git.sur5r.net Git - openldap/blob - libraries/liblutil/passwd.c

   1 /*
   2  * lutil_password(credentials, password)
   3  *
   4  * Returns true if user supplied credentials matches
   5  * the stored password.
   6  *
   7  * Due to the use of the crypt(3) function
   8  * this routine is NOT thread-safe.
   9  */
  10
  11 #include "portable.h"
  12
  13 #include <ac/string.h>
  14 #include <ac/unistd.h>
  15
  16 #include "lutil_md5.h"
  17 #include "lutil_sha1.h"
  18 #include "lutil.h"
  19
  20 /*
  21  * Return 0 if creds are good.
  22  */
  23
  24 int
  25 lutil_passwd(
  26         const char *cred,
  27         const char *passwd)
  28 {
  29
  30         if (cred == NULL || passwd == NULL) {
  31                 return -1;
  32         }
  33
  34         if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
  35                 lutil_MD5_CTX MD5context;
  36                 unsigned char MD5digest[16];
  37                 char base64digest[25];  /* ceiling(sizeof(input)/3) * 4 + 1 */
  38
  39                 const char *p = passwd + (sizeof("{MD5}") - 1);
  40
  41                 lutil_MD5Init(&MD5context);
  42                 lutil_MD5Update(&MD5context,
  43                                (const unsigned char *)cred, strlen(cred));
  44                 lutil_MD5Final(MD5digest, &MD5context);
  45
  46                 if ( lutil_b64_ntop(MD5digest, sizeof(MD5digest),
  47                         base64digest, sizeof(base64digest)) < 0)
  48                 {
  49                         return ( 1 );
  50                 }
  51
  52                 return( strcmp(p, base64digest) );
  53
  54         } else if (strncasecmp(passwd, "{SHA}",sizeof("{SHA}") - 1) == 0 ) {
  55                 lutil_SHA1_CTX SHA1context;
  56                 unsigned char SHA1digest[20];
  57                 char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
  58                 const char *p = passwd + (sizeof("{SHA}") - 1);
  59
  60                 lutil_SHA1Init(&SHA1context);
  61                 lutil_SHA1Update(&SHA1context,
  62                                 (const unsigned char *) cred, strlen(cred));
  63                 lutil_SHA1Final(SHA1digest, &SHA1context);
  64
  65                 if (lutil_b64_ntop(SHA1digest, sizeof(SHA1digest),
  66                         base64digest, sizeof(base64digest)) < 0)
  67                 {
  68                         return ( 1 );
  69                 }
  70
  71                 return( strcmp(p, base64digest) );
  72
  73 #ifdef SLAPD_CRYPT
  74         } else if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
  75                 const char *p = passwd + (sizeof("{CRYPT}") - 1);
  76
  77                 return( strcmp(p, crypt(cred, p)) );
  78
  79 #endif
  80         }
  81
  82 #ifdef SLAPD_CLEARTEXT
  83         return( strcmp(passwd, cred) );
  84 #else
  85         return( 1 );
  86 #endif
  87
  88 }