/*
* crypt_verify_password is a frontend to crypt_string().
*/
boolean_t crypt_verify_password(char *uinput, char *pass)
{
char *cstr = crypt_string(uinput, pass);
if (!strcmp(cstr, pass))
return TRUE;
return FALSE;
}
/*
* crypt_verify_password is a frontend to crypt_string().
*/
bool crypt_verify_password(const char *uinput, const char *pass)
{
const char *cstr = crypt_string(uinput, pass);
if (!strcmp(cstr, pass))
return true;
return false;
}
void set_password(myuser_t *mu, const char *newpassword)
{
if (mu == NULL || newpassword == NULL)
return;
/* if we can, try to crypt it */
if (crypto_module_loaded)
{
mu->flags |= MU_CRYPTPASS;
mowgli_strlcpy(mu->pass, crypt_string(newpassword, gen_salt()), PASSLEN);
}
else
{
mu->flags &= ~MU_CRYPTPASS; /* just in case */
mowgli_strlcpy(mu->pass, newpassword, PASSLEN);
}
}
static void ns_cmd_generatehash(sourceinfo_t *si, int parc, char *parv[])
{
char *pass = parv[0];
char hash[PASSLEN];
if (parc < 1)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "GENERATEHASH");
command_fail(si, fault_needmoreparams, _("Syntax: GENERATEHASH <password>"));
return;
}
if (crypto_module_loaded)
{
mowgli_strlcpy(hash, crypt_string(pass, gen_salt()), PASSLEN);
command_success_string(si, hash, "Hash is: %s", hash);
}
else
command_success_nodata(si, "No crypto module loaded so could not hash anything.");
logcommand(si, CMDLOG_GET, "GENERATEHASH");
}
static void ns_cmd_sendpass(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
char *name = parv[0];
char *newpass = NULL;
char *key;
metadata_t *md;
enum specialoperation op = op_none;
bool ismarked = false;
char cmdtext[NICKLEN + 20];
hook_user_needforce_t needforce_hdata;
if (!name)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "SENDPASS");
command_fail(si, fault_needmoreparams, _("Syntax: SENDPASS <account>"));
return;
}
if (parc > 1)
{
if (!strcasecmp(parv[1], "FORCE"))
op = op_force;
else if (!strcasecmp(parv[1], "CLEAR"))
op = op_clear;
else
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "SENDPASS");
command_fail(si, fault_badparams, _("Syntax: SENDPASS <account> [FORCE|CLEAR]"));
return;
}
}
if (!(mu = myuser_find_by_nick(name)))
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not registered."), name);
return;
}
if (is_soper(mu) && !has_priv(si, PRIV_ADMIN))
{
logcommand(si, CMDLOG_ADMIN, "failed SENDPASS \2%s\2 (is SOPER)", name);
command_fail(si, fault_badparams, _("\2%s\2 belongs to a services operator; you need %s privilege to send the password."), name, PRIV_ADMIN);
return;
}
if (mu->flags & MU_WAITAUTH)
{
command_fail(si, fault_badparams, _("\2%s\2 is not verified."), entity(mu)->name);
return;
}
if ((md = metadata_find(mu, "private:mark:setter")))
{
ismarked = true;
if (op == op_none)
{
logcommand(si, CMDLOG_ADMIN, "failed SENDPASS \2%s\2 (marked by \2%s\2)", entity(mu)->name, md->value);
command_fail(si, fault_badparams, _("This operation cannot be performed on %s, because the account has been marked by %s."), entity(mu)->name, md->value);
if (has_priv(si, PRIV_MARK))
{
snprintf(cmdtext, sizeof cmdtext, "SENDPASS %s FORCE", entity(mu)->name);
command_fail(si, fault_badparams, _("Use %s to override this restriction."), cmdtext);
}
return;
}
else if (!has_priv(si, PRIV_MARK))
{
logcommand(si, CMDLOG_ADMIN, "failed SENDPASS \2%s\2 (marked by \2%s\2)", entity(mu)->name, md->value);
command_fail(si, fault_noprivs, STR_NO_PRIVILEGE, PRIV_MARK);
return;
}
}
needforce_hdata.si = si;
needforce_hdata.mu = mu;
needforce_hdata.allowed = 1;
hook_call_user_needforce(&needforce_hdata);
if (!needforce_hdata.allowed)
{
ismarked = true;
if (op == op_none)
{
logcommand(si, CMDLOG_ADMIN, "failed SENDPASS \2%s\2 (marked)", entity(mu)->name);
command_fail(si, fault_badparams, _("This operation cannot be performed on %s, because the account has been marked."), entity(mu)->name);
if (has_priv(si, PRIV_MARK))
{
snprintf(cmdtext, sizeof cmdtext, "SENDPASS %s FORCE", entity(mu)->name);
command_fail(si, fault_badparams, _("Use %s to override this restriction."), cmdtext);
}
return;
}
else if (!has_priv(si, PRIV_MARK))
{
logcommand(si, CMDLOG_ADMIN, "failed SENDPASS \2%s\2 (marked)", entity(mu)->name);
