Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/password-scheme.c @ 2377:8f5be0be3199 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
NTLM authentication. Patch by Andrey Panin
author Timo Sirainen <tss@iki.fi>
date Wed, 28 Jul 2004 18:39:29 +0300
parents 203938a7f45e
children 6531fd0f779f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /* Copyright (C) 2003 Timo Sirainen */
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "lib.h"
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
4 #include "buffer.h"
2080
cf8c711f76a0 SHA1 support via OpenSSL
Timo Sirainen <tss@iki.fi>
parents: 1879
diff changeset
5 #include "base64.h"
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 #include "hex-binary.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 #include "md5.h"
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
8 #include "module-dir.h"
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #include "mycrypt.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 #include "randgen.h"
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
11 #include "sha1.h"
2080
cf8c711f76a0 SHA1 support via OpenSSL
Timo Sirainen <tss@iki.fi>
parents: 1879
diff changeset
12 #include "str.h"
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 #include "password-scheme.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14
2356
d921b930abd7 crypt_generate and md5_generate used only 3 different characters for salt.
Timo Sirainen <tss@iki.fi>
parents: 2084
diff changeset
15 static const char salt_chars[] =
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
16 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
17
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
18 static buffer_t *schemes_buf;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
19 static const struct password_scheme *schemes;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
20 #ifdef HAVE_MODULES
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
21 static struct module *scheme_modules;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
22 #endif
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
23
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24 int password_verify(const char *plaintext, const char *password,
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 const char *scheme, const char *user)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
26 {
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
27 const struct password_scheme *s;
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
28
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29 if (password == NULL)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30 return 0;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
32 for (s = schemes; s->name != NULL; s++) {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
33 if (strcasecmp(s->name, scheme) == 0)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
34 return s->password_verify(plaintext, password, user);
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 return -1;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
40 const char *password_list_schemes(const struct password_scheme **listptr)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
41 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
42 if (*listptr == NULL)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
43 *listptr = schemes;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
44
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
45 if ((*listptr)->name == NULL) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
46 *listptr = NULL;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
47 return NULL;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
48 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
49
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
50 return (*listptr)++->name;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
51 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
52
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
53 const char *password_get_scheme(const char **password)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
54 {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 const char *p, *scheme;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
57 if (*password == NULL)
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
58 return NULL;
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
59
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
60 if (strncmp(*password, "$1$", 3) == 0) {
1331
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
61 /* skip the salt */
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
62 p = strchr(*password + 3, '$');
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
63 if (p != NULL) {
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
64 /* stop at next '$' */
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
65 p = strchr(p+1, '$');
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
66 if (p != NULL)
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
67 *password = t_strdup_until(*password, p);
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
68 return "MD5";
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
69 }
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
70 }
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
71
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
72 if (**password != '{')
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73 return NULL;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75 p = strchr(*password, '}');
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76 if (p == NULL)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77 return NULL;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
78
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
79 scheme = t_strdup_until(*password + 1, p);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80 *password = p + 1;
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
81
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
82 /* LDAP's RFC2307 specifies the MD5 scheme for what we call PLAIN-MD5,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
83 only base64-encoded rather than hex-encoded.
