diff options
| author | rob rob@31f1291d-b8d6-0310-a050-a5561fc1590b <rob rob@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864> | 2006-10-18 17:52:45 +0000 |
|---|---|---|
| committer | rob rob@31f1291d-b8d6-0310-a050-a5561fc1590b <rob rob@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864> | 2006-10-18 17:52:45 +0000 |
| commit | e02f698fba251a63ab59978534eddc56eb015665 (patch) | |
| tree | 9053de9f3debf792eb63753ff4bf542831dbd03c | |
| parent | c2e07f08ea99a8dd76362fa28a4037eabe9e4283 (diff) | |
BUILD : 1.7.17 (1190) BUGS : N/A NOTES : sha1 is a valid choice of encryption hash
git-svn-id: svn://svn.anope.org/anope/trunk@1190 31f1291d-b8d6-0310-a050-a5561fc1590b
git-svn-id: http://anope.svn.sourceforge.net/svnroot/anope/trunk@910 5417fbe8-f217-4b02-8779-1006273d7864
| -rw-r--r-- | Changes | 2 | ||||
| -rw-r--r-- | Changes.conf | 5 | ||||
| -rwxr-xr-x | configure | 67 | ||||
| -rw-r--r-- | configure.in | 18 | ||||
| -rw-r--r-- | data/example.conf | 5 | ||||
| -rw-r--r-- | include/sysconf.h.in | 20 | ||||
| -rw-r--r-- | src/core/enc_md5.c | 7 | ||||
| -rw-r--r-- | src/core/enc_sha1.c | 314 | ||||
| -rw-r--r-- | src/users.c | 6 | ||||
| -rw-r--r-- | version.log | 6 |
10 files changed, 441 insertions, 9 deletions
@@ -1,6 +1,6 @@ Anope Version S V N -------------------- -10/17 F Encryption, users can now pick none, old or real md5. [ #00] +10/17 F Encryption, users can now pick none, old, md5 or sha1. [ #00] 10/18 F MLock support for +c was missing on ultimate3. [ #00] Anope Version 1.7.17 diff --git a/Changes.conf b/Changes.conf index 554edc020..865362a0b 100644 --- a/Changes.conf +++ b/Changes.conf @@ -19,9 +19,14 @@ Anope Version S V N # NOTE: users of anope's previous (broken) md5 implementation should # select the enc_old option, or things may break. # +# NOTE2: Some of these encryption methods are one-way (md5, sha1, old) +# meaning that you can NOT retrive the passwords in plain text once +# encrypted. +# # Plain Text - enc_none # Previous (broken) MD5 - enc_old # MD5 - enc_md5 +# SHA1 - enc_sha1 # EncModule "enc_none" @@ -719,13 +719,13 @@ echo X"$0" | /^X\(\/\).*/{ s//\1/; q; } s/.*/./; q'` srcdir=$ac_confdir - if test ! -r $srcdir/$ac_unique_file; then + if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi -if test ! -r $srcdir/$ac_unique_file; then +if test ! -r "$srcdir/$ac_unique_file"; then if test "$ac_srcdir_defaulted" = yes; then { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 { (exit 1); exit 1; }; } @@ -734,7 +734,7 @@ if test ! -r $srcdir/$ac_unique_file; then { (exit 1); exit 1; }; } fi fi -(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || +(cd $srcdir && test -r "./$ac_unique_file") 2>/dev/null || { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 { (exit 1); exit 1; }; } srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` @@ -2944,6 +2944,67 @@ _ACEOF fi; +echo "$as_me:$LINENO: checking whether this is a bit or little endian system" >&5 +echo $ECHO_N "checking whether this is a bit or little endian system... $ECHO_C" >&6 +if test "$cross_compiling" = yes; then + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run test program while cross compiling +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int main() +{ + short s = 1; + short* ptr = &s; + unsigned char c = *((char*)ptr); + return c; +} + + +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cat >>confdefs.h <<\_ACEOF +#define BIG_ENDIAN 1 +_ACEOF + + echo "$as_me:$LINENO: result: big" >&5 +echo "${ECHO_T}big" >&6 + +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +cat >>confdefs.h <<\_ACEOF +#define LITTLE_ENDIAN 1 +_ACEOF + + echo "$as_me:$LINENO: result: little" >&5 +echo "${ECHO_T}little" >&6 + +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi + diff --git a/configure.in b/configure.in index 6ce19e665..6c7a436cf 100644 --- a/configure.in +++ b/configure.in @@ -116,7 +116,23 @@ AC_ARG_WITH(mysql, [ --without-mysql Do not use MySQL or attempt to fin fi fi ]) - + +AC_MSG_CHECKING(whether this is a bit or little endian system) +AC_TRY_RUN([ +int main() +{ + short s = 1; + short* ptr = &s; + unsigned char c = *((char*)ptr); + return c; +} +] +, AC_DEFINE(BIG_ENDIAN) + AC_MSG_RESULT(big) +, AC_DEFINE(LITTLE_ENDIAN) + AC_MSG_RESULT(little) +) + AC_SUBST(ANOPELIBS) AC_SUBST(LDFLAGS) diff --git a/data/example.conf b/data/example.conf