2 * lutil_password(credentials, password)
4 * Returns true if user supplied credentials matches
7 * Due to the use of the crypt(3) function
8 * this routine is NOT thread-safe.
13 #include <ac/stdlib.h>
15 #include <ac/string.h>
16 #include <ac/unistd.h>
18 #include "lutil_md5.h"
19 #include "lutil_sha1.h"
23 * Return 0 if creds are good.
32 if (cred == NULL || passwd == NULL) {
36 if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
37 lutil_MD5_CTX MD5context;
38 unsigned char MD5digest[16];
39 char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */
41 const char *p = passwd + (sizeof("{MD5}") - 1);
43 lutil_MD5Init(&MD5context);
44 lutil_MD5Update(&MD5context,
45 (const unsigned char *)cred, strlen(cred));
46 lutil_MD5Final(MD5digest, &MD5context);
48 if ( lutil_b64_ntop(MD5digest, sizeof(MD5digest),
49 base64digest, sizeof(base64digest)) < 0)
54 return( strcmp(p, base64digest) );
56 } else if (strncasecmp(passwd, "{SHA}",sizeof("{SHA}") - 1) == 0 ) {
57 lutil_SHA1_CTX SHA1context;
58 unsigned char SHA1digest[20];
59 char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
60 const char *p = passwd + (sizeof("{SHA}") - 1);
62 lutil_SHA1Init(&SHA1context);
63 lutil_SHA1Update(&SHA1context,
64 (const unsigned char *) cred, strlen(cred));
65 lutil_SHA1Final(SHA1digest, &SHA1context);
67 if (lutil_b64_ntop(SHA1digest, sizeof(SHA1digest),
68 base64digest, sizeof(base64digest)) < 0)
73 return( strcmp(p, base64digest) );
75 } else if (strncasecmp(passwd, "{SSHA}", sizeof("{SSHA}") - 1) == 0) {
76 lutil_SHA1_CTX SHA1context;
77 unsigned char SHA1digest[20];
78 const char *p = passwd + (sizeof("{SSHA}") - 1);
79 int pw_len = strlen(p);
81 unsigned char *orig_pass = NULL;
83 /* base64 un-encode password */
84 orig_pass = (unsigned char *)malloc((size_t)(pw_len * 0.75 + 1));
85 if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
91 /* hash credentials with salt */
92 lutil_SHA1Init(&SHA1context);
93 lutil_SHA1Update(&SHA1context,
94 (const unsigned char *) cred, strlen(cred));
95 lutil_SHA1Update(&SHA1context,
96 (const unsigned char *) orig_pass + sizeof(SHA1digest),
97 rc - sizeof(SHA1digest));
98 lutil_SHA1Final(SHA1digest, &SHA1context);
101 rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
105 } else if (strncasecmp(passwd, "{SMD5}", sizeof("{SMD5}") - 1) == 0) {
106 lutil_MD5_CTX MD5context;
107 unsigned char MD5digest[16];
108 const char *p = passwd + (sizeof("{SMD5}") - 1);
109 int pw_len = strlen(p);
111 unsigned char *orig_pass = NULL;
113 /* base64 un-encode password */
114 orig_pass = (unsigned char *)malloc((size_t)(pw_len * 0.75 + 1));
115 if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
121 /* hash credentials with salt */
122 lutil_MD5Init(&MD5context);
123 lutil_MD5Update(&MD5context,
124 (const unsigned char *) cred, strlen(cred));
125 lutil_MD5Update(&MD5context,
126 (const unsigned char *) orig_pass + sizeof(MD5digest),
127 rc - sizeof(MD5digest));
128 lutil_MD5Final(MD5digest, &MD5context);
131 rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
136 } else if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
137 const char *p = passwd + (sizeof("{CRYPT}") - 1);
139 return( strcmp(p, crypt(cred, p)) );
144 #ifdef SLAPD_CLEARTEXT
145 return( strcmp(passwd, cred) );