Rework counter code in fallback.

[openldap] / libraries / liblutil / passwd.c

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index cbe5e6fb132dd3ebc8a29058d2068e6f926adc09..4960add60d74dfb82b963cb1e7d9355256a0eca8 100644 (file)
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -1,3 +1,8 @@
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
 /*
  * lutil_password(credentials, password)
  *
@@ -14,6 +19,7 @@
 
 #include <ac/string.h>
 #include <ac/unistd.h>
+#include <ac/crypt.h>
 
 #include "lutil_md5.h"
 #include "lutil_sha1.h"
@@ -26,18 +32,18 @@
 #      include <pwd.h>
 #endif
 
-static int supported_hash(
-       const char* method,
-       const char** methods )
+static int is_allowed_scheme(
+       const char* scheme,
+       const char** schemes )
 {
        int i;
 
-       if(methods == NULL) {
+       if(schemes == NULL) {
                return 1;
        }
 
-       for(i=0; methods[i] != NULL; i++) {
-               if(strcasecmp(method, methods[i]) == 0) {
+       for(i=0; schemes[i] != NULL; i++) {
+               if(strcasecmp(scheme, schemes[i]) == 0) {
                        return 1;
                }
        }
@@ -45,20 +51,40 @@ static int supported_hash(
        return 0;
 }
 
-static const char *passwd_hash(
+const char *lutil_passwd_schemes[] = {
+#ifdef SLAPD_CRYPT
+       "{CRYPT}",
+#endif
+       "{MD5}", "{SMD5}",
+       "{SHA}", "{SSHA}",
+# if defined( HAVE_GETSPNAM ) \
+  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+       "{UNIX}",
+#endif
+#ifdef SLAPD_CLEARTEXT
+       "{CLEARTEXT}",          /* psuedo scheme */
+#endif
+       NULL,
+};
+
+int lutil_passwd_scheme( char *scheme ) {
+       return is_allowed_scheme( scheme, lutil_passwd_schemes );
+}
+
+static const char *passwd_scheme(
        const char* passwd,
-       const char* method,
-       const char** methods )
+       const char* scheme,
+       const char** schemes )
 {
        int len;
 
-       if( !supported_hash( method, methods ) ) {
+       if( !is_allowed_scheme( scheme, schemes ) ) {
                return NULL;
        }
 
-       len = strlen(method);
+       len = strlen(scheme);
 
-       if( strncasecmp( passwd, method, len ) == 0 ) {
+       if( strncasecmp( passwd, scheme, len ) == 0 ) {
                return &passwd[len];
        }
 
@@ -72,7 +98,7 @@ int
 lutil_passwd(
        const char *cred,
        const char *passwd,
-       const char **methods)
+       const char **schemes)
 {
        const char *p;
 
@@ -80,10 +106,10 @@ lutil_passwd(
                return -1;
        }
 
-       if ((p = passwd_hash( passwd, "{MD5}", methods )) != NULL ) {
+       if ((p = passwd_scheme( passwd, "{MD5}", schemes )) != NULL ) {
                lutil_MD5_CTX MD5context;
                unsigned char MD5digest[16];
-               char base64digest[25];  /* ceiling(sizeof(input)/3) * 4 + 1 */
+               char base64digest[LUTIL_BASE64_ENCODE_LEN(16)]; 
 
                lutil_MD5Init(&MD5context);
                lutil_MD5Update(&MD5context,
@@ -98,10 +124,10 @@ lutil_passwd(
 
                return( strcmp(p, base64digest) );
 
-       } else if ((p = passwd_hash( passwd, "{SHA}", methods )) != NULL ) {
+       } else if ((p = passwd_scheme( passwd, "{SHA}", schemes )) != NULL ) {
                lutil_SHA1_CTX SHA1context;
                unsigned char SHA1digest[20];
-               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
+               char base64digest[LUTIL_BASE64_ENCODE_LEN(20)]; 
 
                lutil_SHA1Init(&SHA1context);
                lutil_SHA1Update(&SHA1context,
@@ -116,7 +142,7 @@ lutil_passwd(
 
                return( strcmp(p, base64digest) );
 
-       } else if ((p = passwd_hash( passwd, "{SSHA}", methods )) != NULL ) {
+       } else if ((p = passwd_scheme( passwd, "{SSHA}", schemes )) != NULL ) {
                lutil_SHA1_CTX SHA1context;
                unsigned char SHA1digest[20];
                int pw_len = strlen(p);
@@ -124,7 +150,8 @@ lutil_passwd(
                unsigned char *orig_pass = NULL;
  
                /* base64 un-encode password */
-               orig_pass = (unsigned char *)malloc((size_t)(pw_len * 0.75 + 1));
+               orig_pass = (unsigned char *) malloc( (size_t) (
+                       LUTIL_BASE64_DECODE_LEN(pw_len) + 1) );
                if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
                {
                        free(orig_pass);
@@ -145,7 +172,7 @@ lutil_passwd(
                free(orig_pass);
                return(rc);
 
-       } else if ((p = passwd_hash( passwd, "{SMD5}", methods )) != NULL ) {
+       } else if ((p = passwd_scheme( passwd, "{SMD5}", schemes )) != NULL ) {
                lutil_MD5_CTX MD5context;
                unsigned char MD5digest[16];
                int pw_len = strlen(p);
@@ -153,7 +180,8 @@ lutil_passwd(
                unsigned char *orig_pass = NULL;
 
                /* base64 un-encode password */
-               orig_pass = (unsigned char *)malloc((size_t)(pw_len * 0.75 + 1));
+               orig_pass = (unsigned char *) malloc( (size_t) (
+                       LUTIL_BASE64_DECODE_LEN(pw_len) + 1) );
                if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
                {
                        free(orig_pass);
@@ -175,12 +203,12 @@ lutil_passwd(
                return ( rc );
 
 #ifdef SLAPD_CRYPT
-       } else if ((p = passwd_hash( passwd, "{CRYPT}", methods )) != NULL ) {
+       } else if ((p = passwd_scheme( passwd, "{CRYPT}", schemes )) != NULL ) {
                return( strcmp(p, crypt(cred, p)) );
 
 # if defined( HAVE_GETSPNAM ) \
   || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
-       } else if ((p = passwd_hash( passwd, "{UNIX}", methods )) != NULL ) {
+       } else if ((p = passwd_scheme( passwd, "{UNIX}", schemes )) != NULL ) {
 
 #  ifdef HAVE_GETSPNAM
                struct spwd *spwd = getspnam(p);
@@ -204,7 +232,7 @@ lutil_passwd(
        }
 
 #ifdef SLAPD_CLEARTEXT
-       return supported_hash("{CLEARTEXT}", methods ) &&
+       return is_allowed_scheme("{CLEARTEXT}", schemes ) &&
                strcmp(passwd, cred) != 0;
 #else
        return( 1 );