feat: add password handling helpers
This commit is contained in:
Mario Fetka
66
login.c
66
login.c
@@ -14,31 +14,55 @@ static int do_change_object_passwd(char *name,
|
||||
|
||||
{
|
||||
uint8 key[8];
|
||||
if (0 && !ncp_17_17(key)) {
|
||||
|
||||
if (!ncp_17_17(key)) {
|
||||
uint32 objid = ncp_17_35(name, objtyp);
|
||||
if (objid) {
|
||||
uint8 buff[128];
|
||||
uint8 encrypted[8];
|
||||
uint8 newcryptpasswd[16];
|
||||
int passwdx=0;
|
||||
uint8 oldpwd[16]; /* old passwd as stored by server */
|
||||
uint8 newpwd[16]; /* new passwd as stored by server */
|
||||
uint8 cryptkey[8];
|
||||
uint8 tmpid[4];
|
||||
uint8 passwdx;
|
||||
int newlen;
|
||||
|
||||
memcpy(cryptkey, key, 8);
|
||||
U32_TO_BE32(objid, tmpid);
|
||||
shuffle(tmpid, oldpassword, strlen(oldpassword), buff);
|
||||
nw_encrypt(key, buff, encrypted);
|
||||
|
||||
shuffle(tmpid, newpassword, strlen(newpassword), buff);
|
||||
shuffle(tmpid, oldpassword, strlen(oldpassword), oldpwd);
|
||||
shuffle(tmpid, newpassword, strlen(newpassword), newpwd);
|
||||
|
||||
if (!ncp_17_4b(encrypted, name, objtyp, passwdx, newcryptpasswd)) {
|
||||
nw_encrypt(cryptkey, oldpwd, cryptkey);
|
||||
|
||||
/*
|
||||
* Same keyed change password transformation as ncpfs
|
||||
* ncp_change_login_passwd(): encrypt both 8-byte halves of the
|
||||
* stored new password using the stored old password as key material.
|
||||
* newpassencrypt() intentionally mutates oldpwd; the passwd length
|
||||
* byte must be calculated afterwards, just like ncpfs does it.
|
||||
*/
|
||||
newpassencrypt(oldpwd, newpwd);
|
||||
newpassencrypt(oldpwd + 8, newpwd + 8);
|
||||
|
||||
newlen = strlen(newpassword);
|
||||
if (newlen > 63) newlen = 63;
|
||||
passwdx = (uint8)(((newlen ^ oldpwd[0] ^ oldpwd[1]) & 0x7f) | 0x40);
|
||||
|
||||
if (!ncp_17_4b(cryptkey, name, objtyp, passwdx, newpwd)) {
|
||||
;;
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
} else { /* now we use old unencrypted algorithmus */
|
||||
if (!ncp_17_40(name, objtyp, oldpassword, newpassword)) {
|
||||
;;
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Fallback for old servers/requesters where Get Encryption Key is not
|
||||
* available. Keep the original unencrypted behavior as fallback only.
|
||||
*/
|
||||
if (!ncp_17_40(name, objtyp, oldpassword, newpassword)) {
|
||||
;;
|
||||
return(0);
|
||||
}
|
||||
|
||||
return(-1);
|
||||
}
|
||||
|
||||
@@ -83,7 +107,10 @@ static int get_raw_str(uint8 *s, int maxlen, int doecho)
|
||||
case 8 : if (len) {
|
||||
--len;
|
||||
--s;
|
||||
if (doecho) fprintf(stdout, "\010 \010");
|
||||
if (doecho) {
|
||||
fprintf(stdout, "\010 \010");
|
||||
fflush(stdout);
|
||||
}
|
||||
} else beep();
|
||||
continue;
|
||||
|
||||
@@ -94,7 +121,10 @@ static int get_raw_str(uint8 *s, int maxlen, int doecho)
|
||||
len++;
|
||||
break;
|
||||
} /* switch */
|
||||
if (doecho) fprintf(stdout, "%c", (uint8)key);
|
||||
if (doecho) {
|
||||
fprintf(stdout, "%c", (uint8)key);
|
||||
fflush(stdout);
|
||||
}
|
||||
}
|
||||
*s='\0';
|
||||
return(len);
|
||||
@@ -392,9 +422,9 @@ int func_exec(int argc, char *argv[], int mode)
|
||||
xfree(buff);
|
||||
if (nargv != NULL) {
|
||||
if (!mode)
|
||||
spawnvp(P_WAIT, buf, nargv);
|
||||
spawnvp(P_WAIT, buf, (const char *const *)nargv);
|
||||
else
|
||||
execvp(buf, nargv);
|
||||
execvp(buf, (const char *const *)nargv);
|
||||
}
|
||||
xfree(buf);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user