From 6a78c1e07c6e7fd2561f031d7e25153aac746e00 Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Wed, 9 Jul 2025 10:37:24 -0400 Subject: [PATCH] User password is now inserted in hash --- lib/lvleml.c | 9 +-------- lib/unidig.c | 4 ++-- lib/unidig.h | 2 +- sql/datatest.sql | 16 ++++++++-------- sql/mailleur.sql | 5 +---- sql/trigger | 25 ------------------------- 6 files changed, 13 insertions(+), 48 deletions(-) delete mode 100644 sql/trigger diff --git a/lib/lvleml.c b/lib/lvleml.c index 7f8aa28..2b20068 100644 --- a/lib/lvleml.c +++ b/lib/lvleml.c @@ -533,8 +533,6 @@ static void get_auth_digest_md5(CONTYP *contact,char **rmtpass) char *challenge; RSPTYP *resp; -char realm[200]; -char usrrealm[200]; char answer[300]; char hash[40]; int phase; @@ -542,11 +540,6 @@ _Bool proceed; *rmtpass=strdup("$1(ukn as digest_md5)"); challenge=(char *)0; -(void) memset(realm,'\000',sizeof(realm)); -(void) memset(usrrealm,'\000',sizeof(usrrealm)); -(void) strncpy(realm,REALM,sizeof(realm)-1); -if ((getenv("REALM"))!=(char *)0) - (void) strncpy(realm,getenv("REALM"),sizeof(realm)-1); resp=(RSPTYP *)0; (void) memset(answer,'\000',sizeof(answer)); (void) memset(hash,'\000',sizeof(hash)); @@ -558,7 +551,7 @@ while (proceed==true) { case 0 : //assign the reaml challeng break; case 1 : //Building the challenge sequence - if ((challenge=dig_getchallenge(realm))==(char *)0) { + if ((challenge=dig_getchallenge())==(char *)0) { (void) rou_alert(0,"%s Unable to get challenge sequence (Bug!)",OPEP); phase=999; } diff --git a/lib/unidig.c b/lib/unidig.c index aea7e8c..21084c7 100644 --- a/lib/unidig.c +++ b/lib/unidig.c @@ -353,7 +353,7 @@ return plain; /* challenge as an B64 string. */ /* */ /********************************************************/ -PUBLIC char *dig_getchallenge(char *realm) +PUBLIC char *dig_getchallenge() { #define OPEP "unidig.c:dig_getchallenge," @@ -376,7 +376,7 @@ for (int num=0;comp[num]!=(char *)0;num++) { (void) memset(loc,'\000',sizeof(loc)); switch (num) { case 0 : //realm - (void) snprintf(loc,sizeof(loc),comp[num],realm); + (void) snprintf(loc,sizeof(loc),comp[num],rou_getrealm()); break; case 1 : { //nonce char *nonce; diff --git a/lib/unidig.h b/lib/unidig.h index 1e48b4c..8b1856c 100644 --- a/lib/unidig.h +++ b/lib/unidig.h @@ -42,7 +42,7 @@ extern char *dig_cryptmd5(const void *key,unsigned char *seq); //Procedure to generate a DISGEST-MD5 challaneg as a //b64 string. -extern char *dig_getchallenge(char *realm); +extern char *dig_getchallenge(); //Procedure to compute local response to challenge and //check if the remote session is the same diff --git a/sql/datatest.sql b/sql/datatest.sql index ae8443e..b134272 100644 --- a/sql/datatest.sql +++ b/sql/datatest.sql @@ -5,24 +5,24 @@ DELETE FROM emails; //password is generated via command line: //openssl password -//present password is crypte 'mailleur' +//present password is crypted as a hash //adding a list of local email -INSERT INTO emails (email,password) \ +INSERT INTO emails (email,hash) \ values ('postmaster@example.com','postmaster'); -INSERT INTO emails (email,password) \ +INSERT INTO emails (email,hash) \ values ('webmaster@example.com','webmaster'); -INSERT INTO emails (email,password) \ +INSERT INTO emails (email,hash) \ values ('utf8-áö_üñ@example.com','utf8-áö_üñ'); //Set for Postgresql database -INSERT INTO emails (email,password) \ +INSERT INTO emails (email,hash) \ values ('user1@posdb.example.com','user1'); -INSERT INTO emails (email,password) \ +INSERT INTO emails (email,hash) \ values ('user2@posdb.example.com','user2'); //Set for MySQL database -INSERT INTO emails (email,password) \ +INSERT INTO emails (email,hash) \ values ('user1@mardb.example.com','user1'); -INSERT INTO emails (email,password) \ +INSERT INTO emails (email,hash) \ values ('user2@mardb.example.com','user2'); diff --git a/sql/mailleur.sql b/sql/mailleur.sql index 0541f63..abf1cb6 100644 --- a/sql/mailleur.sql +++ b/sql/mailleur.sql @@ -53,8 +53,6 @@ CREATE TABLE emails ( creation DBTIMESTAMP //record creation DFLT NOW(), email TEXTUNIQUE, //User email - password TEXT //User password - DFLT '!', hash TEXT, //'email:realm:password' MD5 space INTEGER //space used by user email DFLT 0, @@ -73,8 +71,7 @@ GRANT SELECT ON emails TO maildove; CREATE FUNCTION updpass() RETURNS trigger AS $$ BEGIN - NEW.hash = md5(concat (NEW.email,':',REALM,':',new.password)); - NEW.password = crypt(new.password, gen_salt('md5')); + NEW.hash = md5(concat (NEW.email,':',REALM,':',NEW.hash)); RETURN NEW; END $$ LANGUAGE 'plpgsql'; diff --git a/sql/trigger b/sql/trigger deleted file mode 100644 index 510872d..0000000 --- a/sql/trigger +++ /dev/null @@ -1,25 +0,0 @@ - -#To encrypt a field with md5 keys -select crypt( 'data', gen_salt('md5')); - - -DROP TRIGGER IF EXISTS cool - ON emails CASCADE; - -CREATE OR REPLACE FUNCTION updpass() - RETURNS trigger AS -$$ -BEGIN -NEW.hash = md5(concat (NEW.email,':',NEW.realm,':',new.password)); -NEW.password = crypt(new.password, gen_salt('md5')); -RETURN NEW; -END; - -$$ -LANGUAGE 'plpgsql'; - -CREATE TRIGGER cool - BEFORE INSERT OR UPDATE - ON emails - FOR EACH ROW - EXECUTE PROCEDURE updpass(); -- 2.47.3