pike.git / lib / modules / Crypto.pmod / Password.pmod

version» Context lines:

pike.git/lib/modules/Crypto.pmod/Password.pmod:105:   //! @endstring   //!   //! @returns   //! Returns @expr{1@} on success, and @expr{0@} (zero) otherwise.   //!   //! @note   //! This function was added in Pike 7.8.755.   //!   //! @seealso   //! @[hash()], @[predef::crypt()] - int verify(string password, string hash) + int verify(string(8bit) password, string(8bit) hash)   {    if (hash == "") return 1;       // Detect the password hashing scheme.    // First check for an LDAP-style marker.    string scheme = "crypt";    sscanf(hash, "{%s}%s", scheme, hash);    // NB: RFC2307 proscribes lower case schemes, while    // in practise they are usually in upper case.    switch(lower_case(scheme)) {    case "md5": // RFC 2307    case "smd5":    hash = MIME.decode_base64(hash);    password += hash[16..];    hash = hash[..15]; -  return Crypto.MD5.hash(password) == [string(0..255)]hash; +  return Crypto.MD5.hash(password) == hash;       case "sha": // RFC 2307    case "ssha":    // SHA1 and Salted SHA1.    hash = MIME.decode_base64(hash);    password += hash[20..];    hash = hash[..19]; -  return Crypto.SHA1.hash(password) == [string(0..255)]hash; +  return Crypto.SHA1.hash(password) == hash;       case "crypt": // RFC 2307    // First try the operating systems crypt(3C),    // since it might support more schemes than we do.    if ((hash == "") || crypt(password, hash)) return 1;    if (hash[0] != '$') {    if (hash[0] == '_') {    // FIXME: BSDI-style crypt(3C).    }    return 0;    }       // Then try our implementations. -  sscanf(hash, "$%s$%s$%s", scheme, string salt, string hash); +  sscanf(hash, "$%s$%s$%s", scheme, string(8bit) salt, string(8bit) hash);    if( !salt || !hash ) return 0;    int rounds = UNDEFINED;    if (has_prefix(salt, "rounds=")) {    sscanf(salt, "rounds=%d", rounds);    sscanf(hash, "%s$%s", salt, hash);    }    switch(scheme) {    case "1": // crypt_md5    return Nettle.crypt_md5(password, salt) == [string(0..127)]hash;   
pike.git/lib/modules/Crypto.pmod/Password.pmod:318:    break;    case "":    return crypt(password);       case "sha":    case "{sha}":    salt_size = 0;    // FALL_THROUGH    case "ssha":    case "{ssha}": -  crypt_hash = lambda(string passwd, string salt, int rounds) { +  crypt_hash = lambda(string(8bit) passwd, string(8bit) salt, int rounds) {    return Crypto.SHA1.hash(passwd + salt);    };    render_hash = render_ldap_hash;    break;       case "md5":    case "{md5}":    salt_size = 0;    // FALL_THROUGH    case "smd5":    case "{smd5}": -  crypt_hash = lambda(string passwd, string salt, int rounds) { +  crypt_hash = lambda(string(8bit) passwd, string(8bit) salt, int rounds) {    return Crypto.MD5.hash(passwd + salt);    };    render_hash = render_ldap_hash;    break;       default:    error("Unsupported hashing scheme: %O\n", scheme);    }       if (!rounds) rounds = default_rounds;       // NB: The salt must be printable.    string(0..127) salt =    MIME.encode_base64(Crypto.Random.random_string(salt_size))[..salt_size-1];       string(0..255) hash = crypt_hash(password, salt, rounds);       return render_hash([string(0..127)]scheme, salt, hash, rounds);   }