| | 1 | /* |
| | 2 | ** Copyright 1998 - 2008 Double Precision, Inc. See COPYING for |
| | 3 | ** distribution information. |
| | 4 | */ |
| | 5 | |
| | 6 | #if HAVE_CONFIG_H |
| | 7 | #include "courier_auth_config.h" |
| | 8 | #endif |
| | 9 | #include <string.h> |
| | 10 | #if HAVE_UNISTD_H |
| | 11 | #include <unistd.h> |
| | 12 | #endif |
| | 13 | #if HAVE_CRYPT_H |
| | 14 | #include <crypt.h> |
| | 15 | #endif |
| | 16 | #include "auth.h" |
| | 17 | #include "courierauthdebug.h" |
| | 18 | |
| | 19 | |
| | 20 | #if HAVE_CRYPT |
| | 21 | #if NEED_CRYPT_PROTOTYPE |
| | 22 | extern char *crypt(const char *, const char *); |
| | 23 | #endif |
| | 24 | #endif |
| | 25 | |
| | 26 | extern int authcheckpasswordmd5(const char *, const char *); |
| | 27 | extern int authcheckpasswordsha1(const char *, const char *); |
| | 28 | |
| | 29 | static int safe_strcmp(const char *a, const char *nullable_b) |
| | 30 | { |
| | 31 | if (!nullable_b) |
| | 32 | return -1; |
| | 33 | return strcmp(a, nullable_b); |
| | 34 | } |
| | 35 | |
| | 36 | static int do_authcheckpassword(const char *password, const char *encrypted_password) |
| | 37 | { |
| | 38 | if (strncmp(encrypted_password, "$1$", 3) == 0 |
| | 39 | || strncasecmp(encrypted_password, "{MD5}", 5) == 0 |
| | 40 | || strncasecmp(encrypted_password, "{MD5RAW}", 8) == 0 |
| | 41 | ) |
| | 42 | return (authcheckpasswordmd5(password, encrypted_password)); |
| | 43 | |
| | 44 | if (strncasecmp(encrypted_password, "{SHA}", 5) == 0 || |
| | 45 | strncasecmp(encrypted_password, "{SHA256}", 8) == 0 || |
| | 46 | strncasecmp(encrypted_password, "{SHA512}", 8) == 0 || |
| | 47 | strncasecmp(encrypted_password, "{SSHA}", 6) == 0) |
| | 48 | return (authcheckpasswordsha1(password, encrypted_password)); |
| | 49 | |
| | 50 | |
| | 51 | #if HAVE_CRYPT |
| | 52 | if (strncasecmp(encrypted_password, "{CRYPT}", 7) == 0) |
| | 53 | encrypted_password += 7; |
| | 54 | #endif |
| | 55 | |
| | 56 | return ( |
| | 57 | #if HAVE_CRYPT |
| | 58 | safe_strcmp(encrypted_password, |
| | 59 | crypt(password, encrypted_password)) |
| | 60 | #else |
| | 61 | safe_strcmp(encrypted_password, password) |
| | 62 | #endif |
| | 63 | ); |
| | 64 | } |
| | 65 | |
| | 66 | int authcheckpassword(const char *password, const char *encrypted_password) |
| | 67 | { |
| | 68 | int rc; |
| | 69 | |
| | 70 | rc=do_authcheckpassword(password, encrypted_password); |
| | 71 | if (rc == 0) |
| | 72 | { |
| | 73 | DPRINTF("password matches successfully"); |
| | 74 | } |
| | 75 | else if (courier_authdebug_login_level >= 2) |
| | 76 | { |
| | 77 | DPRINTF("supplied password '%s' does not match encrypted password '%s'", |
| | 78 | password, encrypted_password); |
| | 79 | } |
| | 80 | else |
| | 81 | { |
| | 82 | DPRINTF("supplied password does not match encrypted password"); |
| | 83 | } |
| | 84 | return rc; |
| | 85 | } |
HCoop / hcoop / debian / courier-authlib.git / blame_incremental