From 6dcdc43dc2d443c6912d533a69be2b7d3c6a7c64 Mon Sep 17 00:00:00 2001 From: apio Date: Sat, 14 Dec 2024 12:48:13 +0100 Subject: [PATCH] gui+su+base: Store hashed passwords and use those to log in Unsalted SHA256 passwords are still a long way from being secure, but at least we're not storing plaintext anymore. --- base/etc/shadow | 4 ++-- gui/loginui.cpp | 13 ++++++++++++- utils/su.cpp | 13 ++++++++++++- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/base/etc/shadow b/base/etc/shadow index 754da31f..094bd930 100644 --- a/base/etc/shadow +++ b/base/etc/shadow @@ -1,3 +1,3 @@ -root:toor:0:0:99999:7::: +root:ce5ca673d13b36118d54a7cf13aeb0ca012383bf771e713421b4d1fd841f539a:0:0:99999:7::: wind:!:0:0:99999:7::: -selene:moon:0:0:99999:7::: +selene:9e78b43ea00edcac8299e0cc8df7f6f913078171335f733a21d5d911b6999132:0:0:99999:7::: diff --git a/gui/loginui.cpp b/gui/loginui.cpp index aeca0b4d..06d537c4 100644 --- a/gui/loginui.cpp +++ b/gui/loginui.cpp @@ -8,6 +8,7 @@ */ #include +#include #include #include #include @@ -33,6 +34,14 @@ enum Stage static constexpr ui::Color BACKGROUND_COLOR = ui::Color::from_rgb(89, 89, 89); +Result hash_password(StringView& view) +{ + SHA256 sha; + sha.append((const u8*)view.chars(), view.length()); + auto digest = TRY(sha.digest()); + return digest.to_string(); +} + Result luna_main(int argc, char** argv) { os::ArgumentParser parser; @@ -156,7 +165,9 @@ Result luna_main(int argc, char** argv) return; } - if (strcmp(data.chars(), passwd)) + auto result = hash_password(data).release_value(); + + if (strcmp(result.chars(), passwd)) { error.set_text("Incorrect password."); input.clear(); diff --git a/utils/su.cpp b/utils/su.cpp index 0787fa16..6d1ccfb4 100644 --- a/utils/su.cpp +++ b/utils/su.cpp @@ -1,6 +1,7 @@ #include #include #include +#include #include #include #include @@ -13,6 +14,14 @@ static struct termios orig; static int fd = -1; +Result hash_password(const char* pw) +{ + SHA256 sha; + sha.append((const u8*)pw, strlen(pw)); + auto digest = TRY(sha.digest()); + return digest.to_string(); +} + void restore_terminal() { tcsetattr(fd, TCSANOW, &orig); @@ -176,7 +185,9 @@ Result luna_main(int argc, char** argv) char* pass = getpass(); if (!pass) return 1; - if (strcmp(pass, passwd)) + auto result = hash_password(pass).release_value(); + + if (strcmp(result.chars(), passwd)) { fprintf(stderr, "%s: wrong password!\n", argv[0]); return 1;