示例#1
0
static int chk_sha512(
	const struct berval *scheme, /* Scheme of hashed reference password */
	const struct berval *passwd, /* Hashed reference password to check against */
	const struct berval *cred, /* user-supplied password to check */
	const char **text )
{
	SHA512_CTX SHAcontext;
	unsigned char SHAdigest[SHA512_DIGEST_LENGTH];
	int rc;
	unsigned char *orig_pass = NULL;
	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);

	/* safety check */
	if (decode_len < sizeof(SHAdigest)) {
		return LUTIL_PASSWD_ERR;
	}

	/* base64 un-encode password */
	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);

	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;

	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);

	if( rc != sizeof(SHAdigest) ) {
		ber_memfree(orig_pass);
		return LUTIL_PASSWD_ERR;
	}

	/* hash credentials with salt */
	SHA512_Init(&SHAcontext);
	SHA512_Update(&SHAcontext,
		(const unsigned char *) cred->bv_val, cred->bv_len);
	SHA512_Final(SHAdigest, &SHAcontext);

	/* compare */
	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
#ifdef SLAPD_SHA2_DEBUG
	chk_sha_debug(scheme, passwd, cred, (char *)SHAdigest, sizeof(SHAdigest), rc);
#endif
	ber_memfree(orig_pass);
	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
示例#2
0
static int chk_phk(
	const struct berval *magic,
	const struct berval *passwd,
	const struct berval *cred,
	const char **text)
{
	unsigned char digest[LUTIL_MD5_BYTES];
	unsigned char *orig_pass;
	int rc, n;
	struct berval salt;

	/* safety check */
	n = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
	if (n <= sizeof(digest))
		return LUTIL_PASSWD_ERR;

	/* base64 un-encode password hash */
	orig_pass = (unsigned char *) ber_memalloc((size_t) (n + 1));

	if (orig_pass == NULL)
		return LUTIL_PASSWD_ERR;

	rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);

	if (rc <= (int) sizeof(digest)) {
		ber_memfree(orig_pass);
		return LUTIL_PASSWD_ERR;
	}

	salt.bv_val = (char *) &orig_pass[sizeof(digest)];
	salt.bv_len = rc - sizeof(digest);

	do_phk_hash(cred, magic, &salt, digest);

	if (text)
		*text = NULL;

	/* compare */
	rc = memcmp((char *) orig_pass, (char *) digest, sizeof(digest));
	ber_memfree(orig_pass);
	return rc ?  LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}