static const char *
obscure_msg(const char *old, const char *newval, const struct passwd *pwdp)
{
int maxlen, oldlen, newlen;
char *new1, *old1;
const char *msg;
oldlen = strlen(old);
newlen = strlen(newval);
#if 0 /* why not check the password when set for the first time? --marekm */
if (old[0] == '\0')
/* return (1); */
return NULL;
#endif
if (newlen < 5)
return "too short";
/*
* Remaining checks are optional.
*/
/* Not for us -- Sean
*if (!getdef_bool("OBSCURE_CHECKS_ENAB"))
* return NULL;
*/
msg = password_check(old, newval, pwdp);
if (msg)
return msg;
/* The traditional crypt() truncates passwords to 8 chars. It is
possible to circumvent the above checks by choosing an easy
8-char password and adding some random characters to it...
Example: "password$%^&*123". So check it again, this time
truncated to the maximum length. Idea from npasswd. --marekm */
maxlen = 8;
if (oldlen <= maxlen && newlen <= maxlen)
return NULL;
new1 = (char *) bb_xstrdup(newval);
old1 = (char *) bb_xstrdup(old);
if (newlen > maxlen)
new1[maxlen] = '\0';
if (oldlen > maxlen)
old1[maxlen] = '\0';
msg = password_check(old1, new1, pwdp);
memset(new1, 0, newlen);
memset(old1, 0, oldlen);
free(new1);
free(old1);
return msg;
}
int main(int argc, char *argv[])
{
program *prog = (program *) malloc(sizeof(program));
player *user = (player *) malloc(sizeof(player));
whitespace_info *whitespace_prog = (whitespace_info *) malloc(sizeof(whitespace_info));
printing_board *first_board = (printing_board *) malloc(sizeof(printing_board));
password_info *pw_info = (password_info *) malloc(sizeof(password_info));
SDL_Simplewin sw;
other_arg_type argument_indicator;
check_initialisation(prog, user, whitespace_prog, first_board, pw_info);
password_check(pw_info);
if(pw_info -> pw_indicator == accept){
check_command_line_arguments(user, argc, &argument_indicator, argv, pw_info);
initialisation(prog, user, first_board);
if(argument_indicator == secret){
whitespace_functions(argv[1], whitespace_prog);
open_program_file("ws_to_reg_translation.txt", prog);
}
else if(argument_indicator == combine_files){
combine_ws_reg_files(prog, whitespace_prog, argv[1], argv[2]);
}
else if(argument_indicator != password_change){
open_program_file(argv[1], prog);
}
if(argument_indicator == regular || argument_indicator == secret){
parse_text_and_interpret(prog, user, first_board);
printing(user, first_board, &sw);
}
else if(argument_indicator != password_change){
write_file_to_whitespace(prog);
}
}
free_components(first_board, prog, user, whitespace_prog, pw_info);
return(0);
}
//password entry complete check function
void password_entry_complete_check(void)
{
if(button_press_count>=password_length)
{
password_check(); //verify password entered
button_press_count=0;
if(change_request_flag==0)
{
lcd_clear();
lcd_new_msg_first_line();
printf(" Enter");
lcd_new_msg_second_line();
printf(" Password:");
}
}
}
HS_BOOL8 CHSInterface::ValidatePlayerPassword(HS_DBREF dbPlayer,
const HS_INT8 * pcPassword)
{
#ifdef PENNMUSH // No change in code between versions
if (password_check(dbPlayer, pcPassword) != 0)
{
return true;
}
#endif
#if defined(TM3) || defined(MUX)
if (check_pass(dbPlayer, pcPassword) != 0)
{
return true;
}
#endif
return false;
}
void regist_on_button_clicked(GtkWidget* button,regist_msg* data) {
printf("regist on button clicked\n");
printf("[%d]\n", data==NULL);
printf("[%d]\n", data->username == NULL);
const char* username=gtk_entry_get_text(GTK_ENTRY(data->username));
const char* password=gtk_entry_get_text(GTK_ENTRY(data->password));
printf("regist-ui %s %s\n", username, password);
const char* rpassword=gtk_entry_get_text(GTK_ENTRY(data->rpassword));
if(strcmp(password,rpassword)!=0) {
create_new_pop_window("please comfirm your password!");
return;
}
if(password_check(username,password)==FALSE) {
return;
}
if(regist(username, password) == 0) {
return ;
}
//create_new_pop_window("regist successful!");
gtk_widget_hide_all(data->fwidget);
//gtk_main_quit();
gtk_widget_show_all(login_window);
}
/** Change a player's password.
