From 3c06adf9d4f2771eb7cc7d079a492206ddf22b25 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Mon, 30 May 2005 13:24:53 +0000 Subject: [PATCH] Implemented zebra.cfg directive 'passwd.c' which specifies user accounts file with encrypted passwords. The directive 'passwd' specifies user accounts file with clear-text passwords. The previous version of Zebra used plain/clear text depending on configuration automatically. That caused upgrade trouble. Bug #356. --- NEWS | 9 ++++ include/passwddb.h | 5 +- index/zebraapi.c | 32 +++++++++++-- util/passtest.c | 18 +++---- util/passwddb.c | 133 ++++++++++++++++++++++++++++++---------------------- 5 files changed, 126 insertions(+), 71 deletions(-) diff --git a/NEWS b/NEWS index ccbe743..a0cc084 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,12 @@ + +--- 1.3.28 2005/05/30 + +Documented authentication facility in Zebra. Added zebra.cfg directive +'passwd.c' which specifies user accounts file with encrypted passwords. The +directive 'passwd' specifies user accounts file with clear-text passwords. +The previous version of Zebra used plain/clear text depending on +configuration automatically. That caused upgrade trouble. Bug #356. + --- 1.3.26 2005/05/24 Depend on YAZ 2.0.18 or later in configure. diff --git a/include/passwddb.h b/include/passwddb.h index 13d469a..bc7e0b6 100644 --- a/include/passwddb.h +++ b/include/passwddb.h @@ -1,4 +1,4 @@ -/* $Id: passwddb.h,v 1.4 2002-08-02 19:26:55 adam Exp $ +/* $Id: passwddb.h,v 1.4.2.1 2005-05-30 13:24:53 adam Exp $ Copyright (C) 1995,1996,1997,1998,1999,2000,2001,2002 Index Data Aps @@ -33,7 +33,8 @@ typedef struct passwd_db *Passwd_db; Passwd_db passwd_db_open (void); int passwd_db_auth (Passwd_db db, const char *user, const char *pass); -int passwd_db_file (Passwd_db db, const char *fname); +int passwd_db_file_plain(Passwd_db db, const char *fname); +int passwd_db_file_crypt(Passwd_db db, const char *fname); void passwd_db_close (Passwd_db db); void passwd_db_show (Passwd_db db); diff --git a/index/zebraapi.c b/index/zebraapi.c index e92b6f6..80b4f73 100644 --- a/index/zebraapi.c +++ b/index/zebraapi.c @@ -1,4 +1,4 @@ -/* $Id: zebraapi.c,v 1.120.2.7 2005-05-18 12:20:34 adam Exp $ +/* $Id: zebraapi.c,v 1.120.2.8 2005-05-30 13:24:53 adam Exp $ Copyright (C) 1995,1996,1997,1998,1999,2000,2001,2002,2003,2004 Index Data Aps @@ -154,6 +154,8 @@ ZebraService zebra_start_res (const char *configName, Res def_res, Res over_res) if ((res = res_open (configName, def_res, over_res))) { + const char *passwd_plain = 0; + const char *passwd_encrypt = 0; ZebraService zh = xmalloc (sizeof(*zh)); yaz_log (LOG_DEBUG, "Read resources `%s'", configName); @@ -165,16 +167,36 @@ ZebraService zebra_start_res (const char *configName, Res def_res, Res over_res) zebra_chdir (zh); zebra_mutex_cond_init (&zh->session_lock); - if (!res_get (zh->global_res, "passwd")) + passwd_plain = res_get (zh->global_res, "passwd"); + passwd_encrypt = res_get (zh->global_res, "passwd.c"); + + if (!passwd_plain && !passwd_encrypt) zh->passwd_db = NULL; else { - zh->passwd_db = passwd_db_open (); + zh->passwd_db = passwd_db_open(); if (!zh->passwd_db) logf (LOG_WARN|LOG_ERRNO, "passwd_db_open failed"); else - passwd_db_file (zh->passwd_db, - res_get (zh->global_res, "passwd")); + { + if (passwd_plain) + if (passwd_db_file_plain(zh->passwd_db, passwd_plain)) + { + logf(LOG_WARN, + "Failed to read passwords %s (or unsupported)", + passwd_plain); + } + if (passwd_encrypt) + { + if (passwd_db_file_crypt(zh->passwd_db, passwd_encrypt)) + { + logf(LOG_WARN, + "Failed to read encrypted pwds %s " + "(or unsupported)", passwd_encrypt); + } + } + + } } zh->path_root = res_get (zh->global_res, "root"); return zh; diff --git a/util/passtest.c b/util/passtest.c index 0e92527..6722231 100644 --- a/util/passtest.c +++ b/util/passtest.c @@ -1,4 +1,4 @@ -/* $Id: passtest.c,v 1.4 2002-08-02 19:26:57 adam Exp $ +/* $Id: passtest.c,v 1.4.2.1 2005-05-30 13:24:53 adam Exp $ Copyright (C) 1995,1996,1997,1998,1999,2000,2001,2002 Index Data Aps @@ -26,12 +26,12 @@ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA int main (int argc, char **argv) { - Passwd_db db; - - db = passwd_db_open(); - - passwd_db_file (db, "/etc/passwd"); - passwd_db_auth (db, "adam", "xtx9Y="); - passwd_db_close (db); - return 0; + Passwd_db db; + + db = passwd_db_open(); + + passwd_db_file_plain(db, "/etc/passwd"); + passwd_db_auth(db, "adam", "xtx9Y="); + passwd_db_close(db); + return 0; } diff --git a/util/passwddb.c b/util/passwddb.c index 9a7db71..c789476 100644 --- a/util/passwddb.c +++ b/util/passwddb.c @@ -1,4 +1,4 @@ -/* $Id: passwddb.c,v 1.7.2.1 2005-05-12 08:02:47 adam Exp $ +/* $Id: passwddb.c,v 1.7.2.2 2005-05-30 13:24:54 adam Exp $ Copyright (C) 1995,1996,1997,1998,1999,2000,2001,2002 Index Data Aps @@ -38,9 +38,10 @@ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA #include struct passwd_entry { - char *name; - char *des; - struct passwd_entry *next; + char *name; + char *des; + int encrypt_flag; + struct passwd_entry *next; }; struct passwd_db { @@ -70,83 +71,105 @@ static int get_entry (const char **p, char *dst, int max) return i; } -int passwd_db_file (Passwd_db db, const char *fname) +static int passwd_db_file_int(Passwd_db db, const char *fname, + int encrypt_flag) { - FILE *f; - char buf[1024]; - f = fopen (fname, "r"); - if (!f) - return -1; - while (fgets (buf, sizeof(buf)-1, f)) - { - struct passwd_entry *pe; - char name[128]; - char des[128]; - char *p; - const char *cp = buf; - if ((p = strchr (buf, '\n'))) - *p = '\0'; - get_entry (&cp, name, 128); - get_entry (&cp, des, 128); - - pe = (struct passwd_entry *) xmalloc (sizeof(*pe)); - pe->name = xstrdup (name); - pe->des = xstrdup (des); - pe->next = db->entries; - db->entries = pe; - } - fclose (f); - return 0; + FILE *f; + char buf[1024]; + f = fopen (fname, "r"); + if (!f) + return -1; + while (fgets (buf, sizeof(buf)-1, f)) + { + struct passwd_entry *pe; + char name[128]; + char des[128]; + char *p; + const char *cp = buf; + if ((p = strchr (buf, '\n'))) + *p = '\0'; + get_entry (&cp, name, 128); + get_entry (&cp, des, 128); + + pe = (struct passwd_entry *) xmalloc (sizeof(*pe)); + pe->name = xstrdup (name); + pe->encrypt_flag = encrypt_flag; + pe->des = xstrdup (des); + pe->next = db->entries; + db->entries = pe; + } + fclose (f); + return 0; } + void passwd_db_close (Passwd_db db) { - struct passwd_entry *pe = db->entries; - while (pe) - { - struct passwd_entry *pe_next = pe->next; + struct passwd_entry *pe = db->entries; + while (pe) + { + struct passwd_entry *pe_next = pe->next; - xfree (pe->name); - xfree (pe->des); - xfree (pe); - pe = pe_next; - } - xfree (db); + xfree (pe->name); + xfree (pe->des); + xfree (pe); + pe = pe_next; + } + xfree (db); } void passwd_db_show (Passwd_db db) { - struct passwd_entry *pe; - for (pe = db->entries; pe; pe = pe->next) - logf (LOG_LOG,"%s:%s", pe->name, pe->des); + struct passwd_entry *pe; + for (pe = db->entries; pe; pe = pe->next) + logf (LOG_LOG,"%s:%s", pe->name, pe->des); } int passwd_db_auth (Passwd_db db, const char *user, const char *pass) { - struct passwd_entry *pe; + struct passwd_entry *pe; + for (pe = db->entries; pe; pe = pe->next) + if (user && !strcmp (user, pe->name)) + break; + if (!pe) + return -1; + if (pe->encrypt_flag) + { #if HAVE_CRYPT_H char salt[3]; const char *des_try; -#endif - for (pe = db->entries; pe; pe = pe->next) - if (user && !strcmp (user, pe->name)) - break; - if (!pe) - return -1; -#if HAVE_CRYPT_H if (strlen (pe->des) < 3) - return -3; + return -3; if (!pass) return -2; memcpy (salt, pe->des, 2); salt[2] = '\0'; des_try = crypt (pass, salt); if (strcmp (des_try, pe->des)) - return -2; + return -2; #else + return -2; +#endif + } + else + { if (strcmp (pe->des, pass)) - return -2; + return -2; + } + return 0; +} + +int passwd_db_file_crypt(Passwd_db db, const char *fname) +{ +#if HAVE_CRYPT_H + return passwd_db_file_int(db, fname, 1); +#else + return -1; #endif - return 0; +} + +int passwd_db_file_plain(Passwd_db db, const char *fname) +{ + return passwd_db_file_int(db, fname, 0); } -- 1.7.10.4