From acbbf42db12393f2795793c8867ce830a382afe1 Mon Sep 17 00:00:00 2001 From: Enno Rehling Date: Sat, 12 Jan 2019 21:26:48 +0100 Subject: [PATCH] write a warning in the template about password replacement. for new factions, put the generated password into the template. normalize and secure password generation. --- res/translations/strings.de.po | 3 +++ res/translations/strings.en.po | 3 +++ src/kernel/faction.c | 9 +++++---- src/kernel/faction.h | 2 +- src/report.c | 16 ++++++++++----- src/reports.c | 9 ++++++--- src/reports.h | 3 ++- src/reports.test.c | 36 +++++++++++++++++----------------- src/util/password.c | 9 +++++++++ src/util/password.h | 2 ++ 10 files changed, 60 insertions(+), 32 deletions(-) diff --git a/res/translations/strings.de.po b/res/translations/strings.de.po index 89875baf5..8720fc85d 100644 --- a/res/translations/strings.de.po +++ b/res/translations/strings.de.po @@ -6015,6 +6015,9 @@ msgstr "Eigentümer" msgid "nr_template" msgstr "Vorlage für den nächsten Zug:" +msgid "template_password_notice" +msgstr "Achtung: Hier muss das Passwort Deiner Partei eingefügt werden." + msgctxt "skill" msgid "espionage" msgstr "Spionage" diff --git a/res/translations/strings.en.po b/res/translations/strings.en.po index 8a5dcb30f..d096a77ae 100644 --- a/res/translations/strings.en.po +++ b/res/translations/strings.en.po @@ -5323,6 +5323,9 @@ msgstr "Owner" msgid "nr_template" msgstr "Template for the next turn:" +msgid "template_password_notice" +msgstr "Attention: Enter your faction's password here." + msgctxt "skill" msgid "espionage" msgstr "espionage" diff --git a/src/kernel/faction.c b/src/kernel/faction.c index dbf11359e..fc1de186a 100755 --- a/src/kernel/faction.c +++ b/src/kernel/faction.c @@ -205,10 +205,11 @@ static int unused_faction_id(void) return id; } -void faction_genpassword(faction *f) { - const char * password = itoa36(rng_int()); - faction_setpassword(f, password_hash(password, PASSWORD_DEFAULT)); - ADDMSG(&f->msgs, msg_message("changepasswd", "value", password)); +char *faction_genpassword(faction *f, char *buffer) { + password_generate(buffer, 8); + faction_setpassword(f, password_hash(buffer, PASSWORD_DEFAULT)); + ADDMSG(&f->msgs, msg_message("changepasswd", "value", buffer)); + return buffer; } faction *addfaction(const char *email, const char *password, diff --git a/src/kernel/faction.h b/src/kernel/faction.h index 438402286..cbe4c7008 100644 --- a/src/kernel/faction.h +++ b/src/kernel/faction.h @@ -150,7 +150,7 @@ extern "C" { const char *faction_getemail(const struct faction *self); void faction_setemail(struct faction *self, const char *email); - void faction_genpassword(struct faction *f); + char *faction_genpassword(struct faction *f, char *buffer); void faction_setpassword(struct faction *self, const char *pwhash); const char *faction_getpassword(const struct faction *f); bool valid_race(const struct faction *f, const struct race *rc); diff --git a/src/report.c b/src/report.c index ffd6baf15..2b6d618a0 100644 --- a/src/report.c +++ b/src/report.c @@ -1276,6 +1276,7 @@ report_template(const char *filename, report_context * ctx, const char *bom) stream strm = { 0 }, *out = &strm; char buf[4096]; sbstring sbs; + const char *password = "password"; if (F == NULL) { perror(filename); @@ -1287,12 +1288,17 @@ report_template(const char *filename, report_context * ctx, const char *bom) swrite(bom, 1, strlen(bom), out); } - newline(out); - rps_nowrap(out, LOC(lang, "nr_template")); - newline(out); - newline(out); + sprintf(buf, "; %s\n", LOC(lang, "nr_template")); + rps_nowrap(out, buf); - sprintf(buf, "%s %s \"password\"", LOC(lang, parameters[P_FACTION]), itoa36(f->no)); + if (ctx->password) { + password = ctx->password; + } + else { + sprintf(buf, "; %s\n", LOC(lang, "template_password_notice")); + rps_nowrap(out, buf); + } + sprintf(buf, "%s %s \"%s\"", LOC(lang, parameters[P_FACTION]), itoa36(f->no), password); rps_nowrap(out, buf); newline(out); newline(out); diff --git a/src/reports.c b/src/reports.c index fdfa6b917..10d00600b 100644 --- a/src/reports.c +++ b/src/reports.c @@ -71,6 +71,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. #include "util/log.h" #include "util/macros.h" #include "util/path.h" +#include "util/password.h" #include "util/strings.h" #include "util/translation.h" #include @@ -1480,7 +1481,7 @@ void report_warnings(faction *f, int now) * this function may also update ctx->last and ctx->first for potential * lighthouses and travelthru reports */ -void prepare_report(report_context *ctx, faction *f) +void prepare_report(report_context *ctx, faction *f, const char *password) { region *r; static int config; @@ -1496,6 +1497,7 @@ void prepare_report(report_context *ctx, faction *f) rule_lighthouse_units = config_get_int("rules.lighthouse.unit_capacity", 0) != 0; } + ctx->password = password; ctx->f = f; ctx->report_time = time(NULL); ctx->addresses = NULL; @@ -1597,15 +1599,16 @@ int write_reports(faction * f) struct report_context ctx; const unsigned char utf8_bom[4] = { 0xef, 0xbb, 0xbf, 0 }; report_type *rtype; + char buffer[PASSWORD_MAXSIZE], *password = NULL; if (noreports) { return false; } if (f->lastorders == 0 || f->age <= 1) { /* neue Parteien, oder solche die noch NIE einen Zug gemacht haben, * kriegen ein neues Passwort: */ - faction_genpassword(f); + password = faction_genpassword(f); } - prepare_report(&ctx, f); + prepare_report(&ctx, f, password); get_addresses(&ctx); log_debug("Reports for %s", factionname(f)); for (rtype = report_types; rtype != NULL; rtype = rtype->next) { diff --git a/src/reports.h b/src/reports.h index 91af51bc2..00b94c8a7 100644 --- a/src/reports.h +++ b/src/reports.h @@ -77,9 +77,10 @@ extern "C" { struct region *first, *last; void *userdata; time_t report_time; + const char *password; } report_context; - void prepare_report(report_context *ctx, struct faction *f); + void prepare_report(report_context *ctx, struct faction *f, const char *password); void finish_reports(report_context *ctx); void get_addresses(report_context * ctx); diff --git a/src/reports.test.c b/src/reports.test.c index a744532c5..7bea6c73c 100644 --- a/src/reports.test.c +++ b/src/reports.test.c @@ -338,11 +338,11 @@ static void test_newbie_password_message(CuTest *tc) { f = test_create_faction(NULL); f->age = 5; f->flags = 0; - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertIntEquals(tc, 0, f->flags&FFL_PWMSG); CuAssertPtrEquals(tc, NULL, test_find_messagetype(f->msgs, "changepasswd")); f->age=2; - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertIntEquals(tc, FFL_PWMSG, f->flags&FFL_PWMSG); CuAssertPtrNotNull(tc, test_find_messagetype(f->msgs, "changepasswd")); finish_reports(&ctx); @@ -365,7 +365,7 @@ static void test_prepare_travelthru(CuTest *tc) { test_create_unit(f2, r3); u = test_create_unit(f, r1); travelthru_add(r2, u); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, r3, ctx.last); CuAssertPtrEquals(tc, f, ctx.f); @@ -375,7 +375,7 @@ static void test_prepare_travelthru(CuTest *tc) { finish_reports(&ctx); CuAssertIntEquals(tc, seen_none, r2->seen.mode); - prepare_report(&ctx, f2); + prepare_report(&ctx, f2, NULL); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); CuAssertIntEquals(tc, seen_neighbour, r2->seen.mode); CuAssertIntEquals(tc, seen_unit, r3->seen.mode); @@ -399,7 +399,7 @@ static void test_get_addresses(CuTest *tc) { test_create_unit(f, r); test_create_unit(f1, r); test_create_unit(f2, r); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); get_addresses(&ctx); @@ -427,7 +427,7 @@ static void test_get_addresses_fstealth(CuTest *tc) { u = test_create_unit(f1, r); set_factionstealth(u, f2); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); get_addresses(&ctx); @@ -470,7 +470,7 @@ static void test_get_addresses_travelthru(CuTest *tc) { u = test_create_unit(f4, r1); set_level(u, SK_STEALTH, 1); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); get_addresses(&ctx); @@ -516,14 +516,14 @@ void test_prepare_lighthouse_capacity(CuTest *tc) { u2->building = b; set_level(u2, SK_PERCEPTION, 3); CuAssertPtrEquals(tc, NULL, inside_building(u2)); - prepare_report(&ctx, u1->faction); + prepare_report(&ctx, u1->faction, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); CuAssertIntEquals(tc, seen_lighthouse, r2->seen.mode); finish_reports(&ctx); - prepare_report(&ctx, u2->faction); + prepare_report(&ctx, u2->faction, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); @@ -532,7 +532,7 @@ void test_prepare_lighthouse_capacity(CuTest *tc) { /* lighthouse capacity is # of units, not people: */ config_set_int("rules.lighthouse.unit_capacity", 1); - prepare_report(&ctx, u2->faction); + prepare_report(&ctx, u2->faction, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); @@ -567,7 +567,7 @@ static void test_prepare_lighthouse(CuTest *tc) { u = test_create_unit(f, r1); u->building = b; set_level(u, SK_PERCEPTION, 3); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); @@ -613,7 +613,7 @@ static void test_prepare_lighthouse_owners(CuTest *tc) u->building = b; region_set_owner(b->region, f, 0); CuAssertIntEquals(tc, 2, lighthouse_view_distance(b, NULL)); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); @@ -632,14 +632,14 @@ static void test_prepare_report(CuTest *tc) { f = test_create_faction(NULL); r = test_create_region(0, 0, NULL); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, NULL, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_none, r->seen.mode); finish_reports(&ctx); test_create_unit(f, r); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r->seen.mode); @@ -648,7 +648,7 @@ static void test_prepare_report(CuTest *tc) { r = test_create_region(2, 0, 0); CuAssertPtrEquals(tc, r, regions->next); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, regions, ctx.first); CuAssertPtrEquals(tc, r, ctx.last); CuAssertIntEquals(tc, seen_none, r->seen.mode); @@ -667,7 +667,7 @@ static void test_seen_neighbours(CuTest *tc) { r2 = test_create_region(1, 0, 0); test_create_unit(f, r1); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); @@ -694,7 +694,7 @@ static void test_seen_travelthru(CuTest *tc) { travelthru_add(r2, u); CuAssertPtrEquals(tc, r1, f->first); CuAssertPtrEquals(tc, r3, f->last); - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); @@ -772,7 +772,7 @@ static void test_report_far_vision(CuTest *tc) { CuAssertPtrEquals(tc, r1, f->first); CuAssertPtrEquals(tc, r2, f->last); report_context ctx; - prepare_report(&ctx, f); + prepare_report(&ctx, f, NULL); CuAssertPtrEquals(tc, r1, ctx.first); CuAssertPtrEquals(tc, NULL, ctx.last); CuAssertIntEquals(tc, seen_unit, r1->seen.mode); diff --git a/src/util/password.c b/src/util/password.c index aab16acee..79e21d8bc 100644 --- a/src/util/password.c +++ b/src/util/password.c @@ -42,3 +42,12 @@ int password_verify(const char * pwhash, const char * passwd) { } return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL; } + +void password_generate(char *password, size_t length) { + char salt[BCRYPT_HASHSIZE]; + + assert(BCRYPT_HASHSIZE - 7 > length); + bcrypt_gensalt(4, salt); + memcpy(password, salt + 7, length); + password[length] = 0; +} diff --git a/src/util/password.h b/src/util/password.h index faa2a0a85..05be88578 100644 --- a/src/util/password.h +++ b/src/util/password.h @@ -1,6 +1,7 @@ #pragma once #include +#include typedef enum cryptalgo_t { PASSWORD_PLAINTEXT, PASSWORD_BCRYPT @@ -16,3 +17,4 @@ extern int bcrypt_workfactor; int password_verify(const char *hash, const char *passwd); const char * password_hash(const char *passwd, cryptalgo_t algo); bool password_is_implemented(cryptalgo_t algo); +void password_generate(char *password, size_t length);