[+] dap_server_http_db_auth_tool

[+] some scripts

[+] dap_server_http_db_auth_tool
[+] some scripts
6721535c · Dmitriy A. Gerasimov · 18f51b40 · 6721535c · 6721535c · 6721535c
Commit 6721535c authored 5 years ago by Dmitriy A. Gerasimov
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,9 +5,21 @@ file(GLOB DAP_SERVER_HTTP_DB_AUTH_SOURCES src/*.c)
 file(GLOB DAP_SERVER_HTTP_DB_AUTH_HEADERS include/*.h)

 add_library(${PROJECT_NAME} STATIC ${DAP_SERVER_HTTP_DB_AUTH_SOURCES} ${DAP_SERVER_HTTP_DB_AUTH_HEADERS})
+add_executable(${PROJECT_NAME}_tool ${DAP_SERVER_HTTP_DB_AUTH_SOURCES} ${DAP_SERVER_HTTP_DB_AUTH_HEADERS} dap_server_http_db_auth_tool.c )

 target_link_libraries(${PROJECT_NAME} dap_crypto dap_stream dap_server_http_db )
+target_link_libraries(${PROJECT_NAME}_tool dap_crypto dap_stream dap_server_http_db )

 target_include_directories(${PROJECT_NAME} PUBLIC include)
 target_include_directories(${PROJECT_NAME} PRIVATE src)

+target_include_directories(${PROJECT_NAME}_tool PRIVATE include)
+target_include_directories(${PROJECT_NAME}_tool PRIVATE src)
+
+INSTALL(TARGETS ${PROJECT_NAME}_tool DESTINATION ${CMAKE_INSTALL_PREFIX}/bin )
+INSTALL(
+    DIRECTORY scripts/
+    DESTINATION ${CMAKE_INSTALL_PREFIX}/sbin
+    FILES_MATCHING PATTERN "*" PATTERN "*"
+    PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+    )
--- a/dap_defines.h
+++ b/dap_defines.h
+#pragma once
+#define DAP_APP_NAME NODE_NETNAME "-node"
+
+//#ifdef _WIN32
+//  #define SYSTEM_PREFIX "%USERPROFILE%/opt/"DAP_APP_NAME
+//#else
+  #define SYSTEM_PREFIX "/opt/"DAP_APP_NAME
+//  #define SYSTEM_PREFIX "opt/"DAP_APP_NAME
+//#endif
+
+#define LOCAL_PREFIX "~/."DAP_APP_NAME
+
+#define SYSTEM_CONFIGS_DIR SYSTEM_PREFIX"/etc"
+#define LOCAL_CONFIGS_DIR LOCAL_PREFIX"/etc"
+#define SYSTEM_LOGS_DIR SYSTEM_PREFIX"/var/log"
+
+#define SYSTEM_CONFIG_GLOBAL_FILENAME SYSTEM_PREFIX"/etc/"DAP_APP_NAME".cfg"
+#define LOCAL_CONFIG_GLOBAL LOCAL_PREFIX"/etc/"DAP_APP_NAME".cfg"
+
+#define SYSTEM_PID_FILE_PATH SYSTEM_PREFIX"/run/"DAP_APP_NAME".pid"
+#define LOCAL_PID_FILE_PATH SYSTEM_PREFIX"/run/"DAP_APP_NAME".pid"
--- a/dap_server_http_db_auth_tool.c
+++ b/dap_server_http_db_auth_tool.c
+/*
+ * Authors:
+ * Dmitriy A. Gearasimov <naeper@demlabs.net>
+ * CellFrame       https://cellframe.net
+ * DeM Labs Inc.   https://demlabs.net
+ * Copyright  (c) 2017-2019
+ * All rights reserved.
+
+ This file is part of DAP (Deus Applications Prototypes) the open source project
