diff --git a/src/Cedar/Account.c b/src/Cedar/Account.c index c780d0f7..e7748068 100644 --- a/src/Cedar/Account.c +++ b/src/Cedar/Account.c @@ -553,7 +553,7 @@ void *NewUserCertAuthData(X *x) } // Hash the password -void HashPassword(void *dst, char *username, char *password) +void HashPassword(void *dst, char *username, char *password, bool sha1) { BUF *b; char *username_upper; @@ -568,7 +568,15 @@ void HashPassword(void *dst, char *username, char *password) StrUpper(username_upper); WriteBuf(b, password, StrLen(password)); WriteBuf(b, username_upper, StrLen(username_upper)); - Sha0(dst, b->Buf, b->Size); + + if (sha1) + { + Sha1(dst, b->Buf, b->Size); + } + else + { + Sha0(dst, b->Buf, b->Size); + } FreeBuf(b); Free(username_upper); @@ -585,7 +593,7 @@ void *NewPasswordAuthData(char *username, char *password) } pw = ZeroMalloc(sizeof(AUTHPASSWORD)); - HashPassword(pw->HashedKey, username, password); + HashPassword(pw->HashedKey, username, password, false); GenerateNtPasswordHash(pw->NtLmSecureHash, password); return pw; diff --git a/src/Cedar/Account.h b/src/Cedar/Account.h index ef66cf9d..70090315 100644 --- a/src/Cedar/Account.h +++ b/src/Cedar/Account.h @@ -192,7 +192,7 @@ void *NewUserCertAuthData(X *x); void *NewRootCertAuthData(X_SERIAL *serial, wchar_t *common_name); void *NewRadiusAuthData(wchar_t *username); void *NewNTAuthData(wchar_t *username); -void HashPassword(void *dst, char *username, char *password); +void HashPassword(void *dst, char *username, char *password, bool sha1); POLICY *GetDefaultPolicy(); POLICY *ClonePolicy(POLICY *policy); void SetUserPolicy(USER *u, POLICY *policy); diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index 85f9bd9b..f84db7d3 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -9107,7 +9107,7 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t) if (StrLen(t->AdminPasswordPlainText) != 0) { Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText)); - HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText); + HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText, false); } if (IsZero(t->HashedPassword, sizeof(t->HashedPassword)) == false && @@ -9123,7 +9123,7 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t) // Is the password to be set blank { UCHAR hash1[SHA1_SIZE], hash2[SHA1_SIZE]; - HashPassword(hash1, ADMINISTRATOR_USERNAME, ""); + HashPassword(hash1, ADMINISTRATOR_USERNAME, "", false); Sha0(hash2, "", 0); if (Cmp(t->HashedPassword, hash2, SHA1_SIZE) == 0 || Cmp(t->SecurePassword, hash1, SHA1_SIZE) == 0) @@ -9290,7 +9290,7 @@ UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t) StrLen(t->AdminPasswordPlainText) != 0) { Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText)); - HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText); + HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText, false); } h = NewHub(c, t->HubName, &o); @@ -14070,7 +14070,7 @@ void *InRpcAuthData(PACK *p, UINT *authtype, char *username) { if (IsZero(pw->HashedKey, sizeof(pw->HashedKey))) { - HashPassword(pw->HashedKey, username, plain_pw); + HashPassword(pw->HashedKey, username, plain_pw, false); GenerateNtPasswordHash(pw->NtLmSecureHash, plain_pw); } } diff --git a/src/Cedar/CM.c b/src/Cedar/CM.c index 42a2b412..432b60a1 100644 --- a/src/Cedar/CM.c +++ b/src/Cedar/CM.c @@ -6726,7 +6726,7 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a) GetTxtA(hWnd, E_PASSWORD, str, sizeof(str)); if (StrCmp(str, HIDDEN_PASSWORD) != 0) { - HashPassword(a->ClientAuth->HashedPassword, a->ClientAuth->Username, str); + HashPassword(a->ClientAuth->HashedPassword, a->ClientAuth->Username, str, false); } break; case CLIENT_AUTHTYPE_PLAIN_PASSWORD: diff --git a/src/Cedar/Command.c b/src/Cedar/Command.c index 8969ee7b..6cad5f08 100644 --- a/src/Cedar/Command.c +++ b/src/Cedar/Command.c @@ -4757,7 +4757,7 @@ UINT PcAccountPasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) { t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD; HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username, - GetParamStr(o, "PASSWORD")); + GetParamStr(o, "PASSWORD"), false); } else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr)) { @@ -10895,7 +10895,7 @@ UINT PsHubCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) } Sha0(t.HashedPassword, pass, StrLen(pass)); - HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass); + HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false); t.Online = true; // RPC call @@ -10947,7 +10947,7 @@ UINT PsHubCreateDynamic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) } Sha0(t.HashedPassword, pass, StrLen(pass)); - HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass); + HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false); t.Online = true; // RPC call @@ -10999,7 +10999,7 @@ UINT PsHubCreateStatic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) } Sha0(t.HashedPassword, pass, StrLen(pass)); - HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass); + HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false); t.Online = true; // RPC call @@ -11574,7 +11574,7 @@ UINT PsSetHubPassword(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) // Change