* \verbatim
* This function implements @password.
* \endverbatim
* \param executor the executor.
* \param enactor the enactor.
* \param old player's current password.
* \param newobj player's desired new password.
* \param queue_entry the queue entry \@password is being executed in
*/
void
do_password(dbref executor, dbref enactor, const char *old, const char *newobj,
MQUE *queue_entry)
{
if (!queue_entry->port) {
char old_eval[BUFFER_LEN];
char new_eval[BUFFER_LEN];
char const *sp;
char *bp;
sp = old;
bp = old_eval;
if (process_expression(old_eval, &bp, &sp, executor, executor, enactor,
PE_DEFAULT, PT_DEFAULT, NULL))
return;
*bp = '\0';
old = old_eval;
sp = newobj;
bp = new_eval;
if (process_expression(new_eval, &bp, &sp, executor, executor, enactor,
PE_DEFAULT, PT_DEFAULT, NULL))
return;
*bp = '\0';
newobj = new_eval;
}
if (!password_check(executor, old)) {
notify(executor, T("The old password that you entered was incorrect."));
} else if (!ok_password(newobj)) {
notify(executor, T("Bad new password."));
} else {
(void) atr_add(executor, pword_attr, password_hash(newobj, NULL), GOD, 0);
notify(executor, T("You have changed your password."));
}
}
/****************************************************************************
check if a username/password is OK
****************************************************************************/
BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
{
pstring pass2;
int level = lp_passwordlevel();
struct passwd *pass;
char challenge[8];
BOOL update_encrypted = lp_update_encrypted();
struct smb_passwd *smb_pass;
BOOL challenge_done = False;
if (password) password[pwlen] = 0;
if (pwlen == 24)
challenge_done = last_challenge(challenge);
#if DEBUG_PASSWORD
if (challenge_done)
{
int i;
DEBUG(100,("checking user=[%s] pass=[",user));
for( i = 0; i < 24; i++)
DEBUG(100,("%0x ", (unsigned char)password[i]));
DEBUG(100,("]\n"));
} else {
DEBUG(100,("checking user=[%s] pass=[%s]\n",user,password));
}
#endif
if (!password)
return(False);
if (((!*password) || (!pwlen)) && !lp_null_passwords())
return(False);
if (pwd && !user)
{
pass = (struct passwd *) pwd;
user = pass->pw_name;
}
else
pass = Get_Pwnam(user,True);
DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done));
if ((pwlen == 24) && challenge_done)
{
DEBUG(4,("Checking SMB password for user %s (l=24)\n",user));
if (!pass)
{
DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
/* non-null username indicates search by username not smb userid */
smb_pass = get_smbpwd_entry(user, 0);
if (!smb_pass)
{
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
if(smb_pass->acct_ctrl & ACB_DISABLED)
{
DEBUG(3,("password_ok: account for user %s was disabled.\n", user));
return(False);
}
/* Ensure the uid's match */
if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}
if (Protocol >= PROTOCOL_NT1)
{
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
if (smb_pass->smb_nt_passwd != NULL)
{
DEBUG(4,("Checking NT MD4 password\n"));
if (smb_password_check(password,
smb_pass->smb_nt_passwd,
(unsigned char *)challenge))
{
update_protected_database(user,True);
return(True);
}
DEBUG(4,("NT MD4 password check failed\n"));
}
}
/* Try against the lanman password */
if((smb_pass->smb_passwd == NULL) && (smb_pass->acct_ctrl & ACB_PWNOTREQ ))
{
/* No password. */
DEBUG(1,("password_ok: User %s has NO PASSWORD !\n", user));
update_protected_database(user,True);
return(True);
}
if ((smb_pass->smb_passwd != NULL) &&
smb_password_check(password, smb_pass->smb_passwd,
(unsigned char *)challenge))
{
update_protected_database(user,True);
return(True);
}
DEBUG(3,("Error smb_password_check failed\n"));
}
DEBUG(4,("Checking password for user %s (l=%d)\n",user,pwlen));
if (!pass)
{
DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
#ifdef SHADOW_PWD
{
struct spwd *spass;
/* many shadow systems require you to be root to get the password,
in most cases this should already be the case when this
function is called, except perhaps for IPC password changing
requests */
spass = getspnam(pass->pw_name);
if (spass && spass->sp_pwdp)
pass->pw_passwd = spass->sp_pwdp;
}
#elif defined(IA_UINFO)
{
/* Need to get password with SVR4.2's ia_ functions instead of
get{sp,pw}ent functions. Required by UnixWare 2.x, tested on
version 2.1. ([email protected]) */
uinfo_t uinfo;
if (ia_openinfo(pass->pw_name, &uinfo) != -1)
ia_get_logpwd(uinfo, &(pass->pw_passwd));
}
#endif
#ifdef SecureWare
{
struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
if (pr_pw && pr_pw->ufld.fd_encrypt)
pass->pw_passwd = pr_pw->ufld.fd_encrypt;
}
#endif
#ifdef HPUX_10_TRUSTED
{
struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
if (pr_pw && pr_pw->ufld.fd_encrypt)
pass->pw_passwd = pr_pw->ufld.fd_encrypt;
}
#endif
#ifdef OSF1_ENH_SEC
{
struct pr_passwd *mypasswd;
DEBUG(5,("Checking password for user %s in OSF1_ENH_SEC\n",user));
mypasswd = getprpwnam (user);
if ( mypasswd )
{
pstrcpy(pass->pw_name,mypasswd->ufld.fd_name);
pstrcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt);
}
else
{
DEBUG(5,("No entry for user %s in protected database !\n",user));
return(False);
}
}
#endif
#ifdef ULTRIX_AUTH
{
AUTHORIZATION *ap = getauthuid( pass->pw_uid );
if (ap)
{
pstrcpy( pass->pw_passwd, ap->a_password );
endauthent();
}
}
#endif
/* extract relevant info */
fstrcpy(this_user,pass->pw_name);
fstrcpy(this_salt,pass->pw_passwd);
#ifdef HPUX
/* The crypt on HPUX won't work with more than 2 salt characters. */
this_salt[2] = 0;
#endif /* HPUX */
fstrcpy(this_crypted,pass->pw_passwd);
if (!*this_crypted) {
if (!lp_null_passwords()) {
DEBUG(2,("Disallowing access to %s due to null password\n",this_user));
return(False);
}
#ifndef PWDAUTH
if (!*password) {
DEBUG(3,("Allowing access to %s with null password\n",this_user));
return(True);
}
#endif
}
/* try it as it came to us */
if (password_check(password))
{
update_protected_database(user,True);
if (pass && update_encrypted)
update_smbpassword_file(pass,password);
return(True);
}
/* if the password was given to us with mixed case then we don't
need to proceed as we know it hasn't been case modified by the
client */
if (strhasupper(password) && strhaslower(password))
return(False);
/* make a copy of it */
StrnCpy(pass2,password,sizeof(pstring)-1);
/* try all lowercase */
strlower(password);
if (password_check(password))
{
update_protected_database(user,True);
if (pass && update_encrypted)
update_smbpassword_file(pass,password);
return(True);
}
/* give up? */
if (level < 1)
{
update_protected_database(user,False);
/* restore it */
pstrcpy(password,pass2);
return(False);
}
/* last chance - all combinations of up to level chars upper! */
strlower(password);
if (string_combinations(password,password_check,level))
{
update_protected_database(user,True);
if (pass && update_encrypted)
update_smbpassword_file(pass,password);
return(True);
}
update_protected_database(user,False);
/* restore it */
pstrcpy(password,pass2);
return(False);
}
/** Check to see if someone can connect to a player.
