Mercurial > hg > rlgwebd

view sqlickrypt.c @ 17:d3e3d6b4016b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
rlgwebd: switch to dgamelaunch's SQLite database. The quickrypt utility is replaced with sqlickrypt, which takes a username and password pair and checks them against the SQLite password database used by dgamelaunch. This will be more extensible to using rlgwebd to register, change passwords, etc.
author John "Elwin" Edwards <elwin@sdf.org>
date Sun, 20 May 2012 15:52:07 -0700
parents
children 59ea628abb81
line wrap: on
line source

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sqlite3.h>
#include <unistd.h>
#include <crypt.h>

#define DATABASE "/dgldir/dgamelaunch.db"

int xcallback(void *targ, int ncols, char **vals, char **colnames) {
  char *pws;
  int j;
  pws = *((char **) targ);
  if (pws == NULL) {
    for (j = 0; j < ncols; j++) {
      if (!strcmp(colnames[j], "password"))
        *((char **) targ) = strdup(vals[j]);
    }
  }
  /* Otherwise, this isn't the first row. */
  return 0;
}

int main(int argc, char *argv[]) {
  char ibuf[160], *uname, *pw, *pwhash = NULL, *comphash;
  char finduser_sql[160];
  char *cptr; // Utility pointer
  sqlite3 *db;
  int status;

  /* Read in the username and password */
  fgets(ibuf, 160, stdin);
  uname = ibuf;
  pw = strchr(uname, '\n');
  if (pw == NULL)
    exit(4); /* Truncated */
  *pw = '\0';
  pw++;
  fgets(pw, 160 - (pw - ibuf), stdin);
  if (pw[strlen(pw) - 1] == '\n')
    pw[strlen(pw) - 1] = '\0';
  else
    exit(4); /* Truncated */
  /* Sanitize the username, because it gets put into a query. */
  for (cptr = uname; *cptr != '\0'; cptr++) {
    if (!isalnum(*cptr)) {
      exit(4);
    }
  }
  /* Construct the query */
  strcpy(finduser_sql, "SELECT * FROM dglusers WHERE username='");
  strncat(finduser_sql, uname, 40);
  strcat(finduser_sql, "';");

  status = sqlite3_open(DATABASE, &db);
  if (status) {
    sqlite3_close(db);
    return 1;
  }
  sqlite3_exec(db, finduser_sql, xcallback, (void *) &pwhash, NULL);

  sqlite3_close(db);

  /* Now check the password. */
  if (pwhash == NULL) {
    return 2;
  }
  comphash = crypt(pw, pwhash);
  if (!strcmp(pwhash, comphash))
    return 0;
  return 1;
}