static bool verify_operserv_password(soper_t *so, char *password)
{
if (so == NULL || password == NULL)
return false;
return crypt_verify_password(password, so->password) != NULL;
}
static bool verify_operserv_password(soper_t *so, char *password)
{
if (so == NULL || password == NULL)
return false;
if (crypto_module_loaded)
return crypt_verify_password(password, so->password);
else
return !strcmp(password, so->password);
}
bool verify_password(myuser_t *mu, const char *password)
{
if (mu == NULL || password == NULL)
return false;
if (auth_module_loaded && auth_user_custom)
return auth_user_custom(mu, password);
if (mu->flags & MU_CRYPTPASS)
if (crypto_module_loaded)
{
const crypt_impl_t *ci, *ci_default;
ci = crypt_verify_password(password, mu->pass);
if (ci == NULL)
return false;
if (ci == (ci_default = crypt_get_default_provider()))
{
if (ci->needs_param_upgrade != NULL && ci->needs_param_upgrade(mu->pass))
{
slog(LG_INFO, "verify_password(): transitioning to newer parameters for crypt scheme '%s' for account '%s'",
ci->id, entity(mu)->name);
mowgli_strlcpy(mu->pass, ci->crypt(password, ci->salt()), PASSLEN);
}
}
else
{
slog(LG_INFO, "verify_password(): transitioning from crypt scheme '%s' to '%s' for account '%s'",
ci->id, ci_default->id, entity(mu)->name);
mowgli_strlcpy(mu->pass, ci_default->crypt(password, ci_default->salt()), PASSLEN);
}
return true;
}
else
{ /* not good!
* but don't complain about crypted password '*',
* this is supposed to never match
*/
if (strcmp(password, "*"))
slog(LG_ERROR, "check_password(): can't check crypted password -- no crypto module!");
return false;
}
else
return (strcmp(mu->pass, password) == 0);
}
static void ns_cmd_setpass(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
metadata_t *md;
char *nick = parv[0];
char *key = parv[1];
char *password = parv[2];
if (!nick || !key || !password)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "SETPASS");
command_fail(si, fault_needmoreparams, _("Syntax: SETPASS <account> <key> <newpass>"));
return;
}
if (strchr(password, ' '))
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "SETPASS");
command_fail(si, fault_badparams, _("Syntax: SETPASS <account> <key> <newpass>"));
return;
}
if (!(mu = myuser_find(nick)))
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not registered."), nick);
return;
}
if (strlen(password) >= PASSLEN)
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "SETPASS");
command_fail(si, fault_badparams, _("Registration passwords may not be longer than \2%d\2 characters."), PASSLEN - 1);
return;
}
if (!strcasecmp(password, entity(mu)->name))
{
command_fail(si, fault_badparams, _("You cannot use your nickname as a password."));
command_fail(si, fault_badparams, _("Syntax: SETPASS <account> <key> <newpass>"));
return;
}
md = metadata_find(mu, "private:setpass:key");
if (md != NULL && crypt_verify_password(key, md->value) != NULL)
{
logcommand(si, CMDLOG_SET, "SETPASS: \2%s\2", entity(mu)->name);
set_password(mu, password);
metadata_delete(mu, "private:setpass:key");
command_success_nodata(si, _("The password for \2%s\2 has been changed to \2%s\2."), entity(mu)->name, password);
return;
}
if (md != NULL)
{
logcommand(si, CMDLOG_SET, "failed SETPASS (invalid key)");
}
command_fail(si, fault_badparams, _("Verification failed. Invalid key for \2%s\2."),
entity(mu)->name);
return;
}
static void
ns_cmd_setpass(struct sourceinfo *si, int parc, char *parv[])
{
struct myuser *mu;
struct metadata *md;
char *nick = parv[0];
char *key = parv[1];
char *password = parv[2];
if (!nick || !key || !password)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "SETPASS");
command_fail(si, fault_needmoreparams, _("Syntax: SETPASS <account> <key> <newpass>"));
return;
}
if (strchr(password, ' '))
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "SETPASS");
command_fail(si, fault_badparams, _("Syntax: SETPASS <account> <key> <newpass>"));
return;
}
if (!(mu = myuser_find(nick)))
{
command_fail(si, fault_nosuch_target, STR_IS_NOT_REGISTERED, nick);
return;
}
if (si->smu == mu)
{
command_fail(si, fault_already_authed, _("You are logged in and can change your password using the SET PASSWORD command."));
return;
}
if (strlen(password) > PASSLEN)
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "SETPASS");
command_fail(si, fault_badparams, _("Registration passwords may not be longer than \2%u\2 characters."), PASSLEN);
return;
}
if (!strcasecmp(password, entity(mu)->name))
{
command_fail(si, fault_badparams, _("You cannot use your nickname as a password."));
command_fail(si, fault_badparams, _("Syntax: SETPASS <account> <key> <newpass>"));
return;
}
md = metadata_find(mu, "private:setpass:key");
if (md == NULL || crypt_verify_password(key, md->value, NULL) == NULL)
{
if (md != NULL)
logcommand(si, CMDLOG_SET, "failed SETPASS (invalid key)");
command_fail(si, fault_badparams, _("Verification failed. Invalid key for \2%s\2."), entity(mu)->name);
return;
}
logcommand(si, CMDLOG_SET, "SETPASS: \2%s\2", entity(mu)->name);
metadata_delete(mu, "private:setpass:key");
metadata_delete(mu, "private:sendpass:sender");
metadata_delete(mu, "private:sendpass:timestamp");
set_password(mu, password);
command_success_nodata(si, _("The password for \2%s\2 has been successfully changed."), entity(mu)->name);
if (mu->flags & MU_NOPASSWORD)
{
mu->flags &= ~MU_NOPASSWORD;
command_success_nodata(si, _("The \2%s\2 flag has been removed for account \2%s\2."), "NOPASSWORD", entity(mu)->name);
}
}
