Mercurial > dovecot > original-hg > dovecot-1.2

changeset 5563:063b184597fa HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Do scheme=MD5 password!=$1$.. -> PLAIN-MD5 change only with LDAP.
author Timo Sirainen <tss@iki.fi>
date Tue, 17 Apr 2007 17:07:08 +0300
parents 24b751bc0995
children 47274663a71c
files src/auth/passdb-ldap.c src/auth/password-scheme.c src/auth/password-scheme.h
diffstat 3 files changed, 15 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/passdb-ldap.c	Tue Apr 17 15:41:26 2007 +0300
+++ b/src/auth/passdb-ldap.c	Tue Apr 17 17:07:08 2007 +0300
@@ -222,6 +222,16 @@
 	/* auth_request_set_field() sets scheme */
 	i_assert(password == NULL || scheme != NULL);
 
+	/* LDAP's RFC2307 specifies the MD5 scheme for what we call PLAIN-MD5.
+	   We can detect this case, because base64 doesn't use '$'. */
+	if (scheme != NULL && strncasecmp(scheme, "MD5", 3) == 0 &&
+	    strncmp(password, "$1$", 3) != 0) {
+		auth_request_log_debug(auth_request, "ldap",
+				       "Password doesn't look like MD5-CRYPT, "
+				       "scheme changed to PLAIN-MD5");
+		scheme = "PLAIN-MD5";
+	}
+
 	if (auth_request->credentials != -1) {
 		passdb_handle_credentials(passdb_result, password, scheme,
 			ldap_request->callback.lookup_credentials,
--- a/src/auth/password-scheme.c	Tue Apr 17 15:41:26 2007 +0300
+++ b/src/auth/password-scheme.c	Tue Apr 17 17:07:08 2007 +0300
@@ -60,14 +60,14 @@
 		return NULL;
 
 	if (strncmp(*password, "$1$", 3) == 0) {
-		/* skip the salt */
+		/* $1$<salt>$<password>[$<ignored>] */
 		p = strchr(*password + 3, '$');
 		if (p != NULL) {
-			/* stop at next '$' */
+			/* stop at next '$' after password */
 			p = strchr(p+1, '$');
 			if (p != NULL)
 				*password = t_strdup_until(*password, p);
-			return "MD5";
+			return "MD5-CRYPT";
 		}
 	}
 
@@ -80,12 +80,6 @@
 
 	scheme = t_strdup_until(*password + 1, p);
 	*password = p + 1;
-
-	/* LDAP's RFC2307 specifies the MD5 scheme for what we call LDAP-MD5.
-	   We can detect this case - base64 doesn't use '$'. */
-	if (strncasecmp(scheme, "MD5", 3) == 0 &&
-	    strncmp(*password, "$1$", 3) != 0)
-		scheme = "LDAP-MD5";
 	return scheme;
 }
 
--- a/src/auth/password-scheme.h	Tue Apr 17 15:41:26 2007 +0300
+++ b/src/auth/password-scheme.h	Tue Apr 17 17:07:08 2007 +0300
@@ -14,7 +14,8 @@
 int password_verify(const char *plaintext, const char *password,
 		    const char *scheme, const char *user);
 
-/* Extracts scheme from password, or returns NULL if it isn't found. */
+/* Extracts scheme from password, or returns NULL if it isn't found.
+   If auth_request is given, it's used for debug logging. */
 const char *password_get_scheme(const char **password);
 
 /* Create wanted password scheme out of plaintext password and username. */