static int crypt_main( int argc, char *argv[] )
{
int pass_len;
unsigned char *pass_cr, *pass_cl;
if( argc < 4 || ( strcmp( argv[2], "hash" ) != 0 &&
strcmp( argv[2], "unhash" ) != 0 && argc < 5 ) )
{
printf( "Supported:\n"
" %s -x enc <key> <cleartext password>\n"
" %s -x dec <key> <encrypted password>\n"
" %s -x hash <cleartext password>\n"
" %s -x unhash <hashed password>\n"
" %s -x chkhash <hashed password> <cleartext password>\n",
argv[0], argv[0], argv[0], argv[0], argv[0] );
}
else if( strcmp( argv[2], "enc" ) == 0 )
{
pass_len = arc_encode( argv[4], strlen( argv[4] ), (unsigned char**) &pass_cr, argv[3], 12 );
printf( "%s\n", base64_encode( pass_cr, pass_len ) );
}
else if( strcmp( argv[2], "dec" ) == 0 )
{
pass_len = base64_decode( argv[4], (unsigned char**) &pass_cr );
arc_decode( pass_cr, pass_len, (char**) &pass_cl, argv[3] );
printf( "%s\n", pass_cl );
}
else if( strcmp( argv[2], "hash" ) == 0 )
{
md5_byte_t pass_md5[21];
md5_state_t md5_state;
random_bytes( pass_md5 + 16, 5 );
md5_init( &md5_state );
md5_append( &md5_state, (md5_byte_t*) argv[3], strlen( argv[3] ) );
md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */
md5_finish( &md5_state, pass_md5 );
printf( "%s\n", base64_encode( pass_md5, 21 ) );
}
else if( strcmp( argv[2], "unhash" ) == 0 )
{
printf( "Hash %s submitted to a massive Beowulf cluster of\n"
"overclocked 486s. Expect your answer next year somewhere around this time. :-)\n", argv[3] );
}
else if( strcmp( argv[2], "chkhash" ) == 0 )
{
char *hash = strncmp( argv[3], "md5:", 4 ) == 0 ? argv[3] + 4 : argv[3];
int st = md5_verify_password( argv[4], hash );
printf( "Hash %s given password.\n", st == 0 ? "matches" : "does not match" );
return st;
}
return 0;
}
static storage_status_t xml_save( irc_t *irc, int overwrite )
{
char path[512], *path2, *pass_buf = NULL;
set_t *set;
account_t *acc;
int fd;
md5_byte_t pass_md5[21];
md5_state_t md5_state;
GSList *l;
path2 = g_strdup( irc->user->nick );
nick_lc( path2 );
g_snprintf( path, sizeof( path ) - 2, "%s%s%s", global.conf->configdir, path2, ".xml" );
g_free( path2 );
if( !overwrite && g_access( path, F_OK ) == 0 )
return STORAGE_ALREADY_EXISTS;
strcat( path, ".XXXXXX" );
if( ( fd = mkstemp( path ) ) < 0 )
{
irc_rootmsg( irc, "Error while opening configuration file." );
return STORAGE_OTHER_ERROR;
}
/* Generate a salted md5sum of the password. Use 5 bytes for the salt
(to prevent dictionary lookups of passwords) to end up with a 21-
byte password hash, more convenient for base64 encoding. */
random_bytes( pass_md5 + 16, 5 );
md5_init( &md5_state );
md5_append( &md5_state, (md5_byte_t*) irc->password, strlen( irc->password ) );
md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */
md5_finish( &md5_state, pass_md5 );
/* Save the hash in base64-encoded form. */
pass_buf = base64_encode( pass_md5, 21 );
if( !xml_printf( fd, 0, "<user nick=\"%s\" password=\"%s\" version=\"%d\">\n", irc->user->nick, pass_buf, XML_FORMAT_VERSION ) )
goto write_error;
g_free( pass_buf );
for( set = irc->b->set; set; set = set->next )
if( set->value && !( set->flags & SET_NOSAVE ) )
if( !xml_printf( fd, 1, "<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
goto write_error;
for( acc = irc->b->accounts; acc; acc = acc->next )
{
unsigned char *pass_cr;
char *pass_b64;
int pass_len;
pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password, 12 );
pass_b64 = base64_encode( pass_cr, pass_len );
g_free( pass_cr );
if( !xml_printf( fd, 1, "<account protocol=\"%s\" handle=\"%s\" password=\"%s\" "
