3 files changed, 34 insertions, 8 deletions

diff --git a/com32/modules/menu.c b/com32/modules/menu.c
index e6527668..83d8b5bd 100644
--- a/com32/modules/menu.c
+++ b/com32/modules/menu.c
@@ -29,6 +29,7 @@
 #include <sys/times.h>
 #include <unistd.h>
 #include <sha1.h>
+#include <base64.h>
 #ifdef __COM32__
 #include <com32.h>
 #endif
@@ -52,7 +53,7 @@ struct menu_attrib {
   const char *cmdline;		/* Command line */
   const char *screen;		/* Rest of the screen */
   const char *pwdborder;	/* Password box border */
-  const char *pwdhdr;		/* Password box header */
+  const char *pwdheader;	/* Password box header */
   const char *pwdentry;		/* Password box contents */
 };
 
@@ -166,23 +167,41 @@ draw_row(int y, int sel, int top, int sbtop, int sbbot)
 }
 
 static int
-passwd_compare(const char *entry, const char *passwd)
+passwd_compare(const char *passwd, const char *entry)
 {
   const char *p;
   SHA1_CTX ctx;
+  unsigned char sha1[20], pwdsha1[20];
 
   if ( passwd[0] != '$' )	/* Plaintext passwd, yuck! */
     return !strcmp(entry, passwd);
 
-  if ( strncmp(passwd, "$2$", 3) )
+  if ( strncmp(passwd, "$4$", 3) )
     return 0;			/* Only SHA-1 passwds supported */
 
-  if ( p = 
+  SHA1Init(&ctx);
+
+  if ( (p = strchr(passwd+3, '$')) ) {
+    SHA1Update(&ctx, passwd+3, p-(passwd+3));
+    p++;
+  } else {
+    p = passwd+3;		/* Assume no salt */
+  }
+
+  SHA1Update(&ctx, entry, strlen(entry));
+  SHA1Final(sha1, &ctx);
+
+  memset(pwdsha1, 0, 20);
+  unbase64(pwdsha1, 20, p);
+
+  return !memcmp(sha1, pwdsha1, 20);
+}
 
 static int
 ask_passwd(const struct menu_entry *entry)
 {
-  const char title[] = "Password required";
+  static const char title[] = "Password required";
+  static char user_passwd[] = "passw0rd";
   int x;
 
   printf("\033[%d;%dH%s\016l", PASSWD_ROW, PASSWD_MARGIN+1,
@@ -200,12 +219,16 @@ ask_passwd(const struct menu_entry *entry)
   
   printf("j\017\033[%d;%dH%s %s \033[%d;%dH%s",
 	 PASSWD_ROW, WIDTH-(sizeof(title)+1)/2,
-	 menu_attrib->pwdtitle, title,
+	 menu_attrib->pwdheader, title,
 	 PASSWD_ROW+1, PASSWD_MARGIN+3, menu_attrib->pwdentry);
 
   /* Actually allow user to type a password, then compare to the SHA1 */
-
-  return 0;
+  if ( (menu_master_passwd && passwd_compare(menu_master_passwd, user_passwd))
+       || (entry && entry->passwd &&
+	   passwd_compare(entry->passwd, user_passwd)) )
+    return 1;
+  else
+    return 0;
 }
 
 
diff --git a/com32/modules/menu.h b/com32/modules/menu.h
index e38c612d..02df13ac 100644
--- a/com32/modules/menu.h
+++ b/com32/modules/menu.h
@@ -41,6 +41,7 @@ extern int timeout;
 
 extern char *menu_title;
 extern char *ontimeout;
+extern char *menu_master_passwd;
 
 void parse_config(const char *filename);
 
diff --git a/com32/modules/readconfig.c b/com32/modules/readconfig.c
index b3314a75..82b2c56e 100644
--- a/com32/modules/readconfig.c
+++ b/com32/modules/readconfig.c
@@ -31,6 +31,8 @@ int timeout   = 0;
 char *menu_title  = "";
 char *ontimeout   = NULL;
 
+char *menu_master_passwd = NULL;
+
 struct menu_entry menu_entries[MAX_ENTRIES];
 struct menu_entry *menu_hotkeys[256];