From 8584a39cda4d0985481fe0e24715499966b53a39 Mon Sep 17 00:00:00 2001
From: adam <adam@megacz.com>
Date: Tue, 3 Aug 2004 07:25:13 +0000
Subject: [PATCH] added EtcPasswd

darcs-hash:20040803072513-5007d-b55224330be3161b57c7075bc409ac8e6032da22.gz
---
 src/org/ibex/crypto/EtcPasswd.java |   48 ++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 src/org/ibex/crypto/EtcPasswd.java

diff --git a/src/org/ibex/crypto/EtcPasswd.java b/src/org/ibex/crypto/EtcPasswd.java
new file mode 100644
index 0000000..3673427
--- /dev/null
+++ b/src/org/ibex/crypto/EtcPasswd.java
@@ -0,0 +1,48 @@
+package org.ibex.crypto;
+import org.ibex.util.*;
+import java.util.*;
+import java.io.*;
+
+/**
+ *  Right now this is a big fat hack; at some point it would be nice
+ *  to try lots of different techniques (JNI/getpwent(),
+ *  Runtime.exec(),
+ *  http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c
+ *
+ *  Also, this currently assumes that the user has MD5 passwords
+ *  enabled and OpenSSL installed.
+ */
+public class EtcPasswd {
+    public static boolean verify(String user, String pass) {
+        try {
+            BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream("/etc/passwd-")));
+            for(String s = br.readLine(); s != null; s = br.readLine()) {
+                StringTokenizer st = new StringTokenizer(s, ":");
+                if (!user.equals(st.nextToken())) continue;
+                try {
+                    String stuff = st.nextToken();
+                    StringTokenizer st2 = new StringTokenizer(stuff, "$");
+                    st2.nextToken();
+                    String salt = st2.nextToken();
+                    Process p =
+                        Runtime.getRuntime().exec(new String[] {
+                            "/usr/bin/openssl",
+                            "passwd",
+                            "-1",
+                            "-stdin",
+                            "-salt",
+                            salt });
+                    PrintWriter pw = new PrintWriter(p.getOutputStream());
+                    pw.println(pass);
+                    pw.flush();
+                    pw.close();
+                    BufferedReader br2 = new BufferedReader(new InputStreamReader(p.getInputStream()));
+                    String recrypt = br2.readLine();
+                    p.waitFor();
+                    if (recrypt.equals(stuff)) return true;
+                } catch (Exception e) { Log.warn(EtcPasswd.class, e); }
+            }
+        } catch (Exception e) { Log.warn(EtcPasswd.class, e); }
+        return false;
+    }
+}
-- 
1.7.10.4