diff --git a/ChangeLog b/ChangeLog index bde4bfba5..f593410b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2011-02-01 Ludovic Marcotte + + * SoObjects/SOGo/NSString+Utilities.h,m: Fixed + the salt for crypt-based encoding + 2011-02-01 Francis Lachapelle * UI/WebServerResources/scriptaculous/dragdrop.js (-updateDrag:): diff --git a/SoObjects/SOGo/NSString+Utilities.h b/SoObjects/SOGo/NSString+Utilities.h index c98dca260..42f92c022 100644 --- a/SoObjects/SOGo/NSString+Utilities.h +++ b/SoObjects/SOGo/NSString+Utilities.h @@ -68,7 +68,7 @@ - (id) objectFromJSONString; -- (NSString *) asCryptString; +- (NSString *) asCryptStringUsingSalt: (NSString *) theSalt; - (NSString *) asMD5String; - (NSString *) asSHA1String; diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m index 6856c11c0..aa05621d5 100644 --- a/SoObjects/SOGo/NSString+Utilities.m +++ b/SoObjects/SOGo/NSString+Utilities.m @@ -545,13 +545,13 @@ static NSMutableCharacterSet *safeLDIFStartChars = nil; return object; } -- (NSString *) asCryptString +- (NSString *) asCryptStringUsingSalt: (NSString *) theSalt { char *buf; // The salt is weak here, but who cares anyway, crypt should not // be used anymore - buf = (char *)crypt([self UTF8String], [self UTF8String]); + buf = (char *)crypt([self UTF8String], [theSalt UTF8String]); return [NSString stringWithUTF8String: buf]; } diff --git a/SoObjects/SOGo/SQLSource.m b/SoObjects/SOGo/SQLSource.m index cf6fa785a..b996b8d02 100644 --- a/SoObjects/SOGo/SQLSource.m +++ b/SoObjects/SOGo/SQLSource.m @@ -139,7 +139,7 @@ } else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"crypt"] == NSOrderedSame) { - return [[plainPassword asCryptString] isEqualToString: encryptedPassword]; + return [[plainPassword asCryptStringUsingSalt: encryptedPassword] isEqualToString: encryptedPassword]; } else if ([_userPasswordAlgorithm caseInsensitiveCompare: @"md5"] == NSOrderedSame) {