27 */ |
27 */ |
28 |
28 |
29 #include <stdio.h> |
29 #include <stdio.h> |
30 #include <stdlib.h> |
30 #include <stdlib.h> |
31 #include <string.h> |
31 #include <string.h> |
|
32 |
32 #include <openssl/sha.h> |
33 #include <openssl/sha.h> |
|
34 #if defined(__sun) && defined(__SunOS_5_10) |
|
35 #include <sha2.h> |
|
36 #define SHA256_Init SHA256Init |
|
37 #define SHA256_Update SHA256Update |
|
38 #define SHA256_Final SHA256Final |
|
39 #endif |
33 |
40 |
34 #include "../util/atomic.h" |
41 #include "../util/atomic.h" |
35 #include "../util/util.h" |
42 #include "../util/util.h" |
36 |
43 |
37 #include "keyfile_auth.h" |
44 #include "keyfile_auth.h" |
111 return ucx_map_cstr_get(keyfile->users, user); |
118 return ucx_map_cstr_get(keyfile->users, user); |
112 } |
119 } |
113 |
120 |
114 int keyfile_user_verify_password(User *user, char *password) { |
121 int keyfile_user_verify_password(User *user, char *password) { |
115 KeyfileUser *usr = (KeyfileUser*)user; |
122 KeyfileUser *usr = (KeyfileUser*)user; |
116 switch(usr->hash_type) { |
123 return ssha_verify(usr, password); |
117 case KEYFILE_SSHA: return ssha_verify(usr, password); |
|
118 } |
|
119 return 0; |
|
120 } |
124 } |
121 |
125 |
122 int keyfile_user_check_group(User *user, char *group) { |
126 int keyfile_user_check_group(User *user, char *group) { |
123 KeyfileUser *usr = (KeyfileUser*)user; |
127 KeyfileUser *usr = (KeyfileUser*)user; |
124 sstr_t grp = sstr(group); |
128 sstr_t grp = sstr(group); |
135 } |
139 } |
136 |
140 |
137 |
141 |
138 int ssha_verify(KeyfileUser *user, char *password) { |
142 int ssha_verify(KeyfileUser *user, char *password) { |
139 /* |
143 /* |
140 * SSHA: SHA1(pw + salt) + 8 bytes salt |
144 * SSHA: SHA(pw + salt) + salt |
141 * user->hash is already base64 decoded |
145 * user->hash is already base64 decoded |
142 */ |
146 */ |
143 |
147 |
144 // TODO: variable length salt |
148 size_t hlen; |
|
149 switch(user->hash_type) { |
|
150 case KEYFILE_SSHA: hlen = 20; break; |
|
151 case KEYFILE_SSHA256: hlen = 32; break; |
|
152 case KEYFILE_SSHA512: hlen = 64; break; |
|
153 } |
145 |
154 |
146 char *salt = user->hash + user->hashlen - 8; // last 8 bytes are the salt |
155 char *salt = user->hash + hlen; |
147 size_t pwlen = strlen(password); |
156 size_t saltlen = user->hashlen - hlen; |
148 |
157 |
149 size_t saltpwlen = pwlen + 8; |
158 size_t pwlen = strlen(password); |
150 char *saltpw = malloc(saltpwlen); |
|
151 memcpy(saltpw, password, pwlen); |
|
152 memcpy(saltpw + pwlen, salt, 8); |
|
153 |
159 |
154 unsigned char pwhash[20]; |
160 unsigned char pwhash[64]; |
155 SHA1((const unsigned char*)saltpw, saltpwlen, pwhash); |
161 switch(user->hash_type) { |
|
162 case KEYFILE_SSHA: { |
|
163 SHA_CTX ctx; |
|
164 SHA1_Init(&ctx); |
|
165 SHA1_Update(&ctx, password, pwlen); |
|
166 SHA1_Update(&ctx, salt, saltlen); |
|
167 SHA1_Final(pwhash, &ctx); |
|
168 break; |
|
169 } |
|
170 case KEYFILE_SSHA256: { |
|
171 SHA256_CTX ctx; |
|
172 SHA256_Init(&ctx); |
|
173 SHA256_Update(&ctx, password, pwlen); |
|
174 SHA256_Update(&ctx, salt, saltlen); |
|
175 SHA256_Final(pwhash, &ctx); |
|
176 break; |
|
177 } |
|
178 case KEYFILE_SSHA512: { |
|
179 SHA512_CTX ctx; |
|
180 SHA512_Init(&ctx); |
|
181 SHA512_Update(&ctx, password, pwlen); |
|
182 SHA512_Update(&ctx, salt, saltlen); |
|
183 SHA512_Final(pwhash, &ctx); |
|
184 break; |
|
185 } |
|
186 } |
156 |
187 |
157 if(!memcmp(user->hash, pwhash, 20)) { |
188 if(!memcmp(user->hash, pwhash, hlen)) { |
158 return 1; |
189 return 1; |
159 } else { |
190 } else { |
160 return 0; |
191 return 0; |
161 } |
192 } |
162 } |
193 } |
|
194 |