gui+su+base: Store hashed passwords and use those to log in

Unsalted SHA256 passwords are still a long way from being secure, but at least we're not storing plaintext anymore.

base/etc/shadow

@@ -1,3 +1,3 @@
-root:toor:0:0:99999:7:::
+root:ce5ca673d13b36118d54a7cf13aeb0ca012383bf771e713421b4d1fd841f539a:0:0:99999:7:::
 wind:!:0:0:99999:7:::
-selene:moon:0:0:99999:7:::
+selene:9e78b43ea00edcac8299e0cc8df7f6f913078171335f733a21d5d911b6999132:0:0:99999:7:::

gui/libui/src/InputField.cpp

@@ -115,7 +115,7 @@ namespace ui
 
     StringView InputField::data()
     {
-        if (!m_data.size()) return StringView {};
+        if (m_data.size() < 2) return StringView {};
-        return StringView { (const char*)m_data.data(), m_data.size() };
+        return StringView { (const char*)m_data.data(), m_data.size() - 1 };
     }
 }

gui/loginui.cpp

@@ -8,6 +8,7 @@
  */
 
 #include <luna/RefString.h>
+#include <luna/SHA.h>
 #include <os/ArgumentParser.h>
 #include <os/Config.h>
 #include <os/File.h>
@@ -33,6 +34,14 @@ enum Stage
 
 static constexpr ui::Color BACKGROUND_COLOR = ui::Color::from_rgb(89, 89, 89);
 
+Result<String> hash_password(StringView& view)
+{
+    SHA256 sha;
+    sha.append((const u8*)view.chars(), view.length());
+    auto digest = TRY(sha.digest());
+    return digest.to_string();
+}
+
 Result<int> luna_main(int argc, char** argv)
 {
     os::ArgumentParser parser;
@@ -156,7 +165,9 @@ Result<int> luna_main(int argc, char** argv)
                 return;
             }
 
-            if (strcmp(data.chars(), passwd))
+            auto result = hash_password(data).release_value();
+
+            if (strcmp(result.chars(), passwd))
             {
                 error.set_text("Incorrect password.");
                 input.clear();

libluna/include/luna/Option.h

@@ -94,6 +94,12 @@ template <typename T> class Option
         return other;
     }
 
+    T value_or(T&& other) const
+    {
+        if (has_value()) return m_storage.fetch_reference();
+        return move(other);
+    }
+
     bool try_set_value(T& ref) const
     {
         if (!has_value()) return false;

libluna/include/luna/Result.h

@@ -106,6 +106,11 @@ template <typename T> class Result
         return m_value.value_or(other);
     }
 
+    T value_or(T&& other) const
+    {
+        return m_value.value_or(move(other));
+    }
+
     bool try_set_value(T& ref) const
     {
         return m_value.try_set_value(ref);

utils/su.cpp

@@ -1,6 +1,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <grp.h>
+#include <luna/SHA.h>
 #include <os/ArgumentParser.h>
 #include <pwd.h>
 #include <shadow.h>
@@ -13,6 +14,14 @@
 static struct termios orig;
 static int fd = -1;
 
+Result<String> hash_password(const char* pw)
+{
+    SHA256 sha;
+    sha.append((const u8*)pw, strlen(pw));
+    auto digest = TRY(sha.digest());
+    return digest.to_string();
+}
+
 void restore_terminal()
 {
     tcsetattr(fd, TCSANOW, &orig);
@@ -176,7 +185,9 @@ Result<int> luna_main(int argc, char** argv)
         char* pass = getpass();
         if (!pass) return 1;
 
-        if (strcmp(pass, passwd))
+        auto result = hash_password(pass).release_value();
+
+        if (strcmp(result.chars(), passwd))
         {
             fprintf(stderr, "%s: wrong password!\n", argv[0]);
             return 1;