1 kumpf 1.1.4.2 #define _XOPEN_SOURCE
2 #include <unistd.h>
3 #include <stdio.h>
4 #include <string.h>
5 #include "Defines.h"
6 #include "Strlcpy.h"
7 #include "PasswordFile.h"
8
9 /*
10 **==============================================================================
11 **
12 ** CheckPasswordFile()
13 **
14 ** Checks whether the *password* is correct for the given *username*,
15 ** according to the password file referred to by *path*. The file has
16 ** the following format.
17 **
18 ** <usrname>:<encrypted-password>
19 **
20 ** For example (smith's password is "changeme"):
21 **
22 kumpf 1.1.4.2 ** smith:AB5bZ.JX9fQzA
23 ** jones:XMllrzJ80fd.A
24 ** williams:lM80ffj.jiOiO
25 **
26 ** Returns zero if the password matches or if password is null and the
27 ** user exists.
28 **
29 **==============================================================================
30 */
31
32 int CheckPasswordFile(
33 const char* path,
34 const char* username,
35 const char* password)
36 {
37 FILE* is;
38 char line[EXECUTOR_BUFFER_SIZE];
39
40 /* Open file. */
41
42 if ((is = fopen(path, "r")) == NULL)
43 kumpf 1.1.4.2 return -1;
44
45 /* Lookup encrypted password for this user. */
46
47 while (fgets(line, sizeof(line), is) != NULL)
48 {
49 char* p;
50 char encryptedPassword[14];
51 char buffer[EXECUTOR_BUFFER_SIZE];
52 char salt[3];
53
54 /* Skip lines starting with '#'. */
55
56 if (line[0] == '#')
57 continue;
58
59 /* Replace colon with null-terminator. */
60
61 if ((p = strchr(line, ':')) == NULL)
62 continue;
63
64 kumpf 1.1.4.2 *p++ = '\0';
65
66 /* Skip this line, if username does not match. */
67
68 if (strcmp(line, username) != 0)
69 continue;
70
71 /* If password is null, we are done. */
72
73 if (password == NULL)
|
78 kumpf 1.1.4.2
79 /* Get encrypted password. */
80
81 Strlcpy(encryptedPassword, p, sizeof(encryptedPassword));
82
83 /* Get salt from encrypted password. */
84
85 salt[0] = encryptedPassword[0];
86 salt[1] = encryptedPassword[1];
87 salt[2] = '\0';
88
89 /* Check password. */
90
91 /* Flawfinder: ignore */
92 Strlcpy(buffer, crypt(password, salt), sizeof(buffer));
93
94 if (strcmp(buffer, encryptedPassword) == 0)
95 {
96 fclose(is);
97 return 0;
98 }
99 kumpf 1.1.4.2 else
100 {
101 fclose(is);
102 return -1;
103 }
104 }
105
106 /* User entry not found. */
107
108 fclose(is);
109 return -1;
110 }
|