command_fail(si, fault_noprivs, STR_NO_PRIVILEGE, PRIV_MARK);
return;
}
}
if (op == op_clear)
{
if (metadata_find(mu, "private:setpass:key"))
{
metadata_delete(mu, "private:setpass:key");
metadata_delete(mu, "private:sendpass:sender");
metadata_delete(mu, "private:sendpass:timestamp");
logcommand(si, CMDLOG_ADMIN, "SENDPASS:CLEAR: \2%s\2", entity(mu)->name);
command_success_nodata(si, _("The password change key for \2%s\2 has been cleared."), entity(mu)->name);
}
else
command_fail(si, fault_nochange, _("\2%s\2 did not have a password change key outstanding."), entity(mu)->name);
return;
}
if (MOWGLI_LIST_LENGTH(&mu->logins) > 0)
{
command_fail(si, fault_noprivs, _("This operation cannot be performed on %s, because someone is logged in to it."), entity(mu)->name);
return;
}
if (metadata_find(mu, "private:freeze:freezer"))
{
command_fail(si, fault_noprivs, _("%s has been frozen by the %s administration."), entity(mu)->name, me.netname);
return;
}
if (command_find(si->service->commands, "SETPASS"))
{
if (metadata_find(mu, "private:setpass:key"))
{
command_fail(si, fault_alreadyexists, _("\2%s\2 already has a password change key outstanding."), entity(mu)->name);
command_fail(si, fault_alreadyexists, _("Use SENDPASS %s CLEAR to clear it so that a new one can be sent."), entity(mu)->name);
return;
}
if (ismarked)
{
wallops("%s sent the password for the \2MARKED\2 account %s.", get_oper_name(si), entity(mu)->name);
if (md)
command_success_nodata(si, _("Overriding MARK placed by %s on the account %s."), md->value, entity(mu)->name);
else
command_success_nodata(si, _("Overriding MARK on the account %s."), entity(mu)->name);
}
logcommand(si, CMDLOG_ADMIN, "SENDPASS: \2%s\2 (change key)", name);
key = random_string(12);
metadata_add(mu, "private:sendpass:sender", get_oper_name(si));
metadata_add(mu, "private:sendpass:timestamp", number_to_string(time(NULL)));
if (!sendemail(si->su != NULL ? si->su : si->service->me, mu, EMAIL_SETPASS, mu->email, key))
{
command_fail(si, fault_emailfail, _("Email send failed."));
free(key);
return;
}
metadata_add(mu, "private:setpass:key", crypt_string(key, gen_salt()));
free(key);
command_success_nodata(si, _("The password change key for \2%s\2 has been sent to \2%s\2."), entity(mu)->name, mu->email);
}
else {
if (ismarked)
{
wallops("%s sent the password for the \2MARKED\2 account %s.", get_oper_name(si), entity(mu)->name);
if (md)
command_success_nodata(si, _("Overriding MARK placed by %s on the account %s."), md->value, entity(mu)->name);
else
command_success_nodata(si, _("Overriding MARK on the account %s."), entity(mu)->name);
}
logcommand(si, CMDLOG_ADMIN, "SENDPASS: \2%s\2", name);
newpass = random_string(12);
metadata_add(mu, "private:sendpass:sender", get_oper_name(si));
metadata_add(mu, "private:sendpass:timestamp", number_to_string(time(NULL)));
if (!sendemail(si->su != NULL ? si->su : si->service->me, mu, EMAIL_SENDPASS, mu->email, newpass))
{
command_fail(si, fault_emailfail, _("Email send failed."));
free(newpass);
return;
}
set_password(mu, newpass);
free(newpass);
command_success_nodata(si, _("The password for \2%s\2 has been sent to \2%s\2."), entity(mu)->name, mu->email);
if (mu->flags & MU_NOPASSWORD)
{
mu->flags &= ~MU_NOPASSWORD;
command_success_nodata(si, _("The \2%s\2 flag has been removed for account \2%s\2."), "NOPASSWORD", entity(mu)->name);
}
}
}
int main(int argc, char **argv)
{
argp_parse(&werror_argp, argc, argv, 0, NULL, NULL);
{
struct crypto_algorithm *algorithm = &rijndael128_algorithm;
struct lsh_string *key = simple_decode_hex("00010203050607080A0B0C0D0F101112") ;
struct lsh_string *plain = simple_decode_hex("506812A45F08C889B97F5980038B8359") ;
struct lsh_string *cipher = simple_decode_hex("D8F532538289EF7D06B506A4FD5BE9C9") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-128 1 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-128 1 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael128_algorithm;
struct lsh_string *key = simple_decode_hex("14151617191A1B1C1E1F202123242526") ;
struct lsh_string *plain = simple_decode_hex("5C6D71CA30DE8B8B00549984D2EC7D4B") ;
