reinject OpenLDAP team modifications (signature of main function chan…

…ged)
ltb-project · Mar 22, 2022 · d6aa021 · d6aa021
1 parent 7858068
commit d6aa021
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 29 deletions.
diff --git a/ppm.c b/ppm.c
@@ -7,10 +7,10 @@
 
 /*
   password policy module is called with:
-  int check_password (char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
+  int check_password (char *pPasswd, char **ppErrStr, Entry *e, void *pArg)
 
   *pPasswd: new password
-  *ppErrmsg: pointer to a struct berval containing space for an error message of length bv_len
+  **ppErrStr: pointer to the string containing the error message
   *e: pointer to the current user entry
   *pArg: pointer to a struct berval holding the value of pwdCheckModuleArg attr
 */
@@ -360,14 +360,13 @@ typeParam(char* param)
 #endif
 
 static int
-realloc_error_message(const char *orig, char **target, int curlen, int nextlen)
+realloc_error_message(char **target, int curlen, int nextlen)
 {
     if (curlen < nextlen + MEMORY_MARGIN) {
         ppm_log(LOG_WARNING,
                "ppm: Reallocating szErrStr from %d to %d", curlen,
                nextlen + MEMORY_MARGIN);
-        if (*target != orig)
-            ber_memfree(*target);
+        ber_memfree(*target);
         curlen = nextlen + MEMORY_MARGIN;
         *target = (char *) ber_memalloc(curlen);
     }
@@ -429,14 +428,13 @@ containsRDN(char* passwd, char* DN)
 
 
 int
-check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
+check_password(char *pPasswd, char **ppErrStr, Entry *e, void *pArg)
 {
 
     Entry *pEntry = e;
     struct berval *pwdCheckModuleArg = pArg;
-    char *origmsg = ppErrmsg->bv_val;
-    char *szErrStr = origmsg;
-    int mem_len = ppErrmsg->bv_len;
+    char *szErrStr = (char *) ber_memalloc(MEM_INIT_SZ);
+    int mem_len = MEM_INIT_SZ;
     int numParam = 0; // Number of params in current configuration
 
     int useCracklib;
@@ -456,6 +454,11 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
 
     ppm_log(LOG_NOTICE, "ppm: entry %s", pEntry->e_nname.bv_val);
 
+    Attribute *a;
+    for ( a = pEntry->e_attrs; a != NULL; a = a->a_next ) {
+        ppm_log(LOG_NOTICE, "ppm: found attribute name: %s", a->a_desc->ad_cname.bv_val);
+    }
+
 #ifdef PPM_READ_FILE
     /* Determine if config file is to be read (DEPRECATED) */
     char ppm_config_file[FILENAME_MAX_LEN];
@@ -471,7 +474,7 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
 #else
     if ( !pwdCheckModuleArg || !pwdCheckModuleArg->bv_val ) {
         ppm_log(LOG_ERR, "ppm: No config provided in pwdCheckModuleArg");
-        mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+        mem_len = realloc_error_message(&szErrStr, mem_len,
                         strlen(GENERIC_ERROR));
         sprintf(szErrStr, GENERIC_ERROR);
         goto fail;
@@ -573,7 +576,7 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
     }
 
     if (nQuality < minQuality) {
-        mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+        mem_len = realloc_error_message(&szErrStr, mem_len,
                                         strlen(PASSWORD_QUALITY_SZ) +
                                         strlen(pEntry->e_nname.bv_val) + 4);
         sprintf(szErrStr, PASSWORD_QUALITY_SZ, pEntry->e_nname.bv_val,
@@ -586,7 +589,7 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
             if ((nbInClass[i] < fileConf[i].min) &&
                  strlen(fileConf[i].value.sVal) != 0) {
                 // constraint is not satisfied... goto fail
-                mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+                mem_len = realloc_error_message(&szErrStr, mem_len,
                                                 strlen(PASSWORD_CRITERIA) +
                                                 strlen(pEntry->e_nname.bv_val) + 
                                                 2 + PARAM_MAX_LEN);
@@ -599,7 +602,7 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
 
