Add lutil_passwd()

diff --git a/include/lutil.h b/include/lutil.h
index 6f14d55980ab6d2287f97c3ac328b45ea1217a6a..0d0208a90398f9028a1f52f96c00932ae69f679e 100644 (file)
--- a/include/lutil.h
+++ b/include/lutil.h
@@ -13,7 +13,7 @@ LDAP_BEGIN_DECL
 LDAP_F int b64_ntop LDAP_P((u_char const *, size_t, char *, size_t));
 LDAP_F int b64_pton LDAP_P((char const *, u_char *, size_t));
 LDAP_F void lutil_detach LDAP_P((int debug, int do_close));
-
+LDAP_F int lutil_passwd LDAP_P((const char *cred, const char *passwd));
 LDAP_END_DECL
 
 #endif /* _LUTIL_H */

diff --git a/libraries/liblutil/Makefile.in b/libraries/liblutil/Makefile.in
index 80b5420e56a8aab8b14e02c84d126d37069ce32c..8ec776092136a8e82ce760ce063f49c3ff1692d1 100644 (file)
--- a/libraries/liblutil/Makefile.in
+++ b/libraries/liblutil/Makefile.in
@@ -3,8 +3,8 @@
 ##
 
 LIBRARY        = liblutil.a
-SRCS   = base64.c md5.c sha1.c detach.c
-OBJS   = base64.o md5.o sha1.o detach.o @LIBOBJS@
+SRCS   = base64.c detach.c md5.c passwd.c sha1.c
+OBJS   = base64.o detach.c md5.o passwd.c sha1.o @LIBOBJS@
 
 LDAP_INCDIR= ../../include       
 LDAP_LIBDIR= ../../libraries

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
new file mode 100644 (file)
index 0000000..89b45b9
--- /dev/null
+++ b/libraries/liblutil/passwd.c
@@ -0,0 +1,79 @@
+/*
+ * lutil_password(credentials, password)
+ *
+ * Returns true if user supplied credentials matches
+ * the stored password. 
+ *
+ * Due to the use of the crypt(3) function 
+ * this routine is NOT thread-safe.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "lutil_md5.h"
+#include "lutil_sha1.h"
+#include "lutil.h"
+
+/*
+ */
+
+int
+lutil_passwd(
+       const char *cred,
+       const char *passwd)
+{
+
+       if (cred == NULL || passwd == NULL) {
+               return 0;
+       }
+
+       if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
+               const char *p = passwd + (sizeof("{CRYPT}") - 1);
+
+               return( strcmp(p, crypt(cred, p)) != 0 );
+
+       } else if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
+               ldap_MD5_CTX MD5context;
+               unsigned char MD5digest[20];
+               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
+
+               const char *p = passwd + (sizeof("{MD5}") - 1);
+
+               ldap_MD5Init(&MD5context);
+               ldap_MD5Update(&MD5context,
+                       cred, strlen(cred));
+               ldap_MD5Final(MD5digest, &MD5context);
+
+               if ( b64_ntop(MD5digest, sizeof(MD5digest),
+                       base64digest, sizeof(base64digest)) < 0)
+               {
+                       return ( 1 );
+               }
+
+               return (strcmp(p, base64digest) != 0);
+
+       } else if (strncasecmp(passwd, "{SHA}",sizeof("{SHA}") - 1) == 0 ) {
+               ldap_SHA1_CTX SHA1context;
+               unsigned char SHA1digest[20];
+               char base64digest[29];  /* ceiling(sizeof(input)/3) * 4 + 1 */
+               const char *p = passwd + (sizeof("{SHA}") - 1);
+
+               ldap_SHA1Init(&SHA1context);
+               ldap_SHA1Update(&SHA1context,
+                       (unsigned char *) cred, strlen(cred));
+               ldap_SHA1Final(SHA1digest, &SHA1context);
+
+               if (b64_ntop(SHA1digest, sizeof(SHA1digest),
+                       base64digest, sizeof(base64digest)) < 0)
+               {
+                       return ( 0 );
+               }
+
+               return( strcmp(p, base64digest) != 0 );
+       }
+
+       return( strcmp(passwd, cred) != 0 );
+}