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
84 We can detect this case - base64 doesn't use '$'. */
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
85 if (strncasecmp(scheme, "MD5", 3) == 0 &&
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
86 strncmp(*password, "$1$", 3) != 0) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
87 scheme = "LDAP-MD5";
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
88 }
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89 return scheme;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92 const char *password_generate(const char *plaintext, const char *user,
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 const char *scheme)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 {
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
95 const struct password_scheme *s;
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
96
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
97 for (s = schemes; s->name != NULL; s++) {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
98 if (strcasecmp(s->name, scheme) == 0)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
99 return s->password_generate(plaintext, user);
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
101
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102 return NULL;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
103 }
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
104
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
105 static int crypt_verify(const char *plaintext, const char *password,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
106 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
107 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
108 return strcmp(mycrypt(plaintext, password), password) == 0;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
109 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
110
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
111 static const char *crypt_generate(const char *plaintext,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
112 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
113 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
114 char salt[9];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
115
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
116 random_fill(salt, 2);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
117 salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
118 salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
119 salt[2] = '\0';
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
120 return t_strdup(mycrypt(plaintext, salt));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
121 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
122
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
123 static int md5_verify(const char *plaintext, const char *password,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
124 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
125 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
126 const char *str;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
127
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
128 str = password_generate_md5_crypt(plaintext, password);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
129 return strcmp(str, password) == 0;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
130 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
131
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
132 static const char *md5_generate(const char *plaintext,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
133 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
134 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
135 char salt[9];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
136 int i;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
137
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
138 random_fill(salt, 8);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
139 for (i = 0; i < 8; i++)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
140 salt[i] = salt_chars[salt[i] % (sizeof(salt_chars)-1)];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
141 salt[8] = '\0';
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
142 return password_generate_md5_crypt(plaintext, salt);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
143 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
144
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
145 static const char *sha1_generate(const char *plaintext,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
146 const char *user __attr_unused__)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
147 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
148 unsigned char digest[SHA1_RESULTLEN];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
149 string_t *str;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
150
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
151 sha1_get_digest(plaintext, strlen(plaintext), digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
152 str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(digest)+1));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
153 base64_encode(digest, sizeof(digest), str);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
154 return str_c(str);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
155 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
156
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
157 static int sha1_verify(const char *plaintext, const char *password,
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
158 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
159 {
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
160 unsigned char sha1_digest[SHA1_RESULTLEN];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
161 const char *data;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
162 buffer_t *buf;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
163 size_t size;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
164
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
165 sha1_get_digest(plaintext, strlen(plaintext), sha1_digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
166
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
167 buf = buffer_create_static(pool_datastack_create(),
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
168 MAX_BASE64_DECODED_SIZE(strlen(password)+1));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
169
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
170 if (base64_decode(password, strlen(password), NULL, buf) <= 0) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
171 i_error("sha1_verify(%s): failed decoding SHA base64", user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
172 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
173 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
174
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
175 data = buffer_get_data(buf, &size);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
176 if (size < SHA1_RESULTLEN) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
177 i_error("sha1_verify(%s): invalid SHA base64 decode", user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
178 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
179 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
180
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
181 return memcmp(sha1_digest, data, SHA1_RESULTLEN) == 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
182 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
183
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
184 static const char *ssha_generate(const char *plaintext,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
185 const char *user __attr_unused__)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
186 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
187 unsigned char ssha_digest[SHA1_RESULTLEN+4];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
188 unsigned char *salt = &ssha_digest[SHA1_RESULTLEN];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
189 struct sha1_ctxt ctx;
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
190 string_t *str;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
191
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
192 random_fill(salt, 4);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
193
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
194 sha1_init(&ctx);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
195 sha1_loop(&ctx, plaintext, strlen(plaintext));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
196 sha1_loop(&ctx, salt, 4);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
197 sha1_result(&ctx, ssha_digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
198
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
199 str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(ssha_digest))+1);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
200 base64_encode(ssha_digest, sizeof(ssha_digest), str);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
201 return str_c(str);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
202 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
203
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
204 static int ssha_verify(const char *plaintext, const char *password,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
205 const char *user __attr_unused__)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
206 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
207 unsigned char sha1_digest[SHA1_RESULTLEN];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
208 buffer_t *buf;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
209 const char *data;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
210 size_t size;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
211 struct sha1_ctxt ctx;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
212
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
213 /* format: base64-encoded MD5 hash and salt */
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
214 buf = buffer_create_static(pool_datastack_create(),
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
215 MAX_BASE64_DECODED_SIZE(strlen(password)+1));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
216
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
