97 lines
2.9 KiB
Diff
97 lines
2.9 KiB
Diff
Description: This patch implements md5crypt password support
|
|
e.g.: (cpu.conf)
|
|
HASH = "md5crypt"
|
|
Author: Bas van der Vlies <basv@sara.nl>
|
|
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428829
|
|
|
|
SHA-512 should be just as easy using $6$ - patches (tested!) welcome!
|
|
|
|
--- a/src/include/util/hash.h
|
|
+++ b/src/include/util/hash.h
|
|
@@ -55,6 +55,7 @@
|
|
H_MD5,
|
|
H_SMD5,
|
|
H_CRYPT,
|
|
+ H_MD5CRYPT,
|
|
H_CLEAR,
|
|
H_UNKNOWN,
|
|
} hash_t;
|
|
--- a/src/plugins/ldap/ld.c
|
|
+++ b/src/plugins/ldap/ld.c
|
|
@@ -482,6 +482,9 @@
|
|
case H_CRYPT:
|
|
return ldap_hashes[H_CRYPT];
|
|
break;
|
|
+ case H_MD5CRYPT:
|
|
+ return ldap_hashes[H_CRYPT]; /* {crypt} too */
|
|
+ break;
|
|
case H_CLEAR:
|
|
/* FIXME: this should work so that the prefix is returned for the
|
|
correct hash but the password doesn't get encrypted */
|
|
--- a/src/util/hash.c
|
|
+++ b/src/util/hash.c
|
|
@@ -50,6 +50,7 @@
|
|
"md5",
|
|
"smd5",
|
|
"crypt",
|
|
+ "md5crypt",
|
|
"clear",
|
|
NULL
|
|
};
|
|
@@ -139,6 +140,7 @@
|
|
char * temp = NULL;
|
|
char * passphrase = NULL;
|
|
size_t plen = 0;
|
|
+ char md5salt[32];
|
|
|
|
if ( password == NULL )
|
|
return NULL;
|
|
@@ -188,6 +190,14 @@
|
|
#else
|
|
fprintf(stderr, "Your c library is missing 'crypt'\n");
|
|
#endif
|
|
+ break;
|
|
+ case H_MD5CRYPT:
|
|
+#ifdef HAVE_LIBCRYPT
|
|
+ snprintf(md5salt, sizeof(md5salt),"$1$%s", cgetSalt());
|
|
+ temp = crypt(password, md5salt);
|
|
+#else
|
|
+ fprintf(stderr, "Your c library is missing 'crypt'\n");
|
|
+#endif
|
|
break;
|
|
case H_CLEAR:
|
|
temp = password;
|
|
--- a/doc/cpu.conf.doc
|
|
+++ b/doc/cpu.conf.doc
|
|
@@ -133,7 +133,7 @@
|
|
SHADOW_FILE = "/etc/shadowfile"
|
|
|
|
# This is the default HASH to use for passwords. Currently CPU supports:
|
|
-# md5, smd5, sha1, ssha1, and crypt
|
|
+# md5, smd5, sha1, ssha1, crypt and md5crypt
|
|
# This can be modified on the command line with the -H option
|
|
HASH = "md5"
|
|
|
|
--- a/doc/man/cpu-ldap.8
|
|
+++ b/doc/man/cpu-ldap.8
|
|
@@ -62,7 +62,7 @@
|
|
by the argument. The information associated with the user will be used for
|
|
populating their LDAP entry (uid, gid, gecos, home directory, shell).
|
|
.IP "-H \fIhash\fR, --hash=\fIhash\fR"
|
|
-Hash should be one of sha1, md5, ssha1, smd5, crypt, or clear. This
|
|
+Hash should be one of sha1, md5, ssha1, smd5, crypt, md5crypt or clear. This
|
|
corresponds to the HASH configuration file variable. Select the hash that is
|
|
being used at your site.
|
|
.IP "-N \fIhostname\fR, --hostname=\fIhostname\fR"
|
|
--- a/doc/man/cpu.conf.5
|
|
+++ b/doc/man/cpu.conf.5
|
|
@@ -149,7 +149,7 @@
|
|
attributes are taken from the file (if the user is found) and used in the LDAP
|
|
entry (including the password).
|
|
.IP "\fBHASH\fR = \fBhash\fR"
|
|
-\fIhash\fR is a hash of either clear, crypt, sha1, ssha1, md5, or smd5 to be
|
|
+\fIhash\fR is a hash of either clear, md5crypt, crypt, sha1, ssha1, md5, or smd5 to be
|
|
used when hashing user passwords. This is largely implementation dependent but
|
|
all are supported. If you are taking passwords from a standard password file,
|
|
this should be clear (I think, need to check...). This can be overridden at
|