[dovecot-cvs] dovecot/src/auth password-scheme.c,NONE,1.1 password-scheme.h,NONE,1.1 Makefile.am,1.13,1.14 mech-digest-md5.c,1.9,1.10 passdb-ldap.c,1.5,1.6 passdb-passwd-file.c,1.5,1.6 passdb.c,1.6,1.7 password-verify.c,1.1,NONE password-verify.h,1.1,NONE
cras at procontrol.fi
cras at procontrol.fi
Tue Feb 18 21:24:46 EET 2003
- Previous message: [dovecot-cvs] dovecot/src/auth password-verify.c,NONE,1.1 password-verify.h,NONE,1.1 Makefile.am,1.12,1.13 auth-login-interface.h,1.3,1.4 db-ldap.c,1.10,1.11 db-ldap.h,1.7,1.8 db-passwd-file.c,1.2,1.3 db-passwd-file.h,1.1,1.2 master-connection.c,1.4,1.5 mech-digest-md5.c,1.8,1.9 mech-plain.c,1.8,1.9 mech.c,1.7,1.8 mech.h,1.5,1.6 passdb-ldap.c,1.4,1.5 passdb-pam.c,1.4,1.5 passdb-passwd-file.c,1.4,1.5 passdb-passwd.c,1.3,1.4 passdb-shadow.c,1.4,1.5 passdb-vpopmail.c,1.3,1.4 passdb.c,1.5,1.6 passdb.h,1.4,1.5 userdb-ldap.c,1.8,1.9 userdb-passwd-file.c,1.3,1.4 userdb-passwd.c,1.3,1.4 userdb-static.c,1.3,1.4 userdb-vpopmail.c,1.3,1.4 userdb-vpopmail.h,1.1,1.2 userdb.h,1.4,1.5
- Next message: [dovecot-cvs] dovecot/src/imap main.c,1.27,1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv11434
Modified Files:
Makefile.am mech-digest-md5.c passdb-ldap.c
passdb-passwd-file.c passdb.c
Added Files:
password-scheme.c password-scheme.h
Removed Files:
password-verify.c password-verify.h
Log Message:
Fix realm usage with DIGEST-MD5. Support generating other password schemes
out of plaintext passwords.
--- NEW FILE: password-scheme.c ---
/* Copyright (C) 2003 Timo Sirainen */
#include "lib.h"
#include "hex-binary.h"
#include "md5.h"
#include "mycrypt.h"
#include "randgen.h"
#include "password-scheme.h"
int password_verify(const char *plaintext, const char *password,
const char *scheme, const char *user)
{
unsigned char digest[16];
const char *realm, *str;
if (password == NULL)
return 0;
if (strcasecmp(scheme, "CRYPT") == 0)
return strcmp(mycrypt(password, plaintext), plaintext) == 0;
if (strcasecmp(scheme, "PLAIN") == 0)
return strcmp(password, plaintext) == 0;
if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
/* user:realm:passwd */
realm = strchr(user, '@');
if (realm != NULL) realm++; else realm = "";
str = t_strconcat(t_strcut(user, '@'), ":", realm, ":",
plaintext, NULL);
md5_get_digest(str, strlen(str), digest);
str = binary_to_hex(digest, sizeof(digest));
return strcasecmp(str, password) == 0;
}
if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
md5_get_digest(plaintext, strlen(plaintext), digest);
str = binary_to_hex(digest, sizeof(digest));
return strcasecmp(str, password) == 0;
}
return -1;
}
const char *password_get_scheme(const char **password)
{
const char *p, *scheme;
if (*password == NULL || **password != '{')
return NULL;
p = strchr(*password, '}');
if (p == NULL)
return NULL;
scheme = t_strdup_until(*password + 1, p);
*password = p + 1;
return scheme;
}
const char *password_generate(const char *plaintext, const char *user,
const char *scheme)
{
static const char *salt_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./";
const char *realm, *str;
unsigned char digest[16];
char salt[3];
if (strcasecmp(scheme, "CRYPT") == 0) {
random_fill(salt, 2);
salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)];
salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)];
salt[2] = '\0';
return t_strdup(mycrypt(plaintext, salt));
}
if (strcasecmp(scheme, "PLAIN") == 0)
return plaintext;
if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
/* user:realm:passwd */
realm = strchr(user, '@');
if (realm != NULL) realm++; else realm = "";
str = t_strconcat(t_strcut(user, '@'), ":", realm, ":",
plaintext, NULL);
md5_get_digest(str, strlen(str), digest);
return binary_to_hex(digest, sizeof(digest));
}
if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
md5_get_digest(plaintext, strlen(plaintext), digest);
return binary_to_hex(digest, sizeof(digest));
}
return NULL;
}
--- NEW FILE: password-scheme.h ---
#ifndef __PASSWORD_SCHEME_H
#define __PASSWORD_SCHEME_H
/* Returns 1 = matched, 0 = didn't match, -1 = unknown scheme */
