int Auth_Authorize(const char *login, const char *password) {
int i;
char hstring[256];
const char *sha256;
authData_admin_t *user;
int id = -1;
for(i = 0, user = auth_admins.admins; i < MAX_AUTH_ADMINS; i++, user++) {
if(*user->username && !Q_stricmp(user->username,login))
id = i;
}
if(id < 0) {
return id;
}
user = &auth_admins.admins[id];
Com_sprintf(hstring, sizeof(hstring), "%s.%s", password, user->salt);
sha256 = Com_SHA256(hstring);
if(Q_strncmp(user->sha256, sha256, 128))
return -1;
return id;
}
void GScr_SHA256(){
const char *hash;
if(Scr_GetNumParam() != 1){
Scr_Error("Usage: sha256(<input text>)\n");
}
char* input = Scr_GetString(0);
hash = Com_SHA256(input);
Scr_AddString(hash);
}
void Auth_SetAdmin_f( void ) {
const char* username;
const char* password;
const char* sha256;
byte buff[129];
char salt[65];
unsigned long size = sizeof(salt);
int power, i,uid;
authData_admin_t* user;
authData_admin_t* free = NULL;
mvabuf;
if(Cmd_Argc() != 4) {
Com_Printf("Usage: %s <username> <password> <power>\n", Cmd_Argv(0));
Com_Printf( "Where username is loginname for this user\n" );
Com_Printf( "Where password is the initial 6 characters long or longer password for this user which should get changed by the user on first login\n" );
Com_Printf( "Where power is one of the following: Any number between 1 and 100\n" );
return;
}
username = Cmd_Argv(1);
password = Cmd_Argv(2);
power = atoi(Cmd_Argv(3));
if(!username || !*username || !password || strlen(password) < 6 || power < 1 || power > 100) {
Com_Printf("Usage: %s <username> <password> <power>\n", Cmd_Argv(0));
Com_Printf( "Where username is loginname for this user\n" );
Com_Printf( "Where password is the initial 6 characters long or longer password for this user which should get changed by the user on first login\n" );
Com_Printf( "Where power is one of the following: Any number between 1 and 100\n" );
return;
}
NV_ProcessBegin();
uid = ++auth_admins.maxUID;
for(i = 0, user = auth_admins.admins; i < MAX_AUTH_ADMINS; i++, user++) {
if(!Q_stricmp(user->username, username)) {
Com_Printf("An admin with this username is already registered\n");
return;
}
if(!free && !*user->username )
free = user;
}
if(!free) {
Com_Printf("Too many registered admins. Limit is: %d\n", MAX_AUTH_ADMINS);
return;
}
Com_RandomBytes(buff, sizeof(buff));
//Sec_BinaryToHex((char *)buff,sizeof(buff),salt,&size);
Sec_HashMemory(SEC_HASH_SHA256,buff,sizeof(buff),salt,&size,qfalse);
/*for(i = 0; i < sizeof(salt) -1; i++){
if(salt[i] > 126){
salt[i] -= 125;
}
if(salt[i] < ' '){
salt[i] += ' ';
}
if(salt[i] == ';')
salt[i]++;
if(salt[i] == '\\')
salt[i]++;
if(salt[i] == '%')
salt[i]++;
if(salt[i] == '"')
salt[i]++;
}
salt[sizeof(salt) -1] = 0;*/
sha256 = Com_SHA256(va("%s.%s", password, salt));
Q_strncpyz(free->username, username, sizeof(free->username));
Com_Printf("Debug: 1:%s 2:%s\n", username, free->username);
Q_strncpyz(free->sha256, sha256, sizeof(free->sha256));
Q_strncpyz(free->salt, (char*)salt, sizeof(free->salt));
//free->power = power; Instead:
SV_RemoteCmdSetAdmin(uid, NULL, power);
free->uid = uid;
Com_Printf("Registered user with Name: %s Power: %d UID: %d\n", free->username, power, uid);
NV_ProcessEnd();
}
void Auth_ChangeAdminPassword( int uid,const char* oldPassword,const char* password ) {
const char* sha256;
byte buff[129];
char salt[65];
unsigned long size = sizeof(salt);
authData_admin_t *user, *user2;
int i;
//int uid = -1;
mvabuf;
if(!password || strlen(password) < 6) {
Com_Printf("Error: the new password must have at least 6 characters\n");
return;
}
NV_ProcessBegin();
for(i = 0, user2 = auth_admins.admins; i < MAX_AUTH_ADMINS; i++, user2++) {
if(*user2->username && user2->uid == uid) {
user = user2;
}
}
if(user == NULL) {
Com_Printf("Error: unknown admin @%d!\n",uid);
return;
}
Com_RandomBytes(buff, sizeof(buff));
Sec_HashMemory(SEC_HASH_SHA256,buff,sizeof(buff),salt,&size,qfalse);
/*salt[sizeof(salt) -1] = 0; // Not needed
for(i = 0; i < sizeof(salt) -1; i++){
if(salt[i] > 126){
salt[i] -= 125;
}
if(salt[i] < ' '){
salt[i] += ' ';
}
if(salt[i] == ';')
salt[i]++;
if(salt[i] == '\\')
salt[i]++;
if(salt[i] == '%')
salt[i]++;
if(salt[i] == '"')
salt[i]++;
}*/
sha256 = Com_SHA256(va("%s.%s", password, salt));
Q_strncpyz(user->sha256, sha256, sizeof(user->sha256));
Q_strncpyz(user->salt, (char *)salt, sizeof(user->salt));
NV_ProcessEnd();
Com_Printf("Password changed to: %s\n", password);
}