the settings pw = GetParamStr(o, "[password]"); - HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pw); + HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pw, false); Sha0(t.HashedPassword, pw, StrLen(pw)); // Write the configuration of Virtual HUB @@ -13549,7 +13549,7 @@ UINT PsCascadePasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) { t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD; HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username, - GetParamStr(o, "PASSWORD")); + GetParamStr(o, "PASSWORD"), false); } else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr)) { diff --git a/src/Cedar/Hub.c b/src/Cedar/Hub.c index 61a5b4b3..b4e85d31 100644 --- a/src/Cedar/Hub.c +++ b/src/Cedar/Hub.c @@ -6921,7 +6921,7 @@ HUB *NewHub(CEDAR *cedar, char *HubName, HUB_OPTION *option) h = ZeroMalloc(sizeof(HUB)); Sha0(h->HashedPassword, "", 0); - HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, ""); + HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "", false); h->lock = NewLock(); h->lock_online = NewLock(); h->ref = NewRef(); diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index e2efd2b9..48a5e1a9 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -990,9 +990,9 @@ UINT ChangePassword(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, char *usernam sock = s->Connection->FirstSock; - HashPassword(old_password, username, old_pass); + HashPassword(old_password, username, old_pass, false); SecurePassword(secure_old_password, old_password, s->Connection->Random); - HashPassword(new_password, username, new_pass); + HashPassword(new_password, username, new_pass, false); GenerateNtPasswordHash(new_password_ntlm, new_pass); PackAddClientVersion(p, s->Connection); @@ -1864,7 +1864,7 @@ bool ServerAccept(CONNECTION *c) // Check whether the password was empty UCHAR hashed_empty_password[SHA1_SIZE]; UCHAR secure_empty_password[SHA1_SIZE]; - HashPassword(hashed_empty_password, username, ""); + HashPassword(hashed_empty_password, username, "", false); SecurePassword(secure_empty_password, hashed_empty_password, c->Random); if(Cmp(secure_password, secure_empty_password, SHA1_SIZE)==0){ is_empty_password = true; @@ -1893,7 +1893,7 @@ bool ServerAccept(CONNECTION *c) UCHAR hash_password[SHA1_SIZE]; bool is_mschap = StartWith(plain_password, IPC_PASSWORD_MSCHAPV2_TAG); - HashPassword(hash_password, username, plain_password); + HashPassword(hash_password, username, plain_password, false); SecurePassword(secure_password, hash_password, c->Random); if (is_mschap == false) diff --git a/src/Cedar/SM.c b/src/Cedar/SM.c index b0b5f2ae..5bf88aa2 100644 --- a/src/Cedar/SM.c +++ b/src/Cedar/SM.c @@ -3032,7 +3032,7 @@ bool SmSetupInit(HWND hWnd, SM_SETUP *s) Zero(&t, sizeof(t)); Sha0(t.HashedPassword, password, StrLen(password)); - HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, password); + HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, password, false); StrCpy(t.HubName, sizeof(t.HubName), s->HubName); t.HubType = HUB_TYPE_STANDALONE; t.Online = true; @@ -14036,7 +14036,7 @@ void SmEditUserDlgUpdate(HWND hWnd, SM_EDIT_USER *s) { if (StrCmp(tmp1, HIDDEN_PASSWORD) != 0) { - HashPassword(((AUTHPASSWORD *)u->AuthData)->HashedKey, u->Name, tmp1); + HashPassword(((AUTHPASSWORD *)u->AuthData)->HashedKey, u->Name, tmp1, false); GenerateNtPasswordHash(((AUTHPASSWORD *)u->AuthData)->NtLmSecureHash, tmp1); } } @@ -17422,7 +17422,7 @@ void SmEditHubOnOk(HWND hWnd, SM_EDIT_HUB *s) if (s->EditMode == false || StrCmp(pass1, HIDDEN_PASSWORD) != 0) { Sha0(t.HashedPassword, pass1, StrLen(pass1)); - HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass1); + HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass1, false); } if (IsChecked(hWnd, R_LIMIT_MAX_SESSION)) diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 943b8870..56832a01 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -5044,7 +5044,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name) } if (CfgGetByte(f, "SecurePassword", h->SecurePassword, sizeof(h->SecurePassword)) != sizeof(h->SecurePassword)) { - HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, ""); + HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "", false); } // Log Settings diff --git a/src/Cedar/Session.c b/src/Cedar/Session.c index d680a73a..57472b64 100644 --- a/src/Cedar/Session.c +++ b/src/Cedar/Session.c @@ -1713,7 +1713,7 @@ void ClientThread(THREAD *t, void *param) else { // Encrypted password authentication - HashPassword(s->ClientAuth->HashedPassword, s->ClientAuth->Username, p.Password); + HashPassword(s->ClientAuth->HashedPassword, s->ClientAuth->Username, p.Password, false); } } } diff --git a/src/Cedar/WebUI.c b/src/Cedar/WebUI.c index 3375030e..a3a16f82 100644 --- a/src/Cedar/WebUI.c +++ b/src/Cedar/WebUI.c @@ -642,7 +642,7 @@ static wchar_t *WpNewHub(WEBUI *wu, LIST *params) Zero(&t, sizeof(t)); StrCpy(t.HubName, sizeof(t.HubName), hubname); Sha0(t.HashedPassword, passwd, StrLen(passwd)); - HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, passwd); + HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, passwd, false); t.Online = true; t.HubType = HUB_TYPE_STANDALONE;