Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/password-scheme.c @ 1331:d55cf9c28062 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MD5crypt password fixes.
author Timo Sirainen <tss@iki.fi>
date Fri, 04 Apr 2003 02:42:54 +0300
parents 789b0346308e
children ed5e808d934f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /* Copyright (C) 2003 Timo Sirainen */
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "lib.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 #include "hex-binary.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "md5.h"
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
6 #include "md5crypt.h"
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 #include "mycrypt.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 #include "randgen.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #include "password-scheme.h"
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
11 static const char *salt_chars =
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
12 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
13
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14 int password_verify(const char *plaintext, const char *password,
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 const char *scheme, const char *user)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 unsigned char digest[16];
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 const char *realm, *str;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
20 if (password == NULL)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
21 return 0;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
22
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
23 if (strcasecmp(scheme, "CRYPT") == 0)
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
24 return strcmp(mycrypt(plaintext, password), password) == 0;
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
25
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
26 if (strcasecmp(scheme, "MD5") == 0)
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
27 return strcmp(md5_crypt(plaintext, password), password) == 0;
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
28
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29 if (strcasecmp(scheme, "PLAIN") == 0)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30 return strcmp(password, plaintext) == 0;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32 if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
33 /* user:realm:passwd */
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
34 realm = strchr(user, '@');
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 if (realm != NULL) realm++; else realm = "";
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 str = t_strconcat(t_strcut(user, '@'), ":", realm, ":",
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38 plaintext, NULL);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 md5_get_digest(str, strlen(str), digest);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 str = binary_to_hex(digest, sizeof(digest));
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 return strcasecmp(str, password) == 0;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45 if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 md5_get_digest(plaintext, strlen(plaintext), digest);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
47 str = binary_to_hex(digest, sizeof(digest));
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48 return strcasecmp(str, password) == 0;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
49 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
50
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51 return -1;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
52 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
53
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
54 const char *password_get_scheme(const char **password)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56 const char *p, *scheme;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
58 if (*password == NULL)
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
59 return NULL;
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
60
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
61 if (strncmp(*password, "$1$", 3) == 0) {
1331
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
62 /* skip the salt */
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
63 p = strchr(*password + 3, '$');
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
64 if (p != NULL) {
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
65 /* stop at next '$' */
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
66 p = strchr(p+1, '$');
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
67 if (p != NULL)
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
68 *password = t_strdup_until(*password, p);
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
69 return "MD5";
d55cf9c28062 MD5crypt password fixes.
Timo Sirainen <tss@iki.fi>
parents: 1195
diff changeset
70 }
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
71 }
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
72
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
73 if (**password != '{')
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74 return NULL;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76 p = strchr(*password, '}');
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77 if (p == NULL)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
78 return NULL;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
79
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80 scheme = t_strdup_until(*password + 1, p);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
81 *password = p + 1;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
82 return scheme;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
83 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
84
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85 const char *password_generate(const char *plaintext, const char *user,
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 const char *scheme)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87 {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 const char *realm, *str;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89 unsigned char digest[16];
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
90 char salt[9];
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
91 int i;
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 if (strcasecmp(scheme, "CRYPT") == 0) {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 random_fill(salt, 2);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
95 salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)];
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
96 salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)];
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 salt[2] = '\0';
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98 return t_strdup(mycrypt(plaintext, salt));
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100
1195
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
101 if (strcasecmp(scheme, "MD5") == 0) {
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
102 random_fill(salt, 8);
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
103 for (i = 0; i < 8; i++)
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
104 salt[i] = salt_chars[salt[i] % (sizeof(salt_chars)-1)];
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
105 salt[8] = '\0';
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
106 return t_strdup(md5_crypt(plaintext, salt));
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
107 }
789b0346308e crypt-password checking was broken. added support for md5crypt passwords.
Timo Sirainen <tss@iki.fi>
parents: 1192
diff changeset
108
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 if (strcasecmp(scheme, "PLAIN") == 0)
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110 return plaintext;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 /* user:realm:passwd */
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114 realm = strchr(user, '@');
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 if (realm != NULL) realm++; else realm = "";
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117 str = t_strconcat(t_strcut(user, '@'), ":", realm, ":",
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 plaintext, NULL);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119 md5_get_digest(str, strlen(str), digest);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120 return binary_to_hex(digest, sizeof(digest));
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
122
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123 if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
124 md5_get_digest(plaintext, strlen(plaintext), digest);
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125 return binary_to_hex(digest, sizeof(digest));
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126 }
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128 return NULL;
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129 }