Bug 2527: PASSWORD command handling of bad passwords.

This commit is contained in:
Enno Rehling 2018-12-03 19:19:06 +01:00
parent 37f964e0ca
commit 0895ccd5d9
6 changed files with 59 additions and 20 deletions

View file

@ -2429,6 +2429,9 @@ msgstr "\"$unit($unit) konnte nur $int($ships) von $int($maxships) Schiffen verz
msgid "error283" msgid "error283"
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Das Passwort darf nur Buchstaben und Ziffern enthalten.\"" msgstr "\"$unit($unit) in $region($region): '$order($command)' - Das Passwort darf nur Buchstaben und Ziffern enthalten.\""
msgid "error321"
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Das gewählte Passwort war zu lang.\""
msgid "rust_effect" msgid "rust_effect"
msgstr "\"$unit($mage) legt einen Rosthauch auf $unit($target). $int($amount) Waffen wurden vom Rost zerfressen.\"" msgstr "\"$unit($mage) legt einen Rosthauch auf $unit($target). $int($amount) Waffen wurden vom Rost zerfressen.\""

View file

@ -2426,6 +2426,9 @@ msgstr "\"$unit($unit) in $region($region): '$order($command)' - No luxury items
msgid "stormwinds_reduced" msgid "stormwinds_reduced"
msgstr "\"$unit($unit) could only enchant $int($ships) of $int($maxships) ships.\"" msgstr "\"$unit($unit) could only enchant $int($ships) of $int($maxships) ships.\""
msgid "error321"
msgstr "\"$unit($unit) in $region($region): '$order($command)' - The chosen password was too long.\""
msgid "error283" msgid "error283"
msgstr "\"$unit($unit) in $region($region): '$order($command)' - Your password may only contain alphanumeric symbols.\"" msgstr "\"$unit($unit) in $region($region): '$order($command)' - Your password may only contain alphanumeric symbols.\""

View file

@ -2088,34 +2088,33 @@ int email_cmd(unit * u, struct order *ord)
int password_cmd(unit * u, struct order *ord) int password_cmd(unit * u, struct order *ord)
{ {
char pwbuf[32]; char pwbuf[PASSWORD_MAXSIZE + 1];
const char *s; const char *s;
bool pwok = true;
init_order_depr(ord); init_order_depr(ord);
pwbuf[PASSWORD_MAXSIZE] = '\n';
s = gettoken(pwbuf, sizeof(pwbuf)); s = gettoken(pwbuf, sizeof(pwbuf));
if (pwbuf[PASSWORD_MAXSIZE] == '\0') {
cmistake(u, ord, 321, MSG_EVENT);
pwbuf[PASSWORD_MAXSIZE - 1] = '\0';
}
if (!s || !*s) { if (s && *s) {
int i; unsigned char *c = (unsigned char *)pwbuf;
for (i = 0; i < 6; i++) int i, r = 0;
pwbuf[i] = (char)(97 + rng_int() % 26);
pwbuf[6] = 0; for (i = 0; c[i] && i != PASSWORD_MAXSIZE; ++i) {
} if (!isalnum(c[i])) {
else { c[i] = 'X';
char *c; ++r;
for (c = pwbuf; *c && pwok; ++c) {
if (!isalnum(*(unsigned char *)c)) {
pwok = false;
} }
} }
} if (r != 0) {
if (!pwok) {
cmistake(u, ord, 283, MSG_EVENT); cmistake(u, ord, 283, MSG_EVENT);
str_strlcpy(pwbuf, itoa36(rng_int()), sizeof(pwbuf)); }
} }
faction_setpassword(u->faction, password_hash(pwbuf, PASSWORD_DEFAULT)); faction_setpassword(u->faction, password_hash(pwbuf, PASSWORD_DEFAULT));
ADDMSG(&u->faction->msgs, msg_message("changepasswd", ADDMSG(&u->faction->msgs, msg_message("changepasswd", "value", pwbuf));
"value", pwbuf));
u->faction->flags |= FFL_PWMSG; u->faction->flags |= FFL_PWMSG;
return 0; return 0;
} }

