![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to protected.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / dsap / common|
Return to protected.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / dsap / common |
1.1 root 1: /* protected.c - ProtectedPassword attribute syntax */
2:
3: #ifndef lint
4: static char *rcsid = "$Header: /f/osi/dsap/common/RCS/protected.c,v 7.3 90/01/12 08:08:26 mrose Exp $";
5: #endif
6:
7: /*
8: * $Header: /f/osi/dsap/common/RCS/protected.c,v 7.3 90/01/12 08:08:26 mrose Exp $
9: *
10: *
11: * $Log: protected.c,v $
12: * Revision 7.3 90/01/12 08:08:26 mrose
13: * again
14: *
15: * Revision 7.2 90/01/11 23:53:12 mrose
16: * lint
17: *
18: * Revision 7.1 89/12/19 16:19:29 mrose
19: * sync
20: *
21: * Revision 7.0 89/11/23 21:47:43 mrose
22: * Release 6.0
23: *
24: */
25:
26: /*
27: * NOTICE
28: *
29: * Acquisition, use, and distribution of this module and related
30: * materials are subject to the restrictions of a license agreement.
31: * Consult the Preface in the User's Manual for the full terms of
32: * this agreement.
33: *
34: */
35:
36: #include "logger.h"
37: #include "quipu/util.h"
38: #include "quipu/attr.h"
39: #include "quipu/authen.h"
40:
41: extern LLog *log_dsap;
42: extern char allow_crypt;
43: char *cryptparse();
44:
45: static PE prot_enc (x)
46: struct protected_password *x;
47: {
48: PE result = NULLPE;
49:
50: (void) encode_Quipu_ProtectedPassword (&result, 0, 0, NULLCP, x);
51: return (result);
52: }
53:
54: static struct protected_password * prot_dec (pe)
55: PE pe;
56: {
57: struct protected_password *result;
58:
59: if (decode_Quipu_ProtectedPassword (pe, 0, NULLIP, NULLVP, &result)
60: == NOTOK)
61: return ((struct protected_password *) 0);
62: return (result);
63: }
64:
65: static struct protected_password *str2prot(str)
66: char *str;
67: {
68: struct protected_password *result;
69: char *octparse();
70:
71: result = (struct protected_password *)
72: calloc(1, sizeof(*result));
73:
74: if (result == (struct protected_password *) 0)
75: return (result);
76:
77: /* Using strlen means can't have zeros in the password */
78: result->passwd = cryptparse(str);
79: result->n_octets = strlen(result->passwd);
80: result->protected = '\0';
81: result->time1 = NULLCP;
82: result->time2 = NULLCP;
83: result->random1 = (struct random_number *) 0;
84: result->random2 = (struct random_number *) 0;
85:
86: return (result);
87: }
88:
89: static prot_print (ps, parm, format)
90: PS ps;
91: struct protected_password *parm;
92: int format;
93: {
94: char *cp;
95: extern char * cryptstring();
96:
97: /* Make a null-terminated copy */
98: cp = malloc((unsigned)(parm->n_octets + 1));
99: bcopy(parm->passwd, cp, parm->n_octets);
100: cp[parm->n_octets] = '\0';
101:
102: if (allow_crypt == FALSE)
103: octprint(ps, cp, format);
104: else
105: {
106: ps_print(ps, "{CRYPT}");
107: octprint(ps, cryptstring(cp), format);
108: }
109: free(cp);
110: }
111:
112:
113: /* Portable conversion from OCTET STRING to whatever structure is
114: * used to hold a hash. This is currently an unsigned long, which limits the
115: * length of a hash.
