From 8d05f4cc25b7e53afaba510c7834de564f9a9b6c Mon Sep 17 00:00:00 2001
From: Enno Rehling <enno.rehling@gmail.com>
Date: Thu, 14 Jan 2016 15:49:09 +0100
Subject: [PATCH] implement MD5 crypted passwords as default

---
 crypto                    |  2 +-
 src/bind_faction.c        |  2 +-
 src/kernel/faction.c      |  2 +-
 src/kernel/faction.test.c |  2 +-
 src/kernel/save.c         |  2 +-
 src/laws.c                |  2 +-
 src/util/password.c       | 23 ++++++++++-------------
 src/util/password.h       |  6 +++---
 src/util/password.test.c  |  9 +++++++--
 9 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/crypto b/crypto
index 166fdc8c1..c2a682476 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit 166fdc8c146755055217070c58079ba9a7c03369
+Subproject commit c2a682476a96cdff972ac2b64051f61edf76064e
diff --git a/src/bind_faction.c b/src/bind_faction.c
index 638a92bf6..eb535d50b 100644
--- a/src/bind_faction.c
+++ b/src/bind_faction.c
@@ -386,7 +386,7 @@ static int tolua_faction_set_password(lua_State * L)
 {
     faction *self = (faction *)tolua_tousertype(L, 1, 0);
     const char * passw = tolua_tostring(L, 2, 0);
-    faction_setpassword(self, password_hash(passw, PASSWORD_DEFAULT));
+    faction_setpassword(self, password_hash(passw, 0, PASSWORD_DEFAULT));
     return 0;
 }
 
diff --git a/src/kernel/faction.c b/src/kernel/faction.c
index ea0ee7551..ea12c315f 100755
--- a/src/kernel/faction.c
+++ b/src/kernel/faction.c
@@ -253,7 +253,7 @@ faction *addfaction(const char *email, const char *password,
     }
 
     if (!password) password = itoa36(rng_int());
-    faction_setpassword(f, password_hash(password, PASSWORD_DEFAULT));
+    faction_setpassword(f, password_hash(password, 0, PASSWORD_DEFAULT));
     ADDMSG(&f->msgs, msg_message("changepasswd", "value", password));
 
     f->alliance_joindate = turn;
diff --git a/src/kernel/faction.test.c b/src/kernel/faction.test.c
index bd864c309..678aaa068 100644
--- a/src/kernel/faction.test.c
+++ b/src/kernel/faction.test.c
@@ -124,7 +124,7 @@ static void test_check_passwd(CuTest *tc) {
     faction *f;
     
     f = test_create_faction(0);
-    faction_setpassword(f, password_hash("password", PASSWORD_DEFAULT));
+    faction_setpassword(f, password_hash("password", 0, PASSWORD_DEFAULT));
     CuAssertIntEquals(tc, true, checkpasswd(f, "password"));
     CuAssertIntEquals(tc, false, checkpasswd(f, "assword"));
     CuAssertIntEquals(tc, false, checkpasswd(f, "PASSWORD"));
diff --git a/src/kernel/save.c b/src/kernel/save.c
index 792b70779..35062c44d 100644
--- a/src/kernel/save.c
+++ b/src/kernel/save.c
@@ -1217,7 +1217,7 @@ faction *readfaction(struct gamedata * data)
     }
 
     READ_STR(data->store, name, sizeof(name));
-    faction_setpassword(f, (data->version >= CRYPT_VERSION) ? name : password_hash(name, PASSWORD_DEFAULT));
+    faction_setpassword(f, (data->version >= CRYPT_VERSION) ? name : password_hash(name, 0, PASSWORD_DEFAULT));
     if (data->version < NOOVERRIDE_VERSION) {
         READ_STR(data->store, 0, 0);
     }
diff --git a/src/laws.c b/src/laws.c
index 212a56f55..adaa4a6cc 100755
--- a/src/laws.c
+++ b/src/laws.c
@@ -2170,7 +2170,7 @@ int password_cmd(unit * u, struct order *ord)
         cmistake(u, ord, 283, MSG_EVENT);
         strlcpy(pwbuf, itoa36(rng_int()), sizeof(pwbuf));
     }
-    faction_setpassword(u->faction, password_hash(pwbuf, PASSWORD_DEFAULT));
+    faction_setpassword(u->faction, password_hash(pwbuf, 0, PASSWORD_DEFAULT));
     ADDMSG(&u->faction->msgs, msg_message("changepasswd",
         "value", pwbuf));
     return 0;
diff --git a/src/util/password.c b/src/util/password.c
index 07894c223..a2764bb63 100644
--- a/src/util/password.c
+++ b/src/util/password.c
@@ -16,13 +16,9 @@ static const char * password_hash_i(const char * passwd, const char *salt, int a
         _snprintf(result, len, "$0$%s$%s", salt, passwd);
     }
     else if (algo == PASSWORD_MD5) {
-        md5_state_t ms;
-        md5_byte_t digest[16];
-        md5_init(&ms);
-        md5_append(&ms, (const md5_byte_t *)passwd, (int)strlen(passwd));
-        md5_append(&ms, (const md5_byte_t *)salt, (int)strlen(salt));
-        md5_finish(&ms, digest);
-        _snprintf(result, len, "$1$%s$%s", salt, digest); // FIXME: need to build a hex string first!
+        char * result = md5_crypt(passwd, salt);
+        return result;
+//        _snprintf(result, len, "$1$%s$%s", salt, digest); // FIXME: need to build a hex string first!
     } 
     else {
         return NULL;
@@ -30,10 +26,11 @@ static const char * password_hash_i(const char * passwd, const char *salt, int a
     return result;
 }
 
