2 * lutil_password(credentials, password)
4 * Returns true if user supplied credentials matches
7 * Due to the use of the crypt(3) function
8 * this routine is NOT thread-safe.
13 #include <ac/string.h>
14 #include <ac/unistd.h>
16 #include "lutil_md5.h"
17 #include "lutil_sha1.h"
21 * Return 0 if creds are good.
30 if (cred == NULL || passwd == NULL) {
34 if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
35 lutil_MD5_CTX MD5context;
36 unsigned char MD5digest[16];
37 char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */
39 const char *p = passwd + (sizeof("{MD5}") - 1);
41 lutil_MD5Init(&MD5context);
42 lutil_MD5Update(&MD5context,
43 (const unsigned char *)cred, strlen(cred));
44 lutil_MD5Final(MD5digest, &MD5context);
46 if ( lutil_b64_ntop(MD5digest, sizeof(MD5digest),
47 base64digest, sizeof(base64digest)) < 0)
52 return( strcmp(p, base64digest) );
54 } else if (strncasecmp(passwd, "{SHA}",sizeof("{SHA}") - 1) == 0 ) {
55 lutil_SHA1_CTX SHA1context;
56 unsigned char SHA1digest[20];
57 char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
58 const char *p = passwd + (sizeof("{SHA}") - 1);
60 lutil_SHA1Init(&SHA1context);
61 lutil_SHA1Update(&SHA1context,
62 (const unsigned char *) cred, strlen(cred));
63 lutil_SHA1Final(SHA1digest, &SHA1context);
65 if (lutil_b64_ntop(SHA1digest, sizeof(SHA1digest),
66 base64digest, sizeof(base64digest)) < 0)
71 return( strcmp(p, base64digest) );
74 } else if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
75 const char *p = passwd + (sizeof("{CRYPT}") - 1);
77 return( strcmp(p, crypt(cred, p)) );
82 #ifdef SLAPD_CLEARTEXT
83 return( strcmp(passwd, cred) );