[CF-Devel] MD5 crypt in FreeBSD

[Joris Bontje]

Problem:
When an existing user logs in with username and password: 
"Wrong Password!", Trying to create a new user: "The passwords 
did not match."

Background story:
Two days ago I upgraded my server from RedHat Linux to 
FreeBSD, made a backup of the important userstuff and installed 
CF again. Everything worked fine... now I have done a "build world" 
and things aren't working again.

Thoughts:
FreeBSD has a disgust for the weak DES algorithm, the base 
systems has the default DES libcrypt (I think). But when you 
remake everything (and maybe tell it to use the more secure MD5), 
MD5 is used.

Normally (DES) the password field in the userfiles look like this:

"password vIPIFM3456FKD"

that doesn't work with the MD5 algorithm...
now create an MD5 hash with a perl program and replace the DES
--- perl program ---
#!/usr/bin/perl -w
use strict;
print "The password is: ";
print crypt("secretpass","");
print "\n\n";
--- end of perl program ---
This gives:
The password is: $1$$stmAa3iXQxI4jYtPrZgI./

Now replace the DES password in the playerfile with the MD5 hash 
and log in, it should work. But when you save the character it is 
mangled to:

"password $1$Lrìø¿¿,Ð$xX5to"

So the second time you can't login anymore. New users still can't 
be created...
The DES to MD5 step is rare and you can't do something about it 
except for supporting 2 password formats...
But MD5 should work! Somewhere deep inside the C code the 
password is mangled and restricted and that lets MD5 fail its job.

Fix:
-- insert here :) --


Joris Bontje "MiDS"
Admin of mids.student.utwente.nl
---
The suespammers.org mail server is located in California;
do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address