kaikuchn/add_debug_info.patch

## add_debug_info.patch
From a2793dbf0d2b28f1bfa2376ab0eb4e1e71c15716 Mon Sep 17 00:00:00 2001
From: Kai Kuchenbecker <kuchenbecker.k@gmail.com>
Date: Sun, 18 Nov 2012 23:56:39 +0100
Subject: [PATCH] added extensive debug-level logging

---
 src/log_pgsql.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/log_pgsql.c b/src/log_pgsql.c
index 5442726..524f682 100644
--- a/src/log_pgsql.c
+++ b/src/log_pgsql.c
@@ -516,13 +516,16 @@ void pw_pgsql_check(AuthResult * const result,
     }

     if (salt != NULL) {
+        logfile(LOG_DEBUG, "Applying salt (%s) to password user provided (%s).", salt, password);
         int salted_pw_size = strlen(salt) + strlen(password) + 1;
         salted_password = (char *) malloc(salted_pw_size);

         if (strcasecmp(salting, SALT_SQL_APPEND) == 0) {
+            logfile(LOG_DEBUG, "Appending the salt now.");
             strcpy(salted_password, password);
             strcat(salted_password, salt);
         } else if (strcasecmp(salting, SALT_SQL_PREPEND) == 0) {
+            logfile(LOG_DEBUG, "Prepending the salt now.");
             strcpy(salted_password, salt);
             strcat(salted_password, password);
         }
@@ -533,32 +536,41 @@ void pw_pgsql_check(AuthResult * const result,

     if (crypto_crypt != 0) {
         const char *crypted;
-
+        logfile(LOG_DEBUG, "Salted Password will be crypt encrypted.");
         if ((crypted = (const char *) crypt(salted_password, spwd)) != NULL &&
             strcmp(crypted, spwd) == 0) {
             goto auth_ok;
+        } else {
+            logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd);
         }
     }
     if (crypto_md5 != 0) {
         const char *crypted;
-
+        logfile(LOG_DEBUG, "Salted Password will be MD5 encrypted.");
         if ((crypted = (const char *) crypto_hash_md5(salted_password, 1)) != NULL &&
             strcmp(crypted, spwd) == 0) {
             goto auth_ok;
+        } else {
+            logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd);
         }
     }
     if (crypto_sha1 != 0) {
         const char *crypted;
-
+        logfile(LOG_DEBUG, "Salted Password will be SHA1 encrypted.");
         if ((crypted = (const char *) crypto_hash_sha1(salted_password, 1)) != NULL &&
             strcmp(crypted, spwd) == 0) {
             goto auth_ok;
+        } else {
+            logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd);
         }
     }
     if (crypto_plain != 0) {
+        logfile(LOG_DEBUG, "Plain password -> no encryption, but NULL will be refused.");
         if (*salted_password != 0 &&    /* refuse null cleartext passwords */
             strcmp(salted_password, spwd) == 0) {
             goto auth_ok;
+        } else {
+            logfile(LOG_DEBUG, "Refused Password: %s. It should have matched: %s.", salted_password, spwd);
         }
     }
     goto bye;
--
1.8.0

## add_log_messages.patch
From 0bc6356af189ed699aadf3f4337f56b6bd7860df Mon Sep 17 00:00:00 2001
From: Kai Kuchenbecker <kuchenbecker.k@gmail.com>
Date: Sun, 18 Nov 2012 23:37:45 +0100
Subject: [PATCH] added log messages

---
 src/log_pgsql.c   | 6 ++++++
 src/messages_en.h | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/src/log_pgsql.c b/src/log_pgsql.c
index 978cd38..5442726 100644
--- a/src/log_pgsql.c
+++ b/src/log_pgsql.c
@@ -468,6 +468,7 @@ void pw_pgsql_check(AuthResult * const result,
                                  escaped_account, escaped_ip,
                                  escaped_port, escaped_peer_ip,
                                  escaped_decimal_ip);
+        if(salt == NULL) die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_INVALID_SALT, salt);
     }
     if ((spwd = pw_pgsql_getquery(id_sql_server, sqlreq_getpw,
                                   escaped_account, escaped_ip,
@@ -722,6 +723,11 @@ void pw_pgsql_parse(const char * const file)
         free(port_s);
         port_s = NULL;
     }
+    if(salting == NULL ||
+        (strcasecmp(salting, SALT_SQL_APPEND) && strcasecmp(salting, SALT_SQL_PREPEND) && strcasecmp(salting, SALT_SQL_NONE)))
+    {
+        die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_INVALID_SALTING_METHOD, salting);
+    }
 }

 #define ZFREE(X) do { free(X); (X) = NULL; } while (0)
diff --git a/src/messages_en.h b/src/messages_en.h
index aa23af3..7877640 100644
--- a/src/messages_en.h
+++ b/src/messages_en.h
@@ -227,3 +227,5 @@
 #define MSG_PROT_BEFORE_PBSZ "PROT must be preceded by a successful PBSZ command"
 #define MSG_WARN_LDAP_USERPASS_EMPTY "LDAP returned no userPassword attribute, check LDAP access rights."
 #define MSG_LDAP_INVALID_AUTH_METHOD "Invalid LDAPAuthMethod in the configuration file. Should be 'bind' or 'password'."
+#define MSG_INVALID_SALT "Invalid salt value returned by SQL statement. Salt value returned was: %s."
+#define MSG_INVALID_SALTING_METHOD "Salting method in Config File is invalid. Method is: %s."
--
1.8.0
	From a2793dbf0d2b28f1bfa2376ab0eb4e1e71c15716 Mon Sep 17 00:00:00 2001
	From: Kai Kuchenbecker <kuchenbecker.k@gmail.com>
	Date: Sun, 18 Nov 2012 23:56:39 +0100
	Subject: [PATCH] added extensive debug-level logging

