X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=util%2Fpasswddb.c;h=0c57801c9d0b0fea4e61ad1e06532b8bde5933dc;hb=707cc9ebfa7f462ec58a31cfbad4c1a09fecfa00;hp=8f23d5b688f62c4643e59da627b74968839c3837;hpb=bbdba174c32cd0f6f45781d6123d41186617ba5f;p=idzebra-moved-to-github.git

diff --git a/util/passwddb.c b/util/passwddb.c
index 8f23d5b..0c57801 100644
--- a/util/passwddb.c
+++ b/util/passwddb.c
@@ -1,5 +1,5 @@
-/* $Id: passwddb.c,v 1.12 2005-05-30 13:27:08 adam Exp $
-   Copyright (C) 1995-2005
+/* $Id: passwddb.c,v 1.18 2007-10-29 09:23:08 adam Exp $
+   Copyright (C) 1995-2007
    Index Data ApS
 
 This file is part of the Zebra server.
@@ -15,9 +15,9 @@ FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 for more details.
 
 You should have received a copy of the GNU General Public License
-along with Zebra; see the file LICENSE.zebra.  If not, write to the
-Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
-02111-1307, USA.
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
 */
 
 
@@ -32,6 +32,7 @@ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
 #include <crypt.h>
 #endif
 
+#include <assert.h>
 #include <yaz/log.h>
 #include <yaz/xmalloc.h>
 
@@ -127,23 +128,31 @@ void passwd_db_show(Passwd_db db)
 int passwd_db_auth(Passwd_db db, const char *user, const char *pass)
 {
     struct passwd_entry *pe;
+
+    assert(db);
     for (pe = db->entries; pe; pe = pe->next)
 	if (user && !strcmp (user, pe->name))
 	    break;
     if (!pe)
 	return -1;
+    if (!pass)
+	return -2;
     if (pe->encrypt_flag)
     {
 #if HAVE_CRYPT_H
-	char salt[3];
 	const char *des_try;
+        assert(pe->des);
 	if (strlen (pe->des) < 3)
 	    return -3;
-	if (!pass)
-	    return -2;
-	memcpy (salt, pe->des, 2);
-	salt[2] = '\0';	
-	des_try = crypt (pass, salt);
+
+        if (pe->des[0] != '$') /* Not MD5? (assume DES) */
+        {
+            if (strlen(pass) > 8) /* maximum key length is 8 */
+                return -2;
+        }
+	des_try = crypt (pass, pe->des);
+
+        assert(des_try);
 	if (strcmp (des_try, pe->des))
 	    return -2;
 #else
@@ -152,6 +161,8 @@ int passwd_db_auth(Passwd_db db, const char *user, const char *pass)
     }
     else
     {
+        assert(pass);
+        assert(pe->des);
 	if (strcmp (pe->des, pass))
 	    return -2;
     }
@@ -172,3 +183,11 @@ int passwd_db_file_plain(Passwd_db db, const char *fname)
     return passwd_db_file_int(db, fname, 0);
 }
 
+/*
+ * Local variables:
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ * vim: shiftwidth=4 tabstop=8 expandtab
+ */
+