[dovecot-cvs] dovecot/src/auth password-scheme-md5crypt.c, 1.2, 1.2.2.1 password-scheme-rpa.c, 1.2, 1.2.2.1 password-scheme.c, 1.21.2.2, 1.21.2.3
tss at dovecot.org
tss at dovecot.org
Mon Oct 9 00:18:48 UTC 2006
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv430
Modified Files:
Tag: branch_1_0
password-scheme-md5crypt.c password-scheme-rpa.c
password-scheme.c
Log Message:
Based on password length detect if it's hex-encoded or sha1-encoded. Also
use MD[45]_RESULTLEN macros instead of hardcoded 16 value.
Index: password-scheme-md5crypt.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme-md5crypt.c,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -d -r1.2 -r1.2.2.1
--- password-scheme-md5crypt.c 16 Jan 2005 16:47:27 -0000 1.2
+++ password-scheme-md5crypt.c 8 Oct 2006 23:18:16 -0000 1.2.2.1
@@ -49,7 +49,7 @@
const char *password_generate_md5_crypt(const char *pw, const char *salt)
{
const char *sp,*ep;
- unsigned char final[16];
+ unsigned char final[MD5_RESULTLEN];
int sl,pl,i,j;
struct md5_context ctx,ctx1;
unsigned long l;
@@ -87,8 +87,8 @@
md5_update(&ctx1,sp,sl);
md5_update(&ctx1,pw,pw_len);
md5_final(&ctx1,final);
- for(pl = pw_len; pl > 0; pl -= 16)
- md5_update(&ctx,final,pl>16 ? 16 : pl);
+ for(pl = pw_len; pl > 0; pl -= MD5_RESULTLEN)
+ md5_update(&ctx,final,pl>MD5_RESULTLEN ? MD5_RESULTLEN : pl);
/* Don't leave anything around in vm they could use. */
safe_memset(final, 0, sizeof(final));
@@ -118,7 +118,7 @@
if(i & 1)
md5_update(&ctx1,pw,pw_len);
else
- md5_update(&ctx1,final,16);
+ md5_update(&ctx1,final,MD5_RESULTLEN);
if(i % 3)
md5_update(&ctx1,sp,sl);
@@ -127,7 +127,7 @@
md5_update(&ctx1,pw,pw_len);
if(i & 1)
- md5_update(&ctx1,final,16);
+ md5_update(&ctx1,final,MD5_RESULTLEN);
else
md5_update(&ctx1,pw,pw_len);
md5_final(&ctx1,final);
Index: password-scheme-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme-rpa.c,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -d -r1.2 -r1.2.2.1
--- password-scheme-rpa.c 8 Oct 2004 17:51:47 -0000 1.2
+++ password-scheme-rpa.c 8 Oct 2006 23:18:16 -0000 1.2.2.1
@@ -26,7 +26,7 @@
const char *password_generate_rpa(const char *pw)
{
- unsigned char hash[16];
+ unsigned char hash[MD5_RESULTLEN];
unsigned char *ucs2be_pw;
size_t size;
Index: password-scheme.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.21.2.2
retrieving revision 1.21.2.3
diff -u -d -r1.21.2.2 -r1.21.2.3
--- password-scheme.c 17 Jun 2006 16:01:12 -0000 1.21.2.2
+++ password-scheme.c 8 Oct 2006 23:18:16 -0000 1.21.2.3
@@ -153,28 +153,43 @@
return str_c(str);
}
+static const void *
+password_decode(const char *password, unsigned int result_len)
+{
+ buffer_t *buf;
+ size_t len;
+
+ len = strlen(password);
+ if (len == result_len*2) {
+ /* hex-encoded */
+ buf = buffer_create_static_hard(pool_datastack_create(),
+ result_len);
+
+ if (hex_to_binary(password, buf) < 0)
+ return NULL;
+ } else {
+ /* base64-encoded */
+ buf = buffer_create_static_hard(pool_datastack_create(),
+ MAX_BASE64_DECODED_SIZE(len));
+
+ if (base64_decode(password, len, NULL, buf) < 0)
+ return NULL;
+ }
+
+ return buf->used != result_len ? NULL : buf->data;
+}
+
static bool sha1_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
{
unsigned char sha1_digest[SHA1_RESULTLEN];
const char *data;
- buffer_t *buf;
- size_t size, password_len;
sha1_get_digest(plaintext, strlen(plaintext), sha1_digest);
- password_len = strlen(password);
- buf = buffer_create_static_hard(pool_datastack_create(),
- MAX_BASE64_DECODED_SIZE(password_len));
-
- if (base64_decode(password, password_len, NULL, buf) < 0) {
- i_error("sha1_verify(%s): failed decoding SHA base64", user);
- return 0;
- }
-
- data = buffer_get_data(buf, &size);
- if (size < SHA1_RESULTLEN) {
- i_error("sha1_verify(%s): invalid SHA base64 decode", user);
+ data = password_decode(password, SHA1_RESULTLEN);
+ if (data == NULL) {
+ i_error("sha1_verify(%s): Invalid password encoding", user);
return 0;
}
@@ -237,7 +252,7 @@
const char *user __attr_unused__)
{
unsigned char smd5_digest[20];
- unsigned char *salt = &smd5_digest[16];
+ unsigned char *salt = &smd5_digest[MD5_RESULTLEN];
struct md5_context ctx;
string_t *str;
@@ -256,7 +271,7 @@
static bool smd5_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
{
- unsigned char md5_digest[16];
+ unsigned char md5_digest[MD5_RESULTLEN];
buffer_t *buf;
const char *data;
