# for debian this just have to be dropped in as debian/patches/99_sql_ssha.diff # and have to add LDFLAGS='-lbeecrypt -lgcrypt -lcrypt in the ./configure line before ./configure # and have to install beecrypt2-dev and libgcrypt11-dev --- cyrus-sasl-2.1.19.orig/lib/checkpw.c 2004-03-17 14:58:13.000000000 +0100 +++ cyrus-sasl-2.1.19/lib/checkpw.c 2005-01-29 23:44:55.000000000 +0100 @@ -94,6 +94,28 @@ # endif #endif +#include +#include +#include +#include + +int ssha1check(const char * orig, const char * try) { + gcry_md_hd_t handle; + memchunk* ret = b64dec(orig); + int retval; + + gcry_md_open(&handle, GCRY_MD_SHA1, 0); + gcry_md_write(handle, try, strlen(try)); + gcry_md_write(handle, ret->data+20, 4); + retval=memcmp(gcry_md_read(handle, 0), ret->data, 20); + gcry_md_close(handle); + memchunkFree(ret); + return retval==0; +} + +int cryptcheck(const char * orig, const char * try) { + return memcmp(crypt(try, orig), orig, 13)==0; +} /* we store the following secret to check plaintext passwords: * @@ -185,9 +207,24 @@ if(auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] - && !strcmp(auxprop_values[0].values[0], passwd)) { + && !strncmp(auxprop_values[0].values[0], "{plain}", 7) + && !strcmp(auxprop_values[0].values[0]+7, passwd)) { /* We have a plaintext version and it matched! */ return SASL_OK; + } else if(auxprop_values[0].name + && auxprop_values[0].values + && auxprop_values[0].values[0] + && !strncasecmp(auxprop_values[0].values[0], "{ssha}", 6) + && ssha1check(auxprop_values[0].values[0]+6, passwd)) { + /* we have a salted sha password in the database, and matched! */ + return SASL_OK; + } else if(auxprop_values[0].name + && auxprop_values[0].values + && auxprop_values[0].values[0] + && !strncmp(auxprop_values[0].values[0], "{crypt}", 7) + && cryptcheck(auxprop_values[0].values[0]+7, passwd)) { + /* we have a salted crypt password in the database, and matched! */ + return SASL_OK; } else if(auxprop_values[1].name && auxprop_values[1].values && auxprop_values[1].values[0]) {