forked from github/server
disable most password formats
This commit is contained in:
parent
d6a8d12dbb
commit
bb03517619
|
@ -38,8 +38,8 @@ char *password_gensalt(char *salt, size_t salt_len) {
|
||||||
return salt;
|
return salt;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool password_is_implemented(int algo) {
|
bool password_is_implemented(int algo) {
|
||||||
return algo == PASSWORD_PLAINTEXT || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
|
return algo == PASSWORD_PLAINTEXT;// || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) {
|
static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) {
|
||||||
|
|
|
@ -14,3 +14,4 @@
|
||||||
#define VERIFY_UNKNOWN 2 // hashing algorithm not supported
|
#define VERIFY_UNKNOWN 2 // hashing algorithm not supported
|
||||||
int password_verify(const char *hash, const char *passwd);
|
int password_verify(const char *hash, const char *passwd);
|
||||||
const char * password_encode(const char *passwd, int algo);
|
const char * password_encode(const char *passwd, int algo);
|
||||||
|
bool password_is_implemented(int algo);
|
||||||
|
|
|
@ -7,36 +7,56 @@ static void test_passwords(CuTest *tc) {
|
||||||
const char *hash, *expect;
|
const char *hash, *expect;
|
||||||
|
|
||||||
expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660";
|
expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660";
|
||||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
if (password_is_implemented(PASSWORD_APACHE_MD5)) {
|
||||||
hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
|
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||||
CuAssertPtrNotNull(tc, hash);
|
hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
|
||||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 6));
|
CuAssertPtrNotNull(tc, hash);
|
||||||
|
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 6));
|
||||||
|
} else {
|
||||||
|
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "Hodor"));
|
||||||
|
}
|
||||||
|
|
||||||
expect = "$1$ZouUn04i$yNnT1Oy8azJ5V.UM9ppP5/";
|
expect = "$1$ZouUn04i$yNnT1Oy8azJ5V.UM9ppP5/";
|
||||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "jollygood"));
|
if (password_is_implemented(PASSWORD_MD5)) {
|
||||||
hash = password_encode("jollygood", PASSWORD_MD5);
|
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "jollygood"));
|
||||||
CuAssertPtrNotNull(tc, hash);
|
hash = password_encode("jollygood", PASSWORD_MD5);
|
||||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
|
CuAssertPtrNotNull(tc, hash);
|
||||||
|
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
|
||||||
|
} else {
|
||||||
|
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "jollygood"));
|
||||||
|
}
|
||||||
|
|
||||||
expect = "password";
|
expect = "password";
|
||||||
hash = password_encode("password", PASSWORD_PLAINTEXT);
|
if (password_is_implemented(PASSWORD_PLAINTEXT)) {
|
||||||
CuAssertPtrNotNull(tc, hash);
|
hash = password_encode("password", PASSWORD_PLAINTEXT);
|
||||||
CuAssertStrEquals(tc, hash, expect);
|
CuAssertPtrNotNull(tc, hash);
|
||||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
CuAssertStrEquals(tc, hash, expect);
|
||||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||||
|
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||||
|
} else {
|
||||||
|
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "password"));
|
||||||
|
}
|
||||||
|
|
||||||
expect = "$0$password";
|
expect = "$0$password";
|
||||||
hash = password_encode("password", PASSWORD_NOCRYPT);
|
if (password_is_implemented(PASSWORD_NOCRYPT)) {
|
||||||
CuAssertPtrNotNull(tc, hash);
|
hash = password_encode("password", PASSWORD_NOCRYPT);
|
||||||
CuAssertStrEquals(tc, hash, expect);
|
CuAssertPtrNotNull(tc, hash);
|
||||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
CuAssertStrEquals(tc, hash, expect);
|
||||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||||
|
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||||
|
} else {
|
||||||
|
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "password"));
|
||||||
|
}
|
||||||
|
|
||||||
expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm";
|
expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm";
|
||||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
if (password_is_implemented(PASSWORD_BCRYPT)) {
|
||||||
hash = password_encode("Hodor", PASSWORD_BCRYPT);
|
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||||
CuAssertPtrNotNull(tc, hash);
|
hash = password_encode("Hodor", PASSWORD_BCRYPT);
|
||||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
|
CuAssertPtrNotNull(tc, hash);
|
||||||
|
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
|
||||||
|
} else {
|
||||||
|
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "Hodor"));
|
||||||
|
}
|
||||||
|
|
||||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));
|
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue