[prev in list] [next in list] [prev in thread] [next in thread]
List: proftpd-committers
Subject: [ProFTPD-committers] CVS: proftpd/contrib mod_sql_passwd.c, 1.2, 1.3
From: "TJ Saunders" <castaglia () users ! sourceforge ! net>
Date: 2009-09-30 22:18:07
Message-ID: E1Mt7Uy-0007TN-FQ () ddv4jf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Update of /cvsroot/proftp/proftpd/contrib
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv28692/contrib
Modified Files:
mod_sql_passwd.c
Log Message:
Make the use of a salt configurable in terms of whether the salt is used as
a prefix or a suffix of the data to be hashed.
Index: mod_sql_passwd.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/contrib/mod_sql_passwd.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_sql_passwd.c 30 Sep 2009 20:51:44 -0000 1.2
+++ mod_sql_passwd.c 30 Sep 2009 22:18:05 -0000 1.3
@@ -52,6 +52,7 @@
static char *sql_passwd_salt = NULL;
static size_t sql_passwd_salt_len = 0;
+static unsigned int sql_passwd_salt_suffix = TRUE;
static modret_t *sql_passwd_auth(cmd_rec *cmd, const char *plaintext,
const char *ciphertext, const char *digest) {
@@ -84,9 +85,24 @@
}
EVP_DigestInit(&md_ctxt, md);
+
+ /* If a salt is configured, do we use the salt as a prefix (i.e. throw
+ * it into the digest before the user-supplied password) or as a suffix?
+ */
+
+ if (sql_passwd_salt_len > 0 &&
+ sql_passwd_salt_suffix == FALSE) {
+ /* If we have salt data, add it to the mix. */
+ pr_log_debug(DEBUG9, MOD_SQL_PASSWD_VERSION
+ ": adding %u bytes of salt data", sql_passwd_salt_len);
+ EVP_DigestUpdate(&md_ctxt, (unsigned char *) sql_passwd_salt,
+ sql_passwd_salt_len);
+ }
+
EVP_DigestUpdate(&md_ctxt, plaintext, strlen(plaintext));
- if (sql_passwd_salt_len > 0) {
+ if (sql_passwd_salt_len > 0 &&
+ sql_passwd_salt_suffix == TRUE) {
/* If we have salt data, add it to the mix. */
pr_log_debug(DEBUG9, MOD_SQL_PASSWD_VERSION
": adding %u bytes of salt data", sql_passwd_salt_len);
@@ -215,12 +231,17 @@
return PR_HANDLED(cmd);
}
-/* usage: SQLPasswordSaltFile path|"none" */
+/* usage: SQLPasswordSaltFile path|"none" ["prefix"|"suffix"] */
MODRET set_sqlpasswdsaltfile(cmd_rec *cmd) {
- CHECK_ARGS(cmd, 1);
+ if (cmd->argc < 2 ||
+ cmd->argc > 3) {
+ CONF_ERROR(cmd, "wrong number of parameters");
+ }
+
CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
- (void) add_config_param_str(cmd->argv[0], 1, cmd->argv[1]);
+ (void) add_config_param_str(cmd->argv[0], 2, cmd->argv[1],
+ cmd->argc == 3 ? cmd->argv[2] : "suffix");
return PR_HANDLED(cmd);
}
@@ -268,8 +289,11 @@
c = find_config(main_server->conf, CONF_PARAM, "SQLPasswordSaltFile", FALSE);
if (c) {
char *path;
+ char *suffix;
path = c->argv[0];
+ suffix = c->argv[1];
+
if (strcasecmp(path, "none") != 0) {
int fd;
@@ -335,7 +359,16 @@
sql_passwd_salt[sql_passwd_salt_len-1] = '\0';
sql_passwd_salt_len--;
}
-
+
+ /* Determine whether to use the obtained salt as a prefix or suffix. */
+ if (strcasecmp(suffix, "prefix") == 0) {
+ sql_passwd_salt_suffix = FALSE;
+
+ } else {
+ /* The default, for better/worse, is to use suffix the salt. */
+ sql_passwd_salt_suffix = TRUE;
+ }
+
} else {
pr_log_debug(DEBUG1, MOD_SQL_PASSWD_VERSION
": unable to read SQLPasswordSaltFile '%s': %s", path,
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
ProFTPD Committers Mailing List
proftpd-committers@proftpd.org
https://lists.sourceforge.net/lists/listinfo/proftp-committers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic