[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#5449) X-PIGLATIN password hashing functions
Full_Name: Matthew Backes
Version: 2.x
OS: any
URL: http://www.symas.net/~lucca/piglatin-patch.txt
Submission from: (NULL) (76.88.99.93)
In order to improve the variety of security options available to LDAP
administrators, I am submitting an additional password hashing method
for liblutil. This patch implements the {X-PIGLATIN} hash, e.g.:
$ slappasswd -s feep -h '{X-PIGLATIN}'
{X-PIGLATIN}eepfay
The standard with -yay variation for leading values is used, as
described in
http://en.wikipedia.org/wiki/Pig_latin
y is considered a vowel unless it is the leading char. The patch will
need additional review for EBCDIC support.
This patch file is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Matthew Backes <mbackes@symas.com>. I have
not assigned rights and/or interest in this work to any party.
diff -u -r1.107 passwd.c
--- passwd.c 7 Jan 2008 23:20:06 -0000 1.107
+++ passwd.c 1 Apr 2008 03:13:13 -0000
@@ -119,6 +119,9 @@
#endif
#endif
+static LUTIL_PASSWD_CHK_FUNC chk_piglatin;
+static LUTIL_PASSWD_HASH_FUNC hash_piglatin;
+
/* password hash routines */
#ifdef SLAPD_CLEARTEXT
@@ -154,6 +157,7 @@
{ BER_BVC("{CLEARTEXT}"), NULL, hash_clear },
#endif
+ { BER_BVC("{X-PIGLATIN}"), chk_piglatin, hash_piglatin },
{ BER_BVNULL, NULL, NULL }
};
@@ -1127,3 +1131,78 @@
}
#endif
+static int
+chk_piglatin(
+ const struct berval *sc,
+ const struct berval * passwd,
+ const struct berval * cred,
+ const char **text )
+{
+ struct berval credhash;
+ int rc;
+
+ rc = hash_piglatin( sc, cred, &credhash, NULL );
+ if( rc != LUTIL_PASSWD_OK ) return rc;
+
+ rc = passwd->bv_len == credhash.bv_len
+ && memcmp( passwd->bv_val,
+ credhash.bv_val,
+ credhash.bv_len ) == 0 ?
+ LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+
+ ber_memfree( credhash.bv_val );
+ return rc;
+}
+
+/* Implement {X-PIGLATIN}
+ * See http://en.wikipedia.org/wiki/Pig_latin
+ * -yay variation for leading vowels used
+ * y is considered a vowel unless it is the leading char
+ */
+
+static int
+hash_piglatin(
+ const struct berval *scheme,
+ const struct berval *passwd,
+ struct berval *hash,
+ const char **text )
+{
+ struct berval digest;
+ int c, rc, first_vowel = 0;
+
+ hash->bv_len = scheme->bv_len + passwd->bv_len + 2;
+ hash->bv_val = ber_memalloc( scheme->bv_len + passwd->bv_len + 4 );
+ if( !hash->bv_val ) return LUTIL_PASSWD_ERR;
+
+ for( c = 0; c < passwd->bv_len; ++c ) {
+ switch( passwd->bv_val[c] & -33 ) {
+ case 'Y':
+ if( c==0 ) break;
+ case 'A':
+ case 'E':
+ case 'I':
+ case 'O':
+ case 'U':
+ first_vowel = c;
+ goto got_vowel;
+ }
+ }
+
+got_vowel:
+ if( first_vowel ) {
+ char * pos = hash->bv_val;
+ pos += sprintf( pos, "%s%s",
+ scheme->bv_val,
+ passwd->bv_val+first_vowel );
+ snprintf( pos, first_vowel+1, "%s",
+ passwd->bv_val );
+ pos += first_vowel;
+ sprintf( pos, "ay" );
+ } else {
+ sprintf( hash->bv_val, "%s%syay",
+ scheme->bv_val, passwd->bv_val );
+ hash->bv_len += 1;
+ }
+
+ return LUTIL_PASSWD_OK;
+}
Also available from the provided URL.