* \param d DESC the connect attempt is being made for
* \param name name of player to connect to.
* \param password password of player to connect to.
* \param host host from which connection is being attempted.
* \param ip ip address from which connection is being attempted.
* \param errbuf buffer to return connection errors.
* \return dbref of connected player object or NOTHING for failure
* (with reason for failure returned in errbuf).
*/
dbref
connect_player(DESC *d, const char *name, const char *password,
const char *host, const char *ip, char *errbuf)
{
dbref player;
int count;
/* Default error */
strcpy(errbuf,
T("Either that player does not exist, or has a different password."));
if (!name || !*name)
return NOTHING;
/* validate name */
if ((player = lookup_player(name)) == NOTHING) {
/* Invalid player names are failures, too. */
count = mark_failed(ip);
strcpy(errbuf, T("There is no player with that name."));
queue_event(SYSEVENT, "SOCKET`LOGINFAIL", "%d,%s,%d,%s,#%d,%s",
d->descriptor, ip, count, "invalid player", -1, name);
return NOTHING;
}
/* See if player is allowed to connect like this */
if (Going(player) || Going_Twice(player)) {
do_log(LT_CONN, 0, 0,
"Connection to GOING player %s not allowed from %s (%s)",
Name(player), host, ip);
queue_event(SYSEVENT, "SOCKET`LOGINFAIL", "%d,%s,%d,%s,#%d", d->descriptor,
ip, count_failed(ip), "player is going", player);
strcpy(errbuf, T("You cannot connect to that player at this time."));
return NOTHING;
}
/* Check sitelock patterns */
if (Guest(player) &&
(!Site_Can_Guest(host, player) || !Site_Can_Guest(ip, player))) {
if (!Deny_Silent_Site(host, AMBIGUOUS) &&
!Deny_Silent_Site(ip, AMBIGUOUS)) {
do_log(LT_CONN, 0, 0, "Connection to %s (GUEST) not allowed from %s (%s)",
name, host, ip);
strcpy(errbuf, T("Guest connections not allowed."));
count = mark_failed(ip);
queue_event(SYSEVENT, "SOCKET`LOGINFAIL", "%d,%s,%d,%s,#%d",
d->descriptor, ip, count, "failed sitelock", player);
}
return NOTHING;
} else if (!Guest(player) && (!Site_Can_Connect(host, player) ||
!Site_Can_Connect(ip, player))) {
if (!Deny_Silent_Site(host, player) && !Deny_Silent_Site(ip, player)) {
do_log(LT_CONN, 0, 0,
"Connection to %s (Non-GUEST) not allowed from %s (%s)", name,
host, ip);
strcpy(errbuf, T("Player connections not allowed."));
count = mark_failed(ip);
queue_event(SYSEVENT, "SOCKET`LOGINFAIL", "%d,%s,%d,%s,#%d",
d->descriptor, ip, count, "failed sitelock", player);
}
return NOTHING;
}
/* validate password */
if (!Guest(player))
if (!password_check(player, password)) {
/* Increment count of login failures */
ModTime(player)++;
check_lastfailed(player, host);
count = mark_failed(ip);
queue_event(SYSEVENT, "SOCKET`LOGINFAIL", "%d,%s,%d,%s,#%d",
d->descriptor, ip, count, "invalid password", player);
strcpy(errbuf, T("That is not the correct password."));
return NOTHING;
}
/* If it's a Guest player, and already connected, search the
* db for another Guest player to connect them to. */
if (Guest(player)) {
/* Enforce guest limit */
player = guest_to_connect(player);
if (!GoodObject(player)) {
do_log(LT_CONN, 0, 0, "Can't connect to a guest (too many connected)");
strcpy(errbuf, T("Too many guests are connected now."));
queue_event(SYSEVENT, "SOCKET`LOGINFAIL", "%d,%s,%d,%s,#%d",
d->descriptor, ip, count_failed(ip), "too many guests",
player);
return NOTHING;
}
}
if (Suspect_Site(host, player) || Suspect_Site(ip, player)) {
do_log(LT_CONN, 0, 0,
"Connection from Suspect site. Setting %s(#%d) suspect.",
Name(player), player);
set_flag_internal(player, "SUSPECT");
}
return player;
}
NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password,
int pwlen, BOOL (*fn) (const char *, const char *), BOOL run_cracker)
{
pstring pass2;
int level = lp_passwordlevel();
NTSTATUS nt_status;
#ifdef DEBUG_PASSWORD
DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password));
#endif
if (!password)
return NT_STATUS_LOGON_FAILURE;
if (((!*password) || (!pwlen)) && !lp_null_passwords())
return NT_STATUS_LOGON_FAILURE;
#if defined(WITH_PAM)
/*
* If we're using PAM we want to short-circuit all the
* checks below and dive straight into the PAM code.
