commands/pwdauth/pwdauth.c

   1 /*      pwdauth 2.0 - check a shadow password           Author: Kees J. Bot
   2  *                                                              7 Feb 1994
   3  *
   4  * This program gets as input the key and salt arguments of the crypt(3)
   5  * function as two null terminated strings.  The crypt result is output as
   6  * one null terminated string.  Input and output must be <= 1024 characters.
   7  * The exit code will be 1 on any error.
   8  *
   9  * If the key has the form '##name' then the key will be encrypted and the
  10  * result checked to be equal to the encrypted password in the shadow password
  11  * file.  If equal than '##name' will be returned, otherwise exit code 2.
  12  *
  13  * Otherwise the key will be encrypted normally and the result returned.
  14  *
  15  * As a special case, anything matches a null encrypted password to allow
  16  * a no-password login.
  17  */
  18 #define nil 0
  19 #include <sys/types.h>
  20 #include <pwd.h>
  21 #include <stdlib.h>
  22 #include <stdio.h>
  23 #include <string.h>
  24 #include <unistd.h>
  25
  26 #ifdef __NBSD_LIBC
  27 #define setkey pwdauth_setkey
  28 #define encrypt pwdauth_encrypt
  29 #endif
  30
  31 #define LEN     1024
  32
  33 int main(int argc, char **argv)
  34 {
  35         char key[LEN];
  36         char *salt;
  37         struct passwd *pw;
  38         int n;
  39
  40         /* Read input data.  Check if there are exactly two null terminated
  41          * strings.
  42          */
  43         n= read(0, key, LEN);
  44         if (n < 0) return 1;
  45         salt = key + n;
  46         n = 0;
  47         while (salt > key) if (*--salt == 0) n++;
  48         if (n != 2) return 1;
  49         salt = key + strlen(key) + 1;
  50
  51         if (salt[0] == '#' && salt[1] == '#') {
  52                 if ((pw= getpwnam(salt + 2)) == nil) return 2;
  53
  54                 /* A null encrypted password matches a null key, otherwise
  55                  * do the normal crypt(3) authentication check.
  56                  */
  57                 if (*pw->pw_passwd == 0 && *key == 0) {
  58                         /* fine */
  59                 } else
  60                 if (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) != 0) {
  61                         return 2;
  62                 }
  63         } else {
  64                 /* Normal encryption. */
  65                 if (*salt == 0 && *key == 0) {
  66                         /* fine */
  67                 } else {
  68                         salt= crypt(key, salt);
  69                 }
  70         }
  71
  72         /* Return the (possibly new) salt to the caller. */
  73         if (write(1, salt, strlen(salt) + 1) < 0) return 1;
  74         return 0;
  75 }