Re: password-hash {CLEARTEXT} with slapd 2.3.7

[Pierangelo Masarati <ando@sys-net.it>]

Adam Pordzik wrote:

> Pierangelo Masarati wrote:
>
> > The code where the {CLEARTEXT} scheme is defined differs from that of 
> > other schemes because the berval that contains the scheme name 
> > intentionally has 0 length; I guess this was a hack to allow no scheme 
>
>
> Do you mean liblutil/passwd.c ?

yes

> > and {CLEARTEXT} somehow appear as the same scheme, but it broke at 
> > some point.  I'm not sure if setting that length to the actual length 
> > of {CLEARTEXT} will break anything else, but it'll surely fix this 
> > issue.  I'd leave this to someone else.
>
>
> Sorry, I cannot locate the point, I don't know the sources good enough
> yet. Is there a blueprint, or map, helping me orient in the code?

libraries/libldap/passwd.c:150 in re23 code (2.3.7)

> If you agree this as a bug, I'll drop an ITS on that.

I'm not saying it's a bug.  I'm saying {CLEARTEXT} is being treated 
differently from other schemes, which prevents its use in 
password-hash.  This may be intended, so I don't know if it is a bug or 
what, because I have never worked at that part of code, and I'm ot sure 
about the implications of making it work like all other schemes.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497