From f4b4428b9487e0eb841fcebc4959f650a974da45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9ophile=20Bastian?= <contact@tobast.fr>
Date: Thu, 9 Apr 2020 18:57:33 +0200
Subject: [PATCH] Fix CRYPT-DES hash method for LDAP

The LDAP-formatted passwords using
[Crypt encoding](https://en.wikipedia.org/wiki/Crypt_(C))
can be hashed in many ways, inlcuding the old and deprecated DES and
BSDi methods.

The usual formatting for Crypt method consists in
  $method$salt$pass_hash
but those two deprecated methods are not encoded this way, and
`get_salt` would fail on those, yielding Error 500.
---
 cas_server/utils.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cas_server/utils.py b/cas_server/utils.py
index 190c290..9f8a5af 100644
--- a/cas_server/utils.py
+++ b/cas_server/utils.py
@@ -593,7 +593,9 @@ class LdapHashUserPassword(object):
         if scheme in cls.schemes_nosalt:
             return b""
         elif scheme == b'{CRYPT}':
-            return b'$'.join(hashed_passord.split(b'$', 3)[:-1])[len(scheme):]
+            if b'$' in hashed_passord:
+                return b'$'.join(hashed_passord.split(b'$', 3)[:-1])[len(scheme):]
+            return hashed_passord.split(b'}', 1)[-1]
         else:
             try:
                 hashed_passord = base64.b64decode(hashed_passord[len(scheme):])