/* protected.c - ProtectedPassword attribute syntax */
static char *rcsid
= "$Header: /f/osi/dsap/common/RCS/protected.c,v 7.7 91/03/09 11:53:32 mrose Exp $";
* $Header: /f/osi/dsap/common/RCS/protected.c,v 7.7 91/03/09 11:53:32 mrose Exp $
* Revision 7.7 91/03/09 11:53:32 mrose
* Revision 7.6 91/02/22 09:20:01 mrose
* Revision 7.5 90/11/20 15:29:24 mrose
* Revision 7.4 90/10/17 11:42:35 mrose
* Revision 7.3 90/01/12 08:08:26 mrose
* Revision 7.2 90/01/11 23:53:12 mrose
* Revision 7.1 89/12/19 16:19:29 mrose
* Revision 7.0 89/11/23 21:47:43 mrose
* Acquisition, use, and distribution of this module and related
* materials are subject to the restrictions of a license agreement.
* Consult the Preface in the User's Manual for the full terms of
#include "quipu/authen.h"
#include "quipu/syntaxes.h"
struct protected_password
*x
;
(void) encode_Quipu_ProtectedPassword (&result
, 0, 0, NULLCP
, x
);
static struct protected_password
* prot_dec (pe
)
struct protected_password
*result
;
if (decode_Quipu_ProtectedPassword (pe
, 0, NULLIP
, NULLVP
, &result
)
return ((struct protected_password
*) 0);
static struct protected_password
*str2prot(str
)
struct protected_password
*result
;
result
= (struct protected_password
*)
calloc(1, sizeof(*result
));
if (result
== (struct protected_password
*) 0)
/* Using strlen means can't have zeros in the password */
result
->passwd
= cryptparse(str
);
result
->n_octets
= strlen(result
->passwd
);
result
->is_protected
[0] = '\0';
result
->random1
= (struct random_number
*) 0;
result
->random2
= (struct random_number
*) 0;
static prot_print (ps
, parm
, format
)
struct protected_password
*parm
;
extern char * cryptstring();
/* Make a null-terminated copy */
cp
= malloc((unsigned)(parm
->n_octets
+ 1));
bcopy(parm
->passwd
, cp
, parm
->n_octets
);
cp
[parm
->n_octets
] = '\0';
octprint(ps
, cp
, format
);
octprint(ps
, cryptstring(cp
), format
);
/* Portable conversion from OCTET STRING to whatever structure is
* used to hold a hash. This is currently an unsigned long, which limits the
/* The reverse operation. Currently, hashes are always 4 octets long. */
char *hash2str(hash
, len
)
result
[i
] = (char) (hash
& 255);
/* insecure hash function for testing purposes */
unsigned long hash_passwd(seed
, str
, len
)
DLOG(log_dsap
, LLOG_DEBUG
, ("Hash = %D", seed
));
int check_guard(pwd
, pwd_len
, salt
, hval
, hlen
)
char *pwd
; /* This string is not null-terminated */
char *salt
; /* Null-terminated salt */
char *hval
; /* This string is not null-terminated */
static int prot_cmp (a
, b
)
struct protected_password
*a
, *b
;
if (a
->is_protected
[0] == (char) 0)
if (b
->is_protected
[0] == (char) 0)
/* Both are unencrypted. Do a direct compare. */
if (a
->n_octets
!= b
->n_octets
)
retval
= (strncmp(a
->passwd
, b
->passwd
, a
->n_octets
) == 0)? 0:2;
retval
= check_guard(a
->passwd
, a
->n_octets
, b
->time1
, b
->passwd
, b
->n_octets
);
if (b
->is_protected
[0] == (char) 0)
retval
= check_guard(b
->passwd
, b
->n_octets
, a
->time1
, a
->passwd
, a
->n_octets
);
* This case does not occur with sane usage of this syntax.
* However, we have to handle it in case a DUA tries it.
* To preserve semantics of `equals', should check whether a & b
* are both guarded versions of the same thing, BUT the encryption
* mechanism prevents us doing this check.
* To make evrything mathematically correct, should re-write it
* to use '>=' rather than '='. Unfortunately, can't check '>='
* with a directory COMPARE operation ...
if (a
->n_octets
!= b
->n_octets
)
retval
= (strncmp(a
->passwd
, b
->passwd
, a
->n_octets
) == 0)? 0:2;
static struct protected_password
*prot_cpy(parm
)
struct protected_password
*parm
;
struct protected_password
*result
;
result
= (struct protected_password
*)
calloc(1, sizeof(*result
));
result
->passwd
= malloc((unsigned)parm
->n_octets
);
if (result
->passwd
== NULLCP
)
return ((struct protected_password
*) 0);
bcopy(parm
->passwd
, result
->passwd
, parm
->n_octets
);
result
->n_octets
= parm
->n_octets
;
if (parm
->time1
== NULLCP
)
result
->time1
= strdup(parm
->time1
);
if (parm
->time2
== NULLCP
)
result
->time2
= strdup(parm
->time2
);
result
->random1
= (struct random_number
*) 0;
result
->random2
= (struct random_number
*) 0;
result
->is_protected
[0] = parm
->is_protected
[0];
struct protected_password
*parm
;
if (parm
->passwd
!= NULLCP
)
if (parm
->time1
!= NULLCP
)
if (parm
->time2
!= NULLCP
)
protected_password_syntax ()
(void) add_attribute_syntax ("ProtectedPassword",
(IFP
) prot_enc
, (IFP
) prot_dec
,
(IFP
) str2prot
, prot_print
,
(IFP
) prot_cpy
, prot_cmp
,