xref: /netbsd-src/external/bsd/openldap/dist/contrib/slapd-modules/passwd/netscape.c (revision 4b71a66d0f279143147d63ebfcfd8a59499a3684) 
1 /* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/netscape.c,v 1.5.2.3 2008/02/11 23:26:38 kurt Exp $ */
2 /*
3  * Copyright 1998-2008 The OpenLDAP Foundation.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted only as authorized by the OpenLDAP
8  * Public License.
9  *
10  * A copy of this license is available in the file LICENSE in the
11  * top-level directory of the distribution or, alternatively, at
12  * <http://www.OpenLDAP.org/license.html>.
13  */
14 
15 #include <unistd.h>
16 
17 #include <lber.h>
18 #include <lber_pvt.h>
19 #include "lutil.h"
20 #include "lutil_md5.h"
21 #include <ac/string.h>
22 
23 static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5;
24 static const struct berval scheme = BER_BVC("{NS-MTA-MD5}");
25 
26 #define NS_MTA_MD5_PASSLEN	64
27 static int chk_ns_mta_md5(
28 	const struct berval *scheme,
29 	const struct berval *passwd,
30 	const struct berval *cred,
31 	const char **text )
32 {
33 	lutil_MD5_CTX MD5context;
34 	unsigned char MD5digest[LUTIL_MD5_BYTES], c;
35 	char buffer[LUTIL_MD5_BYTES*2];
36 	int i;
37 
38 	if( passwd->bv_len != NS_MTA_MD5_PASSLEN ) {
39 		return LUTIL_PASSWD_ERR;
40 	}
41 
42 	/* hash credentials with salt */
43 	lutil_MD5Init(&MD5context);
44 	lutil_MD5Update(&MD5context,
45 		(const unsigned char *) &passwd->bv_val[32],
46 		32 );
47 
48 	c = 0x59;
49 	lutil_MD5Update(&MD5context,
50 		(const unsigned char *) &c,
51 		1 );
52 
53 	lutil_MD5Update(&MD5context,
54 		(const unsigned char *) cred->bv_val,
55 		cred->bv_len );
56 
57 	c = 0xF7;
58 	lutil_MD5Update(&MD5context,
59 		(const unsigned char *) &c,
60 		1 );
61 
62 	lutil_MD5Update(&MD5context,
63 		(const unsigned char *) &passwd->bv_val[32],
64 		32 );
65 
66 	lutil_MD5Final(MD5digest, &MD5context);
67 
68 	for( i=0; i < sizeof( MD5digest ); i++ ) {
69 		buffer[i+i]   = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F];
70 		buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F];
71 	}
72 
73 	/* compare */
74 	return memcmp((char *)passwd->bv_val,
75 		(char *)buffer, sizeof(buffer)) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
76 }
77 
78 int init_module(int argc, char *argv[]) {
79 	return lutil_passwd_add( (struct berval *)&scheme, chk_ns_mta_md5, NULL );
80 }
81