[prev in list] [next in list] [prev in thread] [next in thread] 

List:       courier-users
Subject:    [courier-users] Authorization with mysql - md5
From:       "Rafal (sxat)" <gonzak () op ! pl>
Date:       2006-09-28 13:22:09
Message-ID: BE7557148F734F88A92CED0C68ECDB8E () sxat
[Download RAW message or body]

Hello!

How maybe check this source (i am adding authorized from mysql when password
is in md5 (in mysql md5(password field) without base64 ..).

Regards
Rafal



["md5test.c" (application/octet-stream)]

/*
** Copyright 1998 - 2000 Double Precision, Inc.
** See COPYING for distribution information.
*/

#include	<stdio.h>
#include	<string.h>
#include	"md5.h"

int	main()
{
static const char * const teststr[]={
"",
"a",
"abc",
"message digest",
"abcdefghijklmnopqrstuvwxyz",
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"};

char	*salts[4]={"abcdef","01234567","76543210","QWERTY"};
char	*passwds[4]={	"rosebud",
			"trust noone",
			"trust, but verify",
			"for the world is hollow, and I have touched the sky"};

int	i,j;

	printf("MD5 test suite:\n");
	for (i=0; i<(int)sizeof(teststr)/sizeof(teststr[0]); i++)
	{
	MD5_DIGEST digest;

		md5_digest(teststr[i], strlen(teststr[i]), digest);

		printf("MD5 (\"%s\") = ", teststr[i]);
		for (j=0; j<sizeof(digest); j++)
			printf("%02x", digest[j]);
		printf("\n");
	}
	for (i=0; i<sizeof(salts)/sizeof(salts[0]); i++)
		printf("Salt: %s\nPassword: %s\nHash:%s\n\n",
				salts[i], passwds[i],
				md5_crypt_redhat(passwds[i], salts[i]));
				
	printf("MD5_hash_rfc: %s\n", md5_hash_rfc("hello"));		
	return (0);
}

["md5_hash.c" (application/octet-stream)]

/*
** Copyright 2000 Double Precision, Inc.
** See COPYING for distribution information.
*/

#include	"md5.h"
#include	<string.h>
#include	<stdio.h>
static const char rcsid[]="$Id: md5_hash.c,v 1.5 2002/12/12 04:23:58 mrsam Exp $";

static const char base64tab[]=
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

const char *md5_hash_courier(const char *passw)
{
MD5_DIGEST md5buf;
static char hash_buffer[1+(sizeof(md5buf)+2)/3*4];
int	a=0,b=0,c=0;
int	i, j;
int	d, e, f, g;

	md5_digest(passw, strlen(passw), md5buf);

	j=0;

	for (i=0; i<sizeof(md5buf); i += 3)
	{
		a=md5buf[i];
		b= i+1 < sizeof(md5buf) ? md5buf[i+1]:0;
		c= i+2 < sizeof(md5buf) ? md5buf[i+2]:0;

		d=base64tab[ a >> 2 ];
		e=base64tab[ ((a & 3 ) << 4) | (b >> 4)];
		f=base64tab[ ((b & 15) << 2) | (c >> 6)];
		g=base64tab[ c & 63 ];
		if (i + 1 >= sizeof(md5buf))	f='=';
		if (i + 2 >= sizeof(md5buf)) g='=';
		hash_buffer[j++]=d;
		hash_buffer[j++]=e;
		hash_buffer[j++]=f;
		hash_buffer[j++]=g;
	}

	hash_buffer[j]=0;
	return (hash_buffer);
}



const char *md5_hash_rfc(const char *passw)
{
MD5_DIGEST md5buf;
static char hash_buffer[33];
char *hash=hash_buffer;
 int i; 
	md5_digest(passw, strlen(passw), md5buf);
	for (i=0; i<sizeof(md5buf); i++)
	{
          sprintf(hash,"%.2x",md5buf[i]);
	  hash+=2;	
	}
	*hash=0;
	return (hash_buffer);
}

["md5.h" (application/octet-stream)]
["checkpasswordmd5.c" (application/octet-stream)]

/*
** Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
** distribution information.
*/
#include <stdio.h>
#if	HAVE_CONFIG_H
#include	"courier_auth_config.h"
#endif
#include	<string.h>
#if	HAVE_UNISTD_H
#include	<unistd.h>
#endif
#include	"md5/md5.h"
#include	"auth.h"

static const char rcsid[]="$Id: checkpasswordmd5.c,v 1.7 2004/10/21 00:10:49 mrsam Exp $";

int authcheckpasswordmd5(const char *password, const char *encrypted_password)
{
	if (strncmp(encrypted_password, "$1$", 3) == 0)
	{
		return (strcmp(encrypted_password,
			md5_crypt(password, encrypted_password)));
	}

	if (strncasecmp(encrypted_password, "{MD5}", 5) == 0)
	{
               return (strcmp(encrypted_password+5, md5_hash_courier(password)));
	}
	
	if (strncasecmp(encrypted_password, "{MD5rfc}", 8) == 0)
	{
	       return (strcmp(encrypted_password+8, md5_hash_rfc(password)));
	}
	
	return (-1);
}

["checkpassword.c" (application/octet-stream)]

/*
** Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
** distribution information.
*/
#include <stdio.h>

#if	HAVE_CONFIG_H
#include	"courier_auth_config.h"
#endif
#include	<string.h>
#if	HAVE_UNISTD_H
#include	<unistd.h>
#endif
#if	HAVE_CRYPT_H
#include	<crypt.h>
#endif
#include	"auth.h"
#include	"courierauthdebug.h"

static const char rcsid[]="$Id: checkpassword.c,v 1.14 2005/07/10 00:47:37 mrsam Exp $";

#if HAVE_CRYPT
#if NEED_CRYPT_PROTOTYPE
extern char *crypt(const char *, const char *);
#endif
#endif

#if	HAVE_MD5LIB
extern int authcheckpasswordmd5(const char *, const char *);
#endif

#if	HAVE_SHA1LIB
extern int authcheckpasswordsha1(const char *, const char *);
#endif

static int do_authcheckpassword(const char *password, const char *encrypted_password)
{
#if	HAVE_MD5LIB
        
	if (strncmp(encrypted_password, "$1$", 3) == 0
		|| strncasecmp(encrypted_password, "{MD5}", 5) == 0
		|| strncasecmp(encrypted_password, "{MD5rfc}", 8) == 0 
		)
		return (authcheckpasswordmd5(password, encrypted_password));
#endif

#if	HAVE_SHA1LIB
	if (strncasecmp(encrypted_password, "{SHA}", 5) == 0 ||
	    strncasecmp(encrypted_password, "{SHA256}", 8) == 0
		)
		return (authcheckpasswordsha1(password, encrypted_password));
#endif

#if	HAVE_CRYPT
	if (strncasecmp(encrypted_password, "{CRYPT}", 7) == 0)
		encrypted_password += 7;
#endif

	return (
#if	HAVE_CRYPT
		strcmp(encrypted_password,
			crypt(password, encrypted_password))
#else
		strcmp(encrypted_password, password)
#endif
				);
}

int authcheckpassword(const char *password, const char *encrypted_password)
{
int rc;
	rc=do_authcheckpassword(password, encrypted_password);
	
	if (rc == 0)
		DPRINTF("password matches successfully");
	else if (courier_authdebug_login_level >= 2)
		DPRINTF("supplied password '%s' does not match encrypted password '%s'",
			password, encrypted_password);
	else
		DPRINTF("supplied password does not match encrypted password");
	return rc;
}


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[prev in list] [next in list] [prev in thread] [next in thread]