diff options
| author | Markus Uhlin <markus@nifty-networks.net> | 2023-12-25 07:07:05 +0100 |
|---|---|---|
| committer | Markus Uhlin <markus@nifty-networks.net> | 2023-12-25 07:07:05 +0100 |
| commit | 5fb77c3337679d5661a3e14747481355fbc82bfd (patch) | |
| tree | ad29badd5b13f1dccc12fe06c87e1859740d50ac | |
| parent | 74b8ab228e7fc36f2a648b4e6b206c45d289aa85 (diff) | |
Fix the salt
| -rw-r--r-- | FICS/adminproc.c | 19 | ||||
| -rw-r--r-- | FICS/command.c | 11 | ||||
| -rw-r--r-- | FICS/comproc.c | 18 | ||||
| -rw-r--r-- | FICS/fics_addplayer.c | 12 |
4 files changed, 18 insertions, 42 deletions
diff --git a/FICS/adminproc.c b/FICS/adminproc.c index d7c5bdc..6f10d94 100644 --- a/FICS/adminproc.c +++ b/FICS/adminproc.c @@ -26,6 +26,7 @@ #include "adminproc.h" #include "command.h" #include "comproc.h" +#include "fics_getsalt.h" #include "gamedb.h" #include "gameproc.h" #include "multicol.h" @@ -935,7 +936,7 @@ com_addplayer(int p, param_list param) char *newplayer = param[0].val.word; char newplayerlower[MAX_LOGIN_NAME]; char password[PASSLEN + 1]; - char salt[6]; + char salt[FICS_SALT_SIZE]; char text[2048]; int i; int p1; @@ -980,12 +981,7 @@ com_addplayer(int p, param_list param) password[i] = ('a' + rand() % 26); password[i] = '\0'; - salt[0] = '$'; - salt[1] = '1'; - salt[2] = '$'; - salt[3] = ('a' + rand() % 26); - salt[4] = ('a' + rand() % 26); - salt[5] = '\0'; + strcpy(salt, fics_getsalt()); parray[p1].passwd = xstrdup(crypt(password, salt)); } else { @@ -1185,7 +1181,7 @@ PUBLIC int com_cmuzzle(int p, param_list param) PUBLIC int com_asetpasswd(int p, param_list param) { - char salt[6]; + char salt[FICS_SALT_SIZE]; char subject[400]; char text[10100]; int p1, connected; @@ -1219,12 +1215,7 @@ com_asetpasswd(int p, param_list param) sprintf(text, "Password of %s is now useless. Your account at " "our FICS has been locked.\n", parray[p1].name); } else { - salt[0] = '$'; - salt[1] = '1'; - salt[2] = '$'; - salt[3] = ('a' + rand() % 26); - salt[4] = ('a' + rand() % 26); - salt[5] = '\0'; + strcpy(salt, fics_getsalt()); parray[p1].passwd = xstrdup(crypt(param[1].val.word, salt)); diff --git a/FICS/command.c b/FICS/command.c index a64c4ff..93de68d 100644 --- a/FICS/command.c +++ b/FICS/command.c @@ -33,6 +33,7 @@ #include "command.h" #include "command_list.h" #include "config.h" +#include "fics_getsalt.h" #include "ficsmain.h" #include "gamedb.h" #include "gameproc.h" @@ -661,7 +662,7 @@ check_news(int p, int admin) PRIVATE int process_password(int p, char *password) { - char salt[6]; + char salt[FICS_SALT_SIZE]; int dummy; // to hold a return value int fd; int messnum; @@ -671,12 +672,8 @@ process_password(int p, char *password) turn_echo_on(parray[p].socket); if (parray[p].passwd && parray[p].registered) { - salt[0] = '$'; - salt[1] = '1'; - salt[2] = '$'; - salt[3] = parray[p].passwd[0]; - salt[4] = parray[p].passwd[1]; - salt[5] = '\0'; + strncpy(salt, &(parray[p].passwd[0]), sizeof salt - 1); + salt[sizeof salt - 1] = '\0'; if (strcmp(crypt(password, salt), parray[p].passwd)) { fd = parray[p].socket; diff --git a/FICS/comproc.c b/FICS/comproc.c index 3533c15..32f8662 100644 --- a/FICS/comproc.c +++ b/FICS/comproc.c @@ -39,6 +39,7 @@ #include "comproc.h" #include "config.h" #include "eco.h" +#include "fics_getsalt.h" #include "ficsmain.h" #include "formula.h" #include "gamedb.h" @@ -538,7 +539,7 @@ com_password(int p, param_list param) { char *oldpassword = param[0].val.word; char *newpassword = param[1].val.word; - char salt[6]; + char salt[FICS_SALT_SIZE]; if (!parray[p].registered) { pprintf(p, "Setting a password is only for registered players." @@ -547,12 +548,8 @@ com_password(int p, param_list param) } if (parray[p].passwd) { - salt[0] = '$'; - salt[1] = '1'; - salt[2] = '$'; - salt[3] = parray[p].passwd[0]; - salt[4] = parray[p].passwd[1]; - salt[5] = '\0'; + strncpy(salt, &(parray[p].passwd[0]), sizeof salt - 1); + salt[sizeof salt - 1] = '\0'; if (strcmp(crypt(oldpassword, salt), parray[p].passwd)) { pprintf(p, "Incorrect password, password not changed!" @@ -564,12 +561,7 @@ com_password(int p, param_list param) parray[p].passwd = NULL; } - salt[0] = '$'; - salt[1] = '1'; - salt[2] = '$'; - salt[3] = ('a' + rand() % 26); - salt[4] = ('a' + rand() % 26); - salt[5] = '\0'; + strcpy(salt, fics_getsalt()); parray[p].passwd = xstrdup(crypt(newpassword, salt)); pprintf(p, "Password changed to \"%s\".\n", newpassword); diff --git a/FICS/fics_addplayer.c b/FICS/fics_addplayer.c index fb7e831..2c9518d 100644 --- a/FICS/fics_addplayer.c +++ b/FICS/fics_addplayer.c @@ -25,9 +25,10 @@ */ #include "stdinclude.h" +#include "common.h" #include "command.h" -#include "common.h" +#include "fics_getsalt.h" #include "playerdb.h" #include "utils.h" @@ -51,7 +52,7 @@ PUBLIC int main(int argc, char *argv[]) { char password[PASSLEN + 1]; - char salt[6]; + char salt[FICS_SALT_SIZE]; char text[2048]; int i; int p; @@ -115,12 +116,7 @@ main(int argc, char *argv[]) password[i] = ('a' + rand() % 26); password[i] = '\0'; - salt[0] = '$'; - salt[1] = '1'; - salt[2] = '$'; - salt[3] = ('a' + rand() % 26); - salt[4] = ('a' + rand() % 26); - salt[5] = '\0'; + strcpy(salt, fics_getsalt()); parray[p].passwd = xstrdup(crypt(password, salt)); parray[p].registered = 1; // parray[p].network_player = !local; |