int main ()
{
struct crypt_context context;
char plaintext[] = "password";
strcpy(context.salt, "$6$ksdfjsoigh$asdf");
crypt_password(&context, (unsigned char *) plaintext, strlen(plaintext));
printf("%s\n", crypt_to_string(&context));
crypt_from_string(&context, "endeavormac:$6$ksdfjsoigh$Dm7i1XyX1wno8dHD.TtBO7An4227mETbw4ilH5sOM3FL3FgHGpzMfmQormRGKtUE/lxCPrgCcmslJ.KueUezF/");
printf("%s\n", context.hash);
printf("to_string: %s\n", crypt_to_string(&context));
int i;
double johnny_bench_called;
johnny_bench_called = (double) clock();
for (i = 0; i < 100; i++)
{
crypt_password(&context, (unsigned char *) plaintext, strlen(plaintext));
}
johnny_bench_called = ((double) clock()) - johnny_bench_called;
johnny_bench_called /= (double) CLOCKS_PER_SEC;
johnny_bench_called = 100 / johnny_bench_called;
printf("%f crypts per second\n", johnny_bench_called);
return 0;
}
static void
ns_cmd_sendpass(struct sourceinfo *si, int parc, char *parv[])
{
struct myuser *mu;
char *name = parv[0];
char *key;
enum specialoperation op = op_none;
bool ismarked = false;
if (!name)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "SENDPASS");
command_fail(si, fault_needmoreparams, _("Syntax: SENDPASS <account>"));
return;
}
if (parc > 1)
{
if (!has_priv(si, PRIV_USER_SENDPASS))
{
command_fail(si, fault_noprivs, STR_NOT_AUTHORIZED);
return;
}
else if (!strcasecmp(parv[1], "FORCE"))
op = op_force;
else if (!strcasecmp(parv[1], "CLEAR"))
op = op_clear;
else
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "SENDPASS");
command_fail(si, fault_badparams, _("Syntax: SENDPASS <account> [FORCE|CLEAR]"));
return;
}
}
if (!(mu = myuser_find_by_nick(name)))
{
command_fail(si, fault_nosuch_target, STR_IS_NOT_REGISTERED, name);
return;
}
if (mu->flags & MU_WAITAUTH)
{
command_fail(si, fault_badparams, _("\2%s\2 is not verified."), entity(mu)->name);
return;
}
if (metadata_find(mu, "private:mark:setter"))
{
ismarked = true;
// don't want to disclose this, so just go ahead...
}
if (op == op_clear)
{
if (metadata_find(mu, "private:setpass:key"))
{
logcommand(si, CMDLOG_ADMIN, "SENDPASS:CLEAR: \2%s\2", entity(mu)->name);
metadata_delete(mu, "private:setpass:key");
metadata_delete(mu, "private:sendpass:sender");
metadata_delete(mu, "private:sendpass:timestamp");
command_success_nodata(si, _("The password change key for \2%s\2 has been cleared."), entity(mu)->name);
}
else
command_fail(si, fault_nochange, _("\2%s\2 did not have a password change key outstanding."), entity(mu)->name);
return;
}
if (MOWGLI_LIST_LENGTH(&mu->logins) > 0)
{
if (si->smu == mu)
command_fail(si, fault_already_authed, _("You are logged in and can change your password using the SET PASSWORD command."));
else
command_fail(si, fault_noprivs, _("This operation cannot be performed on %s, because someone is logged in to it."), entity(mu)->name);
return;
}
if (metadata_find(mu, "private:freeze:freezer"))
{
command_fail(si, fault_noprivs, _("%s has been frozen by the %s administration."), entity(mu)->name, me.netname);
return;
}
if (metadata_find(mu, "private:setpass:key"))
{
command_fail(si, fault_alreadyexists, _("\2%s\2 already has a password change key outstanding."), entity(mu)->name);
if (has_priv(si, PRIV_USER_SENDPASS))
command_fail(si, fault_alreadyexists, _("Use SENDPASS %s CLEAR to clear it so that a new one can be sent."), entity(mu)->name);
