Permalink
Browse files

Add support for SHA1 passwords for PostgreSQL.

  • Loading branch information...
1 parent b1efe34 commit 67a7e7e845a4337daf6d8c1ccdb23aada7b0bfd8 @jedisct1 committed May 1, 2011
Showing with 17 additions and 5 deletions.
  1. +3 −3 README.PGSQL
  2. +1 −1 pureftpd-pgsql.conf
  3. +12 −1 src/log_pgsql.c
  4. +1 −0 src/log_pgsql.h
View
6 README.PGSQL
@@ -83,9 +83,9 @@ You just have to have fields with the following info:
- The user's login.
-- The user's password, in plaintext, crypt()ed format or MD5. Pure-FTPd also
-accepts the "any" value for the PGSQLCrypt field. With "any", all hashing
-functions (not plaintext) are tried.
+- The user's password, in plaintext, crypt()ed format, MD5 or SHA1.
+Pure-FTPd also accepts the "any" value for the PGSQLCrypt field.
+With "any", all hashing functions (not plaintext) are tried.
- The system uid to map the user to. This can be a numeric id or a user
name, looked up at run-time.
View
2 pureftpd-pgsql.conf
@@ -25,7 +25,7 @@ PGSQLPassword rootpw
PGSQLDatabase pureftpd
# Mandatory : how passwords are stored
-# Valid values are : "cleartext", "crypt", "md5" and "any"
+# Valid values are : "cleartext", "crypt", "md5", "sha1" and "any"
PGSQLCrypt cleartext
# In the following directives, parts of the strings are replaced at
View
13 src/log_pgsql.c
@@ -403,7 +403,7 @@ void pw_pgsql_check(AuthResult * const result,
char *escaped_decimal_ip = NULL;
char *scrambled_password = NULL;
int committed = 1;
- int crypto_crypt = 0, crypto_plain = 0, crypto_md5 = 0;
+ int crypto_crypt = 0, crypto_md5 = 0, crypto_sha1 = 0, crypto_plain = 0;
unsigned long decimal_ip_num = 0UL;
char decimal_ip[42];
char hbuf[NI_MAXHOST];
@@ -494,10 +494,13 @@ void pw_pgsql_check(AuthResult * const result,
if (strcasecmp(crypto, PASSWD_SQL_ANY) == 0) {
crypto_crypt++;
crypto_md5++;
+ crypto_sha1++;
} else if (strcasecmp(crypto, PASSWD_SQL_CRYPT) == 0) {
crypto_crypt++;
} else if (strcasecmp(crypto, PASSWD_SQL_MD5) == 0) {
crypto_md5++;
+ } else if (strcasecmp(crypto, PASSWD_SQL_SHA1) == 0) {
+ crypto_sha1++;
} else { /* default to plaintext */
crypto_plain++;
}
@@ -517,6 +520,14 @@ void pw_pgsql_check(AuthResult * const result,
goto auth_ok;
}
}
+ if (crypto_sha1 != 0) {
+ const char *crypted;
+
+ if ((crypted = (const char *) crypto_hash_sha1(password, 1)) != NULL &&
+ strcmp(crypted, spwd) == 0) {
+ goto auth_ok;
+ }
+ }
if (crypto_plain != 0) {
if (*password != 0 && /* refuse null cleartext passwords */
strcmp(password, spwd) == 0) {
View
1 src/log_pgsql.h
@@ -5,6 +5,7 @@
#define PASSWD_SQL_CLEARTEXT "cleartext"
#define PASSWD_SQL_PGSQL "password"
#define PASSWD_SQL_MD5 "md5"
+#define PASSWD_SQL_SHA1 "sha1"
#define PASSWD_SQL_ANY "any"
#define PGSQL_DEFAULT_SERVER "localhost"
#define PGSQL_DEFAULT_PORT 5432

0 comments on commit 67a7e7e

Please sign in to comment.