+
+ DAP (Deus Applicaions Prototypes) is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ DAP is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with any DAP based project.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+//#include "dap_client.h"
+#include "dap_common.h"
+#include "dap_config.h"
+
+#ifdef _WIN32
+#include "registry.h"
+#endif
+
+#include "dap_defines.h"
+
+#include "db_auth.h"
+
+static void s_help(const char * a_app_name)
+{
+    printf ("\t%s tool. Usage:\n\n", a_app_name);
+    printf("\tGet password hash\n");
+    printf("%s password_hash <Password>\n",a_app_name);
+    exit(-1);
+}
+
+int main(int argc, const char * argv[])
+{
+#ifdef _WIN32
+    dap_sprintf(s_sys_dir_path, "%s/%s", regGetUsrPath(), DAP_APP_NAME);
+    l_sys_dir_path_len = strlen(s_sys_dir_path);
+#endif
+
+    //    set_default_locale();
+    //    command_execution_string = shell_script_filename = (char *) NULL;
+
+    memcpy(s_sys_dir_path + l_sys_dir_path_len, SYSTEM_CONFIGS_DIR, sizeof(SYSTEM_CONFIGS_DIR) );
+    dap_common_init( DAP_APP_NAME " Console interface", NULL );
+    dap_log_level_set( L_CRITICAL );
+    dap_config_init( s_sys_dir_path );
+    memset(s_sys_dir_path + l_sys_dir_path_len, '\0', MAX_PATH - l_sys_dir_path_len);
+
+    if((g_config = dap_config_open(DAP_APP_NAME)) == NULL) {
+        printf("Can't init general configurations " DAP_APP_NAME ".cfg\n");
+        exit(-1);
+    }
+
+    if (argc<2 ){
+        fprintf(stderr, "Have only %d params but need 2 at least.", argc);
+        s_help(argv[0]);
+    }
+
+    if ( strcmp(argv[1],"password_hash")==0 ){
+        if ( argc < 3){
+            fprintf(stderr, "Have only %d params but need 3 at least for command \"password_hash\". Need password string to produce password hash!", argc);
+            s_help( argv[0]);
+        }
+        const char * l_password = argv[2];
+        char * l_passwd_hash = dap_server_db_hash_password_b64 ( l_password);
+        if( l_passwd_hash){
+            printf( "%s",l_passwd_hash);
+            DAP_DELETE( l_passwd_hash);
+        }else
+            fprintf(stderr, "Can't produce hash from \"%s\"",l_password);
+    }else{
+        fprintf(stderr, "Unknown command \"%s\"", argv[1]);
+        s_help( argv[0] );
+    }
+    return 0;
+
+}
+
--- a/include/db_auth.h
+++ b/include/db_auth.h
@@ -70,6 +70,9 @@ bool db_auth_change_password(const char *user, const char* new_password);

