![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to protected.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / dsap / common|
Return to protected.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / dsap / common |
1.1 ! root 1: /* protected.c - ProtectedPassword attribute syntax */ ! 2: ! 3: #ifndef lint ! 4: static char *rcsid = "$Header: /f/osi/dsap/common/RCS/protected.c,v 7.3 90/01/12 08:08:26 mrose Exp $"; ! 5: #endif ! 6: ! 7: /* ! 8: * $Header: /f/osi/dsap/common/RCS/protected.c,v 7.3 90/01/12 08:08:26 mrose Exp $ ! 9: * ! 10: * ! 11: * $Log: protected.c,v $ ! 12: * Revision 7.3 90/01/12 08:08:26 mrose ! 13: * again ! 14: * ! 15: * Revision 7.2 90/01/11 23:53:12 mrose ! 16: * lint ! 17: * ! 18: * Revision 7.1 89/12/19 16:19:29 mrose ! 19: * sync ! 20: * ! 21: * Revision 7.0 89/11/23 21:47:43 mrose ! 22: * Release 6.0 ! 23: * ! 24: */ ! 25: ! 26: /* ! 27: * NOTICE ! 28: * ! 29: * Acquisition, use, and distribution of this module and related ! 30: * materials are subject to the restrictions of a license agreement. ! 31: * Consult the Preface in the User's Manual for the full terms of ! 32: * this agreement. ! 33: * ! 34: */ ! 35: ! 36: #include "logger.h" ! 37: #include "quipu/util.h" ! 38: #include "quipu/attr.h" ! 39: #include "quipu/authen.h" ! 40: ! 41: extern LLog *log_dsap; ! 42: extern char allow_crypt; ! 43: char *cryptparse(); ! 44: ! 45: static PE prot_enc (x) ! 46: struct protected_password *x; ! 47: { ! 48: PE result = NULLPE; ! 49: ! 50: (void) encode_Quipu_ProtectedPassword (&result, 0, 0, NULLCP, x); ! 51: return (result); ! 52: } ! 53: ! 54: static struct protected_password * prot_dec (pe) ! 55: PE pe; ! 56: { ! 57: struct protected_password *result; ! 58: ! 59: if (decode_Quipu_ProtectedPassword (pe, 0, NULLIP, NULLVP, &result) ! 60: == NOTOK) ! 61: return ((struct protected_password *) 0); ! 62: return (result); ! 63: } ! 64: ! 65: static struct protected_password *str2prot(str) ! 66: char *str; ! 67: { ! 68: struct protected_password *result; ! 69: char *octparse(); ! 70: ! 71: result = (struct protected_password *) ! 72: calloc(1, sizeof(*result)); ! 73: ! 74: if (result == (struct protected_password *) 0) ! 75: return (result); ! 76: ! 77: /* Using strlen means can't have zeros in the password */ ! 78: result->passwd = cryptparse(str); ! 79: result->n_octets = strlen(result->passwd); ! 80: result->protected = '\0'; ! 81: result->time1 = NULLCP; ! 82: result->time2 = NULLCP; ! 83: result->random1 = (struct random_number *) 0; ! 84: result->random2 = (struct random_number *) 0; ! 85: ! 86: return (result); ! 87: } ! 88: ! 89: static prot_print (ps, parm, format) ! 90: PS ps; ! 91: struct protected_password *parm; ! 92: int format; ! 93: { ! 94: char *cp; ! 95: extern char * cryptstring(); ! 96: ! 97: /* Make a null-terminated copy */ ! 98: cp = malloc((unsigned)(parm->n_octets + 1)); ! 99: bcopy(parm->passwd, cp, parm->n_octets); ! 100: cp[parm->n_octets] = '\0'; ! 101: ! 102: if (allow_crypt == FALSE) ! 103: octprint(ps, cp, format); ! 104: else ! 105: { ! 106: ps_print(ps, "{CRYPT}"); ! 107: octprint(ps, cryptstring(cp), format); ! 108: } ! 109: free(cp); ! 110: } ! 111: ! 112: ! 113: /* Portable conversion from OCTET STRING to whatever structure is ! 114: * used to hold a hash. This is currently an unsigned long, which limits the ! 115: * length of a hash. ! 116: */ ! 117: ! 118: ! 119: /* The reverse operation. Currently, hashes are always 4 octets long. */ ! 120: ! 121: char *hash2str(hash, len) ! 122: unsigned long hash; ! 123: int *len; ! 124: { ! 125: char *result; ! 126: int i; ! 127: ! 128: result = malloc(5); ! 129: if (result == NULLCP) ! 130: return (result); ! 131: ! 132: for (i=0; i<4; i++) ! 133: { ! 134: result[i] = (char) (hash & 255); ! 