C++程序  |  160行  |  4 KB

/* -*- c -*- ------------------------------------------------------------- *
 *
 *   Copyright 2004-2005 Murali Krishnan Ganapathy - All Rights Reserved
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, Inc., 53 Temple Place Ste 330,
 *   Bostom MA 02111-1307, USA; either version 2 of the License, or
 *   (at your option) any later version; incorporated herein by reference.
 *
 * ----------------------------------------------------------------------- */

#include "passwords.h"
#include "des.h"
#include "string.h"
#include <stdlib.h>
#include <stdio.h>
#include "tui.h"

#define MAX_LINE 512
// Max line length in a pwdfile
p_pwdentry userdb[MAX_USERS];	// Array of pointers
int numusers;			// Actual number of users

// returns true or false, i.e. 1 or 0
char authenticate_user(const char *username, const char *pwd)
{
    char salt[12];
    int i;

    for (i = 0; i < numusers; i++) {
	if (userdb[i] == NULL)
	    continue;
	if (strcmp(username, userdb[i]->username) == 0) {
	    strcpy(salt, userdb[i]->pwdhash);
	    salt[2] = '\0';
	    if (strcmp(userdb[i]->pwdhash, crypt(pwd, salt)) == 0)
		return 1;
	}
    }
    return 0;
}

// Does user USERNAME  have permission PERM
char isallowed(const char *username, const char *perm)
{
    int i;
    char *dperm;
    char *tmp;

    // If no users, then everybody is allowed to do everything
    if (numusers == 0)
	return 1;
    if (strcmp(username, GUEST_USER) == 0)
	return 0;
    dperm = (char *)malloc(strlen(perm) + 3);
    strcpy(dperm + 1, perm);
    dperm[0] = ':';
    dperm[strlen(perm) + 1] = ':';
    dperm[strlen(perm) + 2] = 0;
    // Now dperm = ":perm:"
    for (i = 0; i < numusers; i++) {
	if (strcmp(userdb[i]->username, username) == 0)	// Found the user
	{
	    if (userdb[i]->perms == NULL)
		return 0;	// No permission
	    tmp = strstr(userdb[i]->perms, dperm);	// Search for permission
	    free(dperm);	// Release memory
	    if (tmp == NULL)
		return 0;
	    else
		return 1;
	}
    }
    // User not found return 0
    free(dperm);
    return 0;
}

// Initialise the list of of user passwords permissions from file
void init_passwords(const char *filename)
{
    int i;
    char line[MAX_LINE], *p, *user, *pwdhash, *perms;
    FILE *f;

    for (i = 0; i < MAX_USERS; i++)
	userdb[i] = NULL;
    numusers = 0;

    if (!filename)
	return;			// No filename specified

    f = fopen(filename, "r");
    if (!f)
	return;			// File does not exist

    // Process each line
    while (fgets(line, sizeof line, f)) {
	// Replace EOLN with \0
	p = strchr(line, '\r');
	if (p)
	    *p = '\0';
	p = strchr(line, '\n');
	if (p)
	    *p = '\0';

	// If comment line or empty ignore line
	p = line;
	while (*p == ' ')
	    p++;		// skip initial spaces
	if ((*p == '#') || (*p == '\0'))
	    continue;		// Skip comment lines

	user = p;		// This is where username starts
	p = strchr(user, ':');
	if (p == NULL)
	    continue;		// Malformed line skip
	*p = '\0';
	pwdhash = p + 1;
	if (*pwdhash == 0)
	    continue;		// Malformed line (no password specified)
	p = strchr(pwdhash, ':');
	if (p == NULL) {	// No perms specified
	    perms = NULL;
	} else {
	    *p = '\0';
	    perms = p + 1;
	    if (*perms == 0)
		perms = NULL;
	}
	// At this point we have user,pwdhash and perms setup
	userdb[numusers] = (p_pwdentry) malloc(sizeof(pwdentry));
	strcpy(userdb[numusers]->username, user);
	strcpy(userdb[numusers]->pwdhash, pwdhash);
	if (perms == NULL)
	    userdb[numusers]->perms = NULL;
	else {
	    userdb[numusers]->perms = (char *)malloc(strlen(perms) + 3);
	    (userdb[numusers]->perms)[0] = ':';
	    strcpy(userdb[numusers]->perms + 1, perms);
	    (userdb[numusers]->perms)[strlen(perms) + 1] = ':';
	    (userdb[numusers]->perms)[strlen(perms) + 2] = 0;
	    // Now perms field points to ":perms:"
	}
	numusers++;
    }
    fclose(f);
}

void close_passwords(void)
{
    int i;

    for (i = 0; i < numusers; i++)
	if (userdb[i] != NULL)
	    free(userdb[i]);
    numusers = 0;
}