Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/password-scheme.c @ 1331:d55cf9c28062 HEAD
MD5crypt password fixes.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 04 Apr 2003 02:42:54 +0300 |
parents | 789b0346308e |
children | ed5e808d934f |
rev | line source |
---|---|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* Copyright (C) 2003 Timo Sirainen */ |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "hex-binary.h" |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "md5.h" |
1195
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
6 #include "md5crypt.h" |
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "mycrypt.h" |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "randgen.h" |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "password-scheme.h" |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
1195
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
11 static const char *salt_chars = |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
12 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
13 |
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 int password_verify(const char *plaintext, const char *password, |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 const char *scheme, const char *user) |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 unsigned char digest[16]; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 const char *realm, *str; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 if (password == NULL) |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 return 0; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 if (strcasecmp(scheme, "CRYPT") == 0) |
1195
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
24 return strcmp(mycrypt(plaintext, password), password) == 0; |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
25 |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
26 if (strcasecmp(scheme, "MD5") == 0) |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
27 return strcmp(md5_crypt(plaintext, password), password) == 0; |
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 if (strcasecmp(scheme, "PLAIN") == 0) |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 return strcmp(password, plaintext) == 0; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 if (strcasecmp(scheme, "DIGEST-MD5") == 0) { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 /* user:realm:passwd */ |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 realm = strchr(user, '@'); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 if (realm != NULL) realm++; else realm = ""; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 str = t_strconcat(t_strcut(user, '@'), ":", realm, ":", |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 plaintext, NULL); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 md5_get_digest(str, strlen(str), digest); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 str = binary_to_hex(digest, sizeof(digest)); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 return strcasecmp(str, password) == 0; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 } |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 if (strcasecmp(scheme, "PLAIN-MD5") == 0) { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 md5_get_digest(plaintext, strlen(plaintext), digest); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 str = binary_to_hex(digest, sizeof(digest)); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 return strcasecmp(str, password) == 0; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 } |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 return -1; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 } |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 const char *password_get_scheme(const char **password) |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 const char *p, *scheme; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 |
1195
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
58 if (*password == NULL) |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
59 return NULL; |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
60 |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
61 if (strncmp(*password, "$1$", 3) == 0) { |
1331 | 62 /* skip the salt */ |
63 p = strchr(*password + 3, '$'); | |
64 if (p != NULL) { | |
65 /* stop at next '$' */ | |
66 p = strchr(p+1, '$'); | |
67 if (p != NULL) | |
68 *password = t_strdup_until(*password, p); | |
69 return "MD5"; | |
70 } | |
1195
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
71 } |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
72 |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
73 if (**password != '{') |
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 return NULL; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 p = strchr(*password, '}'); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 if (p == NULL) |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 return NULL; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 scheme = t_strdup_until(*password + 1, p); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 *password = p + 1; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 return scheme; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 } |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 const char *password_generate(const char *plaintext, const char *user, |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 const char *scheme) |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 const char *realm, *str; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 unsigned char digest[16]; |
1195
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
90 char salt[9]; |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
91 int i; |
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 if (strcasecmp(scheme, "CRYPT") == 0) { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 random_fill(salt, 2); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)]; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)]; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 salt[2] = '\0'; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 return t_strdup(mycrypt(plaintext, salt)); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 } |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 |
1195
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
101 if (strcasecmp(scheme, "MD5") == 0) { |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
102 random_fill(salt, 8); |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
103 for (i = 0; i < 8; i++) |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
104 salt[i] = salt_chars[salt[i] % (sizeof(salt_chars)-1)]; |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
105 salt[8] = '\0'; |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
106 return t_strdup(md5_crypt(plaintext, salt)); |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
107 } |
789b0346308e
crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents:
1192
diff
changeset
|
108 |
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 if (strcasecmp(scheme, "PLAIN") == 0) |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 return plaintext; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 if (strcasecmp(scheme, "DIGEST-MD5") == 0) { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 /* user:realm:passwd */ |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 realm = strchr(user, '@'); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 if (realm != NULL) realm++; else realm = ""; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 str = t_strconcat(t_strcut(user, '@'), ":", realm, ":", |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 plaintext, NULL); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 md5_get_digest(str, strlen(str), digest); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 return binary_to_hex(digest, sizeof(digest)); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 } |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 if (strcasecmp(scheme, "PLAIN-MD5") == 0) { |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 md5_get_digest(plaintext, strlen(plaintext), digest); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 return binary_to_hex(digest, sizeof(digest)); |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 } |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 return NULL; |
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 } |