1 // Copyright 2000-2005 the Contributors, as shown in the revision logs.
2 // Licensed under the Apache Public Source License 2.0 ("the License").
3 // You may not use this file except in compliance with the License.
5 package org.ibex.crypto;
6 import org.ibex.util.*;
11 * Right now this is a big fat hack; at some point it would be nice
12 * to try lots of different techniques (JNI/getpwent(),
14 * http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c
16 * Also, this currently assumes that the user has MD5 passwords
17 * enabled and OpenSSL installed.
19 public class EtcPasswd {
20 public static boolean verify(String user, String pass) {
22 BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream("/etc/passwd")));
23 for(String s = br.readLine(); s != null; s = br.readLine()) {
24 StringTokenizer st = new StringTokenizer(s, ":");
25 if (!user.equals(st.nextToken())) continue;
27 String stuff = st.nextToken();
28 StringTokenizer st2 = new StringTokenizer(stuff, "$");
30 String salt = st2.nextToken();
32 Runtime.getRuntime().exec(new String[] {
39 PrintWriter pw = new PrintWriter(p.getOutputStream());
43 BufferedReader br2 = new BufferedReader(new InputStreamReader(p.getInputStream()));
44 String recrypt = br2.readLine();
46 if (recrypt.equals(stuff)) return true;
47 } catch (Exception e) { Log.warn(EtcPasswd.class, e); }
49 } catch (Exception e) { Log.warn(EtcPasswd.class, e); }