]>
Commit | Line | Data |
---|---|---|
afbe97ef | 1 | diff -ur cyrus-sasl-2.1.19.orig/Makefile.in cyrus-sasl-2.1.19/Makefile.in |
2 | --- cyrus-sasl-2.1.19.orig/Makefile.in 2005-07-04 23:59:31.000000000 +0200 | |
3 | +++ cyrus-sasl-2.1.19/Makefile.in 2005-07-05 00:04:27.000000000 +0200 | |
4 | @@ -134,7 +134,7 @@ | |
5 | JAVA_TRUE = @JAVA_TRUE@ | |
6 | LDFLAGS = @LDFLAGS@ | |
7 | LIBOBJS = @LIBOBJS@ | |
8 | -LIBS = @LIBS@ | |
9 | +LIBS = -lcrypt @LIBS@ | |
10 | LIBTOOL = @LIBTOOL@ | |
11 | LIB_CRYPT = @LIB_CRYPT@ | |
12 | LIB_DES = @LIB_DES@ | |
13 | diff -ruN cyrus-sasl-2.1.20-orig/doc/options.html cyrus-sasl-2.1.20/doc/options.html | |
14 | --- cyrus-sasl-2.1.20-orig/doc/options.html 2004-05-27 18:02:58.000000000 +0200 | |
15 | +++ cyrus-sasl-2.1.20/doc/options.html 2005-07-10 17:17:38.000000000 +0200 | |
16 | @@ -103,6 +103,14 @@ | |
17 | <TD>sasldb_path</TD><TD>sasldb plugin</TD> | |
18 | <TD>Path to sasldb file</TD><TD><tt>/etc/sasldb2</tt> (system dependant)</TD> | |
19 | <TR> | |
20 | +<TD>password_format</TD><TD></TD> | |
21 | +<TD>Method of password storage (possible values: 'plain', 'crypt', 'crypt_trad'). | |
22 | +Default 'plain' is down-compatible with earlier versions. 'crypt_trad' | |
23 | +uses old crypt format of 2 chars salt, 'crypt' automagically recognizes crypt | |
24 | +formats from md5 crypt, blowfish crypt and old crypt (2 chars salt).</TD> | |
25 | +<TD>plain</TD> | |
26 | +</TR> | |
27 | +<TR> | |
28 | <TD>sql_engine</TD><TD>SQL plugin</TD> | |
29 | <TD>Name of SQL engine to use (possible values: 'mysql', 'pgsql', 'sqlite').</TD> | |
30 | <TD><tt>mysql</tt></TD> | |
94e6777d JB |
31 | --- cyrus-sasl-2.1.25/lib/checkpw.c.orig 2009-12-03 20:07:01.000000000 +0100 |
32 | +++ cyrus-sasl-2.1.25/lib/checkpw.c 2011-09-16 21:27:43.302773195 +0200 | |
33 | @@ -95,6 +95,23 @@ | |
afbe97ef | 34 | # endif |
35 | #endif | |
36 | ||
37 | +/****************************** | |
38 | + * crypt(3) patch start * | |
39 | + ******************************/ | |
40 | +char *crypt(const char *key, const char *salt); | |
41 | + | |
42 | +/* cleartext password formats */ | |
43 | +#define PASSWORD_FORMAT_CLEARTEXT 1 | |
44 | +#define PASSWORD_FORMAT_CRYPT 2 | |
45 | +#define PASSWORD_FORMAT_CRYPTTRAD 3 | |
46 | +#define PASSWORD_SALT_BUF_LEN 22 | |
47 | + | |
48 | +/* weeds out crypt(3) password's salt */ | |
49 | +int _sasl_get_salt (char *dest, char *src, int format); | |
50 | + | |
51 | +/****************************** | |
52 | + * crypt(3) patch stop * | |
53 | + ******************************/ | |
54 | ||
55 | /* we store the following secret to check plaintext passwords: | |
56 | * | |
94e6777d | 57 | @@ -142,7 +159,51 @@ |
afbe97ef | 58 | "*cmusaslsecretPLAIN", |
59 | NULL }; | |
60 | struct propval auxprop_values[3]; | |
61 | - | |
62 | + | |
63 | + /****************************** | |
64 | + * crypt(3) patch start * | |
65 | + * for password format check * | |
66 | + ******************************/ | |
67 | + sasl_getopt_t *getopt; | |
68 | + void *context; | |
69 | + const char *p = NULL; | |
70 | + /** | |
71 | + * MD5: 12 char salt | |
72 | + * BLOWFISH: 16 char salt | |
73 | + */ | |
74 | + char salt[PASSWORD_SALT_BUF_LEN]; | |
75 | + int password_format; | |
76 | + | |
77 | + /* get password format from auxprop configuration */ | |
78 | + if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { | |
79 | + getopt(context, NULL, "password_format", &p, NULL); | |
80 | + } | |
81 | + | |
82 | + /* set password format */ | |
83 | + if (p) { | |
84 | + /* | |
85 | + memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); | |
