X-Git-Url: https://git.hcoop.net/hcoop/debian/courier-authlib.git/blobdiff_plain/dd184caf1b0d37f50ea0ddcc68822bd38da32105..6b9221b9fe5c2b44c301ca08a987d99b4add7a06:/cryptpassword.c

diff --git a/cryptpassword.c b/cryptpassword.c
index 1ad4a50..6229fd6 100644
--- a/cryptpassword.c
+++ b/cryptpassword.c
@@ -1,5 +1,5 @@
 /*
-** Copyright 2001-2002 Double Precision, Inc.  See COPYING for
+** Copyright 2001-2008 Double Precision, Inc.  See COPYING for
 ** distribution information.
 */
 
@@ -14,10 +14,14 @@
 #if	HAVE_CRYPT_H
 #include	<crypt.h>
 #endif
+#if HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
 #include	"auth.h"
-#include	<sys/time.h>
+#include        "md5/md5.h"
+#include	"sha1/sha1.h"
+#include	"random128/random128.h"
 
-static const char rcsid[]="$Id: cryptpassword.c,v 1.9 2007/10/07 18:33:22 mrsam Exp $";
 
 #if HAVE_CRYPT
 #if NEED_CRYPT_PROTOTYPE
@@ -25,37 +29,31 @@ extern char *crypt(const char *, const char *);
 #endif
 #endif
 
-#if	HAVE_MD5LIB
-#include        "md5/md5.h"
-#endif
-
-#if	HAVE_SHA1LIB
-#include	"sha1/sha1.h"
-#endif
-
 static const char crypt_salt[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";
 
 static const char *crypt_hash(const char *pw)
 {
-	struct timeval tv;
+	random128binbuf randbuf;
 	char salt[3];
 
-	gettimeofday(&tv, NULL);
+	random128_binary(&randbuf);
 
-	tv.tv_sec |= tv.tv_usec;
-	tv.tv_sec ^= getpid();
+	salt[0]=crypt_salt[ randbuf[0] % 64 ];
+	salt[1]=crypt_salt[ randbuf[1] % 64 ];
+	salt[2]=0;
 
-	salt[0]=crypt_salt[ tv.tv_sec % 64 ];
+	return (crypt(pw, salt));
+}
 
-	tv.tv_sec /= 64;
+static const char *ssha_hash_int(const char *pw)
+{
+	random128binbuf randbuf;
 
-	salt[1]=crypt_salt[ tv.tv_sec % 64 ];
-	salt[2]=0;
+	random128_binary(&randbuf);
 
-	return (crypt(pw, salt));
+	return ssha_hash(pw, randbuf);
 }
 
-#if	HAVE_MD5LIB
 static const char *crypt_md5_wrapper(const char *pw)
 {
 	struct timeval tv;
@@ -79,7 +77,6 @@ static const char *crypt_md5_wrapper(const char *pw)
 
 	return (md5_crypt(pw, salt));
 }
-#endif
 
 char *authcryptpasswd(const char *password, const char *encryption_hint)
 {
@@ -88,8 +85,6 @@ char *authcryptpasswd(const char *password, const char *encryption_hint)
 	const char *p;
 	char *pp;
 
-#if	HAVE_MD5LIB
-
 	if (!encryption_hint || strncmp(encryption_hint, "$1$", 3) == 0)
 	{
 		pfix="";
@@ -108,22 +103,32 @@ char *authcryptpasswd(const char *password, const char *encryption_hint)
 		hash_func= &md5_hash_raw;
 		pfix="{MD5RAW}";
 	}
-#endif
 
-#if	HAVE_SHA1LIB
 	if (!encryption_hint || strncasecmp(encryption_hint, "{SHA}", 5) == 0)
 	{
 		hash_func= &sha1_hash;
 		pfix="{SHA}";
 	}
 
+	if (!encryption_hint || strncasecmp(encryption_hint, "{SSHA}", 6) == 0)
+	{
+		hash_func= &ssha_hash_int;
+		pfix="{SSHA}";
+	}
+
 	if (!encryption_hint ||
 	    strncasecmp(encryption_hint, "{SHA256}", 8) == 0)
 	{
 		hash_func= &sha256_hash;
 		pfix="{SHA256}";
 	}
-#endif
+
+	if (!encryption_hint ||
+	    strncasecmp(encryption_hint, "{SHA512}", 8) == 0)
+	{
+		hash_func= &sha512_hash;
+		pfix="{SHA512}";
+	}
 
 	if (!hash_func)
 	{