 bool check_user_password(const char* user, const char* password);

+unsigned char* dap_server_db_hash_password(const char* a_password);
+char* dap_server_db_hash_password_b64(const char* a_password);
+
 void db_auth_http_proc(enc_http_delegate_t *dg, void * arg);

 void db_auth_traffic_track_callback(dap_server_t *srv);

--- a/scripts/dap_domain_create
+++ b/scripts/dap_domain_create
+#!/bin/sh
+
+echo "Creating the new user for dapserver authorization"
+
+if [ $# -eq 1 ]; then
+	domain=$1
+else
+	read -p "Enter domain name: " domain
+	if [ -z "$domain" ]; then
+    		echo "[CRITICAL] Need domain name to create new record in the database"
+    		exit 1
+	fi
+
+fi
+
+mongodomain=`mongo dapDb --eval "db.dap_domains.distinct( \"_id\", { domain : \"$domain\" })"`
+mongodomain=`echo "$mongodomain" | tail -1 | tr -d "[] "`
+
+if [ -z $mongodomain ]; then
+    mongo dapDb --eval "db.dap_domains.insert( {domain:\"$domain\" } )"
+else
+    echo "[CRITICAL] Domain name $domain is already present"
+fi
+
--- a/scripts/dap_domain_list
+++ b/scripts/dap_domain_list
+#!/bin/sh
+
+mongo dapDb --eval "db.dap_domains.find()"
--- a/scripts/dap_user_change_password
+++ b/scripts/dap_user_change_password
+#!/bin/sh
+
+echo "Creating the new user for dapserver authorization"
+
+read -p "Enter login: " login
+if [ -z "$login" ]; then
+    echo "[CRITICAL] Need username to create new login record in the database"
+    exit 1
+fi
+
+result=$(mongo dapDb --eval "db.dap_users.find( { login : \"${login}\" } )" | wc -l)
+
+if [ $result -eq 2 ]; then 
+	echo "Login not found in DataBase"
+	exit 2
+fi
+
+read -p "Enter new password: " password
+if [ -z "$password" ]; then
+    echo "[CRITICAL] Need secure password to create new login record in the database"
+    exit 3
+fi
+
+salt=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8; echo '')
+
+echo -n "${password}${salt}" | openssl dgst -sha512 -binary > temp.txt
+echo -n "${salt}" | openssl dgst -sha512 -binary >> temp.txt
+b64=$(cat temp.txt | base64)
+b64urlstring=$(echo $b64 | tr "+/" "-_" | tr -d ' =')
+b64salt=$(echo -n ${salt} | base64 | tr "+/" "-_" | tr -d ' =')
+rm temp.txt
+
+mongo dapDb --eval "db.dap_users.update( { login : \"${login}\"}, { \$set: { passwordHash : \"${b64urlstring}\", salt : \"${b64salt}\"  } } )"
+
+
+
+
--- a/scripts/dap_user_create
+++ b/scripts/dap_user_create
+#!/bin/sh
+
+echo "Creating the new user for dapserver authorization"
+
+if [ $# -eq 1 ]; then
+	echo "Need two parametrs ( email and password )"
+	exit 5
+fi
+
+if [ $# -eq 2 ]; then
+
+	email=$1
+	password=$2
+
+	is_correct_email=$(echo $email | grep -E "^.+@.+[.].+$")
+	if [ -z $is_correct_email ]; then
+		echo Error! Bad email address. Use first parametr email, second - password
+		exit 4
+	fi
+else
+ 
+	read -p "Enter login: " login
+	if [ -z "$login" ]; then
+    		echo "[CRITICAL] Need username to create new login record in the database"
+    		exit 1
+	fi
+
+	read -p "Enter password: " password
+	if [ -z "$password" ]; then
+    		echo "[CRITICAL] Need secure password to create new login record in the database"
+    		exit 2
+	fi
+
+	read -p "Enter email: " email
+
+	if [ -n "$email" ]; then 
+		is_correct_email=$(echo $email | grep -E "^.+@.+[.].+$")
+		if [ -z $is_correct_email ]; then
+			echo Error! Bad email address.
+			exit 4
+		fi
+	fi
+
+	read -p "Enter first_name ( can skip ): " first_name	
