385
386
387
388
389
390
391
392
393
394
395
396
397
398
|
void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
Stmt q;
int rc = -1;
db_prepare(&q,
"SELECT pw, cap, uid FROM user"
" WHERE login=%B"
" AND length(pw)>0",
pLogin
);
if( db_step(&q)==SQLITE_ROW ){
Blob pw, combined, hash;
blob_zero(&pw);
db_ephemeral_blob(&q, 0, &pw);
|
>
|
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
|
void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
Stmt q;
int rc = -1;
db_prepare(&q,
"SELECT pw, cap, uid FROM user"
" WHERE login=%B"
" AND login NOT IN ('anonymous','nobody','developer','reader')"
" AND length(pw)>0",
pLogin
);
if( db_step(&q)==SQLITE_ROW ){
Blob pw, combined, hash;
blob_zero(&pw);
db_ephemeral_blob(&q, 0, &pw);
|