forked from github/server
disable most password formats
This commit is contained in:
parent
d6a8d12dbb
commit
bb03517619
3 changed files with 47 additions and 26 deletions
|
@ -38,8 +38,8 @@ char *password_gensalt(char *salt, size_t salt_len) {
|
|||
return salt;
|
||||
}
|
||||
|
||||
static bool password_is_implemented(int algo) {
|
||||
return algo == PASSWORD_PLAINTEXT || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
|
||||
bool password_is_implemented(int algo) {
|
||||
return algo == PASSWORD_PLAINTEXT;// || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
|
||||
}
|
||||
|
||||
static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) {
|
||||
|
|
|
@ -14,3 +14,4 @@
|
|||
#define VERIFY_UNKNOWN 2 // hashing algorithm not supported
|
||||
int password_verify(const char *hash, const char *passwd);
|
||||
const char * password_encode(const char *passwd, int algo);
|
||||
bool password_is_implemented(int algo);
|
||||
|
|
|
@ -7,37 +7,57 @@ static void test_passwords(CuTest *tc) {
|
|||
const char *hash, *expect;
|
||||
|
||||
expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660";
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||
hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 6));
|
||||
if (password_is_implemented(PASSWORD_APACHE_MD5)) {
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||
hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 6));
|
||||
} else {
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "Hodor"));
|
||||
}
|
||||
|
||||
expect = "$1$ZouUn04i$yNnT1Oy8azJ5V.UM9ppP5/";
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "jollygood"));
|
||||
hash = password_encode("jollygood", PASSWORD_MD5);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
|
||||
if (password_is_implemented(PASSWORD_MD5)) {
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "jollygood"));
|
||||
hash = password_encode("jollygood", PASSWORD_MD5);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
|
||||
} else {
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "jollygood"));
|
||||
}
|
||||
|
||||
expect = "password";
|
||||
hash = password_encode("password", PASSWORD_PLAINTEXT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertStrEquals(tc, hash, expect);
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||
|
||||
if (password_is_implemented(PASSWORD_PLAINTEXT)) {
|
||||
hash = password_encode("password", PASSWORD_PLAINTEXT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertStrEquals(tc, hash, expect);
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||
} else {
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "password"));
|
||||
}
|
||||
|
||||
expect = "$0$password";
|
||||
hash = password_encode("password", PASSWORD_NOCRYPT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertStrEquals(tc, hash, expect);
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||
if (password_is_implemented(PASSWORD_NOCRYPT)) {
|
||||
hash = password_encode("password", PASSWORD_NOCRYPT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertStrEquals(tc, hash, expect);
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||
} else {
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "password"));
|
||||
}
|
||||
|
||||
expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm";
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||
hash = password_encode("Hodor", PASSWORD_BCRYPT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
|
||||
|
||||
if (password_is_implemented(PASSWORD_BCRYPT)) {
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||
hash = password_encode("Hodor", PASSWORD_BCRYPT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
|
||||
} else {
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "Hodor"));
|
||||
}
|
||||
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue