فهرست منبع

Merge branch 'salted-cmdpass'

* salted-cmdpass:
  * Convert cmdpasses to the salted-sha1 format
  * Define SHA1_SALTED_LEN and SHA1_SALT_LEN
  * Add salted_sha1() and remove obsoleted encrypt_pass()
Bryan Drewery 17 سال پیش
والد
کامیت
e807b2a665
8فایلهای تغییر یافته به همراه45 افزوده شده و 29 حذف شده
  1. 6 2
      src/cmds.c
  2. 1 1
      src/cmds.h
  3. 1 1
      src/core_binds.c
  4. 3 18
      src/crypt.c
  5. 4 2
      src/crypt.h
  6. 28 3
      src/dccutil.c
  7. 1 1
      src/userent.c
  8. 1 1
      src/userrec.c

+ 6 - 2
src/cmds.c

@@ -296,6 +296,9 @@ static void cmd_cmdpass(int idx, char *par)
     return;
   }
 
+  if (strlen(pass) > MAXPASSLEN)
+    pass[MAXPASSLEN] = 0;
+
   if (has_pass) {
     if (!check_cmd_pass(cmd, pass)) {
       putlog(LOG_WARN, "*", "%s attempted to modify command password for %s - invalid password specified", dcc[idx].nick, cmd);
@@ -310,10 +313,11 @@ static void cmd_cmdpass(int idx, char *par)
     }
   }
 
-  char epass[36] = "", tmp[256] = "";
+  char *epass = NULL, tmp[256] = "";
 
-  encrypt_cmd_pass(par[0] ? par : pass, epass);
+  epass = salted_sha1(par[0] ? par : pass);
   simple_snprintf(tmp, sizeof tmp, "%s %s", cmd, epass);
+  free(epass);
   if (has_pass)
     dprintf(idx, "Changed command password for %s\n", cmd);
   else

+ 1 - 1
src/cmds.h

@@ -37,7 +37,7 @@ const botcmd_t *search_botcmd_t(const botcmd_t *table, const char* key, size_t e
 typedef struct cmd_pass {
   struct cmd_pass *next;
   char *name;
-  char pass[25];
+  char pass[SHA1_SALTED_LEN + 1];
 } cmd_pass_t;
 
 extern mycmds 		cmdlist[]; 

+ 1 - 1
src/core_binds.c

@@ -187,7 +187,7 @@ void real_check_bind_dcc(const char *cmd, int idx, const char *text, Auth *auth)
       if (!egg_strncasecmp(cmd, entry->mask, cmdlen)) {
         if (has_cmd_pass(entry->mask)) {
           if (flagrec_ok(&entry->user_flags, &fr)) {
-            char *p = NULL, work[1024] = "", pass[128] = "";
+            char *p = NULL, work[1024] = "", pass[MAXPASSLEN + 1] = "";
 
             p = strchr(args, ' ');
             if (p)

+ 3 - 18
src/crypt.c

@@ -120,29 +120,14 @@ char *decrypt_string(const char *keydata, char *in)
   }
 }
 
-void encrypt_cmd_pass(char *in, char *out)
-{
-  char *tmp = NULL;
-
-  if (strlen(in) > MAXPASSLEN)
-    in[MAXPASSLEN] = 0;
-  tmp = encrypt_string(in, in);
-  strlcpy(out, "+", 2);
-  strlcat(out, tmp, MAXPASSLEN + 1);
-  out[MAXPASSLEN] = 0;
-  free(tmp);
-}
-
-char *encrypt_pass(struct userrec *u, char *in, const char *saltin)
+char *salted_sha1(const char *in, const char* saltin)
 {
   char *tmp = NULL, buf[101] = "", *ret = NULL;
   size_t ret_size = 0;
 
-  if (strlen(in) > MAXPASSLEN)
-    in[MAXPASSLEN] = 0;
 
   /* Create a 5 byte salt */
-  char salt[6] = "";
+  char salt[SHA1_SALT_LEN + 1] = "";
   if (saltin) {
     strlcpy(salt, saltin, sizeof(salt));
   } else {
@@ -153,7 +138,7 @@ char *encrypt_pass(struct userrec *u, char *in, const char *saltin)
   simple_snprintf(buf, sizeof(buf), STR("%s%s"), salt, in);
   tmp = SHA1(buf);
 
