$OpenBSD: patch-lib_checkpw_c,v 1.1 2004/07/09 15:07:07 kevlo Exp $
--- lib/checkpw.c.orig	Wed Jan  7 16:35:08 2004
+++ lib/checkpw.c	Fri Jul  9 16:30:17 2004
@@ -143,7 +143,11 @@ static int auxprop_verify_password(sasl_
 				       "*cmusaslsecretPLAIN",
 				       NULL };
     struct propval auxprop_values[3];
-    
+
+    /* added lopaka */
+    char *salt = malloc(13);
+    char *crypt_passwd = NULL;
+
     if (!conn || !userstr)
 	return SASL_BADPARAM;
 
@@ -180,12 +184,26 @@ static int auxprop_verify_password(sasl_
 	goto done;
     }
 
+    /* 20030213 lopaka */
+    /* encrypt the passwd and then compare it with the encrypted passwd */
+    if(strlen(auxprop_values[0].values[0]) > 13)
+    {
+        /* MD5 */
+        strlcpy(salt,auxprop_values[0].values[0],13);
+    }
+    else
+    {
+        /* DES */
+        strlcpy(salt,auxprop_values[0].values[0],3);
+    }
+    crypt_passwd = crypt(passwd,salt);
+
     /* At the point this has been called, the username has been canonified
      * and we've done the auxprop lookup.  This should be easy. */
     if(auxprop_values[0].name
        && auxprop_values[0].values
        && auxprop_values[0].values[0]
-       && !strcmp(auxprop_values[0].values[0], passwd)) {
+       && !strcmp(auxprop_values[0].values[0], crypt_passwd)) {  
 	/* We have a plaintext version and it matched! */
 	return SASL_OK;
     } else if(auxprop_values[1].name
