2 * cmd_pas2 - MD5 APOP style auth keyed off of the hash of the password
3 * plus a nonce displayed at the login banner.
10 #if TIME_WITH_SYS_TIME
11 # include <sys/time.h>
15 # include <sys/time.h>
24 #include "sysdep_decls.h"
27 #include "citserver.h"
29 #include "serv_extensions.h"
35 void cmd_pas2(char *argbuf)
38 char hexstring[MD5_HEXSTRING_SIZE];
41 if (!strcmp(CC->curr_user, NLI))
43 cprintf("%d You must enter a user with the USER command first.\n", ERROR + USERNAME_REQUIRED);
49 cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN);
53 extract_token(pw, argbuf, 0, '|', sizeof pw);
55 if (getuser(&CC->user, CC->curr_user))
57 cprintf("%d Unable to find user record for %s.\n", ERROR + NO_SUCH_USER, CC->curr_user);
62 strproc(CC->user.password);
64 if (strlen(pw) != (MD5_HEXSTRING_SIZE-1))
66 cprintf("%d Auth string of length %ld is the wrong length (should be %d).\n", ERROR + ILLEGAL_VALUE, (long)strlen(pw), MD5_HEXSTRING_SIZE-1);
70 make_apop_string(CC->user.password, CC->cs_nonce, hexstring, sizeof hexstring);
72 if (!strcmp(hexstring, pw))
79 cprintf("%d Wrong password.\n", ERROR + PASSWORD_REQUIRED);
88 char *serv_pas2_init(void)
90 CtdlRegisterProtoHook(cmd_pas2, "PAS2", "APOP-based login");