Mercurial > hg > rlgwebd

annotate sqlickrypt.c @ 143:f1676e81c80a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug. Passwords will now be securely encrypted with random salt. Also avoid storing NULL in the database, because that makes dgamelaunch segfault.
author John "Elwin" Edwards
date Sun, 20 Oct 2013 21:19:13 -0700
parents 0a3ff1267c24
children bc69717ff386
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
17
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
1 #include <stdio.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
2 #include <stdlib.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
3 #include <string.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
4 #include <ctype.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
5 #include <sqlite3.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
6 #include <unistd.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
7 #include <crypt.h>
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
8
123
0a3ff1267c24 sqlickrypt: fix typo in database filename.
John "Elwin" Edwards <elwin@sdf.org>
parents: 119
diff changeset
9 #define DATABASE "/dgldir/dgamelaunch.db"
18
59ea628abb81 sqlickrypt.c: add the ability to register new users.
John "Elwin" Edwards <elwin@sdf.org>
parents: 17
diff changeset
10 #define IBUFSIZE 200
143
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
11 #define RANDOMSRC "/dev/urandom"
17
d3e3d6b4016b rlgwebd: switch to dgamelaunch's SQLite database.
John "Elwin" Edwards <elwin@sdf.org>
parents:
diff changeset
12
117
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
13 /* General idea for return status:
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
14 * 0: success
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
15 * 1: password check failed
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
16 * 2: username not found
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
17 * 3: database error
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
18 * 4: invalid input
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
19 */
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
20
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
21 /* Opens the database and, less obviously, initializes a statement. */
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
22 int opendb(sqlite3 **dbp, sqlite3_stmt **stmtp, char *query) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
23 int status;
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
24 status = sqlite3_open(DATABASE, dbp);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
25 if (status) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
26 sqlite3_close(*dbp);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
27 exit(3);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
28 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
29 sqlite3_prepare_v2(*dbp, query, -1, stmtp, NULL);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
30 if (*stmtp == NULL) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
31 sqlite3_close(*dbp);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
32 exit(3);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
33 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
34 return 0;
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
35 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
36
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
37 void cleanup(sqlite3 *db, sqlite3_stmt *stmt, int status) {
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
38 if (stmt)
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
39 sqlite3_finalize(stmt);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
40 sqlite3_close(db);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
41 if (status)
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
42 exit(status);
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
43 return;
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
44 }
c08717cb7793 sqlickrypt: add getmail and setmail commands.
John "Elwin" Edwards <elwin@sdf.org>
parents: 25
diff changeset
45
143
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
46 char encode64(unsigned char c) {
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
47 if (c < 26)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
48 return 'a' + c;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
49 else if (c < 52)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
50 return 'A' + c - 26;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
51 else if (c < 62)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
52 return '0' + c - 52;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
53 else if (c == 62)
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
54 return '.';
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
55 else
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
56 return '/';
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
57 }
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
58
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
59 /* Initializes a SHA-512 salt. salt must contain at least 20 bytes. */
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
60 void setsalt(char *salt) {
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
61 unsigned char rnbytes[3], rnvals[4];
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
62 FILE *urandom;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
63 int loop;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
64 salt[0] = salt[2] = salt[19] = '$'; /* Delimiters */
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
65 salt[1] = '6'; /* SHA-512 */
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
66 urandom = fopen(RANDOMSRC, "r");
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
67 for (loop = 0; loop < 4; loop++) {
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
68 fread(rnbytes, 1, 3, urandom);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
69 rnvals[0] = rnbytes[0] >> 2;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
70 rnvals[1] = ((rnbytes[0] & 0x03) << 4) | ((rnbytes[1] & 0xf0) >> 4);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
71 rnvals[2] = ((rnbytes[1] & 0x0f) << 2) | ((rnbytes[2] & 0xc0) >> 6);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
72 rnvals[3] = rnbytes[2] & 0x3f;
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
73 salt[loop * 4 + 3] = encode64(rnvals[0]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
74 salt[loop * 4 + 4] = encode64(rnvals[1]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
75 salt[loop * 4 + 5] = encode64(rnvals[2]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
76 salt[loop * 4 + 6] = encode64(rnvals[3]);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
77 }
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
78 fclose(urandom);
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
79 }
f1676e81c80a sqlickrypt: add support for salted SHA-512 passwords, and fix NULL bug.
John "Elwin" Edwards
parents: 123
diff changeset
80
18
59ea628abb81 sqlickrypt.c: add the ability to register new users.
John "Elwin" Edwards <elwin@sdf.org>
parents: 17
diff changeset
81 int check(char *uname, char *pw) {
24
9d5da43c0e83 sqlickrypt.c: begin converting to parametrized queries.
John "Elwin" Edwards <elwin@sdf.org>
parents: 18
diff changeset
82 char *pwhash, *comphash;
9d5da43c0e83 sqlickrypt.c: begin converting to parametrized queries.
John "Elwin" Edwards <elwin@sdf.org>
parents: 18
diff changeset