1 diff -ur cyrus-sasl-2.1.19.orig/Makefile.in cyrus-sasl-2.1.19/Makefile.in
2 --- cyrus-sasl-2.1.19.orig/Makefile.in 2005-07-04 23:59:31.000000000 +0200
3 +++ cyrus-sasl-2.1.19/Makefile.in 2005-07-05 00:04:27.000000000 +0200
5 JAVA_TRUE = @JAVA_TRUE@
11 LIB_CRYPT = @LIB_CRYPT@
13 diff -ruN cyrus-sasl-2.1.20-orig/doc/options.html cyrus-sasl-2.1.20/doc/options.html
14 --- cyrus-sasl-2.1.20-orig/doc/options.html 2004-05-27 18:02:58.000000000 +0200
15 +++ cyrus-sasl-2.1.20/doc/options.html 2005-07-10 17:17:38.000000000 +0200
17 <TD>sasldb_path</TD><TD>sasldb plugin</TD>
18 <TD>Path to sasldb file</TD><TD><tt>/etc/sasldb2</tt> (system dependant)</TD>
20 +<TD>password_format</TD><TD></TD>
21 +<TD>Method of password storage (possible values: 'plain', 'crypt', 'crypt_trad').
22 +Default 'plain' is down-compatible with earlier versions. 'crypt_trad'
23 +uses old crypt format of 2 chars salt, 'crypt' automagically recognizes crypt
24 +formats from md5 crypt, blowfish crypt and old crypt (2 chars salt).</TD>
28 <TD>sql_engine</TD><TD>SQL plugin</TD>
29 <TD>Name of SQL engine to use (possible values: 'mysql', 'pgsql', 'sqlite').</TD>
30 <TD><tt>mysql</tt></TD>
31 --- cyrus-sasl-2.1.25/lib/checkpw.c.orig 2009-12-03 20:07:01.000000000 +0100
32 +++ cyrus-sasl-2.1.25/lib/checkpw.c 2011-09-16 21:27:43.302773195 +0200
37 +/******************************
38 + * crypt(3) patch start *
39 + ******************************/
40 +char *crypt(const char *key, const char *salt);
42 +/* cleartext password formats */
43 +#define PASSWORD_FORMAT_CLEARTEXT 1
44 +#define PASSWORD_FORMAT_CRYPT 2
45 +#define PASSWORD_FORMAT_CRYPTTRAD 3
46 +#define PASSWORD_SALT_BUF_LEN 22
48 +/* weeds out crypt(3) password's salt */
49 +int _sasl_get_salt (char *dest, char *src, int format);
51 +/******************************
52 + * crypt(3) patch stop *
53 + ******************************/
55 /* we store the following secret to check plaintext passwords:
58 "*cmusaslsecretPLAIN",
60 struct propval auxprop_values[3];
63 + /******************************
64 + * crypt(3) patch start *
65 + * for password format check *
66 + ******************************/
67 + sasl_getopt_t *getopt;
69 + const char *p = NULL;
72 + * BLOWFISH: 16 char salt
74 + char salt[PASSWORD_SALT_BUF_LEN];
75 + int password_format;
77 + /* get password format from auxprop configuration */
78 + if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
79 + getopt(context, NULL, "password_format", &p, NULL);
82 + /* set password format */
85 + memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN);
86 + strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1));
88 + /* modern, modular crypt(3) */
89 + if (strncmp(p, "crypt", 11) == 0)
90 + password_format = PASSWORD_FORMAT_CRYPT;
91 + /* traditional crypt(3) */
92 + else if (strncmp(p, "crypt_trad", 11) == 0)
93 + password_format = PASSWORD_FORMAT_CRYPTTRAD;
94 + /* cleartext password */
96 + password_format = PASSWORD_FORMAT_CLEARTEXT;
98 + /* cleartext password */
99 + password_format = PASSWORD_FORMAT_CLEARTEXT;
102 + /******************************
103 + * crypt(3) patch stop *
104 + * for password format check *
105 + ******************************/
107 if (!conn || !userstr)
108 return SASL_BADPARAM;
110 @@ -188,14 +249,31 @@
114 - /* At the point this has been called, the username has been canonified
115 - * and we've done the auxprop lookup. This should be easy. */
116 - if(auxprop_values[0].name
117 - && auxprop_values[0].values
118 - && auxprop_values[0].values[0]
119 - && !strcmp(auxprop_values[0].values[0], passwd)) {
120 - /* We have a plaintext version and it matched! */
123 + /******************************
124 + * crypt(3) patch start *
125 + ******************************/
128 + _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format);
130 + /* crypt(3)-ed password? */
131 + if (password_format != PASSWORD_FORMAT_CLEARTEXT) {
132 + /* compare password */
133 + if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0)
136 + ret = SASL_BADAUTH;
138 + else if (password_format == PASSWORD_FORMAT_CLEARTEXT) {
139 + /* compare passwords */
140 + if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0)
143 + ret = SASL_BADAUTH;
144 + /******************************
145 + * crypt(3) patch stop *
146 + ******************************/
147 } else if(auxprop_values[1].name
148 && auxprop_values[1].values
149 && auxprop_values[1].values[0]) {
150 @@ -1095,3 +1173,37 @@
155 +/* weeds out crypt(3) password's salt */
156 +int _sasl_get_salt (char *dest, char *src, int format) {
157 + int num; /* how many characters is salt long? */
159 + case PASSWORD_FORMAT_CRYPT:
163 + /* blowfish crypt */
164 + else if (src[1] == '2')
165 + num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
166 + /* traditional crypt */
171 + case PASSWORD_FORMAT_CRYPTTRAD:
179 + /* destroy destination */
180 + memset(dest, '\0', (num + 1));
182 + /* copy salt to destination */
183 + strncpy(dest, src, num);