diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2009-08-20 11:28:14 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2009-08-20 12:01:48 -0600 |
| commit | 64e5a9f5cac3baf15b9fa6585072491ac75c0c3e (patch) | |
| tree | 0ef86e3344bf060837e589c171146616cd23ee56 /ldap/admin/src/scripts/50deliverymethodsyntaxplugin.ldif | |
| parent | 74093d603cc2163e2c95433aa7a53c46d799d36e (diff) | |
| download | ds-64e5a9f5cac3baf15b9fa6585072491ac75c0c3e.tar.gz ds-64e5a9f5cac3baf15b9fa6585072491ac75c0c3e.tar.xz ds-64e5a9f5cac3baf15b9fa6585072491ac75c0c3e.zip | |
Fix usage of pre-hashed salted passwords
Pre-hashed passwords may not use the standard internal salt length. The old
ldif base64 decode function would return the number of bytes in the decoded
string - the new NSPR function does not. We can't use strlen on the decoded
value since it is binary and may contain nulls. The solution is to use a
function to calculate exactly how many bytes the encode string will have
when decoded, taking into account padding. Since we know exactly how many
bytes are decoded, and we know exactly how many bytes of that decoded value
are the hash, the remainder must be the salt, however many bytes that is.
I tested this code with salt lengths from 1 to 99.
Reviewed by: nkinder (Thanks!)
Diffstat (limited to 'ldap/admin/src/scripts/50deliverymethodsyntaxplugin.ldif')
0 files changed, 0 insertions, 0 deletions