2 * cmd_pas2 - MD5 APOP style auth keyed off of the hash of the password
3 * plus a nonce displayed at the login banner.
10 #if TIME_WITH_SYS_TIME
11 # include <sys/time.h>
15 # include <sys/time.h>
24 #include "sysdep_decls.h"
27 #include "citserver.h"
29 #include "dynloader.h"
35 void cmd_pas2(char *argbuf)
38 char hexstring[MD5_HEXSTRING_SIZE];
41 if (!strcmp(CC->curr_user, NLI))
43 cprintf("%d You must enter a user with the USER command first.\n", ERROR);
49 cprintf("%d Already logged in.\n", ERROR);
53 extract(pw, argbuf, 0);
55 if (getuser(&CC->usersupp, CC->curr_user))
57 cprintf("%d Unable to find user record for %s.\n", ERROR, CC->curr_user);
62 strproc(CC->usersupp.password);
64 if (strlen(pw) != (MD5_HEXSTRING_SIZE-1))
66 cprintf("%d Auth string of length %ld is the wrong length (should be %d).\n", ERROR, (long)strlen(pw), MD5_HEXSTRING_SIZE-1);
70 make_apop_string(CC->usersupp.password, CC->cs_nonce, hexstring, sizeof hexstring);
72 if (!strcmp(hexstring, pw))
79 cprintf("%d Wrong password.\n", ERROR);
88 char *Dynamic_Module_Init(void)
90 CtdlRegisterProtoHook(cmd_pas2, "PAS2", "APOP-based login");