1 files changed, 18 insertions, 8 deletions

diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c
index ef05536..7a03871 100644
--- a/database/sqlite/edb-sqlite.c
+++ b/database/sqlite/edb-sqlite.c
@@ -229,18 +229,16 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
 int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *passwd) 
 {
         dbresult *res = NULL;
-        char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert;
+        char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert = NULL;
+        char *dbpwd = NULL;
         int uicid = 0, uid = 0, pwdok = 0;
 
         DEBUG(ctx, 20, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username);
 
 
         // Generate SHA512 hash of password, used for password auth
-        crpwd = passwdhash(pwdSHA512, NULL, passwd);
-
         res = sqlite_query(ctx,
-                           "SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid,  "
-                           "       (password = '%s') AS pwdok"
+                           "SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid, password "
                            "  FROM openvpn_users ou"
                            "  JOIN openvpn_usercerts uc USING(uid) "
                            "  LEFT JOIN openvpn_blacklist bl1 ON( ou.username = bl1.username) "
@@ -248,7 +246,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
                            "               FROM openvpn_certificates "
                            "               JOIN openvpn_blacklist USING(digest)) bl2 ON(uc.certid = bl2.certid)"
                            " WHERE uc.certid = '%i' AND ou.username = '%q'",
-                           crpwd, certid, username);
+                           certid, username);
         memset(crpwd, 0, strlen_nullsafe(crpwd));
         free_nullsafe(crpwd);
         if( res == NULL ) {
@@ -263,7 +261,20 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
                 deactivated = sqlite_get_value(res, 0, 3);
                 blid_uname  = sqlite_get_value(res, 0, 4);
                 blid_cert   = sqlite_get_value(res, 0, 5);
-                pwdok       = atoi_nullsafe(sqlite_get_value(res, 0, 6));
+                dbpwd       = sqlite_get_value(res, 0, 6);
+
+                if( dbpwd == NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. DB error.",
+                                     username);
+                        pwdok = 0;
+                } else {
+                        crpwd = eurephia_pwd_crypt(ctx, passwd, dbpwd);
+                        assert(crpwd != NULL);
+                        pwdok = (strcmp(crpwd, dbpwd) == 0 ? 1 : 0);
+                        memset(crpwd, 0, strlen_nullsafe(crpwd));
+                        memset(dbpwd, 0, strlen_nullsafe(dbpwd));
+                        free_nullsafe(crpwd);
+                }
 
                 if( blid_uname != NULL ) {
                         eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (uid: %i, %s)",
@@ -287,7 +298,6 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
                         eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. Wrong password.",
                                      username);
                         uicid = -1;
-                
                 } else {
                         dbresult *upd = NULL;