|
Lines 94-99
Link Here
|
| 94 |
# endif |
94 |
# endif |
| 95 |
#endif |
95 |
#endif |
| 96 |
|
96 |
|
|
|
97 |
/****************************** |
| 98 |
* crypt(3) patch start * |
| 99 |
******************************/ |
| 100 |
char *crypt(const char *key, const char *salt); |
| 101 |
|
| 102 |
/* cleartext password formats */ |
| 103 |
#define PASSWORD_FORMAT_CLEARTEXT 1 |
| 104 |
#define PASSWORD_FORMAT_CRYPT 2 |
| 105 |
#define PASSWORD_FORMAT_CRYPTTRAD 3 |
| 106 |
#define PASSWORD_SALT_BUF_LEN 22 |
| 107 |
|
| 108 |
/* weeds out crypt(3) password's salt */ |
| 109 |
int _sasl_get_salt (char *dest, char *src, int format); |
| 110 |
|
| 111 |
/****************************** |
| 112 |
* crypt(3) patch stop * |
| 113 |
******************************/ |
| 97 |
|
114 |
|
| 98 |
/* we store the following secret to check plaintext passwords: |
115 |
/* we store the following secret to check plaintext passwords: |
| 99 |
* |
116 |
* |
|
Lines 143-149
Link Here
|
| 143 |
"*cmusaslsecretPLAIN", |
160 |
"*cmusaslsecretPLAIN", |
| 144 |
NULL }; |
161 |
NULL }; |
| 145 |
struct propval auxprop_values[3]; |
162 |
struct propval auxprop_values[3]; |
| 146 |
|
163 |
|
|
|
164 |
/****************************** |
| 165 |
* crypt(3) patch start * |
| 166 |
* for password format check * |
| 167 |
******************************/ |
| 168 |
sasl_getopt_t *getopt; |
| 169 |
void *context; |
| 170 |
const char *p = NULL; |
| 171 |
/** |
| 172 |
* MD5: 12 char salt |
| 173 |
* BLOWFISH: 16 char salt |
| 174 |
*/ |
| 175 |
char salt[PASSWORD_SALT_BUF_LEN]; |
| 176 |
int password_format; |
| 177 |
|
| 178 |
/* get password format from auxprop configuration */ |
| 179 |
if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { |
| 180 |
getopt(context, NULL, "password_format", &p, NULL); |
| 181 |
} |
| 182 |
|
| 183 |
/* set password format */ |
| 184 |
if (p) { |
| 185 |
/* |
| 186 |
memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); |
| 187 |
strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); |
| 188 |
*/ |
| 189 |
/* modern, modular crypt(3) */ |
| 190 |
if (strncmp(p, "crypt", 11) == 0) |
| 191 |
password_format = PASSWORD_FORMAT_CRYPT; |
| 192 |
/* traditional crypt(3) */ |
| 193 |
else if (strncmp(p, "crypt_trad", 11) == 0) |
| 194 |
password_format = PASSWORD_FORMAT_CRYPTTRAD; |
| 195 |
/* cleartext password */ |
| 196 |
else |
| 197 |
password_format = PASSWORD_FORMAT_CLEARTEXT; |
| 198 |
} else { |
| 199 |
/* cleartext password */ |
| 200 |
password_format = PASSWORD_FORMAT_CLEARTEXT; |
| 201 |
} |
| 202 |
|
| 203 |
/****************************** |
| 204 |
* crypt(3) patch stop * |
| 205 |
* for password format check * |
| 206 |
******************************/ |
| 207 |
|
| 147 |
if (!conn || !userstr) |
208 |
if (!conn || !userstr) |
| 148 |
return SASL_BADPARAM; |
209 |
return SASL_BADPARAM; |
| 149 |
|
210 |
|
|
Lines 180-193
Link Here
|
| 180 |
goto done; |
241 |
goto done; |
| 181 |
} |
242 |
} |
| 182 |
|
243 |
|
| 183 |
/* At the point this has been called, the username has been canonified |
244 |
|
| 184 |
* and we've done the auxprop lookup. This should be easy. */ |
245 |
/****************************** |
| 185 |
if(auxprop_values[0].name |
246 |
* crypt(3) patch start * |
| 186 |
&& auxprop_values[0].values |
247 |
******************************/ |
| 187 |
&& auxprop_values[0].values[0] |
248 |
|
| 188 |
&& !strcmp(auxprop_values[0].values[0], passwd)) { |
249 |
/* get salt */ |
| 189 |
/* We have a plaintext version and it matched! */ |
250 |
_sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); |
| 190 |
return SASL_OK; |
251 |
|
|
|
252 |
/* crypt(3)-ed password? */ |
| 253 |
if (password_format != PASSWORD_FORMAT_CLEARTEXT) { |
| 254 |
/* compare password */ |
| 255 |
if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) |
| 256 |
return SASL_OK; |
| 257 |
else |
| 258 |
ret = SASL_BADAUTH; |
| 259 |
} |
| 260 |
else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { |
| 261 |
/* compare passwords */ |
| 262 |
if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) |
| 263 |
return SASL_OK; |
| 264 |
else |
| 265 |
ret = SASL_BADAUTH; |
| 266 |
/****************************** |
| 267 |
* crypt(3) patch stop * |
| 268 |
******************************/ |
| 191 |
} else if(auxprop_values[1].name |
269 |
} else if(auxprop_values[1].name |
| 192 |
&& auxprop_values[1].values |
270 |
&& auxprop_values[1].values |
| 193 |
&& auxprop_values[1].values[0]) { |
271 |
&& auxprop_values[1].values[0]) { |
|
Lines 975-977
Link Here
|
| 975 |
#endif |
1053 |
#endif |
| 976 |
{ NULL, NULL } |
1054 |
{ NULL, NULL } |
| 977 |
}; |
1055 |
}; |
|
|
1056 |
|
| 1057 |
/* weeds out crypt(3) password's salt */ |
| 1058 |
int _sasl_get_salt (char *dest, char *src, int format) { |
| 1059 |
int num; /* how many characters is salt long? */ |
| 1060 |
switch (format) { |
| 1061 |
case PASSWORD_FORMAT_CRYPT: |
| 1062 |
/* md5 crypt */ |
| 1063 |
if (src[1] == '1') |
| 1064 |
num = 12; |
| 1065 |
/* blowfish crypt */ |
| 1066 |
else if (src[1] == '2') |
| 1067 |
num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; |
| 1068 |
/* traditional crypt */ |
| 1069 |
else |
| 1070 |
num = 2; |
| 1071 |
break; |
| 1072 |
|
| 1073 |
case PASSWORD_FORMAT_CRYPTTRAD: |
| 1074 |
num = 2; |
| 1075 |
break; |
| 1076 |
|
| 1077 |
default: |
| 1078 |
return 1; |
| 1079 |
} |
| 1080 |
|
| 1081 |
/* destroy destination */ |
| 1082 |
memset(dest, '\0', (num + 1)); |
| 1083 |
|
| 1084 |
/* copy salt to destination */ |
| 1085 |
strncpy(dest, src, num); |
| 1086 |
|
| 1087 |
return 1; |
| 1088 |
} |
| 1089 |
|
