[dovecot-cvs] dovecot/src/auth passdb-ldap.c, 1.60, 1.61 password-scheme.c, 1.29, 1.30 password-scheme.h, 1.9, 1.10
tss at dovecot.org
tss at dovecot.org
Tue Apr 17 17:07:11 EEST 2007
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv27116
Modified Files:
passdb-ldap.c password-scheme.c password-scheme.h
Log Message:
Do scheme=MD5 password!=$1$.. -> PLAIN-MD5 change only with LDAP.
Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -d -r1.60 -r1.61
--- passdb-ldap.c 12 Apr 2007 16:23:47 -0000 1.60
+++ passdb-ldap.c 17 Apr 2007 14:07:08 -0000 1.61
@@ -222,6 +222,16 @@
/* auth_request_set_field() sets scheme */
i_assert(password == NULL || scheme != NULL);
+ /* LDAP's RFC2307 specifies the MD5 scheme for what we call PLAIN-MD5.
+ We can detect this case, because base64 doesn't use '$'. */
+ if (scheme != NULL && strncasecmp(scheme, "MD5", 3) == 0 &&
+ strncmp(password, "$1$", 3) != 0) {
+ auth_request_log_debug(auth_request, "ldap",
+ "Password doesn't look like MD5-CRYPT, "
+ "scheme changed to PLAIN-MD5");
+ scheme = "PLAIN-MD5";
+ }
+
if (auth_request->credentials != -1) {
passdb_handle_credentials(passdb_result, password, scheme,
ldap_request->callback.lookup_credentials,
Index: password-scheme.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30
--- password-scheme.c 22 Feb 2007 14:36:01 -0000 1.29
+++ password-scheme.c 17 Apr 2007 14:07:08 -0000 1.30
@@ -60,14 +60,14 @@
return NULL;
if (strncmp(*password, "$1$", 3) == 0) {
- /* skip the salt */
+ /* $1$<salt>$<password>[$<ignored>] */
p = strchr(*password + 3, '$');
if (p != NULL) {
- /* stop at next '$' */
+ /* stop at next '$' after password */
p = strchr(p+1, '$');
if (p != NULL)
*password = t_strdup_until(*password, p);
- return "MD5";
+ return "MD5-CRYPT";
}
}
@@ -80,12 +80,6 @@
scheme = t_strdup_until(*password + 1, p);
*password = p + 1;
-
- /* LDAP's RFC2307 specifies the MD5 scheme for what we call LDAP-MD5.
- We can detect this case - base64 doesn't use '$'. */
- if (strncasecmp(scheme, "MD5", 3) == 0 &&
- strncmp(*password, "$1$", 3) != 0)
- scheme = "LDAP-MD5";
return scheme;
}
Index: password-scheme.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- password-scheme.h 12 Nov 2006 19:36:41 -0000 1.9
+++ password-scheme.h 17 Apr 2007 14:07:08 -0000 1.10
@@ -14,7 +14,8 @@
int password_verify(const char *plaintext, const char *password,
const char *scheme, const char *user);
-/* Extracts scheme from password, or returns NULL if it isn't found. */
+/* Extracts scheme from password, or returns NULL if it isn't found.
+ If auth_request is given, it's used for debug logging. */
const char *password_get_scheme(const char **password);
/* Create wanted password scheme out of plaintext password and username. */
More information about the dovecot-cvs
mailing list