AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-04-03 18:00:08 +03:00
Code Releases Activity

Cedar/Account: Add SHA1 option to HashPassword

Browse Source
This commit is contained in:
Yihong Wu 2023-01-04 14:01:52 +00:00
parent cbb90c5f23
commit b8110237ef
11 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Cedar/Account.c
View File

@ -553,7 +553,7 @@ void *NewUserCertAuthData(X *x)
} }
// Hash the password // Hash the password
void HashPassword(void *dst, char *username, char *password) void HashPassword(void *dst, char *username, char *password, bool sha1)
{ {
BUF *b; BUF *b;
char *username_upper; char *username_upper;
@ -568,7 +568,15 @@ void HashPassword(void *dst, char *username, char *password)
StrUpper(username_upper); StrUpper(username_upper);
WriteBuf(b, password, StrLen(password)); WriteBuf(b, password, StrLen(password));
WriteBuf(b, username_upper, StrLen(username_upper)); WriteBuf(b, username_upper, StrLen(username_upper));
Sha0(dst, b->Buf, b->Size);
if (sha1)
{
Sha1(dst, b->Buf, b->Size);
}
else
{
Sha0(dst, b->Buf, b->Size);
}
FreeBuf(b); FreeBuf(b);
Free(username_upper); Free(username_upper);
@ -585,7 +593,7 @@ void *NewPasswordAuthData(char *username, char *password)
} }
pw = ZeroMalloc(sizeof(AUTHPASSWORD)); pw = ZeroMalloc(sizeof(AUTHPASSWORD));
HashPassword(pw->HashedKey, username, password); HashPassword(pw->HashedKey, username, password, false);
GenerateNtPasswordHash(pw->NtLmSecureHash, password); GenerateNtPasswordHash(pw->NtLmSecureHash, password);
return pw; return pw;

2
src/Cedar/Account.h
View File

@ -192,7 +192,7 @@ void *NewUserCertAuthData(X *x);
void *NewRootCertAuthData(X_SERIAL *serial, wchar_t *common_name); void *NewRootCertAuthData(X_SERIAL *serial, wchar_t *common_name);
void *NewRadiusAuthData(wchar_t *username); void *NewRadiusAuthData(wchar_t *username);
void *NewNTAuthData(wchar_t *username); void *NewNTAuthData(wchar_t *username);
void HashPassword(void *dst, char *username, char *password); void HashPassword(void *dst, char *username, char *password, bool sha1);
POLICY *GetDefaultPolicy(); POLICY *GetDefaultPolicy();
POLICY *ClonePolicy(POLICY *policy); POLICY *ClonePolicy(POLICY *policy);
void SetUserPolicy(USER *u, POLICY *policy); void SetUserPolicy(USER *u, POLICY *policy);

8
src/Cedar/Admin.c
View File

@ -9107,7 +9107,7 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t)
if (StrLen(t->AdminPasswordPlainText) != 0) if (StrLen(t->AdminPasswordPlainText) != 0)
{ {
Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText)); Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText));
HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText); HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText, false);
} }
if (IsZero(t->HashedPassword, sizeof(t->HashedPassword)) == false && if (IsZero(t->HashedPassword, sizeof(t->HashedPassword)) == false &&
@ -9123,7 +9123,7 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t)
// Is the password to be set blank // Is the password to be set blank
{ {
UCHAR hash1[SHA1_SIZE], hash2[SHA1_SIZE]; UCHAR hash1[SHA1_SIZE], hash2[SHA1_SIZE];
HashPassword(hash1, ADMINISTRATOR_USERNAME, ""); HashPassword(hash1, ADMINISTRATOR_USERNAME, "", false);
Sha0(hash2, "", 0); Sha0(hash2, "", 0);
if (Cmp(t->HashedPassword, hash2, SHA1_SIZE) == 0 || Cmp(t->SecurePassword, hash1, SHA1_SIZE) == 0) if (Cmp(t->HashedPassword, hash2, SHA1_SIZE) == 0 || Cmp(t->SecurePassword, hash1, SHA1_SIZE) == 0)
@ -9290,7 +9290,7 @@ UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t)
StrLen(t->AdminPasswordPlainText) != 0) StrLen(t->AdminPasswordPlainText) != 0)
{ {
Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText)); Sha0(t->HashedPassword, t->AdminPasswordPlainText, StrLen(t->AdminPasswordPlainText));
HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText); HashPassword(t->SecurePassword, ADMINISTRATOR_USERNAME, t->AdminPasswordPlainText, false);
} }
h = NewHub(c, t->HubName, &o); h = NewHub(c, t->HubName, &o);
@ -14070,7 +14070,7 @@ void *InRpcAuthData(PACK *p, UINT *authtype, char *username)
{ {
if (IsZero(pw->HashedKey, sizeof(pw->HashedKey))) if (IsZero(pw->HashedKey, sizeof(pw->HashedKey)))
{ {
HashPassword(pw->HashedKey, username, plain_pw); HashPassword(pw->HashedKey, username, plain_pw, false);
GenerateNtPasswordHash(pw->NtLmSecureHash, plain_pw); GenerateNtPasswordHash(pw->NtLmSecureHash, plain_pw);
} }
} }

