From bbdba174c32cd0f6f45781d6123d41186617ba5f Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Mon, 30 May 2005 13:27:08 +0000 Subject: [PATCH] Implemented zebra.cfg directive 'passwd.c' which specifies user accounts file with encrypted passwords. The directive 'passwd' specifies user accounts file with clear-text passwords. The previous version of Zebra used plain/clear text depending on configuration automatically. That caused upgrade trouble. Bug #356. --- include/passwddb.h | 5 +++-- index/zebraapi.c | 19 ++++++++++++----- util/passtest.c | 8 +++---- util/passwddb.c | 60 +++++++++++++++++++++++++++++++++++----------------- 4 files changed, 62 insertions(+), 30 deletions(-) diff --git a/include/passwddb.h b/include/passwddb.h index d3e750d..2d86782 100644 --- a/include/passwddb.h +++ b/include/passwddb.h @@ -1,4 +1,4 @@ -/* $Id: passwddb.h,v 1.6 2005-01-15 21:45:42 adam Exp $ +/* $Id: passwddb.h,v 1.7 2005-05-30 13:27:08 adam Exp $ Copyright (C) 1995-2005 Index Data ApS @@ -31,7 +31,8 @@ typedef struct passwd_db *Passwd_db; Passwd_db passwd_db_open (void); int passwd_db_auth (Passwd_db db, const char *user, const char *pass); -int passwd_db_file (Passwd_db db, const char *fname); +int passwd_db_file_plain(Passwd_db db, const char *fname); +int passwd_db_file_crypt(Passwd_db db, const char *fname); void passwd_db_close (Passwd_db db); void passwd_db_show (Passwd_db db); diff --git a/index/zebraapi.c b/index/zebraapi.c index 8d6acb9..7c4fccd 100644 --- a/index/zebraapi.c +++ b/index/zebraapi.c @@ -1,4 +1,4 @@ -/* $Id: zebraapi.c,v 1.169 2005-05-17 08:50:49 adam Exp $ +/* $Id: zebraapi.c,v 1.170 2005-05-30 13:27:08 adam Exp $ Copyright (C) 1995-2005 Index Data ApS @@ -154,6 +154,8 @@ ZebraHandle zebra_open (ZebraService zs) return zh; } + const char *passwd_plain = 0; + const char *passwd_encrypt = 0; ZebraService zebra_start (const char *configName) { return zebra_start_res(configName, 0, 0); @@ -185,16 +187,23 @@ ZebraService zebra_start_res (const char *configName, Res def_res, Res over_res) zebra_chdir (zh); zebra_mutex_cond_init (&zh->session_lock); - if (!res_get (zh->global_res, "passwd")) + passwd_plain = res_get (zh->global_res, "passwd"); + passwd_encrypt = res_get (zh->global_res, "passwd.c"); + + if (!passwd_plain && !passwd_encrypt) zh->passwd_db = NULL; else { - zh->passwd_db = passwd_db_open (); + zh->passwd_db = passwd_db_open(); if (!zh->passwd_db) yaz_log (YLOG_WARN|YLOG_ERRNO, "passwd_db_open failed"); else - passwd_db_file (zh->passwd_db, - res_get (zh->global_res, "passwd")); + { + if (passwd_plain) + passwd_db_file_plain(zh->passwd_db, passwd_plain); + if (passwd_encrypt) + passwd_db_file_crypt(zh->passwd_db, passwd_encrypt); + } } zh->path_root = res_get (zh->global_res, "root"); zh->nmem = nmem_create(); diff --git a/util/passtest.c b/util/passtest.c index e77e74f..c81d55b 100644 --- a/util/passtest.c +++ b/util/passtest.c @@ -1,4 +1,4 @@ -/* $Id: passtest.c,v 1.5 2005-01-15 19:38:42 adam Exp $ +/* $Id: passtest.c,v 1.6 2005-05-30 