Lines 94-99
Link Here
|
94 |
# endif |
94 |
# endif |
95 |
#endif |
95 |
#endif |
96 |
|
96 |
|
|
|
97 |
/****************************** |
98 |
* crypt(3) patch start * |
99 |
******************************/ |
100 |
char *crypt(const char *key, const char *salt); |
101 |
|
102 |
/* cleartext password formats */ |
103 |
#define PASSWORD_FORMAT_CLEARTEXT 1 |
104 |
#define PASSWORD_FORMAT_CRYPT 2 |
105 |
#define PASSWORD_FORMAT_CRYPTTRAD 3 |
106 |
#define PASSWORD_SALT_BUF_LEN 22 |
107 |
|
108 |
/* weeds out crypt(3) password's salt */ |
109 |
int _sasl_get_salt (char *dest, char *src, int format); |
110 |
|
111 |
/****************************** |
112 |
* crypt(3) patch stop * |
113 |
******************************/ |
97 |
|
114 |
|
98 |
/* we store the following secret to check plaintext passwords: |
115 |
/* we store the following secret to check plaintext passwords: |
99 |
* |
116 |
* |
Lines 143-149
Link Here
|
143 |
"*cmusaslsecretPLAIN", |
160 |
"*cmusaslsecretPLAIN", |
144 |
NULL }; |
161 |
NULL }; |
145 |
struct propval auxprop_values[3]; |
162 |
struct propval auxprop_values[3]; |
146 |
|
163 |
|
|
|
164 |
/****************************** |
165 |
* crypt(3) patch start * |
166 |
* for password format check * |
167 |
******************************/ |
168 |
sasl_getopt_t *getopt; |
169 |
void *context; |
170 |
const char *p = NULL; |
171 |
/** |
172 |
* MD5: 12 char salt |
173 |
* BLOWFISH: 16 char salt |
174 |
*/ |
175 |
char salt[PASSWORD_SALT_BUF_LEN]; |
176 |
int password_format; |
177 |
|
178 |
/* get password format from auxprop configuration */ |
179 |
if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { |
180 |
getopt(context, NULL, "password_format", &p, NULL); |
181 |
} |
182 |
|
183 |
/* set password format */ |
184 |
if (p) { |
185 |
/* |
186 |
memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); |
187 |
strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); |
188 |
*/ |
189 |
/* modern, modular crypt(3) */ |
190 |
if (strncmp(p, "crypt", 11) == 0) |
191 |
password_format = PASSWORD_FORMAT_CRYPT; |
192 |
/* traditional crypt(3) */ |
193 |
else if (strncmp(p, "crypt_trad", 11) == 0) |
194 |
password_format = PASSWORD_FORMAT_CRYPTTRAD; |
195 |
/* cleartext password */ |
196 |
else |
197 |
password_format = PASSWORD_FORMAT_CLEARTEXT; |
198 |
} else { |
199 |
/* cleartext password */ |
200 |
password_format = PASSWORD_FORMAT_CLEARTEXT; |
201 |
} |
202 |
|
203 |
/****************************** |
204 |
* crypt(3) patch stop * |
205 |
* for password format check * |
206 |
******************************/ |
207 |
|
147 |
if (!conn || !userstr) |
208 |
if (!conn || !userstr) |
148 |
return SASL_BADPARAM; |
209 |
return SASL_BADPARAM; |
149 |
|
210 |
|
Lines 180-193
Link Here
|
180 |
goto done; |
241 |
goto done; |
181 |
} |
242 |
} |
182 |
|
243 |
|
183 |
/* At the point this has been called, the username has been canonified |
244 |
|
184 |
* and we've done the auxprop lookup. This should be easy. */ |
245 |
/****************************** |
185 |
if(auxprop_values[0].name |
246 |
* crypt(3) patch start * |
186 |
&& auxprop_values[0].values |
247 |
******************************/ |
187 |
&& auxprop_values[0].values[0] |
248 |
|
188 |
&& !strcmp(auxprop_values[0].values[0], passwd)) { |
249 |
/* get salt */ |
189 |
/* We have a plaintext version and it matched! */ |
250 |
_sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); |
190 |
return SASL_OK; |
251 |
|
|
|
252 |
/* crypt(3)-ed password? */ |
253 |
if (password_format != PASSWORD_FORMAT_CLEARTEXT) { |
254 |
/* compare password */ |
255 |
if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) |
256 |
return SASL_OK; |
257 |
else |
258 |
ret = SASL_BADAUTH; |
259 |
} |
260 |
else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { |
261 |
/* compare passwords */ |
262 |
if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) |
263 |
return SASL_OK; |
264 |
else |
265 |
ret = SASL_BADAUTH; |
266 |
/****************************** |
267 |
* crypt(3) patch stop * |
268 |
******************************/ |
191 |
} else if(auxprop_values[1].name |
269 |
} else if(auxprop_values[1].name |
192 |
&& auxprop_values[1].values |
270 |
&& auxprop_values[1].values |
193 |
&& auxprop_values[1].values[0]) { |
271 |
&& auxprop_values[1].values[0]) { |
Lines 975-977
Link Here
|
975 |
#endif |
1053 |
#endif |
976 |
{ NULL, NULL } |
1054 |
{ NULL, NULL } |
977 |
}; |
1055 |
}; |
|
|
1056 |
|
1057 |
/* weeds out crypt(3) password's salt */ |
1058 |
int _sasl_get_salt (char *dest, char *src, int format) { |
1059 |
int num; /* how many characters is salt long? */ |
1060 |
switch (format) { |
1061 |
case PASSWORD_FORMAT_CRYPT: |
1062 |
/* md5 crypt */ |
1063 |
if (src[1] == '1') |
1064 |
num = 12; |
1065 |
/* blowfish crypt */ |
1066 |
else if (src[1] == '2') |
1067 |
num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; |
1068 |
/* traditional crypt */ |
1069 |
else |
1070 |
num = 2; |
1071 |
break; |
1072 |
|
1073 |
case PASSWORD_FORMAT_CRYPTTRAD: |
1074 |
num = 2; |
1075 |
break; |
1076 |
|
1077 |
default: |
1078 |
return 1; |
1079 |
} |
1080 |
|
1081 |
/* destroy destination */ |
1082 |
memset(dest, '\0', (num + 1)); |
1083 |
|
1084 |
/* copy salt to destination */ |
1085 |
strncpy(dest, src, num); |
1086 |
|
1087 |
return 1; |
1088 |
} |
1089 |
|