[dovecot-cvs] dovecot/src/auth password-scheme.c,NONE,1.1 password-scheme.h,NONE,1.1 Makefile.am,1.13,1.14 mech-digest-md5.c,1.9,1.10 passdb-ldap.c,1.5,1.6 passdb-passwd-file.c,1.5,1.6 passdb.c,1.6,1.7 password-verify.c,1.1,NONE password-verify.h,1.1,NONE

cras at procontrol.fi cras at procontrol.fi
Tue Feb 18 21:24:46 EET 2003 

Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv11434

Modified Files:
	Makefile.am mech-digest-md5.c passdb-ldap.c 
	passdb-passwd-file.c passdb.c 
Added Files:
	password-scheme.c password-scheme.h 
Removed Files:
	password-verify.c password-verify.h 
Log Message:
Fix realm usage with DIGEST-MD5. Support generating other password schemes
out of plaintext passwords.



--- NEW FILE: password-scheme.c ---
/* Copyright (C) 2003 Timo Sirainen */

#include "lib.h"
#include "hex-binary.h"
#include "md5.h"
#include "mycrypt.h"
#include "randgen.h"
#include "password-scheme.h"

int password_verify(const char *plaintext, const char *password,
		    const char *scheme, const char *user)
{
	unsigned char digest[16];
	const char *realm, *str;

	if (password == NULL)
		return 0;

	if (strcasecmp(scheme, "CRYPT") == 0)
		return strcmp(mycrypt(password, plaintext), plaintext) == 0;

	if (strcasecmp(scheme, "PLAIN") == 0)
		return strcmp(password, plaintext) == 0;

	if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
		/* user:realm:passwd */
		realm = strchr(user, '@');
		if (realm != NULL) realm++; else realm = "";

		str = t_strconcat(t_strcut(user, '@'), ":", realm,  ":",
				  plaintext, NULL);
		md5_get_digest(str, strlen(str), digest);
		str = binary_to_hex(digest, sizeof(digest));

		return strcasecmp(str, password) == 0;
	}

	if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
		md5_get_digest(plaintext, strlen(plaintext), digest);
		str = binary_to_hex(digest, sizeof(digest));
		return strcasecmp(str, password) == 0;
	}

	return -1;
}

const char *password_get_scheme(const char **password)
{
	const char *p, *scheme;

	if (*password == NULL || **password != '{')
		return NULL;

	p = strchr(*password, '}');
	if (p == NULL)
		return NULL;

	scheme = t_strdup_until(*password + 1, p);
	*password = p + 1;
	return scheme;
}

const char *password_generate(const char *plaintext, const char *user,
			      const char *scheme)
{
	static const char *salt_chars =
		"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./";
	const char *realm, *str;
	unsigned char digest[16];
	char salt[3];

	if (strcasecmp(scheme, "CRYPT") == 0) {
		random_fill(salt, 2);
		salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)];
		salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)];
		salt[2] = '\0';
		return t_strdup(mycrypt(plaintext, salt));
	}

	if (strcasecmp(scheme, "PLAIN") == 0)
		return plaintext;

	if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
		/* user:realm:passwd */
		realm = strchr(user, '@');
		if (realm != NULL) realm++; else realm = "";

		str = t_strconcat(t_strcut(user, '@'), ":", realm,  ":",
				  plaintext, NULL);
		md5_get_digest(str, strlen(str), digest);
		return binary_to_hex(digest, sizeof(digest));
	}

	if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
		md5_get_digest(plaintext, strlen(plaintext), digest);
		return binary_to_hex(digest, sizeof(digest));
	}

	return NULL;
}

--- NEW FILE: password-scheme.h ---
#ifndef __PASSWORD_SCHEME_H
#define __PASSWORD_SCHEME_H

/* Returns 1 = matched, 0 = didn't match, -1 = unknown scheme */
int password_verify(const char *plaintext, const char *password,
		    const char *scheme, const char *user);

