citadel/modules/pas2/serv_pas2.c

   1 /*
   2  * cmd_pas2 - MD5 APOP style auth keyed off of the hash of the password
   3  *            plus a nonce displayed at the login banner.
   4  */
   5
   6 #include <stdlib.h>
   7 #include <unistd.h>
   8 #include <stdio.h>
   9
  10 #if TIME_WITH_SYS_TIME
  11 # include <sys/time.h>
  12 # include <time.h>
  13 #else
  14 # if HAVE_SYS_TIME_H
  15 #  include <sys/time.h>
  16 # else
  17 #  include <time.h>
  18 # endif
  19 #endif
  20
  21 #include <ctype.h>
  22 #include <string.h>
  23 #include <errno.h>
  24 #include <libcitadel.h>
  25 #include "citadel.h"
  26 #include "server.h"
  27 #include "citserver.h"
  28 #include "support.h"
  29 #include "user_ops.h"
  30 #include "md5.h"
  31
  32
  33 #include "ctdl_module.h"
  34
  35
  36 void cmd_pas2(char *argbuf)
  37 {
  38         char pw[256];
  39         char hexstring[MD5_HEXSTRING_SIZE];
  40
  41
  42         if (!strcmp(CC->curr_user, NLI))
  43         {
  44                 cprintf("%d You must enter a user with the USER command first.\n", ERROR + USERNAME_REQUIRED);
  45                 return;
  46         }
  47
  48         if (CC->logged_in)
  49         {
  50                 cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN);
  51                 return;
  52         }
  53
  54         extract_token(pw, argbuf, 0, '|', sizeof pw);
  55
  56         if (getuser(&CC->user, CC->curr_user))
  57         {
  58                 cprintf("%d Unable to find user record for %s.\n", ERROR + NO_SUCH_USER, CC->curr_user);
  59                 return;
  60         }
  61
  62         strproc(pw);
  63         strproc(CC->user.password);
  64
  65         if (strlen(pw) != (MD5_HEXSTRING_SIZE-1))
  66         {
  67                 cprintf("%d Auth string of length %ld is the wrong length (should be %d).\n", ERROR + ILLEGAL_VALUE, (long)strlen(pw), MD5_HEXSTRING_SIZE-1);
  68                 return;
  69         }
  70
  71         make_apop_string(CC->user.password, CC->cs_nonce, hexstring, sizeof hexstring);
  72
  73         if (!strcmp(hexstring, pw))
  74         {
  75                 do_login();
  76                 return;
  77         }
  78         else
  79         {
  80                 cprintf("%d Wrong password.\n", ERROR + PASSWORD_REQUIRED);
  81                 return;
  82         }
  83 }
  84
  85
  86
  87
  88
  89 CTDL_MODULE_INIT(pas2)
  90 {
  91         if (!threading)
  92         {
  93                 CtdlRegisterProtoHook(cmd_pas2, "PAS2", "APOP-based login");
  94         }
  95
  96         /* return our Subversion id for the Log */
  97         return "$Id$";
  98 }