1 kumpf 1.2 /*
2 //%2006////////////////////////////////////////////////////////////////////////
3 //
4 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
5 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
6 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
7 // IBM Corp.; EMC Corporation, The Open Group.
8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
9 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
10 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
11 // EMC Corporation; VERITAS Software Corporation; The Open Group.
12 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
13 // EMC Corporation; Symantec Corporation; The Open Group.
14 //
15 // Permission is hereby granted, free of charge, to any person obtaining a copy
16 // of this software and associated documentation files (the "Software"), to
17 // deal in the Software without restriction, including without limitation the
18 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
19 // sell copies of the Software, and to permit persons to whom the Software is
20 // furnished to do so, subject to the following conditions:
21 //
22 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
23 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
24 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
25 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
26 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
27 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
30 //
31 //%/////////////////////////////////////////////////////////////////////////////
32 */
33
34 #define _XOPEN_SOURCE
35 #include <unistd.h>
36 #include <stdio.h>
37 #include <string.h>
38 #include "Defines.h"
39 #include "Strlcpy.h"
40 #include "PasswordFile.h"
41
42 /*
43 kumpf 1.2 **==============================================================================
44 **
45 ** CheckPasswordFile()
46 **
47 ** Checks whether the *password* is correct for the given *username*,
48 ** according to the password file referred to by *path*. The file has
49 ** the following format.
50 **
51 ** <usrname>:<encrypted-password>
52 **
53 ** For example (smith's password is "changeme"):
54 **
55 ** smith:AB5bZ.JX9fQzA
56 ** jones:XMllrzJ80fd.A
57 ** williams:lM80ffj.jiOiO
58 **
59 ** Returns zero if the password matches or if password is null and the
60 ** user exists.
61 **
62 **==============================================================================
63 */
64 kumpf 1.2
65 int CheckPasswordFile(
66 const char* path,
67 const char* username,
68 const char* password)
69 {
70 FILE* is;
71 char line[EXECUTOR_BUFFER_SIZE];
72
73 /* Open file. */
74
75 if ((is = fopen(path, "r")) == NULL)
76 return -1;
77
78 /* Lookup encrypted password for this user. */
79
80 while (fgets(line, sizeof(line), is) != NULL)
81 {
82 char* p;
83 char encryptedPassword[14];
84 char buffer[EXECUTOR_BUFFER_SIZE];
85 kumpf 1.2 char salt[3];
86
87 /* Skip lines starting with '#'. */
88
89 if (line[0] == '#')
90 continue;
91
92 /* Replace colon with null-terminator. */
93
94 if ((p = strchr(line, ':')) == NULL)
95 continue;
96
97 *p++ = '\0';
98
99 /* Skip this line, if username does not match. */
100
101 if (strcmp(line, username) != 0)
102 continue;
103
104 /* If password is null, we are done. */
105
106 kumpf 1.2 if (password == NULL)
107 {
108 fclose(is);
109 return -1;
110 }
111
112 /* Get encrypted password. */
113
114 Strlcpy(encryptedPassword, p, sizeof(encryptedPassword));
115
116 /* Get salt from encrypted password. */
117
118 salt[0] = encryptedPassword[0];
119 salt[1] = encryptedPassword[1];
120 salt[2] = '\0';
121
122 /* Check password. */
123
124 /* Flawfinder: ignore */
125 Strlcpy(buffer, crypt(password, salt), sizeof(buffer));
126
127 kumpf 1.2 if (strcmp(buffer, encryptedPassword) == 0)
128 {
129 fclose(is);
130 return 0;
131 }
132 else
133 {
134 fclose(is);
135 return -1;
136 }
137 }
138
139 /* User entry not found. */
140
141 fclose(is);
142 return -1;
143 }
|