Browse Source

* Changed password encryption, should auto convert, might need to reset all though. (#75)

svn: 2176
Bryan Drewery 21 năm trước cách đây
mục cha
commit
66ec6172c0
7 tập tin đã thay đổi với 80 bổ sung34 xóa
  1. 1 0
      doc/UPDATES
  2. 1 1
      src/cmds.c
  3. 27 7
      src/crypt.c
  4. 3 1
      src/crypt.h
  5. 7 9
      src/userent.c
  6. 32 4
      src/userrec.c
  7. 9 12
      src/users.c

+ 1 - 0
doc/UPDATES

@@ -156,6 +156,7 @@ Lines prefixed with '-' were disabled before release and are not finished, or ar
 * Added rate var 'flood-g' which will set +g for 60 seconds after this many msgs:sec has been detected. (#74)
 * Disabled all memory allocations after a segfault (Fixes CPU spinning)
 * Fixed ANSI colors not showing for logs when bot is not in background.
+* Changed password encryption, should auto convert, might need to reset all though. (#75)
 
 1.2.2
 * Don't sanity check flags for users on DCC CHAT if they are on the bot via .botcmd.

+ 1 - 1
src/cmds.c

@@ -287,7 +287,7 @@ static void cmd_cmdpass(int idx, char *par)
 
   char epass[36] = "", tmp[256] = "";
 
-  encrypt_pass(par[0] ? par : pass, epass);
+  encrypt_cmd_pass(par[0] ? par : pass, epass);
   simple_snprintf(tmp, sizeof tmp, "%s %s", cmd, epass);
   if (has_pass)
     dprintf(idx, "Changed command password for %s\n", cmd);

+ 27 - 7
src/crypt.c

@@ -114,19 +114,39 @@ char *decrypt_string(const char *keydata, char *in)
   }
 }
 
-void encrypt_pass(char *s1, char *s2)
+void encrypt_cmd_pass(char *in, char *out)
 {
   char *tmp = NULL;
 
-  if (strlen(s1) > MAXPASSLEN)
-    s1[MAXPASSLEN] = 0;
-  tmp = encrypt_string(s1, s1);
-  strcpy(s2, "+");
-  strlcat(s2, tmp, MAXPASSLEN + 1);
-  s2[MAXPASSLEN] = 0;
+  if (strlen(in) > MAXPASSLEN)
+    in[MAXPASSLEN] = 0;
+  tmp = encrypt_string(in, in);
+  strcpy(out, "+");
+  strlcat(out, tmp, MAXPASSLEN + 1);
+  out[MAXPASSLEN] = 0;
   free(tmp);
 }
 
+char *encrypt_pass(struct userrec *u, char *in)
+{
+  char *tmp = NULL, buf[101] = "", *ret = NULL;
+  size_t ret_size = 0;
+
+  if (strlen(in) > MAXPASSLEN)
+    in[MAXPASSLEN] = 0;
+
+  simple_snprintf(buf, sizeof(buf), "%s-%s", settings.salt2, in);
+
+  tmp = encrypt_string(u->handle, buf);
+  ret_size = strlen(tmp) + 1 + 1;
+  ret = (char *) my_calloc(1, ret_size);
+
+  simple_snprintf(ret, ret_size, "+%s", tmp);
+  free(tmp);
+
+  return ret;
+}
+
 /*
 static char *passkey()
 {

+ 3 - 1
src/crypt.h

@@ -9,6 +9,7 @@
 
 #include <sys/types.h>
 #include "src/crypto/crypto.h"
+#include "users.h"
 
 #define SHA_HASH_LENGTH (SHA_DIGEST_LENGTH << 1)
 #define MD5_HASH_LENGTH (MD5_DIGEST_LENGTH << 1)
@@ -19,7 +20,8 @@ char *MD5FILE(const char *);
 char *SHA1(const char *);
 char *encrypt_string(const char *, char *);
 char *decrypt_string(const char *, char *);
-void encrypt_pass(char *, char *);
+void encrypt_cmd_pass(char *, char *);
+char *encrypt_pass(struct userrec *, char *);
 char *cryptit (char *);
 char *decryptit (char *);
 int lfprintf (FILE *, const char *, ...) __attribute__((format(printf, 2, 3)));

