2005-04-21 16:53:53 +02:00
|
|
|
/* pwdauth 2.0 - check a shadow password Author: Kees J. Bot
|
|
|
|
* 7 Feb 1994
|
|
|
|
*
|
|
|
|
* This program gets as input the key and salt arguments of the crypt(3)
|
|
|
|
* function as two null terminated strings. The crypt result is output as
|
|
|
|
* one null terminated string. Input and output must be <= 1024 characters.
|
|
|
|
* The exit code will be 1 on any error.
|
|
|
|
*
|
|
|
|
* If the key has the form '##name' then the key will be encrypted and the
|
|
|
|
* result checked to be equal to the encrypted password in the shadow password
|
|
|
|
* file. If equal than '##name' will be returned, otherwise exit code 2.
|
|
|
|
*
|
|
|
|
* Otherwise the key will be encrypted normally and the result returned.
|
|
|
|
*
|
|
|
|
* As a special case, anything matches a null encrypted password to allow
|
|
|
|
* a no-password login.
|
|
|
|
*/
|
|
|
|
#define nil 0
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
2011-04-27 15:00:52 +02:00
|
|
|
#ifdef __NBSD_LIBC
|
|
|
|
#define setkey pwdauth_setkey
|
|
|
|
#define encrypt pwdauth_encrypt
|
|
|
|
#endif
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
#define LEN 1024
|
|
|
|
|
|
|
|
int main(int argc, char **argv)
|
|
|
|
{
|
|
|
|
char key[LEN];
|
|
|
|
char *salt;
|
|
|
|
struct passwd *pw;
|
|
|
|
int n;
|
|
|
|
|
|
|
|
/* Read input data. Check if there are exactly two null terminated
|
|
|
|
* strings.
|
|
|
|
*/
|
|
|
|
n= read(0, key, LEN);
|
|
|
|
if (n < 0) return 1;
|
|
|
|
salt = key + n;
|
|
|
|
n = 0;
|
|
|
|
while (salt > key) if (*--salt == 0) n++;
|
|
|
|
if (n != 2) return 1;
|
|
|
|
salt = key + strlen(key) + 1;
|
|
|
|
|
|
|
|
if (salt[0] == '#' && salt[1] == '#') {
|
|
|
|
if ((pw= getpwnam(salt + 2)) == nil) return 2;
|
|
|
|
|
|
|
|
/* A null encrypted password matches a null key, otherwise
|
|
|
|
* do the normal crypt(3) authentication check.
|
|
|
|
*/
|
|
|
|
if (*pw->pw_passwd == 0 && *key == 0) {
|
|
|
|
/* fine */
|
|
|
|
} else
|
|
|
|
if (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) != 0) {
|
|
|
|
return 2;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Normal encryption. */
|
|
|
|
if (*salt == 0 && *key == 0) {
|
|
|
|
/* fine */
|
|
|
|
} else {
|
|
|
|
salt= crypt(key, salt);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return the (possibly new) salt to the caller. */
|
|
|
|
if (write(1, salt, strlen(salt) + 1) < 0) return 1;
|
|
|
|
return 0;
|
|
|
|
}
|