/syslinux/menu/libmenu/passwords.c
C | 140 lines | 102 code | 16 blank | 22 comment | 40 complexity | e17adfc61ccdb5998b284769bc965a34 MD5 | raw file
Possible License(s): GPL-2.0, MIT, LGPL-3.0
- /* -*- c -*- ------------------------------------------------------------- *
- *
- * Copyright 2004-2005 Murali Krishnan Ganapathy - All Rights Reserved
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, Inc., 53 Temple Place Ste 330,
- * Bostom MA 02111-1307, USA; either version 2 of the License, or
- * (at your option) any later version; incorporated herein by reference.
- *
- * ----------------------------------------------------------------------- */
- #include "passwords.h"
- #include "des.h"
- #include "string.h"
- #include <stdlib.h>
- #include <stdio.h>
- #include "tui.h"
- #define MAX_LINE 512
- // Max line length in a pwdfile
- p_pwdentry userdb[MAX_USERS]; // Array of pointers
- int numusers; // Actual number of users
- // returns true or false, i.e. 1 or 0
- char authenticate_user(const char * username, const char* pwd)
- {
- char salt[12];
- int i, password_ok;
- password_ok=0;
- for (i=0; i< numusers; i++) {
- if (userdb[i] == NULL) continue;
- if (strcmp(username,userdb[i]->username)==0) {
- strcpy(salt, userdb[i]->pwdhash);
- salt[2] = '\0';
- if (strcmp(userdb[i]->pwdhash,crypt(pwd,salt))==0) return 1;
- }
- }
- return 0;
- }
- // Does user USERNAME have permission PERM
- char isallowed(const char *username, const char *perm)
- {
- int i;
- char *dperm;
- char *tmp;
- if (strcmp(username,GUEST_USER) == 0) return 0;
- dperm = (char *) malloc(strlen(perm)+3);
- strcpy(dperm+1,perm);
- dperm[0] = ':';
- dperm[strlen(perm)+1]=':';
- dperm[strlen(perm)+2]=0;
- // Now dperm = ":perm:"
- for (i=0; i < numusers; i++) {
- if (strcmp(userdb[i]->username,username)==0) // Found the user
- {
- if (userdb[i]->perms == NULL) return 0; // No permission
- tmp = strstr(userdb[i]->perms,dperm); // Search for permission
- free (dperm); // Release memory
- if (tmp == NULL) return 0; else return 1;
- }
- }
- // User not found return 0
- free (dperm);
- return 0;
- }
- // Initialise the list of of user passwords permissions from file
- void init_passwords(const char *filename)
- {
- int i;
- char line[MAX_LINE], *p,*user,*pwdhash,*perms;
- FILE *f;
- for (i=0; i < MAX_USERS; i++) userdb[i] = NULL;
- numusers = 0;
-
- if ( !filename ) return; // No filename specified
- f = fopen(filename,"r");
- if ( !f ) return; // File does not exist
- // Process each line
- while ( fgets(line, sizeof line, f) ) {
- // Replace EOLN with \0
- p = strchr(line, '\r');
- if ( p ) *p = '\0';
- p = strchr(line, '\n');
- if ( p ) *p = '\0';
- // If comment line or empty ignore line
- p = line;
- while (*p==' ') p++; // skip initial spaces
- if ( (*p == '#') || (*p == '\0')) continue; // Skip comment lines
- user = p; // This is where username starts
- p = strchr(user,':');
- if (p == NULL) continue; // Malformed line skip
- *p = '\0';
- pwdhash = p+1;
- if (*pwdhash == 0) continue; // Malformed line (no password specified)
- p = strchr(pwdhash,':');
- if (p == NULL) { // No perms specified
- perms = NULL;
- } else {
- *p = '\0';
- perms = p+1;
- if (*perms == 0) perms = NULL;
- }
- // At this point we have user,pwdhash and perms setup
- userdb[numusers] = (p_pwdentry)malloc(sizeof(pwdentry));
- strcpy(userdb[numusers]->username,user);
- strcpy(userdb[numusers]->pwdhash,pwdhash);
- if (perms == NULL)
- userdb[numusers]->perms = NULL;
- else {
- userdb[numusers]->perms = (char *)malloc(strlen(perms)+3);
- (userdb[numusers]->perms)[0] = ':';
- strcpy(userdb[numusers]->perms + 1,perms);
- (userdb[numusers]->perms)[strlen(perms)+1] = ':';
- (userdb[numusers]->perms)[strlen(perms)+2] = 0;
- // Now perms field points to ":perms:"
- }
- numusers++;
- }
- fclose(f);
- }
- void close_passwords()
- {
- int i;
- for (i=0; i < numusers; i++)
- if (userdb[i] != NULL) free(userdb[i]);
- numusers = 0;
- }