Bug 181442 - dovecot does not recognise 'SHA' digests when authenticating
dovecot does not recognise 'SHA' digests when authenticating
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: dovecot (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Rockai
:
Depends On:
Blocks: 181409 181448
  Show dependency treegraph
 
Reported: 2006-02-14 00:20 EST by Matthew Sage
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2006-0439
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-10 17:37:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Sage 2006-02-14 00:20:55 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc3 Firefox/1.0.7

Description of problem:
When authenticating against some LDAP directories, the directories send back the userPassword attribute in a SHA1 digest but reports that the digest is 'SHA'.  Dovecot does not deal with this.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Setup dovecot to authenticate against an LDAP directory that uses a 'SHA' digest.


Actual Results:  The logs report...

Feb  7 14:30:29 servern dovecot-auth: ldap(acct_name): Unknown password scheme SHA


Expected Results:  dovecot should recognise SHA as being SHA1

Additional info:

I propose the following patch to fix the problem:

diff -cr dovecot-0.99.11/src/auth/password-scheme.c dovecot-0.99.11-working/src/auth/password-scheme.c
*** dovecot-0.99.11/src/auth/password-scheme.c  2004-07-31 09:54:06.000000000 +1000
--- dovecot-0.99.11-working/src/auth/password-scheme.c  2006-02-08 08:57:07.630970000 +1100
***************
*** 48,54 ****
                return strcasecmp(str, password) == 0;
        }
  #ifdef HAVE_OPENSSL_SHA1
!       if (strcasecmp(scheme, "SHA1") == 0) {
                unsigned char sha1_digest[SHA_DIGEST_LENGTH];
                string_t *str;

--- 48,54 ----
                return strcasecmp(str, password) == 0;
        }
  #ifdef HAVE_OPENSSL_SHA1
!       if ((strcasecmp(scheme, "SHA1") == 0) || (strcasecmp(scheme, "SHA") == 0)) {
                unsigned char sha1_digest[SHA_DIGEST_LENGTH];
                string_t *str;

This deals with 'SHA' hashes in a way consistent with the more recent releases of dovecot.
Comment 8 Red Hat Bugzilla 2006-08-10 17:37:16 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0439.html

Note You need to log in before you can comment on or make changes to this bug.