+ 7 - 9
src/userent.c

@@ -519,7 +519,7 @@ struct user_entry_type USERENTRY_MODIFIED =
 
 static bool pass_set(struct userrec *u, struct user_entry *e, void *buf)
 {
-  char newpass[32] = "";
+  char *newpass = NULL;
   register char *pass = (char *) buf;
 
   if (e->u.extra)
@@ -537,16 +537,14 @@ static bool pass_set(struct userrec *u, struct user_entry *e, void *buf)
       p++;
     }
     if (u->bot || (pass[0] == '+'))
-      strcpy(newpass, pass);
+      newpass = strdup(pass);
     else
-      encrypt_pass(pass, newpass);
+      newpass = encrypt_pass(u, pass);
     e->u.extra = strdup(newpass);
-    /* save for later */
-    set_user(&USERENTRY_TMPPASS, u, pass);
-
+    free(newpass);
   }
   if (!noshare)
-    shareout("c PASS %s %s\n", u->handle, pass ? pass : "");
+    shareout("c %s %s %s\n", e->type->name, u->handle, pass ? pass : "");
   return 1;
 }
 
@@ -560,10 +558,10 @@ struct user_entry_type USERENTRY_PASS =
   def_get,
   pass_set,
   NULL,
-  "PASS"
+  "PASS1"
 };
 
-
+/* FIXME: remove after 1.2.3 */
 static bool tmppass_set(struct userrec *u, struct user_entry *e, void *buf)
 {
   register char *pass = (char *) buf;

+ 32 - 4
src/userrec.c

@@ -236,6 +236,32 @@ bool user_has_host(const char *handle, struct userrec *u, char *host)
   return 0;
 }
 
+void convert_password(struct userrec *u)
+{
+  char *oldpass = (char *) get_user(&USERENTRY_TMPPASS, u);
+
+  if (oldpass && oldpass[0]) {
+    char *pass = NULL;
+    /* need to convert into new password format and remove old */
+
+    /* --------- this changes to reflect how to decrypt old password --------- */
+    pass = decrypt_string(u->handle, oldpass);
+    /* ----------------------------------------------------------------------- */
+
+    if (strlen(pass) > MAXPASSLEN)
+      pass[MAXPASSLEN] = 0;
+
+    set_user(&USERENTRY_PASS, u, pass);
+    free(pass);
+
+    /* clear old record */
+    noshare = 1;
+    set_user(&USERENTRY_TMPPASS, u, NULL);
+    noshare = 0;
+  }
+  
+}
+
 /* Try: pass_match_by_host("-",host)
  * will return 1 if no password is set for that host
  */
@@ -244,6 +270,8 @@ int u_pass_match(struct userrec *u, char *in)
   if (!u)
     return 0;
 
+  convert_password(u);
+
   char *cmp = (char *) get_user(&USERENTRY_PASS, u), pass[MAXPASSLEN + 1] = "";
 
   simple_snprintf(pass, sizeof pass, "%s", in);
@@ -258,16 +286,16 @@ int u_pass_match(struct userrec *u, char *in)
     if (!strcmp(cmp, pass))
       return 1;
   } else {
-    char newpass[MAXPASSLEN + 1] = "";
+    char *newpass = NULL;
 
     if (strlen(pass) > MAXPASSLEN)
       pass[MAXPASSLEN] = 0;
-    encrypt_pass(pass, newpass);
+    newpass = encrypt_pass(u, pass);
     if (!strcmp(cmp, newpass)) {
-      /* save for later */
-      set_user(&USERENTRY_TMPPASS, u, in);
+      free(newpass);
       return 1;
     }
+    free(newpass);
   }
   return 0;
 }