return;
}
key = random_string(12);
const char *const hash = crypt_password(key);
if (!hash)
{
command_fail(si, fault_internalerror, _("Hash generation for password change key failed."));
sfree(key);
return;
}
if (sendemail(si->su != NULL ? si->su : si->service->me, mu, EMAIL_SETPASS, mu->email, key))
{
if (ismarked)
wallops("%s sent the password for the \2MARKED\2 account %s.", get_oper_name(si), entity(mu)->name);
logcommand(si, CMDLOG_ADMIN, "SENDPASS: \2%s\2 (change key)", name);
metadata_add(mu, "private:sendpass:sender", get_oper_name(si));
metadata_add(mu, "private:sendpass:timestamp", number_to_string(time(NULL)));
metadata_add(mu, "private:setpass:key", hash);
command_success_nodata(si, _("The password change key for \2%s\2 has been sent to the corresponding email address."), entity(mu)->name);
}
else
command_fail(si, fault_emailfail, _("Email send failed."));
sfree(key);
}
int passwd (int argc, char **argv)
{
int c;
int err = 0;
char *typed_password = NULL, *typed_password2 = NULL;
const char *username, *user;
passwd_entry *passnode;
char *linebuf = NULL;
char *real_user = NULL;
char *password_domain = NULL;
int adduser=0,deluser=0,disableuser=0,realuser=0,remove_realuser=0,use_domain=0;
int arg_specified = 0;
if (argc == -1)
usage (passwd_usage);
optind = 0;
while ((c = getopt (argc, argv, "axXr:RD:")) != -1)
{
switch (c)
{
case 'a':
if(arg_specified)
usage (passwd_usage);
arg_specified = 1;
adduser = 1;
break;
case 'x':
if(arg_specified)
usage (passwd_usage);
arg_specified = 1;
disableuser = 1;
break;
case 'X':
if(arg_specified)
usage (passwd_usage);
arg_specified = 1;
deluser = 1;
break;
case 'r':
realuser = 1;
real_user = xstrdup(optarg);
break;
case 'R':
remove_realuser = 1;
break;
case 'D':
use_domain = 1;
password_domain = xstrdup(optarg);
break;
case '?':
default:
usage (passwd_usage);
break;
}
}
argc -= optind;
argv += optind;
if(!argc)
user = NULL;
else
user=argv[0];
#ifdef CLIENT_SUPPORT
if (current_parsed_root->isremote)
{
if (argc > 1)
usage (passwd_usage);
if (!supported_request ("passwd"))
error (1, 0, "server does not support passwd");
if(!user && adduser)
{
error(1,0,"You cannot add yourself");
}
if(!user && deluser)
{
error(1,0,"You cannot delete yourself");
}
if(user || current_parsed_root->username || current_parsed_root->hostname)
{
printf ("%s %s@%s\n",
(adduser) ? "Adding user" : (deluser) ? "Deleting user" : "Changing repository password for",
user?user:current_parsed_root->username?current_parsed_root->username:getcaller(),current_parsed_root->hostname);
}
else
{
printf ("Changing repository password for %s\n",getcaller());
}
fflush (stdout);
if(!use_domain && !deluser && !disableuser)
{
typed_password = getpass ("New password: "******"Verify password: "******"Passwords do not match, try again");
}
memset (typed_password2, 0, strlen (typed_password2));
typed_password = xrealloc(typed_password, strlen(typed_password) +32);
if(strlen(typed_password))
crypt_password(typed_password);
}
if (adduser)
send_arg ("-a");
if (disableuser)
send_arg ("-x");
if (deluser)
send_arg ("-X");
if (realuser)
{
send_arg ("-r");
send_arg (real_user);
}
if (remove_realuser)
send_arg ("-R");
if(use_domain)
{
send_arg ("-D");
send_arg (password_domain);
}
if (argc == 1)
send_arg(user);
else
send_arg("*");
if(typed_password)
{
send_arg (typed_password); /* Send the new password */
