ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
New commits:
commit 3c021b261277d26e2943ff3d6a6fae74c6bdca5b
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Jan 6 14:01:10 2011 -0800
Bug 653007 - db2ldif export of clear text passwords lacks storage scheme
https://bugzilla.redhat.com/show_bug.cgi?id=653007
Description: Export utility db2ldif{.pl} used to export clear
text passwords without the storage scheme name {CLEAR}.
This patch checks each userPassword value. If the value is
not hashed, put "{CLEAR}" in front of the value as follows.
userPassword: {CLEAR}notsosecret
m4/ltversio.nm4
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index e6ef4d9..4f8e198 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -955,6 +955,32 @@ export_one_entry(struct ldbminfo *li,
slapi_sdn_get_dn(&expargs->ep->ep_entry->e_sdn), rc,
0);
}
}
+ /*
+ * Check if userPassword value is hashed or not.
+ * If it is not, put "{CLEAR}" in front of the password value.
+ */
+ {
+ char *pw = slapi_entry_attr_get_charptr(expargs->ep->ep_entry,
+ "userpassword");
+ if (pw && !slapi_is_encoded(pw)) {
+ /* clear password does not have {CLEAR} storage scheme */
+ struct berval *vals[2];
+ struct berval val;
+ val.bv_val = slapi_ch_smprintf("{CLEAR}%s", pw);
+ val.bv_len = strlen(val.bv_val);
+ vals[0] = &val;
+ vals[1] = NULL;
+ rc = slapi_entry_attr_replace(expargs->ep->ep_entry,
+ "userpassword", vals);
+ if (rc) {
+ LDAPDebug2Args(LDAP_DEBUG_ANY,
+ "%s: Failed to add clear password storage scheme:
%d\n",
+ slapi_sdn_get_dn(&expargs->ep->ep_entry->e_sdn),
rc);
+ }
+ slapi_ch_free_string(&val.bv_val);
+ }
+ slapi_ch_free_string(&pw);
+ }
rc = 0;
data.data = slapi_entry2str_with_options(expargs->ep->ep_entry,
&len, expargs->options);