2 ** Copyright 1998 - 2008 Double Precision, Inc. See COPYING for
3 ** distribution information.
7 #include "courier_auth_config.h"
17 #include "courierauthdebug.h"
21 #if NEED_CRYPT_PROTOTYPE
22 extern char *crypt(const char *, const char *);
26 extern int authcheckpasswordmd5(const char *, const char *);
27 extern int authcheckpasswordsha1(const char *, const char *);
29 static int safe_strcmp(const char *a
, const char *nullable_b
)
33 return strcmp(a
, nullable_b
);
36 static int do_authcheckpassword(const char *password
, const char *encrypted_password
)
38 if (strncmp(encrypted_password
, "$1$", 3) == 0
39 || strncasecmp(encrypted_password
, "{MD5}", 5) == 0
40 || strncasecmp(encrypted_password
, "{MD5RAW}", 8) == 0
42 return (authcheckpasswordmd5(password
, encrypted_password
));
44 if (strncasecmp(encrypted_password
, "{SHA}", 5) == 0 ||
45 strncasecmp(encrypted_password
, "{SHA256}", 8) == 0 ||
46 strncasecmp(encrypted_password
, "{SHA512}", 8) == 0 ||
47 strncasecmp(encrypted_password
, "{SSHA}", 6) == 0)
48 return (authcheckpasswordsha1(password
, encrypted_password
));
52 if (strncasecmp(encrypted_password
, "{CRYPT}", 7) == 0)
53 encrypted_password
+= 7;
58 safe_strcmp(encrypted_password
,
59 crypt(password
, encrypted_password
))
61 safe_strcmp(encrypted_password
, password
)
66 int authcheckpassword(const char *password
, const char *encrypted_password
)
70 rc
=do_authcheckpassword(password
, encrypted_password
);
73 DPRINTF("password matches successfully");
75 else if (courier_authdebug_login_level
>= 2)
77 DPRINTF("supplied password '%s' does not match encrypted password '%s'",
78 password
, encrypted_password
);
82 DPRINTF("supplied password does not match encrypted password");