/*
-** Copyright 1998 - 1999 Double Precision, Inc. See COPYING for
+** Copyright 1998 - 2008 Double Precision, Inc. See COPYING for
** distribution information.
*/
#include "auth.h"
#include "courierauthdebug.h"
-static const char rcsid[]="$Id: checkpassword.c,v 1.15 2006/10/28 19:22:52 mrsam Exp $";
#if HAVE_CRYPT
#if NEED_CRYPT_PROTOTYPE
#endif
#endif
-#if HAVE_MD5LIB
extern int authcheckpasswordmd5(const char *, const char *);
-#endif
-
-#if HAVE_SHA1LIB
extern int authcheckpasswordsha1(const char *, const char *);
-#endif
+
+static int safe_strcmp(const char *a, const char *nullable_b)
+{
+ if (!nullable_b)
+ return -1;
+ return strcmp(a, nullable_b);
+}
static int do_authcheckpassword(const char *password, const char *encrypted_password)
{
-#if HAVE_MD5LIB
+ char *cpass;
if (strncmp(encrypted_password, "$1$", 3) == 0
- || strncasecmp(encrypted_password, "{MD5}", 5) == 0
- )
+ || strncasecmp(encrypted_password, "{MD5}", 5) == 0
+ || strncasecmp(encrypted_password, "{MD5RAW}", 8) == 0
+ )
return (authcheckpasswordmd5(password, encrypted_password));
-#endif
-#if HAVE_SHA1LIB
if (strncasecmp(encrypted_password, "{SHA}", 5) == 0 ||
- strncasecmp(encrypted_password, "{SHA256}", 8) == 0
- )
+ strncasecmp(encrypted_password, "{SHA256}", 8) == 0 ||
+ strncasecmp(encrypted_password, "{SHA512}", 8) == 0 ||
+ strncasecmp(encrypted_password, "{SSHA}", 6) == 0)
return (authcheckpasswordsha1(password, encrypted_password));
-#endif
+
#if HAVE_CRYPT
if (strncasecmp(encrypted_password, "{CRYPT}", 7) == 0)
encrypted_password += 7;
#endif
- return (
#if HAVE_CRYPT
- strcmp(encrypted_password,
- crypt(password, encrypted_password))
+
+ cpass = crypt(password, encrypted_password);
+ if (cpass == NULL) {
+ return 1;
+ } else {
+ return safe_strcmp(encrypted_password, cpass);
+ }
#else
- strcmp(encrypted_password, password)
+ return safe_strcmp(encrypted_password, password)
#endif
- );
}
int authcheckpassword(const char *password, const char *encrypted_password)