as long as we use no encryption, all tests pass.

src/bind_faction.c

@@ -386,7 +386,7 @@ static int tolua_faction_set_password(lua_State * L)
 {
     faction *self = (faction *)tolua_tousertype(L, 1, 0);
     const char * passw = tolua_tostring(L, 2, 0);
-    faction_setpassword(self, password_hash(passw));
+    faction_setpassword(self, password_hash(passw, PASSWORD_DEFAULT));
     return 0;
 }
 

src/kernel/faction.c

@@ -253,7 +253,7 @@ faction *addfaction(const char *email, const char *password,
     }
 
     if (!password) password = itoa36(rng_int());
-    faction_setpassword(f, password_hash(password));
+    faction_setpassword(f, password_hash(password, PASSWORD_DEFAULT));
     ADDMSG(&f->msgs, msg_message("changepasswd", "value", password));
 
     f->alliance_joindate = turn;

src/kernel/faction.test.c

@@ -124,7 +124,7 @@ static void test_check_passwd(CuTest *tc) {
     faction *f;
     
     f = test_create_faction(0);
-    faction_setpassword(f, password_hash("password"));
+    faction_setpassword(f, password_hash("password", PASSWORD_DEFAULT));
     CuAssertIntEquals(tc, true, checkpasswd(f, "password"));
     CuAssertIntEquals(tc, false, checkpasswd(f, "assword"));
     CuAssertIntEquals(tc, false, checkpasswd(f, "PASSWORD"));

src/kernel/save.c

@@ -1217,7 +1217,7 @@ faction *readfaction(struct gamedata * data)
     }
 
     READ_STR(data->store, name, sizeof(name));
-    faction_setpassword(f, (data->version >= CRYPT_VERSION) ? name : password_hash(name));
+    faction_setpassword(f, (data->version >= CRYPT_VERSION) ? name : password_hash(name, PASSWORD_DEFAULT));
     if (data->version < NOOVERRIDE_VERSION) {
         READ_STR(data->store, 0, 0);
     }

src/laws.c

@@ -2170,7 +2170,7 @@ int password_cmd(unit * u, struct order *ord)
         cmistake(u, ord, 283, MSG_EVENT);
         strlcpy(pwbuf, itoa36(rng_int()), sizeof(pwbuf));
     }
-    faction_setpassword(u->faction, password_hash(pwbuf));
+    faction_setpassword(u->faction, password_hash(pwbuf, PASSWORD_DEFAULT));
     ADDMSG(&u->faction->msgs, msg_message("changepasswd",
         "value", pwbuf));
     return 0;

src/util/password.c

@@ -6,22 +6,14 @@
 #include <assert.h>
 #include <string.h>
 #include <stdio.h>
-#include <stdlib.h>
-
-#define PASSWORD_PLAIN  0
-#define PASSWORD_MD5 1
-#define PASSWORD_SHA256 2
-#define PASSWORD_BCRYPT 3 // not implemented
-#define PASSWORD_DEFAULT PASSWORD_PLAIN
 
 #define MAXSALTLEN 32 // maximum length in characters of any salt
 
-static const char * password_hash_i(const char * passwd, const char *salt, int algo) {
-    static char result[64]; // TODO: static result buffers are bad mojo!
+static const char * password_hash_i(const char * passwd, const char *salt, int algo, char *result, size_t len) {
     assert(passwd);
     assert(salt);
     if (algo==PASSWORD_PLAIN) {
-        _snprintf(result, sizeof(result), "$0$%s$%s", salt, passwd);
+        _snprintf(result, len, "$0$%s$%s", salt, passwd);
     }
     else if (algo == PASSWORD_MD5) {
         md5_state_t ms;
@@ -30,7 +22,7 @@ static const char * password_hash_i(const char * passwd, const char *salt, int a
         md5_append(&ms, (const md5_byte_t *)passwd, strlen(passwd));
         md5_append(&ms, (const md5_byte_t *)salt, strlen(salt));
         md5_finish(&ms, digest);
-        _snprintf(result, sizeof(result), "$1$%s$%s", salt, digest); // FIXME: need to build a hex string first!
+        _snprintf(result, len, "$1$%s$%s", salt, digest); // FIXME: need to build a hex string first!
     } 
     else {
         return NULL;
@@ -38,24 +30,28 @@ static const char * password_hash_i(const char * passwd, const char *salt, int a
     return result;
 }
 
-const char * password_hash(const char * passwd) {
-    return password_hash_i(passwd, "saltyfish", PASSWORD_DEFAULT);
+const char * password_hash(const char * passwd, int algo) {
+    static char result[64]; // TODO: static result buffers are bad mojo!
+    if (algo < 0) algo = PASSWORD_DEFAULT;
+    return password_hash_i(passwd, "saltyfish", PASSWORD_DEFAULT, result, sizeof(result));
 }
 
 static bool password_is_implemented(int algo) {
-    return algo==PASSWORD_PLAIN;
+    return algo==PASSWORD_PLAIN || algo==PASSWORD_MD5;
 }
 
 int password_verify(const char * pwhash, const char * passwd) {
     char salt[MAXSALTLEN+1];
+    char hash[64];
     size_t len;
     int algo;
     char *pos;
-    const char *dol, *hash;
+    const char *dol;
     assert(pwhash);
     assert(passwd);
     assert(pwhash[0] == '$');
-    algo = (int)strtol(pwhash + 1, &pos, 16);
+    algo = pwhash[1] - '0';
+    pos = strchr(pwhash+2, '$');
     assert(pos[0] == '$');
     ++pos;
     dol = strchr(pos, '$');
@@ -64,7 +60,7 @@ int password_verify(const char * pwhash, const char * passwd) {
     assert(len <= MAXSALTLEN);
     strncpy(salt, pos, len);
     salt[len] = 0;
-    hash = password_hash_i(passwd, salt, algo);
+    password_hash_i(passwd, salt, algo, hash, sizeof(hash));
     if (!password_is_implemented(algo)) {
         return VERIFY_UNKNOWN;
     }

src/util/password.h

@@ -1,7 +1,15 @@
 #pragma once
 
+#define PASSWORD_PLAIN  0
+#define PASSWORD_MD5 1
+#define PASSWORD_BCRYPT 2 // not implemented
+#define PASSWORD_SHA256 5 // not implemented
+#define PASSWORD_SHA512 6 // not implemented
+#define PASSWORD_DEFAULT PASSWORD_PLAIN
+
+
 #define VERIFY_OK 0 // password matches hash
 #define VERIFY_FAIL 1 // password is wrong
 #define VERIFY_UNKNOWN 2 // hashing algorithm not supported
 int password_verify(const char * hash, const char * passwd);
-const char * password_hash(const char * passwd);
+const char * password_hash(const char * passwd, int algo);

src/util/password.test.c

@@ -5,7 +5,7 @@
 static void test_passwords(CuTest *tc) {
     const char *hash;
 
-    hash = password_hash("password");
+    hash = password_hash("password", PASSWORD_PLAIN);
     CuAssertPtrNotNull(tc, hash);
     CuAssertStrEquals(tc, "$0$saltyfish$password", hash);
     CuAssertIntEquals(tc, VERIFY_OK, password_verify(hash, "password"));