+	read -p "Enter last_name ( can skip ): " last_name
+	
+fi
+
+domain=klvn.io
+
+salt=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8; echo '')
+
+mongodomain=$(mongo dapDb --eval "db.dap_domains.distinct( \"_id\", { domain : \"${domain}\" })" )
+mongodomain=$(echo "$mongodomain" | tail -1 | tr -d "[] ")
+
+if [ -z $mongodomain ]; then
+	echo "domain not find in database"
+	exit 3
+fi
+
+password_hash=$(/opt/cellframe-node/bin/dap_server_http_db_auth_tool password_hash ${password})
+echo "Password hash $password_hash"
+if [ -z "$login" ]; then
+	login=$email
+fi
+
+registration_date=$(date -u "+%Y-%m-%d %T")
+expired_date=$(date -u -d '+ 3 day' '+%Y-%m-%d %T')
+
+mongo dapDb --eval "db.dap_users.insert( { login : \"${login}\", email : \"${email}\", passwordHash : \"${password_hash}\", 
+salt : \"${b64salt}\", domainId : ${mongodomain}, profile: { first_name : \"${first_name}\",
+last_name : \"${last_name}\" }, registration_date : ISODate(\"${registration_date}\"), expire_date : ISODate(\"${expired_date}\"), contacts: [] } )"
+
--- a/scripts/dap_user_update
+++ b/scripts/dap_user_update
+#!/bin/sh
+
+echo "Update user for dapserver authorization"
+
+if [ $# -lt 3 ] || [ $# -gt 4 ]; then
+	echo "Need three or four parametrs ( login, first_name, last_name, password ( if want change) )."
+	exit 1
+fi
+
+if [ $# -eq 3 ]; then
+	mongo dapDb --eval "db.dap_users.update( { login : \"${1}\"}, { \$set: { \"profile.first_name\" : \"${2}\", \"profile.last_name\" : \"${3}\"  } } )"
+	exit 0
+fi
+
+password=${4}
+
+password_hash=$(/opt/cellframe-node/bin/dap_server_http_db_auth_tool password_hash ${password})
+echo "Password hash $password_hash"
+
+
+mongo dapDb --eval "db.dap_users.update( { login : \"${1}\"}, { \$set: { passwordHash : \"${password_hash}\", \"profile.first_name\" : \"${2}\", \"profile.last_name\" : \"${3}\"  } } )"
+
--- a/scripts/set_subscription_for_client
+++ b/scripts/set_subscription_for_client
+#!/bin/sh
+
+: 'Выдача подписки клиенту. Входные данные: логин и количество дней на которое
+выписывается/продляется подписка, ( отсчет идет от момента использования скрипта, если 
+подписка еще активная то продляется на N дней )'
+
+echo "Set user subscription"
+
+if [ $# -ne "2" ]; then
+	echo "Error! Need two parametrs login(email?) and count day's subscribtion"
+	exit 1
+fi
+
+result=$(mongo dapDb --eval "db.dap_users.find( { login : \"${1}\" } )" | wc -l)
+
+if [ $result -eq 2 ]; then 
+	echo "Login not found in DataBase"
+	exit 2
+fi
+
+iso_date_expire=$(mongo dapDb --eval "db.dap_users.find( { login: \"${1}\" }, { expire_date : 1, _id : 0 } )" )
+iso_date_expire=$(echo $iso_date_expire | grep -E -o "ISODate.+)" | grep -E -o "[0-9]+.+Z") 
+
+iso_date_expire_in_sec=$(date -d $iso_date_expire "+%s")
+now_date_in_sec=$(date "+%s")
+
+date_diff=`expr $iso_date_expire_in_sec - $now_date_in_sec`
+
+if [ $date_diff -lt 0 ]; then
+	result_date=$(date -u -d '+ '${2}' day' '+%Y-%m-%d %T')
+else
+	result_date=$(date -u -d "$iso_date_expire + ${2} day" "+%Y-%m-%d %T")	
+fi  
+
+mongo dapDb --eval "db.dap_users.update( { login : \"${1}\"}, { \$set: { expire_date : ISODate(\"${result_date}\") }} )"
+
+echo "Subscription update for client to: " $result_date
+
--- a/src/db_auth.c
+++ b/src/db_auth.c
@@ -56,10 +56,6 @@ static pthread_mutex_t mutex_on_auth_hash = PTHREAD_MUTEX_INITIALIZER;

