/* -*- c -*- ------------------------------------------------------------- * * * Copyright 2004-2005 Murali Krishnan Ganapathy - All Rights Reserved * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, Inc., 53 Temple Place Ste 330, * Bostom MA 02111-1307, USA; either version 2 of the License, or * (at your option) any later version; incorporated herein by reference. * * ----------------------------------------------------------------------- */ #include "passwords.h" #include "des.h" #include "string.h" #include #include #include "tui.h" #define MAX_LINE 512 // Max line length in a pwdfile p_pwdentry userdb[MAX_USERS]; // Array of pointers int numusers; // Actual number of users // returns true or false, i.e. 1 or 0 char authenticate_user(const char * username, const char* pwd) { char salt[12]; int i, password_ok; password_ok=0; for (i=0; i< numusers; i++) { if (userdb[i] == NULL) continue; if (strcmp(username,userdb[i]->username)==0) { strcpy(salt, userdb[i]->pwdhash); salt[2] = '\0'; if (strcmp(userdb[i]->pwdhash,crypt(pwd,salt))==0) return 1; } } return 0; } // Does user USERNAME have permission PERM char isallowed(const char *username, const char *perm) { int i; char *dperm; char *tmp; if (strcmp(username,GUEST_USER) == 0) return 0; dperm = (char *) malloc(strlen(perm)+3); strcpy(dperm+1,perm); dperm[0] = ':'; dperm[strlen(perm)+1]=':'; dperm[strlen(perm)+2]=0; // Now dperm = ":perm:" for (i=0; i < numusers; i++) { if (strcmp(userdb[i]->username,username)==0) // Found the user { if (userdb[i]->perms == NULL) return 0; // No permission tmp = strstr(userdb[i]->perms,dperm); // Search for permission free (dperm); // Release memory if (tmp == NULL) return 0; else return 1; } } // User not found return 0 free (dperm); return 0; } // Initialise the list of of user passwords permissions from file void init_passwords(const char *filename) { int i; char line[MAX_LINE], *p,*user,*pwdhash,*perms; FILE *f; for (i=0; i < MAX_USERS; i++) userdb[i] = NULL; numusers = 0; if ( !filename ) return; // No filename specified f = fopen(filename,"r"); if ( !f ) return; // File does not exist // Process each line while ( fgets(line, sizeof line, f) ) { // Replace EOLN with \0 p = strchr(line, '\r'); if ( p ) *p = '\0'; p = strchr(line, '\n'); if ( p ) *p = '\0'; // If comment line or empty ignore line p = line; while (*p==' ') p++; // skip initial spaces if ( (*p == '#') || (*p == '\0')) continue; // Skip comment lines user = p; // This is where username starts p = strchr(user,':'); if (p == NULL) continue; // Malformed line skip *p = '\0'; pwdhash = p+1; if (*pwdhash == 0) continue; // Malformed line (no password specified) p = strchr(pwdhash,':'); if (p == NULL) { // No perms specified perms = NULL; } else { *p = '\0'; perms = p+1; if (*perms == 0) perms = NULL; } // At this point we have user,pwdhash and perms setup userdb[numusers] = (p_pwdentry)malloc(sizeof(pwdentry)); strcpy(userdb[numusers]->username,user); strcpy(userdb[numusers]->pwdhash,pwdhash); if (perms == NULL) userdb[numusers]->perms = NULL; else { userdb[numusers]->perms = (char *)malloc(strlen(perms)+3); (userdb[numusers]->perms)[0] = ':'; strcpy(userdb[numusers]->perms + 1,perms); (userdb[numusers]->perms)[strlen(perms)+1] = ':'; (userdb[numusers]->perms)[strlen(perms)+2] = 0; // Now perms field points to ":perms:" } numusers++; } fclose(f); } void close_passwords() { int i; for (i=0; i < numusers; i++) if (userdb[i] != NULL) free(userdb[i]); numusers = 0; }