forked from github/server
revert back to plaintext passwords, crypting isn't working
This commit is contained in:
parent
2c82ddd4d1
commit
b09c6974c6
|
@ -566,7 +566,8 @@ void faction_setbanner(faction * self, const char *banner)
|
|||
|
||||
void faction_setpassword(faction * f, const char *pwhash)
|
||||
{
|
||||
assert(pwhash && pwhash[0] == '$');
|
||||
assert(pwhash);
|
||||
// && pwhash[0] == '$');
|
||||
free(f->_password);
|
||||
f->_password = _strdup(pwhash);
|
||||
}
|
||||
|
|
|
@ -73,7 +73,7 @@ static void test_read_password(CuTest *tc) {
|
|||
gamedata *data;
|
||||
faction *f;
|
||||
f = test_create_faction(0);
|
||||
faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT));
|
||||
faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT));
|
||||
data = gamedata_open(path, "wb");
|
||||
CuAssertPtrNotNull(tc, data);
|
||||
_test_write_password(data, f);
|
||||
|
@ -94,7 +94,7 @@ static void test_read_password_external(CuTest *tc) {
|
|||
|
||||
remove(pwfile);
|
||||
f = test_create_faction(0);
|
||||
faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT));
|
||||
faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT));
|
||||
CuAssertPtrNotNull(tc, f->_password);
|
||||
data = gamedata_open(path, "wb");
|
||||
CuAssertPtrNotNull(tc, data);
|
||||
|
|
|
@ -32,14 +32,14 @@ char *password_gensalt(char *salt, size_t salt_len) {
|
|||
char *cp = salt;
|
||||
while (buflen) {
|
||||
unsigned long ul = genrand_int32() & (unsigned long)time(0);
|
||||
b64_from_24bit((char)(ul & 0xFF), (char)((ul>>8)&0xff), (char)((ul>>16)&0xFF), 4);
|
||||
b64_from_24bit((char)(ul & 0xFF), (char)((ul >> 8) & 0xff), (char)((ul >> 16) & 0xFF), 4);
|
||||
}
|
||||
salt[salt_len-1] = 0;
|
||||
return salt;
|
||||
}
|
||||
|
||||
static bool password_is_implemented(int algo) {
|
||||
return algo == PASSWORD_BCRYPT || algo == PASSWORD_PLAIN || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
|
||||
return algo == PASSWORD_PLAINTEXT || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
|
||||
}
|
||||
|
||||
static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) {
|
||||
|
@ -57,7 +57,11 @@ static const char * password_hash_i(const char * passwd, const char *input, int
|
|||
}
|
||||
return result;
|
||||
}
|
||||
else if (algo == PASSWORD_PLAIN) {
|
||||
else if (algo == PASSWORD_PLAINTEXT) {
|
||||
_snprintf(result, len, "%s", passwd);
|
||||
return result;
|
||||
}
|
||||
else if (algo == PASSWORD_NOCRYPT) {
|
||||
_snprintf(result, len, "$0$%s", passwd);
|
||||
return result;
|
||||
}
|
||||
|
@ -99,17 +103,20 @@ const char * password_encode(const char * passwd, int algo) {
|
|||
|
||||
int password_verify(const char * pwhash, const char * passwd) {
|
||||
char hash[64];
|
||||
int algo;
|
||||
int algo = PASSWORD_PLAINTEXT;
|
||||
char *pos;
|
||||
const char *result;
|
||||
assert(passwd);
|
||||
assert(pwhash);
|
||||
assert(pwhash[0] == '$');
|
||||
algo = pwhash[1];
|
||||
if (pwhash[0] == '$') {
|
||||
algo = pwhash[1];
|
||||
}
|
||||
if (!password_is_implemented(algo)) {
|
||||
return VERIFY_UNKNOWN;
|
||||
}
|
||||
if (algo == PASSWORD_BCRYPT) {
|
||||
if (algo == PASSWORD_PLAINTEXT) {
|
||||
return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;
|
||||
} else if (algo == PASSWORD_BCRYPT) {
|
||||
char sample[200];
|
||||
_crypt_blowfish_rn(passwd, pwhash, sample, sizeof(sample));
|
||||
return (strcmp(sample, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
#pragma once
|
||||
|
||||
#define PASSWORD_PLAIN '0'
|
||||
#define PASSWORD_PLAINTEXT 0
|
||||
#define PASSWORD_NOCRYPT '0'
|
||||
#define PASSWORD_MD5 '1'
|
||||
#define PASSWORD_BCRYPT '2' // not implemented
|
||||
#define PASSWORD_APACHE_MD5 'a'
|
||||
#define PASSWORD_SHA256 '5' // not implemented
|
||||
#define PASSWORD_SHA512 '6' // not implemented
|
||||
#define PASSWORD_DEFAULT PASSWORD_APACHE_MD5
|
||||
#define PASSWORD_DEFAULT PASSWORD_PLAINTEXT
|
||||
|
||||
#define VERIFY_OK 0 // password matches hash
|
||||
#define VERIFY_FAIL 1 // password is wrong
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
static void test_passwords(CuTest *tc) {
|
||||
const char *hash, *expect;
|
||||
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$password", "password"));
|
||||
|
||||
expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660";
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||
hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
|
||||
|
@ -19,18 +17,27 @@ static void test_passwords(CuTest *tc) {
|
|||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
|
||||
|
||||
expect = "$0$password";
|
||||
expect = "password";
|
||||
hash = password_encode("password", PASSWORD_PLAINTEXT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertStrEquals(tc, hash, expect);
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||
hash = password_encode("password", PASSWORD_PLAIN);
|
||||
|
||||
expect = "$0$password";
|
||||
hash = password_encode("password", PASSWORD_NOCRYPT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertStrEquals(tc, expect, hash);
|
||||
CuAssertStrEquals(tc, hash, expect);
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
|
||||
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
|
||||
|
||||
expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm";
|
||||
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
|
||||
hash = password_encode("Hodor", PASSWORD_BCRYPT);
|
||||
CuAssertPtrNotNull(tc, hash);
|
||||
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
|
||||
|
||||
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));
|
||||
}
|
||||
|
||||
CuSuite *get_password_suite(void) {
|
||||
|
|
Loading…
Reference in New Issue