 static bool mongod_is_running(void);

-static unsigned char* hash_password(const unsigned char* password,
-                                    unsigned char* salt,
-                                    size_t salt_size);
-
 static const char *l_db_name;

 int db_auth_init(const char* db_name)
@@ -328,38 +324,18 @@ bool db_auth_change_password(const char* user, const char* new_password)

    bson_error_t error;

-    char salt[9]={0};
-    dap_random_string_fill(salt,sizeof(salt));
-
-
-    unsigned const char * password_hash = hash_password(new_password, salt, 8);
-    char salt_b64[8*2] = {0};
-    dap_enc_base64_encode(salt, 8, salt_b64,DAP_ENC_DATA_TYPE_B64_URLSAFE);

-    if (!password_hash) {
-        log_it(L_WARNING,"Can not memmory allocate");
-        return false;
-    }

-    unsigned char * password_hash_b64 = calloc(4 * DB_AUTH_HASH_LENGTH, sizeof(char));
+    char * password_hash_b64 = dap_server_db_hash_password_b64(new_password);

-    if (!password_hash_b64) {
-        free((char*)password_hash);
-        log_it(L_WARNING,"Can not memmory allocate");
-        return false;
-    }
-
-    dap_enc_base64_encode(password_hash, DB_AUTH_HASH_LENGTH * 2, password_hash_b64,DAP_ENC_DATA_TYPE_B64_URLSAFE);
-
-
-    if (*password_hash_b64 == 0) {
+    if (password_hash_b64 == NULL) {
        log_it(L_WARNING,"Bad hash(based64) for user password");
        return false;
    }

    bson_t *update = BCON_NEW ("$set", "{",
-                               "passwordHash", BCON_UTF8 (password_hash_b64),
-                               "salt", BCON_UTF8 (salt_b64),"}");
+                                "passwordHash", BCON_UTF8 (password_hash_b64),
+                               "}");

    if (!mongoc_collection_update (collection_dap_users, MONGOC_UPDATE_NONE, doc_dap_user, update, NULL, &error)) {
        log_it(L_WARNING,"%s", error.message);
@@ -377,7 +353,7 @@ bool db_auth_change_password(const char* user, const char* new_password)
    if(doc_dap_user)
        bson_destroy(doc_dap_user);

-    free((char*)password_hash); free((char*)password_hash_b64);
+     DAP_DELETE( password_hash_b64 );

    log_it(L_INFO, "user: %s change password to %s", user, new_password);
    return true;
@@ -390,10 +366,10 @@ bool db_auth_change_password(const char* user, const char* new_password)
 * @param password
 * @return false if user password not correct
 */
-bool check_user_password(const char* user, const char* password)
+bool check_user_password(const char* a_user, const char* a_password)
 {
-    if ( exist_user_in_db(user) == false ){
-        log_it(L_WARNING,"User %s is not present in DB",user);
+    if ( exist_user_in_db(a_user) == false ){
+        log_it(L_WARNING,"User %s is not present in DB",a_user);
        return false;
    }

@@ -403,7 +379,7 @@ bool check_user_password(const char* user, const char* password)
                mongo_client, l_db_name, "dap_users");

    bson_t *query = bson_new();
-    BSON_APPEND_UTF8 (query, "login", user);
+    BSON_APPEND_UTF8 (query, "login", a_user);

    bson_iter_t iter;
    bson_t *doc;
@@ -422,25 +398,16 @@ bool check_user_password(const char* user, const char* password)

    dap_enc_base64_decode(salt, 16, salt_from_b64,DAP_ENC_DATA_TYPE_B64);

-    unsigned const char*  password_hash = hash_password(password, salt_from_b64, 8);
-    if (!password_hash) {
-        log_it(L_ERROR, "Can not memmory allocate");
-        return NULL;
-    }
-
-    unsigned char * password_hash_b64 = calloc(4 * DB_AUTH_HASH_LENGTH, sizeof(char));
+    char*  l_password_hash_b64 = dap_server_db_hash_password_b64(a_password);

-    if (!password_hash_b64) {
-        free((char*)password_hash);
+    if (!l_password_hash_b64) {
        log_it(L_ERROR, "Can not memmory allocate");
        return NULL;
    }

-    dap_enc_base64_encode(password_hash, DB_AUTH_HASH_LENGTH * 2, password_hash_b64,DAP_ENC_DATA_TYPE_B64);
-
    if (bson_iter_init (&iter, doc) && bson_iter_find (&iter, "passwordHash"))
    {
-        if ( memcmp(password_hash_b64, bson_iter_value(&iter)->value.v_utf8.str,
+        if ( memcmp(l_password_hash_b64, bson_iter_value(&iter)->value.v_utf8.str,
                    DB_AUTH_HASH_LENGTH * 2) == 0 )
            is_correct_password = true;
    }
@@ -456,7 +423,7 @@ bool check_user_password(const char* user, const char* password)
    if(doc)
        bson_destroy(doc);

-    free((char*)password_hash); free((char*)password_hash_b64);
+    DAP_DELETE( l_password_hash_b64 );

    return is_correct_password;
 }
@@ -518,6 +485,46 @@ static bool db_auth_save_cookie_inform_in_db(const char* login, char* cookie)
    return result;
 }

