OSDN Git Service

Enhance the security of routines for changing a master password.
[ffftp/ffftp.git] / main.c
diff --git a/main.c b/main.c
index 0377eab..52fc39d 100644 (file)
--- a/main.c
+++ b/main.c
@@ -1426,9 +1426,34 @@ static LRESULT CALLBACK FtpWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARA
                                                if( DialogBox(hInstFtp, MAKEINTRESOURCE(forcepasschange_dlg), hWnd, ExeEscDialogProc) != YES){\r
                                                        break;\r
                                                }\r
+                                               // セキュリティ強化\r
+                                               if(EnterMasterPasswordAndSet(newmasterpasswd_dlg, hWnd) != 0)\r
+                                                       SetTaskMsg(MSGJPN303);\r
                                        }\r
-                                       if( EnterMasterPasswordAndSet( newmasterpasswd_dlg, hWnd ) != 0 ){\r
-                                               SetTaskMsg( MSGJPN303 );\r
+                                       // セキュリティ強化\r
+//                                     if( EnterMasterPasswordAndSet( newmasterpasswd_dlg, hWnd ) != 0 ){\r
+//                                             SetTaskMsg( MSGJPN303 );\r
+//                                     }\r
+                                       else if(GetMasterPasswordStatus() == PASSWORD_OK)\r
+                                       {\r
+                                               char Password[MAX_PASSWORD_LEN + 1];\r
+                                               GetMasterPassword(Password);\r
+                                               SetMasterPassword(NULL);\r
+                                               while(ValidateMasterPassword() == YES && GetMasterPasswordStatus() == PASSWORD_UNMATCH)\r
+                                               {\r
+                                                       if(EnterMasterPasswordAndSet(masterpasswd_dlg, NULL) == 0)\r
+                                                               break;\r
+                                               }\r
+                                               if(GetMasterPasswordStatus() == PASSWORD_OK && EnterMasterPasswordAndSet(newmasterpasswd_dlg, hWnd) != 0)\r
+                                               {\r
+                                                       SetTaskMsg(MSGJPN303);\r
+                                                       SaveRegistry();\r
+                                               }\r
+                                               else\r
+                                               {\r
+                                                       SetMasterPassword(Password);\r
+                                                       ValidateMasterPassword();\r
+                                               }\r
                                        }\r
                                        break;\r
 \r