Original topic:


I am using a modified SmaugFUSS codebase. I have a problem where if a player has someone ignored, and they try to sign on while the ignored person is online, it'll check the ignored persons password instead of their own.

Here's a log:

Log: Zeno: loadup derius
Comm: Loading player data for: Derius (6K)
Player Derius loaded from room 2500.
Done.
Log: Zeno: force Derius ignore Alexander
(Alexander is now on his ignore list)
[Forced him to save and quit]
[Alexander is currently online]
[His password is currently admin1]
Enter your hero's name, or type new:
Derius
Password: admin1
Wrong password.
Monitor: Derius; arg: admin1, encryp-arg: De00dAfYFRDsU encryp-pass: AlcdLtbYc.CCo
Comm: wrong password.
Comm: Closing link to Derius.
$ grep AlcdLtbYc.CCo */*
a/Alexander:Password AlcdLtbYc.CCo~
(That would be Alexander's password)
[loaded up Derius]
Log: Zeno: force Derius ignore Alexander
(Alexander is taken off ignore list)
[Forced Derius to save and quit]
Name: Derius
Password: admin1
Last connected from: (Link-Dead)

I installed MD5 yet this problem still exists. Valgrind reported nothing out of the whole time that ignore was used, signed on, and so on. If anyone can help me with this, I'd be very thankful. This is a major problem that I need to fix ASAP. Thanks.

Can we see your code for the password comparison ?

Since you've narrowed it down to the ignore code, you might want to check if you happen to switch some identities in the ignore code.

Anyway, I'm afraid we cant give more help until we see a bit of code.

Sure. With the switch to MD5 using Samson's snippet, I'm pretty sure the password checks are fine.

[code] case CON_GET_OLD_PASSWORD;
write_to_buffer( d, "\n\r", 2 );

if( ch->pcdata->version < 4 )
{
if( str_cmp( crypt( argument, ch->pcdata->pwd ), ch->pcdata->pwd ) )
{
write_to_buffer( d, "Wrong password, disconnecting.\n\r", 0 );
sprintf( log_buf, "%s; arg; %s, crypt-arg; %s crypt-pass; %s", ch->name, argument, crypt(argument,ch->name ), c$
to_channel( log_buf, CHANNEL_MONITOR, "Monitor", LEVEL_SUPREME );
sprintf( log_buf, "%s@%s wrong password.", d->character->name, d->host );
log_string_plus( log_buf, LOG_COMM, sysdata.log_level );
/* clear descriptor pointer to get rid of bug message in log */
d->character->desc = NULL;
close_socket( d, FALSE );
return;
}
}
else
{
/* This if check is what you will want to keep once it is no longer necessary to convert pfiles */
if( str_cmp( smaug_crypt( argument ), ch->pcdata->pwd ) )
{
write_to_buffer( d, "Wrong password, disconnecting.\n\r", 0 );
sprintf( log_buf, "%s; arg; %s, md5-arg; %s md5-pass; %s", ch->name, argument, smaug_crypt(argument ), ch->pcda$
to_channel( log_buf, CHANNEL_MONITOR, "Monitor", LEVEL_SUPREME );
sprintf( log_buf, "%s@%s wrong password.", d->character->name, d->host );
log_string_plus( log_buf, LOG_COMM, sysdata.log_level );
/* clear descriptor pointer to get rid of bug message in log */
d->character->desc = NULL;
close_socket( d, FALSE );
return;
}
}
[/quote]

Well, with this information, you must have a mixup of identities in the ignore code.

Since the line
[code]
if( str_cmp( smaug_crypt( argument ), ch->pcdata->pwd ) )
[/quote]

obviously compares with the wrong info, I figure you've changed the ch->pcdata pointer in the ignore code, or perhaps in the code taking care of the ignoring (which I, since I'm not a smaug coder, will assume is somewhere in the command interpreter). Either way, you've got a loop inthere, looping through the ignored people, checking if any of them are online. Apparently, if the last person on the list is online, the pcdata pointer will point to them instead, probably causing all kinds of havoc.

Check your ignore code. I'd suggest you pay special attention to the loops on the ignored people. That's probably where your bug is hiding.

Mmm, I don't think so. I have not modified any ignore functions at all, and the same with passwords. (The bug existed before I converted to MD5) and this bug does not exist in stock SmagFUSS. I've gotten a little father on this with some help on TMC: