From 4e8db1c0141f74dc6156a57739613483344b358d Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 16 Mar 2008 16:03:52 +0000 Subject: Moved password hash verification to md5_verify_password() so this can be reused for IRC/OPER passwords (to have encrypted in bitlbee.conf). --- lib/misc.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'lib/misc.c') diff --git a/lib/misc.c b/lib/misc.c index 18d98f9e..ccf208b5 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -32,6 +32,7 @@ #define BITLBEE_CORE #include "nogaim.h" +#include "base64.h" #include #include #include @@ -596,3 +597,43 @@ gboolean ssl_sockerr_again( void *ssl ) else return sockerr_again(); } + +/* Returns values: -1 == Failure (base64-decoded to something unexpected) + 0 == Okay + 1 == Password doesn't match the hash. */ +int md5_verify_password( char *password, char *hash ) +{ + md5_byte_t *pass_dec = NULL; + md5_byte_t pass_md5[16]; + md5_state_t md5_state; + int ret, i; + + if( base64_decode( hash, &pass_dec ) != 21 ) + { + ret = -1; + } + else + { + md5_init( &md5_state ); + md5_append( &md5_state, (md5_byte_t*) password, strlen( password ) ); + md5_append( &md5_state, (md5_byte_t*) pass_dec + 16, 5 ); /* Hmmm, salt! */ + md5_finish( &md5_state, pass_md5 ); + + for( i = 0; i < 16; i ++ ) + { + if( pass_dec[i] != pass_md5[i] ) + { + ret = 1; + break; + } + } + + /* If we reached the end of the loop, it was a match! */ + if( i == 16 ) + ret = 0; + } + + g_free( pass_dec ); + + return ret; +} -- cgit v1.2.3 From 5be87b2e736962dce2576012b7f1cf215f169f34 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 17:03:02 +0200 Subject: Move unix-specific random_bytes() implementation to unix.c. --- lib/misc.c | 65 -------------------------------------------------------------- 1 file changed, 65 deletions(-) (limited to 'lib/misc.c') diff --git a/lib/misc.c b/lib/misc.c index ccf208b5..1670b91d 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -391,71 +391,6 @@ signed int do_iconv( char *from_cs, char *to_cs, char *src, char *dst, size_t si return( outbuf - dst ); } -/* A pretty reliable random number generator. Tries to use the /dev/random - devices first, and falls back to the random number generator from libc - when it fails. Opens randomizer devices with O_NONBLOCK to make sure a - lack of entropy won't halt BitlBee. */ -void random_bytes( unsigned char *buf, int count ) -{ - static int use_dev = -1; - - /* Actually this probing code isn't really necessary, is it? */ - if( use_dev == -1 ) - { - if( access( "/dev/random", R_OK ) == 0 || access( "/dev/urandom", R_OK ) == 0 ) - use_dev = 1; - else - { - use_dev = 0; - srand( ( getpid() << 16 ) ^ time( NULL ) ); - } - } - - if( use_dev ) - { - int fd; - - /* At least on Linux, /dev/random can block if there's not - enough entropy. We really don't want that, so if it can't - give anything, use /dev/urandom instead. */ - if( ( fd = open( "/dev/random", O_RDONLY | O_NONBLOCK ) ) >= 0 ) - if( read( fd, buf, count ) == count ) - { - close( fd ); - return; - } - close( fd ); - - /* urandom isn't supposed to block at all, but just to be - sure. If it blocks, we'll disable use_dev and use the libc - randomizer instead. */ - if( ( fd = open( "/dev/urandom", O_RDONLY | O_NONBLOCK ) ) >= 0 ) - if( read( fd, buf, count ) == count ) - { - close( fd ); - return; - } - close( fd ); - - /* If /dev/random blocks once, we'll still try to use it - again next time. If /dev/urandom also fails for some - reason, stick with libc during this session. */ - - use_dev = 0; - srand( ( getpid() << 16 ) ^ time( NULL ) ); - } - - if( !use_dev ) - { - int i; - - /* Possibly the LSB of rand() isn't very random on some - platforms. Seems okay on at least Linux and OSX though. */ - for( i = 0; i < count; i ++ ) - buf[i] = rand() & 0xff; - } -} - int is_bool( char *value ) { if( *value == 0 ) -- cgit v1.2.3 From 7f49a8642e162611cf20ab95955098597d1f4472 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 10 Jun 2008 05:09:49 +0200 Subject: Move random_bytes() back to lib/ --- lib/misc.