]>
Commit | Line | Data |
---|---|---|
afbe97ef | 1 | diff -ur cyrus-sasl-2.1.19.orig/Makefile.in cyrus-sasl-2.1.19/Makefile.in |
2 | --- cyrus-sasl-2.1.19.orig/Makefile.in 2005-07-04 23:59:31.000000000 +0200 | |
3 | +++ cyrus-sasl-2.1.19/Makefile.in 2005-07-05 00:04:27.000000000 +0200 | |
4 | @@ -134,7 +134,7 @@ | |
5 | JAVA_TRUE = @JAVA_TRUE@ | |
6 | LDFLAGS = @LDFLAGS@ | |
7 | LIBOBJS = @LIBOBJS@ | |
8 | -LIBS = @LIBS@ | |
9 | +LIBS = -lcrypt @LIBS@ | |
10 | LIBTOOL = @LIBTOOL@ | |
11 | LIB_CRYPT = @LIB_CRYPT@ | |
12 | LIB_DES = @LIB_DES@ | |
13 | diff -ruN cyrus-sasl-2.1.20-orig/doc/options.html cyrus-sasl-2.1.20/doc/options.html | |
14 | --- cyrus-sasl-2.1.20-orig/doc/options.html 2004-05-27 18:02:58.000000000 +0200 | |
15 | +++ cyrus-sasl-2.1.20/doc/options.html 2005-07-10 17:17:38.000000000 +0200 | |
16 | @@ -103,6 +103,14 @@ | |
17 | <TD>sasldb_path</TD><TD>sasldb plugin</TD> | |
18 | <TD>Path to sasldb file</TD><TD><tt>/etc/sasldb2</tt> (system dependant)</TD> | |
19 | <TR> | |
20 | +<TD>password_format</TD><TD></TD> | |
21 | +<TD>Method of password storage (possible values: 'plain', 'crypt', 'crypt_trad'). | |
22 | +Default 'plain' is down-compatible with earlier versions. 'crypt_trad' | |
23 | +uses old crypt format of 2 chars salt, 'crypt' automagically recognizes crypt | |
24 | +formats from md5 crypt, blowfish crypt and old crypt (2 chars salt).</TD> | |
25 | +<TD>plain</TD> | |
26 | +</TR> | |
27 | +<TR> | |
28 | <TD>sql_engine</TD><TD>SQL plugin</TD> | |
29 | <TD>Name of SQL engine to use (possible values: 'mysql', 'pgsql', 'sqlite').</TD> | |
30 | <TD><tt>mysql</tt></TD> | |
31 | diff -ruN cyrus-sasl-2.1.20-orig/lib/checkpw.c cyrus-sasl-2.1.20/lib/checkpw.c | |
32 | --- cyrus-sasl-2.1.20-orig/lib/checkpw.c 2004-03-17 14:58:13.000000000 +0100 | |
33 | +++ cyrus-sasl-2.1.20/lib/checkpw.c 2005-07-10 16:17:11.000000000 +0200 | |
34 | @@ -94,6 +94,23 @@ | |
35 | # endif | |
36 | #endif | |
37 | ||
38 | +/****************************** | |
39 | + * crypt(3) patch start * | |
40 | + ******************************/ | |
41 | +char *crypt(const char *key, const char *salt); | |
42 | + | |
43 | +/* cleartext password formats */ | |
44 | +#define PASSWORD_FORMAT_CLEARTEXT 1 | |
45 | +#define PASSWORD_FORMAT_CRYPT 2 | |
46 | +#define PASSWORD_FORMAT_CRYPTTRAD 3 | |
47 | +#define PASSWORD_SALT_BUF_LEN 22 | |
48 | + | |
49 | +/* weeds out crypt(3) password's salt */ | |
50 | +int _sasl_get_salt (char *dest, char *src, int format); | |
51 | + | |
52 | +/****************************** | |
53 | + * crypt(3) patch stop * | |
54 | + ******************************/ | |
55 | ||
56 | /* we store the following secret to check plaintext passwords: | |
57 | * | |
58 | @@ -143,7 +160,51 @@ | |
59 | "*cmusaslsecretPLAIN", | |
60 | NULL }; | |
61 | struct propval auxprop_values[3]; | |
62 | - | |
63 | + | |
64 | + /****************************** | |
65 | + * crypt(3) patch start * | |
66 | + * for password format check * | |
67 | + ******************************/ | |
68 | + sasl_getopt_t *getopt; | |
69 | + void *context; | |
70 | + const char *p = NULL; | |
71 | + /** | |
72 | + * MD5: 12 char salt | |
73 | + * BLOWFISH: 16 char salt | |
74 | + */ | |
75 | + char salt[PASSWORD_SALT_BUF_LEN]; | |
76 | + int password_format; | |
77 | + | |
78 | + /* get password format from auxprop configuration */ | |
79 | + if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { | |
80 | + getopt(context, NULL, "password_format", &p, NULL); | |
81 | + } | |
82 | + | |
83 | + /* set password format */ | |
84 | + if (p) { | |
85 | + /* | |
