Initial framework for LDAP-style password hashes.

* pam_sql/pam_mysql.c, pam_sql/pam_pgsql.c: Call
gray_check_ldap_pass if configuration variable allow-ldap-pass is
set.
* lib/graypam.h (gray_base64_decode, gray_check_ldap_pass): New
prototypes.
* lib/Makefile.am (libgraypam_la_SOURCES): Add new files.
* lib/sha1.h, lib/base64.c, lib/md5.c, lib/ldappass.c, lib/md5.h,
lib/sha1.c: New files.


git-svn-id: file:///svnroot/pam-modules/trunk@77 56984be4-0537-0410-a56c-fcb268c96130

2 files changed, 8 insertions, 2 deletions

diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c
index 5d5c16a..5bf7306 100644
--- a/pam_sql/pam_mysql.c
+++ b/pam_sql/pam_mysql.c
@@ -323,6 +323,9 @@ check_query_result(MYSQL *mysql, const char *pass)
 		    && check_boolean_config ("allow-md5-pass", 1))
 			rc = check_md5_pass (row[0], pass);
 		if (rc != PAM_SUCCESS
+		    && check_boolean_config ("allow-ldap-pass", 1))
+			rc = gray_check_ldap_pass (row[0], pass);
+		if (rc != PAM_SUCCESS
 		    && check_boolean_config ("allow-plaintext-pass", 0)) {
 			if (strcmp (row[0], pass) == 0)
 				rc = PAM_SUCCESS;
diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c
index 5f1b83b..a6adb8b 100644
--- a/pam_sql/pam_pgsql.c
+++ b/pam_sql/pam_pgsql.c
@@ -200,8 +200,11 @@ verify_user_pass(const char *username, const char *password)
 		
 		if (strcmp(p, crypt(password, p)) == 0)
 			rc = PAM_SUCCESS;
-		else if (rc != PAM_SUCCESS
-			 && check_boolean_config ("allow-plaintext-pass", 0)) {
+		if (rc != PAM_SUCCESS
+		    && check_boolean_config ("allow-ldap-pass", 1))
+			rc = gray_check_ldap_pass (p, password);
+		if (rc != PAM_SUCCESS
+		    && check_boolean_config ("allow-plaintext-pass", 0)) {
 			if (strcmp (p, pass) == 0)
 				rc = PAM_SUCCESS;
 		} else