	---
	src/log_pgsql.c \| 18 +++++++++++++++---
	1 file changed, 15 insertions(+), 3 deletions(-)

	diff --git a/src/log_pgsql.c b/src/log_pgsql.c
	index 5442726..524f682 100644
	--- a/src/log_pgsql.c
	+++ b/src/log_pgsql.c
	@@ -516,13 +516,16 @@ void pw_pgsql_check(AuthResult * const result,
	}

	if (salt != NULL) {
	+ logfile(LOG_DEBUG, "Applying salt (%s) to password user provided (%s).", salt, password);
	int salted_pw_size = strlen(salt) + strlen(password) + 1;
	salted_password = (char *) malloc(salted_pw_size);

	if (strcasecmp(salting, SALT_SQL_APPEND) == 0) {
	+ logfile(LOG_DEBUG, "Appending the salt now.");
	strcpy(salted_password, password);
	strcat(salted_password, salt);
	} else if (strcasecmp(salting, SALT_SQL_PREPEND) == 0) {
	+ logfile(LOG_DEBUG, "Prepending the salt now.");
	strcpy(salted_password, salt);
	strcat(salted_password, password);
	}
	@@ -533,32 +536,41 @@ void pw_pgsql_check(AuthResult * const result,

	if (crypto_crypt != 0) {
	const char *crypted;
	-
	+ logfile(LOG_DEBUG, "Salted Password will be crypt encrypted.");
	if ((crypted = (const char *) crypt(salted_password, spwd)) != NULL &&
	strcmp(crypted, spwd) == 0) {
	goto auth_ok;
	+ } else {
	+ logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd);
	}
	}
	if (crypto_md5 != 0) {
	const char *crypted;
	-
	+ logfile(LOG_DEBUG, "Salted Password will be MD5 encrypted.");
	if ((crypted = (const char *) crypto_hash_md5(salted_password, 1)) != NULL &&
	strcmp(crypted, spwd) == 0) {
	goto auth_ok;
	+ } else {
	+ logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd);
	}
	}
	if (crypto_sha1 != 0) {
	const char *crypted;
	-
	+ logfile(LOG_DEBUG, "Salted Password will be SHA1 encrypted.");
	if ((crypted = (const char *) crypto_hash_sha1(salted_password, 1)) != NULL &&
	strcmp(crypted, spwd) == 0) {
	goto auth_ok;
	+ } else {
	+ logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd);
	}
	}
	if (crypto_plain != 0) {
	+ logfile(LOG_DEBUG, "Plain password -> no encryption, but NULL will be refused.");
	if (salted_password != 0 && / refuse null cleartext passwords */
	strcmp(salted_password, spwd) == 0) {
	goto auth_ok;
	+ } else {
	+ logfile(LOG_DEBUG, "Refused Password: %s. It should have matched: %s.", salted_password, spwd);
	}
	}
	goto bye;
	--
	1.8.0
	From 0bc6356af189ed699aadf3f4337f56b6bd7860df Mon Sep 17 00:00:00 2001
	From: Kai Kuchenbecker <kuchenbecker.k@gmail.com>
	Date: Sun, 18 Nov 2012 23:37:45 +0100
	Subject: [PATCH] added log messages

	---
	src/log_pgsql.c \| 6 ++++++
	src/messages_en.h \| 2 ++
	2 files changed, 8 insertions(+)

	diff --git a/src/log_pgsql.c b/src/log_pgsql.c
	index 978cd38..5442726 100644
	--- a/src/log_pgsql.c
	+++ b/src/log_pgsql.c
	@@ -468,6 +468,7 @@ void pw_pgsql_check(AuthResult * const result,
	escaped_account, escaped_ip,
	escaped_port, escaped_peer_ip,
	escaped_decimal_ip);
	+ if(salt == NULL) die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_INVALID_SALT, salt);
	}
	if ((spwd = pw_pgsql_getquery(id_sql_server, sqlreq_getpw,
	escaped_account, escaped_ip,
	@@ -722,6 +723,11 @@ void pw_pgsql_parse(const char * const file)
	free(port_s);
	port_s = NULL;
	}
	+ if(salting == NULL \|\|
	+ (strcasecmp(salting, SALT_SQL_APPEND) && strcasecmp(salting, SALT_SQL_PREPEND) && strcasecmp(salting, SALT_SQL_NONE)))
	+ {
	+ die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_INVALID_SALTING_METHOD, salting);
	+ }
	}

	#define ZFREE(X) do { free(X); (X) = NULL; } while (0)
	diff --git a/src/messages_en.h b/src/messages_en.h
	index aa23af3..7877640 100644
	--- a/src/messages_en.h
	+++ b/src/messages_en.h
	@@ -227,3 +227,5 @@
	#define MSG_PROT_BEFORE_PBSZ "PROT must be preceded by a successful PBSZ command"
	#define MSG_WARN_LDAP_USERPASS_EMPTY "LDAP returned no userPassword attribute, check LDAP access rights."
	#define MSG_LDAP_INVALID_AUTH_METHOD "Invalid LDAPAuthMethod in the configuration file. Should be 'bind' or 'password'."
	+#define MSG_INVALID_SALT "Invalid salt value returned by SQL statement. Salt value returned was: %s."
	+#define MSG_INVALID_SALTING_METHOD "Salting method in Config File is invalid. Method is: %s."
	--
	1.8.0