"autoconnect=\"%d\" tag=\"%s\"", acc->prpl->name, acc->user,
pass_b64, acc->auto_connect, acc->tag ) )
{
g_free( pass_b64 );
goto write_error;
}
g_free( pass_b64 );
if( acc->server && acc->server[0] && !xml_printf( fd, 0, " server=\"%s\"", acc->server ) )
goto write_error;
if( !xml_printf( fd, 0, ">\n" ) )
goto write_error;
for( set = acc->set; set; set = set->next )
if( set->value && !( set->flags & ACC_SET_NOSAVE ) )
if( !xml_printf( fd, 2, "<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
goto write_error;
/* This probably looks pretty strange. g_hash_table_foreach
is quite a PITA already (but it can't get much better in
C without using #define, I'm afraid), and since it
doesn't seem to be possible to abort the foreach on write
errors, so instead let's use the _find function and
return TRUE on write errors. Which means, if we found
something, there was an error. :-) */
if( g_hash_table_find( acc->nicks, xml_save_nick, & fd ) )
goto write_error;
if( !xml_printf( fd, 1, "</account>\n" ) )
goto write_error;
}
for( l = irc->channels; l; l = l->next )
{
irc_channel_t *ic = l->data;
if( ic->flags & IRC_CHANNEL_TEMP )
continue;
if( !xml_printf( fd, 1, "<channel name=\"%s\" type=\"%s\">\n",
ic->name, set_getstr( &ic->set, "type" ) ) )
goto write_error;
for( set = ic->set; set; set = set->next )
if( set->value && strcmp( set->key, "type" ) != 0 )
if( !xml_printf( fd, 2, "<setting name=\"%s\">%s</setting>\n", set->key, set->value ) )
goto write_error;
if( !xml_printf( fd, 1, "</channel>\n" ) )
goto write_error;
}
if( !xml_printf( fd, 0, "</user>\n" ) )
goto write_error;
fsync( fd );
close( fd );
path2 = g_strndup( path, strlen( path ) - 7 );
if( rename( path, path2 ) != 0 )
{
irc_rootmsg( irc, "Error while renaming temporary configuration file." );
g_free( path2 );
unlink( path );
return STORAGE_OTHER_ERROR;
}
g_free( path2 );
return STORAGE_OK;
write_error:
g_free( pass_buf );
irc_rootmsg( irc, "Write error. Disk full?" );
close( fd );
return STORAGE_OTHER_ERROR;
}
struct xt_node *xml_generate( irc_t *irc )
{
char *pass_buf = NULL;
account_t *acc;
md5_byte_t pass_md5[21];
md5_state_t md5_state;
GSList *l;
struct xt_node *root, *cur;
/* Generate a salted md5sum of the password. Use 5 bytes for the salt
(to prevent dictionary lookups of passwords) to end up with a 21-
byte password hash, more convenient for base64 encoding. */
random_bytes( pass_md5 + 16, 5 );
md5_init( &md5_state );
md5_append( &md5_state, (md5_byte_t*) irc->password, strlen( irc->password ) );
md5_append( &md5_state, pass_md5 + 16, 5 ); /* Add the salt. */
md5_finish( &md5_state, pass_md5 );
/* Save the hash in base64-encoded form. */
pass_buf = base64_encode( pass_md5, 21 );
root = cur = xt_new_node( "user", NULL, NULL );
xt_add_attr( cur, "nick", irc->user->nick );
xt_add_attr( cur, "password", pass_buf );
xt_add_attr( cur, "version", XML_FORMAT_VERSION );
g_free( pass_buf );
xml_generate_settings( cur, &irc->b->set );
for( acc = irc->b->accounts; acc; acc = acc->next )
{
unsigned char *pass_cr;
char *pass_b64;
int pass_len;
pass_len = arc_encode( acc->pass, strlen( acc->pass ), (unsigned char**) &pass_cr, irc->password, 12 );
pass_b64 = base64_encode( pass_cr, pass_len );
g_free( pass_cr );
cur = xt_new_node( "account", NULL, NULL );
xt_add_attr( cur, "protocol", acc->prpl->name );
xt_add_attr( cur, "handle", acc->user );
xt_add_attr( cur, "password", pass_b64 );
xt_add_attr( cur, "autoconnect", acc->auto_connect ? "true" : "false" );
xt_add_attr( cur, "tag", acc->tag );
if( acc->server && acc->server[0] )
