comparison: src/server/daemon/keyfile_auth.c
src/server/daemon/keyfile_auth.c
- changeset 174
- 8f2a834d1d68
- parent 133
- 87b405d61f64
- child 255
- b5d15a4a19f5
equal
deleted
inserted
replaced
| 171:af7e2d80dee6 | 174:8f2a834d1d68 |
|---|---|
| 27 */ | 27 */ |
| 28 | 28 |
| 29 #include <stdio.h> | 29 #include <stdio.h> |
| 30 #include <stdlib.h> | 30 #include <stdlib.h> |
| 31 #include <string.h> | 31 #include <string.h> |
| 32 | |
| 32 #include <openssl/sha.h> | 33 #include <openssl/sha.h> |
| 34 #if defined(__sun) && defined(__SunOS_5_10) | |
| 35 #include <sha2.h> | |
| 36 #define SHA256_Init SHA256Init | |
| 37 #define SHA256_Update SHA256Update | |
| 38 #define SHA256_Final SHA256Final | |
| 39 #endif | |
| 33 | 40 |
| 34 #include "../util/atomic.h" | 41 #include "../util/atomic.h" |
| 35 #include "../util/util.h" | 42 #include "../util/util.h" |
| 36 | 43 |
| 37 #include "keyfile_auth.h" | 44 #include "keyfile_auth.h" |
| 111 return ucx_map_cstr_get(keyfile->users, user); | 118 return ucx_map_cstr_get(keyfile->users, user); |
| 112 } | 119 } |
| 113 | 120 |
| 114 int keyfile_user_verify_password(User *user, char *password) { | 121 int keyfile_user_verify_password(User *user, char *password) { |
| 115 KeyfileUser *usr = (KeyfileUser*)user; | 122 KeyfileUser *usr = (KeyfileUser*)user; |
| 116 switch(usr->hash_type) { | 123 return ssha_verify(usr, password); |
| 117 case KEYFILE_SSHA: return ssha_verify(usr, password); | |
| 118 } | |
| 119 return 0; | |
| 120 } | 124 } |
| 121 | 125 |
| 122 int keyfile_user_check_group(User *user, char *group) { | 126 int keyfile_user_check_group(User *user, char *group) { |
| 123 KeyfileUser *usr = (KeyfileUser*)user; | 127 KeyfileUser *usr = (KeyfileUser*)user; |
| 124 sstr_t grp = sstr(group); | 128 sstr_t grp = sstr(group); |
| 135 } | 139 } |
| 136 | 140 |
| 137 | 141 |
| 138 int ssha_verify(KeyfileUser *user, char *password) { | 142 int ssha_verify(KeyfileUser *user, char *password) { |
| 139 /* | 143 /* |
| 140 * SSHA: SHA1(pw + salt) + 8 bytes salt | 144 * SSHA: SHA(pw + salt) + salt |
| 141 * user->hash is already base64 decoded | 145 * user->hash is already base64 decoded |
| 142 */ | 146 */ |
| 143 | 147 |
| 144 // TODO: variable length salt | 148 size_t hlen; |
| 149 switch(user->hash_type) { | |
| 150 case KEYFILE_SSHA: hlen = 20; break; | |
| 151 case KEYFILE_SSHA256: hlen = 32; break; | |
| 152 case KEYFILE_SSHA512: hlen = 64; break; | |
| 153 } | |
| 145 | 154 |
| 146 char *salt = user->hash + user->hashlen - 8; // last 8 bytes are the salt | 155 char *salt = user->hash + hlen; |
| 147 size_t pwlen = strlen(password); | 156 size_t saltlen = user->hashlen - hlen; |
| 148 | 157 |
| 149 size_t saltpwlen = pwlen + 8; | 158 size_t pwlen = strlen(password); |
| 150 char *saltpw = malloc(saltpwlen); | |
| 151 memcpy(saltpw, password, pwlen); | |
| 152 memcpy(saltpw + pwlen, salt, 8); | |
| 153 | 159 |
| 154 unsigned char pwhash[20]; | 160 unsigned char pwhash[64]; |
| 155 SHA1((const unsigned char*)saltpw, saltpwlen, pwhash); | 161 switch(user->hash_type) { |
| 162 case KEYFILE_SSHA: { | |
| 163 SHA_CTX ctx; | |
| 164 SHA1_Init(&ctx); | |
| 165 SHA1_Update(&ctx, password, pwlen); | |
| 166 SHA1_Update(&ctx, salt, saltlen); | |
| 167 SHA1_Final(pwhash, &ctx); | |
| 168 break; | |
| 169 } | |
| 170 case KEYFILE_SSHA256: { | |
| 171 SHA256_CTX ctx; | |
| 172 SHA256_Init(&ctx); | |
| 173 SHA256_Update(&ctx, password, pwlen); | |
| 174 SHA256_Update(&ctx, salt, saltlen); | |
| 175 SHA256_Final(pwhash, &ctx); | |
| 176 break; | |
| 177 } | |
| 178 case KEYFILE_SSHA512: { | |
| 179 SHA512_CTX ctx; | |
| 180 SHA512_Init(&ctx); | |
| 181 SHA512_Update(&ctx, password, pwlen); | |
| 182 SHA512_Update(&ctx, salt, saltlen); | |
| 183 SHA512_Final(pwhash, &ctx); | |
| 184 break; | |
| 185 } | |
| 186 } | |
| 156 | 187 |
| 157 if(!memcmp(user->hash, pwhash, 20)) { | 188 if(!memcmp(user->hash, pwhash, hlen)) { |
| 158 return 1; | 189 return 1; |
| 159 } else { | 190 } else { |
| 160 return 0; | 191 return 0; |
| 161 } | 192 } |
| 162 } | 193 } |
| 194 |
