int pwdUseCheckModule; /* 0 = do not use password check module, 1 = use */
struct berval pwdCheckModuleArg; /* Optional argument to the password check
module */
+ struct berval pwdDefaultHash; /* A per-policy default password hash */
} PassPolicy;
typedef struct pw_hist {
*ad_pwdLockoutDuration, *ad_pwdFailureCountInterval,
*ad_pwdCheckModule, *ad_pwdCheckModuleArg, *ad_pwdUseCheckModule, *ad_pwdLockout,
*ad_pwdMustChange, *ad_pwdAllowUserChange, *ad_pwdSafeModify,
- *ad_pwdAttribute, *ad_pwdMaxRecordedFailure;
+ *ad_pwdAttribute, *ad_pwdMaxRecordedFailure, *ad_pwdDefaultHash;
/* Policy objectclasses */
-static ObjectClass *oc_pwdPolicyChecker, *oc_pwdPolicy;
+static ObjectClass *oc_pwdPolicyChecker, *oc_pwdPolicy, *oc_pwdHashingPolicy;
static struct schema_info {
char *def;
"DESC 'Toggle use of the loaded pwdCheckModule' "
"SINGLE-VALUE )",
&ad_pwdUseCheckModule },
+ { "( 1.3.6.1.4.1.4754.1.99.4 "
+ "NAME ( 'pwdDefaultHash' ) "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+ "DESC 'Per policy default hash setting' "
+ "SINGLE-VALUE )",
+ &ad_pwdDefaultHash },
{ NULL, NULL }
};
"pwdMaxRecordedFailure ) )",
&oc_pwdPolicy,
},
+ {
+ "( 1.3.6.1.4.1.4754.2.99.2 "
+ "NAME 'pwdHashingPolicy' "
+ "SUP pwdPolicy "
+ "AUXILIARY "
+ "MAY pwdDefaultHash )",
+ &oc_pwdHashingPolicy,
+ },
NULL
};
}
}
+ if ( is_entry_objectclass_or_sub( pe, oc_pwdHashingPolicy ) ) {
+ ad = ad_pwdDefaultHash;
+ if ( (a = attr_find( pe->e_attrs, ad )) ) {
+ if ( lutil_passwd_scheme( a->a_vals[0].bv_val ) ) {
+ ber_dupbv_x( &pp->pwdDefaultHash, &a->a_vals[0], op->o_tmpmemctx );
+ } else {
+ Debug( LDAP_DEBUG_ANY, "ppolicy_get: "
+ "Ignoring unknown hash '%s' in policy %s.\n",
+ a->a_vals[0].bv_val, pe->e_name.bv_val );
+ }
+ }
+ }
+
ad = ad_pwdLockout;
if ( (a = attr_find( pe->e_attrs, ad )) )
pp->pwdLockout = bvmatch( &a->a_nvals[0], &slap_true_bv );
(password_scheme( &(pa->a_vals[0]), NULL ) != LDAP_SUCCESS)) {
struct berval hpw;
- slap_passwd_hash( &(pa->a_vals[0]), &hpw, &txt );
+ slap_passwd_hash_type( &(pa->a_vals[0]), &hpw, pp.pwdDefaultHash.bv_val, &txt );
if (hpw.bv_val == NULL) {
/*
* hashing didn't work. Emit an error.
{
struct berval hpw, bv;
- slap_passwd_hash( &(addmod->sml_values[0]), &hpw, &txt );
+ slap_passwd_hash_type( &(addmod->sml_values[0]), &hpw, pp.pwdDefaultHash.bv_val, &txt );
if (hpw.bv_val == NULL) {
/*
* hashing didn't work. Emit an error.
projects / thirdparty / openldap.git / commitdiff