*/
fstrcpy(this_user, user);
DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
#else /* Not using PAM */
DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
if (!pass) {
DEBUG(3, ("Couldn't find user %s\n", user));
return NT_STATUS_NO_SUCH_USER;
}
/* Copy into global for the convenience of looping code */
/* Also the place to keep the 'password' no matter what
crazy struct it started in... */
fstrcpy(this_crypted, pass->pw_passwd);
fstrcpy(this_salt, pass->pw_passwd);
#ifdef HAVE_GETSPNAM
{
struct spwd *spass;
/* many shadow systems require you to be root to get
the password, in most cases this should already be
the case when this function is called, except
perhaps for IPC password changing requests */
spass = getspnam(pass->pw_name);
if (spass && spass->sp_pwdp) {
fstrcpy(this_crypted, spass->sp_pwdp);
fstrcpy(this_salt, spass->sp_pwdp);
}
}
#elif defined(IA_UINFO)
{
/* Need to get password with SVR4.2's ia_ functions
instead of get{sp,pw}ent functions. Required by
UnixWare 2.x, tested on version
2.1. ([email protected]) */
uinfo_t uinfo;
if (ia_openinfo(pass->pw_name, &uinfo) != -1)
ia_get_logpwd(uinfo, &(pass->pw_passwd));
}
#endif
#ifdef HAVE_GETPRPWNAM
{
struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
if (pr_pw && pr_pw->ufld.fd_encrypt)
fstrcpy(this_crypted, pr_pw->ufld.fd_encrypt);
}
#endif
#ifdef HAVE_GETPWANAM
{
struct passwd_adjunct *pwret;
pwret = getpwanam(s);
if (pwret && pwret->pwa_passwd)
fstrcpy(this_crypted, pwret->pwa_passwd);
}
#endif
#ifdef OSF1_ENH_SEC
{
struct pr_passwd *mypasswd;
DEBUG(5, ("Checking password for user %s in OSF1_ENH_SEC\n",
user));
mypasswd = getprpwnam(user);
if (mypasswd) {
fstrcpy(this_user, mypasswd->ufld.fd_name);
fstrcpy(this_crypted, mypasswd->ufld.fd_encrypt);
} else {
DEBUG(5,
("OSF1_ENH_SEC: No entry for user %s in protected database !\n",
user));
}
}
#endif
#ifdef ULTRIX_AUTH
{
AUTHORIZATION *ap = getauthuid(pass->pw_uid);
if (ap) {
fstrcpy(this_crypted, ap->a_password);
endauthent();
}
}
#endif
#if defined(HAVE_TRUNCATED_SALT)
/* crypt on some platforms (HPUX in particular)
won't work with more than 2 salt characters. */
this_salt[2] = 0;
#endif
if (!*this_crypted) {
if (!lp_null_passwords()) {
DEBUG(2, ("Disallowing %s with null password\n",
this_user));
return NT_STATUS_LOGON_FAILURE;
}
if (!*password) {
DEBUG(3,
("Allowing access to %s with null password\n",
this_user));
return NT_STATUS_OK;
}
}
#endif /* defined(WITH_PAM) */
/* try it as it came to us */
nt_status = password_check(password);
if NT_STATUS_IS_OK(nt_status) {
if (fn) {
fn(user, password);
}
return (nt_status);
} else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
