2 * cmd_pas2 - MD5 APOP style auth keyed off of the hash of the password
3 * plus a nonce displayed at the login banner.
10 #if TIME_WITH_SYS_TIME
11 # include <sys/time.h>
15 # include <sys/time.h>
24 #include <libcitadel.h>
27 #include "citserver.h"
33 #include "ctdl_module.h"
36 void cmd_pas2(char *argbuf)
39 char hexstring[MD5_HEXSTRING_SIZE];
42 if (!strcmp(CC->curr_user, NLI))
44 cprintf("%d You must enter a user with the USER command first.\n", ERROR + USERNAME_REQUIRED);
50 cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN);
54 extract_token(pw, argbuf, 0, '|', sizeof pw);
56 if (getuser(&CC->user, CC->curr_user))
58 cprintf("%d Unable to find user record for %s.\n", ERROR + NO_SUCH_USER, CC->curr_user);
63 strproc(CC->user.password);
65 if (strlen(pw) != (MD5_HEXSTRING_SIZE-1))
67 cprintf("%d Auth string of length %ld is the wrong length (should be %d).\n", ERROR + ILLEGAL_VALUE, (long)strlen(pw), MD5_HEXSTRING_SIZE-1);
71 make_apop_string(CC->user.password, CC->cs_nonce, hexstring, sizeof hexstring);
73 if (!strcmp(hexstring, pw))
80 cprintf("%d Wrong password.\n", ERROR + PASSWORD_REQUIRED);
89 CTDL_MODULE_INIT(pas2)
93 CtdlRegisterProtoHook(cmd_pas2, "PAS2", "APOP-based login");
96 /* return our Subversion id for the Log */