aboutsummaryrefslogtreecommitdiffstats
path: root/com32/cmenu/libmenu/passwords.c
blob: 40b5c49fee76ed442ae5f0e0b02a9b116cafcc7d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
/* -*- c -*- ------------------------------------------------------------- *
 *
 *   Copyright 2004-2005 Murali Krishnan Ganapathy - All Rights Reserved
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, Inc., 53 Temple Place Ste 330,
 *   Bostom MA 02111-1307, USA; either version 2 of the License, or
 *   (at your option) any later version; incorporated herein by reference.
 *
 * ----------------------------------------------------------------------- */

#include "passwords.h"
#include "des.h"
#include "string.h"
#include <stdlib.h>
#include <stdio.h>
#include "tui.h"

#define MAX_LINE 512
// Max line length in a pwdfile
p_pwdentry userdb[MAX_USERS]; // Array of pointers
int numusers; // Actual number of users

// returns true or false, i.e. 1 or 0
char authenticate_user(const char * username, const char* pwd)
{
  char salt[12];
  int  i;

  for (i=0; i< numusers; i++) {
    if (userdb[i] == NULL) continue;
    if (strcmp(username,userdb[i]->username)==0) {
      strcpy(salt, userdb[i]->pwdhash);
      salt[2] = '\0';
      if (strcmp(userdb[i]->pwdhash,crypt(pwd,salt))==0) return 1;
    }
  }
  return 0;
}

// Does user USERNAME  have permission PERM
char isallowed(const char *username, const char *perm)
{
  int i;
  char *dperm;
  char *tmp;

  // If no users, then everybody is allowed to do everything
  if (numusers == 0) return 1;
  if (strcmp(username,GUEST_USER) == 0) return 0;
  dperm = (char *) malloc(strlen(perm)+3);
  strcpy(dperm+1,perm);
  dperm[0] = ':';
  dperm[strlen(perm)+1]=':';
  dperm[strlen(perm)+2]=0;
  // Now dperm = ":perm:"
  for (i=0; i < numusers; i++) {
     if (strcmp(userdb[i]->username,username)==0) // Found the user
     {
        if (userdb[i]->perms == NULL) return 0; // No permission
        tmp = strstr(userdb[i]->perms,dperm); // Search for permission
        free (dperm); // Release memory
        if (tmp == NULL) return 0; else return 1;
     }
  }
  // User not found return 0
  free (dperm);
  return 0;
}

// Initialise the list of of user passwords permissions from file
void init_passwords(const char *filename)
{
  int i;
  char line[MAX_LINE], *p,*user,*pwdhash,*perms;
  FILE *f;

  for (i=0; i < MAX_USERS; i++) userdb[i] = NULL;
  numusers = 0;

  if ( !filename ) return; // No filename specified

  f = fopen(filename,"r");
  if ( !f ) return; // File does not exist

  // Process each line
  while ( fgets(line, sizeof line, f) ) {
    // Replace EOLN with \0
    p = strchr(line, '\r');
    if ( p ) *p = '\0';
    p = strchr(line, '\n');
    if ( p ) *p = '\0';

    // If comment line or empty ignore line
    p = line;
    while (*p==' ') p++; // skip initial spaces
    if ( (*p == '#') || (*p == '\0')) continue; // Skip comment lines

    user = p; // This is where username starts
    p = strchr(user,':');
    if (p == NULL) continue; // Malformed line skip
    *p = '\0';
    pwdhash = p+1;
    if (*pwdhash == 0) continue; // Malformed line (no password specified)
    p = strchr(pwdhash,':');
    if (p == NULL) { // No perms specified
       perms = NULL;
    } else {
       *p = '\0';
       perms = p+1;
       if (*perms == 0) perms = NULL;
    }
    // At this point we have user,pwdhash and perms setup
    userdb[numusers] = (p_pwdentry)malloc(sizeof(pwdentry));
    strcpy(userdb[numusers]->username,user);
    strcpy(userdb[numusers]->pwdhash,pwdhash);
    if (perms == NULL)
      userdb[numusers]->perms = NULL;
    else {
      userdb[numusers]->perms = (char *)malloc(strlen(perms)+3);
      (userdb[numusers]->perms)[0] = ':';
      strcpy(userdb[numusers]->perms + 1,perms);
      (userdb[numusers]->perms)[strlen(perms)+1] = ':';
      (userdb[numusers]->perms)[strlen(perms)+2] = 0;
      // Now perms field points to ":perms:"
    }
    numusers++;
  }
  fclose(f);
}

void close_passwords()
{
  int i;

  for (i=0; i < numusers; i++)
    if (userdb[i] != NULL) free(userdb[i]);
  numusers = 0;
}