/etc/sasldb export
Benjamin Schmidt
schmidi2 at directbox.com
Thu Jun 28 09:11:11 EDT 2007
Thanks for your answers.
The tools of db4-utils didn't work for me. eg:
$ db4.5_dump -d a sasldb
[042] 3006 len: 21 data: blabla00uranus00CRAM-MD...
[043] 2973 len: 32 data:
k~0xc10xfb0x150x1b0xde0xe5o/l0x96K0x880xd20x110xb11P0xa8...
The strings-command didn't work either.
$ strings /etc/sasldb
Extracting the usernames, realm and mech is possible. Password not.
It seems that the passwords are encrypted/hashed in some way.
Copied some source-code from "cyrus-sasl-1.5.27" file "checkpw.c"
---
/* we store the following secret to check plaintext passwords:
*
* <salt> \0 <secret>
*
* where <secret> = MD5(<salt>, "sasldb", <pass>)
*/
static int _sasl_make_plain_secret(const char *salt,
const char *passwd, int passlen,
sasl_secret_t **secret)
{
MD5_CTX ctx;
unsigned sec_len = 16 + 1 + 16; /* salt + "\0" + hash */
*secret = (sasl_secret_t *) sasl_ALLOC(sizeof(sasl_secret_t) +
sec_len * sizeof(char));
if (*secret == NULL) {
return SASL_NOMEM;
}
MD5Init(&ctx);
MD5Update(&ctx, salt, 16);
MD5Update(&ctx, "sasldb", 6);
MD5Update(&ctx, passwd, passlen);
memcpy((*secret)->data, salt, 16);
memcpy((*secret)->data + 16, "\0", 1);
MD5Final((*secret)->data + 17, &ctx);
(*secret)->len = sec_len;
return SASL_OK;
}
---
=MD5
Means, it's impossible to export the passwords as cleartext!
So I must find a way of using these md5-hashed passwords or distribute
new passwords.
Thanks for your help,
Benjamin Schmidt
Scott M. Likens wrote:
> You should be able to run strings on it.
>
> (e.g.) strings /etc/sasldb
>
> There is no encryption in place, so you just need to gather the
> plaintext usernames and passwords, and then INSERT them into mysql and
> you're golden :)
>
> Scott
>
> On Wed, 06 Jun 2007 11:23:21
> "Benjamin Schmidt" <schmidi2 at directbox.com> wrote:
>
>> Hello
>>
>> I like to import all old sasl user with passwords to a new system.
>>
>> Current storage: /etc/sasldb (Berkeley DB (Hash, version 7, native
>> byte-order))
>>
>> New storage: mysql table
>>
>> Does anyone known an existing tool of exporting all sasl users with
>> password from the berkeley db? Google didn't reponse my useable
>> results.
>>
>> Is it impossible to export the passwords (are they hash-encrypted)?
>>
>> Thanks in advance,
>> Benjamin Schmidt
>>
>>
>>
>> !DSPAM:4666b44973451110213369!
>>
>>
>
>
More information about the Cyrus-sasl
mailing list