From 3c021b261277d26e2943ff3d6a6fae74c6bdca5b Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Jan 06 2011 22:50:50 +0000 Subject: Bug 653007 - db2ldif export of clear text passwords lacks storage scheme https://bugzilla.redhat.com/show_bug.cgi?id=653007 Description: Export utility db2ldif{.pl} used to export clear text passwords without the storage scheme name {CLEAR}. This patch checks each userPassword value. If the value is not hashed, put "{CLEAR}" in front of the value as follows. userPassword: {CLEAR}notsosecret m4/ltversio.nm4 --- diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c index e6ef4d9..4f8e198 100644 --- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c @@ -955,6 +955,32 @@ export_one_entry(struct ldbminfo *li, slapi_sdn_get_dn(&expargs->ep->ep_entry->e_sdn), rc, 0); } } + /* + * Check if userPassword value is hashed or not. + * If it is not, put "{CLEAR}" in front of the password value. + */ + { + char *pw = slapi_entry_attr_get_charptr(expargs->ep->ep_entry, + "userpassword"); + if (pw && !slapi_is_encoded(pw)) { + /* clear password does not have {CLEAR} storage scheme */ + struct berval *vals[2]; + struct berval val; + val.bv_val = slapi_ch_smprintf("{CLEAR}%s", pw); + val.bv_len = strlen(val.bv_val); + vals[0] = &val; + vals[1] = NULL; + rc = slapi_entry_attr_replace(expargs->ep->ep_entry, + "userpassword", vals); + if (rc) { + LDAPDebug2Args(LDAP_DEBUG_ANY, + "%s: Failed to add clear password storage scheme: %d\n", + slapi_sdn_get_dn(&expargs->ep->ep_entry->e_sdn), rc); + } + slapi_ch_free_string(&val.bv_val); + } + slapi_ch_free_string(&pw); + } rc = 0; data.data = slapi_entry2str_with_options(expargs->ep->ep_entry, &len, expargs->options);