X-Git-Url: https://git.hcoop.net/hcoop/debian/courier-authlib.git/blobdiff_plain/b92f8a0725abfd548aa6f569c298dd69c1b1b79c..2c58f61c7faca7723da35ffd7924af764108e9fd:/cryptpassword.c diff --git a/cryptpassword.c b/cryptpassword.c index 89f9dd4..f1544f4 100644 --- a/cryptpassword.c +++ b/cryptpassword.c @@ -14,12 +14,15 @@ #if HAVE_CRYPT_H #include #endif +#if HAVE_SYS_TIME_H +#include +#endif #include "auth.h" -#include #include "md5/md5.h" #include "sha1/sha1.h" +#include "random128/random128.h" -static const char rcsid[]="$Id: cryptpassword.c,v 1.10 2008/07/10 02:43:55 mrsam Exp $"; +static const char rcsid[]="$Id: cryptpassword.c,v 1.13 2008/12/25 14:52:38 mrsam Exp $"; #if HAVE_CRYPT #if NEED_CRYPT_PROTOTYPE @@ -31,22 +34,25 @@ static const char crypt_salt[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrst static const char *crypt_hash(const char *pw) { - struct timeval tv; + random128binbuf randbuf; char salt[3]; - gettimeofday(&tv, NULL); + random128_binary(&randbuf); - tv.tv_sec |= tv.tv_usec; - tv.tv_sec ^= getpid(); + salt[0]=crypt_salt[ randbuf[0] % 64 ]; + salt[1]=crypt_salt[ randbuf[1] % 64 ]; + salt[2]=0; - salt[0]=crypt_salt[ tv.tv_sec % 64 ]; + return (crypt(pw, salt)); +} - tv.tv_sec /= 64; +static const char *ssha_hash_int(const char *pw) +{ + random128binbuf randbuf; - salt[1]=crypt_salt[ tv.tv_sec % 64 ]; - salt[2]=0; + random128_binary(&randbuf); - return (crypt(pw, salt)); + return ssha_hash(pw, randbuf); } static const char *crypt_md5_wrapper(const char *pw) @@ -105,6 +111,12 @@ char *authcryptpasswd(const char *password, const char *encryption_hint) pfix="{SHA}"; } + if (!encryption_hint || strncasecmp(encryption_hint, "{SSHA}", 6) == 0) + { + hash_func= &ssha_hash_int; + pfix="{SSHA}"; + } + if (!encryption_hint || strncasecmp(encryption_hint, "{SHA256}", 8) == 0) { @@ -112,6 +124,13 @@ char *authcryptpasswd(const char *password, const char *encryption_hint) pfix="{SHA256}"; } + if (!encryption_hint || + strncasecmp(encryption_hint, "{SHA512}", 8) == 0) + { + hash_func= &sha512_hash; + pfix="{SHA512}"; + } + if (!hash_func) { hash_func= &crypt_hash;