X-Git-Url: http://git.indexdata.com/?p=idzebra-moved-to-github.git;a=blobdiff_plain;f=util%2Fpasswddb.c;h=79cd6597c58a248ddcb3dd51e33635947d8e6b40;hp=8f23d5b688f62c4643e59da627b74968839c3837;hb=e4c6861efeeea654bfb00c5f0239ee258629d77f;hpb=bbdba174c32cd0f6f45781d6123d41186617ba5f

diff --git a/util/passwddb.c b/util/passwddb.c
index 8f23d5b..79cd659 100644
--- a/util/passwddb.c
+++ b/util/passwddb.c
@@ -1,8 +1,5 @@
-/* $Id: passwddb.c,v 1.12 2005-05-30 13:27:08 adam Exp $
-   Copyright (C) 1995-2005
-   Index Data ApS
-
-This file is part of the Zebra server.
+/* This file is part of the Zebra server.
+   Copyright (C) 2004-2013 Index Data
 
 Zebra is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -15,12 +12,15 @@ FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 for more details.
 
 You should have received a copy of the GNU General Public License
-along with Zebra; see the file LICENSE.zebra.  If not, write to the
-Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
-02111-1307, USA.
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
 */
 
 
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -32,6 +32,7 @@ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
 #include <crypt.h>
 #endif
 
+#include <assert.h>
 #include <yaz/log.h>
 #include <yaz/xmalloc.h>
 
@@ -56,7 +57,7 @@ Passwd_db passwd_db_open (void)
 }
 
 static int get_entry (const char **p, char *dst, int max)
-{	
+{
     int i = 0;
     while ((*p)[i] != ':' && (*p)[i])
 	i++;
@@ -108,7 +109,7 @@ void passwd_db_close(Passwd_db db)
     while (pe)
     {
 	struct passwd_entry *pe_next = pe->next;
-	
+
 	xfree (pe->name);
 	xfree (pe->des);
 	xfree (pe);
@@ -127,23 +128,31 @@ void passwd_db_show(Passwd_db db)
 int passwd_db_auth(Passwd_db db, const char *user, const char *pass)
 {
     struct passwd_entry *pe;
+
+    assert(db);
     for (pe = db->entries; pe; pe = pe->next)
 	if (user && !strcmp (user, pe->name))
 	    break;
     if (!pe)
 	return -1;
+    if (!pass)
+	return -2;
     if (pe->encrypt_flag)
     {
 #if HAVE_CRYPT_H
-	char salt[3];
 	const char *des_try;
+        assert(pe->des);
 	if (strlen (pe->des) < 3)
 	    return -3;
-	if (!pass)
-	    return -2;
-	memcpy (salt, pe->des, 2);
-	salt[2] = '\0';	
-	des_try = crypt (pass, salt);
+
+        if (pe->des[0] != '$') /* Not MD5? (assume DES) */
+        {
+            if (strlen(pass) > 8) /* maximum key length is 8 */
+                return -2;
+        }
+	des_try = crypt (pass, pe->des);
+
+        assert(des_try);
 	if (strcmp (des_try, pe->des))
 	    return -2;
 #else
@@ -152,10 +161,12 @@ int passwd_db_auth(Passwd_db db, const char *user, const char *pass)
     }
     else
     {
+        assert(pass);
+        assert(pe->des);
 	if (strcmp (pe->des, pass))
 	    return -2;
     }
-    return 0;	
+    return 0;
 }
 
 int passwd_db_file_crypt(Passwd_db db, const char *fname)
@@ -172,3 +183,12 @@ int passwd_db_file_plain(Passwd_db db, const char *fname)
     return passwd_db_file_int(db, fname, 0);
 }
 
+/*
+ * Local variables:
+ * c-basic-offset: 4
+ * c-file-style: "Stroustrup"
+ * indent-tabs-mode: nil
+ * End:
+ * vim: shiftwidth=4 tabstop=8 expandtab
+ */
+