From 41c0322ad95e82b603d2bf9c01915eafb3545ff2 Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Sat, 28 Nov 2009 17:53:00 +0000
Subject: [PATCH] Change max. length of passwords from magic number to a
 define.

git-svn-id: svn://katsu.triplehelix.org/dgamelaunch/trunk@518 db0b04b0-f4d1-0310-9a6d-de3e77497b0e
---
 TODO          |  1 +
 dgamelaunch.c | 33 ++++++++++++++++-----------------
 dgamelaunch.h |  1 +
 3 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/TODO b/TODO
index 589731d..51238a2 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,4 @@
+-allow admin to disabling the 'm' mail key in ttyplay.
 -update README
 -maybe allow something like changed_menu="[Updated %d]" config option  and
  $CHANGED in the menu banner.
diff --git a/dgamelaunch.c b/dgamelaunch.c
index 77b7e9a..3cec1ca 100644
--- a/dgamelaunch.c
+++ b/dgamelaunch.c
@@ -740,7 +740,7 @@ change_email ()
 int
 changepw (int dowrite)
 {
-  char buf[21];
+  char buf[DGL_PASSWDLEN+1];
   int error = 2;
 
   /* A precondition is that struct `me' exists because we can be not-yet-logged-in. */
@@ -751,7 +751,7 @@ changepw (int dowrite)
 
   while (error)
     {
-      char repeatbuf[21];
+      char repeatbuf[DGL_PASSWDLEN+1];
       clear ();
 
       drawbanner (&banner, 1, 1);
@@ -762,8 +762,8 @@ changepw (int dowrite)
       mvaddstr (6, 1,
                 "in plaintext, so make it something new and expect it to be relatively");
       mvaddstr (7, 1, "insecure.");
-      mvaddstr (8, 1,
-                "20 character max. No ':' characters. Blank line to abort.");
+      mvprintw (8, 1,
+                "%i character max. No ':' characters. Blank line to abort.", DGL_PASSWDLEN);
       mvaddstr (10, 1, "=> ");
 
       if (error == 1)
@@ -774,7 +774,7 @@ changepw (int dowrite)
 
       refresh ();
 
-      if (mygetnstr (buf, 20, 0) != OK)
+      if (mygetnstr (buf, DGL_PASSWDLEN, 0) != OK)
 	  return 0;
 
       if (*buf == '\0')
@@ -788,7 +788,7 @@ changepw (int dowrite)
       mvaddstr (12, 1, "And again:");
       mvaddstr (13, 1, "=> ");
 
-      if (mygetnstr (repeatbuf, 20, 0) != OK)
+      if (mygetnstr (repeatbuf, DGL_PASSWDLEN, 0) != OK)
 	  return 0;
 
       if (!strcmp (buf, repeatbuf))
@@ -1024,7 +1024,7 @@ autologin (char* user, char *pass)
 void
 loginprompt (int from_ttyplay)
 {
-  char user_buf[DGL_PLAYERNAMELEN+1], pw_buf[22];
+  char user_buf[DGL_PLAYERNAMELEN+1], pw_buf[DGL_PASSWDLEN+2];
   int error = 2;
 
   loggedin = 0;
@@ -1076,7 +1076,7 @@ loginprompt (int from_ttyplay)
 
   refresh ();
 
-  if (mygetnstr (pw_buf, 20, 0) != OK)
+  if (mygetnstr (pw_buf, DGL_PASSWDLEN, 0) != OK)
       return;
 
   if (passwordgood (pw_buf))
@@ -1261,9 +1261,9 @@ passwordgood (char *cpw)
 {
   assert (me != NULL);
 
-  if (!strncmp (crypt (cpw, cpw), me->password, 13))
+  if (!strncmp (crypt (cpw, cpw), me->password, DGL_PASSWDLEN))
     return 1;
-  if (!strncmp (cpw, me->password, 20))
+  if (!strncmp (cpw, me->password, DGL_PASSWDLEN))
     return 1;
 
   return 0;
@@ -1314,9 +1314,9 @@ readfile (int nolock)
 
       users = realloc (users, sizeof (struct dg_user *) * (f_num + 1));
       users[f_num] = malloc (sizeof (struct dg_user));
-      users[f_num]->username = (char *) calloc (22, sizeof (char));
+      users[f_num]->username = (char *) calloc (DGL_PLAYERNAMELEN+2, sizeof (char));
       users[f_num]->email = (char *) calloc (82, sizeof (char));
-      users[f_num]->password = (char *) calloc (22, sizeof (char));
+      users[f_num]->password = (char *) calloc (DGL_PASSWDLEN+2, sizeof (char));
       users[f_num]->env = (char *) calloc (1026, sizeof (char));
 
       /* name field, must be valid */
@@ -1326,7 +1326,7 @@ readfile (int nolock)
             return 1;
           users[f_num]->username[(b - n)] = *b;
           b++;
-          if ((b - n) >= 21) {
+          if ((b - n) >= DGL_PLAYERNAMELEN) {
 	      debug_write("name field too long");
             graceful_exit (100);
 	  }
@@ -1356,7 +1356,7 @@ readfile (int nolock)
         {
           users[f_num]->password[(b - n)] = *b;
           b++;
-          if ((b - n) >= 20) {
+          if ((b - n) >= DGL_PASSWDLEN) {
 	      debug_write("passwd field too long");
             graceful_exit (102);
 	  }
@@ -1695,7 +1695,6 @@ writefile (int requirenew)
     int ret, retry = 10;
 
     char *qbuf;
-    char tmpbuf[32];
 
     if (requirenew) {
 	qbuf = sqlite3_mprintf("insert into dglusers (username, email, env, password, flags) values ('%q', '%q', '%q', '%q', %li)", me->username, me->email, me->env, me->password, me->flags);
@@ -1921,7 +1920,7 @@ int
 authenticate ()
 {
   int i, len, me_index;
-  char user_buf[DGL_PLAYERNAMELEN+1], pw_buf[22];
+  char user_buf[DGL_PLAYERNAMELEN+1], pw_buf[DGL_PASSWDLEN+1];
   struct dg_game **games = NULL;
 
   /* We use simple password authentication, rather than challenge/response. */
@@ -1944,7 +1943,7 @@ authenticate ()
     pw_buf[--len] = '\0';
   else
     {
-      fprintf (stderr, "Password too long (max 20 chars).\n");
+	fprintf (stderr, "Password too long (max %i chars).\n", DGL_PASSWDLEN);
       return 1;
     }
 
diff --git a/dgamelaunch.h b/dgamelaunch.h
index 9ceb433..eaabe4e 100644
--- a/dgamelaunch.h
+++ b/dgamelaunch.h
@@ -16,6 +16,7 @@
 #define dglsign(x) (x < 0 ? -1 : (x > 0 ? 1 : 0))
 
 #define DGL_PLAYERNAMELEN 30 /* max. length of player name */
+#define DGL_PASSWDLEN 20 /* max. length of passwords */
 
 typedef enum
 {