struct lsh_string *cipher = simple_decode_hex("59AB30F4D4EE6E4FF9907EF65B1FB68C") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-128 2 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-128 2 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael128_algorithm;
struct lsh_string *key = simple_decode_hex("28292A2B2D2E2F30323334353738393A") ;
struct lsh_string *plain = simple_decode_hex("53F3F4C64F8616E4E7C56199F48F21F6") ;
struct lsh_string *cipher = simple_decode_hex("BF1ED2FCB2AF3FD41443B56D85025CB1") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-128 3 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-128 3 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
/* Skipped lots of tests */
{
struct crypto_algorithm *algorithm = &rijndael128_algorithm;
struct lsh_string *key = simple_decode_hex("A0A1A2A3A5A6A7A8AAABACADAFB0B1B2") ;
struct lsh_string *plain = simple_decode_hex("F5F4F7F684878689A6A7A0A1D2CDCCCF") ;
struct lsh_string *cipher = simple_decode_hex("CE52AF650D088CA559425223F4D32694") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-128 128 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-128 128 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael192_algorithm;
struct lsh_string *key = simple_decode_hex("00010203050607080A0B0C0D0F10111214151617191A1B1C") ;
struct lsh_string *plain = simple_decode_hex("2D33EEF2C0430A8A9EBF45E809C40BB6") ;
struct lsh_string *cipher = simple_decode_hex("DFF4945E0336DF4C1C56BC700EFF837F") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-192 1 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-192 1 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael192_algorithm;
struct lsh_string *key = simple_decode_hex("1E1F20212324252628292A2B2D2E2F30323334353738393A") ;
struct lsh_string *plain = simple_decode_hex("6AA375D1FA155A61FB72353E0A5A8756") ;
struct lsh_string *cipher = simple_decode_hex("B6FDDEF4752765E347D5D2DC196D1252") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-192 2 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-192 2 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael192_algorithm;
struct lsh_string *key = simple_decode_hex("3C3D3E3F41424344464748494B4C4D4E5051525355565758") ;
struct lsh_string *plain = simple_decode_hex("BC3736518B9490DCB8ED60EB26758ED4") ;
struct lsh_string *cipher = simple_decode_hex("D23684E3D963B3AFCF1A114ACA90CBD6") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-192 3 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-192 3 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
/* Skipped lots of tests */
{
struct crypto_algorithm *algorithm = &rijndael192_algorithm;
struct lsh_string *key = simple_decode_hex("868788898B8C8D8E90919293959697989A9B9C9D9FA0A1A2") ;
struct lsh_string *plain = simple_decode_hex("D3D2DDDCAAADACAF9C9D9E9FE8EBEAE5") ;
struct lsh_string *cipher = simple_decode_hex("9ADB3D4CCA559BB98C3E2ED73DBF1154") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-192 128 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-192 128 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael256_algorithm;
struct lsh_string *key = simple_decode_hex("00010203050607080A0B0C0D0F10111214151617191A1B1C1E1F202123242526") ;
struct lsh_string *plain = simple_decode_hex("834EADFCCAC7E1B30664B1ABA44815AB") ;
struct lsh_string *cipher = simple_decode_hex("1946DABF6A03A2A2C3D0B05080AED6FC") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-256 1 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-256 1 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael256_algorithm;
struct lsh_string *key = simple_decode_hex("28292A2B2D2E2F30323334353738393A3C3D3E3F41424344464748494B4C4D4E") ;
struct lsh_string *plain = simple_decode_hex("D9DC4DBA3021B05D67C0518F72B62BF1") ;
struct lsh_string *cipher = simple_decode_hex("5ED301D747D3CC715445EBDEC62F2FB4") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-256 2 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-256 2 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
{
struct crypto_algorithm *algorithm = &rijndael256_algorithm;
struct lsh_string *key = simple_decode_hex("50515253555657585A5B5C5D5F60616264656667696A6B6C6E6F707173747576") ;
struct lsh_string *plain = simple_decode_hex("A291D86301A4A739F7392173AA3C604C") ;
