paxed · phantom-voltage · May 13, 2017 · May 26, 2017 · Jun 1, 2017
diff --git a/README b/README
@@ -1,3 +1,33 @@
+dgamelaunch + security
+======================
+
+This branch was modified to enable proper password salting, using the
+openssl library and pbkdf2 password hashing function. For compatibility
+purposes, you can still compile with only sqlite (which salts passwords
+with themselves using an MD5 based algorithm, or with neither.
+
+--enable-pbkdf2 requires --enable-sqlite
+
+dgamelaunch *should* work with neither pbkdf2 nor sqlite, but I wasn't
+able to get it to work with my Dockerfile, where these were tested.
+
+Tests were carried out on a Debian 8 based Docker container.
+
+In addition, strings that ever hold raw passwords from the user, are now
+cleared out of memory as soon as unnecessary. This is done regardless of
+which flags you compile with.
+
+If you have an sqlite3 database using the old password hashing method,
+there's a new command you can include in dgamelaunch.conf to transfer
+users over to the new database.
+
+update_passwd will prompt users to login, if they successfully
+login using their old password, it will prompt them to change
+their password. The resulting password will be salted and hashed
+with pbkdf2. For this to work, you must merge the old database
+with the new one, with the salt entry as an empty string for users
+who still need to migrate their passwords over.
+
 dgamelaunch
 ===========
 
@@ -40,6 +70,7 @@ Some options you might want give to autogen:
  --with-config-file=/absolute/path/to/dgamelaunch.config
  --enable-shmem
  --enable-sqlite
+ --enable-pbkdf2
 
 
 Dgamelaunch should compile without issue on Linux, Solaris, FreeBSD 4 and 5.

diff --git a/config.l b/config.l
@@ -118,6 +118,7 @@ chpasswd	{ yylval.i = DGLCMD_CHPASSWD;   return TYPE_DGLCMD0; }
 chmail		{ yylval.i = DGLCMD_CHMAIL;     return TYPE_DGLCMD0; }
 watch_menu	{ yylval.i = DGLCMD_WATCH_MENU; return TYPE_DGLCMD0; }
 ask_login	{ yylval.i = DGLCMD_LOGIN;      return TYPE_DGLCMD0; }
+update_passwd	{ yylval.i = DGLCMD_UPDATEPW;      return TYPE_DGLCMD0; }
 ask_register	{ yylval.i = DGLCMD_REGISTER;   return TYPE_DGLCMD0; }
 quit		{ yylval.i = DGLCMD_QUIT;       return TYPE_DGLCMD0; }
 play_game	{ yylval.i = DGLCMD_PLAYGAME;    return TYPE_DGLCMD1; }

diff --git a/configure.ac b/configure.ac
@@ -26,7 +26,7 @@ fi
 
 case "$(uname -s)" in
   Linux | *BSD)
-    MY_LIBS="$MY_LIBS -lutil -lcrypt"
+    MY_LIBS="$MY_LIBS -lutil"
     AC_DEFINE(NOSTREAMS, 1, [Don't use SVR4 streams support in ttyrec.])
   ;;
 esac
@@ -113,6 +113,24 @@ if test "$enable_sqlite" = yes; then
 fi
 
 
+AC_ARG_ENABLE(pbkdf2,
+[AC_HELP_STRING([--enable-pbkdf2], [Enable pbkdf2 password hashing. Requires sqlite])],
+[], [])
+
+if test "$enable_pbkdf2" = yes; then
+   AC_MSG_RESULT([Enabling pbkdf2 password hashing.])
+   AC_DEFINE(USE_PBKDF2,1,[Enable pbkdf2 password hashing.])
+   AC_CHECK_HEADERS([openssl/rand.h], [], [AC_MSG_ERROR([openssl/rand.h not found.])], [])
+   AC_CHECK_HEADERS([openssl/evp.h], [], [AC_MSG_ERROR([openssl/evp.h not found.])], [])
+   MY_LIBS="$MY_LIBS -lcrypto -lcrypt"
+
+   if test "$enable_sqlite" = no; then
+      AC_MSG_ERROR([sqlite must be enabled for pbkdf2 password hashing.])
+   fi
+
+   else
+   MY_LIBS="$MY_LIBS -lcrypt"
+fi
 
 
 dgl_rlimit_core_default=157286400