[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tpop3d-discuss]SHA1 hashes in MySQL and more verbose debug
From: |
Chris Lightfoot |
Subject: |
Re: [tpop3d-discuss]SHA1 hashes in MySQL and more verbose debug |
Date: |
Wed, 29 Sep 2004 21:46:07 +0100 |
User-agent: |
Mutt/1.4i |
On Wed, Sep 29, 2004 at 11:36:49AM -0500, address@hidden wrote:
> Hi,
>
> I'm new to this list (and tpop3d), so excuse me if this is something
> obvious.
>
> I'm trying to set up Exim+MySQL+tpop3d auth but it is not working, I
> have 2 questions:
>
> 1.- How do i set the auth-mysql-pass-query in order to use SHA1 hashes
> in my MySQL???
>
> I saw in the documentation that only these are supported:
> ~~~~~~~~~~~~~~~~~~~
> {crypt}
> {crypt_md5}
> {plaintext}
> {mysql}
> {md5} or no prefix
> ~~~~~~~~~~~~~~~~~~~
>
> But no prefix seems to work with SHA1 hashes
SHA1 is indeed not yet supported. It's be pretty easy to
add, though:
diff -u -r1.6 password.c
--- password.c 9 Sep 2003 22:52:30 -0000 1.6
+++ password.c 29 Sep 2004 20:43:07 -0000
@@ -31,6 +31,8 @@
#define _XOPEN_SRC /* crypt(3), on some systems */
#include <unistd.h>
+#include <openssl/sha.h>
+
#include "md5.h"
#include "util.h"
@@ -272,6 +274,24 @@
log_print(LOG_ERR, _("password: %s has password type mysql,
but hash is of incorrect length %d (expecting 8 or 16)"), who, n);
return 0;
}
+ } else if (IS_SCHEME(pwhash, "{sha1}", default_crypt_scheme)) {
+ unsigned char h[20], hh[41];
+ SHA_CTX c;
+ int i;
+
+ if (strlen(realhash) != 40) {
+ log_print(LOG_ERR, _("password: %s has password type sha1, but has
is of incorrect length"), who);
+ return 0;
+ }
+
+ SHA1_Init(&c);
+ SHA1_Update(&c, pass, strlen(pass));
+ SHA1_Final(h, &c);
+
+ for (i = 0; i < 20; ++i)
+ sprintf(hh + 2 * i, "%02x", (unsigned int)h[i]);
+
+ return strcasecmp(realhash, hh) == 0;
} else if (IS_SCHEME(pwhash, "{md5}", default_crypt_scheme)) {
/* Straight MD5 password. But this might be either in hex or base64
* encoding. */
-- note that this won't compile unless tpop3d is being
linked against OpenSSL's -lcrypto for some other reason
(e.g. TLS support). You can fix that manually.
> my conf file:
> ~~~~~~~~</usr/local/etc/tpop3d.conf>~~~~~~~~~~~
> auth-mysql-pass-query: SELECT CONCAT(emp_home,'/Maildir'), \
> CONCAT('{crypt}',pwd_hash), \
> 'mailnull','maildir' \
> FROM emp \
> WHERE login='$(local_part)'
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
that looks OK.
> 2.- How do I get more useful information from the logs???
> I've tried the "log-bad-passwords:" and the server is getting the
> correct username and password, so it's not username/password the
> problem... but in the logs appears "authentication failures":
are you running with the -v option?
--
``Decommissioning is the perpetual rock
upon which we have come adrift'' (Peter Mandelson)