home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Source Code 1992 March
/
Source_Code_CD-ROM_Walnut_Creek_March_1992.iso
/
usenet
/
altsrcs
/
2
/
2288
/
valid.c
< prev
Wrap
C/C++ Source or Header
|
1990-12-28
|
3KB
|
133 lines
/*
* Copyright 1989, 1990, John F. Haugh II
* All rights reserved.
*
* Use, duplication, and disclosure prohibited without
* the express written permission of the author.
*/
#include <stdio.h>
#include <pwd.h>
#ifndef BSD
#include <string.h>
#include <memory.h>
#else
#include <strings.h>
#define strchr index
#define strrchr rindex
#endif
#include "config.h"
#ifndef lint
static char _sccsid[] = "@(#)valid.c 2.4 19:24:27 7/29/90";
#endif
/*
* valid - compare encrypted passwords
*
* Valid() compares the DES encrypted password from the password file
* against the password which the user has entered after it has been
* encrypted using the same salt as the original.
*/
int valid (password, entry)
char *password;
struct passwd *entry;
{
char *encrypt;
char *salt;
char *crypt ();
char *shell;
#ifdef DOUBLESIZE
int firsthalf;
int longpass;
#endif
#ifdef NOUSE
if (entry->pw_shell && strcmp (NOUSE, entry->pw_shell) == 0)
return (0);
#if defined(SU) && defined (NOLOGIN)
if (entry->pw_shell && strcmp (NOLOGIN, entry->pw_shell) == 0) {
if (! (shell = getenv ("SHELL")))
return 0;
}
#endif
#if !defined(SU) && defined (NOLOGIN)
if (entry->pw_shell && strcmp (NOLOGIN, entry->pw_shell) == 0)
return 0;
#endif
#endif
/*
* Start with blank or empty password entries. Always encrypt
* a password if no such user exists. Only if the ID exists and
* the password is really empty do you return quickly. This
* routine is meant to waste CPU time.
*/
if (entry->pw_name &&
(entry->pw_passwd == (char *) 0 ||
strlen (entry->pw_passwd) == 0)) {
if (strlen (password) == 0)
return (1); /* user entered nothing */
else
return (0); /* user entered something! */
}
#ifdef DOUBLESIZE
longpass = entry->pw_passwd && strlen (entry->pw_passwd) > 13;
#endif
/*
* If there is no entry then we need a salt to use.
*/
if (entry->pw_passwd == (char *) 0 || entry->pw_passwd[0] == '\0')
salt = "xx";
else
salt = entry->pw_passwd;
/*
* Now, perform the encryption using the salt from before on
* the users input. Since we always encrypt the string, it
* should be very difficult to determine if the user exists by
* looking at execution time.
*/
encrypt = crypt (password, salt);
#ifdef DOUBLESIZE
firsthalf = entry->pw_passwd
&& strncmp (encrypt + 2, entry->pw_passwd + 2, 11) == 0;
if (strlen (password) > 8)
encrypt = crypt (password + 8, salt);
else {
(void) crypt (password, salt); /* waste time ... */
encrypt = "";
}
#endif
/*
* One last time we must deal with there being no password file
* entry for the user. We use the pw_passwd == NULL idiom to
* cause non-existent users to not be validated. Even still,
* we are safe because if the string were == "", any encrypted
* string is not going to match - the output of crypt() begins
* with the salt, which is "xx", not "".
*/
#ifndef DOUBLESIZE
if (entry->pw_passwd && strcmp (encrypt, entry->pw_passwd) == 0)
return (1);
else
return (0);
#else
if (! longpass)
return (firsthalf);
if (entry->pw_passwd && firsthalf
&& strncmp (encrypt + 2, entry->pw_passwd + 13) == 0)
return (1);
else
return (0);
#endif
}
