[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7869) [PATCH] contrib passwd/apr1 do_phk_hash arguments

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7869) [PATCH] contrib passwd/apr1 do_phk_hash arguments
From: hyc@symas.com
Date: Thu, 17 Jul 2014 20:03:18 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

ryan@nardis.ca wrote:
> Full_Name: Ryan Tandy
> Version: master/33e12f4 RE24/b000d95
> OS: Debian unstable
> URL:
> Submission from: (NULL) (24.68.121.206)
>
>
> Hi,
>
> The apr1 passwd plugin calls do_phk_hash with the arguments in the wrong order,
> so the digest updates are done in a different order than md5crypt does. The
> following patch fixes that, restoring compatibility with existing htpasswd
> files.
>
> However, existing {APR1} hashes that were generated while the bug existed are
> going to be broken...  I'm not sure what to do about that. :/

According to ITS#6826, where this code came from originally, the generated 
{APR1} hashes are currently compatible with htpasswd. As such, your patch 
would break htpasswd compatibility. As such it seems like a bad idea to commit 
your change.
>
> thanks,
> Ryan
>
>
>
>>From f9ad46e3c8264ffa1420aa3b24cfc69cae7bed65 Mon Sep 17 00:00:00 2001
> From: Ryan Tandy <ryan@nardis.ca>
> Date: Sun, 1 Jun 2014 22:41:23 -0700
> Subject: [PATCH] contrib passwd/apr1 fix do_phk_hash arguments
>
> ---
>   contrib/slapd-modules/passwd/apr1.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/contrib/slapd-modules/passwd/apr1.c
> b/contrib/slapd-modules/passwd/apr1.c
> index ce7b8c7..463d8d1 100644
> --- a/contrib/slapd-modules/passwd/apr1.c
> +++ b/contrib/slapd-modules/passwd/apr1.c
> @@ -143,7 +143,7 @@ static int chk_phk(
>   	salt.bv_val = (char *) &orig_pass[sizeof(digest)];
>   	salt.bv_len = rc - sizeof(digest);
>
> -	do_phk_hash(cred, magic, &salt, digest);
> +	do_phk_hash(cred, &salt, magic, digest);
>
>   	if (text)
>   		*text = NULL;
> @@ -197,7 +197,7 @@ static int hash_phk(
>   	for (n = 0; n < salt.bv_len; n++)
>   		salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];
>
> -	do_phk_hash(passwd, magic, &salt, digest_buf);
> +	do_phk_hash(passwd, &salt, magic, digest_buf);
>
>   	if (text)
>   		*text = NULL;
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7899) Segfault after transaction comitted
Next by Date: Re: (ITS#7869) [PATCH] contrib passwd/apr1 do_phk_hash arguments
Index(es):
- Chronological
- Thread