/* Extracts scheme from password, or returns NULL if it isn't found. */
const char *password_get_scheme(const char **password);

/* Create wanted password scheme out of plaintext password and username. */
const char *password_generate(const char *plaintext, const char *user,
			      const char *scheme);

#endif

Index: Makefile.am
===================================================================
RCS file: /home/cvs/dovecot/src/auth/Makefile.am,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- Makefile.am	18 Feb 2003 19:11:26 -0000	1.13
+++ Makefile.am	18 Feb 2003 19:24:44 -0000	1.14
@@ -38,7 +38,7 @@
 	passdb-pam.c \
 	passdb-shadow.c \
 	passdb-vpopmail.c \
-	password-verify.c \
+	password-scheme.c \
 	userdb.c \
 	userdb-ldap.c \
 	userdb-passwd.c \
@@ -59,6 +59,6 @@
 	mech.h \
 	mycrypt.h \
 	passdb.h \
-	password-verify.h \
+	password-scheme.h \
 	userdb.h \
 	userdb-vpopmail.h

Index: mech-digest-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech-digest-md5.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- mech-digest-md5.c	18 Feb 2003 19:11:26 -0000	1.9
+++ mech-digest-md5.c	18 Feb 2003 19:24:44 -0000	1.10
@@ -309,7 +309,7 @@
 			*error = "Invalid realm";
 			return FALSE;
 		}
-		if (auth->realm == NULL)
+		if (auth->realm == NULL && *value != '\0')
 			auth->realm = p_strdup(auth->pool, value);
 		return TRUE;
 	}

Index: passdb-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- passdb-ldap.c	18 Feb 2003 19:11:26 -0000	1.5
+++ passdb-ldap.c	18 Feb 2003 19:24:44 -0000	1.6
@@ -8,7 +8,7 @@
 #include "common.h"
 #include "str.h"
 #include "var-expand.h"
-#include "password-verify.h"
+#include "password-scheme.h"
 #include "db-ldap.h"
 #include "passdb.h"
 

Index: passdb-passwd-file.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-passwd-file.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- passdb-passwd-file.c	18 Feb 2003 19:11:26 -0000	1.5
+++ passdb-passwd-file.c	18 Feb 2003 19:24:44 -0000	1.6
@@ -7,7 +7,7 @@
 
 #include "common.h"
 #include "passdb.h"
-#include "password-verify.h"
+#include "password-scheme.h"
 #include "db-passwd-file.h"
 
 struct passwd_file *passdb_pwf = NULL;

Index: passdb.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- passdb.c	18 Feb 2003 19:11:26 -0000	1.6
+++ passdb.c	18 Feb 2003 19:24:44 -0000	1.7
@@ -3,6 +3,7 @@
 #include "common.h"
 #include "mech.h"
 #include "auth-module.h"
+#include "password-scheme.h"
 #include "passdb.h"
 
 #include <stdlib.h>
@@ -49,12 +50,19 @@
 	if (password != NULL) {
 		wanted_scheme = passdb_credentials_to_str(credentials);
 		if (strcasecmp(scheme, wanted_scheme) != 0) {
-			if (verbose) {
-				i_info("password(%s): Requested %s scheme, "
-				       "but we have only %s", user,
-				       wanted_scheme, scheme);
+			if (strcasecmp(scheme, "PLAIN") == 0) {
+				/* we can generate anything out of plaintext
+				   passwords */
+				password = password_generate(password, user,
+							     wanted_scheme);
+			} else {
+				if (verbose) {
+					i_info("password(%s): Requested %s "
+					       "scheme, but we have only %s",
+					       user, wanted_scheme, scheme);
+				}
+				password = NULL;
 			}
-			password = NULL;
 		}
 	}
 

--- password-verify.c DELETED ---

--- password-verify.h DELETED ---

More information about the dovecot-cvs mailing list