summaryrefslogtreecommitdiffstats
path: root/base/native-tools/src/setpin/setpin_options.c
diff options
context:
space:
mode:
authorJack Magne <jmagne@localhost.localdomain>2015-08-11 18:26:04 -0700
committerJack Magne <jmagne@localhost.localdomain>2015-08-13 15:06:51 -0700
commitf60846e025ff5492e8c05ccf525fe8df1b59bba6 (patch)
treee0535b61cdde9e64f4792072ed6f324988be3d50 /base/native-tools/src/setpin/setpin_options.c
parenta62ab357eb759ea59ea5204a046d0cab99126000 (diff)
downloadpki-f60846e025ff5492e8c05ccf525fe8df1b59bba6.tar.gz
pki-f60846e025ff5492e8c05ccf525fe8df1b59bba6.tar.xz
pki-f60846e025ff5492e8c05ccf525fe8df1b59bba6.zip
setpin utility doesn't set the pin for users.
There were some things wrong with the setpin utility. 1. There were some syntax violations that had to be dealt with or a DS with syntax checking would not be pleased. 2. The back end is expecting a byte of hash data at the beginning of the pin. In our case we are sending NO hash so we want this code at the beginning '-' 3. We also need to prepend the dn in front of the pin so the back end can verify the set pin. Tested to work during both steps of the setpin process: 1) Creating the schema, 2) creating the pin. Tested to work with actual PinBased Enrollment. 4. Fix also now supports the SHA256 hashing method only, with the sha256 being the default hash. The no hash option is supported but puts the pin in the clear.
Diffstat (limited to 'base/native-tools/src/setpin/setpin_options.c')
-rw-r--r--base/native-tools/src/setpin/setpin_options.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/base/native-tools/src/setpin/setpin_options.c b/base/native-tools/src/setpin/setpin_options.c
index d8ee83a8c..d2fb54d13 100644
--- a/base/native-tools/src/setpin/setpin_options.c
+++ b/base/native-tools/src/setpin/setpin_options.c
@@ -51,7 +51,7 @@ char *valid_args[] = {
"case", "Restrict case of pins 'case=upperonly'",
"objectclass", "Objectclass of LDAP entry to operate on (default pinPerson)",
"attribute","Which LDAP attribute to write to (default pin)",
- "hash", "Hash algorithm used to store pin: 'none', 'md5' or 'sha1' (default)",
+ "hash", "Hash algorithm used to store pin: 'none', or 'sha256' (default) warning: 'none' is in the clear",
"saltattribute", "Which attribute to use for salt (default: dn)",
"input", "File to use for restricting DN's, or providing your own pins",
"output", "Redirect stdout to a file",
@@ -96,7 +96,7 @@ void setDefaultOptions() {
o_gen= "RNG-alphanum";
o_case= NULL;
o_attribute="pin";
- o_hash= "sha1";
+ o_hash= "sha256";
o_objectclass="pinPerson";
o_output= NULL;
o_retry= "5";
@@ -270,8 +270,7 @@ void validateOptions() {
}
if (!
- (equals(o_hash,"sha1") ||
- equals(o_hash,"md5") ||
+ (equals(o_hash,"sha256") ||
equals(o_hash,"none"))
) {
snprintf(errbuf, ERR_BUF_LENGTH, "invalid hash: %s",o_hash);