annotate sqlickrypt.c @ 151:9f9bc41d5006

Mostly finish README.txt.
author John "Elwin" Edwards
date Sun, 09 Mar 2014 16:15:42 -0700
parents f1676e81c80a
children bc69717ff386
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
17
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
1 #include <stdio.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
2 #include <stdlib.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
3 #include <string.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
4 #include <ctype.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
5 #include <sqlite3.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
6 #include <unistd.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
7 #include <crypt.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
8
123
0a3ff1267c24 sqlickrypt: fix typo in database filename.
John "Elwin" Edwards <elwin@sdf.org>
parents: 119
diff changeset
9 #define DATABASE "/dgldir/dgamelaunch.db"
18
59ea628abb81 sqlickrypt.c: add the ability to register new users.
John "Elwin" Edwards <elwin@sdf.org>
parents: 17
diff changeset
10 #define IBUFSIZE 200
143
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
11 #define RANDOMSRC "/dev/urandom"
17
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
12
117
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
13 /* General idea for return status:
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
14 * 0: success
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
15 * 1: password check failed
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
16 * 2: username not found
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
17 * 3: database error
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
18 * 4: invalid input
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
19 */
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
20
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
21 /* Opens the database and, less obviously, initializes a statement. */
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
22 int opendb(sqlite3 **dbp, sqlite3_stmt **stmtp, char *query) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
23 int status;
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
24 status = sqlite3_open(DATABASE, dbp);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
25 if (status) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
26 sqlite3_close(*dbp);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
27 exit(3);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
28 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
29 sqlite3_prepare_v2(*dbp, query, -1, stmtp, NULL);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
30 if (*stmtp == NULL) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
31 sqlite3_close(*dbp);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
32 exit(3);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
33 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
34 return 0;
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
35 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
36
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
37 void cleanup(sqlite3 *db, sqlite3_stmt *stmt, int status) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
38 if (stmt)
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
39 sqlite3_finalize(stmt);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
40 sqlite3_close(db);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
41 if (status)
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
42 exit(status);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
43 return;
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
44 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
45
143
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
46 char encode64(unsigned char c) {
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
47 if (c < 26)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
48 return 'a' + c;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
49 else if (c < 52)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
50 return 'A' + c - 26;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
51 else if (c < 62)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
52 return '0' + c - 52;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
53 else if (c == 62)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
54 return '.';
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
55 else
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
56 return '/';
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
57 }
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
58
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
59 /* Initializes a SHA-512 salt. salt must contain at least 20 bytes. */
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
60 void setsalt(char *salt) {
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
61 unsigned char rnbytes[3], rnvals[4];
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
62 FILE *urandom;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
63 int loop;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
64 salt[0] = salt[2] = salt[19] = '$'; /* Delimiters */
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
65 salt[1] = '6'; /* SHA-512 */
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
66 urandom = fopen(RANDOMSRC, "r");
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
67 for (loop = 0; loop < 4; loop++) {
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
68 fread(rnbytes, 1, 3, urandom);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
69 rnvals[0] = rnbytes[0] >> 2;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
70 rnvals[1] = ((rnbytes[0] & 0x03) << 4) | ((rnbytes[1] & 0xf0) >> 4);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
71 rnvals[2] = ((rnbytes[1] & 0x0f) << 2) | ((rnbytes[2] & 0xc0) >> 6);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
72 rnvals[3] = rnbytes[2] & 0x3f;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
73 salt[loop * 4 + 3] = encode64(rnvals[0]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
74 salt[loop * 4 + 4] = encode64(rnvals[1]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
75 salt[loop * 4 + 5] = encode64(rnvals[2]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
76 salt[loop * 4 + 6] = encode64(rnvals[3]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
77 }
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
78 fclose(urandom);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
79 }
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
80
18
59ea628abb81 sqlickrypt.c: add the ability to register new users.
John "Elwin" Edwards <elwin@sdf.org>
parents: 17
diff changeset
81 int check(char *uname, char *pw) {
24
9d5da43c0e83 sqlickrypt.c: begin converting to parametrized queries.
John "Elwin" Edwards <elwin@sdf.org>
parents: 18
diff changeset
82 char *pwhash, *comphash;
9d5da43c0e83 sqlickrypt.c: begin converting to parametrized queries.
John "Elwin" Edwards <elwin@sdf.org>
parents: 18
diff changeset
83 char *query = "SELECT password FROM dglusers WHERE username=?;";
18
59ea628abb81 sqlickrypt.c: add the ability to register new users.
John "Elwin" Edwards <elwin@sdf.org>
parents: 17
diff