[ postfixadmin-Bugs-2814820 ] crypt() is not used according to specs
Brought to you by:
christian_boltz,
gingerdog
From: SourceForge.net <no...@so...> - 2009-07-19 15:42:30
|
Bugs item #2814820, was opened at 2009-06-30 22:18 Message generated for change (Comment added) made by nls You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2814820&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v 2.3 Status: Open Resolution: None Priority: 5 Private: No Submitted By: nls (nls) Assigned to: Nobody/Anonymous (nobody) Summary: crypt() is not used according to specs Initial Comment: In functions.inc.php, pacrypt() uses the php crypt() function the wrong way when processing MD5 hashes. For the salt, all 12 characters of the input password hash salt must be used, including the magic sequence and the closing dollar sign, for example: "$1$abcdefgh$". Otherwise the crypt() function generates the shorter DES password hashes and password comparison always fails. This problem has become apparent for me when I was trying to migrate a user db for postfixadmin, where user password hashes are stored as DES for some users, and as MD5 for others. pacrypt() would be able to handle both, but currently it doesn't because of the forementioned mistake. Simply using $salt = "\$1\$${split_salt[2]}\$"; solves the problem. ---------------------------------------------------------------------- Comment By: nls (nls) Date: 2009-07-19 17:42 Message: Additionally, please have a look at the official examples provided on the documentation page you have linked (and their included comments). Althought they're not explicitly formed documentation paragraphs, they seem to back what I have already said on the subject. If you see my reasoning acceptable, I'm happy to provide a patch you might want to apply. ---------------------------------------------------------------------- Comment By: nls (nls) Date: 2009-07-19 17:35 Message: Indeed, but it does work this way: if the salt length is less than 12, the short crypt sequence is used. If it is 12, then the salted MD5 crypt variant is used. If you pass the 12 characters of the salt that includes all separator dollar signs, it creates the proper MD5 hash. Otherwise it falls back to the shorter variant. I've applied the mentioned fixes in my installation and they work as I have already described; encodes both kind of hashes properly and all my users can log in. Maybe I should ask for a clarification of the PHP docs from the PHP documentation maintainers? Whatever the case, it is not working properly in PostfixAdmin right now. ---------------------------------------------------------------------- Comment By: GingerDog (gingerdog) Date: 2009-07-19 15:04 Message: err http://php.net/crypt doesn't mention anything about a trailing $ for crypt's salt field. David. ---------------------------------------------------------------------- Comment By: nls (nls) Date: 2009-06-30 23:20 Message: And one thing i forgot, related to this problem: the ereg expression is written as ereg ("\$1\$", $pw_db), and that is wrong. Instead it should be written as ereg ("\\$1\\$", $pw_db)), with double backslashes. Otherwise the if () will never evaluate true when an MD5 hash is passed. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2814820&group_id=191583 |