int Auth_Authorize(const char *login, const char *password) { int i; char hstring[256]; const char *sha256; authData_admin_t *user; int id = -1; for(i = 0, user = auth_admins.admins; i < MAX_AUTH_ADMINS; i++, user++) { if(*user->username && !Q_stricmp(user->username,login)) id = i; } if(id < 0) { return id; } user = &auth_admins.admins[id]; Com_sprintf(hstring, sizeof(hstring), "%s.%s", password, user->salt); sha256 = Com_SHA256(hstring); if(Q_strncmp(user->sha256, sha256, 128)) return -1; return id; }
void GScr_SHA256(){ const char *hash; if(Scr_GetNumParam() != 1){ Scr_Error("Usage: sha256(<input text>)\n"); } char* input = Scr_GetString(0); hash = Com_SHA256(input); Scr_AddString(hash); }
void Auth_SetAdmin_f( void ) { const char* username; const char* password; const char* sha256; byte buff[129]; char salt[65]; unsigned long size = sizeof(salt); int power, i,uid; authData_admin_t* user; authData_admin_t* free = NULL; mvabuf; if(Cmd_Argc() != 4) { Com_Printf("Usage: %s <username> <password> <power>\n", Cmd_Argv(0)); Com_Printf( "Where username is loginname for this user\n" ); Com_Printf( "Where password is the initial 6 characters long or longer password for this user which should get changed by the user on first login\n" ); Com_Printf( "Where power is one of the following: Any number between 1 and 100\n" ); return; } username = Cmd_Argv(1); password = Cmd_Argv(2); power = atoi(Cmd_Argv(3)); if(!username || !*username || !password || strlen(password) < 6 || power < 1 || power > 100) { Com_Printf("Usage: %s <username> <password> <power>\n", Cmd_Argv(0)); Com_Printf( "Where username is loginname for this user\n" ); Com_Printf( "Where password is the initial 6 characters long or longer password for this user which should get changed by the user on first login\n" ); Com_Printf( "Where power is one of the following: Any number between 1 and 100\n" ); return; } NV_ProcessBegin(); uid = ++auth_admins.maxUID; for(i = 0, user = auth_admins.admins; i < MAX_AUTH_ADMINS; i++, user++) { if(!Q_stricmp(user->username, username)) { Com_Printf("An admin with this username is already registered\n"); return; } if(!free && !*user->username ) free = user; } if(!free) { Com_Printf("Too many registered admins. Limit is: %d\n", MAX_AUTH_ADMINS); return; } Com_RandomBytes(buff, sizeof(buff)); //Sec_BinaryToHex((char *)buff,sizeof(buff),salt,&size); Sec_HashMemory(SEC_HASH_SHA256,buff,sizeof(buff),salt,&size,qfalse); /*for(i = 0; i < sizeof(salt) -1; i++){ if(salt[i] > 126){ salt[i] -= 125; } if(salt[i] < ' '){ salt[i] += ' '; } if(salt[i] == ';') salt[i]++; if(salt[i] == '\\') salt[i]++; if(salt[i] == '%') salt[i]++; if(salt[i] == '"') salt[i]++; } salt[sizeof(salt) -1] = 0;*/ sha256 = Com_SHA256(va("%s.%s", password, salt)); Q_strncpyz(free->username, username, sizeof(free->username)); Com_Printf("Debug: 1:%s 2:%s\n", username, free->username); Q_strncpyz(free->sha256, sha256, sizeof(free->sha256)); Q_strncpyz(free->salt, (char*)salt, sizeof(free->salt)); //free->power = power; Instead: SV_RemoteCmdSetAdmin(uid, NULL, power); free->uid = uid; Com_Printf("Registered user with Name: %s Power: %d UID: %d\n", free->username, power, uid); NV_ProcessEnd(); }
void Auth_ChangeAdminPassword( int uid,const char* oldPassword,const char* password ) { const char* sha256; byte buff[129]; char salt[65]; unsigned long size = sizeof(salt); authData_admin_t *user, *user2; int i; //int uid = -1; mvabuf; if(!password || strlen(password) < 6) { Com_Printf("Error: the new password must have at least 6 characters\n"); return; } NV_ProcessBegin(); for(i = 0, user2 = auth_admins.admins; i < MAX_AUTH_ADMINS; i++, user2++) { if(*user2->username && user2->uid == uid) { user = user2; } } if(user == NULL) { Com_Printf("Error: unknown admin @%d!\n",uid); return; } Com_RandomBytes(buff, sizeof(buff)); Sec_HashMemory(SEC_HASH_SHA256,buff,sizeof(buff),salt,&size,qfalse); /*salt[sizeof(salt) -1] = 0; // Not needed for(i = 0; i < sizeof(salt) -1; i++){ if(salt[i] > 126){ salt[i] -= 125; } if(salt[i] < ' '){ salt[i] += ' '; } if(salt[i] == ';') salt[i]++; if(salt[i] == '\\') salt[i]++; if(salt[i] == '%') salt[i]++; if(salt[i] == '"') salt[i]++; }*/ sha256 = Com_SHA256(va("%s.%s", password, salt)); Q_strncpyz(user->sha256, sha256, sizeof(user->sha256)); Q_strncpyz(user->salt, (char *)salt, sizeof(user->salt)); NV_ProcessEnd(); Com_Printf("Password changed to: %s\n", password); }