Merge remote branch 'origin/mdb.master' into OPENLDAP_REL_ENG_2_4

[openldap] / contrib / slapd-modules / passwd / apr1.c

diff --git a/contrib/slapd-modules/passwd/apr1.c b/contrib/slapd-modules/passwd/apr1.c
index f6697368122ccea72429742b9cd509a0b190518a..ce7b8c76322f4cccff24ab225d1fb2a7b42af52f 100644 (file)
--- a/contrib/slapd-modules/passwd/apr1.c
+++ b/contrib/slapd-modules/passwd/apr1.c
@@ -1,3 +1,4 @@
+/* $OpenLDAP$ */\r
 /*\r
  * This file is derived from OpenLDAP Software. All of the modifications to\r
  * OpenLDAP Software represented in the following file were developed by\r
@@ -8,12 +9,14 @@
  * notice:\r
  *\r
  * Copyright 2011 Devin J. Pohly\r
+ * Portions Copyright 2011 Howard Chu\r
  * Redistribution and use in source and binary forms, with or without\r
  * modification, are permitted only as authorized by the OpenLDAP Public\r
  * License. \r
  *\r
  * A portion of this code is used in accordance with the Beer-ware License,\r
  * revision 42, as noted.\r
+ *\r
  */\r
 #include <lber.h>\r
 #include <lber_pvt.h>\r
@@ -23,9 +26,16 @@
 \r
 #include <assert.h>\r
 \r
+/* the only difference between this and straight PHK is the magic */\r
 static LUTIL_PASSWD_CHK_FUNC chk_apr1;\r
 static LUTIL_PASSWD_HASH_FUNC hash_apr1;\r
-static const struct berval scheme = BER_BVC("{APR1}");\r
+static const struct berval scheme_apr1 = BER_BVC("{APR1}");\r
+static const struct berval magic_apr1 = BER_BVC("$apr1$");\r
+\r
+static LUTIL_PASSWD_CHK_FUNC chk_bsdmd5;\r
+static LUTIL_PASSWD_HASH_FUNC hash_bsdmd5;\r
+static const struct berval scheme_bsdmd5 = BER_BVC("{BSDMD5}");\r
+static const struct berval magic_bsdmd5 = BER_BVC("$1$");\r
 \r
 static const unsigned char apr64[] =\r
        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";\r
@@ -41,9 +51,10 @@ static const unsigned char apr64[] =
  * this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp\r
  * ----------------------------------------------------------------------------\r
  */\r
-static void do_apr_hash(\r
+static void do_phk_hash(\r
        const struct berval *passwd,\r
        const struct berval *salt,\r
+       const struct berval *magic,\r
        unsigned char *digest)\r
 {\r
        lutil_MD5_CTX ctx, ctx1;\r
@@ -52,7 +63,7 @@ static void do_apr_hash(
        /* Start hashing */\r
        lutil_MD5Init(&ctx);\r
        lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
-       lutil_MD5Update(&ctx, "$apr1$", 6);\r
+       lutil_MD5Update(&ctx, (const unsigned char *) magic->bv_val, magic->bv_len);\r
        lutil_MD5Update(&ctx, (const unsigned char *) salt->bv_val, salt->bv_len);\r
        /* Inner hash */\r
        lutil_MD5Init(&ctx1);\r
@@ -100,8 +111,8 @@ static void do_apr_hash(
        }\r
 }\r
 \r
-static int chk_apr1(\r
-       const struct berval *scheme,\r
+static int chk_phk(\r
+       const struct berval *magic,\r
        const struct berval *passwd,\r
        const struct berval *cred,\r
        const char **text)\r
@@ -132,8 +143,7 @@ static int chk_apr1(
        salt.bv_val = (char *) &orig_pass[sizeof(digest)];\r
        salt.bv_len = rc - sizeof(digest);\r
 \r
-       /* the only difference between this and straight PHK is the magic */\r
-       do_apr_hash(cred, &salt, digest);\r
+       do_phk_hash(cred, magic, &salt, digest);\r
 \r
        if (text)\r
                *text = NULL;\r
@@ -144,9 +154,28 @@ static int chk_apr1(
        return rc ?  LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;\r
 }\r
 \r
-static int hash_apr1(\r
+static int chk_apr1(\r
+       const struct berval *scheme,\r
+       const struct berval *passwd,\r
+       const struct berval *cred,\r
+       const char **text)\r
+{\r
+       return chk_phk(&magic_apr1, passwd, cred, text);\r
+}\r
+\r
+static int chk_bsdmd5(\r
        const struct berval *scheme,\r
        const struct berval *passwd,\r
+       const struct berval *cred,\r
+       const char **text)\r
+{\r
+       return chk_phk(&magic_bsdmd5, passwd, cred, text);\r
+}\r
+\r
+static int hash_phk(\r
+       const struct berval *scheme,\r
+       const struct berval *magic,\r
+       const struct berval *passwd,\r
        struct berval *hash,\r
        const char **text)\r
 {\r
@@ -168,8 +197,7 @@ static int hash_apr1(
        for (n = 0; n < salt.bv_len; n++)\r
                salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];\r
 \r
-       /* the only difference between this and straight PHK is the magic */\r
-       do_apr_hash(passwd, &salt, digest_buf);\r
+       do_phk_hash(passwd, magic, &salt, digest_buf);\r
 \r
        if (text)\r
                *text = NULL;\r
@@ -177,6 +205,29 @@ static int hash_apr1(
        return lutil_passwd_string64(scheme, &digest, hash, &salt);\r
 }\r
 \r
+static int hash_apr1(\r
+       const struct berval *scheme,\r
+       const struct berval *passwd,\r
+       struct berval *hash,\r
+       const char **text)\r
+{\r
+       return hash_phk(scheme, &magic_apr1, passwd, hash, text);\r
+}\r
+\r
+static int hash_bsdmd5(\r
+       const struct berval *scheme,\r
+       const struct berval *passwd,\r
+       struct berval *hash,\r
+       const char **text)\r
+{\r
+       return hash_phk(scheme, &magic_bsdmd5, passwd, hash, text);\r
+}\r
+\r
 int init_module(int argc, char *argv[]) {\r
-       return lutil_passwd_add((struct berval *) &scheme, chk_apr1, hash_apr1);\r
+       int rc;\r
+       rc = lutil_passwd_add((struct berval *) &scheme_apr1, chk_apr1, hash_apr1);\r
+       if ( !rc )\r
+               rc = lutil_passwd_add((struct berval *) &scheme_bsdmd5,\r
+                       chk_bsdmd5, hash_bsdmd5);\r
+       return rc;\r
 }\r