/* -*- c -*- ------------------------------------------------------------- * * * Copyright 2004-2005 Murali Krishnan Ganapathy - All Rights Reserved * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, Inc., 53 Temple Place Ste 330, * Bostom MA 02111-1307, USA; either version 2 of the License, or * (at your option) any later version; incorporated herein by reference. * * ----------------------------------------------------------------------- */ #include "passwords.h" #include "des.h" #include "string.h" #include #include #include "tui.h" #define MAX_LINE 512 // Max line length in a pwdfile p_pwdentry userdb[MAX_USERS]; // Array of pointers int numusers; // Actual number of users // returns true or false, i.e. 1 or 0 char authenticate_user(const char *username, const char *pwd) { char salt[12]; int i; for (i = 0; i < numusers; i++) { if (userdb[i] == NULL) continue; if (strcmp(username, userdb[i]->username) == 0) { strcpy(salt, userdb[i]->pwdhash); salt[2] = '\0'; if (strcmp(userdb[i]->pwdhash, crypt(pwd, salt)) == 0) return 1; } } return 0; } // Does user USERNAME have permission PERM char isallowed(const char *username, const char *perm) { int i; char *dperm; char *tmp; // If no users, then everybody is allowed to do everything if (numusers == 0) return 1; if (strcmp(username, GUEST_USER) == 0) return 0; dperm = (char *)malloc(strlen(perm) + 3); strcpy(dperm + 1, perm); dperm[0] = ':'; dperm[strlen(perm) + 1] = ':'; dperm[strlen(perm) + 2] = 0; // Now dperm = ":perm:" for (i = 0; i < numusers; i++) { if (strcmp(userdb[i]->username, username) == 0) // Found the user { if (userdb[i]->perms == NULL) return 0; // No permission tmp = strstr(userdb[i]->perms, dperm); // Search for permission free(dperm); // Release memory if (tmp == NULL) return 0; else return 1; } } // User not found return 0 free(dperm); return 0; } // Initialise the list of of user passwords permissions from file void init_passwords(const char *filename) { int i; char line[MAX_LINE], *p, *user, *pwdhash, *perms; FILE *f; for (i = 0; i < MAX_USERS; i++) userdb[i] = NULL; numusers = 0; if (!filename) return; // No filename specified f = fopen(filename, "r"); if (!f) return; // File does not exist // Process each line while (fgets(line, sizeof line, f)) { // Replace EOLN with \0 p = strchr(line, '\r'); if (p) *p = '\0'; p = strchr(line, '\n'); if (p) *p = '\0'; // If comment line or empty ignore line p = line; while (*p == ' ') p++; // skip initial spaces if ((*p == '#') || (*p == '\0')) continue; // Skip comment lines user = p; // This is where username starts p = strchr(user, ':'); if (p == NULL) continue; // Malformed line skip *p = '\0'; pwdhash = p + 1; if (*pwdhash == 0) continue; // Malformed line (no password specified) p = strchr(pwdhash, ':'); if (p == NULL) { // No perms specified perms = NULL; } else { *p = '\0'; perms = p + 1; if (*perms == 0) perms = NULL; } // At this point we have user,pwdhash and perms setup userdb[numusers] = (p_pwdentry) malloc(sizeof(pwdentry)); strcpy(userdb[numusers]->username, user); strcpy(userdb[numusers]->pwdhash, pwdhash); if (perms == NULL) userdb[numusers]->perms = NULL; else { userdb[numusers]->perms = (char *)malloc(strlen(perms) + 3); (userdb[numusers]->perms)[0] = ':'; strcpy(userdb[numusers]->perms + 1, perms); (userdb[numusers]->perms)[strlen(perms) + 1] = ':'; (userdb[numusers]->perms)[strlen(perms) + 2] = 0; // Now perms field points to ":perms:" } numusers++; } fclose(f); } void close_passwords(void) { int i; for (i = 0; i < numusers; i++) if (userdb[i] != NULL) free(userdb[i]); numusers = 0; }