diff --git a/src/kernel/faction.c b/src/kernel/faction.c index 86830c451..10c614505 100755 --- a/src/kernel/faction.c +++ b/src/kernel/faction.c @@ -566,7 +566,8 @@ void faction_setbanner(faction * self, const char *banner) void faction_setpassword(faction * f, const char *pwhash) { - assert(pwhash && pwhash[0] == '$'); + assert(pwhash); + // && pwhash[0] == '$'); free(f->_password); f->_password = _strdup(pwhash); } diff --git a/src/kernel/save.test.c b/src/kernel/save.test.c index 71cb6e91c..732353d1a 100644 --- a/src/kernel/save.test.c +++ b/src/kernel/save.test.c @@ -73,7 +73,7 @@ static void test_read_password(CuTest *tc) { gamedata *data; faction *f; f = test_create_faction(0); - faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT)); + faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT)); data = gamedata_open(path, "wb"); CuAssertPtrNotNull(tc, data); _test_write_password(data, f); @@ -94,7 +94,7 @@ static void test_read_password_external(CuTest *tc) { remove(pwfile); f = test_create_faction(0); - faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT)); + faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT)); CuAssertPtrNotNull(tc, f->_password); data = gamedata_open(path, "wb"); CuAssertPtrNotNull(tc, data); diff --git a/src/util/password.c b/src/util/password.c index b7880b8e6..24aff3d01 100644 --- a/src/util/password.c +++ b/src/util/password.c @@ -32,14 +32,14 @@ char *password_gensalt(char *salt, size_t salt_len) { char *cp = salt; while (buflen) { unsigned long ul = genrand_int32() & (unsigned long)time(0); - b64_from_24bit((char)(ul & 0xFF), (char)((ul>>8)&0xff), (char)((ul>>16)&0xFF), 4); + b64_from_24bit((char)(ul & 0xFF), (char)((ul >> 8) & 0xff), (char)((ul >> 16) & 0xFF), 4); } salt[salt_len-1] = 0; return salt; } static bool password_is_implemented(int algo) { - return algo == PASSWORD_BCRYPT || algo == PASSWORD_PLAIN || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5; + return algo == PASSWORD_PLAINTEXT || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5; } static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) { @@ -57,7 +57,11 @@ static const char * password_hash_i(const char * passwd, const char *input, int } return result; } - else if (algo == PASSWORD_PLAIN) { + else if (algo == PASSWORD_PLAINTEXT) { + _snprintf(result, len, "%s", passwd); + return result; + } + else if (algo == PASSWORD_NOCRYPT) { _snprintf(result, len, "$0$%s", passwd); return result; } @@ -99,17 +103,20 @@ const char * password_encode(const char * passwd, int algo) { int password_verify(const char * pwhash, const char * passwd) { char hash[64]; - int algo; + int algo = PASSWORD_PLAINTEXT; char *pos; const char *result; assert(passwd); assert(pwhash); - assert(pwhash[0] == '$'); - algo = pwhash[1]; + if (pwhash[0] == '$') { + algo = pwhash[1]; + } if (!password_is_implemented(algo)) { return VERIFY_UNKNOWN; } - if (algo == PASSWORD_BCRYPT) { + if (algo == PASSWORD_PLAINTEXT) { + return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL; + } else if (algo == PASSWORD_BCRYPT) { char sample[200]; _crypt_blowfish_rn(passwd, pwhash, sample, sizeof(sample)); return (strcmp(sample, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL; diff --git a/src/util/password.h b/src/util/password.h index ec7ab6bbc..fe84716d7 100644 --- a/src/util/password.h +++ b/src/util/password.h @@ -1,12 +1,13 @@ #pragma once -#define PASSWORD_PLAIN '0' +#define PASSWORD_PLAINTEXT 0 +#define PASSWORD_NOCRYPT '0' #define PASSWORD_MD5 '1' #define PASSWORD_BCRYPT '2' // not implemented #define PASSWORD_APACHE_MD5 'a' #define PASSWORD_SHA256 '5' // not implemented #define PASSWORD_SHA512 '6' // not implemented -#define PASSWORD_DEFAULT PASSWORD_APACHE_MD5 +#define PASSWORD_DEFAULT PASSWORD_PLAINTEXT #define VERIFY_OK 0 // password matches hash #define VERIFY_FAIL 1 // password is wrong diff --git a/src/util/password.test.c b/src/util/password.test.c index eb7bcbc69..bee535cdd 100644 --- a/src/util/password.test.c +++ b/src/util/password.test.c @@ -5,8 +5,6 @@ static void test_passwords(CuTest *tc) { const char *hash, *expect; - CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$password", "password")); - expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660"; CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); hash = password_encode("Hodor", PASSWORD_APACHE_MD5); @@ -19,18 +17,27 @@ static void test_passwords(CuTest *tc) { CuAssertPtrNotNull(tc, hash); CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3)); - expect = "$0$password"; + expect = "password"; + hash = password_encode("password", PASSWORD_PLAINTEXT); + CuAssertPtrNotNull(tc, hash); + CuAssertStrEquals(tc, hash, expect); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password")); CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword")); - hash = password_encode("password", PASSWORD_PLAIN); + + expect = "$0$password"; + hash = password_encode("password", PASSWORD_NOCRYPT); CuAssertPtrNotNull(tc, hash); - CuAssertStrEquals(tc, expect, hash); + CuAssertStrEquals(tc, hash, expect); + CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password")); + CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword")); expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm"; CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); hash = password_encode("Hodor", PASSWORD_BCRYPT); CuAssertPtrNotNull(tc, hash); CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7)); + + CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password")); } CuSuite *get_password_suite(void) {