2
src/Cedar/CM.c
View File

@ -6726,7 +6726,7 @@ void CmEditAccountDlgUpdate(HWND hWnd, CM_ACCOUNT *a)
GetTxtA(hWnd, E_PASSWORD, str, sizeof(str)); GetTxtA(hWnd, E_PASSWORD, str, sizeof(str));
if (StrCmp(str, HIDDEN_PASSWORD) != 0) if (StrCmp(str, HIDDEN_PASSWORD) != 0)
{ {
HashPassword(a->ClientAuth->HashedPassword, a->ClientAuth->Username, str); HashPassword(a->ClientAuth->HashedPassword, a->ClientAuth->Username, str, false);
} }
break; break;
case CLIENT_AUTHTYPE_PLAIN_PASSWORD: case CLIENT_AUTHTYPE_PLAIN_PASSWORD:

12
src/Cedar/Command.c
View File

@ -4757,7 +4757,7 @@ UINT PcAccountPasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{ {
t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD; t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD;
HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username, HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username,
GetParamStr(o, "PASSWORD")); GetParamStr(o, "PASSWORD"), false);
} }
else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr)) else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr))
{ {
@ -10895,7 +10895,7 @@ UINT PsHubCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
} }
Sha0(t.HashedPassword, pass, StrLen(pass)); Sha0(t.HashedPassword, pass, StrLen(pass));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass); HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false);
t.Online = true; t.Online = true;
// RPC call // RPC call
@ -10947,7 +10947,7 @@ UINT PsHubCreateDynamic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
} }
Sha0(t.HashedPassword, pass, StrLen(pass)); Sha0(t.HashedPassword, pass, StrLen(pass));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass); HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false);
t.Online = true; t.Online = true;
// RPC call // RPC call
@ -10999,7 +10999,7 @@ UINT PsHubCreateStatic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
} }
Sha0(t.HashedPassword, pass, StrLen(pass)); Sha0(t.HashedPassword, pass, StrLen(pass));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass); HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass, false);
t.Online = true; t.Online = true;
// RPC call // RPC call
@ -11574,7 +11574,7 @@ UINT PsSetHubPassword(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
// Change the settings // Change the settings
pw = GetParamStr(o, "[password]"); pw = GetParamStr(o, "[password]");
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pw); HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pw, false);
Sha0(t.HashedPassword, pw, StrLen(pw)); Sha0(t.HashedPassword, pw, StrLen(pw));
// Write the configuration of Virtual HUB // Write the configuration of Virtual HUB
@ -13549,7 +13549,7 @@ UINT PsCascadePasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{ {
t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD; t.ClientAuth->AuthType = CLIENT_AUTHTYPE_PASSWORD;
HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username, HashPassword(t.ClientAuth->HashedPassword, t.ClientAuth->Username,
GetParamStr(o, "PASSWORD")); GetParamStr(o, "PASSWORD"), false);
} }
else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr)) else if (StartWith("radius", typestr) || StartWith("ntdomain", typestr))
{ {

2
src/Cedar/Hub.c
View File

@ -6921,7 +6921,7 @@ HUB *NewHub(CEDAR *cedar, char *HubName, HUB_OPTION *option)
h = ZeroMalloc(sizeof(HUB)); h = ZeroMalloc(sizeof(HUB));
Sha0(h->HashedPassword, "", 0); Sha0(h->HashedPassword, "", 0);
HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, ""); HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "", false);
h->lock = NewLock(); h->lock = NewLock();
h->lock_online = NewLock(); h->lock_online = NewLock();
h->ref = NewRef(); h->ref = NewRef();

8
src/Cedar/Protocol.c
View File

@ -990,9 +990,9 @@ UINT ChangePassword(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, char *usernam
sock = s->Connection->FirstSock; sock = s->Connection->FirstSock;
HashPassword(old_password, username, old_pass); HashPassword(old_password, username, old_pass, false);
SecurePassword(secure_old_password, old_password, s->Connection->Random); SecurePassword(secure_old_password, old_password, s->Connection->Random);
HashPassword(new_password, username, new_pass); HashPassword(new_password, username, new_pass, false);
GenerateNtPasswordHash(new_password_ntlm, new_pass); GenerateNtPasswordHash(new_password_ntlm, new_pass);
PackAddClientVersion(p, s->Connection); PackAddClientVersion(p, s->Connection);
@ -1864,7 +1864,7 @@ bool ServerAccept(CONNECTION *c)
// Check whether the password was empty // Check whether the password was empty
UCHAR hashed_empty_password[SHA1_SIZE]; UCHAR hashed_empty_password[SHA1_SIZE];
UCHAR secure_empty_password[SHA1_SIZE]; UCHAR secure_empty_password[SHA1_SIZE];
HashPassword(hashed_empty_password, username, ""); HashPassword(hashed_empty_password, username, "", false);
SecurePassword(secure_empty_password, hashed_empty_password, c->Random); SecurePassword(secure_empty_password, hashed_empty_password, c->Random);
if(Cmp(secure_password, secure_empty_password, SHA1_SIZE)==0){ if(Cmp(secure_password, secure_empty_password, SHA1_SIZE)==0){
is_empty_password = true; is_empty_password = true;
@ -1893,7 +1893,7 @@ bool ServerAccept(CONNECTION *c)
UCHAR hash_password[SHA1_SIZE]; UCHAR hash_password[SHA1_SIZE];
bool is_mschap = StartWith(plain_password, IPC_PASSWORD_MSCHAPV2_TAG); bool is_mschap = StartWith(plain_password, IPC_PASSWORD_MSCHAPV2_TAG);
HashPassword(hash_password, username, plain_password); HashPassword(hash_password, username, plain_password, false);
SecurePassword(secure_password, hash_password, c->Random); SecurePassword(secure_password, hash_password, c->Random);
if (is_mschap == false) if (is_mschap == false)

