1 package org.ibex.crypto;
2 import org.ibex.util.*;
7 * Right now this is a big fat hack; at some point it would be nice
8 * to try lots of different techniques (JNI/getpwent(),
10 * http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c
12 * Also, this currently assumes that the user has MD5 passwords
13 * enabled and OpenSSL installed.
15 public class EtcPasswd {
16 public static boolean verify(String user, String pass) {
18 BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream("/etc/passwd")));
19 for(String s = br.readLine(); s != null; s = br.readLine()) {
20 StringTokenizer st = new StringTokenizer(s, ":");
21 if (!user.equals(st.nextToken())) continue;
23 String stuff = st.nextToken();
24 StringTokenizer st2 = new StringTokenizer(stuff, "$");
26 String salt = st2.nextToken();
28 Runtime.getRuntime().exec(new String[] {
35 PrintWriter pw = new PrintWriter(p.getOutputStream());
39 BufferedReader br2 = new BufferedReader(new InputStreamReader(p.getInputStream()));
40 String recrypt = br2.readLine();
42 if (recrypt.equals(stuff)) return true;
43 } catch (Exception e) { Log.warn(EtcPasswd.class, e); }
45 } catch (Exception e) { Log.warn(EtcPasswd.class, e); }