+
+/**
+ * @brief dap_server_db_hash_password
+ * @param password
+ * @return
+ */
+unsigned char* dap_server_db_hash_password(const char* a_password)
+{
+    static const unsigned char s_salt[]={ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 };
+    static const size_t s_salt_size=sizeof (s_salt);
+
+    unsigned char *md = DAP_NEW_Z_SIZE(unsigned char, DB_AUTH_HASH_LENGTH * 2);
+
+    size_t a_password_length = strlen(a_password);
+    size_t l_str_length = a_password_length + s_salt_size;
+    unsigned char *l_str = DAP_NEW_Z_SIZE(unsigned char, l_str_length);
+
+    memcpy(l_str, a_password, a_password_length);
+    memcpy(l_str + a_password_length, s_salt, s_salt_size);
+    SHA3_512(md, l_str, l_str_length);
+    SHA3_512(md + DB_AUTH_HASH_LENGTH, s_salt, s_salt_size);
+
+    DAP_DELETE( l_str );
+    return md;
+}
+
+char* dap_server_db_hash_password_b64(const char* a_password)
+{
+    unsigned char* l_hash = dap_server_db_hash_password( a_password);
+    char * l_hash_str = DAP_NEW_Z_SIZE(char, 4 * DB_AUTH_HASH_LENGTH+1 ) ;
+
+    if (!l_hash_str) {
+        DAP_DELETE( (char*)l_hash);
+        log_it(L_ERROR, "Can not memmory allocate");
+        return NULL;
+    }
+
+    dap_enc_base64_encode(l_hash, DB_AUTH_HASH_LENGTH * 2, l_hash_str,DAP_ENC_DATA_TYPE_B64_URLSAFE);
+    return  l_hash_str;
+}
 /**
 * @brief db_auth_login Authorization with user/password
 * @param login ( login = email )
@@ -556,16 +563,7 @@ int db_auth_login(const char* login, const char* password,

    bson_iter_t iter;

-    char salt[16] = {0}; char salt_from_b64[8]={0};
-    if (bson_iter_init (&iter, doc) && bson_iter_find (&iter, "salt"))
-        memcpy(salt,bson_iter_value(&iter)->value.v_utf8.str,16);
-    else {
-        log_it(L_ERROR, "Not find Salt in user"); return 0;
-    }
-
-    dap_enc_base64_decode(salt, 16, salt_from_b64,DAP_ENC_DATA_TYPE_B64_URLSAFE);
-
-    unsigned const char* password_hash = hash_password(password, salt_from_b64, 8);
+    unsigned const char* password_hash = dap_server_db_hash_password(password);
    if (!password_hash) {
        log_it(L_ERROR, "Can not memmory allocate");
        return 0;
@@ -581,17 +579,16 @@ int db_auth_login(const char* login, const char* password,

    dap_enc_base64_encode(password_hash, DB_AUTH_HASH_LENGTH * 2, password_hash_b64,DAP_ENC_DATA_TYPE_B64_URLSAFE);

-    if (bson_iter_init (&iter, doc) && bson_iter_find (&iter, "expire_date"))
-    {
+    if (bson_iter_init (&iter, doc) && bson_iter_find (&iter, "expire_date")) {
        if ( bson_iter_date_time(&iter) / 1000 < time(NULL) )
        {
            log_it(L_WARNING, "Subscribe %s has been expiried", login);
            return 4;
        }
-    }
+    }else
+        log_it(L_NOTICE, "Haven't found expire_date in collection");

-    if (bson_iter_init (&iter, doc) && bson_iter_find (&iter, "passwordHash"))
-    {
+    if (bson_iter_init (&iter, doc) && bson_iter_find (&iter, "passwordHash")) {
        if ( memcmp(password_hash_b64, bson_iter_value(&iter)->value.v_utf8.str,
                    DB_AUTH_HASH_LENGTH * 2) == 0 )
        {
@@ -671,7 +668,11 @@ int db_auth_login(const char* login, const char* password,
            pthread_mutex_lock(&mutex_on_auth_hash);
            HASH_ADD_STR(auths,cookie,(*ai));
            pthread_mutex_unlock(&mutex_on_auth_hash);
+        }else{
+            log_it(L_WARNING, "Input password has hash %s but expected to have %s",password_hash_b64, bson_iter_value(&iter)->value.v_utf8.str );
        }
+    }else{
+        log_it(L_WARNING, "No passwordHash in data");
    }

    free(password_hash_b64);
@@ -738,36 +739,22 @@ db_auth_info_t * db_auth_register(const char *user,const char *password,
            (mongo_client, l_db_name, "dap_users");
    bson_error_t error;

