths. 1999-10-25 01:44:47 +00:00
Kurt Zeilenga
a284b641b7 Move crypt(3) prototypes from <ac/unistd.h> to <ac/crypt.h> (new) to
avoid clashes with Kth Kerberos.
1999-10-01 04:48:30 +00:00
Kurt Zeilenga
3c00fd6d23 Rework passwd routines to allow callers to determine which
schemes are supported.  This should facilate server rootDSE
advertisement of supported schemes, etc..
1999-09-25 22:13:25 +00:00
Kurt Zeilenga
403f4479bc Add OpenLDAP RCSid to *.[ch] in clients, libraries, and servers.
Replace old Id as needed (back-tcl).
Leave updating of contribWare to contributors (for now).
1999-09-08 19:06:24 +00:00
Kurt Zeilenga
e4f6d54877 New dn2id format with base/one/subtree indices (ldbm/bdb2)
New id2entry (id-less) format (ldbm/bdb2)
Removed id2children (ldbm/bdb2)
Added nextid database (ldbm)
Broke ldbmtest
Removed ldif2* tools (ldbm/bdb2)
Added slap tools (slapadd, slapcat, slapindex)
1999-08-17 19:00:59 +00:00
Kurt Zeilenga
9225707a06 Modify lutil_passwd to accept a third argument char** methods to
specific which methods may be used.  This will facilate development
of a slapd config directive "passwordMethod ..." to specify which
methods should be allowed.
1999-06-29 22:24:53 +00:00
Kurt Zeilenga
ab10099fc1 Added support for "userPassword: {UNIX}uid". getpwnam("uid") is
used to fetch the pw_passwd which is than passwd to crypt().
getspnam() is used instead of getpwnam() when available.
Added configration detection of pw_passwd, shadow.h, getpwnam()
and getspnam().
1999-06-26 20:52:59 +00:00
Kurt Zeilenga
21c70857f1 s/<stdlib.h>/<ac/stdlib.h>/ 1999-06-03 00:37:44 +00:00
Kurt Zeilenga
e8116a8a74 Use memcmp not strncmp for non-string comparisons. 1999-05-24 22:51:13 +00:00
Kurt Zeilenga
dda1fb4ba0 Updates for NT4 (MSVC5++).
Removed external include/library paths from projects.  External paths should
be set via Tools | Options | Directories.  This allows each developer the
freedom to install external libraries where they desire.
Used libdb.lib instead of libdbs.lib to avoid thread conflicts.
Added hs_regex.lib to library input.  We require some form of regex, this
library works (and is relatively easy for the user to install).
Removed a little lint which MCVC5 detected.
Need to sort out single-threaded vs multithreaded library generation.
1999-04-01 20:26:09 +00:00
Dave Storey
2ee0dcfc0a Added salted MD5 and SHA support. (SSHA,SMD5) 1998-12-30 05:32:17 +00:00
Kurt Zeilenga
695508813d Fix --disable-crypt and --disable-cleartext
mutex declaration should be moved from slapd/main.c to slapd/init.c
so we don't have ripple changes through slapd/tools.
1998-12-29 21:45:08 +00:00
Kurt Zeilenga
c1cef27bda Update slapd to use lutil_passwd() for both user and root passwords.
Remove MD5 and SHA1 options (both are now always on).  Rename
functions to be lutil_ instead of ldap_.
Create --enable-cleartext option.  Default is currently 'on'.
1998-12-01 03:36:37 +00:00
Hallvard Furuseth
7273fd47fd gcc -W cleanup 1998-11-23 01:46:32 +00:00
Kurt Zeilenga
b5494457d8 Remove extern declarations of library functions from source.c.
This could cause problems on odd systems.  The generic
  headers should be extended as needed to include necessary
  system headers or, if necessary, make explicit declarations.
Extended ac/string.h header to look for string.h/strings.h if
  STDC_HEADERS is not defined.  Also provide basic declarations for
  str*() functions.  This could cause problems on odd systems.
Extended ac/unistd.h header to define basic declaration for misc
  functions that might be missing from headers.   This includes
  externs for getenv(), getopt(), mktemp(), tempname().
Protect fax500.h from multiple inclusion.  Moved includes of
  system/generic headers back to source files.
Made mail500 helper functions static.
Fixed includes of ctype.h, signal.h, etc. to use generics.
lutil/tempname.c: was including stdlib.h twice, one should stdio.h.
Wrapped <sys/resource.h> with HAVE_SYS_RESOURCE_H.
lber/io.c/ber_get_next(): Changed noctets back to signed.
  Used with BerRead which expects signed int as second arg and
  returns signed int.
1998-11-16 05:07:27 +00:00
Hallvard Furuseth
7e6ad5100c Protoized, moved extern definitions to .h files, fixed related bugs.
Most function and variable definitions are now preceded by its extern
definition, for error checking.  Retyped a number of functions, usually
to return void.  Fixed a number of printf format errors.

API changes (in ldap/include):
  Added avl_dup_ok, avl_prefixapply, removed ber_fatten (probably typo
  for ber_flatten), retyped ldap_sort_strcasecmp, grew lutil.h.

A number of `extern' declarations are left (some added by protoize), to
be cleaned away later.  Mostly strdup(), strcasecmp(), mktemp(), optind,
optarg, errno.
1998-11-15 22:40:11 +00:00
Kurt Zeilenga
d4a4a4cd25 Add lutil_passwd() 1998-11-06 22:04:14 +00:00