AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-04-03 18:00:08 +03:00
Code Releases Activity

Cedar/Account: Add SHA1 option to HashPassword

Browse Source
This commit is contained in:
Yihong Wu 2023-01-04 14:01:52 +00:00
parent cbb90c5f23
commit b8110237ef
11 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Cedar/Account.c
View File

@ -553,7 +553,7 @@ void *NewUserCertAuthData(X *x)
}
// Hash the password
void HashPassword(void *dst, char *username, char *password)
void HashPassword(void *dst, char *username, char *password, bool sha1)
{
BUF *b;
char *username_upper;
@ -568,7 +568,15 @@ void HashPassword(void *dst, char *username, char *password)
StrUpper(username_upper);
WriteBuf(b, password, StrLen(password));
WriteBuf(b, username_upper, StrLen(username_upper));
Sha0(dst, b->Buf, b->Size);
if (sha1)
{
Sha1(dst, b->Buf, b->Size);
}
else
{
Sha0(dst, b->Buf, b->Size);
}
FreeBuf(b);
Free(username_upper);
@ -585,7 +593,7 @@ void *NewPasswordAuthData(char *username, char *password)
}
pw = ZeroMalloc(sizeof(AUTHPASSWORD));
HashPassword(pw->HashedKey, username, password);
HashPassword(pw->HashedKey, username, password, false);
GenerateNtPasswordHash(pw->NtLmSecureHash, password);
return pw;

2
src/Cedar/Account.h
View File

@ -192,7 +192,7 @@ void *NewUserCertAuthData(X *x);
void *NewRootCertAuthData(X_SERIAL *serial, wchar_t *common_name);
void *NewRadiusAuthData(wchar_t *username);
void *NewNTAuthData(wchar_t *username);
void HashPassword(void *dst, char *username, char *password);
void HashPassword(void *dst, char *username, char *password, bool sha1);
POLICY *GetDefaultPolicy();
POLICY *ClonePolicy(POLICY *policy);
void SetUserPolicy(USER *u, POLICY *policy);

8
src/Cedar/Admin.c
View File

@ -9107,7 +9107,7 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t)
if (StrLen(t->AdminPasswordPlainText) != 0)
{
Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText));
HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText);
HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText, false);
}
if (IsZero(t->HashedPassword, sizeof(t->HashedPassword)) == false &&
@ -9123,7 +9123,7 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t)
// Is the password to be set blank
{
UCHAR hash1[SHA1_SIZE], hash2[SHA1_SIZE];
HashPassword(hash1, ADMINISTRATOR_USERNAME, "");
HashPassword(hash1, ADMINISTRATOR_USERNAME, "", false);
Sha0(hash2, "", 0);
if (Cmp(t->HashedPassword, hash2, SHA1_SIZE) == 0 || Cmp(t->SecurePassword, hash1, SHA1_SIZE) == 0)
@ -9290,7 +9290,7 @@ UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t)
StrLen(t->AdminPasswordPlainText) != 0)
{
Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText));
HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText);
HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText, false);
}
h = NewHub(c, t->HubName, &o);
@ -14070,7 +14070,7 @@ void *InRpcAuthData(PACK *p, UINT *authtype, char *username)
{
if (IsZero(pw->HashedKey, sizeof(pw->HashedKey)))
{
HashPassword(pw->HashedKey, username, plain_pw);
HashPassword(pw->HashedKey, username, plain_pw, false);
GenerateNtPasswordHash(pw->NtLmSecureHash, plain_pw);
}
}

2
src/Cedar/CM.c
View File

@ -6726,7 +6726,7 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
GetTxtA(hWnd, E_PASSWORD, str, sizeof(str));
if (StrCmp(str, HIDDEN_PASSWORD) != 0)
{
HashPassword(a->ClientAuth->HashedPassword, a->ClientAuth->Username, str);
HashPassword(a->ClientAuth->HashedPassword, a->ClientAuth->Username, str, false);
}
break;
case CLIENT_AUTHTYPE_PLAIN_PASSWORD:

12
src/Cedar/Command.c
View File

@ -4757,7 +4757,7 @@ UINT PcAccountPasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD;
HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username,
GetParamStr(o, "PASSWORD"));
GetParamStr(o, "PASSWORD"), false);
}
else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr))
{
@ -10895,7 +10895,7 @@ UINT PsHubCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
}
Sha0(t.HashedPassword, pass, StrLen(pass));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass);
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false);
t.Online = true;
// RPC call
@ -10947,7 +10947,7 @@ UINT PsHubCreateDynamic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
}
Sha0(t.HashedPassword, pass, StrLen(pass));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass);
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false);
t.Online = true;
// RPC call
@ -10999,7 +10999,7 @@ UINT PsHubCreateStatic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
}
Sha0(t.HashedPassword, pass, StrLen(pass));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass);
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false);
t.Online = true;
// RPC call
@ -11574,7 +11574,7 @@ UINT PsSetHubPassword(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
// Change the settings
pw = GetParamStr(o, "[password]");
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pw);
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pw, false);
Sha0(t.HashedPassword, pw, StrLen(pw));
// Write the configuration of Virtual HUB
@ -13549,7 +13549,7 @@ UINT PsCascadePasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD;
HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username,
GetParamStr(o, "PASSWORD"));
GetParamStr(o, "PASSWORD"), false);
}
else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr))
{