86 | + memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); | |
87 | + strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); | |
88 | + */ | |
89 | + /* modern, modular crypt(3) */ | |
90 | + if (strncmp(p, "crypt", 11) == 0) | |
91 | + password_format = PASSWORD_FORMAT_CRYPT; | |
92 | + /* traditional crypt(3) */ | |
93 | + else if (strncmp(p, "crypt_trad", 11) == 0) | |
94 | + password_format = PASSWORD_FORMAT_CRYPTTRAD; | |
95 | + /* cleartext password */ | |
96 | + else | |
97 | + password_format = PASSWORD_FORMAT_CLEARTEXT; | |
98 | + } else { | |
99 | + /* cleartext password */ | |
100 | + password_format = PASSWORD_FORMAT_CLEARTEXT; | |
101 | + } | |
102 | + | |
103 | + /****************************** | |
104 | + * crypt(3) patch stop * | |
105 | + * for password format check * | |
106 | + ******************************/ | |
107 | + | |
108 | if (!conn || !userstr) | |
109 | return SASL_BADPARAM; | |
110 | ||
111 | @@ -180,14 +241,31 @@ | |
112 | goto done; | |
113 | } | |
114 | ||
115 | - /* At the point this has been called, the username has been canonified | |
116 | - * and we've done the auxprop lookup. This should be easy. */ | |
117 | - if(auxprop_values[0].name | |
118 | - && auxprop_values[0].values | |
119 | - && auxprop_values[0].values[0] | |
120 | - && !strcmp(auxprop_values[0].values[0], passwd)) { | |
121 | - /* We have a plaintext version and it matched! */ | |
122 | - return SASL_OK; | |
123 | + | |
124 | + /****************************** | |
125 | + * crypt(3) patch start * | |
126 | + ******************************/ | |
127 | + | |
128 | + /* get salt */ | |
129 | + _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); | |
130 | + | |
131 | + /* crypt(3)-ed password? */ | |
132 | + if (password_format != PASSWORD_FORMAT_CLEARTEXT) { | |
133 | + /* compare password */ | |
134 | + if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) | |
135 | + return SASL_OK; | |
136 | + else | |
137 | + ret = SASL_BADAUTH; | |
138 | + } | |
139 | + else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { | |
140 | + /* compare passwords */ | |
141 | + if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) | |
142 | + return SASL_OK; | |
143 | + else | |
144 | + ret = SASL_BADAUTH; | |
145 | + /****************************** | |
146 | + * crypt(3) patch stop * | |
147 | + ******************************/ | |
148 | } else if(auxprop_values[1].name | |
149 | && auxprop_values[1].values | |
150 | && auxprop_values[1].values[0]) { | |
151 | @@ -975,3 +1053,37 @@ | |
152 | #endif | |
153 | { NULL, NULL } | |
154 | }; | |
155 | + | |
156 | +/* weeds out crypt(3) password's salt */ | |
157 | +int _sasl_get_salt (char *dest, char *src, int format) { | |
158 | + int num; /* how many characters is salt long? */ | |
159 | + switch (format) { | |
160 | + case PASSWORD_FORMAT_CRYPT: | |
161 | + /* md5 crypt */ | |
162 | + if (src[1] == '1') | |
163 | + num = 12; | |
164 | + /* blowfish crypt */ | |
165 | + else if (src[1] == '2') | |
166 | + num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; | |
167 | + /* traditional crypt */ | |
168 | + else | |
169 | + num = 2; | |
170 | + break; | |
171 | + | |
172 | + case PASSWORD_FORMAT_CRYPTTRAD: | |
173 | + num = 2; | |
174 | + break; | |
175 | + | |
176 | + default: | |
177 | + return 1; | |
178 | + } | |
179 | + | |
180 | + /* destroy destination */ | |
181 | + memset(dest, '\0', (num + 1)); | |
182 | + | |
183 | + /* copy salt to destination */ | |
184 | + strncpy(dest, src, num); | |
185 | + | |
186 | + return 1; | |
187 | +} | |
188 | + |