int auth_logout(const char *username, const char *token) {
char filename[FILENAME_MAX];
struct stringring *sr;
+ int ret;
if (!valid_name(username))
return 0;
if (sr == NULL) {
return 0;
}
- stringring_remove(sr, token);
+ ret = stringring_remove(sr, token);
stringring_close(sr);
- return 1;
+ return ret;
}
int auth_check_token(const char *username, const char *given_token) {
return 0;
}
ret = (stringring_find(sr, given_token, AUTHENTICATION_TIMEOUT) != -1);
+ if (ret == 1) {
+ /* Update token timestamp */
+ stringring_touch(sr, given_token);
+ }
stringring_close(sr);
return ret;
}
+
+/* Return a 32-bit integer "counter" that will change when the password is
+ * updated. Used to invalidate password recovery schemes after the password is
+ * updated. Returns the counter in the "counter" argument, and returns
+ * true/false on success/failure. */
+int auth_get_counter(const char *username, uint32_t *counter) {
+ struct auth_v2 auth;
+ struct MD5Context ctx;
+ uint8_t md5hash[MD5_DIGEST_SIZE];
+
+ if (auth_get_data(username, (void *) &auth, sizeof(struct auth_v2)) == 0)
+ return 0;
+
+ /* There's probably going to be some question about using MD5 here.
+ * All I really need is to quickly and repeatably scramble some bits.
+ * MD5 can still do that. */
+ MD5Init(&ctx);
+ MD5Update(&ctx, auth.password, SCRYPT_OUTPUT_SIZE);
+ MD5Update(&ctx, auth.salt, SCRYPT_SALT_SIZE);
+ MD5Final((unsigned char *)md5hash, &ctx);
+
+ *counter = ((uint32_t *)md5hash)[0];
+
+ return 1;
+}