0000703: Support for crypt passwords - SOGo | BTS

ID	Project	Category	View Status	Date Submitted	Last Update

0000703	SOGo	Backend General	public	2010-07-23 07:11	2010-08-03 15:00

Reporter	gpapp	Assigned To	ludovic
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	1.3.0
Target Version	1.3.1	Fixed in Version	1.3.1

Summary	0000703: Support for crypt passwords
Description	Me, like many others, use virtual mail servers. Several of these use md5crypt instead of MD5 to store the password hashes. Migrating these passwords are not possible due to the nature of hashing, and it's a pain to force all users to change their passwords. Sam Mulvey has kindly created a patch to support crypt as a password backend, I've been using a patched version of 1.2.0 and now 1.3.0 and it works perfectly. (the link to his post: http://mail.opengroupware.org/pipermail/sogo/2010-February/005083.html) It would be great if the patch were included in the source.
Additional Information	Hi, I'm trying to implement SOGo on top of my mail system which is already using MySQL to auth users. The idea is that anyone with a mail account has access into SOGo. I've created a view on the auth table which matches what SOGo is expecting, but unfortunately my passwords are stored in md5crypt, a system which SOGo doesn't recognize. I thought about switching my crypt system to straight md5, but I thought it would be nice if SOGo could support md5crypt and thereby not require my users to change passwords. I tried to figure out how I could make that happen using the OpenSSL libs, but I couldn't figure it out. Instead, I just made a call to the system crypt(), which is different depending on what OS you're on, but most of them (all of the ones I use) support md5crypt. I can't imagine I'm going to be the only person in this situation so I thought this, or something that accomplishes this but is actually written by someone who knows what they're doing in objc, would be something useful in future versions of SOGo. The patch is at the end of this message. It warns about an implicit declaration of crypt, something I haven't figured out how to get rid of in this situation. -Sam START diff -Naur SOGo-1.2.0.orig/SoObjects/SOGo/GNUmakefile.preamble SOGo-1.2.0.patched/SoObjects/SOGo/GNUmakefile.preamble --- SOGo-1.2.0.orig/SoObjects/SOGo/GNUmakefile.preamble 2010-02-10 23:56:33.392046926 -0800 +++ SOGo-1.2.0.patched/SoObjects/SOGo/GNUmakefile.preamble 2010-02-10 23:57:35.378837153 -0800 @@ -24,4 +24,4 @@ -lNGCards \ -lNGLdap \ -lNGExtensions -lEOControl \ -lDOM -lSaxObjC -lDOM -lSaxObjC -lcrypt diff -Naur SOGo-1.2.0.orig/SoObjects/SOGo/SQLSource.m SOGo-1.2.0.patched/SoObjects/SOGo/SQLSource.m --- SOGo-1.2.0.orig/SoObjects/SOGo/SQLSource.m 2010-02-10 23:56:33.378553269 -0800 +++ SOGo-1.2.0.patched/SoObjects/SOGo/SQLSource.m 2010-02-10 23:57:35.382190532 -0800 @@ -20,6 +20,8 @@ Boston, MA 02111-1307, USA. / =20 +#include <unistd.h> #import <Foundation/NSArray.h> #import <Foundation/NSObject.h> #import <Foundation/NSDictionary.h> @@ -137,6 +139,25 @@ { return [plainPassword isEqualToString: encryptedPassword]; } / CRYPT START* / else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"crypt"] NSOrderedSame) { char buf; buf =3D (char ) crypt([plainPassword UTF8String], [encryptedPassword UTF8String]); NSString s =3D [NSString stringWithUTF8String: buf]; / [self logWithFormat: @"CRYPT: %@ to %@ to %@", plainPassword, s, encryptedPassword]; / return [s isEqualToString: encryptedPassword]; } / CRYPT END* / else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"md5"] NSOrderedSame) { NSString s; END*
Tags	No tags attached.

Date Modified	Username	Field	Change
2010-07-23 07:11	gpapp	New Issue
2010-07-27 15:50	ludovic	Status	new => assigned
2010-07-27 15:50	ludovic	Assigned To	=> ludovic
2010-07-27 15:50	ludovic	Target Version	=> 1.3.1
2010-08-03 15:00	ludovic	Note Added: 0001268
2010-08-03 15:00	ludovic	Status	assigned => resolved
2010-08-03 15:00	ludovic	Fixed in Version	=> 1.3.1
2010-08-03 15:00	ludovic	Resolution	open => fixed