6
src/Cedar/SM.c
View File

@ -3032,7 +3032,7 @@ bool SmSetupInit(HWND hWnd, SM_SETUP *s)
Zero(&t, sizeof(t)); Zero(&t, sizeof(t));
Sha0(t.HashedPassword, password, StrLen(password)); Sha0(t.HashedPassword, password, StrLen(password));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, password); HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, password, false);
StrCpy(t.HubName, sizeof(t.HubName), s->HubName); StrCpy(t.HubName, sizeof(t.HubName), s->HubName);
t.HubType = HUB_TYPE_STANDALONE; t.HubType = HUB_TYPE_STANDALONE;
t.Online = true; t.Online = true;
@ -14036,7 +14036,7 @@ void SmEditUserDlgUpdate(HWND hWnd, SM_EDIT_USER *s)
{ {
if (StrCmp(tmp1, HIDDEN_PASSWORD) != 0) if (StrCmp(tmp1, HIDDEN_PASSWORD) != 0)
{ {
HashPassword(((AUTHPASSWORD *)u->AuthData)->HashedKey, u->Name, tmp1); HashPassword(((AUTHPASSWORD *)u->AuthData)->HashedKey, u->Name, tmp1, false);
GenerateNtPasswordHash(((AUTHPASSWORD *)u->AuthData)->NtLmSecureHash, tmp1); GenerateNtPasswordHash(((AUTHPASSWORD *)u->AuthData)->NtLmSecureHash, tmp1);
} }
} }
@ -17422,7 +17422,7 @@ void SmEditHubOnOk(HWND hWnd, SM_EDIT_HUB *s)
if (s->EditMode == false || StrCmp(pass1, HIDDEN_PASSWORD) != 0) if (s->EditMode == false || StrCmp(pass1, HIDDEN_PASSWORD) != 0)
{ {
Sha0(t.HashedPassword, pass1, StrLen(pass1)); Sha0(t.HashedPassword, pass1, StrLen(pass1));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass1); HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, pass1, false);
} }
if (IsChecked(hWnd, R_LIMIT_MAX_SESSION)) if (IsChecked(hWnd, R_LIMIT_MAX_SESSION))

2
src/Cedar/Server.c
View File

@ -5044,7 +5044,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
} }
if (CfgGetByte(f, "SecurePassword", h->SecurePassword, sizeof(h->SecurePassword)) != sizeof(h->SecurePassword)) if (CfgGetByte(f, "SecurePassword", h->SecurePassword, sizeof(h->SecurePassword)) != sizeof(h->SecurePassword))
{ {
HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, ""); HashPassword(h->SecurePassword, ADMINISTRATOR_USERNAME, "", false);
} }
// Log Settings // Log Settings

2
src/Cedar/Session.c
View File

@ -1713,7 +1713,7 @@ void ClientThread(THREAD *t, void *param)
else else
{ {
// Encrypted password authentication // Encrypted password authentication
HashPassword(s->ClientAuth->HashedPassword, s->ClientAuth->Username, p.Password); HashPassword(s->ClientAuth->HashedPassword, s->ClientAuth->Username, p.Password, false);
} }
} }
} }

2
src/Cedar/WebUI.c
View File

@ -642,7 +642,7 @@ static wchar_t *WpNewHub(WEBUI *wu, LIST *params)
Zero(&t, sizeof(t)); Zero(&t, sizeof(t));
StrCpy(t.HubName, sizeof(t.HubName), hubname); StrCpy(t.HubName, sizeof(t.HubName), hubname);
Sha0(t.HashedPassword, passwd, StrLen(passwd)); Sha0(t.HashedPassword, passwd, StrLen(passwd));
HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, passwd); HashPassword(t.SecurePassword, ADMINISTRATOR_USERNAME, passwd, false);
t.Online = true; t.Online = true;
t.HubType = HUB_TYPE_STANDALONE; t.HubType = HUB_TYPE_STANDALONE;