The Directory Server currently supports storing SHA1 hashed passwords in both plain and salted forms. It would be nice to add support for the more recent SHA2 hashing algorithms. Ideally, we would add the following password storage schemes: SHA256 SHA384 SHA512 SSHA256 SSHA384 SSHA512
Created attachment 118396 [details] CVS Diffs This implements plain and salted variations of SHA2 password storage schemes. I changed the original sha1 functions that did all of the comparison and encoding work to be more generic so that they could handle all of the SHA storage schemes. These worker functions will be called from wrapper functions that pass in which particular algorithm to use.
Created attachment 118401 [details] Revised diffs There was also a function in plugin.c that would check if the default storage scheme plugin was actually loaded before completely starting up. It was not comparing the entire scheme name however. This would cause a problem when your default scheme was "SHA" and the "SHA" plugin was not loaded. It would go through all of the loaded plugins looking for "SHA" comparing the first 3 characters. When it encountered "SHA256" (or any of the other non-salted SHA2 schemes), it would assume that they matched and the server would start up. I still wanted to use strncasecmp to be safe, so I added a check to see if the string lengths are the same before comparing the actual strings.
Created attachment 118517 [details] Re-revised diffs Rich and Noriko reminded me that static array size initialization must use constants to be legal. Certain compilers error out if this is not followed. I created a macro to use for array size initialization instead. I also added default cases for the switch statements to catch anything unexpected.
Created attachment 118533 [details] CVS Commit Checked into ldapserver. Reviewed by Rich and Noriko.
cloned bug verified and there are automated tests.