forked from ptoomey3/openldap-bcrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pw-bcrypt.c
136 lines (116 loc) · 2.9 KB
/
pw-bcrypt.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 2009-2013 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENT:
* This work was initially developed by David Wright <[email protected]>
*/
#define _GNU_SOURCE
#include "portable.h"
#include <ac/string.h>
#include "lber_pvt.h"
#include "lutil.h"
#include <stdio.h>
#include <stdlib.h>
#include "bcrypt.h"
#define BCRYPT_ITERATION 8
const struct berval bcryptscheme = BER_BVC("{BCRYPT}");
static int bcrypt_encrypt(
const struct berval *scheme,
const struct berval *passwd,
struct berval *msg,
const char **text)
{
char salt[BCRYPT_HASHSIZE] = {0};
char hash[BCRYPT_HASHSIZE] = {0};
int rc;
int i = 0;
rc = bcrypt_gensalt(BCRYPT_ITERATION, salt);
#ifdef SLAPD_BCRYPT_DEBUG
printf("DEBUG bcrypt_encrypt()\n");
if(rc != 0) {
printf("bcrypt_gensalt error %d\n", rc);
} else {
printf("bcrypt_gensalt OK %d\n", rc);
}
printf("Salt: ");
for(; i < BCRYPT_HASHSIZE; i++) {
printf("%c", salt[i]);
}
printf("\n");
#endif
if(rc != 0) return LUTIL_PASSWD_ERR;
rc = bcrypt_hashpw(passwd->bv_val, salt, hash);
#ifdef SLAPD_BCRYPT_DEBUG
if(rc != 0) {
printf("bcrypt_hashpw error %d\n", rc);
} else {
printf("bcrypt_hashpw OK %d\n", rc);
}
#endif
if(rc != 0) return LUTIL_PASSWD_ERR;
msg->bv_len = asprintf(&msg->bv_val, "%s%s", scheme->bv_val, hash);
#ifdef SLAPD_BCRYPT_DEBUG
printf("bcrypt_encrypt() result: ");
printf("%s%s\n", scheme->bv_val, hash);
#endif
if(msg->bv_len < 0){
return LUTIL_PASSWD_ERR;
}
return LUTIL_PASSWD_OK;
}
static int bcrypt_check(
const struct berval *scheme,
const struct berval *passwd,
const struct berval *cred,
const char **text)
{
int rc;
int i = 0;
#ifdef SLAPD_BCRYPT_DEBUG
printf("DEBUG bcrypt_check()\n");
printf(" Stored Value:\t%s\n", passwd->bv_val);
printf(" Input Cred:\t%s\n", cred->bv_val);
#endif
char hash[BCRYPT_HASHSIZE] = {0};
rc = bcrypt_hashpw(cred->bv_val, passwd->bv_val, hash);
#ifdef SLAPD_BCRYPT_DEBUG
if(rc != 0) {
printf("bcrypt_hashpw error %d\n", rc);
} else {
printf("bcrypt_hashpw OK %d\n", rc);
}
#endif
if(rc != 0) return LUTIL_PASSWD_ERR;
#ifdef SLAPD_BCRYPT_DEBUG
printf(" Hash:\t%s\n", hash);
#endif
if (strcmp(passwd->bv_val, hash) == 0) {
return LUTIL_PASSWD_OK;
} else {
return LUTIL_PASSWD_ERR;
}
}
int init_module(int argc, char *argv[]) {
int rc;
rc = lutil_passwd_add((struct berval *)&bcryptscheme,
bcrypt_check, bcrypt_encrypt);
return rc;
}
/*
* Local variables:
* indent-tabs-mode: t
* tab-width: 4
* c-basic-offset: 4
* End:
*/