xt_add_attr( cur, "server", acc->server );
g_free( pass_b64 );
/* This probably looks pretty strange. g_hash_table_foreach
is quite a PITA already (but it can't get much better in
C without using #define, I'm afraid), and it
doesn't seem to be possible to abort the foreach on write
errors, so instead let's use the _find function and
return TRUE on write errors. Which means, if we found
something, there was an error. :-) */
g_hash_table_find( acc->nicks, xml_generate_nick, cur );
xml_generate_settings( cur, &acc->set );
xt_add_child( root, cur );
}
for( l = irc->channels; l; l = l->next )
{
irc_channel_t *ic = l->data;
if( ic->flags & IRC_CHANNEL_TEMP )
continue;
cur = xt_new_node( "channel", NULL, NULL );
xt_add_attr( cur, "name", ic->name );
xt_add_attr( cur, "type", set_getstr( &ic->set, "type" ) );
xml_generate_settings( cur, &ic->set );
xt_add_child( root, cur );
}
return root;
}
struct xt_node *xml_generate(irc_t *irc)
{
char *pass_buf = NULL;
account_t *acc;
md5_byte_t pass_md5[21];
md5_state_t md5_state;
GSList *l;
struct xt_node *root, *cur;
root = cur = xt_new_node("user", NULL, NULL);
if (irc->auth_backend) {
xt_add_attr(cur, "auth_backend", irc->auth_backend);
} else {
/* Generate a salted md5sum of the password. Use 5 bytes for the salt
(to prevent dictionary lookups of passwords) to end up with a 21-
byte password hash, more convenient for base64 encoding. */
random_bytes(pass_md5 + 16, 5);
md5_init(&md5_state);
md5_append(&md5_state, (md5_byte_t *) irc->password, strlen(irc->password));
md5_append(&md5_state, pass_md5 + 16, 5); /* Add the salt. */
md5_finish(&md5_state, pass_md5);
/* Save the hash in base64-encoded form. */
pass_buf = base64_encode(pass_md5, 21);
xt_add_attr(cur, "password", pass_buf);
g_free(pass_buf);
}
xt_add_attr(cur, "nick", irc->user->nick);
xt_add_attr(cur, "version", XML_FORMAT_VERSION);
xml_generate_settings(cur, &irc->b->set);
for (acc = irc->b->accounts; acc; acc = acc->next) {
GHashTableIter iter;
gpointer key, value;
unsigned char *pass_cr;
char *pass_b64;
int pass_len;
if(irc->auth_backend) {
/* If we don't "own" the password, it may change without us
* knowing, so we cannot encrypt the data, as we then may not be
* able to decrypt it */
pass_b64 = base64_encode((unsigned char *)acc->pass, strlen(acc->pass));
} else {
pass_len = arc_encode(acc->pass, strlen(acc->pass), (unsigned char **) &pass_cr, irc->password, 12);
pass_b64 = base64_encode(pass_cr, pass_len);
g_free(pass_cr);
}
cur = xt_new_node("account", NULL, NULL);
xt_add_attr(cur, "protocol", acc->prpl->name);
xt_add_attr(cur, "handle", acc->user);
xt_add_attr(cur, "password", pass_b64);
xt_add_attr(cur, "autoconnect", acc->auto_connect ? "true" : "false");
xt_add_attr(cur, "tag", acc->tag);
if (acc->server && acc->server[0]) {
xt_add_attr(cur, "server", acc->server);
}
if (acc->flags & ACC_FLAG_LOCKED) {
xt_add_attr(cur, "locked", "true");
}
g_free(pass_b64);
g_hash_table_iter_init(&iter, acc->nicks);
while (g_hash_table_iter_next(&iter, &key, &value)) {
struct xt_node *node = xt_new_node("buddy", NULL, NULL);
xt_add_attr(node, "handle", key);
xt_add_attr(node, "nick", value);
xt_add_child(cur, node);
}
xml_generate_settings(cur, &acc->set);
xt_add_child(root, cur);
}
for (l = irc->channels; l; l = l->next) {
irc_channel_t *ic = l->data;
if (ic->flags & IRC_CHANNEL_TEMP) {
continue;
}
cur = xt_new_node("channel", NULL, NULL);
xt_add_attr(cur, "name", ic->name);
xt_add_attr(cur, "type", set_getstr(&ic->set, "type"));
xml_generate_settings(cur, &ic->set);
xt_add_child(root, cur);
}
return root;
}