Jelajahi Sumber

* Allow SHELLHASH and owner pass in PackConfig to be a salted-sha1

Bryan Drewery 16 tahun lalu
induk
melakukan
206e95d916
5 mengubah file dengan 17 tambahan dan 4 penghapusan
  1. 1 0
      doc/UPDATES
  2. 3 2
      src/binary.c
  3. 7 0
      src/crypt.c
  4. 1 0
      src/crypt.h
  5. 5 2
      src/main.c

+ 1 - 0
doc/UPDATES

@@ -45,6 +45,7 @@
 * Cleanup cmd_botcmd restrictions.
 * Cleanup cmd_botcmd restrictions.
 * Add 'chanset +rbl' which uses list of servers from 'set rbl-servers'. Only +r bots will enforce this.
 * Add 'chanset +rbl' which uses list of servers from 'set rbl-servers'. Only +r bots will enforce this.
 * Fix segfault with /KNOCK on csircd
 * Fix segfault with /KNOCK on csircd
+* SHELLHASH and Owner passwords in the PackConfig can now be salted-sha1. '+' + RAND(5) + '$' + SHA1(RAND(5) + 'password')
 
 
 1.2.16.1
 1.2.16.1
 * Fix linux compile errors
 * Fix linux compile errors

+ 3 - 2
src/binary.c

@@ -351,11 +351,12 @@ readcfg(const char *cfgfile, bool read_stdin)
       while (p && (strchr(LISTSEPERATORS, p[0])))
       while (p && (strchr(LISTSEPERATORS, p[0])))
         *p++ = 0;
         *p++ = 0;
       if (p) {
       if (p) {
+        size_t p_len = strlen(trim(p));
         if (!strcasecmp(buffer, STR("packname"))) {
         if (!strcasecmp(buffer, STR("packname"))) {
           strlcpy(settings.packname, trim(p), sizeof settings.packname);
           strlcpy(settings.packname, trim(p), sizeof settings.packname);
         } else if (!strcasecmp(buffer, STR("shellhash"))) {
         } else if (!strcasecmp(buffer, STR("shellhash"))) {
-          if (strlen(trim(p)) != 40) {
-            fprintf(stderr, STR("\nSHELLHASH should be a SHA1 hash.\n"));
+          if (p_len != 40 && p_len != 47) {
+            fprintf(stderr, STR("\nSHELLHASH should be a SHA1 hash or salted-SHA1 hash.\n"));
             ADD_ERROR
             ADD_ERROR
           }
           }
           strlcpy(settings.shellhash, trim(p), sizeof settings.shellhash);
           strlcpy(settings.shellhash, trim(p), sizeof settings.shellhash);

+ 7 - 0
src/crypt.c

@@ -84,6 +84,13 @@ bd::String decrypt_string(const bd::String& key, const bd::String& data) {
   return decrypted;
   return decrypted;
 }
 }
 
 
+int salted_sha1cmp(const char *salted_hash, const char *string) {
+  char* cmp = salted_sha1(string, &salted_hash[1]); //Pass in the salt from the given hash
+  int n = strcmp(salted_hash, cmp);
+  free(cmp);
+  return n;
+}
+
 char *salted_sha1(const char *in, const char* saltin)
 char *salted_sha1(const char *in, const char* saltin)
 {
 {
   char *tmp = NULL, buf[101] = "", *ret = NULL;
   char *tmp = NULL, buf[101] = "", *ret = NULL;

+ 1 - 0
src/crypt.h

@@ -30,6 +30,7 @@ char *encrypt_string(const char *, char *);
 bd::String encrypt_string(const bd::String&, const bd::String&);
 bd::String encrypt_string(const bd::String&, const bd::String&);
 char *decrypt_string(const char *, char *);
 char *decrypt_string(const char *, char *);
 char *salted_sha1(const char *, const char* = NULL);
 char *salted_sha1(const char *, const char* = NULL);
+int salted_sha1cmp(const char *, const char*);
 bd::String decrypt_string(const bd::String&, const bd::String&);
 bd::String decrypt_string(const bd::String&, const bd::String&);
 char *cryptit (char *);
 char *cryptit (char *);
 char *decryptit (char *);
 char *decryptit (char *);

+ 5 - 2
src/main.c

@@ -242,11 +242,14 @@ static int checkedpass = 0;
 static void checkpass() 
 static void checkpass() 
 {
 {
   int (*hash_cmp) (const char *, const char *) = NULL;
   int (*hash_cmp) (const char *, const char *) = NULL;
+  size_t hashlen = strlen(settings.shellhash);
 
 
-  if (strlen(settings.shellhash) == 32)
+  if (hashlen == 32)
     hash_cmp = md5cmp;
     hash_cmp = md5cmp;
-  else
+  else if (hashlen == 40)
     hash_cmp = sha1cmp;
     hash_cmp = sha1cmp;
+  else if (hashlen == 47)
+    hash_cmp = salted_sha1cmp;
 
 
 #define SHELL_PROMPT STR("Enter your binary password: ")
 #define SHELL_PROMPT STR("Enter your binary password: ")
 #ifdef HAVE_GETPASSPHRASE
 #ifdef HAVE_GETPASSPHRASE