The Samba-Bugzilla – Attachment 956 Details for
Bug 2326
[patch] changing ldap crypt passwd without exop
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch against svn head
ldap_diff.txt (text/plain), 2.18 KB, created by
Olaf Flebbe
on 2005-02-08 08:20:38 UTC
(
hide
)
Description:
patch against svn head
Filename:
MIME Type:
Creator:
Olaf Flebbe
Created:
2005-02-08 08:20:38 UTC
Size:
2.18 KB
patch
obsolete
>Index: source/passdb/pdb_ldap.c >=================================================================== >--- source/passdb/pdb_ldap.c (revision 5277) >+++ source/passdb/pdb_ldap.c (working copy) >@@ -1432,6 +1432,38 @@ > return smbldap_has_extension(ldap_state, LDAP_EXOP_MODIFY_PASSWD); > } > >+/******************************************************* >+ generate salt for unix crypt >+ stolen from pGina, thanks. >+*******************************************************/ >+ >+static char * _get_salt (char salt[3]) >+{ >+ int i; >+ int j; >+ >+ for (j = 0; j < 2; j++) >+ { >+ i = rand () % 3; >+ switch (i) >+ { >+ case 0: >+ i = (rand () % (57 - 46)) + 46; >+ break; >+ case 1: >+ i = (rand () % (90 - 65)) + 65; >+ break; >+ case 2: >+ i = (rand () % (122 - 97)) + 97; >+ break; >+ } >+ salt[j] = i; >+ } >+ salt[2] = '\0'; >+ return salt; >+} >+ >+ > /******************************************************************** > Do the actual modification - also change a plaintext passord if > it it set. >@@ -1496,9 +1528,35 @@ > char *utf8_dn; > > if (!ldapsam_can_pwchange_exop(ldap_state->smbldap_state)) { >- DEBUG(2, ("ldap password change requested, but LDAP " >- "server does not support it -- ignoring\n")); >- return NT_STATUS_OK; >+ >+ /* try to modify userPassword */ >+ const char *plaintext_passwd; >+ char *scrypt; >+ char *modcrypt; >+ size_t modlen; >+ LDAPMod **mods = NULL; >+ char salt[3]; >+ >+ plaintext_passwd = pdb_get_plaintext_passwd(newpwd); >+ _get_salt( salt); >+ scrypt =crypt( plaintext_passwd, salt); >+ >+#define LDAP_CRYPT "{crypt}" >+ modlen = strlen( LDAP_CRYPT) + strlen( scrypt) + 1; >+ >+ modcrypt= (char *) SMB_MALLOC( modlen); >+ if (modcrypt == NULL) >+ return NT_STATUS_NO_MEMORY; >+ >+ safe_strcpy( modcrypt, LDAP_CRYPT, modlen); >+ safe_strcat( modcrypt, scrypt, modlen); /* no utf8 encoding needed */ >+ >+ smbldap_set_mod(&mods, LDAP_MOD_REPLACE, "userPassword", modcrypt ); >+ >+ rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); >+ ldap_mods_free(mods, True); >+ SAFE_FREE( modcrypt); >+ return NT_STATUS_OK; > } > > if (push_utf8_allocate(&utf8_password, pdb_get_plaintext_passwd(newpwd)) == (size_t)-1) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=956">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2326
: 956