git.sur5r.net Git - openldap/blob - libraries/liblutil/passwd.c

   1 /*
   2  * lutil_password(credentials, password)
   3  *
   4  * Returns true if user supplied credentials matches
   5  * the stored password.
   6  *
   7  * Due to the use of the crypt(3) function
   8  * this routine is NOT thread-safe.
   9  */
  10
  11 #include "portable.h"
  12
  13 #include <ac/string.h>
  14 #include <ac/unistd.h>
  15
  16 #include "lutil_md5.h"
  17 #include "lutil_sha1.h"
  18 #include "lutil.h"
  19
  20 /*
  21  */
  22
  23 int
  24 lutil_passwd(
  25         const char *cred,
  26         const char *passwd)
  27 {
  28
  29         if (cred == NULL || passwd == NULL) {
  30                 return 0;
  31         }
  32
  33         if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
  34                 const char *p = passwd + (sizeof("{CRYPT}") - 1);
  35
  36                 return( strcmp(p, crypt(cred, p)) != 0 );
  37
  38         } else if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
  39                 ldap_MD5_CTX MD5context;
  40                 unsigned char MD5digest[20];
  41                 char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
  42
  43                 const char *p = passwd + (sizeof("{MD5}") - 1);
  44
  45                 ldap_MD5Init(&MD5context);
  46                 ldap_MD5Update(&MD5context,
  47                         cred, strlen(cred));
  48                 ldap_MD5Final(MD5digest, &MD5context);
  49
  50                 if ( b64_ntop(MD5digest, sizeof(MD5digest),
  51                         base64digest, sizeof(base64digest)) < 0)
  52                 {
  53                         return ( 1 );
  54                 }
  55
  56                 return (strcmp(p, base64digest) != 0);
  57
  58         } else if (strncasecmp(passwd, "{SHA}",sizeof("{SHA}") - 1) == 0 ) {
  59                 ldap_SHA1_CTX SHA1context;
  60                 unsigned char SHA1digest[20];
  61                 char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
  62                 const char *p = passwd + (sizeof("{SHA}") - 1);
  63
  64                 ldap_SHA1Init(&SHA1context);
  65                 ldap_SHA1Update(&SHA1context,
  66                         (unsigned char *) cred, strlen(cred));
  67                 ldap_SHA1Final(SHA1digest, &SHA1context);
  68
  69                 if (b64_ntop(SHA1digest, sizeof(SHA1digest),
  70                         base64digest, sizeof(base64digest)) < 0)
  71                 {
  72                         return ( 0 );
  73                 }
  74
  75                 return( strcmp(p, base64digest) != 0 );
  76         }
  77
  78         return( strcmp(passwd, cred) != 0 );
  79 }