116: */
117:
118:
119: /* The reverse operation. Currently, hashes are always 4 octets long. */
120:
121: char *hash2str(hash, len)
122: unsigned long hash;
123: int *len;
124: {
125: char *result;
126: int i;
127:
128: result = malloc(5);
129: if (result == NULLCP)
130: return (result);
131:
132: for (i=0; i<4; i++)
133: {
134: result[i] = (char) (hash & 255);
135: hash = hash >> 8;
136: }
137:
138: *len = 4;
139: return (result);
140: }
141:
142: /* insecure hash function for testing purposes */
143:
144: /* ARGSUSED */
145: unsigned long hash_passwd(seed, str, len)
146: unsigned long seed;
147: char *str;
148: int len;
149: {
150: seed = 0;
151:
152: DLOG(log_dsap, LLOG_DEBUG, ("Hash = %D", seed));
153:
154: return (seed);
155: }
156:
157: /* ARGSUSED */
158: int check_guard(pwd, pwd_len, salt, hval, hlen)
159: char *pwd; /* This string is not null-terminated */
160: int pwd_len;
161: char *salt; /* Null-terminated salt */
162: char *hval; /* This string is not null-terminated */
163: int hlen;
164: {
165: return (2);
166: }
167:
168: static int prot_cmp (a, b)
169: struct protected_password *a, *b;
170: {
171: int retval;
172:
173: if (a->protected == (char) 0)
174: {
175: if (b->protected == (char) 0)
176: {
177: /* Both are unencrypted. Do a direct compare. */
178: if (a->n_octets != b->n_octets)
179: retval = 2;
180: else
181: retval = (strncmp(a->passwd, b->passwd, a->n_octets) == 0)? 0:2;
182: }
183: else
184: retval = check_guard(a->passwd, a->n_octets, b->time1, b->passwd, b->n_octets);
185: }
186: else
187: {
188: if (b->protected == (char) 0)
189: retval = check_guard(b->passwd, b->n_octets, a->time1, a->passwd, a->n_octets);
190: else
191: {
192: /* Both are encrypted.
193: * This case does not occur with sane usage of this syntax.
194: * However, we have to handle it in case a DUA tries it.
195: * To preserve semantics of `equals', should check whether a & b
196: * are both guarded versions of the same thing, BUT the encryption
197: * mechanism prevents us doing this check.
198: *
199: * To make evrything mathematically correct, should re-write it
200: * to use '>=' rather than '='. Unfortunately, can't check '>='
201: * with a directory COMPARE operation ...
202: */
203: if (a->n_octets != b->n_octets)
204: retval = 2;
205: else
206: retval = (strncmp(a->passwd, b->passwd, a->n_octets) == 0)? 0:2;
207: }
208: }
209: return (retval);
210: }
211:
212: static struct protected_password *prot_cpy(parm)
213: struct protected_password *parm;
214: {
215: struct protected_password *result;
216:
217: result = (struct protected_password *)
218: calloc(1, sizeof(*result));
219:
220: result->passwd = malloc((unsigned)parm->n_octets);
221: if (result->passwd == NULLCP)
222: return ((struct protected_password *) 0);
223: bcopy(parm->passwd, result->passwd, parm->n_octets);
224:
225: result->n_octets = parm->n_octets;
226: if (parm->time1 == NULLCP)
227: result->time1 = NULLCP;
228: else
229: result->time1 = strdup(parm->time1);
230:
231: if (parm->time2 == NULLCP)
232: result->time2 = NULLCP;
233: else
234: result->time2 = strdup(parm->time2);
235:
236: result->random1 = (struct random_number *) 0;
237: result->random2 = (struct random_number *) 0;
238:
239: result->protected = parm->protected;
240:
241: return (result);
242: }
243:
244: static prot_free(parm)
245: struct protected_password *parm;
246: {
247: if (parm->passwd != NULLCP)
248: free(parm->passwd);
249: if (parm->time1 != NULLCP)
250: free(parm->time1);
251: if (parm->time2 != NULLCP)
252: free(parm->time2);
253:
254: free((char *) parm);
255: }
256:
257: protected_password_syntax ()
258: {
259: (void) add_attribute_syntax ("ProtectedPassword",
260: (IFP) prot_enc, (IFP) prot_dec,
261: (IFP) str2prot, prot_print,
262: (IFP) prot_cpy, prot_cmp,
263: prot_free, NULLCP,
264: NULLIFP, FALSE);
265: }
266:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.