1815
/* We need to check if the first character of password_value is an
1816
* opening brace since strstr will simply return it's first argument
1817
* if it is an empty string. */
1820
* LDAP_SUCCESS: success
1821
* LDAP_PARAM_ERROR: output value core_pw is NULL
1822
* LDAP_INVALID_CREDENTIALS: password is already hashed
1825
windows_get_core_pw(const char *password_value, char **core_pw)
1827
int rc = LDAP_SUCCESS;
1829
if (NULL == core_pw) {
1830
return LDAP_PARAM_ERROR;
1834
if (password_value && (*password_value == '{')) {
1835
if (strchr( password_value, '}' )) {
1836
/* A storage scheme is present.
1837
* Check if it's the clear storage scheme. */
1838
if ((strlen(password_value) >= PASSWD_CLEAR_PREFIX_LEN + 1) &&
1839
(strncasecmp(password_value, PASSWD_CLEAR_PREFIX,
1840
PASSWD_CLEAR_PREFIX_LEN) == 0)) {
1841
/* This password is in clear text. Strip off the clear prefix
1844
slapi_ch_strdup(password_value + PASSWD_CLEAR_PREFIX_LEN);
1846
/* the password is already hashed. */
1847
rc = LDAP_INVALID_CREDENTIALS;
1850
/* This password doesn't have a storage prefix but
1851
* just happens to start with the '{' character. We'll
1852
* assume that it's just a cleartext password without
1853
* the proper storage prefix. */
1854
*core_pw = slapi_ch_strdup(password_value);
1857
/* This password has no storage prefix, or the password is empty */
1858
*core_pw = slapi_ch_strdup(password_value);
1816
1864
* Make a new entry suitable for the sync destination (indicated by the to_windows argument).
1817
1865
* Returns the new entry ready to be passed to an LDAP ADD operation, either remote or local.
2001
2055
slapi_ch_free_string(&new_type);
2057
#if defined(USE_OLD_UNHASHED)
2003
2058
/* password mods are treated specially */
2004
2059
if (0 == slapi_attr_type_cmp(type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD, SLAPI_TYPE_CMP_SUBTYPE) )
2006
2061
const char *password_value = NULL;
2007
2062
Slapi_Value *value = NULL;
2009
slapi_valueset_first_value(vs,&value);
2063
slapi_valueset_first_value(vs, &value);
2010
2064
password_value = slapi_value_get_string(value);
2011
/* We need to check if the first character of password_value is an
2012
* opening brace since strstr will simply return it's first argument
2013
* if it is an empty string. */
2014
if (password_value && (*password_value == '{')) {
2015
if (strchr( password_value, '}' )) {
2016
/* A storage scheme is present. Check if it's the
2017
* clear storage scheme. */
2018
if ((strlen(password_value) >= PASSWD_CLEAR_PREFIX_LEN + 1) &&
2019
(strncasecmp(password_value, PASSWD_CLEAR_PREFIX, PASSWD_CLEAR_PREFIX_LEN) == 0)) {
2020
/* This password is in clear text. Strip off the clear prefix
2022
*password = slapi_ch_strdup(password_value + PASSWD_CLEAR_PREFIX_LEN);
2024
/* This password is stored in a non-cleartext format.
2025
* We can only sync cleartext passwords. */
2026
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
2027
"%s: windows_create_remote_entry: "
2028
"Password is already hashed. Not syncing.\n",
2029
agmt_get_long_name(prp->agmt));
2032
/* This password doesn't have a storage prefix but
2033
* just happens to start with the '{' character. We'll
2034
* assume that it's just a cleartext password without
2035
* the proper storage prefix. */
2036
*password = slapi_ch_strdup(password_value);
2066
if (password_value) {
2067
rc = windows_get_core_pw(password_value, password);
2068
if (LDAP_INVALID_CREDENTIALS == rc) {
2069
/* This password is stored in a non-cleartext format.
2070
* We can only sync cleartext passwords. */
2071
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
2072
"%s: windows_create_remote_entry: "
2073
"Password is already hashed. Not syncing.\n",
2074
agmt_get_long_name(prp->agmt));
2039
/* This password has no storage prefix, or the password is empty */
2040
*password = slapi_ch_strdup(password_value);
2077
if ((rc && (LDAP_INVALID_CREDENTIALS != rc)) ||
2078
(NULL == password_value)) {
2079
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
2080
"%s: windows_create_remote_entry: "
2081
"Failed to retrieve clear text password. "
2083
agmt_get_long_name(prp->agmt));
2095
if (NULL == *password) {/* If the OLD_UNHASHED code fails to get password */
2096
char *password_value = NULL;
2097
/* Unhashed passwords are now stashed in the entry extension */
2098
password_value = slapi_get_first_clear_text_pw(original_entry);
2100
if (password_value) {
2101
rc = windows_get_core_pw(password_value, password);
2102
if (LDAP_INVALID_CREDENTIALS == rc) {
2103
/* This password is stored in a non-cleartext format.
