password schemes when crypt() has no DES

[Stuart Henderson]

https://github.com/dovecot/core/commit/54a1b3574acab5f778843f7f1e04d2d26d61a852
fixed a 'doveadm pw' crash "when trying to use CRYPT scheme when crypt() doesn't
support DES" by testing to see if crypt would generate a DES password and, if
not, disabling the scheme.

I'm using Dovecot on OpenBSD with bcrypt passwords stored in LDAP as
"{CRYPT}$2b$...". OpenLDAP is built with --enable-crypt which takes the
same approach as Dovecot of just passing to crypt(), so before the above
commit, both programs were able to authenticate.

(Changing the scheme value stored in the ldap passdb to BLF-CRYPT would
fix Dovecot but break things for other programs including OpenLDAP itself).

For now I went with a dirty patch to get things working again, does
anyone have an idea for a nicer fix?  Thanks.


--- src/auth/password-scheme-crypt.c.orig	Fri Jan  8 01:04:13 2016
+++ src/auth/password-scheme-crypt.c	Fri Jan  8 01:23:35 2016
@@ -111,7 +111,12 @@ static const struct {
 	const char *salt;
 	const char *expected;
 } sample[] = {
+#ifdef __OpenBSD__
+	{ "08/15!test~4711", "$2a$04$0123456789abcdefABCDEF",
+	  "$2a$04$0123456789abcdefABCDE.N.drYX5yIAL1LkTaaZotW3yI0hQhZru" },
+#else
 	{ "08/15!test~4711", "JB", "JBOZ0DgmtucwE" },
+#endif
 	{ "08/15!test~4711", "$2a$04$0123456789abcdefABCDEF",
 	  "$2a$04$0123456789abcdefABCDE.N.drYX5yIAL1LkTaaZotW3yI0hQhZru" },
 	{ "08/15!test~4711", "$5$rounds=1000$0123456789abcdef",
@@ -124,8 +129,13 @@ static const struct {
 
 /* keep in sync with the sample struct above */
 static const struct password_scheme crypt_schemes[] = {
+#ifdef __OpenBSD__
 	{ "CRYPT", PW_ENCODING_NONE, 0, crypt_verify,
+	  crypt_generate_blowfisch },
+#else
+	{ "CRYPT", PW_ENCODING_NONE, 0, crypt_verify,
 	  crypt_generate_des },
+#endif
 	{ "BLF-CRYPT", PW_ENCODING_NONE, 0, crypt_verify,
 	  crypt_generate_blowfisch },
 	{ "SHA256-CRYPT", PW_ENCODING_NONE, 0, crypt_verify,