View file

@ -48,6 +48,37 @@ static void test_new_building_can_be_renamed(CuTest * tc)
test_teardown(); test_teardown();
} }
static void test_password_cmd(CuTest * tc)
{
unit *u;
faction * f;
test_setup();
u = test_create_unit(f = test_create_faction(NULL), test_create_plain(0, 0));
u->thisorder = create_order(K_PASSWORD, f->locale, "abcdefgh");
password_cmd(u, u->thisorder);
CuAssertPtrNotNull(tc, faction_getpassword(f));
CuAssertTrue(tc, checkpasswd(f, "abcdefgh"));
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
free_order(u->thisorder);
u->thisorder = create_order(K_PASSWORD, f->locale, "abc*de*");
password_cmd(u, u->thisorder);
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error283"));
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
CuAssertTrue(tc, !checkpasswd(f, "abc*de*"));
CuAssertTrue(tc, checkpasswd(f, "abcXdeX"));
free_order(u->thisorder);
u->thisorder = create_order(K_PASSWORD, f->locale, "1234567890123456789012345678901234567890");
password_cmd(u, u->thisorder);
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "error321"));
CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd"));
CuAssertTrue(tc, checkpasswd(f, "1234567890123456789012345678901"));
test_teardown();
}
static void test_rename_building(CuTest * tc) static void test_rename_building(CuTest * tc)
{ {
region *r; region *r;
@ -1831,6 +1862,7 @@ CuSuite *get_laws_suite(void)
SUITE_ADD_TEST(suite, test_long_order_buy_cast); SUITE_ADD_TEST(suite, test_long_order_buy_cast);
SUITE_ADD_TEST(suite, test_long_order_hungry); SUITE_ADD_TEST(suite, test_long_order_hungry);
SUITE_ADD_TEST(suite, test_new_building_can_be_renamed); SUITE_ADD_TEST(suite, test_new_building_can_be_renamed);
SUITE_ADD_TEST(suite, test_password_cmd);
SUITE_ADD_TEST(suite, test_rename_building); SUITE_ADD_TEST(suite, test_rename_building);
SUITE_ADD_TEST(suite, test_rename_building_twice); SUITE_ADD_TEST(suite, test_rename_building_twice);
SUITE_ADD_TEST(suite, test_fishing_feeds_2_people); SUITE_ADD_TEST(suite, test_fishing_feeds_2_people);

View file

@ -14,6 +14,7 @@
#include "util/filereader.h" #include "util/filereader.h"
#include "util/param.h" #include "util/param.h"
#include "util/parser.h" #include "util/parser.h"
#include "util/password.h"
#include "util/order_parser.h" #include "util/order_parser.h"
#include <assert.h> #include <assert.h>
@ -127,7 +128,7 @@ static faction *factionorders(void)
faction *f = findfaction(fid); faction *f = findfaction(fid);
if (f != NULL && (f->flags & FFL_NPC) == 0) { if (f != NULL && (f->flags & FFL_NPC) == 0) {
char token[128]; char token[PASSWORD_MAXSIZE];
const char *pass = gettoken(token, sizeof(token)); const char *pass = gettoken(token, sizeof(token));
if (!checkpasswd(f, (const char *)pass)) { if (!checkpasswd(f, (const char *)pass)) {

View file

@ -6,6 +6,7 @@ typedef enum cryptalgo_t {
PASSWORD_BCRYPT PASSWORD_BCRYPT
} cryptalgo_t; } cryptalgo_t;
#define PASSWORD_DEFAULT PASSWORD_BCRYPT #define PASSWORD_DEFAULT PASSWORD_BCRYPT
#define PASSWORD_MAXSIZE 32
extern int bcrypt_workfactor; extern int bcrypt_workfactor;