/*
 * This is the mgetpwuid function that is to be used in place of getpwuid(3)
 * It supplies a mock hash; the real getpwuid requires access to the shadow
 * password file, which students (and the teacher!) don't have
 *
 * To get the test program, compile with -DTEST
 *
 * In *all* cases, on the CSIF systems, you *must* link with "-lcrypt:
 *
 * Hacked out by Matt Bishop on March 1, 2003, in a fit of frenzy for
 * my ECS 153 class :-)
 */
#include <stdio.h>
#include <pwd.h>
#include <string.h>
#include <unistd.h>

/*
 * the password and salt to use, because we can't get to the real one
 */
#define	PASSWD	"hello!"
#define	SALT	"Ab"

/*
 * forward declarations
 */
char *crypt(char *, char *);		/*old UNIX/Linux hash function */

/*
 * the fake getpwuid
 * Used just like the real one, but it *always* sets the password
 * hash field to the password PASSWD hashed with salt SALT
 */
struct passwd *mgetpwuid(int uid)
{
	struct passwd *result;		/* points to return structure */
	static char hash[100];		/* persistent space for the hash */

	/*
	 * get the user information structure from the password database
	 */
	if ((result = getpwuid(uid)) != NULL){
		/* got it -- now zap and replace the hash */
		(void) strcpy(hash, crypt(PASSWD, SALT));
		result->pw_passwd = hash;
	}

	/*
	 * announce the results
	 */
	return(result);
}


#ifdef TEST

#define USER	"bishop"
#define ERROR	1
#define	NOERROR	0

int main(int argc, char *argv[])
{
	int i;			/* counter in a for loop */
	int ruid;		/* real process UID (RUID) */
	struct passwd *pw;	/* points to user information */
	char *p;		/* points to loaded password */

	/*
	 * first figure out who we are (process real UID RUID)
	 */
	ruid = getuid();

	/*
	 * now loop through the list of users
	 */
	for(i = 1; i < argc; i++){
		/* get user information, modified as above */
		if ((pw = mgetpwuid(ruid)) == NULL){
			fprintf(stderr, "\"%d\": no such user\n", ruid);
			return(ERROR);
		}

		/* see if the user named matches the distinguished user USER */
		printf("User \"%s\":", argv[i]);
		if (strcmp(argv[i], pw->pw_name) == 0)
			printf(" *** it's the user named as argument %d!", i);
		putchar('\n');

		/* print the user structure fields */
		printf("\tname:\t%s\n", pw->pw_name);
		printf("\thashpw:\t%s\n", pw->pw_passwd);
		printf("\tUID:\t%d\n", pw->pw_uid);
		printf("\tGID:\t%d\n", pw->pw_gid);
		printf("\tGECOS:\t%s\n", pw->pw_gecos);
		printf("\thome:\t%s\n", pw->pw_dir);
		printf("\tshell:\t%s\n", pw->pw_shell);

		/*
		 * now we check the password
		 *
		 * get the password
		 */
		if ((p = getpass("Password: ")) == NULL){
			fprintf(stderr, "No password given.\n");
			continue;
		}

		/* see if it's right */
		if (strcmp(pw->pw_passwd, crypt(p, SALT)) == 0)
			printf("+++ Hey, that's the right password :-)\n");
		else
			printf("--- Sorry, that's the wrong password :-(\n");
	}

	/*
	 * bye-bye Birdie!
	 */
	return(NOERROR);
}
#endif