217 if (base64_decode(password, strlen(password), NULL, buf) <= 0) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
218 i_error("ssha_verify(%s): failed decoding SSHA base64", user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
219 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
220 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
221
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
222 data = buffer_get_data(buf, &size);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
223 if (size <= SHA1_RESULTLEN) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
224 i_error("ssha_verify(%s): invalid SSHA base64 decode", user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
225 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
226 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
227
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
228 sha1_init(&ctx);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
229 sha1_loop(&ctx, plaintext, strlen(plaintext));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
230 sha1_loop(&ctx, &data[SHA1_RESULTLEN], size-SHA1_RESULTLEN);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
231 sha1_result(&ctx, sha1_digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
232 return memcmp(sha1_digest, data, SHA1_RESULTLEN) == 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
233 }
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
234
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
235 static const char *smd5_generate(const char *plaintext,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
236 const char *user __attr_unused__)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
237 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
238 unsigned char smd5_digest[20];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
239 unsigned char *salt = &smd5_digest[16];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
240 struct md5_context ctx;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
241 string_t *str;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
242
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
243 random_fill(salt, 4);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
244
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
245 md5_init(&ctx);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
246 md5_update(&ctx, plaintext, strlen(plaintext));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
247 md5_update(&ctx, salt, 4);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
248 md5_final(&ctx, smd5_digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
249
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
250 str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(smd5_digest))+1);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
251 base64_encode(smd5_digest, sizeof(smd5_digest), str);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
252 return str_c(str);
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
253 }
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
254
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
255 static int smd5_verify(const char *plaintext, const char *password,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
256 const char *user __attr_unused__)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
257 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
258 unsigned char md5_digest[16];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
259 buffer_t *buf;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
260 const char *data;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
261 size_t size;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
262 struct md5_context ctx;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
263
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
264 /* format: base64-encoded MD5 hash and salt */
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
265 buf = buffer_create_static(pool_datastack_create(),
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
266 MAX_BASE64_DECODED_SIZE(strlen(password)+1));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
267
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
268 if (base64_decode(password, strlen(password), NULL, buf) <= 0) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
269 i_error("smd5_verify(%s): failed decoding SMD5 base64", user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
270 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
271 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
272
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
273 data = buffer_get_data(buf, &size);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
274 if (size <= 16) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
275 i_error("smd5_verify(%s): invalid SMD5 base64 decode", user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
276 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
277 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
278
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
279 md5_init(&ctx);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
280 md5_update(&ctx, plaintext, strlen(plaintext));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
281 md5_update(&ctx, &data[16], size-16);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
282 md5_final(&ctx, md5_digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
283 return memcmp(md5_digest, data, 16) == 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
284 }
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
285
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
286 static int plain_verify(const char *plaintext, const char *password,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
287 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
288 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
289 return strcmp(password, plaintext) == 0;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
290 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
291
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
292 static const char *plain_generate(const char *plaintext,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
293 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
294 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
295 return plaintext;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
296 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
297
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
298 static int hmac_md5_verify(const char *plaintext, const char *password,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
299 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
300 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
301 return strcmp(password_generate_cram_md5(plaintext), password) == 0;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
302 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
303
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
304 static const char *hmac_md5_generate(const char *plaintext,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
305 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
306 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
307 return password_generate_cram_md5(plaintext);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
308 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
309
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
310 static int digest_md5_verify(const char *plaintext, const char *password,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
311 const char *user)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
312 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
313 unsigned char digest[16];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
314 const char *realm, *str;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
315
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
316 /* user:realm:passwd */
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
317 realm = strchr(user, '@');
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
318 if (realm != NULL) realm++; else realm = "";
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
319
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
320 str = t_strconcat(t_strcut(user, '@'), ":", realm, ":",
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
321 plaintext, NULL);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
322 md5_get_digest(str, strlen(str), digest);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
323 str = binary_to_hex(digest, sizeof(digest));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
324
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
325 return strcasecmp(str, password) == 0;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
326 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
327
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
328 static const char *digest_md5_generate(const char *plaintext, const char *user)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
329 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
330 const char *realm, *str;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
331 unsigned char digest[16];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
332
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
333 /* user:realm:passwd */
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
334 realm = strchr(user, '@');
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
335 if (realm != NULL) realm++; else realm = "";
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
336
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
337 str = t_strconcat(t_strcut(user, '@'), ":", realm, ":",
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
338 plaintext, NULL);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
339 md5_get_digest(str, strlen(str), digest);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
340 return binary_to_hex(digest, sizeof(digest));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
341 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
342
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
343 static int plain_md5_verify(const char *plaintext, const char *password,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
344 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
345 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
346 unsigned char digest[16];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
