Hello everybody.
We’re using gmail for our domain down there but we sent to Google MD5 hashed
password for users, not clear text passwords. So we’re in the need to mangle
on the fly the password.
I searched the mailing list and fount hints involving pam and mysql … I think
this is not the best way for our needs.
So I started to play with source and now I do have what is, for me, a working
solution, read below.
Meanwhile I guess my approach is quite not the best one. Will be far better if
we could have something like a hook, a void function to fill-in whit local
code, to cheat with source only in that file. I’m not aware of others having
the same need around, to mangle password I mean, but I guess could be some
around so I hope the developer will consider to help us :)
Anyway here what I did. Ty for any hint.
Paolo.
In perditon.c
/* we don’t want to malloc & free more than once*/
char *gmail_passwd;
gmail_passwd = malloc(256 * sizeof (char));
/* mangle the password
pw2.pw_passwd=pw.pw_passwd;
*/
passwd_mangle(pw.pw_passwd,gmail_passwd);
pw2.pw_passwd=gmail_passwd;
In username.h
/**********************************************************************
* passwd_mangle
* MD5 encode password
**********************************************************************/
void passwd_mangle(char *old_password, char *gmail_password);
In username.c
#include <crypt.h>
#include <openssl/md5.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>
void passwd_mangle(char *old_password, char *gmail_password){
unsigned char hash[64], pwd64[64];
unsigned long bytes;
BIO *bmem, *b64;
BUF_MEM *bptr;
char *buff;
/* critto MD5 la password in chiaro, usando una funzione di libreria SSL */
bytes=strlen(old_password);
MD5(old_password, bytes, hash);
/*
Per codificare Base64 uso ancora le librerie ssl
I tipi BIO sono in pratica filtri concatenabili fra loro; quello che
scrivo da un lato esce modificato dall'altro.
In questo caso concateno un filtro che fa l'encode base64 con un
filtro che rende disponibile il risultato in una zona di memoria
*/
b64 = BIO_new(BIO_f_base64());
bmem = BIO_new(BIO_s_mem());
/* concateno */
b64 = BIO_push(b64, bmem);
/*
scrivo la password crittata MD5
OKKIO che vanno scritti sempre e comunque 16 caratteri
perche' la codifica MD5 e' un bin e potrebbe contenere qualsiasi mondezza
*/
BIO_write(b64, hash, 16);
BIO_flush(b64);
/* leggo il risultato, la faccenda e' complicata dal fatto che bisogna
fare malloc per la stringa in uscita
*/
BIO_get_mem_ptr(b64, &bptr);
buff = (char *)malloc(bptr->length);
memcpy(buff, bptr->data, bptr->length-1);
buff[bptr->length-1] = 0;
BIO_free_all(b64);
strcpy(gmail_password, "{MD5}");
strcat(gmail_password, buff);
free(buff);
}
Show replies by date