This is a discussion on [Proftpd-user] mod_sql and unusual passwords - proftpd ; I'm looking for advice on how to best tackle this problem. We have a mysql database whose passwords are MD5-hased and hex encoded. This is the format used by mysql's md5() SQL function. We can't change the password format because ...
I'm looking for advice on how to best tackle this problem.
We have a mysql database whose passwords are MD5-hased and hex
encoded. This is the format used by mysql's md5() SQL function.
We can't change the password format because it is in use by several
other programs as well.
We are trying to integrate this with mod_sql and mod_sql_mysql, but
can't find a way to have the entered password hashed to this value
to test it, or to come up with any other solution to integrate with
ProFTPD. Here are our thoughts, and we would appreciate any thoughts
about how to implement these or any better solutions:
(1) We see that mod_sql_mysql calls make_scrambled_password from the
mysql library. Our first thought was to have it call the C function
that mysql uses to implement md5(), but we can't find it exposed in
the mysql headers.
(2) We considered a custom query which would take the password as a
parameter and call md5() on the server side as part of the when
clause. This would return values for everything if it matched, and
nothing if it didn't. But there does not appear to be a meta sequence
that can be used to substitute the password - the closest thing would
be %r, and it has code to specifically (and wisely, for the most part)
not reveal the password. We considered adding it, but aren't familiar
enough with the code to figure out where to safely do so.
(3) From there, we have more nebulous thoughts about finding a
function which can convert the hex encoding into Base64 and letting
OpenSSL handle it, but that seems like a lot more tampering in the
code than we were hoping for, and we dont' have the C functions handy
to do these.
Any input appreciated, and thank you.
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
ProFTPD Users List