From ddcf491fa460fea612c240589c50da864dad6668 Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Sun, 16 Mar 2008 14:18:22 +0000
Subject: Adding padding to encrypted IM-passwords so the exact password length
 can't be guessed from the encrypted data anymore.

---
 storage_xml.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'storage_xml.c')

diff --git a/storage_xml.c b/storage_xml.c
index 19070a74..6ea4d442 100644
--- a/storage_xml.c
+++ b/storage_xml.c
@@ -427,7 +427,7 @@ static storage_status_t xml_save( irc_t *irc, int overwrite )
 		char *pass_b64;
 		int pass_len;
 		
-		pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password );
+		pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password, 12 );
 		pass_b64 = base64_encode( pass_cr, pass_len );
 		g_free( pass_cr );
 		
-- 
cgit v1.2.3


From 4e8db1c0141f74dc6156a57739613483344b358d Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Sun, 16 Mar 2008 16:03:52 +0000
Subject: Moved password hash verification to md5_verify_password() so this can
 be reused for IRC/OPER passwords (to have encrypted in bitlbee.conf).

---
 storage_xml.c | 41 +++++++++++------------------------------
 1 file changed, 11 insertions(+), 30 deletions(-)

(limited to 'storage_xml.c')

diff --git a/storage_xml.c b/storage_xml.c
index 6ea4d442..f37fce44 100644
--- a/storage_xml.c
+++ b/storage_xml.c
@@ -79,49 +79,30 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na
 	{
 		char *nick = xml_attr( attr_names, attr_values, "nick" );
 		char *pass = xml_attr( attr_names, attr_values, "password" );
-		md5_byte_t *pass_dec = NULL;
+		int st;
 		
 		if( !nick || !pass )
 		{
 			g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
 			             "Missing attributes for %s element", element_name );
 		}
-		else if( base64_decode( pass, &pass_dec ) != 21 )
+		else if( ( st = md5_verify_password( xd->given_pass, pass ) ) == -1 )
 		{
+			xd->pass_st = XML_PASS_WRONG;
 			g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
 			             "Error while decoding password attribute" );
 		}
+		else if( st == 0 )
+		{
+			if( xd->pass_st != XML_PASS_CHECK_ONLY )
+				xd->pass_st = XML_PASS_OK;
+		}
 		else
 		{
-			md5_byte_t pass_md5[16];
-			md5_state_t md5_state;
-			int i;
-			
-			md5_init( &md5_state );
-			md5_append( &md5_state, (md5_byte_t*) xd->given_pass, strlen( xd->given_pass ) );
-			md5_append( &md5_state, (md5_byte_t*) pass_dec + 16, 5 ); /* Hmmm, salt! */
-			md5_finish( &md5_state, pass_md5 );
-			
-			for( i = 0; i < 16; i ++ )
-			{
-				if( pass_dec[i] != pass_md5[i] )
-				{
-					xd->pass_st = XML_PASS_WRONG;
-					g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
-					             "Password mismatch" );
-					break;
-				}
-			}
-			
-			/* If we reached the end of the loop, it was a match! */
-			if( i == 16 )
-			{
-				if( xd->pass_st != XML_PASS_CHECK_ONLY )
-					xd->pass_st = XML_PASS_OK;
-			}
+			xd->pass_st = XML_PASS_WRONG;
+			g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
+			             "Password mismatch" );
 		}
-		
-		g_free( pass_dec );
 	}
 	else if( xd->pass_st < XML_PASS_OK )
 	{
-- 
cgit v1.2.3


From 5f5d433900a0eaec54edcd64ab8be0fc2384aa94 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 2 Apr 2008 16:17:37 +0200
Subject: Use GLib functions to check whether files exist, for extra
 portability.

---
 storage_xml.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'storage_xml.c')

diff --git a/storage_xml.c b/storage_xml.c
index f37fce44..ab7da6e3 100644
--- a/storage_xml.c
+++ b/storage_xml.c
@@ -28,6 +28,7 @@
 #include "base64.h"
 #include "arc.h"
 #include "md5.h"
+#include <glib/gstdio.h>
 
 typedef enum
 {
@@ -242,9 +243,9 @@ GMarkupParser xml_parser =
 
 static void xml_init( void )
 {
-	if( access( global.conf->configdir, F_OK ) != 0 )
+	if( ! g_file_test( global.conf->configdir, G_FILE_TEST_EXISTS ) )
 		log_message( LOGLVL_WARNING, "The configuration directory `%s' does not exist. Configuration won't be saved.", global.conf->configdir );
-	else if( access( global.conf->configdir, R_OK ) != 0 || access( global.conf->configdir, W_OK ) != 0 )
+	else if( ! g_file_test( global.conf->configdir, G_FILE_TEST_EXISTS ) || g_access( global.conf->configdir, W_OK ) != 0 )
 		log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to `%s'.", global.conf->configdir );
 }
 
@@ -371,7 +372,7 @@ static storage_status_t xml_save( irc_t *irc, int overwrite )
 	g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, path2, ".xml" );
 	g_free( path2 );
 	
-	if( !overwrite && access( path, F_OK ) != -1 )
+	if( !overwrite && g_file_test( path, G_FILE_TEST_EXISTS ) )
 		return STORAGE_ALREADY_EXISTS;
 	
 	strcat( path, "~" );
-- 
cgit v1.2.3


From e0f9170849e9c4aaa679f86703a60686d36607bb Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Fri, 27 Jun 2008 00:18:31 +0100
Subject: xml_remove() didn't convert nicknames to lowercase so it caused some
 confusing errors sometimes. This should close #395.

