mirror of
https://github.com/minetest/minetest.git
synced 2024-11-30 03:23:45 +01:00
Check password hash validity
This commit is contained in:
parent
073964a12f
commit
30cbdb0981
@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
|
|||||||
return (isalnum(c) || (c == '+') || (c == '/'));
|
return (isalnum(c) || (c == '+') || (c == '/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool base64_is_valid(std::string const& s)
|
||||||
|
{
|
||||||
|
for(int i=0; i<s.size(); i++)
|
||||||
|
if(!is_base64(s[i])) return false;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
|
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
|
||||||
std::string ret;
|
std::string ret;
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
bool base64_is_valid(std::string const& s);
|
||||||
std::string base64_encode(unsigned char const* , unsigned int len);
|
std::string base64_encode(unsigned char const* , unsigned int len);
|
||||||
std::string base64_decode(std::string const& s);
|
std::string base64_decode(std::string const& s);
|
||||||
|
@ -39,6 +39,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||||||
#include "settings.h"
|
#include "settings.h"
|
||||||
#include "profiler.h"
|
#include "profiler.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
#include "base64.h"
|
||||||
|
|
||||||
#define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")"
|
#define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")"
|
||||||
|
|
||||||
@ -1962,6 +1963,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
|
|||||||
password[PASSWORD_SIZE-1] = 0;
|
password[PASSWORD_SIZE-1] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!base64_is_valid(password)){
|
||||||
|
infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
|
||||||
|
SendAccessDenied(m_con, peer_id, L"Invalid password hash");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
std::string checkpwd;
|
std::string checkpwd;
|
||||||
if(m_authmanager.exists(playername))
|
if(m_authmanager.exists(playername))
|
||||||
{
|
{
|
||||||
@ -3265,6 +3272,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
|
|||||||
newpwd += c;
|
newpwd += c;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!base64_is_valid(newpwd)){
|
||||||
|
infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
|
||||||
|
// Wrong old password supplied!!
|
||||||
|
SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
infostream<<"Server: Client requests a password change from "
|
infostream<<"Server: Client requests a password change from "
|
||||||
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;
|
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user