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) (limited to 'lib/misc.c') diff --git a/lib/misc.c b/lib/misc.c index 1670b91d..0998b7e2 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -391,6 +391,73 @@ signed int do_iconv( char *from_cs, char *to_cs, char *src, char *dst, size_t si return( outbuf - dst ); } +/* A pretty reliable random number generator. Tries to use the /dev/random + devices first, and falls back to the random number generator from libc + when it fails. Opens randomizer devices with O_NONBLOCK to make sure a + lack of entropy won't halt BitlBee. */ +void random_bytes( unsigned char *buf, int count ) +{ +#ifndef _WIN32 + static int use_dev = -1; + + /* Actually this probing code isn't really necessary, is it? */ + if( use_dev == -1 ) + { + if( access( "/dev/random", R_OK ) == 0 || access( "/dev/urandom", R_OK ) == 0 ) + use_dev = 1; + else + { + use_dev = 0; + srand( ( getpid() << 16 ) ^ time( NULL ) ); + } + } + + if( use_dev ) + { + int fd; + + /* At least on Linux, /dev/random can block if there's not + enough entropy. We really don't want that, so if it can't + give anything, use /dev/urandom instead. */ + if( ( fd = open( "/dev/random", O_RDONLY | O_NONBLOCK ) ) >= 0 ) + if( read( fd, buf, count ) == count ) + { + close( fd ); + return; + } + close( fd ); + + /* urandom isn't supposed to block at all, but just to be + sure. If it blocks, we'll disable use_dev and use the libc + randomizer instead. */ + if( ( fd = open( "/dev/urandom", O_RDONLY | O_NONBLOCK ) ) >= 0 ) + if( read( fd, buf, count ) == count ) + { + close( fd ); + return; + } + close( fd ); + + /* If /dev/random blocks once, we'll still try to use it + again next time. If /dev/urandom also fails for some + reason, stick with libc during this session. */ + + use_dev = 0; + srand( ( getpid() << 16 ) ^ time( NULL ) ); + } + + if( !use_dev ) +#endif + { + int i; + + /* Possibly the LSB of rand() isn't very random on some + platforms. Seems okay on at least Linux and OSX though. */ + for( i = 0; i < count; i ++ ) + buf[i] = rand() & 0xff; + } +} + int is_bool( char *value ) { if( *value == 0 ) -- cgit v1.2.3 From 424e66361e985d05e47a7af42e81cd32b09dd6e2 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Sun, 22 Jun 2008 10:32:46 +0100 Subject: Partial fix for #419: Moved normalize() and some other stuff to OSCAR becuase it's the only place where it's used, and using this to strip spaces from all screennames before sending them to BitlBee. --- lib/misc.c | 25 ------------------------- 1 file changed, 25 deletions(-) (limited to 'lib/misc.c') diff --git a/lib/misc.c b/lib/misc.c index ccf208b5..1ecb5181 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -61,31 +61,6 @@ void strip_linefeed(gchar *text) g_free(text2); } -char *normalize(const char *s) -{ - static char buf[BUF_LEN]; - char *t, *u; - int x = 0; - - g_return_val_if_fail((s != NULL), NULL); - - u = t = g_strdup(s); - - strcpy(t, s); - g_strdown(t); - - while (*t && (x < BUF_LEN - 1)) { - if (*t != ' ') { - buf[x] = *t; - x++; - } - t++; - } - buf[x] = '\0'; - g_free(u); - return buf; -} - time_t get_time(int year, int month, int day, int hour, int min, int sec) { struct tm tm; -- cgit v1.2.3 From 6a78c0eed44820a2fefe1e96516e335eddc9c70b Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Mon, 30 Jun 2008 16:37:12 +0100 Subject: Silenced a compiler warning - I don't think there's any way the unitialized version of ret could actually be returned. --- lib/misc.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'lib/misc.c') diff --git a/lib/misc.c b/lib/misc.c index c087f6a5..9d504b75 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -583,13 +583,9 @@ int md5_verify_password( char *password, char *hash ) md5_byte_t *pass_dec = NULL; md5_byte_t pass_md5[16]; md5_state_t md5_state; - int ret, i; + int ret = -1, i; - if( base64_decode( hash, &pass_dec ) != 21 ) - { - ret = -1; - } - else + if( base64_decode( hash, &pass_dec ) == 21 ) { md5_init( &md5_state ); md5_append( &md5_state, (md5_byte_t*) password, strlen( password ) ); -- cgit v1.2.3