int password_verify(const char *plaintext, const char *password,
const char *scheme, const char *user);
/* Extracts scheme from password, or returns NULL if it isn't found. */
const char *password_get_scheme(const char **password);
/* Create wanted password scheme out of plaintext password and username. */
const char *password_generate(const char *plaintext, const char *user,
const char *scheme);
#endif
Index: Makefile.am
===================================================================
RCS file: /home/cvs/dovecot/src/auth/Makefile.am,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- Makefile.am 18 Feb 2003 19:11:26 -0000 1.13
+++ Makefile.am 18 Feb 2003 19:24:44 -0000 1.14
@@ -38,7 +38,7 @@
passdb-pam.c \
passdb-shadow.c \
passdb-vpopmail.c \
- password-verify.c \
+ password-scheme.c \
userdb.c \
userdb-ldap.c \
userdb-passwd.c \
@@ -59,6 +59,6 @@
mech.h \
mycrypt.h \
passdb.h \
- password-verify.h \
+ password-scheme.h \
userdb.h \
userdb-vpopmail.h
Index: mech-digest-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech-digest-md5.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- mech-digest-md5.c 18 Feb 2003 19:11:26 -0000 1.9
+++ mech-digest-md5.c 18 Feb 2003 19:24:44 -0000 1.10
@@ -309,7 +309,7 @@
*error = "Invalid realm";
return FALSE;
}
- if (auth->realm == NULL)
+ if (auth->realm == NULL && *value != '\0')
auth->realm = p_strdup(auth->pool, value);
return TRUE;
}
Index: passdb-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- passdb-ldap.c 18 Feb 2003 19:11:26 -0000 1.5
+++ passdb-ldap.c 18 Feb 2003 19:24:44 -0000 1.6
@@ -8,7 +8,7 @@
#include "common.h"
#include "str.h"
#include "var-expand.h"
-#include "password-verify.h"
+#include "password-scheme.h"
#include "db-ldap.h"
#include "passdb.h"
Index: passdb-passwd-file.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-passwd-file.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- passdb-passwd-file.c 18 Feb 2003 19:11:26 -0000 1.5
+++ passdb-passwd-file.c 18 Feb 2003 19:24:44 -0000 1.6
@@ -7,7 +7,7 @@
#include "common.h"
#include "passdb.h"
-#include "password-verify.h"
+#include "password-scheme.h"
#include "db-passwd-file.h"
struct passwd_file *passdb_pwf = NULL;
Index: passdb.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- passdb.c 18 Feb 2003 19:11:26 -0000 1.6
+++ passdb.c 18 Feb 2003 19:24:44 -0000 1.7
@@ -3,6 +3,7 @@
#include "common.h"
#include "mech.h"
#include "auth-module.h"
+#include "password-scheme.h"
#include "passdb.h"
#include <stdlib.h>
@@ -49,12 +50,19 @@
if (password != NULL) {
wanted_scheme = passdb_credentials_to_str(credentials);
if (strcasecmp(scheme, wanted_scheme) != 0) {
- if (verbose) {
- i_info("password(%s): Requested %s scheme, "
- "but we have only %s", user,
- wanted_scheme, scheme);
+ if (strcasecmp(scheme, "PLAIN") == 0) {
+ /* we can generate anything out of plaintext
+ passwords */
+ password = password_generate(password, user,
+ wanted_scheme);
+ } else {
+ if (verbose) {
+ i_info("password(%s): Requested %s "
+ "scheme, but we have only %s",
+ user, wanted_scheme, scheme);
+ }
+ password = NULL;
}
- password = NULL;
}
}
--- password-verify.c DELETED ---
--- password-verify.h DELETED ---
- Previous message: [dovecot-cvs] dovecot/src/auth password-verify.c,NONE,1.1 password-verify.h,NONE,1.1 Makefile.am,1.12,1.13 auth-login-interface.h,1.3,1.4 db-ldap.c,1.10,1.11 db-ldap.h,1.7,1.8 db-passwd-file.c,1.2,1.3 db-passwd-file.h,1.1,1.2 master-connection.c,1.4,1.5 mech-digest-md5.c,1.8,1.9 mech-plain.c,1.8,1.9 mech.c,1.7,1.8 mech.h,1.5,1.6 passdb-ldap.c,1.4,1.5 passdb-pam.c,1.4,1.5 passdb-passwd-file.c,1.4,1.5 passdb-passwd.c,1.3,1.4 passdb-shadow.c,1.4,1.5 passdb-vpopmail.c,1.3,1.4 passdb.c,1.5,1.6 passdb.h,1.4,1.5 userdb-ldap.c,1.8,1.9 userdb-passwd-file.c,1.3,1.4 userdb-passwd.c,1.3,1.4 userdb-static.c,1.3,1.4 userdb-vpopmail.c,1.3,1.4 userdb-vpopmail.h,1.1,1.2 userdb.h,1.4,1.5
- Next message: [dovecot-cvs] dovecot/src/imap main.c,1.27,1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list