86 | + strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); | |
87 | + */ | |
88 | + /* modern, modular crypt(3) */ | |
89 | + if (strncmp(p, "crypt", 11) == 0) | |
90 | + password_format = PASSWORD_FORMAT_CRYPT; | |
91 | + /* traditional crypt(3) */ | |
92 | + else if (strncmp(p, "crypt_trad", 11) == 0) | |
93 | + password_format = PASSWORD_FORMAT_CRYPTTRAD; | |
94 | + /* cleartext password */ | |
95 | + else | |
96 | + password_format = PASSWORD_FORMAT_CLEARTEXT; | |
97 | + } else { | |
98 | + /* cleartext password */ | |
99 | + password_format = PASSWORD_FORMAT_CLEARTEXT; | |
100 | + } | |
101 | + | |
102 | + /****************************** | |
103 | + * crypt(3) patch stop * | |
104 | + * for password format check * | |
105 | + ******************************/ | |
106 | + | |
107 | if (!conn || !userstr) | |
108 | return SASL_BADPARAM; | |
109 | ||
94e6777d JB |
110 | @@ -188,14 +249,31 @@ |
111 | return SASL_NOUSER; | |
afbe97ef | 112 | } |
94e6777d | 113 | |
afbe97ef | 114 | - /* At the point this has been called, the username has been canonified |
115 | - * and we've done the auxprop lookup. This should be easy. */ | |
116 | - if(auxprop_values[0].name | |
117 | - && auxprop_values[0].values | |
118 | - && auxprop_values[0].values[0] | |
119 | - && !strcmp(auxprop_values[0].values[0], passwd)) { | |
120 | - /* We have a plaintext version and it matched! */ | |
121 | - return SASL_OK; | |
122 | + | |
123 | + /****************************** | |
124 | + * crypt(3) patch start * | |
125 | + ******************************/ | |
126 | + | |
127 | + /* get salt */ | |
128 | + _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); | |
129 | + | |
130 | + /* crypt(3)-ed password? */ | |
131 | + if (password_format != PASSWORD_FORMAT_CLEARTEXT) { | |
132 | + /* compare password */ | |
133 | + if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) | |
134 | + return SASL_OK; | |
135 | + else | |
136 | + ret = SASL_BADAUTH; | |
137 | + } | |
138 | + else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { | |
139 | + /* compare passwords */ | |
140 | + if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) | |
141 | + return SASL_OK; | |
142 | + else | |
143 | + ret = SASL_BADAUTH; | |
144 | + /****************************** | |
145 | + * crypt(3) patch stop * | |
146 | + ******************************/ | |
147 | } else if(auxprop_values[1].name | |
148 | && auxprop_values[1].values | |
149 | && auxprop_values[1].values[0]) { | |
94e6777d JB |
150 | @@ -1095,3 +1173,37 @@ |
151 | #endif | |
afbe97ef | 152 | { NULL, NULL } |
153 | }; | |
154 | + | |
155 | +/* weeds out crypt(3) password's salt */ | |
156 | +int _sasl_get_salt (char *dest, char *src, int format) { | |
157 | + int num; /* how many characters is salt long? */ | |
158 | + switch (format) { | |
159 | + case PASSWORD_FORMAT_CRYPT: | |
160 | + /* md5 crypt */ | |
161 | + if (src[1] == '1') | |
162 | + num = 12; | |
163 | + /* blowfish crypt */ | |
164 | + else if (src[1] == '2') | |
165 | + num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; | |
166 | + /* traditional crypt */ | |
167 | + else | |
168 | + num = 2; | |
169 | + break; | |
170 | + | |
171 | + case PASSWORD_FORMAT_CRYPTTRAD: | |
172 | + num = 2; | |
173 | + break; | |
174 | + | |
175 | + default: | |
176 | + return 1; | |
177 | + } | |
178 | + | |
179 | + /* destroy destination */ | |
180 | + memset(dest, '\0', (num + 1)); | |
181 | + | |
182 | + /* copy salt to destination */ | |
183 | + strncpy(dest, src, num); | |
184 | + | |
185 | + return 1; | |
186 | +} | |
187 | + |