forked from github/server
Bug 2527: PASSWORD command handling of bad passwords.
This commit is contained in:
parent
37f964e0ca
commit
0895ccd5d9
6 changed files with 59 additions and 20 deletions
|
@ -2429,6 +2429,9 @@ msgstr "\"$unit($unit) konnte nur $int($ships) von $int($maxships) Schiffen verz
|
||||||
msgid "error283"
|
msgid "error283"
|
||||||
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Das Passwort darf nur Buchstaben und Ziffern enthalten.\""
|
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Das Passwort darf nur Buchstaben und Ziffern enthalten.\""
|
||||||
|
|
||||||
|
msgid "error321"
|
||||||
|
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Das gewählte Passwort war zu lang.\""
|
||||||
|
|
||||||
msgid "rust_effect"
|
msgid "rust_effect"
|
||||||
msgstr "\"$unit($mage) legt einen Rosthauch auf $unit($target). $int($amount) Waffen wurden vom Rost zerfressen.\""
|
msgstr "\"$unit($mage) legt einen Rosthauch auf $unit($target). $int($amount) Waffen wurden vom Rost zerfressen.\""
|
||||||
|
|
||||||
|
|
|
@ -2426,6 +2426,9 @@ msgstr "\"$unit($unit) in $region($region): '$order($command)' - No luxury items
|
||||||
msgid "stormwinds_reduced"
|
msgid "stormwinds_reduced"
|
||||||
msgstr "\"$unit($unit) could only enchant $int($ships) of $int($maxships) ships.\""
|
msgstr "\"$unit($unit) could only enchant $int($ships) of $int($maxships) ships.\""
|
||||||
|
|
||||||
|
msgid "error321"
|
||||||
|
msgstr "\"$unit($unit) in $region($region): '$order($command)' - The chosen password was too long.\""
|
||||||
|
|
||||||
msgid "error283"
|
msgid "error283"
|
||||||
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Your password may only contain alphanumeric symbols.\""
|
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Your password may only contain alphanumeric symbols.\""
|
||||||
|
|
||||||
|
|
35
src/laws.c
35
src/laws.c
|
@ -2088,34 +2088,33 @@ int email_cmd(unit * u, struct order *ord)
|
||||||
|
|
||||||
int password_cmd(unit * u, struct order *ord)
|
int password_cmd(unit * u, struct order *ord)
|
||||||
{
|
{
|
||||||
char pwbuf[32];
|
char pwbuf[PASSWORD_MAXSIZE + 1];
|
||||||
const char *s;
|
const char *s;
|
||||||
bool pwok = true;
|
|
||||||
|
|
||||||
init_order_depr(ord);
|
init_order_depr(ord);
|
||||||
|
pwbuf[PASSWORD_MAXSIZE] = '\n';
|
||||||
s = gettoken(pwbuf, sizeof(pwbuf));
|
s = gettoken(pwbuf, sizeof(pwbuf));
|
||||||
|
if (pwbuf[PASSWORD_MAXSIZE] == '\0') {
|
||||||
|
cmistake(u, ord, 321, MSG_EVENT);
|
||||||
|
pwbuf[PASSWORD_MAXSIZE - 1] = '\0';
|
||||||
|
}
|
||||||
|
|
||||||
if (!s || !*s) {
|
if (s && *s) {
|
||||||
int i;
|
unsigned char *c = (unsigned char *)pwbuf;
|
||||||
for (i = 0; i < 6; i++)
|
int i, r = 0;
|
||||||
pwbuf[i] = (char)(97 + rng_int() % 26);
|
|
||||||
pwbuf[6] = 0;
|
for (i = 0; c[i] && i != PASSWORD_MAXSIZE; ++i) {
|
||||||
}
|
if (!isalnum(c[i])) {
|
||||||
else {
|
c[i] = 'X';
|
||||||
char *c;
|
++r;
|
||||||
for (c = pwbuf; *c && pwok; ++c) {
|
|
||||||
if (!isalnum(*(unsigned char *)c)) {
|
|
||||||
pwok = false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
if (r != 0) {
|
||||||
if (!pwok) {
|
|
||||||
cmistake(u, ord, 283, MSG_EVENT);
|
cmistake(u, ord, 283, MSG_EVENT);
|
||||||
str_strlcpy(pwbuf, itoa36(rng_int()), sizeof(pwbuf));
|
}
|
||||||
}
|
}
|
||||||
faction_setpassword(u->faction, password_hash(pwbuf, PASSWORD_DEFAULT));
|
faction_setpassword(u->faction, password_hash(pwbuf, PASSWORD_DEFAULT));
|
||||||
ADDMSG(&u->faction->msgs, msg_message("changepasswd",
|
ADDMSG(&u->faction->msgs, msg_message("changepasswd", "value", pwbuf));
|
||||||
"value", pwbuf));
|
|
||||||
u->faction->flags |= FFL_PWMSG;
|
u->faction->flags |= FFL_PWMSG;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,6 +48,37 @@ static void test_new_building_can_be_renamed(CuTest * tc)
