com32/cmenu/libmenu/passwords.c

   1 /* -*- c -*- ------------------------------------------------------------- *
   2  *
   3  *   Copyright 2004-2005 Murali Krishnan Ganapathy - All Rights Reserved
   4  *
   5  *   This program is free software; you can redistribute it and/or modify
   6  *   it under the terms of the GNU General Public License as published by
   7  *   the Free Software Foundation, Inc., 53 Temple Place Ste 330,
   8  *   Bostom MA 02111-1307, USA; either version 2 of the License, or
   9  *   (at your option) any later version; incorporated herein by reference.
  10  *
  11  * ----------------------------------------------------------------------- */
  12
  13 #include "passwords.h"
  14 #include "des.h"
  15 #include "string.h"
  16 #include <stdlib.h>
  17 #include <stdio.h>
  18 #include "tui.h"
  19
  20 #define MAX_LINE 512
  21 // Max line length in a pwdfile
  22 p_pwdentry userdb[MAX_USERS];   // Array of pointers
  23 int numusers;                   // Actual number of users
  24
  25 // returns true or false, i.e. 1 or 0
  26 char authenticate_user(const char *username, const char *pwd)
  27 {
  28     char salt[12];
  29     int i;
  30
  31     for (i = 0; i < numusers; i++) {
  32         if (userdb[i] == NULL)
  33             continue;
  34         if (strcmp(username, userdb[i]->username) == 0) {
  35             strcpy(salt, userdb[i]->pwdhash);
  36             salt[2] = '\0';
  37             if (strcmp(userdb[i]->pwdhash, crypt(pwd, salt)) == 0)
  38                 return 1;
  39         }
  40     }
  41     return 0;
  42 }
  43
  44 // Does user USERNAME  have permission PERM
  45 char isallowed(const char *username, const char *perm)
  46 {
  47     int i;
  48     char *dperm;
  49     char *tmp;
  50
  51     // If no users, then everybody is allowed to do everything
  52     if (numusers == 0)
  53         return 1;
  54     if (strcmp(username, GUEST_USER) == 0)
  55         return 0;
  56     dperm = (char *)malloc(strlen(perm) + 3);
  57     strcpy(dperm + 1, perm);
  58     dperm[0] = ':';
  59     dperm[strlen(perm) + 1] = ':';
  60     dperm[strlen(perm) + 2] = 0;
  61     // Now dperm = ":perm:"
  62     for (i = 0; i < numusers; i++) {
  63         if (strcmp(userdb[i]->username, username) == 0) // Found the user
  64         {
  65             if (userdb[i]->perms == NULL)
  66                 return 0;       // No permission
  67             tmp = strstr(userdb[i]->perms, dperm);      // Search for permission
  68             free(dperm);        // Release memory
  69             if (tmp == NULL)
  70                 return 0;
  71             else
  72                 return 1;
  73         }
  74     }
  75     // User not found return 0
  76     free(dperm);
  77     return 0;
  78 }
  79
  80 // Initialise the list of of user passwords permissions from file
  81 void init_passwords(const char *filename)
  82 {
  83     int i;
  84     char line[MAX_LINE], *p, *user, *pwdhash, *perms;
  85     FILE *f;
  86
  87     for (i = 0; i < MAX_USERS; i++)
  88         userdb[i] = NULL;
  89     numusers = 0;
  90
  91     if (!filename)
  92         return;                 // No filename specified
  93
  94     f = fopen(filename, "r");
  95     if (!f)
  96         return;                 // File does not exist
  97
  98     // Process each line
  99     while (fgets(line, sizeof line, f)) {
 100         // Replace EOLN with \0
 101         p = strchr(line, '\r');
 102         if (p)
 103             *p = '\0';
 104         p = strchr(line, '\n');
 105         if (p)
 106             *p = '\0';
 107
 108         // If comment line or empty ignore line
 109         p = line;
 110         while (*p == ' ')
 111             p++;                // skip initial spaces
 112         if ((*p == '#') || (*p == '\0'))
 113             continue;           // Skip comment lines
 114
 115         user = p;               // This is where username starts
 116         p = strchr(user, ':');
 117         if (p == NULL)
 118             continue;           // Malformed line skip
 119         *p = '\0';
 120         pwdhash = p + 1;
 121         if (*pwdhash == 0)
 122             continue;           // Malformed line (no password specified)
 123         p = strchr(pwdhash, ':');
 124         if (p == NULL) {        // No perms specified
 125             perms = NULL;
 126         } else {
 127             *p = '\0';
 128             perms = p + 1;
 129             if (*perms == 0)
 130                 perms = NULL;
 131         }
 132         // At this point we have user,pwdhash and perms setup
 133         userdb[numusers] = (p_pwdentry) malloc(sizeof(pwdentry));
 134         strcpy(userdb[numusers]->username, user);
 135         strcpy(userdb[numusers]->pwdhash, pwdhash);
 136         if (perms == NULL)
 137             userdb[numusers]->perms = NULL;
 138         else {
 139             userdb[numusers]->perms = (char *)malloc(strlen(perms) + 3);
 140             (userdb[numusers]->perms)[0] = ':';
 141             strcpy(userdb[numusers]->perms + 1, perms);
 142             (userdb[numusers]->perms)[strlen(perms) + 1] = ':';
 143             (userdb[numusers]->perms)[strlen(perms) + 2] = 0;
 144             // Now perms field points to ":perms:"
 145         }
 146         numusers++;
 147     }
 148     fclose(f);
 149 }
 150
 151 void close_passwords(void)
 152 {
 153     int i;
 154
 155     for (i = 0; i < numusers; i++)
 156         if (userdb[i] != NULL)
 157             free(userdb[i]);
 158     numusers = 0;
 159 }