Changeset 4e8db1c
- Timestamp:
- 2008-03-16T16:03:52Z (16 years ago)
- Branches:
- master
- Children:
- ec0355f
- Parents:
- 50d26f3
- Files:
-
- 3 edited
-
lib/misc.c (modified) (2 diffs)
-
lib/misc.h (modified) (1 diff)
-
storage_xml.c (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
lib/misc.c
r50d26f3 r4e8db1c 33 33 #define BITLBEE_CORE 34 34 #include "nogaim.h" 35 #include "base64.h" 35 36 #include <stdio.h> 36 37 #include <stdlib.h> … … 597 598 return sockerr_again(); 598 599 } 600 601 /* Returns values: -1 == Failure (base64-decoded to something unexpected) 602 0 == Okay 603 1 == Password doesn't match the hash. */ 604 int md5_verify_password( char *password, char *hash ) 605 { 606 md5_byte_t *pass_dec = NULL; 607 md5_byte_t pass_md5[16]; 608 md5_state_t md5_state; 609 int ret, i; 610 611 if( base64_decode( hash, &pass_dec ) != 21 ) 612 { 613 ret = -1; 614 } 615 else 616 { 617 md5_init( &md5_state ); 618 md5_append( &md5_state, (md5_byte_t*) password, strlen( password ) ); 619 md5_append( &md5_state, (md5_byte_t*) pass_dec + 16, 5 ); /* Hmmm, salt! */ 620 md5_finish( &md5_state, pass_md5 ); 621 622 for( i = 0; i < 16; i ++ ) 623 { 624 if( pass_dec[i] != pass_md5[i] ) 625 { 626 ret = 1; 627 break; 628 } 629 } 630 631 /* If we reached the end of the loop, it was a match! */ 632 if( i == 16 ) 633 ret = 0; 634 } 635 636 g_free( pass_dec ); 637 638 return ret; 639 } -
lib/misc.h
r50d26f3 r4e8db1c 67 67 G_MODULE_EXPORT gboolean ssl_sockerr_again( void *ssl ); 68 68 69 G_MODULE_EXPORT int md5_verify_password( char *password, char *hash ); 70 69 71 #endif -
storage_xml.c
r50d26f3 r4e8db1c 80 80 char *nick = xml_attr( attr_names, attr_values, "nick" ); 81 81 char *pass = xml_attr( attr_names, attr_values, "password" ); 82 md5_byte_t *pass_dec = NULL;82 int st; 83 83 84 84 if( !nick || !pass ) … … 87 87 "Missing attributes for %s element", element_name ); 88 88 } 89 else if( base64_decode( pass, &pass_dec ) != 21 ) 90 { 89 else if( ( st = md5_verify_password( xd->given_pass, pass ) ) == -1 ) 90 { 91 xd->pass_st = XML_PASS_WRONG; 91 92 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 92 93 "Error while decoding password attribute" ); 93 94 } 95 else if( st == 0 ) 96 { 97 if( xd->pass_st != XML_PASS_CHECK_ONLY ) 98 xd->pass_st = XML_PASS_OK; 99 } 94 100 else 95 101 { 96 md5_byte_t pass_md5[16]; 97 md5_state_t md5_state; 98 int i; 99 100 md5_init( &md5_state ); 101 md5_append( &md5_state, (md5_byte_t*) xd->given_pass, strlen( xd->given_pass ) ); 102 md5_append( &md5_state, (md5_byte_t*) pass_dec + 16, 5 ); /* Hmmm, salt! */ 103 md5_finish( &md5_state, pass_md5 ); 104 105 for( i = 0; i < 16; i ++ ) 106 { 107 if( pass_dec[i] != pass_md5[i] ) 108 { 109 xd->pass_st = XML_PASS_WRONG; 110 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 111 "Password mismatch" ); 112 break; 113 } 114 } 115 116 /* If we reached the end of the loop, it was a match! */ 117 if( i == 16 ) 118 { 119 if( xd->pass_st != XML_PASS_CHECK_ONLY ) 120 xd->pass_st = XML_PASS_OK; 121 } 122 } 123 124 g_free( pass_dec ); 102 xd->pass_st = XML_PASS_WRONG; 103 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 104 "Password mismatch" ); 105 } 125 106 } 126 107 else if( xd->pass_st < XML_PASS_OK )
Note: See TracChangeset
for help on using the changeset viewer.
