Just for you.....(SHA'd root password)

["Gorichanaz, Bob" <bobg@cinebase.com>]

Don't know if anyone has done this already, but I thought I'd throw it your
way.

Did a nasty little hack to servers/slapd/backend.c to allow for the ROOT
password to be stored in slapd.conf as base64-encoded SHA.  Never did like
having the root back-door sitting out there plain as day.

Should be simple enuff to add MD5 and crypt support as well.


int be_isroot_pw( Backend *be, char *dn, struct berval *cred )
{

#ifdef SLAPD_SHA1
    ldap_SHA1_CTX SHA1context;
    unsigned char SHA1digest[20];
    char base64digest[29];
    char *rootPW;
#endif

    if ( ! be_isroot( be, dn ) || be->be_rootpw == NULL ) {
        return( 0 );
    }

#ifdef SLAPD_SHA1
    if (strncasecmp(be->be_rootpw,"{SHA}",sizeof("{SHA}") - 1) == 0 ){
        rootPW = be->be_rootpw + sizeof("{SHA}") - 1;
        ldap_SHA1Init(&SHA1context);
        ldap_SHA1Update(&SHA1context,(unsigned char
*)cred->bv_val,strlen(cred->bv_val));
        ldap_SHA1Final(SHA1digest, &SHA1context);
        if (b64_ntop(SHA1digest, sizeof(SHA1digest), base64digest,
sizeof(base64digest)) < 0)
                return ( 0 );
        if (strcmp(rootPW, base64digest) == 0)
            return ( 1 );
    }
#endif /* SLAPD_SHA1 */
   
    return( strcmp( be->be_rootpw, cred->bv_val ) == 0 );
}


_____
Robert Gorichanaz (RG680)       Email: bobg@cinebase.com
<mailto:bobg@cinebase.com> 
SGI Systems Engineer            Phone: (310)914-2704
Cinebase Software

-export-a-crypto-system-sig -RSA-3-lines-PERL

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)