mod_auth_mysql-3.0.0-redmine.patch

richard rigby, 2011-08-16 19:19

Download (2.81 KB)

View differences:

mod_auth_mysql-3.0.0/mod_auth_mysql.c 2011-08-16 18:03:17.000000000 +0100
288 288
static short pw_aes(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
289 289
#endif
290 290
static short pw_sha1(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
291
static short pw_sha1_rm(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
291 292
static short pw_plain(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
292 293

  
293 294
static char * format_remote_host(request_rec * r, char ** parm);
......
318 319
#if _AES
319 320
					   {"aes", SALT_REQUIRED, pw_aes},
320 321
#endif
321
					   {"sha1", NO_SALT, pw_sha1}};
322
					   {"sha1", NO_SALT, pw_sha1},
323
					   {"sha1-rm", SALT_OPTIONAL, pw_sha1_rm}};
322 324
typedef struct {		/* User formatting patterns */
323 325
  char pattern;			/* Pattern to match */
324 326
  char * (*func)(request_rec * r, char ** parm);
......
856 858
  return  strcasecmp(bin2hex(pool, scrambled_sent_pw, enc_len), real_pw) == 0;
857 859
}
858 860

  
861
/* checks SHA1 passwords - adjusted for use with redmine */
862
static short pw_sha1_rm(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt) {
863
  char salt_and_pw[500];
864
  char scrambled_pw[500];
865
  char *scrambled_sent_pw, *buffer=PCALLOC(pool, 128);
866
  char *scrambled_salt_pw, *buffer01=PCALLOC(pool, 128);
867
  short enc_len = 0;
868
  short enc_len01 = 0;
869
#ifdef APACHE2
870
  apr_sha1_base64(sent_pw, strlen(sent_pw), buffer);
871
  buffer += 5;   /* go past {SHA1} eyecatcher */
872
  scrambled_sent_pw = PCALLOC(pool, apr_base64_decode_len(buffer) + 1);
873
  enc_len = apr_base64_decode(scrambled_sent_pw, buffer);
874
  //scramble (salt+scrambled_pw) for redmine:
875
  strcpy(salt_and_pw,salt);
876
  strcpy(scrambled_pw,bin2hex(pool, scrambled_sent_pw, enc_len));
877
  //conver scrambled_pw to lower:
878
  int i;
879
  for (i = 0; scrambled_pw[i]; i++)
880
  scrambled_pw[i] =tolower(scrambled_pw[ i ]);
881
  //cat salt + scrambled_pw:
882
  strcat(salt_and_pw,scrambled_pw);
883
  apr_sha1_base64(salt_and_pw, strlen(salt_and_pw), buffer01);
884
  buffer01 += 5;   /* go past {SHA1} eyecatcher */
885
  scrambled_salt_pw = PCALLOC(pool, apr_base64_decode_len(buffer01) + 1);
886
  enc_len01 = apr_base64_decode(scrambled_salt_pw, buffer01);
887
#else
888
  ap_sha1_base64(sent_pw, strlen(sent_pw), buffer);
889
  buffer += 5;   /* go past {SHA1} eyecatcher */
890
  scrambled_sent_pw = PCALLOC(pool, ap_base64decode_len(buffer) + 1);
891
  enc_len = ap_base64decode(scrambled_sent_pw, buffer);
892
#endif
893
  scrambled_sent_pw[enc_len] = '\0';
894
  return  strcasecmp(bin2hex(pool, scrambled_salt_pw, enc_len), real_pw) == 0;
895
}
896

  
859 897
/* checks plain text passwords */
860 898
static short pw_plain(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt) {
861 899
  return strcmp(real_pw, sent_pw) == 0;