[JDEV] small mod to jabber's source
Robert Norris
rob at nauseum.org
Thu Nov 8 19:24:35 CST 2001
> What I plan to do is insert some code that will allow my users to
> log in using plain text passwords. To do this, I have to find exactly
> where jabber is storing the password after the user's client passes it
> to the server. I then need to make sure jabber encrypts the password
> before it compares it to the one pulled from the database. I have the
> code I need to encrypt the password, I just don't know where it is
> being stored. That's where one of you guys comes in. Does anyone
> happen to know the best place to insert this code?
The best place to do this is in jsm/modules/mod_auth_plain.c. At line 58
the following code appears:
if(strcmp(passA, passB) != 0)
jutil_error(m->packet->x, TERROR_AUTH);
else
jutil_iqresult(m->packet->x);
passA is the password the user entered at logon, passB is the stored
password. So all you need to do is encrypt passA using your encryption
code, and then compare with passB.
Regards,
Rob.
--
Robert Norris <rob at nauseum.org>
1024D/FC18E6C2 6FBF 098A A3F2 A728 490F 7743 59BD 7767 FC18 E6C2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20011109/aaddeff6/attachment-0002.pgp>
More information about the JDev
mailing list