xref: /netbsd-src/external/bsd/openldap/dist/contrib/slapd-modules/passwd/netscape.c (revision b1c86f5f087524e68db12794ee9c3e3da1ab17a0) 
1 /*	$NetBSD: netscape.c,v 1.1.1.2 2010/03/08 02:14:20 lukem Exp $	*/
2 
3 /* OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/netscape.c,v 1.5.2.5 2009/08/17 21:48:59 quanah Exp */
4 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5  *
6  * Copyright 1998-2009 The OpenLDAP Foundation.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted only as authorized by the OpenLDAP
11  * Public License.
12  *
13  * A copy of this license is available in the file LICENSE in the
14  * top-level directory of the distribution or, alternatively, at
15  * <http://www.OpenLDAP.org/license.html>.
16  */
17 
18 #include <unistd.h>
19 
20 #include <lber.h>
21 #include <lber_pvt.h>
22 #include "lutil.h"
23 #include "lutil_md5.h"
24 #include <ac/string.h>
25 
26 static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5;
27 static const struct berval scheme = BER_BVC("{NS-MTA-MD5}");
28 
29 #define NS_MTA_MD5_PASSLEN	64
30 static int chk_ns_mta_md5(
31 	const struct berval *scheme,
32 	const struct berval *passwd,
33 	const struct berval *cred,
34 	const char **text )
35 {
36 	lutil_MD5_CTX MD5context;
37 	unsigned char MD5digest[LUTIL_MD5_BYTES], c;
38 	char buffer[LUTIL_MD5_BYTES*2];
39 	int i;
40 
41 	if( passwd->bv_len != NS_MTA_MD5_PASSLEN ) {
42 		return LUTIL_PASSWD_ERR;
43 	}
44 
45 	/* hash credentials with salt */
46 	lutil_MD5Init(&MD5context);
47 	lutil_MD5Update(&MD5context,
48 		(const unsigned char *) &passwd->bv_val[32],
49 		32 );
50 
51 	c = 0x59;
52 	lutil_MD5Update(&MD5context,
53 		(const unsigned char *) &c,
54 		1 );
55 
56 	lutil_MD5Update(&MD5context,
57 		(const unsigned char *) cred->bv_val,
58 		cred->bv_len );
59 
60 	c = 0xF7;
61 	lutil_MD5Update(&MD5context,
62 		(const unsigned char *) &c,
63 		1 );
64 
65 	lutil_MD5Update(&MD5context,
66 		(const unsigned char *) &passwd->bv_val[32],
67 		32 );
68 
69 	lutil_MD5Final(MD5digest, &MD5context);
70 
71 	for( i=0; i < sizeof( MD5digest ); i++ ) {
72 		buffer[i+i]   = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F];
73 		buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F];
74 	}
75 
76 	/* compare */
77 	return memcmp((char *)passwd->bv_val,
78 		(char *)buffer, sizeof(buffer)) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
79 }
80 
81 int init_module(int argc, char *argv[]) {
82 	return lutil_passwd_add( (struct berval *)&scheme, chk_ns_mta_md5, NULL );
83 }
84