checkpassword.c

   1 /*
   2 ** Copyright 1998 - 2008 Double Precision, Inc.  See COPYING for
   3 ** distribution information.
   4 */
   5
   6 #if     HAVE_CONFIG_H
   7 #include        "courier_auth_config.h"
   8 #endif
   9 #include        <string.h>
  10 #if     HAVE_UNISTD_H
  11 #include        <unistd.h>
  12 #endif
  13 #if     HAVE_CRYPT_H
  14 #include        <crypt.h>
  15 #endif
  16 #include        "auth.h"
  17 #include        "courierauthdebug.h"
  18
  19
  20 #if HAVE_CRYPT
  21 #if NEED_CRYPT_PROTOTYPE
  22 extern char *crypt(const char *, const char *);
  23 #endif
  24 #endif
  25
  26 extern int authcheckpasswordmd5(const char *, const char *);
  27 extern int authcheckpasswordsha1(const char *, const char *);
  28
  29 static int safe_strcmp(const char *a, const char *nullable_b)
  30 {
  31         if (!nullable_b)
  32                 return -1;
  33         return strcmp(a, nullable_b);
  34 }
  35
  36 static int do_authcheckpassword(const char *password, const char *encrypted_password)
  37 {
  38         char *cpass;
  39         if (strncmp(encrypted_password, "$1$", 3) == 0
  40             || strncasecmp(encrypted_password, "{MD5}", 5) == 0
  41             || strncasecmp(encrypted_password, "{MD5RAW}", 8) == 0
  42             )
  43                 return (authcheckpasswordmd5(password, encrypted_password));
  44
  45         if (strncasecmp(encrypted_password, "{SHA}", 5) == 0 ||
  46             strncasecmp(encrypted_password, "{SHA256}", 8) == 0 ||
  47             strncasecmp(encrypted_password, "{SHA512}", 8) == 0 ||
  48             strncasecmp(encrypted_password, "{SSHA}", 6) == 0)
  49                 return (authcheckpasswordsha1(password, encrypted_password));
  50
  51
  52 #if     HAVE_CRYPT
  53         if (strncasecmp(encrypted_password, "{CRYPT}", 7) == 0)
  54                 encrypted_password += 7;
  55 #endif
  56
  57 #if     HAVE_CRYPT
  58
  59         cpass = crypt(password, encrypted_password);
  60         if (cpass == NULL) {
  61                 return 1;
  62         } else {
  63                 return safe_strcmp(encrypted_password, cpass);
  64         }
  65 #else
  66         return safe_strcmp(encrypted_password, password)
  67 #endif
  68 }
  69
  70 int authcheckpassword(const char *password, const char *encrypted_password)
  71 {
  72 int rc;
  73
  74         rc=do_authcheckpassword(password, encrypted_password);
  75         if (rc == 0)
  76         {
  77                 DPRINTF("password matches successfully");
  78         }
  79         else if (courier_authdebug_login_level >= 2)
  80         {
  81                 DPRINTF("supplied password '%s' does not match encrypted password '%s'",
  82                         password, encrypted_password);
  83         }
  84         else
  85         {
  86                 DPRINTF("supplied password does not match encrypted password");
  87         }
  88         return rc;
  89 }