Przeglądaj źródła

* SHELLHASH now supports SHA1 hashes.


svn: 3785
Bryan Drewery 18 lat temu
rodzic
commit
f6f47b67b2
5 zmienionych plików z 22 dodań i 6 usunięć
  1. 1 0
      doc/UPDATES
  2. 4 4
      pack/pack.cfg.sample
  3. 8 0
      src/crypt.c
  4. 2 1
      src/crypt.h
  5. 7 1
      src/main.c

+ 1 - 0
doc/UPDATES

@@ -3,6 +3,7 @@
 * Fix channels added by cmd_slowjoin not having the user who added them associated with the channel.
 * Fix leaf bots not updating behind other hubs (fixes #419)
 * Removed BDHASH as it wasn't even used.
+* SHELLHASH now supports SHA1 hashes.
 
 1.2.15 - http://wraith.botpack.net/milestone/1.2.15
 * Fix a possible segfault when binaries compiled wrong

+ 4 - 4
pack/pack.cfg.sample

@@ -10,11 +10,11 @@ PACKNAME <name>
  * the entire botnet could be hijacked, a pass 8 chars or more is suggested
  */
 
-/* SHELLHASH: 32 char md5 hash used for binary password 
- * in mIRC: //echo -a $MD5(SOMEWORD)
- * URL: http://bryan.shatow.net/crypt/
+/* SHELLHASH: SHA1 hash
+ * Use this URL to generate: http://www.shatow.net/crypt/
+ * example: SHELLHASH 637d1f5c6e6d1be22ed907eb3d223d858ca396d8
  */
-SHELLHASH <md5hash>
+SHELLHASH <sha1hash>
 
 /* DCCPREFIX: 1 char cmd prefix for dcc. (ie, .cmd or !cmd) */
 DCCPREFIX <.>

+ 8 - 0
src/crypt.c

@@ -324,6 +324,10 @@ char *MD5(const char *string)
   return md5string;
 }
 
+int md5cmp(const char *hash, const char *string) {
+  return strcmp(hash, MD5(string));
+}
+
 char *
 MD5FILE(const char *bin)
 {
@@ -368,6 +372,10 @@ char *SHA1(const char *string)
   return sha1string;
 }
 
+int sha1cmp(const char *hash, const char *string) {
+  return strcmp(hash, SHA1(string));
+}
+
 /* convert binary hashes to hex */
 char *btoh(const unsigned char *md, size_t len)
 {

+ 2 - 1
src/crypt.h

@@ -13,11 +13,12 @@
 
 #define SHA_HASH_LENGTH (SHA_DIGEST_LENGTH << 1)
 #define MD5_HASH_LENGTH (MD5_DIGEST_LENGTH << 1)
-#define md5cmp(hash, string)            strcmp(hash, MD5(string))
 
 char *MD5(const char *);
+int md5cmp(const char *, const char*);
 char *MD5FILE(const char *);
 char *SHA1(const char *);
+int sha1cmp(const char *, const char*);
 
 unsigned char *encrypt_binary(const char *, unsigned char *, size_t *);
 unsigned char *decrypt_binary(const char *, unsigned char *, size_t *);

+ 7 - 1
src/main.c

@@ -221,6 +221,12 @@ static void expire_simuls() {
 static void checkpass() 
 {
   static int checkedpass = 0;
+  int (*hash_cmp) (const char *, const char *) = NULL;
+
+  if (strlen(settings.shellhash) == 32)
+    hash_cmp = md5cmp;
+  else
+    hash_cmp = sha1cmp;
 
   if (!checkedpass) {
 #ifdef HAVE_GETPASSPHRASE
@@ -231,7 +237,7 @@ static void checkpass()
 #endif
 
     checkedpass = 1;
-    if (!gpasswd || (gpasswd && md5cmp(settings.shellhash, gpasswd) && !check_master_hash(NULL, gpasswd))) 
+    if (!gpasswd || (gpasswd && hash_cmp(settings.shellhash, gpasswd) && !check_master_hash(NULL, gpasswd))) 
       werr(ERR_BADPASS);
     /* Most PASS_MAX are 256.. but it's not clear */
     OPENSSL_cleanse(gpasswd, 30);