simpler hack, um den brypt workfactor einzustellen (oder passwort-checks abzuschalten), weil man manchmal halt keine Zeit hat.

2018-11-27 20:16:27 +01:00 · 2018-11-27 20:16:27 +01:00 · b74e8c0ebd
parent fc23926559
commit b74e8c0ebd
2 changed files with 12 additions and 4 deletions
--- a/src/main.c
+++ b/src/main.c
@ -28,6 +28,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #include <util/language.h>
 #include <util/log.h>
 #include <util/path.h>
+#include <util/password.h>

 #include "eressea.h"
 #ifdef USE_CURSES
@ -231,6 +232,10 @@ static int parse_args(int argc, char **argv)
                i = get_arg(argc, argv, 2, i, &arg, 0);
                turn = atoi(arg);
                break;
+            case 'w':
+                i = get_arg(argc, argv, 2, i, &arg, 0);
+                bcrypt_workfactor = arg ? atoi(arg) : 0xff;
+                break;
            case 'q':
                verbosity = 0;
                break;
--- a/src/util/password.c
+++ b/src/util/password.c
@ -17,7 +17,7 @@ bool password_is_implemented(cryptalgo_t algo) {
 }

 const char * password_hash(const char * passwd, cryptalgo_t algo) {
-    if (algo == PASSWORD_BCRYPT) {
+    if (algo == PASSWORD_BCRYPT && bcrypt_workfactor != 0) {
        char salt[BCRYPT_HASHSIZE];
        static char hash[BCRYPT_HASHSIZE];
        int ret;
@ -32,9 +32,12 @@ const char * password_hash(const char * passwd, cryptalgo_t algo) {
 int password_verify(const char * pwhash, const char * passwd) {
    if (pwhash[0] == '$') {
        if (pwhash[1] == '2') {
-            int ret = bcrypt_checkpw(passwd, pwhash);
-            assert(ret != -1);
-            return (ret == 0) ? VERIFY_OK : VERIFY_FAIL;
+            if (bcrypt_workfactor > 0) {
+                int ret = bcrypt_checkpw(passwd, pwhash);
+                assert(ret != -1);
+                return (ret == 0) ? VERIFY_OK : VERIFY_FAIL;
+            }
+            return VERIFY_OK;
        }
    }
    return (strcmp(passwd, pwhash) == 0) ? VERIFY_OK : VERIFY_FAIL;