diff options
| author | onefang | 2020-03-17 12:37:34 +1000 |
|---|---|---|
| committer | onefang | 2020-03-17 12:37:34 +1000 |
| commit | fb97941aad40d5c1c59db029d0e2c529d30ac63e (patch) | |
| tree | 0743da504b3aec0dec616a9ef28068c876bc6d46 /src | |
| parent | Oops, part of last commit. (diff) | |
| download | opensim-SC_OLD-fb97941aad40d5c1c59db029d0e2c529d30ac63e.zip opensim-SC_OLD-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.gz opensim-SC_OLD-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.bz2 opensim-SC_OLD-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.xz | |
Don't pass around psswrd anymore.
Coz we do the old hash, salt, and store trick now.
And I mean tho OLD one, we are still compatible with SL's 2006 insecure
password tech.
Diffstat (limited to 'src')
| -rw-r--r-- | src/sledjchisl/sledjchisl.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index 36ba0dc..b5ee0f8 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c | |||
| @@ -3625,7 +3625,6 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data) | |||
| 3625 | boolean create = strcmp("create", Rd->doit) == 0; | 3625 | boolean create = strcmp("create", Rd->doit) == 0; |
| 3626 | int ret = 0; | 3626 | int ret = 0; |
| 3627 | char *password = getStrH(data, "password"); | 3627 | char *password = getStrH(data, "password"); |
| 3628 | char *psswrd = getStrH(data, "psswrd"); | ||
| 3629 | char *psswrdH = getStrH(Rd->stuff, "passwordHash"); | 3628 | char *psswrdH = getStrH(Rd->stuff, "passwordHash"); |
| 3630 | char *psswrdS = getStrH(Rd->stuff, "passwordSalt"); | 3629 | char *psswrdS = getStrH(Rd->stuff, "passwordSalt"); |
| 3631 | 3630 | ||
| @@ -3804,13 +3803,11 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data) | |||
| 3804 | // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself. | 3803 | // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself. |
| 3805 | // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away. | 3804 | // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away. |
| 3806 | // explicit_bzero(password, strlen(password)); | 3805 | // explicit_bzero(password, strlen(password)); |
| 3807 | // explicit_bzero(psswrd, strlen(psswrd)); | ||
| 3808 | bzero(password, strlen(password)); | 3806 | bzero(password, strlen(password)); |
| 3809 | bzero(psswrd, strlen(psswrd)); | ||
| 3810 | if (login) | 3807 | if (login) |
| 3811 | D("User logged in with %s or %s.", password, psswrd); | 3808 | D("User logged in%s.", password); |
| 3812 | else | 3809 | else |
| 3813 | D("Account created with %s or %s.", password, psswrd); | 3810 | D("Account created%s.", password); |
| 3814 | 3811 | ||
| 3815 | return ret; | 3812 | return ret; |
| 3816 | } | 3813 | } |
| @@ -4000,7 +3997,6 @@ void accountCreationPage(reqData *Rd, char *message) | |||
| 4000 | HTMLform(Rd->reply, "", Rd->shs.munchie); | 3997 | HTMLform(Rd->reply, "", Rd->shs.munchie); |
| 4001 | HTMLhidden(Rd->reply, "name", name); | 3998 | HTMLhidden(Rd->reply, "name", name); |
| 4002 | HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID")); | 3999 | HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID")); |
| 4003 | HTMLhidden(Rd->reply, "psswrd", getStrH(Rd->body, "password")); | ||
| 4004 | HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE); | 4000 | HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE); |
| 4005 | HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE); | 4001 | HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE); |
| 4006 | Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n"); | 4002 | Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n"); |
| @@ -4136,7 +4132,6 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) | |||
| 4136 | newValidFunc("UUID", (fieldValidFunc) validateUUID); | 4132 | newValidFunc("UUID", (fieldValidFunc) validateUUID); |
| 4137 | newValidFunc("name", (fieldValidFunc) validateName); | 4133 | newValidFunc("name", (fieldValidFunc) validateName); |
| 4138 | newValidFunc("password", (fieldValidFunc) validatePassword); | 4134 | newValidFunc("password", (fieldValidFunc) validatePassword); |
| 4139 | newValidFunc("psswrd", (fieldValidFunc) validatePassword); | ||
| 4140 | newValidFunc("email", (fieldValidFunc) validateEmail); | 4135 | newValidFunc("email", (fieldValidFunc) validateEmail); |
| 4141 | newValidFunc("emayl", (fieldValidFunc) validateEmail); | 4136 | newValidFunc("emayl", (fieldValidFunc) validateEmail); |
| 4142 | newValidFunc("year", (fieldValidFunc) validateDoB); | 4137 | newValidFunc("year", (fieldValidFunc) validateDoB); |