Patch for cyrus-sasl2 (support UNIX encrypted passwds)

From: Caleb Epstein (cae at bklyn dot org)
Date: Tue Jun 08 2004 - 14:20:42 EDT

  • Next message: Lim, Keh Boon: "RE: How to install SASL 2.1.18 in an environment with multiple ve rsions of BerkeleyDB?"

            Attached is a patch for lib/checkpw.c from the
            cyrus-sasl2-2.1.18 sources which adds support for encrypted
            passwords made by crypt(3). This is useful for integrating
            SASL authentication with (for example) Courier IMAP which
            stores passwords in the database in this form. I'm using the
            sql plugin to get passwords from the Courier IMAP database.

            The patch retains backward compatibility with all existing
            password hashing mechanisms. It is based on the patch from:

            http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/

            but has the advantage of being portable, not leaking memory,
            and keeping compatibility with the existing code.

            On Linux it is also necessary to modify the Makefile in the
            lib directory so that it pulls in $(LIB_CRYPTO)

            Let me know what you think,

    --- cyrus-sasl-2.1.18/lib/checkpw.c 2004-01-07 11:35:08.000000000 -0500
    +++ build-tree/cyrus-sasl-2.1.18/lib/checkpw.c 2004-06-08 12:02:42.000000000 -0400
    @@ -193,6 +193,8 @@
                   && auxprop_values[1].values[0]) {
             const char *db_secret = auxprop_values[1].values[0];
             sasl_secret_t *construct;
    + char salt[13];
    + char* crypted = 0;
             
             ret = _sasl_make_plain_secret(db_secret, passwd,
                                           strlen(passwd),
    @@ -205,7 +207,20 @@
                 /* password verified! */
                 ret = SASL_OK;
             } else {
    - /* passwords do not match */
    + /* Try UNIX-style encrypted password */
    + if (strncmp (auxprop_values[0].values[0], "$1$", 3) == 0) {
    + strncpy (salt, auxprop_values[0].values[0], 12);
    + salt[12] = 0;
    + } else {
    + strncpy (salt, auxprop_values[0].values[0], 2);
    + salt[3] = 0;
    + }
    +
    + crypted = crypt (passwd, salt);
    +
    + if (strcmp (db_secret, crypted) == 0)
    + ret = SASL_OK;
    + else
                 ret = SASL_BADAUTH;
             }
      

    -- 
Caleb Epstein |  bklyn . org  | Loan-department manager:  "There isn't any
    cae at    | Brooklyn Dust | fine print.  At these interest rates, we don't
bklyn dot org |   Bunny Mfg.  | need it."
  • Next message: Lim, Keh Boon: "RE: How to install SASL 2.1.18 in an environment with multiple ve rsions of BerkeleyDB?"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    		Powered By FreeBSD   Powered By FreeBSD