1 /* $OpenBSD: ap_checkpass.c,v 1.9 2005/06/20 12:23:22 robert Exp $ */
2
3 /* ====================================================================
4 * The Apache Software License, Version 1.1
5 *
6 * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
7 * reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. The end-user documentation included with the redistribution,
22 * if any, must include the following acknowledgment:
23 * "This product includes software developed by the
24 * Apache Software Foundation (http://www.apache.org/)."
25 * Alternately, this acknowledgment may appear in the software itself,
26 * if and wherever such third-party acknowledgments normally appear.
27 *
28 * 4. The names "Apache" and "Apache Software Foundation" must
29 * not be used to endorse or promote products derived from this
30 * software without prior written permission. For written
31 * permission, please contact apache@apache.org.
32 *
33 * 5. Products derived from this software may not be called "Apache",
34 * nor may "Apache" appear in their name, without prior written
35 * permission of the Apache Software Foundation.
36 *
37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 * SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This software consists of voluntary contributions made by many
52 * individuals on behalf of the Apache Software Foundation. For more
53 * information on the Apache Software Foundation, please see
54 * <http://www.apache.org/>.
55 *
56 * Portions of this software are based upon public domain software
57 * originally written at the National Center for Supercomputing Applications,
58 * University of Illinois, Urbana-Champaign.
59 */
60
61 /*
62 * Simple password verify, which 'know's about various password
63 * types, such as the simple base64 encoded crypt()s, MD5 $ marked
64 * FreeBSD style and netscape SHA1's.
65 */
66 #include <string.h>
67
68 #include "ap_config.h"
69 #include "ap_md5.h"
70 #include "ap_sha1.h"
71 #include "ap.h"
72
73 /*
74 * Validate a plaintext password against a smashed one. Use either
75 * crypt() (if available), ap_MD5Encode() or ap_SHA1Encode depending
76 * upon the format of the smashed input password.
77 *
78 * Return NULL if they match, or an explanatory text string if they don't.
79 */
80
81 API_EXPORT(char *)
ap_validate_password(const char * passwd,const char * hash)82 ap_validate_password(const char *passwd, const char *hash)
83 {
84 char sample[120];
85
86 /* FreeBSD style MD5 string
87 */
88 if (strncmp(hash, AP_MD5PW_ID, AP_MD5PW_IDLEN) == 0)
89 ap_MD5Encode((const unsigned char *)passwd,
90 (const unsigned char *)hash, sample, sizeof(sample));
91 /* Netscape / SHA1 ldap style strng
92 */
93 else if (strncmp(hash, AP_SHA1PW_ID, AP_SHA1PW_IDLEN) == 0)
94 ap_sha1_base64(passwd, strlen(passwd), sample);
95 /*
96 * It's not our algorithm, so feed it to crypt() if possible.
97 */
98 else
99 ap_cpystrn(sample, (char *)crypt(passwd, hash),
100 sizeof(sample) - 1);
101 return (strcmp(sample, hash) == 0) ? NULL : "password mismatch";
102 }
103