-    char salt[9]={0};
-    dap_random_string_fill(salt, sizeof (salt));

-    unsigned const char * password_hash = hash_password(password, salt, 8);
-    char salt_b64[8*2] = {0};
-    dap_enc_base64_encode(salt, 8, salt_b64,DAP_ENC_DATA_TYPE_B64_URLSAFE);

-    if (!password_hash) {
-        log_it(L_ERROR, "Can not memmory allocate");
-        return NULL;
-    }
-
-    unsigned char * password_hash_b64 = calloc(4 * DB_AUTH_HASH_LENGTH, sizeof(char));
+    char * l_password_hash_b64 = dap_server_db_hash_password_b64(password);

-    if (!password_hash_b64) {
-        free((char*)password_hash);
+    if (!l_password_hash_b64) {
        log_it(L_ERROR, "Can not memmory allocate");
        return NULL;
    }

-    dap_enc_base64_encode(password_hash, DB_AUTH_HASH_LENGTH * 2, password_hash_b64,DAP_ENC_DATA_TYPE_B64_URLSAFE);
-
-    if (*password_hash_b64 == 0) {
+    if (*l_password_hash_b64 == 0) {
        log_it(L_ERROR, "Bad hash(based64) for user password");
        return NULL;
    }

    bson_t *doc = BCON_NEW("login", user,
-                           "passwordHash", password_hash_b64,
-                           "salt",salt_b64,
+                           "passwordHash", l_password_hash_b64,
                           "domainId", BCON_OID((bson_oid_t*)bson_iter_value(&iter)->value.v_oid.bytes),
                           "email", email,
                           "profile",
@@ -776,8 +763,7 @@ db_auth_info_t * db_auth_register(const char *user,const char *password,
                           "last_name", last_name,
                           "}",
                           "contacts" , "[","]");
-    free((char*)password_hash);
-    free(password_hash_b64);
+    free(l_password_hash_b64);

    if (!mongoc_collection_insert (collection, MONGOC_INSERT_NONE, doc, NULL, &error)) {
        log_it (L_WARNING, "%s\n", error.message);
@@ -862,19 +848,17 @@ db_auth_info_t * db_auth_register_channel(const char* name_channel, const char*
            mongoc_client_get_collection (mongo_client, l_db_name, "dap_channels");
    bson_error_t error;

-    char salt[9]={0};
-    dap_random_string_fill(salt, sizeof (salt));
-    unsigned const char * password_hash = hash_password(password, salt, 8);
+
+    char * l_password_hash_b64 = dap_server_db_hash_password_b64(password);

    bson_t *doc = BCON_NEW("name_channel", name_channel,
-                           "passwordHash", password_hash,
-                           "salt",salt,
+                           "passwordHash", l_password_hash_b64,
                           "domainId", BCON_OID((bson_oid_t*)bson_iter_value(&iter)->value.v_oid.bytes),
                           "subscribers", "[","]",
                           "last_id_message", BCON_INT32(0),
                           "messages","[","]");

-    free((char*)password_hash);
+    DAP_DELETE( l_password_hash_b64 );
    if (!mongoc_collection_insert (collection, MONGOC_INSERT_NONE, doc, NULL, &error)) {
        log_it (L_ERROR, "%s\n", error.message);
        bson_destroy(query);
@@ -1171,21 +1155,7 @@ static bool mongod_is_running()
    return true;
 }

-inline static unsigned char* hash_password(const unsigned char* password, unsigned char* salt, size_t salt_size)
-{
-    unsigned char *md = (unsigned char*) malloc (DB_AUTH_HASH_LENGTH * 2);

-    size_t len_pswd = strlen(password);
-    size_t length_str = len_pswd + salt_size;
-    char str[length_str];
-
-    memcpy(str, password, len_pswd);
-    memcpy(str + len_pswd, salt, salt_size);
-    SHA3_512(md, str, length_str);
-    SHA3_512(md + DB_AUTH_HASH_LENGTH, salt, salt_size);
-
-    return md;
-}

 /// Check user data for correct input.
 /// @param before_parsing Line size before parsing.