Created
November 18, 2012 23:33
-
-
Save kaikuchn/4108152 to your computer and use it in GitHub Desktop.
Patch files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From a2793dbf0d2b28f1bfa2376ab0eb4e1e71c15716 Mon Sep 17 00:00:00 2001 | |
From: Kai Kuchenbecker <kuchenbecker.k@gmail.com> | |
Date: Sun, 18 Nov 2012 23:56:39 +0100 | |
Subject: [PATCH] added extensive debug-level logging | |
--- | |
src/log_pgsql.c | 18 +++++++++++++++--- | |
1 file changed, 15 insertions(+), 3 deletions(-) | |
diff --git a/src/log_pgsql.c b/src/log_pgsql.c | |
index 5442726..524f682 100644 | |
--- a/src/log_pgsql.c | |
+++ b/src/log_pgsql.c | |
@@ -516,13 +516,16 @@ void pw_pgsql_check(AuthResult * const result, | |
} | |
if (salt != NULL) { | |
+ logfile(LOG_DEBUG, "Applying salt (%s) to password user provided (%s).", salt, password); | |
int salted_pw_size = strlen(salt) + strlen(password) + 1; | |
salted_password = (char *) malloc(salted_pw_size); | |
if (strcasecmp(salting, SALT_SQL_APPEND) == 0) { | |
+ logfile(LOG_DEBUG, "Appending the salt now."); | |
strcpy(salted_password, password); | |
strcat(salted_password, salt); | |
} else if (strcasecmp(salting, SALT_SQL_PREPEND) == 0) { | |
+ logfile(LOG_DEBUG, "Prepending the salt now."); | |
strcpy(salted_password, salt); | |
strcat(salted_password, password); | |
} | |
@@ -533,32 +536,41 @@ void pw_pgsql_check(AuthResult * const result, | |
if (crypto_crypt != 0) { | |
const char *crypted; | |
- | |
+ logfile(LOG_DEBUG, "Salted Password will be crypt encrypted."); | |
if ((crypted = (const char *) crypt(salted_password, spwd)) != NULL && | |
strcmp(crypted, spwd) == 0) { | |
goto auth_ok; | |
+ } else { | |
+ logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd); | |
} | |
} | |
if (crypto_md5 != 0) { | |
const char *crypted; | |
- | |
+ logfile(LOG_DEBUG, "Salted Password will be MD5 encrypted."); | |
if ((crypted = (const char *) crypto_hash_md5(salted_password, 1)) != NULL && | |
strcmp(crypted, spwd) == 0) { | |
goto auth_ok; | |
+ } else { | |
+ logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd); | |
} | |
} | |
if (crypto_sha1 != 0) { | |
const char *crypted; | |
- | |
+ logfile(LOG_DEBUG, "Salted Password will be SHA1 encrypted."); | |
if ((crypted = (const char *) crypto_hash_sha1(salted_password, 1)) != NULL && | |
strcmp(crypted, spwd) == 0) { | |
goto auth_ok; | |
+ } else { | |
+ logfile(LOG_DEBUG, "Refused salted Password: %s. It should have matched: %s.", crypted, spwd); | |
} | |
} | |
if (crypto_plain != 0) { | |
+ logfile(LOG_DEBUG, "Plain password -> no encryption, but NULL will be refused."); | |
if (*salted_password != 0 && /* refuse null cleartext passwords */ | |
strcmp(salted_password, spwd) == 0) { | |
goto auth_ok; | |
+ } else { | |
+ logfile(LOG_DEBUG, "Refused Password: %s. It should have matched: %s.", salted_password, spwd); | |
} | |
} | |
goto bye; | |
-- | |
1.8.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 0bc6356af189ed699aadf3f4337f56b6bd7860df Mon Sep 17 00:00:00 2001 | |
From: Kai Kuchenbecker <kuchenbecker.k@gmail.com> | |
Date: Sun, 18 Nov 2012 23:37:45 +0100 | |
Subject: [PATCH] added log messages | |
--- | |
src/log_pgsql.c | 6 ++++++ | |
src/messages_en.h | 2 ++ | |
2 files changed, 8 insertions(+) | |
diff --git a/src/log_pgsql.c b/src/log_pgsql.c | |
index 978cd38..5442726 100644 | |
--- a/src/log_pgsql.c | |
+++ b/src/log_pgsql.c | |
@@ -468,6 +468,7 @@ void pw_pgsql_check(AuthResult * const result, | |
escaped_account, escaped_ip, | |
escaped_port, escaped_peer_ip, | |
escaped_decimal_ip); | |
+ if(salt == NULL) die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_INVALID_SALT, salt); | |
} | |
if ((spwd = pw_pgsql_getquery(id_sql_server, sqlreq_getpw, | |
escaped_account, escaped_ip, | |
@@ -722,6 +723,11 @@ void pw_pgsql_parse(const char * const file) | |
free(port_s); | |
port_s = NULL; | |
} | |
+ if(salting == NULL || | |
+ (strcasecmp(salting, SALT_SQL_APPEND) && strcasecmp(salting, SALT_SQL_PREPEND) && strcasecmp(salting, SALT_SQL_NONE))) | |
+ { | |
+ die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_INVALID_SALTING_METHOD, salting); | |
+ } | |
} | |
#define ZFREE(X) do { free(X); (X) = NULL; } while (0) | |
diff --git a/src/messages_en.h b/src/messages_en.h | |
index aa23af3..7877640 100644 | |
--- a/src/messages_en.h | |
+++ b/src/messages_en.h | |
@@ -227,3 +227,5 @@ | |
#define MSG_PROT_BEFORE_PBSZ "PROT must be preceded by a successful PBSZ command" | |
#define MSG_WARN_LDAP_USERPASS_EMPTY "LDAP returned no userPassword attribute, check LDAP access rights." | |
#define MSG_LDAP_INVALID_AUTH_METHOD "Invalid LDAPAuthMethod in the configuration file. Should be 'bind' or 'password'." | |
+#define MSG_INVALID_SALT "Invalid salt value returned by SQL statement. Salt value returned was: %s." | |
+#define MSG_INVALID_SALTING_METHOD "Salting method in Config File is invalid. Method is: %s." | |
-- | |
1.8.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment