-/* $OpenLDAP$ */\r
-/*\r
- * This file is derived from OpenLDAP Software. All of the modifications to\r
- * OpenLDAP Software represented in the following file were developed by\r
- * Devin J. Pohly <djpohly@gmail.com>. I have not assigned rights and/or\r
- * interest in this work to any party. \r
- *\r
- * The extensions to OpenLDAP Software herein are subject to the following\r
- * notice:\r
- *\r
- * Copyright 2011 Devin J. Pohly\r
- * Portions Copyright 2011 Howard Chu\r
- * Redistribution and use in source and binary forms, with or without\r
- * modification, are permitted only as authorized by the OpenLDAP Public\r
- * License. \r
- *\r
- * A portion of this code is used in accordance with the Beer-ware License,\r
- * revision 42, as noted.\r
- *\r
- */\r
-#include <lber.h>\r
-#include <lber_pvt.h>\r
-#include "lutil.h"\r
-#include "lutil_md5.h"\r
-#include <ac/string.h>\r
-\r
-#include <assert.h>\r
-\r
-/* the only difference between this and straight PHK is the magic */\r
-static LUTIL_PASSWD_CHK_FUNC chk_apr1;\r
-static LUTIL_PASSWD_HASH_FUNC hash_apr1;\r
-static const struct berval scheme_apr1 = BER_BVC("{APR1}");\r
-static const struct berval magic_apr1 = BER_BVC("$apr1$");\r
-\r
-static LUTIL_PASSWD_CHK_FUNC chk_bsdmd5;\r
-static LUTIL_PASSWD_HASH_FUNC hash_bsdmd5;\r
-static const struct berval scheme_bsdmd5 = BER_BVC("{BSDMD5}");\r
-static const struct berval magic_bsdmd5 = BER_BVC("$1$");\r
-\r
-static const unsigned char apr64[] =\r
- "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";\r
-\r
-#define APR_SALT_SIZE 8\r
-\r
-/* The algorithm implemented in this function was created by Poul-Henning\r
- * Kamp and released under the following license:\r
- * ----------------------------------------------------------------------------\r
- * "THE BEER-WARE LICENSE" (Revision 42):\r
- * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you\r
- * can do whatever you want with this stuff. If we meet some day, and you think\r
- * this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp\r
- * ----------------------------------------------------------------------------\r
- */\r
-static void do_phk_hash(\r
- const struct berval *passwd,\r
- const struct berval *salt,\r
- const struct berval *magic,\r
- unsigned char *digest)\r
-{\r
- lutil_MD5_CTX ctx, ctx1;\r
- int n;\r
-\r
- /* Start hashing */\r
- lutil_MD5Init(&ctx);\r
- lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
- lutil_MD5Update(&ctx, (const unsigned char *) magic->bv_val, magic->bv_len);\r
- lutil_MD5Update(&ctx, (const unsigned char *) salt->bv_val, salt->bv_len);\r
- /* Inner hash */\r
- lutil_MD5Init(&ctx1);\r
- lutil_MD5Update(&ctx1, (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
- lutil_MD5Update(&ctx1, (const unsigned char *) salt->bv_val, salt->bv_len);\r
- lutil_MD5Update(&ctx1, (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
- lutil_MD5Final(digest, &ctx1);\r
- /* Nom start mixing things up */\r
- for (n = passwd->bv_len; n > 0; n -= LUTIL_MD5_BYTES)\r
- lutil_MD5Update(&ctx, digest,\r
- (n > LUTIL_MD5_BYTES ? LUTIL_MD5_BYTES : n));\r
- memset(digest, 0, LUTIL_MD5_BYTES);\r
- /* Curiouser and curiouser... */\r
- for (n = passwd->bv_len; n; n >>= 1)\r
- if (n & 1)\r
- lutil_MD5Update(&ctx, digest, 1);\r
- else\r
- lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, 1);\r
- lutil_MD5Final(digest, &ctx);\r
- /*\r
- * Repeatedly hash things into the final value. This was originally\r
- * intended to slow the algorithm down.\r
- */\r
- for (n = 0; n < 1000; n++) {\r
- lutil_MD5Init(&ctx1);\r
- if (n & 1)\r
- lutil_MD5Update(&ctx1,\r
- (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
- else\r
- lutil_MD5Update(&ctx1, digest, LUTIL_MD5_BYTES);\r
-\r
- if (n % 3)\r
- lutil_MD5Update(&ctx1,\r
- (const unsigned char *) salt->bv_val, salt->bv_len);\r
- if (n % 7)\r
- lutil_MD5Update(&ctx1,\r
- (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
-\r
- if (n & 1)\r
- lutil_MD5Update(&ctx1, digest, LUTIL_MD5_BYTES);\r
- else\r
- lutil_MD5Update(&ctx1,\r
- (const unsigned char *) passwd->bv_val, passwd->bv_len);\r
- lutil_MD5Final(digest, &ctx1);\r
- }\r
-}\r
-\r
-static int chk_phk(\r
- const struct berval *magic,\r
- const struct berval *passwd,\r
- const struct berval *cred,\r
- const char **text)\r
-{\r
- unsigned char digest[LUTIL_MD5_BYTES];\r
- unsigned char *orig_pass;\r
- int rc, n;\r
- struct berval salt;\r
-\r
- /* safety check */\r
- n = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);\r
- if (n <= sizeof(digest))\r
- return LUTIL_PASSWD_ERR;\r
-\r
- /* base64 un-encode password hash */\r
- orig_pass = (unsigned char *) ber_memalloc((size_t) (n + 1));\r
-\r
- if (orig_pass == NULL)\r
- return LUTIL_PASSWD_ERR;\r
-\r
- rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);\r
-\r
- if (rc <= (int) sizeof(digest)) {\r
- ber_memfree(orig_pass);\r
- return LUTIL_PASSWD_ERR;\r
- }\r
-\r
- salt.bv_val = (char *) &orig_pass[sizeof(digest)];\r
- salt.bv_len = rc - sizeof(digest);\r
-\r
- do_phk_hash(cred, &salt, magic, digest);\r
-\r
- if (text)\r
- *text = NULL;\r
-\r
- /* compare */\r
- rc = memcmp((char *) orig_pass, (char *) digest, sizeof(digest));\r
- ber_memfree(orig_pass);\r
- return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;\r
-}\r
-\r
-static int chk_apr1(\r
- const struct berval *scheme,\r
- const struct berval *passwd,\r
- const struct berval *cred,\r
- const char **text)\r
-{\r
- return chk_phk(&magic_apr1, passwd, cred, text);\r
-}\r
-\r
-static int chk_bsdmd5(\r
- const struct berval *scheme,\r
- const struct berval *passwd,\r
- const struct berval *cred,\r
- const char **text)\r
-{\r
- return chk_phk(&magic_bsdmd5, passwd, cred, text);\r
-}\r
-\r
-static int hash_phk(\r
- const struct berval *scheme,\r
- const struct berval *magic,\r
- const struct berval *passwd,\r
- struct berval *hash,\r
- const char **text)\r
-{\r
- unsigned char digest_buf[LUTIL_MD5_BYTES];\r
- char salt_buf[APR_SALT_SIZE];\r
- struct berval digest;\r
- struct berval salt;\r
- int n;\r
-\r
- digest.bv_val = (char *) digest_buf;\r
- digest.bv_len = sizeof(digest_buf);\r
- salt.bv_val = salt_buf;\r
- salt.bv_len = APR_SALT_SIZE;\r
-\r
- /* generate random salt */\r
- if (lutil_entropy( (unsigned char *) salt.bv_val, salt.bv_len) < 0)\r
- return LUTIL_PASSWD_ERR; \r
- /* limit it to characters in the 64-char set */\r
- for (n = 0; n < salt.bv_len; n++)\r
- salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];\r
-\r
- do_phk_hash(passwd, &salt, magic, digest_buf);\r
-\r
- if (text)\r
- *text = NULL;\r
-\r
- return lutil_passwd_string64(scheme, &digest, hash, &salt);\r
-}\r
-\r
-static int hash_apr1(\r
- const struct berval *scheme,\r
- const struct berval *passwd,\r
- struct berval *hash,\r
- const char **text)\r
-{\r
- return hash_phk(scheme, &magic_apr1, passwd, hash, text);\r
-}\r
-\r
-static int hash_bsdmd5(\r
- const struct berval *scheme,\r
- const struct berval *passwd,\r
- struct berval *hash,\r
- const char **text)\r
-{\r
- return hash_phk(scheme, &magic_bsdmd5, passwd, hash, text);\r
-}\r
-\r
-int init_module(int argc, char *argv[]) {\r
- int rc;\r
- rc = lutil_passwd_add((struct berval *) &scheme_apr1, chk_apr1, hash_apr1);\r
- if ( !rc )\r
- rc = lutil_passwd_add((struct berval *) &scheme_bsdmd5,\r
- chk_bsdmd5, hash_bsdmd5);\r
- return rc;\r
-}\r
+/* $OpenLDAP$ */
+/*
+ * This file is derived from OpenLDAP Software. All of the modifications to
+ * OpenLDAP Software represented in the following file were developed by
+ * Devin J. Pohly <djpohly@gmail.com>. I have not assigned rights and/or
+ * interest in this work to any party.
+ *
+ * The extensions to OpenLDAP Software herein are subject to the following
+ * notice:
+ *
+ * Copyright 2011 Devin J. Pohly
+ * Portions Copyright 2011 Howard Chu
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP Public
+ * License.
+ *
+ * A portion of this code is used in accordance with the Beer-ware License,
+ * revision 42, as noted.
+ *
+ */
+#include <lber.h>
+#include <lber_pvt.h>
+#include "lutil.h"
+#include "lutil_md5.h"
+#include <ac/string.h>
+
+#include <assert.h>
+
+/* the only difference between this and straight PHK is the magic */
+static LUTIL_PASSWD_CHK_FUNC chk_apr1;
+static LUTIL_PASSWD_HASH_FUNC hash_apr1;
+static const struct berval scheme_apr1 = BER_BVC("{APR1}");
+static const struct berval magic_apr1 = BER_BVC("$apr1$");
+
+static LUTIL_PASSWD_CHK_FUNC chk_bsdmd5;
+static LUTIL_PASSWD_HASH_FUNC hash_bsdmd5;
+static const struct berval scheme_bsdmd5 = BER_BVC("{BSDMD5}");
+static const struct berval magic_bsdmd5 = BER_BVC("$1$");
+
+static const unsigned char apr64[] =
+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+#define APR_SALT_SIZE 8
+
+/* The algorithm implemented in this function was created by Poul-Henning
+ * Kamp and released under the following license:
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+static void do_phk_hash(
+ const struct berval *passwd,
+ const struct berval *salt,
+ const struct berval *magic,
+ unsigned char *digest)
+{
+ lutil_MD5_CTX ctx, ctx1;
+ int n;
+
+ /* Start hashing */
+ lutil_MD5Init(&ctx);
+ lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, passwd->bv_len);
+ lutil_MD5Update(&ctx, (const unsigned char *) magic->bv_val, magic->bv_len);
+ lutil_MD5Update(&ctx, (const unsigned char *) salt->bv_val, salt->bv_len);
+ /* Inner hash */
+ lutil_MD5Init(&ctx1);
+ lutil_MD5Update(&ctx1, (const unsigned char *) passwd->bv_val, passwd->bv_len);
+ lutil_MD5Update(&ctx1, (const unsigned char *) salt->bv_val, salt->bv_len);
+ lutil_MD5Update(&ctx1, (const unsigned char *) passwd->bv_val, passwd->bv_len);
+ lutil_MD5Final(digest, &ctx1);
+ /* Nom start mixing things up */
+ for (n = passwd->bv_len; n > 0; n -= LUTIL_MD5_BYTES)
+ lutil_MD5Update(&ctx, digest,
+ (n > LUTIL_MD5_BYTES ? LUTIL_MD5_BYTES : n));
+ memset(digest, 0, LUTIL_MD5_BYTES);
+ /* Curiouser and curiouser... */
+ for (n = passwd->bv_len; n; n >>= 1)
+ if (n & 1)
+ lutil_MD5Update(&ctx, digest, 1);
+ else
+ lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, 1);
+ lutil_MD5Final(digest, &ctx);
+ /*
+ * Repeatedly hash things into the final value. This was originally
+ * intended to slow the algorithm down.
