disable most password formats

This commit is contained in:
Enno Rehling 2016-02-25 10:46:46 +01:00
parent d6a8d12dbb
commit bb03517619
3 changed files with 47 additions and 26 deletions

View file

@ -38,8 +38,8 @@ char *password_gensalt(char *salt, size_t salt_len) {
return salt; return salt;
} }
static bool password_is_implemented(int algo) { bool password_is_implemented(int algo) {
return algo == PASSWORD_PLAINTEXT || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5; return algo == PASSWORD_PLAINTEXT;// || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
} }
static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) { static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) {

View file

@ -14,3 +14,4 @@
#define VERIFY_UNKNOWN 2 // hashing algorithm not supported #define VERIFY_UNKNOWN 2 // hashing algorithm not supported
int password_verify(const char *hash, const char *passwd); int password_verify(const char *hash, const char *passwd);
const char * password_encode(const char *passwd, int algo); const char * password_encode(const char *passwd, int algo);
bool password_is_implemented(int algo);

View file

@ -7,36 +7,56 @@ static void test_passwords(CuTest *tc) {
const char *hash, *expect; const char *hash, *expect;
expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660"; expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660";
if (password_is_implemented(PASSWORD_APACHE_MD5)) {
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
hash = password_encode("Hodor", PASSWORD_APACHE_MD5); hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 6)); CuAssertIntEquals(tc, 0, strncmp(hash, expect, 6));
} else {
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "Hodor"));
}
expect = "$1$ZouUn04i$yNnT1Oy8azJ5V.UM9ppP5/"; expect = "$1$ZouUn04i$yNnT1Oy8azJ5V.UM9ppP5/";
if (password_is_implemented(PASSWORD_MD5)) {
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "jollygood")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "jollygood"));
hash = password_encode("jollygood", PASSWORD_MD5); hash = password_encode("jollygood", PASSWORD_MD5);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3)); CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
} else {
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "jollygood"));
}
expect = "password"; expect = "password";
if (password_is_implemented(PASSWORD_PLAINTEXT)) {
hash = password_encode("password", PASSWORD_PLAINTEXT); hash = password_encode("password", PASSWORD_PLAINTEXT);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertStrEquals(tc, hash, expect); CuAssertStrEquals(tc, hash, expect);
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword")); CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
} else {
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "password"));
}
expect = "$0$password"; expect = "$0$password";
if (password_is_implemented(PASSWORD_NOCRYPT)) {
hash = password_encode("password", PASSWORD_NOCRYPT); hash = password_encode("password", PASSWORD_NOCRYPT);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertStrEquals(tc, hash, expect); CuAssertStrEquals(tc, hash, expect);
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword")); CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
} else {
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "password"));
}
expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm"; expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm";
if (password_is_implemented(PASSWORD_BCRYPT)) {
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
hash = password_encode("Hodor", PASSWORD_BCRYPT); hash = password_encode("Hodor", PASSWORD_BCRYPT);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7)); CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
} else {
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "Hodor"));
}
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password")); CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));
} }