Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 36299 Details for
Bug 58622
patch to add crypt support to cyrus-sasl
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
the patch for crypt support
cyrus-sasl-2.1.17-checkpw.c.patch (text/plain), 5.48 KB, created by
Gabriel Winckler
on 2004-07-27 21:36:16 UTC
(
hide
)
Description:
the patch for crypt support
Filename:
MIME Type:
Creator:
Gabriel Winckler
Created:
2004-07-27 21:36:16 UTC
Size:
5.48 KB
patch
obsolete
>--- lib/Makefile.in.orig Sun Dec 28 02:18:22 2003 >+++ lib/Makefile.in Sun Dec 28 01:38:47 2003 >@@ -120,7 +120,7 @@ > JAVA_TRUE = @JAVA_TRUE@ > LDFLAGS = @LDFLAGS@ > LIBOBJS = @LIBOBJS@ >-LIBS = @LIBS@ >+LIBS = -lcrypt @LIBS@ > LIBTOOL = @LIBTOOL@ > LIB_CRYPT = @LIB_CRYPT@ > LIB_DES = @LIB_DES@ >--- lib/checkpw.c.orig Sun Dec 28 02:18:33 2003 >+++ lib/checkpw.c Sun Dec 28 01:44:25 2003 >@@ -94,6 +94,13 @@ > # endif > #endif > >+/* cleartext password formats */ >+#define PASSWORD_FORMAT_CLEARTEXT 1 >+#define PASSWORD_FORMAT_CRYPT 2 >+#define PASSWORD_FORMAT_CRYPTTRAD 3 >+/* weeds out crypt(3) password's salt */ >+int _sasl_get_salt (char *dest, char *src, int format); >+ > > /* we store the following secret to check plaintext passwords: > * >@@ -143,6 +150,44 @@ > "*cmusaslsecretPLAIN", > NULL }; > struct propval auxprop_values[3]; >+ >+ /* for password format check */ >+ sasl_getopt_t *getopt; >+ void *context; >+ const char *p = NULL; >+ char pass_format_str[11]; >+ /* >+ * MD5: 12 char salt >+ * BLOWFISH: 16 char salt >+ */ >+ char salt[17]; >+ int password_format; >+ >+ /* get password format from auxprop configuration */ >+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { >+ getopt(context, NULL, "password_format", &p, NULL); >+ } >+ >+ /* set password format */ >+ if (p) { >+ strncpy(pass_format_str, p, 9); >+ >+ /* modern, modular crypt(3) */ >+ if (strncmp(pass_format_str, "crypt", 11) == 0) >+ password_format = PASSWORD_FORMAT_CRYPT; >+ /* traditional crypt(3) */ >+ else if (strncmp(pass_format_str, "crypt_trad", 11) == 0) >+ password_format = PASSWORD_FORMAT_CRYPTTRAD; >+ /* cleartext password */ >+ else >+ password_format = PASSWORD_FORMAT_CLEARTEXT; >+ >+ } else { >+ /* cleartext password */ >+ password_format = PASSWORD_FORMAT_CLEARTEXT; >+ } >+ >+ > > if (!conn || !userstr) > return SASL_BADPARAM; >@@ -182,37 +227,76 @@ > > /* At the point this has been called, the username has been canonified > * and we've done the auxprop lookup. This should be easy. */ >- if(auxprop_values[0].name >- && auxprop_values[0].values >- && auxprop_values[0].values[0] >- && !strcmp(auxprop_values[0].values[0], passwd)) { >- /* We have a plaintext version and it matched! */ >- return SASL_OK; >- } else if(auxprop_values[1].name >- && auxprop_values[1].values >- && auxprop_values[1].values[0]) { >- const char *db_secret = auxprop_values[1].values[0]; >- sasl_secret_t *construct; >- >- ret = _sasl_make_plain_secret(db_secret, passwd, >- strlen(passwd), >- &construct); >- if (ret != SASL_OK) { >- goto done; >- } >- >- if (!memcmp(db_secret, construct->data, construct->len)) { >- /* password verified! */ >- ret = SASL_OK; >- } else { >- /* passwords do not match */ >- ret = SASL_BADAUTH; >- } > >- sasl_FREE(construct); >+ /* check password, but with specified password format */ >+ if (password_format == PASSWORD_FORMAT_CRYPT) { >+ _sasl_get_salt(salt, auxprop_values[0].values[0], PASSWORD_FORMAT_CRYPT); >+ >+ /* compare passwords */ >+ if ( >+ auxprop_values[0].name && >+ auxprop_values[0].values && >+ auxprop_values[0].values[0] && >+ strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0 >+ ) { >+ return SASL_OK; >+ } else >+ ret = SASL_BADAUTH; >+ } >+ else if (password_format == PASSWORD_FORMAT_CRYPTTRAD) { >+ _sasl_get_salt(salt, auxprop_values[0].values[0], PASSWORD_FORMAT_CRYPTTRAD); >+ >+ /* compare passwords */ >+ if ( >+ auxprop_values[0].name && >+ auxprop_values[0].values && >+ auxprop_values[0].values[0] && >+ strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0 >+ ) { >+ return SASL_OK; >+ } else >+ ret = SASL_BADAUTH; >+ } >+ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { >+ >+ /* compare passwords */ >+ if ( >+ auxprop_values[0].name && >+ auxprop_values[0].values && >+ auxprop_values[0].values[0] && >+ strcmp(auxprop_values[0].values[0], passwd) == 0 >+ ) { >+ return SASL_OK; >+ } else >+ ret = SASL_BADAUTH; >+ } >+ /* original SASL checks continue here */ >+ else if (auxprop_values[1].name && >+ auxprop_values[1].values && >+ auxprop_values[1].values[0]) { >+ >+ const char *db_secret = auxprop_values[1].values[0]; >+ sasl_secret_t *construct; >+ >+ ret = _sasl_make_plain_secret(db_secret, passwd, >+ strlen(passwd), &construct); >+ >+ if (ret != SASL_OK) { >+ goto done; >+ } >+ >+ if (!memcmp(db_secret, construct->data, construct->len)) { >+ /* password verified! */ >+ ret = SASL_OK; >+ } else { >+ /* passwords do not match */ >+ ret = SASL_BADAUTH; >+ } >+ >+ sasl_FREE(construct); > } else { >- /* passwords do not match */ >- ret = SASL_BADAUTH; >+ /* passwords do not match */ >+ ret = SASL_BADAUTH; > } > > done: >@@ -664,3 +748,39 @@ > #endif > { NULL, NULL } > }; >+ >+/* weeds out crypt(3) password's salt */ >+int _sasl_get_salt (char *dest, char *src, int format) { >+ /* how many characters is salt long? */ >+ int num; >+ >+ switch (format) { >+ case PASSWORD_FORMAT_CRYPT: >+ /* md5 crypt */ >+ if (src[1] == '1') >+ num = 12; >+ /* blowfish crypt */ >+ else if (src[1] == '2') >+ num = 16; >+ /* traditional crypt */ >+ else >+ num = 2; >+ >+ break; >+ >+ case PASSWORD_FORMAT_CRYPTTRAD: >+ num = 2; >+ break; >+ >+ default: >+ num = 0; >+ } >+ >+ /* copy salt to destination */ >+ strncpy(dest, src, num); >+ >+ /* terminate string */ >+ dest[num] = '\0'; >+ >+ return 1; >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=36299">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 58622
: 36299 |
36300
