Change LDAP.ld_lberoptions to `short', to realign with BerElement.ber_options

[openldap] / libraries / liblutil / passwd.c

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 7a74aa998972df4ff78d583646bcdccfa4075867..a8f69dc5ff3baea01409fbf8db9d1c8aa3fdc06a 100644 (file)
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -10,6 +10,8 @@
 
 #include "portable.h"
 
+#include <stdlib.h>
+
 #include <ac/string.h>
 #include <ac/unistd.h>
 
@@ -31,12 +33,7 @@ lutil_passwd(
                return -1;
        }
 
-       if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
-               const char *p = passwd + (sizeof("{CRYPT}") - 1);
-
-               return( strcmp(p, crypt(cred, p)) );
-
-       } else if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
+       if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
                lutil_MD5_CTX MD5context;
                unsigned char MD5digest[16];
                char base64digest[25];  /* ceiling(sizeof(input)/3) * 4 + 1 */
@@ -74,6 +71,74 @@ lutil_passwd(
                }
 
                return( strcmp(p, base64digest) );
+
+       } else if (strncasecmp(passwd, "{SSHA}", sizeof("{SSHA}") - 1) == 0) {
+               lutil_SHA1_CTX SHA1context;
+               unsigned char SHA1digest[20];
+               const char *p = passwd + (sizeof("{SSHA}") - 1);
+               int pw_len = strlen(p);
+               int rc;
+               unsigned char *orig_pass = NULL;
+ 
+               /* base64 un-encode password */
+               orig_pass = (unsigned char *)malloc(pw_len * 0.75 + 1);
+               if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
+               {
+                       free(orig_pass);
+                       return ( 1 );
+               }
+ 
+               /* hash credentials with salt */
+               lutil_SHA1Init(&SHA1context);
+               lutil_SHA1Update(&SHA1context,
+                               (const unsigned char *) cred, strlen(cred));
+               lutil_SHA1Update(&SHA1context,
+                               (const unsigned char *) orig_pass + sizeof(SHA1digest),
+                               rc - sizeof(SHA1digest));
+               lutil_SHA1Final(SHA1digest, &SHA1context);
+ 
+               /* compare */
+               rc = strncmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
+               free(orig_pass);
+               return(rc);
+
+       } else if (strncasecmp(passwd, "{SMD5}", sizeof("{SMD5}") - 1) == 0) {
+               lutil_MD5_CTX MD5context;
+               unsigned char MD5digest[16];
+               const char *p = passwd + (sizeof("{SMD5}") - 1);
+               int pw_len = strlen(p);
+               int rc;
+               unsigned char *orig_pass = NULL;
+
+               /* base64 un-encode password */
+               orig_pass = (unsigned char *)malloc(pw_len * 0.75 + 1);
+               if ((rc = lutil_b64_pton(p, orig_pass, pw_len)) < 0)
+               {
+                       free(orig_pass);
+                       return ( 1 );
+               }
+
+               /* hash credentials with salt */
+               lutil_MD5Init(&MD5context);
+               lutil_MD5Update(&MD5context,
+                               (const unsigned char *) cred, strlen(cred));
+               lutil_MD5Update(&MD5context,
+                               (const unsigned char *) orig_pass + sizeof(MD5digest),
+                               rc - sizeof(MD5digest));
+               lutil_MD5Final(MD5digest, &MD5context);
+
+               /* compare */
+               rc = strncmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
+               free(orig_pass);
+               return ( rc );
+
+#ifdef SLAPD_CRYPT
+       } else if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
+               const char *p = passwd + (sizeof("{CRYPT}") - 1);
+
+               return( strcmp(p, crypt(cred, p)) );
+
+#endif
        }
 
 #ifdef SLAPD_CLEARTEXT