-  ret_size = 1 + (sizeof(salt) - 1) + 1 + SHA_HASH_LENGTH + 1;
+  ret_size = SHA1_SALTED_LEN + 1;
   ret = (char *) my_calloc(1, ret_size);
   simple_snprintf(ret, ret_size, STR("+%s$%s"), salt, tmp);
 

+ 4 - 2
src/crypt.h

@@ -14,6 +14,9 @@
 #define SHA_HASH_LENGTH (SHA_DIGEST_LENGTH << 1)
 #define MD5_HASH_LENGTH (MD5_DIGEST_LENGTH << 1)
 
+#define SHA1_SALT_LEN 5
+#define SHA1_SALTED_LEN (1 + SHA1_SALT_LEN + 1 + SHA_HASH_LENGTH)
+
 char *MD5(const char *);
 int md5cmp(const char *, const char*);
 char *MD5FILE(const char *);
@@ -24,8 +27,7 @@ unsigned char *encrypt_binary(const char *, unsigned char *, size_t *);
 unsigned char *decrypt_binary(const char *, unsigned char *, size_t *);
 char *encrypt_string(const char *, char *);
 char *decrypt_string(const char *, char *);
-void encrypt_cmd_pass(char *, char *);
-char *encrypt_pass(struct userrec *, char *, const char* = NULL);
+char *salted_sha1(const char *, const char* = NULL);
 char *cryptit (char *);
 char *decryptit (char *);
 int lfprintf (FILE *, const char *, ...) __attribute__((format(printf, 2, 3)));

+ 28 - 3
src/dccutil.c

@@ -1071,11 +1071,36 @@ int check_cmd_pass(const char *cmd, char *pass)
 
   for (cp = cmdpass; cp; cp = cp->next)
     if (!egg_strcasecmp(cmd, cp->name)) {
-      char tmp[32] = "";
+      char *epass = NULL;
+
+      /* Does the old pass need to be converted? */
+      if (strlen(cp->pass) < SHA1_SALTED_LEN) {
+        char out[MAXPASSLEN + 1] = "", *tmp = encrypt_string(pass, pass);
+        strlcpy(out, "+", 2);
+        strlcat(out, tmp, MAXPASSLEN + 1);
+        out[MAXPASSLEN] = 0;
+        free(tmp);
+
+        /* No match */
+        if (strcmp(out, cp->pass))
+          return 0;
+
+        /* Successful match on the old version, convert it and save it */
+        char ctmp[256] = "";
+        epass = salted_sha1(pass);
+
+        simple_snprintf(ctmp, sizeof(ctmp), "%s %s", cmd, epass);
+        free(epass);
+        set_cmd_pass(tmp, 1);
+        return 1;
+      }
 
-      encrypt_cmd_pass(pass, tmp);
-      if (!strcmp(tmp, cp->pass))
+      epass = salted_sha1(pass, &(cp->pass)[1]);
+      if (!strcmp(epass, cp->pass)) {
+        free(epass);
         return 1;
+      }
+      free(epass);
       return 0;
     }
   return 0;

+ 1 - 1
src/userent.c

@@ -587,7 +587,7 @@ static bool pass_set(struct userrec *u, struct user_entry *e, void *buf)
     if (u->bot || (pass[0] == '+'))
       newpass = strdup(pass);
     else
-      newpass = encrypt_pass(u, pass);
+      newpass = salted_sha1(pass);
     e->u.extra = strdup(newpass);
   }
   if (!noshare)

+ 1 - 1
src/userrec.c

@@ -343,7 +343,7 @@ int u_pass_match(struct userrec *u, char *in)
     strlcpy(pass, in, sizeof(pass));
 
     /* Pass the salted pass in so the same salt can be used */
-    char* newpass = encrypt_pass(u, in, &cmp[1]);
+    char* newpass = salted_sha1(pass, &cmp[1]);
     OPENSSL_cleanse(pass, sizeof(pass));
     if (!strcmp(cmp, newpass)) {
       free(newpass);