/* this function parses tpasswd.conf file. Format is:
* int(index):base64(n):base64(g)
*/
static int
read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str)
{
char *p;
int len;
int index, ret;
gnutls_datum_t dat;
index = atoi (str);
p = strrchr (str, ':'); /* we have g */
if (p == NULL)
{
return -1;
}
*p = '\0';
p++;
/* read the generator */
len = strlen (p);
if (p[len - 1] == '\n')
len--;
dat.data = (void*)p;
dat.size = len;
ret = gnutls_srp_base64_decode_alloc (&dat, g);
if (ret < 0)
{
fprintf (stderr, "Decoding error\n");
return -1;
}
/* now go for n - modulo */
p = strrchr (str, ':'); /* we have n */
if (p == NULL)
{
return -1;
}
*p = '\0';
p++;
dat.data = (void*)p;
dat.size = strlen (p);
ret = gnutls_srp_base64_decode_alloc (&dat, n);
if (ret < 0)
{
fprintf (stderr, "Decoding error\n");
free (g->data);
return -1;
}
return index;
}
/* The format of a tpasswd file is:
* username:verifier:salt:index
*
* index is the index of the prime-generator pair in tpasswd.conf
*/
static int
_verify_passwd_int(const char *username, const char *passwd,
char *verifier, const char *salt,
const gnutls_datum_t * g, const gnutls_datum_t * n)
{
char _salt[1024];
gnutls_datum_t tmp, raw_salt, new_verifier;
size_t salt_size;
char *pos;
if (salt == NULL || verifier == NULL)
return -1;
if (strlen(salt) >= sizeof(_salt)) {
fprintf(stderr, "Too long salt.\n");
return -1;
}
/* copy salt, and null terminate after the ':' */
strcpy(_salt, salt);
pos = strchr(_salt, ':');
if (pos != NULL)
*pos = 0;
/* convert salt to binary. */
tmp.data = (void *) _salt;
tmp.size = strlen(_salt);
if (gnutls_srp_base64_decode_alloc(&tmp, &raw_salt) < 0) {
fprintf(stderr, "Could not decode salt.\n");
return -1;
}
if (gnutls_srp_verifier
(username, passwd, &raw_salt, g, n, &new_verifier) < 0) {
fprintf(stderr, "Could not make the verifier\n");
return -1;
}
free(raw_salt.data);
/* encode the verifier into _salt */
salt_size = sizeof(_salt);
memset(_salt, 0, salt_size);
if (gnutls_srp_base64_encode(&new_verifier, _salt, &salt_size) < 0) {
fprintf(stderr, "Encoding error\n");
return -1;
}
free(new_verifier.data);
if (strncmp(verifier, _salt, strlen(_salt)) == 0) {
fprintf(stderr, "Password verified\n");
return 0;
} else {
fprintf(stderr, "Password does NOT match\n");
}
return -1;
}