From 54a1b3574acab5f778843f7f1e04d2d26d61a852 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Mon, 9 Nov 2015 14:11:12 +0200
Subject: [PATCH] auth: Don't crash when trying to use CRYPT scheme when
 crypt() doesn't support DES

---
 src/auth/password-scheme-crypt.c | 16 ++++++++++++++++
 src/auth/password-scheme.c       | 14 --------------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/auth/password-scheme-crypt.c b/src/auth/password-scheme-crypt.c
index 4f492da5d4..5d0b53acee 100644
--- a/src/auth/password-scheme-crypt.c
+++ b/src/auth/password-scheme-crypt.c
@@ -23,6 +23,19 @@ void password_set_encryption_rounds(unsigned int rounds)
 	encryption_rounds = rounds;
 }
 
+static void
+crypt_generate_des(const char *plaintext, const char *user ATTR_UNUSED,
+		   const unsigned char **raw_password_r, size_t *size_r)
+{
+#define CRYPT_SALT_LEN 2
+	const char *password, *salt;
+
+	salt = password_generate_salt(CRYPT_SALT_LEN);
+	password = t_strdup(mycrypt(plaintext, salt));
+	*raw_password_r = (const unsigned char *)password;
+	*size_r = strlen(password);
+}
+
 static void
 crypt_generate_blowfisch(const char *plaintext, const char *user ATTR_UNUSED,
 			 const unsigned char **raw_password_r, size_t *size_r)
@@ -98,6 +111,7 @@ static const struct {
 	const char *salt;
 	const char *expected;
 } sample[] = {
+	{ "08/15!test~4711", "JB", "JBOZ0DgmtucwE" },
 	{ "08/15!test~4711", "$2a$04$0123456789abcdefABCDEF",
 	  "$2a$04$0123456789abcdefABCDE.N.drYX5yIAL1LkTaaZotW3yI0hQhZru" },
 	{ "08/15!test~4711", "$5$rounds=1000$0123456789abcdef",
@@ -110,6 +124,8 @@ static const struct {
 
 /* keep in sync with the sample struct above */
 static const struct password_scheme crypt_schemes[] = {
+	{ "CRYPT", PW_ENCODING_NONE, 0, crypt_verify,
+	  crypt_generate_des },
 	{ "BLF-CRYPT", PW_ENCODING_NONE, 0, crypt_verify,
 	  crypt_generate_blowfisch },
 	{ "SHA256-CRYPT", PW_ENCODING_NONE, 0, crypt_verify,
diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c
index 4a7dea2a6e..156836a65b 100644
--- a/src/auth/password-scheme.c
+++ b/src/auth/password-scheme.c
@@ -341,19 +341,6 @@ int crypt_verify(const char *plaintext, const char *user ATTR_UNUSED,
 	return strcmp(crypted, password) == 0 ? 1 : 0;
 }
 
-static void
-crypt_generate(const char *plaintext, const char *user ATTR_UNUSED,
-	       const unsigned char **raw_password_r, size_t *size_r)
-{
-#define	CRYPT_SALT_LEN 2
-	const char *password, *salt;
-
-	salt = password_generate_salt(CRYPT_SALT_LEN);
-	password = t_strdup(mycrypt(plaintext, salt));
-	*raw_password_r = (const unsigned char *)password;
-	*size_r = strlen(password);
-}
-
 static int
 md5_verify(const char *plaintext, const char *user,
 	   const unsigned char *raw_password, size_t size, const char **error_r)
@@ -803,7 +790,6 @@ rpa_generate(const char *plaintext, const char *user ATTR_UNUSED,
 }
 
 static const struct password_scheme builtin_schemes[] = {
-	{ "CRYPT", PW_ENCODING_NONE, 0, crypt_verify, crypt_generate },
 	{ "MD5", PW_ENCODING_NONE, 0, md5_verify, md5_crypt_generate },
 	{ "MD5-CRYPT", PW_ENCODING_NONE, 0,
 	  md5_crypt_verify, md5_crypt_generate },
-- 
2.47.3