Răsfoiți Sursa

* If a user doesn't have a secpass, allow them on dcc, but
set a secpass for them as soon as they login.


svn: 451

Bryan Drewery 22 ani în urmă
părinte
comite
1a4b4725f0
2 a modificat fișierele cu 22 adăugiri și 2 ștergeri
  1. 9 2
      src/auth.c
  2. 13 0
      src/dcc.c

+ 9 - 2
src/auth.c

@@ -87,8 +87,15 @@ char *makehash(struct userrec *u, char *rand)
 {
   MD5_CTX ctx;
   unsigned char md5out[MD5_HASH_LENGTH + 1];
-  char md5string[MD5_HASH_LENGTH + 1], hash[256], *ret = NULL;
-  sprintf(hash, "%s%s%s", rand, (char *) get_user(&USERENTRY_SECPASS, u), authkey[0] ? authkey : "");
+  char md5string[MD5_HASH_LENGTH + 1], hash[256], *ret = NULL, *secpass = NULL;
+  if (get_user(&USERENTRY_SECPASS, u)) {
+    secpass = nmalloc(strlen(get_user(&USERENTRY_SECPASS, u)) + 1);
+    strcpy(secpass, (char *) get_user(&USERENTRY_SECPASS, u));
+    secpass[strlen(secpass)] = 0;
+  }
+  sprintf(hash, "%s%s%s", rand, (secpass && secpass[0]) ? secpass : "" , authkey[0] ? authkey : "");
+  if (secpass)
+    nfree(secpass);
   MD5_Init(&ctx);
   MD5_Update(&ctx, hash, strlen(hash));
   MD5_Final(md5out, &ctx);

+ 13 - 0
src/dcc.c

@@ -623,6 +623,19 @@ static void dcc_chat_secpass(int idx, char *buf, int atr)
       if (dcc[idx].status & STAT_TELNET)
 	dprintf(idx, TLN_IAC_C TLN_WONT_C TLN_ECHO_C "\n");
       stats_add(dcc[idx].user, 1, 0);
+      if (!get_user(&USERENTRY_SECPASS, dcc[idx].user)) {
+        char pass[17];
+
+        dprintf(idx, "******************************************************************** \
+                      \n \n \n WARNING: YOU DO NOT HAVE A SECPASS SET, NOW SETTING A RANDOM ONE....\n");
+        make_rand_str(pass, 16);
+        pass[16] = 0;
+        set_user(&USERENTRY_SECPASS, dcc[idx].user, pass);
+#ifdef HUB
+        write_userfile(idx);
+#endif
+        dprintf(idx, "Your secpass is now '%s'\nMake sure you do not lose this, as it is needed to login for now on.\n \n*******************************************************\n", pass);
+      }
       dcc_chatter(idx);
 #ifdef S_AUTH
   } else {		/* bad auth */