+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
/*
* lutil_password(credentials, password)
*
#include <ac/string.h>
#include <ac/unistd.h>
+#include <ac/crypt.h>
#include "lutil_md5.h"
#include "lutil_sha1.h"
# include <pwd.h>
#endif
-static int supported_hash(
- const char* method,
- const char** methods )
+static int is_allowed_scheme(
+ const char* scheme,
+ const char** schemes )
{
int i;
- if(methods == NULL) {
+ if(schemes == NULL) {
return 1;
}
- for(i=0; methods[i] != NULL; i++) {
- if(strcasecmp(method, methods[i]) == 0) {
+ for(i=0; schemes[i] != NULL; i++) {
+ if(strcasecmp(scheme, schemes[i]) == 0) {
return 1;
}
}
return 0;
}
-static const char *passwd_hash(
+const char *lutil_passwd_schemes[] = {
+#ifdef SLAPD_CRYPT
+ "{CRYPT}",
+#endif
+ "{MD5}", "{SMD5}",
+ "{SHA}", "{SSHA}",
+# if defined( HAVE_GETSPNAM ) \
+ || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+ "{UNIX}",
+#endif
+#ifdef SLAPD_CLEARTEXT
+ "{CLEARTEXT}", /* psuedo scheme */
+#endif
+ NULL,
+};
+
+int lutil_passwd_scheme( char *scheme ) {
+ return is_allowed_scheme( scheme, lutil_passwd_schemes );
+}
+
+static const char *passwd_scheme(
const char* passwd,
- const char* method,
- const char** methods )
+ const char* scheme,
+ const char** schemes )
{
int len;
- if( !supported_hash( method, methods ) ) {
+ if( !is_allowed_scheme( scheme, schemes ) ) {
return NULL;
}
- len = strlen(method);
+ len = strlen(scheme);
- if( strncasecmp( passwd, method, len ) == 0 ) {
+ if( strncasecmp( passwd, scheme, len ) == 0 ) {
return &passwd[len];
}
lutil_passwd(
const char *cred,
const char *passwd,
- const char **methods)
+ const char **schemes)
{
const char *p;
return -1;
}
- if ((p = passwd_hash( passwd, "{MD5}", methods )) != NULL ) {
+ if ((p = passwd_scheme( passwd, "{MD5}", schemes )) != NULL ) {
lutil_MD5_CTX MD5context;
unsigned char MD5digest[16];
- char base64digest[25]; /* ceiling(sizeof(input)/3) * 4 + 1 */
+ char base64digest[LUTIL_BASE64_ENCODE_LEN(16)];
lutil_MD5Init(&MD5context);
lutil_MD5Update(&MD5context,
return( strcmp(p, base64digest) );
- } else if ((p = passwd_hash( passwd, "{SHA}", methods )) != NULL ) {
+ } else if ((p = passwd_scheme( passwd, "{SHA}", schemes )) != NULL ) {
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[20];
- char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
+ char base64digest[LUTIL_BASE64_ENCODE_LEN(20)];
lutil_SHA1Init(&SHA1context);
lutil_SHA1Update(&SHA1context,
return( strcmp(p, base64digest) );
- } else if ((p = passwd_hash( passwd, "{SSHA}", methods )) != NULL ) {
+ } else if ((p = passwd_scheme( passwd, "{SSHA}", schemes )) != NULL ) {
lutil_SHA1_CTX SHA1context;
unsigned char SHA1digest[20];
int pw_len = strlen(p);
unsigned char *orig_pass = NULL;
/* base64 un-encode password */
- orig_pass = (unsigned char *)malloc((size_t)(pw_len * 0.75 + 1));
+ orig_pass = (unsigned char *) malloc( (size_t) (
+ LUTIL_BASE64_DECODE_LEN(pw_len) + 1) );
if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
{
free(orig_pass);
free(orig_pass);
return(rc);
- } else if ((p = passwd_hash( passwd, "{SMD5}", methods )) != NULL ) {
+ } else if ((p = passwd_scheme( passwd, "{SMD5}", schemes )) != NULL ) {
lutil_MD5_CTX MD5context;
unsigned char MD5digest[16];
int pw_len = strlen(p);
unsigned char *orig_pass = NULL;
/* base64 un-encode password */
- orig_pass = (unsigned char *)malloc((size_t)(pw_len * 0.75 + 1));
+ orig_pass = (unsigned char *) malloc( (size_t) (
+ LUTIL_BASE64_DECODE_LEN(pw_len) + 1) );
if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
{
free(orig_pass);
return ( rc );
#ifdef SLAPD_CRYPT
- } else if ((p = passwd_hash( passwd, "{CRYPT}", methods )) != NULL ) {
+ } else if ((p = passwd_scheme( passwd, "{CRYPT}", schemes )) != NULL ) {
return( strcmp(p, crypt(cred, p)) );
# if defined( HAVE_GETSPNAM ) \
|| ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
- } else if ((p = passwd_hash( passwd, "{UNIX}", methods )) != NULL ) {
+ } else if ((p = passwd_scheme( passwd, "{UNIX}", schemes )) != NULL ) {
# ifdef HAVE_GETSPNAM
struct spwd *spwd = getspnam(p);
}
#ifdef SLAPD_CLEARTEXT
- return supported_hash("{CLEARTEXT}", methods ) &&
+ return is_allowed_scheme("{CLEARTEXT}", schemes ) &&
strcmp(passwd, cred) != 0;
#else
return( 1 );