forked from Mirrorlandia_minetest/minetest
Check password hash validity
This commit is contained in:
parent
74aa598769
commit
e2ea711136
@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
|
||||
return (isalnum(c) || (c == '+') || (c == '/'));
|
||||
}
|
||||
|
||||
bool base64_is_valid(std::string const& s)
|
||||
{
|
||||
for(int i=0; i<s.size(); i++)
|
||||
if(!is_base64(s[i])) return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
|
||||
std::string ret;
|
||||
int i = 0;
|
||||
|
@ -1,4 +1,5 @@
|
||||
#include <string>
|
||||
|
||||
bool base64_is_valid(std::string const& s);
|
||||
std::string base64_encode(unsigned char const* , unsigned int len);
|
||||
std::string base64_decode(std::string const& s);
|
||||
|
@ -2080,6 +2080,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
|
||||
}
|
||||
password[PASSWORD_SIZE-1] = 0;
|
||||
}
|
||||
|
||||
if(!base64_is_valid(password)){
|
||||
infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
|
||||
SendAccessDenied(m_con, peer_id, L"Invalid password hash");
|
||||
return;
|
||||
}
|
||||
|
||||
std::string checkpwd;
|
||||
bool has_auth = scriptapi_get_auth(m_lua, playername, &checkpwd, NULL);
|
||||
@ -2790,6 +2796,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
|
||||
newpwd += c;
|
||||
}
|
||||
|
||||
if(!base64_is_valid(newpwd)){
|
||||
infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
|
||||
// Wrong old password supplied!!
|
||||
SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
|
||||
return;
|
||||
}
|
||||
|
||||
infostream<<"Server: Client requests a password change from "
|
||||
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user