size_t size, password_len;
@@ -273,16 +288,16 @@
}
data = buffer_get_data(buf, &size);
- if (size <= 16) {
+ if (size <= MD5_RESULTLEN) {
i_error("smd5_verify(%s): invalid SMD5 base64 decode", user);
return 0;
}
md5_init(&ctx);
md5_update(&ctx, plaintext, strlen(plaintext));
- md5_update(&ctx, &data[16], size-16);
+ md5_update(&ctx, &data[MD5_RESULTLEN], size-MD5_RESULTLEN);
md5_final(&ctx, md5_digest);
- return memcmp(md5_digest, data, 16) == 0;
+ return memcmp(md5_digest, data, MD5_RESULTLEN) == 0;
}
static bool plain_verify(const char *plaintext, const char *password,
@@ -312,7 +327,7 @@
static bool digest_md5_verify(const char *plaintext, const char *password,
const char *user)
{
- unsigned char digest[16];
+ unsigned char digest[MD5_RESULTLEN];
const char *realm, *str;
/* user:realm:passwd */
@@ -330,7 +345,7 @@
static const char *digest_md5_generate(const char *plaintext, const char *user)
{
const char *realm, *str;
- unsigned char digest[16];
+ unsigned char digest[MD5_RESULTLEN];
if (user == NULL)
i_fatal("digest_md5_generate(): username not given");
@@ -348,18 +363,24 @@
static bool plain_md4_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
{
- unsigned char digest[16];
- const char *str;
+ unsigned char digest[MD4_RESULTLEN];
+ const void *data;
md4_get_digest(plaintext, strlen(plaintext), digest);
- str = binary_to_hex(digest, sizeof(digest));
- return strcasecmp(str, password) == 0;
+
+ data = password_decode(password, MD4_RESULTLEN);
+ if (data == NULL) {
+ i_error("plain_md4_verify(%s): Invalid password encoding",
+ user);
+ return 0;
+ }
+ return memcmp(digest, data, MD4_RESULTLEN) == 0;
}
static const char *plain_md4_generate(const char *plaintext,
const char *user __attr_unused__)
{
- unsigned char digest[16];
+ unsigned char digest[MD4_RESULTLEN];
md4_get_digest(plaintext, strlen(plaintext), digest);
return binary_to_hex(digest, sizeof(digest));
@@ -368,18 +389,24 @@
static bool plain_md5_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
{
- unsigned char digest[16];
- const char *str;
+ unsigned char digest[MD5_RESULTLEN];
+ const void *data;
md5_get_digest(plaintext, strlen(plaintext), digest);
- str = binary_to_hex(digest, sizeof(digest));
- return strcasecmp(str, password) == 0;
+
+ data = password_decode(password, MD5_RESULTLEN);
+ if (data == NULL) {
+ i_error("plain_md5_verify(%s): Invalid password encoding",
+ user);
+ return 0;
+ }
+ return memcmp(digest, data, MD5_RESULTLEN) == 0;
}
static const char *plain_md5_generate(const char *plaintext,
const char *user __attr_unused__)
{
- unsigned char digest[16];
+ unsigned char digest[MD5_RESULTLEN];
md5_get_digest(plaintext, strlen(plaintext), digest);
return binary_to_hex(digest, sizeof(digest));
@@ -388,7 +415,7 @@
static const char *ldap_md5_generate(const char *plaintext,
const char *user __attr_unused__)
{
- unsigned char digest[16];
+ unsigned char digest[MD5_RESULTLEN];
string_t *str;
md5_get_digest(plaintext, strlen(plaintext), digest);
@@ -397,35 +424,6 @@
return str_c(str);
}
-static bool ldap_md5_verify(const char *plaintext, const char *password,
- const char *user __attr_unused__)
-{
- unsigned char md5_digest[16];
- buffer_t *buf;
- const char *data;
- size_t size, password_len;
-
- md5_get_digest(plaintext, strlen(plaintext), md5_digest);
-
- password_len = strlen(password);
- buf = buffer_create_static_hard(pool_datastack_create(),
- MAX_BASE64_DECODED_SIZE(password_len));
-
- if (base64_decode(password, password_len, NULL, buf) < 0) {
- i_error("ldap_md5_verify(%s): failed decoding MD5 base64",
- user);
- return 0;
- }
-
- data = buffer_get_data(buf, &size);
- if (size != 16) {
- i_error("ldap_md5_verify(%s): invalid MD5 base64 decode", user);
- return 0;
- }
-
- return memcmp(md5_digest, data, 16) == 0;
-}
-
static bool lm_verify(const char *plaintext, const char *password,
const char *user __attr_unused__)
{
@@ -475,7 +473,7 @@
{ "DIGEST-MD5", digest_md5_verify, digest_md5_generate },
{ "PLAIN-MD4", plain_md4_verify, plain_md4_generate },
{ "PLAIN-MD5", plain_md5_verify, plain_md5_generate },
- { "LDAP-MD5", ldap_md5_verify, ldap_md5_generate },
+ { "LDAP-MD5", plain_md5_verify, ldap_md5_generate },
{ "LANMAN", lm_verify, lm_generate },
{ "NTLM", ntlm_verify, ntlm_generate },
{ "RPA", rpa_verify, rpa_generate },
More information about the dovecot-cvs
mailing list