revert back to plaintext passwords, crypting isn't working

This commit is contained in:
Enno Rehling 2016-02-21 17:22:43 +01:00
parent 2c82ddd4d1
commit b09c6974c6
5 changed files with 33 additions and 17 deletions

View File

@ -566,7 +566,8 @@ void faction_setbanner(faction * self, const char *banner)
void faction_setpassword(faction * f, const char *pwhash)
{
assert(pwhash && pwhash[0] == '$');
assert(pwhash);
// && pwhash[0] == '$');
free(f->_password);
f->_password = _strdup(pwhash);
}

View File

@ -73,7 +73,7 @@ static void test_read_password(CuTest *tc) {
gamedata *data;
faction *f;
f = test_create_faction(0);
faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT));
faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT));
data = gamedata_open(path, "wb");
CuAssertPtrNotNull(tc, data);
_test_write_password(data, f);
@ -94,7 +94,7 @@ static void test_read_password_external(CuTest *tc) {
remove(pwfile);
f = test_create_faction(0);
faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT));
faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT));
CuAssertPtrNotNull(tc, f->_password);
data = gamedata_open(path, "wb");
CuAssertPtrNotNull(tc, data);

View File

@ -32,14 +32,14 @@ char *password_gensalt(char *salt, size_t salt_len) {
char *cp = salt;
while (buflen) {
unsigned long ul = genrand_int32() & (unsigned long)time(0);
b64_from_24bit((char)(ul & 0xFF), (char)((ul>>8)&0xff), (char)((ul>>16)&0xFF), 4);
b64_from_24bit((char)(ul & 0xFF), (char)((ul >> 8) & 0xff), (char)((ul >> 16) & 0xFF), 4);
}
salt[salt_len-1] = 0;
return salt;
}
static bool password_is_implemented(int algo) {
return algo == PASSWORD_BCRYPT || algo == PASSWORD_PLAIN || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
return algo == PASSWORD_PLAINTEXT || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
}
static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) {
@ -57,7 +57,11 @@ static const char * password_hash_i(const char * passwd, const char *input, int
}
return result;
}
else if (algo == PASSWORD_PLAIN) {
else if (algo == PASSWORD_PLAINTEXT) {
_snprintf(result, len, "%s", passwd);
return result;
}
else if (algo == PASSWORD_NOCRYPT) {
_snprintf(result, len, "$0$%s", passwd);
return result;
}
@ -99,17 +103,20 @@ const char * password_encode(const char * passwd, int algo) {
int password_verify(const char * pwhash, const char * passwd) {
char hash[64];
int algo;
int algo = PASSWORD_PLAINTEXT;
char *pos;
const char *result;
assert(passwd);
assert(pwhash);
assert(pwhash[0] == '$');
algo = pwhash[1];
if (pwhash[0] == '$') {
algo = pwhash[1];
}
if (!password_is_implemented(algo)) {
return VERIFY_UNKNOWN;
}
if (algo == PASSWORD_BCRYPT) {
if (algo == PASSWORD_PLAINTEXT) {
return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;
} else if (algo == PASSWORD_BCRYPT) {
char sample[200];
_crypt_blowfish_rn(passwd, pwhash, sample, sizeof(sample));
return (strcmp(sample, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;

View File

@ -1,12 +1,13 @@
#pragma once
#define PASSWORD_PLAIN '0'
#define PASSWORD_PLAINTEXT 0
#define PASSWORD_NOCRYPT '0'
#define PASSWORD_MD5 '1'
#define PASSWORD_BCRYPT '2' // not implemented
#define PASSWORD_APACHE_MD5 'a'
#define PASSWORD_SHA256 '5' // not implemented
#define PASSWORD_SHA512 '6' // not implemented
#define PASSWORD_DEFAULT PASSWORD_APACHE_MD5
#define PASSWORD_DEFAULT PASSWORD_PLAINTEXT
#define VERIFY_OK 0 // password matches hash
#define VERIFY_FAIL 1 // password is wrong

View File

@ -5,8 +5,6 @@
static void test_passwords(CuTest *tc) {
const char *hash, *expect;
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$password", "password"));
expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660";
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
@ -19,18 +17,27 @@ static void test_passwords(CuTest *tc) {
CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
expect = "$0$password";
expect = "password";
hash = password_encode("password", PASSWORD_PLAINTEXT);
CuAssertPtrNotNull(tc, hash);
CuAssertStrEquals(tc, hash, expect);
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
hash = password_encode("password", PASSWORD_PLAIN);
expect = "$0$password";
hash = password_encode("password", PASSWORD_NOCRYPT);
CuAssertPtrNotNull(tc, hash);
CuAssertStrEquals(tc, expect, hash);
CuAssertStrEquals(tc, hash, expect);
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm";
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
hash = password_encode("Hodor", PASSWORD_BCRYPT);
CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));
}
CuSuite *get_password_suite(void) {