checkpw with crypt password (patch)
Patrick Ben Koetter
p at state-of-mind.de
Tue Jan 8 08:28:53 UTC 2013
This breaks the plugin. It won't be able to process shared secret mechanisms
anymore.
p at rick
* Chris Ruehl <chris.ruehl at xit.com.hk>:
> Dear All,
>
> I like to submit you our patches applied to lib/checkpw.c lib/Makefile.am
>
> The patches add crypt() compare for salted crypt password.
> We use this to allow postfix using sasl read and validate crypt passwords
> for a database table (postgres).
>
> Tests are successful done on a Debian Wheezy with following configuration:
>
> /etc/postfix/sasl/smtpd.conf
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: pgsql
> password_format: crypt
> mech_list: LOGIN PLAIN
>
> sql_engine: pgsql
> sql_user: postfix
> sql_passwd: *********
> sql_hostnames: localhost
> sql_database: *******
> sql_select: select cryptpw as password from mailacct where account='%u@%r'
> sql_usessl: no
>
>
> testmaildb=> SELECT id,account,cryptpw from mailacct where id=1
> ;
> id | account | cryptpw
> ----+----------------------+------------------------------------
> 1 | tester at testdom.local | $1$.wMUVvWa$cPWzm5.zHZAqgMBcEC7fA/
> (1 row)
>
>
> Please review the patch and submit it to your upstream releases.
>
> happy new year !
>
> Cheers
> Chris
>
> #! /bin/sh /usr/share/dpatch/dpatch-run
> ## 0038_checkpw_add_cryptcmp.dpatch by <chris.ruehl at xit.com.hk>
> ##
> ## All lines beginning with `## DP:' are a description of the patch.
> ## DP: No description.
>
> @DPATCH@
> diff -urNad cyrus-sasl2-2.1.23.dfsg1/lib/checkpw.c.orig cyrus-sasl2-2.1.23.dfsg1/lib/checkpw.c
> --- cyrus-sasl2-2.1.23.dfsg1/lib/checkpw.c.orig 2013-01-03 10:14:11.420579153 +0800
> +++ cyrus-sasl2-2.1.23.dfsg1/lib/checkpw.c 2013-01-03 10:22:02.264429733 +0800
> @@ -94,6 +94,7 @@
> # endif
> #endif
>
> +extern char *crypt();
>
> /* we store the following secret to check plaintext passwords:
> *
> @@ -184,10 +185,17 @@
> * and we've done the auxprop lookup. This should be easy. */
> if(auxprop_values[0].name
> && auxprop_values[0].values
> - && auxprop_values[0].values[0]
> - && !strcmp(auxprop_values[0].values[0], passwd)) {
> - /* We have a plaintext version and it matched! */
> - return SASL_OK;
> + && auxprop_values[0].values[0] ) {
> +
> + if ( !strcmp(auxprop_values[0].values[0], passwd)) {
> + /* We have a plaintext version and it matched! */
> + return SASL_OK;
> + }
> + if ( !strcmp(auxprop_values[0].values[0], crypt(passwd, auxprop_values[0].values[0]))) {
> + /* We have a crypt version and it matched! */
> + return SASL_OK;
> + }
> +
> } else if(auxprop_values[1].name
> && auxprop_values[1].values
> && auxprop_values[1].values[0]) {
>
> diff -urNad cyrus-sasl2-2.1.25.dfsg1/lib/Makefile.am cyrus-sasl2-2.1.25.dfsg1/lib/Makefile.am.patch
> --- cyrus-sasl2-2.1.25.dfsg1/lib/Makefile.am 2013-01-03 12:14:11.000000000 +0800
> +++ cyrus-sasl2-2.1.25.dfsg1/lib/Makefile.am.patch 2013-01-03 12:17:22.392096999 +0800
> @@ -58,13 +58,14 @@
> LTLIBOBJS = @LTLIBOBJS@
> LIBOBJS = @LIBOBJS@
> LIB_DOOR= @LIB_DOOR@
> +LIB_CRYPT= @LIB_CRYPT@
>
> lib_LTLIBRARIES = libsasl2.la
>
> libsasl2_la_SOURCES = $(common_sources) $(common_headers)
> libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions
> libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions
> -libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
> +libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT)
>
> if MACOSX
> framedir = /Library/Frameworks/SASL2.framework
>
> _______________________________________________
> Pkg-cyrus-sasl2-debian-devel mailing list
> Pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel
--
Patrick Ben Koetter
p at state-of-mind.de
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list