(file) Return to PasswordFile.c CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Executor

Diff for /pegasus/src/Executor/PasswordFile.c between version 1.1 and 1.1.2.3

version 1.1, 2007/01/10 01:59:28 version 1.1.2.3, 2007/02/15 22:10:41
Line 0 
Line 1 
   #define _XOPEN_SOURCE
   #include <unistd.h>
   #include <stdio.h>
   #include <string.h>
   #include "Defines.h"
   #include "Strlcpy.h"
   #include "PasswordFile.h"
   
   /*
   **==============================================================================
   **
   ** CheckPasswordFile()
   **
   **     Checks whether the *password* is correct for the given *username*,
   **     according to the password file referred to by *path*. The file has
   **     the following format.
   **
   **         <usrname>:<encrypted-password>
   **
   **     For example (smith's password is "changeme"):
   **
   **         smith:AB5bZ.JX9fQzA
   **         jones:XMllrzJ80fd.A
   **         williams:lM80ffj.jiOiO
   **
   **     Returns zero if the password matches or if password is null and the
   **     user exists.
   **
   **==============================================================================
   */
   
   int CheckPasswordFile(
       const char* path,
       const char* username,
       const char* password)
   {
       FILE* is;
       char line[EXECUTOR_BUFFER_SIZE];
   
       /* Open file. */
   
       if ((is = fopen(path, "r")) == NULL)
           return -1;
   
       /* Lookup encrypted password for this user. */
   
       while (fgets(line, sizeof(line), is) != NULL)
       {
           char* p;
           char encryptedPassword[14];
           char buffer[EXECUTOR_BUFFER_SIZE];
           char salt[3];
   
           /* Skip lines starting with '#'. */
   
           if (line[0] == '#')
               continue;
   
           /* Replace colon with null-terminator. */
   
           if ((p = strchr(line, ':')) == NULL)
               continue;
   
           *p++ = '\0';
   
           /* Skip this line, if username does not match. */
   
           if (strcmp(line, username) != 0)
               continue;
   
           /* If password is null, we are done. */
   
           if (password == NULL)
               return 0;
   
           /* Get encrypted password. */
   
           Strlcpy(encryptedPassword, p, sizeof(encryptedPassword));
   
           /* Get salt from encrypted password. */
   
           salt[0] = encryptedPassword[0];
           salt[1] = encryptedPassword[1];
           salt[2] = '\0';
   
           /* Check password. */
   
           /* Flawfinder: ignore */
           Strlcpy(buffer, crypt(password, salt), sizeof(buffer));
   
           if (strcmp(buffer, encryptedPassword) == 0)
           {
               fclose(is);
               return 0;
           }
           else
           {
               fclose(is);
               return -1;
           }
       }
   
       /* User entry not found. */
   
       fclose(is);
       return -1;
   }

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.1.2.3
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2