Package: libpam-pgsql
Version: 0.7.3.1-4
Severity: normal
Tags: upstream patch
Dear Maintainer,
I tried to use libpam-pgsql to authenticate against the users created in a
PostgreSQL installation. My pam_pgsql.conf file looks like this:
database = postgres
table = pg_catalog.pg_shadow
user = postgres
password = passwordforpostgres
user_column = usename
pwd_column = passwd
pw_type = md5_postgres
Unfortunately this does not work because the password_encrypt function in
backend_pgsql.c does not create the correct password hashes for the password
type md5_postgres. The attached patch solved the problem for me.
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-0.bpo.2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-pgsql depends on:
ii libc6 2.13-38+deb7u3
ii libgcrypt11 1.5.0-5+deb7u1
ii libpam0g 1.1.3-7.1
ii libpq5 9.3.5-1.pgdg70+1
libpam-pgsql recommends no packages.
libpam-pgsql suggests no packages.
Index: backend_pgsql.c
===================================================================
--- backend_pgsql.c (revision 2)
+++ backend_pgsql.c (revision 3)
@@ -302,7 +302,8 @@
*/
unsigned char hash[16] = { 0, }; /* 16 is the md5 block size */
int i;
- s = (char *) malloc(33); /* 32 bytes + 1 byte for \0 */
+ s = (char *) malloc(36); /* 3 bytes for "md5" + 32 bytes for the hash + 1 byte for \0 */
+ strncpy(s, "md5", 3);
size_t unencoded_length;
char *unencoded;
@@ -313,7 +314,7 @@
gcry_md_hash_buffer(GCRY_MD_MD5, hash, unencoded, strlen(unencoded));
for(i = 0; i < sizeof(hash); i++)
- sprintf(&s[i * 2], "%.2x", hash[i]);
+ sprintf(&s[(i * 2) + 3], "%.2x", hash[i]);
free(unencoded);