struct lsh_string *cipher = simple_decode_hex("6585C8F43D13A6BEAB6419FC5935B9D0") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-256 3 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-256 3 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
/* Skipped lots of tests */
{
struct crypto_algorithm *algorithm = &rijndael256_algorithm;
struct lsh_string *key = simple_decode_hex("50515253555657585A5B5C5D5F60616264656667696A6B6C6E6F707173747576") ;
struct lsh_string *plain = simple_decode_hex("050407067477767956575051221D1C1F") ;
struct lsh_string *cipher = simple_decode_hex("7444527095838FE080FC2BCDD30847EB") ;
struct crypto_instance *c;
assert(key->length == algorithm->key_size);
assert(!algorithm->iv_size);
c = MAKE_ENCRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Encrypting with rijndael-256 128 ... ", stderr);
a = crypt_string(c, plain, 0);
b = lsh_string_dup(cipher);
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
c = MAKE_DECRYPT(algorithm, key->data, NULL);
{
struct lsh_string *a, *b;
fputs("Decrypting with rijndael-256 128 ... ", stderr);
a = crypt_string(c, cipher, 0);
b = plain;
if (!lsh_string_eq(a, b))
{ fputs("failed.\n", stderr);; exit(1); }
fputs("ok.\n", stderr);
lsh_string_free(a);
lsh_string_free(b);
}
KILL(c);
lsh_string_free(key);
lsh_string_free(cipher);
}
return 0;
}
static void ns_cmd_sendpass(sourceinfo_t *si, int parc, char *parv[])
{
myuser_t *mu;
char *name = parv[0];
char *key;
enum specialoperation op = op_none;
bool ismarked = false;
if (!name)
{
command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, "SENDPASS");
command_fail(si, fault_needmoreparams, _("Syntax: SENDPASS <account>"));
return;
}
if (parc > 1)
{
if (!has_priv(si, PRIV_USER_SENDPASS))
{
command_fail(si, fault_noprivs, _("You are not authorized to perform this operation."));
return;
}
if (!strcasecmp(parv[1], "FORCE"))
op = op_force;
else if (!strcasecmp(parv[1], "CLEAR"))
op = op_clear;
else
{
command_fail(si, fault_badparams, STR_INVALID_PARAMS, "SENDPASS");
command_fail(si, fault_badparams, _("Syntax: SENDPASS <account> [FORCE|CLEAR]"));
return;
}
}
if (!(mu = myuser_find_by_nick(name)))
{
command_fail(si, fault_nosuch_target, _("\2%s\2 is not registered."), name);
return;
}
if (mu->flags & MU_WAITAUTH)
{
command_fail(si, fault_badparams, _("\2%s\2 is not verified."), entity(mu)->name);
return;
}
if (metadata_find(mu, "private:mark:setter"))
{
ismarked = true;
/* don't want to disclose this, so just go ahead... */
}
if (op == op_clear)
{
if (metadata_find(mu, "private:setpass:key"))
{
metadata_delete(mu, "private:setpass:key");
logcommand(si, CMDLOG_ADMIN, "SENDPASS:CLEAR: \2%s\2", entity(mu)->name);
command_success_nodata(si, _("The password change key for \2%s\2 has been cleared."), entity(mu)->name);
}
else
command_fail(si, fault_nochange, _("\2%s\2 did not have a password change key outstanding."), entity(mu)->name);
return;
}
if (MOWGLI_LIST_LENGTH(&mu->logins) > 0)
{
command_fail(si, fault_noprivs, _("This operation cannot be performed on %s, because someone is logged in to it."), entity(mu)->name);
return;
}
if (metadata_find(mu, "private:freeze:freezer"))
{
command_success_nodata(si, _("%s has been frozen by the %s administration."), entity(mu)->name, me.netname);
return;
}
if (metadata_find(mu, "private:setpass:key"))
{
command_fail(si, fault_alreadyexists, _("\2%s\2 already has a password change key outstanding."), entity(mu)->name);
if (has_priv(si, PRIV_USER_SENDPASS))
command_fail(si, fault_alreadyexists, _("Use SENDPASS %s CLEAR to clear it so that a new one can be sent."), entity(mu)->name);
return;
}
key = random_string(12);
if (sendemail(si->su != NULL ? si->su : si->service->me, EMAIL_SETPASS, mu, key))
{
metadata_add(mu, "private:setpass:key", crypt_string(key, gen_salt()));
logcommand(si, CMDLOG_ADMIN, "SENDPASS: \2%s\2 (change key)", name);
command_success_nodata(si, _("The password change key for \2%s\2 has been sent to the corresponding email address."), entity(mu)->name);
if (ismarked)
wallops("%s sent the password for the \2MARKED\2 account %s.", get_oper_name(si), entity(mu)->name);
}
else
command_fail(si, fault_emailfail, _("Email send failed."));
free(key);
}
