diff options
| author | Noriko Hosoi <nhosoi@redhat.com> | 2009-02-05 17:34:56 +0000 |
|---|---|---|
| committer | Noriko Hosoi <nhosoi@redhat.com> | 2009-02-05 17:34:56 +0000 |
| commit | 467146b9350421a4151ff09c949b5dced2c9872a (patch) | |
| tree | 03a730e1dc94c3d949f489197cc5114c4c0a880c | |
| parent | d35523fe9eb44d373bf8fc8f792101f1dc7c597b (diff) | |
| download | ds-467146b9350421a4151ff09c949b5dced2c9872a.tar.gz ds-467146b9350421a4151ff09c949b5dced2c9872a.tar.xz ds-467146b9350421a4151ff09c949b5dced2c9872a.zip | |
Resolves: #484149
Summary: Clear directory manager password with password storage scheme other
than clear crashes the server
Description:
1) introducing a flag (_nss_initialized) and an API (slapd_nss_is_initialized)
to represent NSS_Initialize is called or not.
2) in config_set_rootpw, if the directory manager's password is given unhashed,
check if NSS is already initialized and the directory manager's password
storage scheme is clear or not. If NSS is not initialized and if the storage
scheme is not CLEAR, report it and return an error LDAP_PARAM_ERROR.
| -rw-r--r-- | ldap/servers/slapd/libglobs.c | 20 | ||||
| -rw-r--r-- | ldap/servers/slapd/slapi-private.h | 1 | ||||
| -rw-r--r-- | ldap/servers/slapd/ssl.c | 8 |
3 files changed, 23 insertions, 6 deletions
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index bd2529c0..ae476630 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -2501,12 +2501,20 @@ config_set_rootpw( const char *attrname, char *value, char *errorbuf, int apply is_hashed = pw_val2scheme ( value, NULL, 0 ); if ( is_hashed ) { - slapdFrontendConfig->rootpw = slapi_ch_strdup ( value ); - free_pw_scheme(is_hashed); - } - else { - /* pwd enc func returns slapi_ch_malloc memory */ - slapdFrontendConfig->rootpw = (slapdFrontendConfig->rootpwstoragescheme->pws_enc)(value); + slapdFrontendConfig->rootpw = slapi_ch_strdup ( value ); + free_pw_scheme(is_hashed); + } else if (slapd_nss_is_initialized() || + (strcasecmp(slapdFrontendConfig->rootpwstoragescheme->pws_name, + "clear") == 0)) { + /* to hash, security library should have been initialized, by now */ + /* pwd enc func returns slapi_ch_malloc memory */ + slapdFrontendConfig->rootpw = (slapdFrontendConfig->rootpwstoragescheme->pws_enc)(value); + } else { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, + "%s: password scheme mismatch (passwd scheme is %s; " + "password is clear text)", attrname, + slapdFrontendConfig->rootpwstoragescheme->pws_name); + retVal = LDAP_PARAM_ERROR; } CFG_UNLOCK_WRITE(slapdFrontendConfig); diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h index 8ff5caef..115dcc2a 100644 --- a/ldap/servers/slapd/slapi-private.h +++ b/ldap/servers/slapd/slapi-private.h @@ -1107,6 +1107,7 @@ time_t parse_genTime(char* from); /* Client SSL code */ int slapd_security_library_is_initialized( void ); +int slapd_nss_is_initialized( void ); char* slapd_get_tmp_dir( void ); /* util.c */ diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c index c546c2bd..0937e30e 100644 --- a/ldap/servers/slapd/ssl.c +++ b/ldap/servers/slapd/ssl.c @@ -87,6 +87,7 @@ static char* dongle_file_name = NULL; static int _security_library_initialized = 0; static int _ssl_listener_initialized = 0; +static int _nss_initialized = 0; /* Our name for the internal token, must match PKCS-11 config data below */ static char *internalTokenName = "Internal (Software) Token"; @@ -469,6 +470,7 @@ slapd_nss_init(int init_ssl, int config_available) /****** end of NSS Initialization ******/ + _nss_initialized = 1; slapi_ch_free_string(&certdir); return rv; } @@ -1243,6 +1245,12 @@ slapd_ssl_listener_is_initialized() return _ssl_listener_initialized; } +int +slapd_nss_is_initialized() +{ + return _nss_initialized; +} + /* memory to store tmpdir is allocated and returned; caller should free it. */ char* slapd_get_tmp_dir() { |