13:27:08 adam Exp $ Copyright (C) 1995-2005 Index Data ApS @@ -30,8 +30,8 @@ int main (int argc, char **argv) db = passwd_db_open(); - passwd_db_file (db, "/etc/passwd"); - passwd_db_auth (db, "adam", "xtx9Y="); - passwd_db_close (db); + passwd_db_file_plain(db, "/etc/passwd"); + passwd_db_auth(db, "adam", "xtx9Y="); + passwd_db_close(db); return 0; } diff --git a/util/passwddb.c b/util/passwddb.c index f372728..8f23d5b 100644 --- a/util/passwddb.c +++ b/util/passwddb.c @@ -1,4 +1,4 @@ -/* $Id: passwddb.c,v 1.11 2005-05-12 10:10:32 adam Exp $ +/* $Id: passwddb.c,v 1.12 2005-05-30 13:27:08 adam Exp $ Copyright (C) 1995-2005 Index Data ApS @@ -38,6 +38,7 @@ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA #include struct passwd_entry { + int encrypt_flag; char *name; char *des; struct passwd_entry *next; @@ -70,7 +71,8 @@ static int get_entry (const char **p, char *dst, int max) return i; } -int passwd_db_file (Passwd_db db, const char *fname) +static int passwd_db_file_int(Passwd_db db, const char *fname, + int encrypt_flag) { FILE *f; char buf[1024]; @@ -92,6 +94,7 @@ int passwd_db_file (Passwd_db db, const char *fname) pe = (struct passwd_entry *) xmalloc (sizeof(*pe)); pe->name = xstrdup (name); pe->des = xstrdup (des); + pe->encrypt_flag = encrypt_flag; pe->next = db->entries; db->entries = pe; } @@ -99,7 +102,7 @@ int passwd_db_file (Passwd_db db, const char *fname) return 0; } -void passwd_db_close (Passwd_db db) +void passwd_db_close(Passwd_db db) { struct passwd_entry *pe = db->entries; while (pe) @@ -114,39 +117,58 @@ void passwd_db_close (Passwd_db db) xfree (db); } -void passwd_db_show (Passwd_db db) +void passwd_db_show(Passwd_db db) { struct passwd_entry *pe; for (pe = db->entries; pe; pe = pe->next) yaz_log (YLOG_LOG,"%s:%s", pe->name, pe->des); } -int passwd_db_auth (Passwd_db db, const char *user, const char *pass) +int passwd_db_auth(Passwd_db db, const char *user, const char *pass) { struct passwd_entry *pe; -#if HAVE_CRYPT_H - char salt[3]; - const char *des_try; -#endif for (pe = db->entries; pe; pe = pe->next) if (user && !strcmp (user, pe->name)) break; if (!pe) return -1; + if (pe->encrypt_flag) + { #if HAVE_CRYPT_H - if (strlen (pe->des) < 3) - return -3; - if (!pass) - return -2; - memcpy (salt, pe->des, 2); - salt[2] = '\0'; - des_try = crypt (pass, salt); - if (strcmp (des_try, pe->des)) - return -2; + char salt[3]; + const char *des_try; + if (strlen (pe->des) < 3) + return -3; + if (!pass) + return -2; + memcpy (salt, pe->des, 2); + salt[2] = '\0'; + des_try = crypt (pass, salt); + if (strcmp (des_try, pe->des)) + return -2; #else - if (strcmp (pe->des, pass)) return -2; #endif + } + else + { + if (strcmp (pe->des, pass)) + return -2; + } return 0; } +int passwd_db_file_crypt(Passwd_db db, const char *fname) +{ +#if HAVE_CRYPT_H + return passwd_db_file_int(db, fname, 1); +#else + return -1; +#endif +} + +int passwd_db_file_plain(Passwd_db db, const char *fname) +{ + return passwd_db_file_int(db, fname, 0); +} + -- 1.7.10.4