mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-24 13:24:56 +08:00
b5494457d8
This could cause problems on odd systems. The generic headers should be extended as needed to include necessary system headers or, if necessary, make explicit declarations. Extended ac/string.h header to look for string.h/strings.h if STDC_HEADERS is not defined. Also provide basic declarations for str*() functions. This could cause problems on odd systems. Extended ac/unistd.h header to define basic declaration for misc functions that might be missing from headers. This includes externs for getenv(), getopt(), mktemp(), tempname(). Protect fax500.h from multiple inclusion. Moved includes of system/generic headers back to source files. Made mail500 helper functions static. Fixed includes of ctype.h, signal.h, etc. to use generics. lutil/tempname.c: was including stdlib.h twice, one should stdio.h. Wrapped <sys/resource.h> with HAVE_SYS_RESOURCE_H. lber/io.c/ber_get_next(): Changed noctets back to signed. Used with BerRead which expects signed int as second arg and returns signed int.
80 lines
1.7 KiB
C
80 lines
1.7 KiB
C
/*
|
|
* lutil_password(credentials, password)
|
|
*
|
|
* Returns true if user supplied credentials matches
|
|
* the stored password.
|
|
*
|
|
* Due to the use of the crypt(3) function
|
|
* this routine is NOT thread-safe.
|
|
*/
|
|
|
|
#include "portable.h"
|
|
|
|
#include <ac/string.h>
|
|
#include <ac/unistd.h>
|
|
|
|
#include "lutil_md5.h"
|
|
#include "lutil_sha1.h"
|
|
#include "lutil.h"
|
|
|
|
/*
|
|
*/
|
|
|
|
int
|
|
lutil_passwd(
|
|
const char *cred,
|
|
const char *passwd)
|
|
{
|
|
|
|
if (cred == NULL || passwd == NULL) {
|
|
return 0;
|
|
}
|
|
|
|
if (strncasecmp(passwd, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0 ) {
|
|
const char *p = passwd + (sizeof("{CRYPT}") - 1);
|
|
|
|
return( strcmp(p, crypt(cred, p)) != 0 );
|
|
|
|
} else if (strncasecmp(passwd, "{MD5}", sizeof("{MD5}") - 1) == 0 ) {
|
|
ldap_MD5_CTX MD5context;
|
|
unsigned char MD5digest[20];
|
|
char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
|
|
|
|
const char *p = passwd + (sizeof("{MD5}") - 1);
|
|
|
|
ldap_MD5Init(&MD5context);
|
|
ldap_MD5Update(&MD5context,
|
|
cred, strlen(cred));
|
|
ldap_MD5Final(MD5digest, &MD5context);
|
|
|
|
if ( b64_ntop(MD5digest, sizeof(MD5digest),
|
|
base64digest, sizeof(base64digest)) < 0)
|
|
{
|
|
return ( 1 );
|
|
}
|
|
|
|
return (strcmp(p, base64digest) != 0);
|
|
|
|
} else if (strncasecmp(passwd, "{SHA}",sizeof("{SHA}") - 1) == 0 ) {
|
|
ldap_SHA1_CTX SHA1context;
|
|
unsigned char SHA1digest[20];
|
|
char base64digest[29]; /* ceiling(sizeof(input)/3) * 4 + 1 */
|
|
const char *p = passwd + (sizeof("{SHA}") - 1);
|
|
|
|
ldap_SHA1Init(&SHA1context);
|
|
ldap_SHA1Update(&SHA1context,
|
|
(unsigned char *) cred, strlen(cred));
|
|
ldap_SHA1Final(SHA1digest, &SHA1context);
|
|
|
|
if (b64_ntop(SHA1digest, sizeof(SHA1digest),
|
|
base64digest, sizeof(base64digest)) < 0)
|
|
{
|
|
return ( 0 );
|
|
}
|
|
|
|
return( strcmp(p, base64digest) != 0 );
|
|
}
|
|
|
|
return( strcmp(passwd, cred) != 0 );
|
|
}
|