Marc
/
server
forked from github/server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

revert back to plaintext passwords, crypting isn't working

This commit is contained in:
Enno Rehling 2016-02-21 17:22:43 +01:00
parent 2c82ddd4d1
commit b09c6974c6
5 changed files with 33 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/kernel/faction.c
View File

@ -566,7 +566,8 @@ void faction_setbanner(faction * self, const char *banner)
void faction_setpassword(faction * f, const char *pwhash) void faction_setpassword(faction * f, const char *pwhash)
{ {
assert(pwhash && pwhash[0] == '$'); assert(pwhash);
// && pwhash[0] == '$');
free(f->_password); free(f->_password);
f->_password = _strdup(pwhash); f->_password = _strdup(pwhash);
} }

4
src/kernel/save.test.c
View File

@ -73,7 +73,7 @@ static void test_read_password(CuTest *tc) {
gamedata *data; gamedata *data;
faction *f; faction *f;
f = test_create_faction(0); f = test_create_faction(0);
faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT)); faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT));
data = gamedata_open(path, "wb"); data = gamedata_open(path, "wb");
CuAssertPtrNotNull(tc, data); CuAssertPtrNotNull(tc, data);
_test_write_password(data, f); _test_write_password(data, f);
@ -94,7 +94,7 @@ static void test_read_password_external(CuTest *tc) {
remove(pwfile); remove(pwfile);
f = test_create_faction(0); f = test_create_faction(0);
faction_setpassword(f, password_hash("secret", 0, PASSWORD_DEFAULT)); faction_setpassword(f, password_encode("secret", PASSWORD_DEFAULT));
CuAssertPtrNotNull(tc, f->_password); CuAssertPtrNotNull(tc, f->_password);
data = gamedata_open(path, "wb"); data = gamedata_open(path, "wb");
CuAssertPtrNotNull(tc, data); CuAssertPtrNotNull(tc, data);

21
src/util/password.c
View File

@ -32,14 +32,14 @@ char *password_gensalt(char *salt, size_t salt_len) {
char *cp = salt; char *cp = salt;
while (buflen) { while (buflen) {
unsigned long ul = genrand_int32() & (unsigned long)time(0); unsigned long ul = genrand_int32() & (unsigned long)time(0);
b64_from_24bit((char)(ul & 0xFF), (char)((ul>>8)&0xff), (char)((ul>>16)&0xFF), 4); b64_from_24bit((char)(ul & 0xFF), (char)((ul >> 8) & 0xff), (char)((ul >> 16) & 0xFF), 4);
} }
salt[salt_len-1] = 0; salt[salt_len-1] = 0;
return salt; return salt;
} }
static bool password_is_implemented(int algo) { static bool password_is_implemented(int algo) {
return algo == PASSWORD_BCRYPT || algo == PASSWORD_PLAIN || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5; return algo == PASSWORD_PLAINTEXT || algo == PASSWORD_BCRYPT || algo == PASSWORD_NOCRYPT || algo == PASSWORD_MD5 || algo == PASSWORD_APACHE_MD5;
} }
static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) { static const char * password_hash_i(const char * passwd, const char *input, int algo, char *result, size_t len) {
@ -57,7 +57,11 @@ static const char * password_hash_i(const char * passwd, const char *input, int
} }
return result; return result;
} }
else if (algo == PASSWORD_PLAIN) { else if (algo == PASSWORD_PLAINTEXT) {
_snprintf(result, len, "%s", passwd);
return result;
}
else if (algo == PASSWORD_NOCRYPT) {
_snprintf(result, len, "$0$%s", passwd); _snprintf(result, len, "$0$%s", passwd);
return result; return result;
} }
@ -99,17 +103,20 @@ const char * password_encode(const char * passwd, int algo) {
int password_verify(const char * pwhash, const char * passwd) { int password_verify(const char * pwhash, const char * passwd) {
char hash[64]; char hash[64];
int algo; int algo = PASSWORD_PLAINTEXT;
char *pos; char *pos;
const char *result; const char *result;
assert(passwd); assert(passwd);
assert(pwhash); assert(pwhash);
assert(pwhash[0] == '$'); if (pwhash[0] == '$') {
algo = pwhash[1]; algo = pwhash[1];
}
if (!password_is_implemented(algo)) { if (!password_is_implemented(algo)) {
return VERIFY_UNKNOWN; return VERIFY_UNKNOWN;
} }
if (algo == PASSWORD_BCRYPT) { if (algo == PASSWORD_PLAINTEXT) {
return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;
} else if (algo == PASSWORD_BCRYPT) {
char sample[200]; char sample[200];
_crypt_blowfish_rn(passwd, pwhash, sample, sizeof(sample)); _crypt_blowfish_rn(passwd, pwhash, sample, sizeof(sample));
return (strcmp(sample, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL; return (strcmp(sample, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;

5
src/util/password.h
View File

@ -1,12 +1,13 @@
#pragma once #pragma once
#define PASSWORD_PLAIN '0' #define PASSWORD_PLAINTEXT 0
#define PASSWORD_NOCRYPT '0'
#define PASSWORD_MD5 '1' #define PASSWORD_MD5 '1'
#define PASSWORD_BCRYPT '2' // not implemented #define PASSWORD_BCRYPT '2' // not implemented
#define PASSWORD_APACHE_MD5 'a' #define PASSWORD_APACHE_MD5 'a'
#define PASSWORD_SHA256 '5' // not implemented #define PASSWORD_SHA256 '5' // not implemented
#define PASSWORD_SHA512 '6' // not implemented #define PASSWORD_SHA512 '6' // not implemented
#define PASSWORD_DEFAULT PASSWORD_APACHE_MD5 #define PASSWORD_DEFAULT PASSWORD_PLAINTEXT
#define VERIFY_OK 0 // password matches hash #define VERIFY_OK 0 // password matches hash
#define VERIFY_FAIL 1 // password is wrong #define VERIFY_FAIL 1 // password is wrong

17
src/util/password.test.c
View File

@ -5,8 +5,6 @@
static void test_passwords(CuTest *tc) { static void test_passwords(CuTest *tc) {
const char *hash, *expect; const char *hash, *expect;
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$password", "password"));
expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660"; expect = "$apr1$FqQLkl8g$.icQqaDJpim4BVy.Ho5660";
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
hash = password_encode("Hodor", PASSWORD_APACHE_MD5); hash = password_encode("Hodor", PASSWORD_APACHE_MD5);
@ -19,18 +17,27 @@ static void test_passwords(CuTest *tc) {
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3)); CuAssertIntEquals(tc, 0, strncmp(hash, expect, 3));
expect = "$0$password"; expect = "password";
hash = password_encode("password", PASSWORD_PLAINTEXT);
CuAssertPtrNotNull(tc, hash);
CuAssertStrEquals(tc, hash, expect);
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword")); CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
hash = password_encode("password", PASSWORD_PLAIN);
expect = "$0$password";
hash = password_encode("password", PASSWORD_NOCRYPT);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertStrEquals(tc, expect, hash); CuAssertStrEquals(tc, hash, expect);
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword"));
expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm"; expect = "$2y$05$RJ8qAhu.foXyJLdc2eHTLOaK4MDYn3/v4HtOVCq0Plv2yxcrEB7Wm";
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "Hodor"));
hash = password_encode("Hodor", PASSWORD_BCRYPT); hash = password_encode("Hodor", PASSWORD_BCRYPT);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7)); CuAssertIntEquals(tc, 0, strncmp(hash, expect, 7));
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify("$9$saltyfish$password", "password"));
} }
CuSuite *get_password_suite(void) { CuSuite *get_password_suite(void) {