Mercurial > dovecot > original-hg > dovecot-1.2
changeset 5563:063b184597fa HEAD
Do scheme=MD5 password!=$1$.. -> PLAIN-MD5 change only with LDAP.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 17 Apr 2007 17:07:08 +0300 |
parents | 24b751bc0995 |
children | 47274663a71c |
files | src/auth/passdb-ldap.c src/auth/password-scheme.c src/auth/password-scheme.h |
diffstat | 3 files changed, 15 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/passdb-ldap.c Tue Apr 17 15:41:26 2007 +0300 +++ b/src/auth/passdb-ldap.c Tue Apr 17 17:07:08 2007 +0300 @@ -222,6 +222,16 @@ /* auth_request_set_field() sets scheme */ i_assert(password == NULL || scheme != NULL); + /* LDAP's RFC2307 specifies the MD5 scheme for what we call PLAIN-MD5. + We can detect this case, because base64 doesn't use '$'. */ + if (scheme != NULL && strncasecmp(scheme, "MD5", 3) == 0 && + strncmp(password, "$1$", 3) != 0) { + auth_request_log_debug(auth_request, "ldap", + "Password doesn't look like MD5-CRYPT, " + "scheme changed to PLAIN-MD5"); + scheme = "PLAIN-MD5"; + } + if (auth_request->credentials != -1) { passdb_handle_credentials(passdb_result, password, scheme, ldap_request->callback.lookup_credentials,
--- a/src/auth/password-scheme.c Tue Apr 17 15:41:26 2007 +0300 +++ b/src/auth/password-scheme.c Tue Apr 17 17:07:08 2007 +0300 @@ -60,14 +60,14 @@ return NULL; if (strncmp(*password, "$1$", 3) == 0) { - /* skip the salt */ + /* $1$<salt>$<password>[$<ignored>] */ p = strchr(*password + 3, '$'); if (p != NULL) { - /* stop at next '$' */ + /* stop at next '$' after password */ p = strchr(p+1, '$'); if (p != NULL) *password = t_strdup_until(*password, p); - return "MD5"; + return "MD5-CRYPT"; } } @@ -80,12 +80,6 @@ scheme = t_strdup_until(*password + 1, p); *password = p + 1; - - /* LDAP's RFC2307 specifies the MD5 scheme for what we call LDAP-MD5. - We can detect this case - base64 doesn't use '$'. */ - if (strncasecmp(scheme, "MD5", 3) == 0 && - strncmp(*password, "$1$", 3) != 0) - scheme = "LDAP-MD5"; return scheme; }
--- a/src/auth/password-scheme.h Tue Apr 17 15:41:26 2007 +0300 +++ b/src/auth/password-scheme.h Tue Apr 17 17:07:08 2007 +0300 @@ -14,7 +14,8 @@ int password_verify(const char *plaintext, const char *password, const char *scheme, const char *user); -/* Extracts scheme from password, or returns NULL if it isn't found. */ +/* Extracts scheme from password, or returns NULL if it isn't found. + If auth_request is given, it's used for debug logging. */ const char *password_get_scheme(const char **password); /* Create wanted password scheme out of plaintext password and username. */