Full_Name: Ryan Tandy
Version: master/33e12f4 RE24/b000d95
OS: Debian unstable
URL:
Submission from: (NULL) (24.68.121.206)
Hi,
The apr1 passwd plugin calls do_phk_hash with the arguments in the wrong order,
so the digest updates are done in a different order than md5crypt does. The
following patch fixes that, restoring compatibility with existing htpasswd
files.
However, existing {APR1} hashes that were generated while the bug existed are
going to be broken... I'm not sure what to do about that. :/
thanks,
Ryan
>From f9ad46e3c8264ffa1420aa3b24cfc69cae7bed65 Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan(a)nardis.ca>
Date: Sun, 1 Jun 2014 22:41:23 -0700
Subject: [PATCH] contrib passwd/apr1 fix do_phk_hash arguments
---
contrib/slapd-modules/passwd/apr1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/contrib/slapd-modules/passwd/apr1.c
b/contrib/slapd-modules/passwd/apr1.c
index ce7b8c7..463d8d1 100644
--- a/contrib/slapd-modules/passwd/apr1.c
+++ b/contrib/slapd-modules/passwd/apr1.c
@@ -143,7 +143,7 @@ static int chk_phk(
salt.bv_val = (char *) &orig_pass[sizeof(digest)];
salt.bv_len = rc - sizeof(digest);
- do_phk_hash(cred, magic, &salt, digest);
+ do_phk_hash(cred, &salt, magic, digest);
if (text)
*text = NULL;
@@ -197,7 +197,7 @@ static int hash_phk(
for (n = 0; n < salt.bv_len; n++)
salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];
- do_phk_hash(passwd, magic, &salt, digest_buf);
+ do_phk_hash(passwd, &salt, magic, digest_buf);
if (text)
*text = NULL;
--
2.0.0