Explorar o código

* New userfile pass algorithm

Use a 1-way SHA1+salt algorithm.
Bryan Drewery %!s(int64=17) %!d(string=hai) anos
pai
achega
5cdc6eee6d
Modificáronse 4 ficheiros con 15 adicións e 68 borrados
  1. 2 0
      doc/UPDATES
  2. 11 62
      src/crypt.c
  3. 0 1
      src/crypt.h
  4. 2 5
      src/userrec.c

+ 2 - 0
doc/UPDATES

@@ -1,3 +1,5 @@
+* New userfile pass algorithm
+
 1.2.17 - http://wraith.botpack.net/milestone/1.2.17
 * Binary pass prompt has been changed to be more clear.
 * Fix uname checking on NetBSD and OpenBSD

+ 11 - 62
src/crypt.c

@@ -133,12 +133,6 @@ void encrypt_cmd_pass(char *in, char *out)
   free(tmp);
 }
 
-static char *user_key(struct userrec *u)
-{
-  /* FIXME: fix after 1.2.3 */
-  return u->handle;
-}
-
 char *encrypt_pass(struct userrec *u, char *in)
 {
   char *tmp = NULL, buf[101] = "", *ret = NULL;
@@ -147,69 +141,24 @@ char *encrypt_pass(struct userrec *u, char *in)
   if (strlen(in) > MAXPASSLEN)
     in[MAXPASSLEN] = 0;
 
-  const char salt2[] = SALT2;
-  simple_snprintf(buf, sizeof(buf), STR("%s-%s"), salt2, in);
+  /* Create a 5 byte salt */
+  char salt[6] = "";
+  make_rand_str(salt, sizeof(salt) - 1);
 
-  tmp = encrypt_string(user_key(u), buf);
-  OPENSSL_cleanse(buf, sizeof(buf));
-  ret_size = strlen(tmp) + 1 + 1;
-  ret = (char *) my_calloc(1, ret_size);
+  /* SHA1 the salt+password */
+  simple_snprintf(buf, sizeof(buf), STR("%s%s"), salt, in);
+  tmp = SHA1(buf);
 
-  simple_snprintf(ret, ret_size, STR("+%s"), tmp);
-  free(tmp);
-
-  return ret;
-}
+  ret_size = (sizeof(salt) - 1) + 1 + SHA_HASH_LENGTH + 1;
+  ret = (char *) my_calloc(1, ret_size);
+  simple_snprintf(ret, ret_size, STR("%s$%s"), salt, tmp);
 
-char *decrypt_pass(struct userrec *u)
-{
-  char *tmp = NULL, *p = NULL, *ret = NULL, *pass = NULL;
-  
-  pass = (char *) get_user(&USERENTRY_PASS, u);
-  if (pass && pass[0] == '+') {
-    tmp = decrypt_string(user_key(u), &pass[1]);
-    if ((p = strchr(tmp, '-')))
-      ret = strdup(++p); 
-    OPENSSL_cleanse(tmp, strlen(tmp));
-    free(tmp);
-  }
-  if (!ret)
-    ret = (char *) my_calloc(1, 1);
+  /* Wipe cleartext pass from sha1 buffers/tmp */
+  SHA1(NULL);
 
   return ret;
 }
 
-/*
-static char *passkey()
-{
-  static char key[SHA1_HASH_LENGTH + 1] = "";
-
-  if (key[0])
-    return key;
-
-  char *tmp = my_calloc(1, 512);
-
-  simple_snprintf(tmp, sizeof(tmp), "%s-%s.%s!%s", settings.salt1, settings.salt2, settings.packname, settings.bdhash);
-  key = SHA1(tmp);
-  free(tmp);
-  egg_bzero(tmp, 512);
-
-  return key;
-}
-
-void encrypt_pass_new(char *s1, char *s2)
-{
-  char *tmp = NULL;
-
-  if (strlen(s1) > MAXPASSLEN)
-    s1[MAXPASSLEN] = 0;
-  tmp = encrypt_string(s1, passkey);
-  strcpy(s2, "+");
-  strlcat(s2, tmp, MAXPASSLEN + 1);
-  s2[MAXPASSLEN] = 0;
-  free(tmp);
-}
-*/
 int lfprintf (FILE *stream, const char *format, ...)
 {
   va_list va;

+ 0 - 1
src/crypt.h

@@ -26,7 +26,6 @@ char *encrypt_string(const char *, char *);
 char *decrypt_string(const char *, char *);
 void encrypt_cmd_pass(char *, char *);
 char *encrypt_pass(struct userrec *, char *);
-char *decrypt_pass(struct userrec *);
 char *cryptit (char *);
 char *decryptit (char *);
 int lfprintf (FILE *, const char *, ...) __attribute__((format(printf, 2, 3)));

+ 2 - 5
src/userrec.c

@@ -543,14 +543,11 @@ int change_handle(struct userrec *u, char *newh)
   if (!noshare)
     shareout("h %s %s\n", u->handle, newh);
 
-  char s[HANDLEN + 1] = "", *pass = NULL;
+  char s[HANDLEN + 1] = "";
 
-  pass = decrypt_pass(u);
   strlcpy(s, u->handle, sizeof s);
   strlcpy(u->handle, newh, sizeof u->handle);
-  set_user(&USERENTRY_PASS, u, pass);
-  OPENSSL_cleanse(pass, strlen(pass));
-  free(pass);
+
   for (int i = 0; i < dcc_total; i++)
     if (dcc[i].type && dcc[i].type != &DCC_BOT && !egg_strcasecmp(dcc[i].nick, s)) {
       strlcpy(dcc[i].nick, newh, sizeof dcc[i].nick);