memset (typed_password, 0, strlen (typed_password));
xfree (typed_password);
}
send_to_server ("passwd\012", 0);
return get_responses_and_close ();
}
if(!server_active)
#endif
{
if(argc!=0 && argc!=1)
usage (passwd_usage);
if(!user && adduser)
{
error(1,0,"You cannot add yourself");
}
if(!user && deluser)
{
error(1,0,"You cannot delete yourself");
}
if(user || current_parsed_root->username)
{
printf ("%s %s\n",
(adduser) ? "Adding user" : (deluser) ? "Deleting user" : "Changing password for",
user?user:current_parsed_root->username);
}
else
{
printf ("Changing repository password for %s\n",getcaller());
}
fflush (stdout);
if (argc == 0)
username = CVS_Username;
else
{
username = user;
}
if(!use_domain && !deluser && !disableuser)
{
typed_password = getpass ("New password: "******"Verify password: "******"Passwords do not match, try again");
}
memset (typed_password2, 0, strlen (typed_password2));
typed_password = xrealloc(typed_password, strlen(typed_password) +32);
if(strlen(typed_password))
crypt_password(typed_password);
}
}
#ifdef SERVER_SUPPORT
if(server_active)
{
if ((argc != 1) && (argc != 2))
usage (passwd_usage);
if(!strcmp(user,"*"))
username = CVS_Username;
else
{
username = user;
#if defined(_WIN32)
#ifdef SJIS
if(_mbschr(username,'\\') && !isDomainMember())
#else
if(strchr(username,'\\') && !isDomainMember())
#endif
{
error(1,0,"CVS server is not acting as a domain member - cannot specify domains");
}
#endif
}
if(argc==2)
typed_password = argv[1];
}
#endif
if (typed_password &&
(strcmp(username, CVS_Username) != 0) &&
(! verify_admin ()))
error (1, 0, "Only administrators can add or change another's password");
read_passwd_list();
passnode = find_passwd_entry(username);
if (passnode == NULL)
{
if (!adduser)
error (1, 0, "Could not find %s in password file", username);
if (! verify_admin())
{
error (1, 0, "Only administrators can add users" );
}
passnode = new_passwd_entry();
passnode->username=xstrdup(username);
passnode->password=xstrdup(typed_password);
passnode->real_username=NULL;
}
if(deluser)
{
if (! verify_admin())
{
error (1, 0, "Only administrators can delete users" );
}
xfree(passnode->username);
passnode->username = NULL;
}
else if(disableuser)
{
if (! verify_admin())
{
error (1, 0, "Only administrators can disable users" );
}
xfree(passnode->password);
passnode->password=xstrdup("#DISABLED#");
}
else
{
xfree(passnode->password);
#ifdef _WIN32 /* Unix servers can't make any sense of this */
if(use_domain)
{
passnode->password = xmalloc(strlen(password_domain)+2);
strcpy(passnode->password,"!");
strcat(passnode->password,password_domain);
}
else
#endif
passnode->password = xstrdup(typed_password);
if(realuser)
{
if(!getpwnam(real_user))
error(1, 0, "User '%s' is not a real user on the system.",real_user);
xfree(passnode->real_username);
passnode->real_username = xstrdup(real_user);
}
else if (remove_realuser)
{
xfree(passnode->real_username);
passnode->real_username=NULL;
}
if((passnode->real_username && !getpwnam(passnode->real_username)) || (!passnode->real_username && passnode->username && !getpwnam(passnode->username)))
{
error(0,0,"*WARNING* CVS user '%s' will not be able to log in until they are aliased to a valid system user.",username);
}
}
write_passwd_list();
free_passwd_list();
xfree(real_user);
xfree(password_domain);
return (err);
}