347 const char *str;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
348
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
349 md5_get_digest(plaintext, strlen(plaintext), digest);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
350 str = binary_to_hex(digest, sizeof(digest));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
351 return strcasecmp(str, password) == 0;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
352 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
353
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
354 static const char *plain_md5_generate(const char *plaintext,
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
355 const char *user __attr_unused__)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
356 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
357 unsigned char digest[16];
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
358
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
359 md5_get_digest(plaintext, strlen(plaintext), digest);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
360 return binary_to_hex(digest, sizeof(digest));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
361 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
362
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
363 static const char *ldap_md5_generate(const char *plaintext,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
364 const char *user __attr_unused__)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
365 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
366 unsigned char digest[16];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
367 string_t *str;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
368
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
369 md5_get_digest(plaintext, strlen(plaintext), digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
370 str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(digest)+1));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
371 base64_encode(digest, sizeof(digest), str);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
372 return str_c(str);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
373 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
374
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
375 static int ldap_md5_verify(const char *plaintext, const char *password,
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
376 const char *user __attr_unused__)
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
377 {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
378 unsigned char md5_digest[16];
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
379 buffer_t *buf;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
380 const char *data;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
381 size_t size;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
382
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
383 md5_get_digest(plaintext, strlen(plaintext), md5_digest);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
384
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
385 buf = buffer_create_static(pool_datastack_create(),
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
386 MAX_BASE64_DECODED_SIZE(strlen(password)+1));
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
387
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
388 if (base64_decode(password, strlen(password), NULL, buf) <= 0) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
389 i_error("ldap_md5_verify(%s): failed decoding MD5 base64",
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
390 user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
391 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
392 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
393
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
394 data = buffer_get_data(buf, &size);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
395 if (size != 16) {
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
396 i_error("ldap_md5_verify(%s): invalid MD5 base64 decode", user);
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
397 return 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
398 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
399
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
400 return memcmp(md5_digest, data, 16) == 0;
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
401 }
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
402
2377
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
403 static int ntlm_verify(const char *plaintext, const char *password,
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
404 const char *user __attr_unused__)
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
405 {
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
406 return strcmp(password, password_generate_ntlm(plaintext)) == 0;
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
407 }
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
408
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
409 static const char *ntlm_generate(const char *plaintext,
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
410 const char *user __attr_unused__)
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
411 {
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
412 return password_generate_ntlm(plaintext);
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
413 }
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
414
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
415 static const struct password_scheme default_schemes[] = {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
416 { "CRYPT", crypt_verify, crypt_generate },
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
417 { "MD5", md5_verify, md5_generate },
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
418 { "SHA", sha1_verify, sha1_generate },
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
419 { "SHA1", sha1_verify, sha1_generate },
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
420 { "SMD5", smd5_verify, smd5_generate },
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
421 { "SSHA", ssha_verify, ssha_generate },
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
422 { "PLAIN", plain_verify, plain_generate },
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
423 { "CLEARTEXT", plain_verify, plain_generate },
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
424 { "HMAC-MD5", hmac_md5_verify, hmac_md5_generate },
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
425 { "DIGEST-MD5", digest_md5_verify, digest_md5_generate },
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
426 { "PLAIN-MD5", plain_md5_verify, plain_md5_generate },
2367
203938a7f45e Added dovecotpw utility. Patch by Joshua Goodall
Timo Sirainen <tss@iki.fi>
parents: 2356
diff changeset
427 { "LDAP-MD5", ldap_md5_verify, ldap_md5_generate },
2377
8f5be0be3199 NTLM authentication. Patch by Andrey Panin
Timo Sirainen <tss@iki.fi>
parents: 2367
diff changeset
428 { "NTLM", ntlm_verify, ntlm_generate },
2084
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
429 { NULL, NULL, NULL }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
430 };
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
431
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
432 void password_schemes_init(void)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
433 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
434 static const struct password_scheme null_scheme = { NULL, NULL, NULL };
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
435 const struct password_scheme *s;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
436 #ifdef HAVE_MODULES
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
437 struct module *mod;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
438 const char *symbol;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
439 #endif
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
440
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
441 schemes_buf = buffer_create_dynamic(default_pool, 128, (size_t)-1);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
442 for (s = default_schemes; s->name != NULL; s++)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
443 buffer_append(schemes_buf, s, sizeof(*s));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
444
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
445 #ifdef HAVE_MODULES
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
446 scheme_modules = module_dir_load(AUTH_MODULE_DIR"/password", FALSE);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
447 for (mod = scheme_modules; mod != NULL; mod = mod->next) {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
448 t_push();
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
449 symbol = t_strconcat(mod->name, "_scheme", NULL);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
450 s = module_get_symbol(mod, symbol);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
451 if (s != NULL)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
452 buffer_append(schemes_buf, s, sizeof(*s));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
453 t_pop();
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
454 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
455 #endif
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
456
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
457 buffer_append(schemes_buf, &null_scheme, sizeof(null_scheme));
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
458 schemes = buffer_get_data(schemes_buf, NULL);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
459 }
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
460
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
461 void password_schemes_deinit(void)
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
462 {
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
463 #ifdef HAVE_MODULES
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
464 module_dir_unload(scheme_modules);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
465 #endif
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
466
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
467 buffer_free(schemes_buf);
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
468 schemes = NULL;
9ba79ebae6ab Added support for password scheme plugins. auth module dir defaults under
Timo Sirainen <tss@iki.fi>
parents: 2083
diff changeset
469 }