2
src/Cedar/Hub.c
View File

@ -6921,7 +6921,7 @@ HUB *NewHub(CEDAR *cedar, char *HubName, HUB_OPTION *option)
h = ZeroMalloc(sizeof(HUB));
Sha0(h->HashedPassword, "", 0);
HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "");
HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "", false);
h->lock = NewLock();
h->lock_online = NewLock();
h->ref = NewRef();

8
src/Cedar/Protocol.c
View File

@ -990,9 +990,9 @@ UINT ChangePassword(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, char *usernam
sock = s->Connection->FirstSock;
HashPassword(old_password, username, old_pass);
HashPassword(old_password, username, old_pass, false);
SecurePassword(secure_old_password, old_password, s->Connection->Random);
HashPassword(new_password, username, new_pass);
HashPassword(new_password, username, new_pass, false);
GenerateNtPasswordHash(new_password_ntlm, new_pass);
PackAddClientVersion(p, s->Connection);
@ -1864,7 +1864,7 @@ bool ServerAccept(CONNECTION *c)
// Check whether the password was empty
UCHAR hashed_empty_password[SHA1_SIZE];
UCHAR secure_empty_password[SHA1_SIZE];
HashPassword(hashed_empty_password, username, "");
HashPassword(hashed_empty_password, username, "", false);
SecurePassword(secure_empty_password, hashed_empty_password, c->Random);
if(Cmp(secure_password, secure_empty_password, SHA1_SIZE)==0){
is_empty_password = true;
@ -1893,7 +1893,7 @@ bool ServerAccept(CONNECTION *c)
UCHAR hash_password[SHA1_SIZE];
bool is_mschap = StartWith(plain_password, IPC_PASSWORD_MSCHAPV2_TAG);
HashPassword(hash_password, username, plain_password);
HashPassword(hash_password, username, plain_password, false);
SecurePassword(secure_password, hash_password, c->Random);
if (is_mschap == false)

6
src/Cedar/SM.c
View File

@ -3032,7 +3032,7 @@ bool SmSetupInit(HWND hWnd, SM_SETUP *s)
Zero(&t, sizeof(t));
Sha0(t.HashedPassword, password, StrLen(password));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, password);
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, password, false);
StrCpy(t.HubName, sizeof(t.HubName), s->HubName);
t.HubType = HUB_TYPE_STANDALONE;
t.Online = true;
@ -14036,7 +14036,7 @@ void SmEditUserDlgUpdate(HWND hWnd, SM_EDIT_USER *s)
{
if (StrCmp(tmp1, HIDDEN_PASSWORD) != 0)
{
HashPassword(((AUTHPASSWORD *)u->AuthData)->HashedKey, u->Name, tmp1);
HashPassword(((AUTHPASSWORD *)u->AuthData)->HashedKey, u->Name, tmp1, false);
GenerateNtPasswordHash(((AUTHPASSWORD *)u->AuthData)->NtLmSecureHash, tmp1);
}
}
@ -17422,7 +17422,7 @@ void SmEditHubOnOk(HWND hWnd, SM_EDIT_HUB *s)
if (s->EditMode == false || StrCmp(pass1, HIDDEN_PASSWORD) != 0)
{
Sha0(t.HashedPassword, pass1, StrLen(pass1));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass1);
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass1, false);
}
if (IsChecked(hWnd, R_LIMIT_MAX_SESSION))

2
src/Cedar/Server.c
View File

@ -5044,7 +5044,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
}
if (CfgGetByte(f, "SecurePassword", h->SecurePassword, sizeof(h->SecurePassword)) != sizeof(h->SecurePassword))
{
HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "");
HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "", false);
}
// Log Settings

2
src/Cedar/Session.c
View File

@ -1713,7 +1713,7 @@ void ClientThread(THREAD *t, void *param)
else
{
// Encrypted password authentication
HashPassword(s->ClientAuth->HashedPassword, s->ClientAuth->Username, p.Password);
HashPassword(s->ClientAuth->HashedPassword, s->ClientAuth->Username, p.Password, false);
}
}
}

2
src/Cedar/WebUI.c
View File

@ -642,7 +642,7 @@ static wchar_t *WpNewHub(WEBUI *wu, LIST *params)
Zero(&t, sizeof(t));
StrCpy(t.HubName, sizeof(t.HubName), hubname);
Sha0(t.HashedPassword, passwd, StrLen(passwd));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, passwd);
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, passwd, false);
t.Online = true;
t.HubType = HUB_TYPE_STANDALONE;