aboutsummaryrefslogtreecommitdiffstats
path: root/com32/modules/menumain.c
diff options
context:
space:
mode:
Diffstat (limited to 'com32/modules/menumain.c')
-rw-r--r--com32/modules/menumain.c36
1 files changed, 26 insertions, 10 deletions
diff --git a/com32/modules/menumain.c b/com32/modules/menumain.c
index 257477b9..5bd0eb2b 100644
--- a/com32/modules/menumain.c
+++ b/com32/modules/menumain.c
@@ -28,6 +28,7 @@
#include <setjmp.h>
#include <limits.h>
#include <sha1.h>
+#include <md5.h>
#include <base64.h>
#include <colortbl.h>
#include <com32.h>
@@ -288,21 +289,12 @@ draw_row(int y, int sel, int top, int sbtop, int sbbot)
}
}
-static int
-passwd_compare(const char *passwd, const char *entry)
+static int passwd_compare_sha1(const char *passwd, const char *entry)
{
const char *p;
SHA1_CTX ctx;
unsigned char sha1[20], pwdsha1[20];
- if ( passwd[0] != '$' ) /* Plaintext passwd, yuck! */
- return !strcmp(entry, passwd);
-
- if ( strncmp(passwd, "$4$", 3) )
- return 0; /* Only SHA-1 passwds supported */
-
- SHA1Init(&ctx);
-
if ( (p = strchr(passwd+3, '$')) ) {
SHA1Update(&ctx, (void *)passwd+3, p-(passwd+3));
p++;
@@ -310,6 +302,8 @@ passwd_compare(const char *passwd, const char *entry)
p = passwd+3; /* Assume no salt */
}
+ SHA1Init(&ctx);
+
SHA1Update(&ctx, (void *)entry, strlen(entry));
SHA1Final(sha1, &ctx);
@@ -319,6 +313,28 @@ passwd_compare(const char *passwd, const char *entry)
return !memcmp(sha1, pwdsha1, 20);
}
+static int passwd_compare_md5(const char *passwd, const char *entry)
+{
+ const char *crypted = crypt_md5(entry, passwd+3);
+ int len = strlen(crypted);
+
+ return !strncmp(crypted, passwd, len) &&
+ (passwd[len] == '\0' || passwd[len] == '$');
+}
+
+static int
+passwd_compare(const char *passwd, const char *entry)
+{
+ if ( passwd[0] != '$' ) /* Plaintext passwd, yuck! */
+ return !strcmp(entry, passwd);
+ else if ( !strncmp(passwd, "$4$", 3) )
+ return passwd_compare_sha1(passwd, entry);
+ else if ( !strncmp(passwd, "$1$", 3) )
+ return passwd_compare_md5(passwd, entry);
+ else
+ return 0; /* Invalid encryption algorithm */
+}
+
static jmp_buf timeout_jump;
int mygetkey(clock_t timeout)