     // Password checking done, now loocking for forbiddenChars criteria
     if (nForbiddenChars > 0) {  // at least 1 forbidden char... goto fail
-        mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+        mem_len = realloc_error_message(&szErrStr, mem_len,
                                         strlen(PASSWORD_FORBIDDENCHARS) +
                                         strlen(pEntry->e_nname.bv_val) + 2 +
                                         VALUE_MAX_LEN);
@@ -617,7 +620,7 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
                 // Too much consecutive characters of the same class
                 ppm_log(LOG_NOTICE, "ppm: Too much consecutive chars for class %s",
                        fileConf[i].param);
-                mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+                mem_len = realloc_error_message(&szErrStr, mem_len,
                                         strlen(PASSWORD_MAXCONSECUTIVEPERCLASS) +
                                         strlen(pEntry->e_nname.bv_val) + 2 +
                                         PARAM_MAX_LEN);
@@ -637,7 +640,7 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
             if (( fd = fopen ( cracklibDictFiles[j], "r")) == NULL ) {
                 ppm_log(LOG_NOTICE, "ppm: Error while reading %s file",
                        cracklibDictFiles[j]);
-                mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+                mem_len = realloc_error_message(&szErrStr, mem_len,
                                 strlen(GENERIC_ERROR));
                 sprintf(szErrStr, GENERIC_ERROR);
                 goto fail;
@@ -651,7 +654,7 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
         if ( res != NULL ) {
                 ppm_log(LOG_NOTICE, "ppm: cracklib does not validate password for entry %s",
                        pEntry->e_nname.bv_val);
-                mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+                mem_len = realloc_error_message(&szErrStr, mem_len,
                                         strlen(PASSWORD_CRACKLIB) +
                                         strlen(pEntry->e_nname.bv_val));
                 sprintf(szErrStr, PASSWORD_CRACKLIB, pEntry->e_nname.bv_val);
@@ -666,20 +669,21 @@ check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg)
     if (checkRDN == 1 && containsRDN(pPasswd, pEntry->e_nname.bv_val))
     // RDN check enabled and a token from RDN is found in password: goto fail
     {
-        mem_len = realloc_error_message(origmsg, &szErrStr, mem_len,
+        mem_len = realloc_error_message(&szErrStr, mem_len,
                                         strlen(RDN_TOKEN_FOUND) +
                                         strlen(pEntry->e_nname.bv_val));
         sprintf(szErrStr, RDN_TOKEN_FOUND, pEntry->e_nname.bv_val);
 
         goto fail;
     }
 
-    szErrStr[0] = '\0';
+    *ppErrStr = strdup("");
+    ber_memfree(szErrStr);
     return (LDAP_SUCCESS);
 
   fail:
-    ppErrmsg->bv_val = szErrStr;
-    ppErrmsg->bv_len = mem_len;
+    *ppErrStr = strdup(szErrStr);
+    ber_memfree(szErrStr);
     return (EXIT_FAILURE);
 
 }
diff --git a/ppm.h b/ppm.h
@@ -31,6 +31,7 @@
 
 #define DEFAULT_QUALITY                   3
 #define MEMORY_MARGIN                     50
+#define MEM_INIT_SZ                       64
 #define DN_MAX_LEN                        512
 
 #define CONF_MAX_SIZE                      50
@@ -110,7 +111,7 @@ int min(char *str1, char *str2);
 #ifdef PPM_READ_FILE
   static void read_config_file(conf * fileConf, int *numParam, char *ppm_config_file);
 #endif
-int check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg);
+int check_password(char *pPasswd, char **ppErrStr, Entry *e, void *pArg);
 int maxConsPerClass(char *password, char *charClass);
 void storeEntry(char *param, char *value, valueType valType, 
            char *min, char *minForPoint, conf * fileConf, int *numParam);

diff --git a/ppm_test.c b/ppm_test.c
@@ -19,8 +19,7 @@ int main(int argc, char *argv[])
           );
 
     /* format user entry */
-    char errbuf[256];
-    struct berval errmsg = { sizeof(errbuf)-1, errbuf };
+    char *errmsg = NULL;
     Entry pEntry;
     pEntry.e_nname.bv_val=argv[1];
     pEntry.e_name.bv_val=argv[1];
@@ -52,11 +51,10 @@ int main(int argc, char *argv[])
     }
     else
     {
-      printf("Password failed checks : %s\n", errmsg.bv_val);
+      printf("Password failed checks : %s\n", errmsg);
     }
 
-    if (errmsg.bv_val != errbuf)
-        ber_memfree(errmsg.bv_val);
+    ber_memfree(errmsg);
     return ret;
 
   }

diff --git a/slapm-ppm.5 b/slapm-ppm.5
@@ -7,7 +7,7 @@
 ppm (Password Policy Module) - extension of the password policy overlay
 .SH SYNOPSIS
 .PP
-ETCDIR/ppm.example
+/usr/local/openldap/etc/openldap/ppm.example
 .SH DESCRIPTION
 .PP
 \f[B]ppm\f[R] is an OpenLDAP module for checking password quality when
@@ -90,7 +90,7 @@ if a password does not pass cracklib check, then it is rejected.
 Since OpenLDAP 2.5 version, ppm configuration is held in a binary
 attribute of the password policy: \f[B]pwdCheckModuleArg\f[R]
 .PP
-The example file (\f[B]ETCDIR/ppm.example\f[R] by default) is to be
+The example file (\f[B]/usr/local/openldap/etc/openldap/ppm.example\f[R] by default) is to be
 considered as an example configuration, to import in the
 \f[B]pwdCheckModuleArg\f[R] attribute.
 It is also used for testing passwords with the test program provided.
@@ -332,7 +332,7 @@ LD_LIBRARY_PATH=. ./ppm_test \[dq]uid=test,ou=users,dc=my-domain,dc=com\[dq] \[d
 .fi
 .SH FILES
 .PP
-\f[B]ETCDIR/ppm.example\f[R]
+\f[B]/usr/local/openldap/etc/openldap/ppm.example\f[R]
 .RS
 .PP
 example of ppm configuration to be inserted in