| 288 |
288 |
static short pw_aes(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
|
| 289 |
289 |
#endif
|
| 290 |
290 |
static short pw_sha1(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
|
|
291 |
static short pw_sha1_rm(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
|
| 291 |
292 |
static short pw_plain(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
|
| 292 |
293 |
|
| 293 |
294 |
static char * format_remote_host(request_rec * r, char ** parm);
|
| ... | ... | |
| 318 |
319 |
#if _AES
|
| 319 |
320 |
{"aes", SALT_REQUIRED, pw_aes},
|
| 320 |
321 |
#endif
|
| 321 |
|
{"sha1", NO_SALT, pw_sha1}};
|
|
322 |
{"sha1", NO_SALT, pw_sha1},
|
|
323 |
{"sha1-rm", SALT_OPTIONAL, pw_sha1_rm}};
|
| 322 |
324 |
typedef struct { /* User formatting patterns */
|
| 323 |
325 |
char pattern; /* Pattern to match */
|
| 324 |
326 |
char * (*func)(request_rec * r, char ** parm);
|
| ... | ... | |
| 856 |
858 |
return strcasecmp(bin2hex(pool, scrambled_sent_pw, enc_len), real_pw) == 0;
|
| 857 |
859 |
}
|
| 858 |
860 |
|
|
861 |
/* checks SHA1 passwords - adjusted for use with redmine */
|
|
862 |
static short pw_sha1_rm(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt) {
|
|
863 |
char salt_and_pw[500];
|
|
864 |
char scrambled_pw[500];
|
|
865 |
char *scrambled_sent_pw, *buffer=PCALLOC(pool, 128);
|
|
866 |
char *scrambled_salt_pw, *buffer01=PCALLOC(pool, 128);
|
|
867 |
short enc_len = 0;
|
|
868 |
short enc_len01 = 0;
|
|
869 |
#ifdef APACHE2
|
|
870 |
apr_sha1_base64(sent_pw, strlen(sent_pw), buffer);
|
|
871 |
buffer += 5; /* go past {SHA1} eyecatcher */
|
|
872 |
scrambled_sent_pw = PCALLOC(pool, apr_base64_decode_len(buffer) + 1);
|
|
873 |
enc_len = apr_base64_decode(scrambled_sent_pw, buffer);
|
|
874 |
//scramble (salt+scrambled_pw) for redmine:
|
|
875 |
strcpy(salt_and_pw,salt);
|
|
876 |
strcpy(scrambled_pw,bin2hex(pool, scrambled_sent_pw, enc_len));
|
|
877 |
//conver scrambled_pw to lower:
|
|
878 |
int i;
|
|
879 |
for (i = 0; scrambled_pw[i]; i++)
|
|
880 |
scrambled_pw[i] =tolower(scrambled_pw[ i ]);
|
|
881 |
//cat salt + scrambled_pw:
|
|
882 |
strcat(salt_and_pw,scrambled_pw);
|
|
883 |
apr_sha1_base64(salt_and_pw, strlen(salt_and_pw), buffer01);
|
|
884 |
buffer01 += 5; /* go past {SHA1} eyecatcher */
|
|
885 |
scrambled_salt_pw = PCALLOC(pool, apr_base64_decode_len(buffer01) + 1);
|
|
886 |
enc_len01 = apr_base64_decode(scrambled_salt_pw, buffer01);
|
|
887 |
#else
|
|
888 |
ap_sha1_base64(sent_pw, strlen(sent_pw), buffer);
|
|
889 |
buffer += 5; /* go past {SHA1} eyecatcher */
|
|
890 |
scrambled_sent_pw = PCALLOC(pool, ap_base64decode_len(buffer) + 1);
|
|
891 |
enc_len = ap_base64decode(scrambled_sent_pw, buffer);
|
|
892 |
#endif
|
|
893 |
scrambled_sent_pw[enc_len] = '\0';
|
|
894 |
return strcasecmp(bin2hex(pool, scrambled_salt_pw, enc_len), real_pw) == 0;
|
|
895 |
}
|
|
896 |
|
| 859 |
897 |
/* checks plain text passwords */
|
| 860 |
898 |
static short pw_plain(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt) {
|
| 861 |
899 |
return strcmp(real_pw, sent_pw) == 0;
|