Package: cpu / 1.4.3-12

11_md5crypt-password-support.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
Description: This patch implements md5crypt password support
 e.g.: (cpu.conf)
  HASH = "md5crypt"
Author: Bas van der Vlies <basv@sara.nl>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428829

SHA-512 should be just as easy using $6$ - patches (tested!) welcome!

--- a/src/include/util/hash.h
+++ b/src/include/util/hash.h
@@ -55,6 +55,7 @@
   H_MD5,
   H_SMD5,
   H_CRYPT,
+  H_MD5CRYPT,
   H_CLEAR,
   H_UNKNOWN,
 } hash_t;
--- a/src/plugins/ldap/ld.c
+++ b/src/plugins/ldap/ld.c
@@ -482,6 +482,9 @@
     case H_CRYPT:
       return ldap_hashes[H_CRYPT];
       break;
+    case H_MD5CRYPT:
+      return ldap_hashes[H_CRYPT]; /* {crypt} too */
+      break;
     case H_CLEAR:
       /* FIXME: this should work so that the prefix is returned for the
          correct hash but the password doesn't get encrypted */
--- a/src/util/hash.c
+++ b/src/util/hash.c
@@ -50,6 +50,7 @@
   "md5",
   "smd5",
   "crypt",
+  "md5crypt",
   "clear",
   NULL
 };
@@ -139,6 +140,7 @@
   char * temp = NULL;
   char * passphrase = NULL;
   size_t plen = 0;
+  char md5salt[32];
 
   if ( password == NULL )
     return NULL;
@@ -188,6 +190,14 @@
 #else
 	fprintf(stderr, "Your c library is missing 'crypt'\n");
 #endif
+	break;
+      case H_MD5CRYPT:
+#ifdef HAVE_LIBCRYPT
+	snprintf(md5salt, sizeof(md5salt),"$1$%s", cgetSalt());
+	temp = crypt(password, md5salt);
+#else
+	fprintf(stderr, "Your c library is missing 'crypt'\n");
+#endif
 	break;
       case H_CLEAR:
 	temp = password;
--- a/doc/cpu.conf.doc
+++ b/doc/cpu.conf.doc
@@ -133,7 +133,7 @@
 SHADOW_FILE = "/etc/shadowfile"
 
 # This is the default HASH to use for passwords. Currently CPU supports:
-#  md5, smd5, sha1, ssha1, and crypt
+#  md5, smd5, sha1, ssha1, crypt and md5crypt
 # This can be modified on the command line with the -H option
 HASH = "md5"
 
--- a/doc/man/cpu-ldap.8
+++ b/doc/man/cpu-ldap.8
@@ -62,7 +62,7 @@
 by the argument. The information associated with the user will be used for
 populating their LDAP entry (uid, gid, gecos, home directory, shell).
 .IP "-H \fIhash\fR, --hash=\fIhash\fR"
-Hash should be one of sha1, md5, ssha1, smd5, crypt, or clear. This
+Hash should be one of sha1, md5, ssha1, smd5, crypt, md5crypt or clear. This
 corresponds to the HASH configuration file variable. Select the hash that is
 being used at your site.
 .IP "-N \fIhostname\fR, --hostname=\fIhostname\fR"
--- a/doc/man/cpu.conf.5
+++ b/doc/man/cpu.conf.5
@@ -149,7 +149,7 @@
 attributes are taken from the file (if the user is found) and used in the LDAP
 entry (including the password).
 .IP "\fBHASH\fR = \fBhash\fR"
-\fIhash\fR is a hash of either clear, crypt, sha1, ssha1, md5, or smd5 to be
+\fIhash\fR is a hash of either clear, md5crypt, crypt, sha1, ssha1, md5, or smd5 to be
 used when hashing user passwords. This is largely implementation dependent but
 all are supported. If you are taking passwords from a standard password file,
 this should be clear (I think, need to check...). This can be overridden at