summaryrefslogtreecommitdiffhomepage
path: root/auth.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'auth.cpp')
-rw-r--r--auth.cpp31
1 files changed, 20 insertions, 11 deletions
diff --git a/auth.cpp b/auth.cpp
index 451c1ce..501eb07 100644
--- a/auth.cpp
+++ b/auth.cpp
@@ -3,8 +3,10 @@
#include <crypt.h>
#include <string.h>
-#include <stdexcept>
+#include <algorithm>
#include <iostream>
+#include <random>
+#include <stdexcept>
// crypt specified password
std::string Auth::generate(const std::string& pw)
@@ -12,14 +14,22 @@ std::string Auth::generate(const std::string& pw)
struct crypt_data data;
memset((void *)&data, '\0', sizeof(data));
- char setting[1000];
-
- if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, setting, sizeof(setting)) == nullptr)
- throw std::runtime_error("Error on crypt_gensalt_r()");
+ std::random_device rd;
+ std::mt19937 rng{rd()};
+ std::uniform_int_distribution<int> uid(0, 63);
+
+ std::string chars{std::string(std::string::size_type(64), char('a'))};
+ std::iota(chars.begin() , chars.begin() + 26, 'a');
+ std::iota(chars.begin() + 26, chars.begin() + 52, 'A');
+ std::iota(chars.begin() + 52, chars.begin() + 62, '0');
+ chars[62] = '.';
+ chars[63] = '/';
+
+ std::string salt{{chars[uid(rng)], chars[uid(rng)]}};
char* result;
- if ((result = crypt_r(pw.data(), setting, &data)) == nullptr)
+ if ((result = crypt_r(pw.data(), salt.data(), &data)) == nullptr)
throw std::runtime_error("Error on crypt_r()");
return result;
@@ -31,16 +41,15 @@ bool Auth::validate(const std::string& crypted, const std::string& pw)
struct crypt_data data;
memset((void *)&data, '\0', sizeof(data));
- size_t pos = crypted.find_last_of('$');
- if (pos == crypted.npos) {
- std::cerr << "Warning: Bad password hash configured (format)" << std::endl;
+ if (crypted.size() < 2) {
+ std::cerr << "Warning: Bad password hash configured (size)" << std::endl;
return false;
}
- std::string setting{crypted.substr(0, pos)};
+ std::string salt{crypted.substr(0, 2)};
char* output;
- if ((output = crypt_r(pw.data(), setting.data(), &data)) == nullptr) {
+ if ((output = crypt_r(pw.data(), salt.data(), &data)) == nullptr) {
std::cerr << "Warning: Error on crypt_r()" << std::endl;
return false;
}