2104
* We can only sync cleartext passwords. */
2105
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
2106
"%s: windows_create_remote_entry: "
2107
"Password is already hashed. Not syncing.\n",
2108
agmt_get_long_name(prp->agmt));
2110
slapi_ch_free_string(&password_value);
2112
if ((rc && (LDAP_INVALID_CREDENTIALS != rc)) || (NULL == *password)) {
2113
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
2114
"%s: windows_create_remote_entry: "
2115
"Failed to retrieve clear text password. "
2117
agmt_get_long_name(prp->agmt));
2051
2120
/* NT4 must have the groupType attribute set for groups. If it is not present, we will
2052
2121
* add it here with a value of 2 (global group).
2686
2755
/* This password is stored in a non-cleartext format.
2687
2756
* We can only sync cleartext passwords. */
2688
2757
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
2689
"%s: windows_create_remote_entry: "
2758
"%s: windows_map_mods_for_replay: "
2690
2759
"Password is already hashed. Not syncing.\n",
2691
2760
agmt_get_long_name(prp->agmt));
2844
2913
char *filter = NULL;
2845
2914
const char *searchbase = NULL;
2846
2915
Slapi_Entry *found_entry = NULL;
2847
char *filter_escaped_value = NULL;
2850
vallen = value ? strlen(value) : 0;
2851
filter_escaped_value = slapi_ch_calloc(sizeof(char), vallen*3+1);
2852
2917
/* should not have to escape attribute names */
2853
filter = PR_smprintf("(%s=%s)",attribute,escape_filter_value(value, vallen, filter_escaped_value));
2854
slapi_ch_free_string(&filter_escaped_value);
2918
filter = slapi_filter_sprintf("(%s=%s%s)",attribute, ESC_NEXT_VAL, value);
2855
2919
searchbase = slapi_sdn_get_dn(windows_private_get_windows_subtree(prp->agmt));
2856
2920
cres = windows_search_entry(prp->conn, (char*)searchbase, filter, &found_entry);
2967
3031
Slapi_PBlock *pb = slapi_pblock_new();
2968
3032
Slapi_Entry **entries = NULL, **ep = NULL;
2969
Slapi_Entry *entry_found = NULL;
3033
Slapi_Entry *entry_found = NULL;
3034
LDAPControl **server_controls = NULL;
3035
const char *subtree_dn = NULL;
3036
char *subtree_dn_copy = NULL;
3037
char **attrs = NULL;
2970
3038
char *query = NULL;
2971
int found_or_not = ENTRY_NOTFOUND;
2973
const char *subtree_dn = NULL;
2975
char *subtree_dn_copy = NULL;
2976
int scope = LDAP_SCOPE_SUBTREE;
2977
char **attrs = NULL;
2978
LDAPControl **server_controls = NULL;
2979
char *filter_escaped_value = NULL;
3039
int found_or_not = ENTRY_NOTFOUND;
3040
int scope = LDAP_SCOPE_SUBTREE;
2982
3044
if (pb == NULL)
2985
vallen = value ? strlen(value) : 0;
2986
filter_escaped_value = slapi_ch_calloc(sizeof(char), vallen*3+1);
2987
3047
/* should not have to escape attribute names */
2988
query = slapi_ch_smprintf("(%s=%s)", attribute, escape_filter_value(value, vallen, filter_escaped_value));
2989
slapi_ch_free_string(&filter_escaped_value);
3048
query = slapi_filter_sprintf("(%s=%s%s)", attribute, ESC_NEXT_VAL, value);
2991
3050
if (query == NULL)
2994
subtree_dn = slapi_sdn_get_dn(windows_private_get_directory_subtree(ra));
2995
subtree_dn_copy = slapi_ch_strdup(subtree_dn);
3053
subtree_dn = slapi_sdn_get_dn(windows_private_get_directory_subtree(ra));
3054
subtree_dn_copy = slapi_ch_strdup(subtree_dn);
2997
3056
winsync_plugin_call_pre_ds_search_entry_cb(ra, NULL, &subtree_dn_copy, &scope, &query,
2998
3057
&attrs, &server_controls);
3011
3070
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rval);
3012
3071
if (rval != LDAP_SUCCESS)
3017
3076
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
3018
3077
if ((entries == NULL) || (entries[0] == NULL))
3022
entry_found = entries[0];
3023
for (ep = entries; *ep; ep++) {
3026
found_or_not = ENTRY_NOT_UNIQUE;
3081
entry_found = entries[0];
3082
for (ep = entries; *ep; ep++) {
3085
found_or_not = ENTRY_NOT_UNIQUE;
3031
if (entry_found && (found_or_not != ENTRY_NOT_UNIQUE))
3034
*e = slapi_entry_dup(entry_found);
3038
slapi_free_search_results_internal(pb);
3039
slapi_pblock_destroy(pb);
3041
return found_or_not;
3090
if (entry_found && (found_or_not != ENTRY_NOT_UNIQUE))
3093
*e = slapi_entry_dup(entry_found);
3097
slapi_free_search_results_internal(pb);
3098
slapi_pblock_destroy(pb);
3100
return found_or_not;