---
 storage_xml.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'storage_xml.c')

diff --git a/storage_xml.c b/storage_xml.c
index ab7da6e3..ca82a9d1 100644
--- a/storage_xml.c
+++ b/storage_xml.c
@@ -480,14 +480,18 @@ static gboolean xml_save_nick( gpointer key, gpointer value, gpointer data )
 
 static storage_status_t xml_remove( const char *nick, const char *password )
 {
-	char s[512];
+	char s[512], *lc;
 	storage_status_t status;
 
 	status = xml_check_pass( nick, password );
 	if( status != STORAGE_OK )
 		return status;
 
-	g_snprintf( s, 511, "%s%s%s", global.conf->configdir, nick, ".xml" );
+	lc = g_strdup( nick );
+	nick_lc( lc );
+	g_snprintf( s, 511, "%s%s%s", global.conf->configdir, lc, ".xml" );
+	g_free( lc );
+	
 	if( unlink( s ) == -1 )
 		return STORAGE_OTHER_ERROR;
 	
-- 
cgit v1.2.3


From 47b571d306a3da9932bc2616ab954ee342ec6519 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 28 Jun 2008 19:35:34 +0200
Subject: Avoid g_access on GLib < 2.8.0.

---
 storage_xml.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'storage_xml.c')

diff --git a/storage_xml.c b/storage_xml.c
index ca82a9d1..cb92135c 100644
--- a/storage_xml.c
+++ b/storage_xml.c
@@ -30,6 +30,11 @@
 #include "md5.h"
 #include <glib/gstdio.h>
 
+#if !GLIB_CHECK_VERSION(2,8,0)
+/* GLib < 2.8.0 doesn't have g_access, so just use the system access(). */
+#define g_access access
+#endif
+
 typedef enum
 {
 	XML_PASS_CHECK_ONLY = -1,
@@ -245,7 +250,8 @@ static void xml_init( void )
 {
 	if( ! g_file_test( global.conf->configdir, G_FILE_TEST_EXISTS ) )
 		log_message( LOGLVL_WARNING, "The configuration directory `%s' does not exist. Configuration won't be saved.", global.conf->configdir );
-	else if( ! g_file_test( global.conf->configdir, G_FILE_TEST_EXISTS ) || g_access( global.conf->configdir, W_OK ) != 0 )
+	else if( ! g_file_test( global.conf->configdir, G_FILE_TEST_EXISTS ) || 
+			 g_access( global.conf->configdir, W_OK ) != 0 )
 		log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to `%s'.", global.conf->configdir );
 }
 
-- 
cgit v1.2.3


From dfd442b384ff04de537b399fd7e42ed01b62cf10 Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Mon, 30 Jun 2008 00:45:11 +0100
Subject: Just use g_access() everywhere instead of a mix of that and
 g_file_test(). g_file_test() can't test for writability, and g_access()
 doesn't exist in older GLibs. :-/

---
 storage_xml.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'storage_xml.c')

diff --git a/storage_xml.c b/storage_xml.c
index cb92135c..240206f1 100644
--- a/storage_xml.c
+++ b/storage_xml.c
@@ -248,10 +248,10 @@ GMarkupParser xml_parser =
 
 static void xml_init( void )
 {
-	if( ! g_file_test( global.conf->configdir, G_FILE_TEST_EXISTS ) )
+	if( g_access( global.conf->configdir, F_OK ) != 0 )
 		log_message( LOGLVL_WARNING, "The configuration directory `%s' does not exist. Configuration won't be saved.", global.conf->configdir );
-	else if( ! g_file_test( global.conf->configdir, G_FILE_TEST_EXISTS ) || 
-			 g_access( global.conf->configdir, W_OK ) != 0 )
+	else if( g_access( global.conf->configdir, F_OK ) != 0 || 
+	         g_access( global.conf->configdir, W_OK ) != 0 )
 		log_message( LOGLVL_WARNING, "Permission problem: Can't read/write from/to `%s'.", global.conf->configdir );
 }
 
@@ -378,7 +378,7 @@ static storage_status_t xml_save( irc_t *irc, int overwrite )
 	g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, path2, ".xml" );
 	g_free( path2 );
 	
-	if( !overwrite && g_file_test( path, G_FILE_TEST_EXISTS ) )
+	if( !overwrite && g_access( path, F_OK ) == 0 )
 		return STORAGE_ALREADY_EXISTS;
 	
 	strcat( path, "~" );
-- 
cgit v1.2.3