parent 823939cd2e62e1e1cd7151e8641752de7e236bee (v6.30.1)
commit cd612f3a6873fd491158281e65584d3097609d1c
Author: Michael Kromer <michael.kromer@millenux.com>
Date:   Mon Sep 14 11:55:39 2009 +0200

Support advanced glibc cryptography

Use glibc's crypt_r when available, thereby making comparison against
SHA256/SHA512 crypt hashes[1] possible.

[1] http://people.redhat.com/drepper/sha-crypt.html
---
 provider/plugins/ldappasswords.cpp |   31 ++++++++++++++++-----------
 1 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/provider/plugins/ldappasswords.cpp b/provider/plugins/ldappasswords.cpp
index 7758b92..a35def9 100644
--- a/provider/plugins/ldappasswords.cpp
+++ b/provider/plugins/ldappasswords.cpp
@@ -43,6 +43,7 @@
 #include <openssl/sha.h>
 #include <string.h>
 #include <iostream>
+#include <crypt.h>
 
 #include "ldappasswords.h"
 
@@ -113,19 +114,23 @@ static char *password_encrypt_crypt(const char *data, unsigned int len) {
 }
 
 static int password_check_crypt(const char *data, unsigned int len, const char *crypted) {
-	char salt[3];
-	char cryptbuf[32];
-
-	salt[0] = crypted[0];
-	salt[1] = crypted[1];
-	salt[2] = 0;
-
-	des_fcrypt(data, salt, cryptbuf);
-
-	if (!strcmp(cryptbuf, crypted))
-		return 0;
-	else
-		return 1;
+	auto_ptr<struct crypt_data> cd(new struct crypt_data);
+	char *ret;
+
+	FILE *fp = fopen("/tmp/zarafa.debug", "a");
+	if (fp != NULL) {
+		fprintf(fp, "data = >%s<  crypted = >%s<\n",
+			data, crypted);
+		fclose(fp);
+	}
+//	if (strncmp(crypted, "{CRYPT}", 7) == 0)
+//		crypted += 7;
+	/*
+	 * @crypted can be directly be used as salt parameter - only the actual
+	 * salt portion is used, naturally.
+	 */
+	ret = crypt_r(data, crypted, cd.get());
+	return (ret != NULL && strcmp(ret, crypted) == 0);
 }
 
 static char *password_encrypt_md5(const char *data, unsigned int len) {
-- 
# Created with git-export-patch