From d2173f61bc14f8eabe133fdea13ba6bfc1b5d1bc Mon Sep 17 00:00:00 2001 From: Chip Black Date: Sat, 21 Feb 2015 00:16:17 -0600 Subject: [PATCH] Add an auth "counter" function for tracking auth changes --- common/auth.c | 25 +++++++++++++++++++++++++ common/auth.h | 1 + 2 files changed, 26 insertions(+) diff --git a/common/auth.c b/common/auth.c index 240ac47..e2f7407 100644 --- a/common/auth.c +++ b/common/auth.c @@ -388,3 +388,28 @@ int auth_check_token(const char *username, const char *given_token) { return ret; } + +/* Return a 32-bit integer "counter" that will change when the password is + * updated. Used to invalidate password recovery schemes after the password is + * updated. Returns the counter in the "counter" argument, and returns + * true/false on success/failure. */ +int auth_get_counter(const char *username, uint32_t *counter) { + struct auth_v2 auth; + struct MD5Context ctx; + uint8_t md5hash[MD5_DIGEST_SIZE]; + + if (auth_get_data(username, (void *) &auth, sizeof(struct auth_v2)) == 0) + return 0; + + /* There's probably going to be some question about using MD5 here. + * All I really need is to quickly and repeatably scramble some bits. + * MD5 can still do that. */ + MD5Init(&ctx); + MD5Update(&ctx, auth.password, SCRYPT_OUTPUT_SIZE); + MD5Update(&ctx, auth.salt, SCRYPT_SALT_SIZE); + MD5Final((unsigned char *)md5hash, &ctx); + + *counter = ((uint32_t *)md5hash)[0]; + + return 1; +} diff --git a/common/auth.h b/common/auth.h index 4a16776..630b87a 100644 --- a/common/auth.h +++ b/common/auth.h @@ -31,5 +31,6 @@ int auth_check_password(const char *username, const char *password); char * auth_login(const char *username, const char *password); int auth_logout(const char *username, const char *token); int auth_check_token(const char *username, const char *given_token); +int auth_get_counter(const char *username, uint32_t *counter); #endif //_AUTH_H -- 2.25.1