2 * cmd_pas2 - MD5 APOP style auth keyed off of the hash of the password
3 * plus a nonce displayed at the login banner.
13 #include "sysdep_decls.h"
16 #include "citserver.h"
18 #include "dynloader.h"
24 void cmd_pas2(char *argbuf)
27 char hexstring[MD5_HEXSTRING_SIZE];
30 if (!strcmp(CC->curr_user, NLI))
32 cprintf("%d You must enter a user with the USER command first.\n", ERROR);
38 cprintf("%d Already logged in.\n", ERROR);
42 extract(pw, argbuf, 0);
44 if (getuser(&CC->usersupp, CC->curr_user))
46 cprintf("%d Unable to find user record for %s.\n", ERROR, CC->curr_user);
51 strproc(CC->usersupp.password);
53 if (strlen(pw) != (MD5_HEXSTRING_SIZE-1))
55 cprintf("%d Auth string of length %d is the wrong length (should be %d).\n", ERROR, strlen(pw), MD5_HEXSTRING_SIZE-1);
59 make_apop_string(CC->usersupp.password, CC->cs_nonce, hexstring);
61 if (!strcmp(hexstring, pw))
68 cprintf("%d Wrong password.\n", ERROR);
77 char *Dynamic_Module_Init(void)
79 CtdlRegisterProtoHook(cmd_pas2, "PAS2", "APOP-based login");