1/* $NetBSD: checkpasswd.c,v 1.11 2019/03/31 20:08:45 christos Exp $ */ 2 3/*- 4 * Copyright (c) 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * @(#)gets.c 8.1 (Berkeley) 6/11/93 29 */ 30 31#ifdef _STANDALONE 32#include <lib/libkern/libkern.h> 33#else 34#include <string.h> 35#endif 36 37#include "stand.h" 38 39char * 40getpass(const char *prompt) 41{ 42 int c; 43 char *lp; 44 static char buf[128]; /* == _PASSWORD_LEN */ 45 46 printf("%s", prompt); 47 48 for (lp = buf;;) { 49 switch (c = getchar() & 0177) { 50 case '\n': 51 case '\r': 52 *lp = '\0'; 53 putchar('\n'); 54 return buf; 55 case '\b': 56 case '\177': 57 if (lp > buf) { 58 lp--; 59 putchar('\b'); 60 putchar(' '); 61 putchar('\b'); 62 } 63 break; 64#if HASH_ERASE 65 case '#': 66 if (lp > buf) 67 --lp; 68 break; 69#endif 70 case 'r'&037: { 71 char *p; 72 73 putchar('\n'); 74 for (p = buf; p < lp; ++p) 75 putchar('*'); 76 break; 77 } 78#if AT_ERASE 79 case '@': 80#endif 81 case 'u'&037: 82 case 'w'&037: 83 lp = buf; 84 putchar('\n'); 85 break; 86 default: 87 if ((size_t)(lp - buf) < sizeof(buf) - 1) { 88 *lp++ = (char)c; 89 putchar('*'); 90 } 91 break; 92 } 93 } 94 /*NOTREACHED*/ 95} 96 97#include <sys/md5.h> 98 99char bootpasswd[16] = {'\0'}; /* into data segment! */ 100 101int 102checkpasswd(void) 103{ 104 105 return check_password(bootpasswd); 106} 107 108int 109check_password(const char *password) 110{ 111 int i; 112 char *passwd; 113 MD5_CTX md5ctx; 114 char pwdigest[16]; 115 116 for (i = 0; i < 16; i++) 117 if (password[i]) 118 break; 119 if (i == 16) 120 return 1; /* no password set */ 121 122 for (i = 0; i < 3; i++) { 123 passwd = getpass("Password: "); 124 MD5Init(&md5ctx); 125 MD5Update(&md5ctx, passwd, (u_int)strlen(passwd)); 126 MD5Final(pwdigest, &md5ctx); 127 if (memcmp(pwdigest, password, 16) == 0) 128 return 1; 129 } 130 131 /* failed */ 132 return 0; 133} 134