#include <freeradius-devel/server/components.h>
#include <freeradius-devel/server/cond_eval.h>
#include <freeradius-devel/server/connection.h>
-#include <freeradius-devel/server/crypt.h>
#include <freeradius-devel/server/dependency.h>
#include <freeradius-devel/server/dl_module.h>
#include <freeradius-devel/server/exec.h>
+++ /dev/null
-/*
- * This program is is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/**
- * $Id$
- * @file src/lib/server/crypt.c
- * @brief A thread safe crypt wrapper.
- *
- * @copyright 2000-2006,2016 The FreeRADIUS server project.
- */
-RCSID("$Id$")
-
-#include <freeradius-devel/server/crypt.h>
-
-#ifdef HAVE_CRYPT_H
-# include <crypt.h>
-#endif
-#include <unistd.h> /* Contains crypt function declarations */
-#include <string.h>
-
-/*
- * We don't have threadsafe crypt, so we have to wrap
- * calls in a mutex
- */
-#ifndef HAVE_CRYPT_R
-# include <pthread.h>
-static pthread_mutex_t fr_crypt_mutex = PTHREAD_MUTEX_INITIALIZER;
-#endif
-
-/** Performs a crypt password check in an thread-safe way.
- *
- * @param password The user's plaintext password.
- * @param reference_crypt The 'known good' crypt the password
- * is being compared to.
- * @return
- * - 0 crypt output matched reference crypt.
- * - 1 crypt output did not match reference crypt.
- * - -1 crypt failed.
- */
-int fr_crypt_check(char const *password, char const *reference_crypt)
-{
- char *crypt_out;
- int cmp = 0;
-
-#ifdef HAVE_CRYPT_R
- struct crypt_data crypt_data = { .initialized = 0 };
-
- crypt_out = crypt_r(password, reference_crypt, &crypt_data);
- if (crypt_out) cmp = strcmp(reference_crypt, crypt_out);
-#else
- /*
- * Ensure we're thread-safe, as crypt() isn't.
- */
- pthread_mutex_lock(&fr_crypt_mutex);
- crypt_out = crypt(password, reference_crypt);
-
- /*
- * Got something, check it within the lock. This is
- * faster than copying it to a local buffer, and the
- * time spent within the lock is critical.
- */
- if (crypt_out) cmp = strcmp(reference_crypt, crypt_out);
- pthread_mutex_unlock(&fr_crypt_mutex);
-#endif
-
- /*
- * Error.
- */
- if (!crypt_out) return -1;
-
- /*
- * OK, return OK.
- */
- if (cmp == 0) return 0;
-
- /*
- * Comparison failed.
- */
- return 1;
-}
+++ /dev/null
-#pragma once
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/**
- * $Id$
- * @file lib/server/crypt.h
- * @brief A thread safe crypt wrapper.
- *
- * @copyright 2000-2006,2016 The FreeRADIUS server project.
- */
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int fr_crypt_check(char const *password, char const *reference_crypt);
-
-#ifdef __cplusplus
-}
-#endif
cond_eval.c \
cond_tokenize.c \
connection.c \
- crypt.c \
dependency.c \
dl_module.c \
exec.c \
USES_APPLE_DEPRECATED_API
#include <freeradius-devel/server/base.h>
-#include <freeradius-devel/server/crypt.h>
#include <freeradius-devel/server/module.h>
#include <freeradius-devel/server/password.h>
#include <freeradius-devel/tls/base.h>
#include <ctype.h>
+#ifdef HAVE_CRYPT_H
+# include <crypt.h>
+#endif
+#include <unistd.h> /* Contains crypt function declarations */
+
#ifdef HAVE_OPENSSL_EVP_H
# include <openssl/evp.h>
#endif
+/*
+ * We don't have threadsafe crypt, so we have to wrap
+ * calls in a mutex
+ */
+#ifndef HAVE_CRYPT_R
+# include <pthread.h>
+static pthread_mutex_t fr_crypt_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+
/*
* Define a structure for our module configuration.
*
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_pair_t const *password)
{
- if (fr_crypt_check(password->vp_strvalue, known_good->vp_strvalue) != 0) {
+ char *crypt_out;
+ int cmp = 0;
+
+#ifdef HAVE_CRYPT_R
+ struct crypt_data crypt_data = { .initialized = 0 };
+
+ crypt_out = crypt_r(password->vp_strvalue, known_good->vp_strvalue, &crypt_data);
+ if (crypt_out) cmp = strcmp(reference_crypt, crypt_out);
+#else
+ /*
+ * Ensure we're thread-safe, as crypt() isn't.
+ */
+ pthread_mutex_lock(&fr_crypt_mutex);
+ crypt_out = crypt(password->vp_strvalue, known_good->vp_strvalue);
+
+ /*
+ * Got something, check it within the lock. This is
+ * faster than copying it to a local buffer, and the
+ * time spent within the lock is critical.
+ */
+ if (crypt_out) cmp = strcmp(known_good->vp_strvalue, crypt_out);
+ pthread_mutex_unlock(&fr_crypt_mutex);
+#endif
+
+ /*
+ * Error.
+ */
+ if (!crypt_out || (cmp != 0)) {
REDEBUG("Crypt digest does not match \"known good\" digest");
RETURN_MODULE_REJECT;
}
+
RETURN_MODULE_OK;
}
#endif
projects / thirdparty / freeradius-server.git / commitdiff