135: hash = hash >> 8; ! 136: } ! 137: ! 138: *len = 4; ! 139: return (result); ! 140: } ! 141: ! 142: /* insecure hash function for testing purposes */ ! 143: ! 144: /* ARGSUSED */ ! 145: unsigned long hash_passwd(seed, str, len) ! 146: unsigned long seed; ! 147: char *str; ! 148: int len; ! 149: { ! 150: seed = 0; ! 151: ! 152: DLOG(log_dsap, LLOG_DEBUG, ("Hash = %D", seed)); ! 153: ! 154: return (seed); ! 155: } ! 156: ! 157: /* ARGSUSED */ ! 158: int check_guard(pwd, pwd_len, salt, hval, hlen) ! 159: char *pwd; /* This string is not null-terminated */ ! 160: int pwd_len; ! 161: char *salt; /* Null-terminated salt */ ! 162: char *hval; /* This string is not null-terminated */ ! 163: int hlen; ! 164: { ! 165: return (2); ! 166: } ! 167: ! 168: static int prot_cmp (a, b) ! 169: struct protected_password *a, *b; ! 170: { ! 171: int retval; ! 172: ! 173: if (a->protected == (char) 0) ! 174: { ! 175: if (b->protected == (char) 0) ! 176: { ! 177: /* Both are unencrypted. Do a direct compare. */ ! 178: if (a->n_octets != b->n_octets) ! 179: retval = 2; ! 180: else ! 181: retval = (strncmp(a->passwd, b->passwd, a->n_octets) == 0)? 0:2; ! 182: } ! 183: else ! 184: retval = check_guard(a->passwd, a->n_octets, b->time1, b->passwd, b->n_octets); ! 185: } ! 186: else ! 187: { ! 188: if (b->protected == (char) 0) ! 189: retval = check_guard(b->passwd, b->n_octets, a->time1, a->passwd, a->n_octets); ! 190: else ! 191: { ! 192: /* Both are encrypted. ! 193: * This case does not occur with sane usage of this syntax. ! 194: * However, we have to handle it in case a DUA tries it. ! 195: * To preserve semantics of `equals', should check whether a & b ! 196: * are both guarded versions of the same thing, BUT the encryption ! 197: * mechanism prevents us doing this check. ! 198: * ! 199: * To make evrything mathematically correct, should re-write it ! 200: * to use '>=' rather than '='. Unfortunately, can't check '>=' ! 201: * with a directory COMPARE operation ... ! 202: */ ! 203: if (a->n_octets != b->n_octets) ! 204: retval = 2; ! 205: else ! 206: retval = (strncmp(a->passwd, b->passwd, a->n_octets) == 0)? 0:2; ! 207: } ! 208: } ! 209: return (retval); ! 210: } ! 211: ! 212: static struct protected_password *prot_cpy(parm) ! 213: struct protected_password *parm; ! 214: { ! 215: struct protected_password *result; ! 216: ! 217: result = (struct protected_password *) ! 218: calloc(1, sizeof(*result)); ! 219: ! 220: result->passwd = malloc((unsigned)parm->n_octets); ! 221: if (result->passwd == NULLCP) ! 222: return ((struct protected_password *) 0); ! 223: bcopy(parm->passwd, result->passwd, parm->n_octets); ! 224: ! 225: result->n_octets = parm->n_octets; ! 226: if (parm->time1 == NULLCP) ! 227: result->time1 = NULLCP; ! 228: else ! 229: result->time1 = strdup(parm->time1); ! 230: ! 231: if (parm->time2 == NULLCP) ! 232: result->time2 = NULLCP; ! 233: else ! 234: result->time2 = strdup(parm->time2); ! 235: ! 236: result->random1 = (struct random_number *) 0; ! 237: result->random2 = (struct random_number *) 0; ! 238: ! 239: result->protected = parm->protected; ! 240: ! 241: return (result); ! 242: } ! 243: ! 244: static prot_free(parm) ! 245: struct protected_password *parm; ! 246: { ! 247: if (parm->passwd != NULLCP) ! 248: free(parm->passwd); ! 249: if (parm->time1 != NULLCP) ! 250: free(parm->time1); ! 251: if (parm->time2 != NULLCP) ! 252: free(parm->time2); ! 253: ! 254: free((char *) parm); ! 255: } ! 256: ! 257: protected_password_syntax () ! 258: { ! 259: (void) add_attribute_syntax ("ProtectedPassword", ! 260: (IFP) prot_enc, (IFP) prot_dec, ! 261: (IFP) str2prot, prot_print, ! 262: (IFP) prot_cpy, prot_cmp, ! 263: prot_free, NULLCP, ! 264: NULLIFP, FALSE); ! 265: } ! 266:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.