|
||||||
test_teardown();
|
test_teardown();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void test_password_cmd(CuTest * tc)
|
||||||
|
{
|
||||||
|
unit *u;
|
||||||
|
faction * f;
|
||||||
|
test_setup();
|
||||||
|
u = test_create_unit(f = test_create_faction(NULL), test_create_plain(0, 0));
|
||||||
|
|
||||||
|
u->thisorder = create_order(K_PASSWORD, f->locale, "abcdefgh");
|
||||||
|
password_cmd(u, u->thisorder);
|
||||||
|
CuAssertPtrNotNull(tc, faction_getpassword(f));
|
||||||
|
CuAssertTrue(tc, checkpasswd(f, "abcdefgh"));
|
||||||
|
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
|
||||||
|
free_order(u->thisorder);
|
||||||
|
|
||||||
|
u->thisorder = create_order(K_PASSWORD, f->locale, "abc*de*");
|
||||||
|
password_cmd(u, u->thisorder);
|
||||||
|
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error283"));
|
||||||
|
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
|
||||||
|
CuAssertTrue(tc, !checkpasswd(f, "abc*de*"));
|
||||||
|
CuAssertTrue(tc, checkpasswd(f, "abcXdeX"));
|
||||||
|
free_order(u->thisorder);
|
||||||
|
|
||||||
|
u->thisorder = create_order(K_PASSWORD, f->locale, "1234567890123456789012345678901234567890");
|
||||||
|
password_cmd(u, u->thisorder);
|
||||||
|
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error321"));
|
||||||
|
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
|
||||||
|
CuAssertTrue(tc, checkpasswd(f, "1234567890123456789012345678901"));
|
||||||
|
|
||||||
|
test_teardown();
|
||||||
|
}
|
||||||
|
|
||||||
static void test_rename_building(CuTest * tc)
|
static void test_rename_building(CuTest * tc)
|
||||||
{
|
{
|
||||||
region *r;
|
region *r;
|
||||||
|
@ -1831,6 +1862,7 @@ CuSuite *get_laws_suite(void)
|
||||||
SUITE_ADD_TEST(suite, test_long_order_buy_cast);
|
SUITE_ADD_TEST(suite, test_long_order_buy_cast);
|
||||||
SUITE_ADD_TEST(suite, test_long_order_hungry);
|
SUITE_ADD_TEST(suite, test_long_order_hungry);
|
||||||
SUITE_ADD_TEST(suite, test_new_building_can_be_renamed);
|
SUITE_ADD_TEST(suite, test_new_building_can_be_renamed);
|
||||||
|
SUITE_ADD_TEST(suite, test_password_cmd);
|
||||||
SUITE_ADD_TEST(suite, test_rename_building);
|
SUITE_ADD_TEST(suite, test_rename_building);
|
||||||
SUITE_ADD_TEST(suite, test_rename_building_twice);
|
SUITE_ADD_TEST(suite, test_rename_building_twice);
|
||||||
SUITE_ADD_TEST(suite, test_fishing_feeds_2_people);
|
SUITE_ADD_TEST(suite, test_fishing_feeds_2_people);
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
#include "util/filereader.h"
|
#include "util/filereader.h"
|
||||||
#include "util/param.h"
|
#include "util/param.h"
|
||||||
#include "util/parser.h"
|
#include "util/parser.h"
|
||||||
|
#include "util/password.h"
|
||||||
#include "util/order_parser.h"
|
#include "util/order_parser.h"
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
@ -127,7 +128,7 @@ static faction *factionorders(void)
|
||||||
faction *f = findfaction(fid);
|
faction *f = findfaction(fid);
|
||||||
|
|
||||||
if (f != NULL && (f->flags & FFL_NPC) == 0) {
|
if (f != NULL && (f->flags & FFL_NPC) == 0) {
|
||||||
char token[128];
|
char token[PASSWORD_MAXSIZE];
|
||||||
const char *pass = gettoken(token, sizeof(token));
|
const char *pass = gettoken(token, sizeof(token));
|
||||||
|
|
||||||
if (!checkpasswd(f, (const char *)pass)) {
|
if (!checkpasswd(f, (const char *)pass)) {
|
||||||
|
|
|
@ -6,6 +6,7 @@ typedef enum cryptalgo_t {
|
||||||
PASSWORD_BCRYPT
|
PASSWORD_BCRYPT
|
||||||
} cryptalgo_t;
|
} cryptalgo_t;
|
||||||
#define PASSWORD_DEFAULT PASSWORD_BCRYPT
|
#define PASSWORD_DEFAULT PASSWORD_BCRYPT
|
||||||
|
#define PASSWORD_MAXSIZE 32
|
||||||
|
|
||||||
extern int bcrypt_workfactor;
|
extern int bcrypt_workfactor;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue