diff options
Diffstat (limited to 'db.c')
-rw-r--r-- | db.c | 43 |
1 files changed, 40 insertions, 3 deletions
@@ -1,10 +1,13 @@ #include <err.h> +#include <fcntl.h> #include <stdlib.h> #include <stdio.h> #include <string.h> #include <sqlite3.h> #include <time.h> +#include <unistd.h> #include "cforum.h" +#include "crypt/ow-crypt.h" static char * strdupn(const unsigned char *); @@ -96,8 +99,8 @@ adduser(struct user *user) sqlite3_stmt *stmt; if(sqlite3_prepare(db, "INSERT INTO users" - " (name, full, hash, created)" - " VALUES (?, ?, ?, ?)", + " (name, full, hash, salt, created)" + " VALUES (?, ?, ?, ?, ?)", -1, &stmt, 0) != SQLITE_OK) goto err; @@ -112,8 +115,12 @@ adduser(struct user *user) if(sqlite3_bind_text(stmt, 3, user->hash, -1, SQLITE_STATIC) != SQLITE_OK) goto err; + + if(sqlite3_bind_text(stmt, 4, user->salt, -1, SQLITE_STATIC) + != SQLITE_OK) + goto err; - if(sqlite3_bind_int(stmt, 4, time(NULL)) != SQLITE_OK) + if(sqlite3_bind_int(stmt, 5, time(NULL)) != SQLITE_OK) goto err; if(sqlite3_step(stmt) != SQLITE_DONE) @@ -157,6 +164,36 @@ getuser(sqlite3_stmt *stmt) return user; } +/* Return true if user has given password. */ +int +haspass(struct user *user, char *pass) +{ + char *newhash; + + newhash = crypt(pass, user->salt); + return strcmp(user->hash, newhash) == 0; +} + +/* Generate new salt and hash for password. */ +void +makehash(char *pass, char **hash, char **salt) +{ + char data[50]; + int fd; + + if(fd = open("/dev/urandom", O_RDONLY) == -1) + err(1, "open"); + + if(read(fd, data, sizeof(data)) == -1) + err(1, "read"); + + if(!(*salt = crypt_gensalt("$2b$", 10, data, sizeof(data)))) + err(1, "crypt_gensalt"); + + *hash = crypt(pass, *salt); + close(fd); +} + /* * The `next' functions create an att/post/user struct by querying * the database with the given stmt. They may be called multiple times |