Changeset 6e1fed7
- Timestamp:
- 2006-06-25T17:07:25Z (19 years ago)
- Branches:
- master
- Children:
- 88086db
- Parents:
- 7ed3199
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
bitlbee.c
r7ed3199 r6e1fed7 291 291 irc_t *irc; 292 292 293 /* Since we're fork()ing here, let's make sure we won't 294 get the same random numbers as the parent/siblings. */ 295 srand( time( NULL ) ^ getpid() ); 296 293 297 /* Close the listening socket, we're a client. */ 294 298 close( global.listen_socket ); -
irc.c
r7ed3199 r6e1fed7 329 329 void irc_setpass (irc_t *irc, const char *pass) 330 330 { 331 if (irc->password)g_free (irc->password);331 g_free (irc->password); 332 332 333 333 if (pass) { 334 334 irc->password = g_strdup (pass); 335 irc_usermsg (irc, "Password successfully changed");336 335 } else { 337 336 irc->password = NULL; -
storage_xml.c
r7ed3199 r6e1fed7 26 26 #define BITLBEE_CORE 27 27 #include "bitlbee.h" 28 #include "base64.h" 29 #include "rc4.h" 28 30 #include "md5.h" 29 31 … … 78 80 char *nick = xml_attr( attr_names, attr_values, "nick" ); 79 81 char *pass = xml_attr( attr_names, attr_values, "password" ); 82 md5_byte_t *pass_dec = NULL; 80 83 81 84 if( !nick || !pass ) … … 84 87 "Missing attributes for %s element", element_name ); 85 88 } 89 else if( base64_decode( pass, &pass_dec ) != 21 ) 90 { 91 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 92 "Error while decoding password attribute" ); 93 } 86 94 else 87 95 { 88 96 md5_byte_t pass_md5[16]; 89 97 md5_state_t md5_state; 90 int i , j;98 int i; 91 99 92 100 md5_init( &md5_state ); 93 101 md5_append( &md5_state, (md5_byte_t*) xd->given_pass, strlen( xd->given_pass ) ); 102 md5_append( &md5_state, (md5_byte_t*) pass_dec + 16, 5 ); /* Hmmm, salt! */ 94 103 md5_finish( &md5_state, pass_md5 ); 95 104 96 105 for( i = 0; i < 16; i ++ ) 97 106 { 98 if( !isxdigit( pass[i*2] ) || !isxdigit( pass[i*2+1] ) || 99 sscanf( pass + i * 2, "%2x", &j ) != 1 ) 100 { 101 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 102 "Incorrect password MD5-hash" ); 103 break; 104 } 105 if( j != pass_md5[i] ) 107 if( pass_dec[i] != pass_md5[i] ) 106 108 { 107 109 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, … … 118 120 } 119 121 } 122 123 g_free( pass_dec ); 120 124 } 121 125 else if( xd->pass_st < XML_PASS_OK ) … … 127 131 { 128 132 char *protocol, *handle, *server, *password, *autoconnect; 133 char *pass_b64 = NULL, *pass_rc4 = NULL; 134 int pass_len; 129 135 struct prpl *prpl = NULL; 130 136 131 137 handle = xml_attr( attr_names, attr_values, "handle" ); 132 pass word= xml_attr( attr_names, attr_values, "password" );138 pass_b64 = xml_attr( attr_names, attr_values, "password" ); 133 139 server = xml_attr( attr_names, attr_values, "server" ); 134 140 autoconnect = xml_attr( attr_names, attr_values, "autoconnect" ); … … 138 144 prpl = find_protocol( protocol ); 139 145 140 if( !handle || !pass word|| !protocol )146 if( !handle || !pass_b64 || !protocol ) 141 147 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 142 148 "Missing attributes for %s element", element_name ); … … 144 150 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 145 151 "Unknown protocol: %s", protocol ); 146 else 152 else if( ( pass_len = base64_decode( pass_b64, (unsigned char**) &pass_rc4 ) ) && 153 rc4_decode( (unsigned char*) pass_rc4, pass_len, 154 (unsigned char**) &password, xd->given_pass ) ) 147 155 { 148 156 xd->current_account = account_add( irc, prpl, handle, password ); … … 154 162 sscanf( autoconnect, "%d", &xd->current_account->auto_connect ); 155 163 } 164 else 165 { 166 /* Actually the _decode functions don't even return error codes, 167 but maybe they will later... */ 168 g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, 169 "Error while decrypting account password" ); 170 } 171 172 g_free( pass_rc4 ); 173 g_free( password ); 156 174 } 157 175 else if( g_strcasecmp( element_name, "setting" ) == 0 ) … … 354 372 static storage_status_t xml_save( irc_t *irc, int overwrite ) 355 373 { 356 char path[512], *path2, md5_buf[33];374 char path[512], *path2, *pass_buf = NULL; 357 375 set_t *set; 358 376 nick_t *nick; 359 377 account_t *acc; 360 378 int fd, i; 361 md5_byte_t pass_md5[ 16];379 md5_byte_t pass_md5[21]; 362 380 md5_state_t md5_state; 363 381 … … 380 398 } 381 399 400 /* Generate a salted md5sum of the password. Use 5 bytes for the salt 401 (to prevent dictionary lookups of passwords) to end up with a 21- 402 byte password hash, more convenient for base64 encoding. */ 403 for( i = 0; i < 5; i ++ ) 404 pass_md5[16+i] = rand() & 0xff; 382 405 md5_init( &md5_state ); 383 406 md5_append( &md5_state, (md5_byte_t*) irc->password, strlen( irc->password ) ); 407 md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */ 384 408 md5_finish( &md5_state, pass_md5 ); 385 for( i = 0; i < 16; i ++ )386 g_snprintf( md5_buf + i * 2, 3, "%02x", pass_md5[i]);387 388 if( !xml_printf( fd, "<user nick=\"%s\" password=\"%s\">\n", irc->nick, md5_buf ) )409 /* Save the hash in base64-encoded form. */ 410 pass_buf = base64_encode( (char*) pass_md5, 21 ); 411 412 if( !xml_printf( fd, "<user nick=\"%s\" password=\"%s\">\n", irc->nick, pass_buf ) ) 389 413 goto write_error; 414 415 g_free( pass_buf ); 390 416 391 417 for( set = irc->set; set; set = set->next ) … … 396 422 for( acc = irc->accounts; acc; acc = acc->next ) 397 423 { 398 if( !xml_printf( fd, "\t<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, acc->pass, acc->auto_connect ) ) 424 char *pass_rc4, *pass_b64; 425 int pass_len; 426 427 pass_len = rc4_encode( (unsigned char*) acc->pass, strlen( acc->pass ), (unsigned char**) &pass_rc4, irc->password ); 428 pass_b64 = base64_encode( pass_rc4, pass_len ); 429 430 if( !xml_printf( fd, "\t<account protocol=\"%s\" handle=\"%s\" password=\"%s\" autoconnect=\"%d\"", acc->prpl->name, acc->user, pass_b64, acc->auto_connect ) ) 431 { 432 g_free( pass_rc4 ); 433 g_free( pass_b64 ); 399 434 goto write_error; 435 } 436 g_free( pass_rc4 ); 437 g_free( pass_b64 ); 438 400 439 if( acc->server && acc->server[0] && !xml_printf( fd, " server=\"%s\"", acc->server ) ) 401 440 goto write_error; … … 433 472 434 473 write_error: 474 g_free( pass_buf ); 475 435 476 irc_usermsg( irc, "Write error. Disk full?" ); 436 477 close( fd ); -
unix.c
r7ed3199 r6e1fed7 48 48 49 49 b_main_init(); 50 51 50 log_init(); 52 53 51 nogaim_init(); 54 52 53 srand( time( NULL ) ^ getpid() ); 54 55 55 CONF_FILE = g_strdup( CONF_FILE_DEF ); 56 57 56 global.helpfile = g_strdup( HELP_FILE ); 58 57 59 58 global.conf = conf_load( argc, argv ); 60 59 if( global.conf == NULL ) 61 60 return( 1 ); 62 63 61 64 62 if( global.conf->runmode == RUNMODE_INETD ) 65 63 { … … 89 87 if( i != 0 ) 90 88 return( i ); 91 89 92 90 global.storage = storage_init( global.conf->primary_storage, global.conf->migrate_storage ); 93 91 if ( global.storage == NULL) {
Note: See TracChangeset
for help on using the changeset viewer.