-const char * password_hash(const char * passwd, int algo) {
+const char * password_hash(const char * passwd, const char * salt, int algo) {
     static char result[64]; // TODO: static result buffers are bad mojo!
+    if (!salt) salt = "saltyass"; // FIXME: generate a secure salt!
     if (algo < 0) algo = PASSWORD_DEFAULT;
-    return password_hash_i(passwd, "saltyfish", PASSWORD_DEFAULT, result, sizeof(result));
+    return password_hash_i(passwd, salt, algo, result, sizeof(result));
 }
 
 static bool password_is_implemented(int algo) {
@@ -46,9 +43,9 @@ int password_verify(const char * pwhash, const char * passwd) {
     size_t len;
     int algo;
     char *pos;
-    const char *dol;
-    assert(pwhash);
+    const char *dol, *result;
     assert(passwd);
+    assert(pwhash);
     assert(pwhash[0] == '$');
     algo = pwhash[1] - '0';
     pos = strchr(pwhash+2, '$');
@@ -60,11 +57,11 @@ int password_verify(const char * pwhash, const char * passwd) {
     assert(len <= MAXSALTLEN);
     strncpy(salt, pos, len);
     salt[len] = 0;
-    password_hash_i(passwd, salt, algo, hash, sizeof(hash));
+    result = password_hash_i(passwd, salt, algo, hash, sizeof(hash));
     if (!password_is_implemented(algo)) {
         return VERIFY_UNKNOWN;
     }
-    if (strcmp(pwhash, hash) == 0) {
+    if (strcmp(pwhash, result) == 0) {
         return VERIFY_OK;
     }
     return VERIFY_FAIL;
diff --git a/src/util/password.h b/src/util/password.h
index aed554163..0f8d23ec3 100644
--- a/src/util/password.h
+++ b/src/util/password.h
@@ -5,11 +5,11 @@
 #define PASSWORD_BCRYPT 2 // not implemented
 #define PASSWORD_SHA256 5 // not implemented
 #define PASSWORD_SHA512 6 // not implemented
-#define PASSWORD_DEFAULT PASSWORD_PLAIN
+#define PASSWORD_DEFAULT PASSWORD_MD5
 
 
 #define VERIFY_OK 0 // password matches hash
 #define VERIFY_FAIL 1 // password is wrong
 #define VERIFY_UNKNOWN 2 // hashing algorithm not supported
-int password_verify(const char * hash, const char * passwd);
-const char * password_hash(const char * passwd, int algo);
+int password_verify(const char *hash, const char *passwd);
+const char * password_hash(const char *passwd, const char *salt, int algo);
diff --git a/src/util/password.test.c b/src/util/password.test.c
index 4dfaa6a1d..bd7a75cb7 100644
--- a/src/util/password.test.c
+++ b/src/util/password.test.c
@@ -5,9 +5,14 @@
 static void test_passwords(CuTest *tc) {
     const char *hash;
 
-    hash = password_hash("password", PASSWORD_PLAIN);
+    hash = password_hash("jollygood", "ZouUn04i", PASSWORD_MD5);
     CuAssertPtrNotNull(tc, hash);
-    CuAssertStrEquals(tc, "$0$saltyfish$password", hash);
+    CuAssertStrEquals(tc, "$1$ZouUn04i$yNnT1Oy8azJ5V.UM9ppP5/", hash);
+    CuAssertIntEquals(tc, VERIFY_OK, password_verify(hash, "jollygood"));
+
+    hash = password_hash("password", "hodor", PASSWORD_PLAIN);
+    CuAssertPtrNotNull(tc, hash);
+    CuAssertStrEquals(tc, "$0$hodor$password", hash);
     CuAssertIntEquals(tc, VERIFY_OK, password_verify(hash, "password"));
     CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(hash, "arseword"));
     CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));