out of plaintext passwords.
--HG--
branch : HEAD
passdb-pam.c \
passdb-shadow.c \
passdb-vpopmail.c \
- password-verify.c \
+ password-scheme.c \
userdb.c \
userdb-ldap.c \
userdb-passwd.c \
mech.h \
mycrypt.h \
passdb.h \
- password-verify.h \
+ password-scheme.h \
userdb.h \
userdb-vpopmail.h
*error = "Invalid realm";
return FALSE;
}
- if (auth->realm == NULL)
+ if (auth->realm == NULL && *value != '\0')
auth->realm = p_strdup(auth->pool, value);
return TRUE;
}
#include "common.h"
#include "str.h"
#include "var-expand.h"
-#include "password-verify.h"
+#include "password-scheme.h"
#include "db-ldap.h"
#include "passdb.h"
#include "common.h"
#include "passdb.h"
-#include "password-verify.h"
+#include "password-scheme.h"
#include "db-passwd-file.h"
struct passwd_file *passdb_pwf = NULL;
#include "common.h"
#include "mech.h"
#include "auth-module.h"
+#include "password-scheme.h"
#include "passdb.h"
#include <stdlib.h>
if (password != NULL) {
wanted_scheme = passdb_credentials_to_str(credentials);
if (strcasecmp(scheme, wanted_scheme) != 0) {
- if (verbose) {
- i_info("password(%s): Requested %s scheme, "
- "but we have only %s", user,
- wanted_scheme, scheme);
+ if (strcasecmp(scheme, "PLAIN") == 0) {
+ /* we can generate anything out of plaintext
+ passwords */
+ password = password_generate(password, user,
+ wanted_scheme);
+ } else {
+ if (verbose) {
+ i_info("password(%s): Requested %s "
+ "scheme, but we have only %s",
+ user, wanted_scheme, scheme);
+ }
+ password = NULL;
}
- password = NULL;
}
}
#include "hex-binary.h"
#include "md5.h"
#include "mycrypt.h"
-#include "password-verify.h"
+#include "randgen.h"
+#include "password-scheme.h"
int password_verify(const char *plaintext, const char *password,
const char *scheme, const char *user)
*password = p + 1;
return scheme;
}
+
+const char *password_generate(const char *plaintext, const char *user,
+ const char *scheme)
+{
+ static const char *salt_chars =
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./";
+ const char *realm, *str;
+ unsigned char digest[16];
+ char salt[3];
+
+ if (strcasecmp(scheme, "CRYPT") == 0) {
+ random_fill(salt, 2);
+ salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)];
+ salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)];
+ salt[2] = '\0';
+ return t_strdup(mycrypt(plaintext, salt));
+ }
+
+ if (strcasecmp(scheme, "PLAIN") == 0)
+ return plaintext;
+
+ if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
+ /* user:realm:passwd */
+ realm = strchr(user, '@');
+ if (realm != NULL) realm++; else realm = "";
+
+ str = t_strconcat(t_strcut(user, '@'), ":", realm, ":",
+ plaintext, NULL);
+ md5_get_digest(str, strlen(str), digest);
+ return binary_to_hex(digest, sizeof(digest));
+ }
+
+ if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
+ md5_get_digest(plaintext, strlen(plaintext), digest);
+ return binary_to_hex(digest, sizeof(digest));
+ }
+
+ return NULL;
+}
-#ifndef __PASSWORD_VERIFY_H
-#define __PASSWORD_VERIFY_H
+#ifndef __PASSWORD_SCHEME_H
+#define __PASSWORD_SCHEME_H
/* Returns 1 = matched, 0 = didn't match, -1 = unknown scheme */
int password_verify(const char *plaintext, const char *password,
/* Extracts scheme from password, or returns NULL if it isn't found. */
const char *password_get_scheme(const char **password);
+/* Create wanted password scheme out of plaintext password and username. */
+const char *password_generate(const char *plaintext, const char *user,
+ const char *scheme);
+
#endif
projects / thirdparty / dovecot / core.git / commitdiff