+ */
+ for (n = 0; n < 1000; n++) {
+ lutil_MD5Init(&ctx1);
+ if (n & 1)
+ lutil_MD5Update(&ctx1,
+ (const unsigned char *) passwd->bv_val, passwd->bv_len);
+ else
+ lutil_MD5Update(&ctx1, digest, LUTIL_MD5_BYTES);
+
+ if (n % 3)
+ lutil_MD5Update(&ctx1,
+ (const unsigned char *) salt->bv_val, salt->bv_len);
+ if (n % 7)
+ lutil_MD5Update(&ctx1,
+ (const unsigned char *) passwd->bv_val, passwd->bv_len);
+
+ if (n & 1)
+ lutil_MD5Update(&ctx1, digest, LUTIL_MD5_BYTES);
+ else
+ lutil_MD5Update(&ctx1,
+ (const unsigned char *) passwd->bv_val, passwd->bv_len);
+ lutil_MD5Final(digest, &ctx1);
+ }
+}
+
+static int chk_phk(
+ const struct berval *magic,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text)
+{
+ unsigned char digest[LUTIL_MD5_BYTES];
+ unsigned char *orig_pass;
+ int rc, n;
+ struct berval salt;
+
+ /* safety check */
+ n = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+ if (n <= sizeof(digest))
+ return LUTIL_PASSWD_ERR;
+
+ /* base64 un-encode password hash */
+ orig_pass = (unsigned char *) ber_memalloc((size_t) (n + 1));
+
+ if (orig_pass == NULL)
+ return LUTIL_PASSWD_ERR;
+
+ rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
+
+ if (rc <= (int) sizeof(digest)) {
+ ber_memfree(orig_pass);
+ return LUTIL_PASSWD_ERR;
+ }
+
+ salt.bv_val = (char *) &orig_pass[sizeof(digest)];
+ salt.bv_len = rc - sizeof(digest);
+
+ do_phk_hash(cred, &salt, magic, digest);
+
+ if (text)
+ *text = NULL;
+
+ /* compare */
+ rc = memcmp((char *) orig_pass, (char *) digest, sizeof(digest));
+ ber_memfree(orig_pass);
+ return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_apr1(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text)
+{
+ return chk_phk(&magic_apr1, passwd, cred, text);
+}
+
+static int chk_bsdmd5(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ const struct berval *cred,
+ const char **text)
+{
+ return chk_phk(&magic_bsdmd5, passwd, cred, text);
+}
+
+static int hash_phk(
+ const struct berval *scheme,
+ const struct berval *magic,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text)
+{
+ unsigned char digest_buf[LUTIL_MD5_BYTES];
+ char salt_buf[APR_SALT_SIZE];
+ struct berval digest;
+ struct berval salt;
+ int n;
+
+ digest.bv_val = (char *) digest_buf;
+ digest.bv_len = sizeof(digest_buf);
+ salt.bv_val = salt_buf;
+ salt.bv_len = APR_SALT_SIZE;
+
+ /* generate random salt */
+ if (lutil_entropy( (unsigned char *) salt.bv_val, salt.bv_len) < 0)
+ return LUTIL_PASSWD_ERR;
+ /* limit it to characters in the 64-char set */
+ for (n = 0; n < salt.bv_len; n++)
+ salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];
+
+ do_phk_hash(passwd, &salt, magic, digest_buf);
+
+ if (text)
+ *text = NULL;
+
+ return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
+static int hash_apr1(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text)
+{
+ return hash_phk(scheme, &magic_apr1, passwd, hash, text);
+}
+
+static int hash_bsdmd5(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text)
+{
+ return hash_phk(scheme, &magic_bsdmd5, passwd, hash, text);
+}
+
+int init_module(int argc, char *argv[]) {
+ int rc;
+ rc = lutil_passwd_add((struct berval *) &scheme_apr1, chk_apr1, hash_apr1);
+ if ( !rc )
+ rc = lutil_passwd_add((struct berval *) &scheme_bsdmd5,
+ chk_bsdmd5, hash_bsdmd5);
+ return rc;
+}
projects / openldap / commitdiff