+ 9 - 12
src/users.c

@@ -606,7 +606,7 @@ int readuserfile(const char *file, struct userrec **ret)
       if (s[0] != '#' && s[0] != ';' && s[0]) {
 	code = newsplit(&s);
 	rmspace(s);
-	if (!strcmp(code, "-")) {
+	if (!strcmp(code, "-")) {	/* ignores/bans */
 	  if (!lasthand[0])
 	    continue;		/* Skip this entry.	*/
 	  if (u) {		/* only break it down if there a real users */
@@ -661,7 +661,7 @@ int readuserfile(const char *file, struct userrec **ret)
               }
             }
 	  }
-	} else if (!strcmp(code, "!")) {
+	} else if (!strcmp(code, "!")) {	/* user channel record */
 	  /* ! #chan laston flags [info] */
 	  char *chname = NULL, *st = NULL, *fl = NULL;
 
@@ -691,7 +691,7 @@ int readuserfile(const char *file, struct userrec **ret)
 	      }
 	    }
 	  }
-        } else if (!strcmp(code, "+")) {
+        } else if (!strcmp(code, "+")) {	/* add channel record */
          if (s[0] && lasthand[0] == '*' && lasthand[1] == CHANS_NAME[1]) {
            char *options = NULL, *chan = NULL, *my_ptr = NULL;
            char resultbuf[2048] = "";
@@ -715,8 +715,7 @@ int readuserfile(const char *file, struct userrec **ret)
            }
            free(my_ptr);
          }
-	} else if (!strncmp(code, "::", 2)) {
-	  /* channel-specific bans */
+	} else if (!strncmp(code, "::", 2)) {	/* channel-specific bans */
 	  strcpy(lasthand, &code[2]);
 	  u = NULL;
 	  if (!findchan_by_dname(lasthand)) {
@@ -735,8 +734,7 @@ int readuserfile(const char *file, struct userrec **ret)
             clear_masks(cst->bans);
 	    cst->bans = NULL;
 	  }
-	} else if (!strncmp(code, "&&", 2)) {
-	  /* channel-specific exempts */
+	} else if (!strncmp(code, "&&", 2)) {	/* channel-specific exempts */
 	  strcpy(lasthand, &code[2]);
 	  u = NULL;
 	  if (!findchan_by_dname(lasthand)) {
@@ -755,8 +753,7 @@ int readuserfile(const char *file, struct userrec **ret)
 	    clear_masks(cst->exempts);
 	    cst->exempts = NULL;
 	  }
-	} else if (!strncmp(code, "$$", 2)) {
-	  /* channel-specific invites */
+	} else if (!strncmp(code, "$$", 2)) {	/* channel-specific invites */
 	  strcpy(lasthand, &code[2]);
 	  u = NULL;
 	  if (!findchan_by_dname(lasthand)) {
@@ -775,7 +772,7 @@ int readuserfile(const char *file, struct userrec **ret)
 	    clear_masks(cst->invites);
             cst->invites = NULL;
 	  }
-	} else if (!strncmp(code, "--", 2)) {
+	} else if (!strncmp(code, "--", 2)) {	/* user USERENTRY */
 	  if (u) {
 	    /* new format storage */
 	    struct user_entry *ue = NULL;
@@ -832,7 +829,7 @@ int readuserfile(const char *file, struct userrec **ret)
 	  lasthand[0] = 0;
 	  u = NULL;
 	} else {		/* its a user ! */
-	  pass = newsplit(&s);
+	  pass = newsplit(&s);	/* old style passwords */
 	  attr = newsplit(&s);
 	  rmspace(s);
 	  if (!attr[0] || !pass[0]) {
@@ -862,7 +859,7 @@ int readuserfile(const char *file, struct userrec **ret)
               
 	      if (strlen(code) > HANDLEN)
 		code[HANDLEN] = 0;
-	      if (strlen(pass) > 20) {
+	      if (strlen(pass) > 20) {	/* old style passwords */
 		putlog(LOG_MISC, "*", "* Corrupted password reset for '%s'", code);
 		strcpy(pass, "-");
 	      }