X-Git-Url: http://git.bytex64.net/?a=blobdiff_plain;f=common%2Fauth.c;h=26569fd86c31773b10b465642328eeb1d1eb82b4;hb=d119f69edc7c2a9ad2ded2be7fe71eae89926f92;hp=01164626e9599a9e29cd9917c580028040f41b0b;hpb=a65aeec9e6152703de9c770e56e689b1356cddb0;p=blerg.git

diff --git a/common/auth.c b/common/auth.c
index 0116462..26569fd 100644
--- a/common/auth.c
+++ b/common/auth.c
@@ -1,3 +1,6 @@
+/* Blerg is (C) 2011 The Dominion of Awesome, and is distributed under a
+ * BSD-style license.  Please see the COPYING file for details.
+ */
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
@@ -6,19 +9,25 @@
 #include <stdlib.h>
 #include "config.h"
 #include "auth.h"
+#include "util.h"
 
 #define TOKEN_SIZE 16
+#define MAX_PASSWORD_LENGTH 64
 
 int auth_set_password(const char *username, const char *password) {
 	char filename[512];
-	int fd;
+	int fd, n;
+
+	if (!valid_name(username) || !blerg_exists(username))
+		return 0;
 
-	if (!blerg_exists(username))
+	n = strlen(password);
+	if (n > MAX_PASSWORD_LENGTH)
 		return 0;
 
 	snprintf(filename, 512, "%s/%s/password", DATA_PATH, username);
 	fd = open(filename, O_WRONLY | O_CREAT, 0600);
-	write(fd, password, strlen(password));
+	write(fd, password, n);
 	close(fd);
 	
 	return 1;
@@ -29,11 +38,14 @@ int auth_get_password(const char *username, char *password) {
 	int fd;
 	int len = 0;
 
+	if (!valid_name(username))
+		return 0;
+
 	sprintf(filename, "%s/%s/password", DATA_PATH, username);
 	fd = open(filename, O_RDONLY);
 	if (fd == -1)
 		return 0;
-	len = read(fd, password, 32);
+	len = read(fd, password, MAX_PASSWORD_LENGTH);
 	close(fd);
 
 	password[len] = 0;
@@ -47,7 +59,7 @@ int auth_check_password(const char *username, const char *password) {
 	if (auth_get_password(username, epw) == 0)
 		return 0;
 
-	if (strncmp(password, epw, 32) == 0)
+	if (strncmp(password, epw, MAX_PASSWORD_LENGTH) == 0)
 		return 1;
 	else
 		return 0;
@@ -107,6 +119,10 @@ int auth_login(const char *username, const char *password) {
 
 int auth_logout(const char *username) {
 	char filename[512];
+
+	if (!valid_name(username))
+		return 0;
+
 	sprintf(filename, "%s/%s/token", DATA_PATH, username);
 	if (unlink(filename) == -1)
 		return 0;
@@ -119,6 +135,9 @@ char *auth_get_token(const char *username) {
 	char *token;
 	int token_fd;
 
+	if (!valid_name(username))
+		return 0;
+
 	sprintf(filename, "%s/%s/token", DATA_PATH, username);
 	token_fd = open(filename, O_RDONLY, 0600);
 	if (token_fd == -1) {
@@ -132,3 +151,14 @@ char *auth_get_token(const char *username) {
 
 	return token;
 }
+
+int auth_check_token(const char *username, const char *given_token) {
+	char *token = auth_get_token(username);
+	if (token != NULL && given_token != NULL) {
+		int ret = (strncmp(token, given_token, TOKEN_SIZE * 2) == 0);
+		free(token);
+		return ret;
+	} else {
+		return 0;
+	}
+}