Full_Name: Ryan Tandy Version: master/33e12f4 RE24/b000d95 OS: Debian unstable URL: Submission from: (NULL) (24.68.121.206)

Hi,

The apr1 passwd plugin calls do_phk_hash with the arguments in the wrong order, so the digest updates are done in a different order than md5crypt does. The following patch fixes that, restoring compatibility with existing htpasswd files.

However, existing {APR1} hashes that were generated while the bug existed are going to be broken... I'm not sure what to do about that. :/

thanks, Ryan

From f9ad46e3c8264ffa1420aa3b24cfc69cae7bed65 Mon Sep 17 00:00:00 2001

From: Ryan Tandy ryan@nardis.ca Date: Sun, 1 Jun 2014 22:41:23 -0700 Subject: [PATCH] contrib passwd/apr1 fix do_phk_hash arguments

--- contrib/slapd-modules/passwd/apr1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contrib/slapd-modules/passwd/apr1.c b/contrib/slapd-modules/passwd/apr1.c index ce7b8c7..463d8d1 100644 --- a/contrib/slapd-modules/passwd/apr1.c +++ b/contrib/slapd-modules/passwd/apr1.c @@ -143,7 +143,7 @@ static int chk_phk( salt.bv_val = (char *) &orig_pass[sizeof(digest)]; salt.bv_len = rc - sizeof(digest);

- do_phk_hash(cred, magic, &salt, digest); + do_phk_hash(cred, &salt, magic, digest);

if (text) *text = NULL; @@ -197,7 +197,7 @@ static int hash_phk( for (n = 0; n < salt.bv_len; n++) salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];

- do_phk_hash(passwd, magic, &salt, digest_buf); + do_phk_hash(passwd, &salt, magic, digest_buf);

if (text) *text = NULL;