index 59097c4f1..213fd75da 100644 --- a/data/example.conf +++ b/data/example.conf @@ -114,9 +114,14 @@ # NOTE: users of anope's previous (broken) md5 implementation should # select the enc_old option, or things may break. # +# NOTE2: Some of these encryption methods are one-way (md5, sha1, old) +# meaning that you can NOT retrive the passwords in plain text once +# encrypted. +# # Plain Text - enc_none # Previous (broken) MD5 - enc_old # MD5 - enc_md5 +# SHA1 - enc_sha1 # EncModule "enc_none" diff --git a/include/sysconf.h.in b/include/sysconf.h.in index d54f58617..59f900433 100644 --- a/include/sysconf.h.in +++ b/include/sysconf.h.in @@ -161,6 +161,26 @@ /* Static config, copy from here to below before running autoheader! */ +#ifndef BIG_ENDIAN + +/* Big Endian system */ +#undef BIG_ENDIAN + +#endif + +#ifndef LITTLE_ENDIAN + +/* Little Endian system */ +#undef LITTLE_ENDIAN + +#endif + +/** + * NOTE: BIG_ENDIAN and LITTLE_ENDIAN defines should not be left in + * by autoheader as they may be defined or may not be, as such we check + * if there defined before messing with them! + **/ + #ifdef HAS_SYS_TYPES_H #include <sys/types.h> #endif diff --git a/src/core/enc_md5.c b/src/core/enc_md5.c index 411e9f2a4..a143fd851 100644 --- a/src/core/enc_md5.c +++ b/src/core/enc_md5.c @@ -350,7 +350,12 @@ int md5_encrypt(const char *src, int len, char *dest, int size) if(debug) { memset(tmp,0,33); binary_to_hex(dest,tmp,16); - alog("enc_md5: Converted [%s] to [%s]",src,tmp); + /* Dont log source if we were encrypting in place :) */ + if (memcmp(src, dest, 16) != 0) { + alog("enc_md5: hashed from [%s] to [%s]",src,tmp); + } else { + alog("enc_md5: hashed password to [%s]",tmp); + } } return 0; diff --git a/src/core/enc_sha1.c b/src/core/enc_sha1.c new file mode 100644 index 000000000..1fdb2a3fb --- /dev/null +++ b/src/core/enc_sha1.c @@ -0,0 +1,314 @@ +/* +SHA-1 in C +By Steve Reid <steve@edmweb.com> +100% Public Domain + +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#include "module.h" +#include <stdio.h> +#include <string.h> + +typedef struct { + unsigned long state[5]; + unsigned long count[2]; + unsigned char buffer[64]; +} SHA1_CTX; + +void SHA1Transform(unsigned long state[5], const unsigned char buffer[64]); +void SHA1Init(SHA1_CTX* context); +void SHA1Update(SHA1_CTX* context, const unsigned char* data, unsigned int len); +void SHA1Final(unsigned char digest[20], SHA1_CTX* context); + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#ifdef LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#else +#define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +void SHA1Transform(unsigned long state[5], const unsigned char buffer[64]) +{ +unsigned long a, b, c, d, e; +typedef union { + unsigned char c[64]; + unsigned long l[16]; +} CHAR64LONG16; +CHAR64LONG16* block; +#ifdef SHA1HANDSOFF +static unsigned char workspace[64]; + block = (CHAR64LONG16*)workspace; + memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16*)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* SHA1Init - Initialize new context */ + +void SHA1Init(SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void SHA1Update(SHA1_CTX* context, const unsigned char* data, unsigned int len) +{ +unsigned int i, j; + + j = (context->count[0] >> 3) & 63; + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; + context->count[1] += (len >> 29); + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void SHA1Final(unsigned char digest[20], SHA1_CTX* context) +{ +unsigned long i, j; +unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + SHA1Update(context, (unsigned char *)"\200", 1); + while ((context->count[0] & 504) != 448) { + SHA1Update(context, (unsigned char *)"\0", 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + i = j = 0; + memset(context->buffer, 0, 64); + memset(context->state, 0, 20); + memset(context->count, 0, 8); + memset(&finalcount, 0, 8); +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ + SHA1Transform(context->state, context->buffer); +#endif +} + + +/*************************************************************/ + +/* +int main(int argc, char** argv) +{ + int i, j; + SHA1_CTX context; + unsigned char digest[20], buffer[16384]; + FILE* file; + + if (argc > 2) { + puts("Public domain SHA-1 implementation - by Steve Reid <steve@edmweb.com>"); + puts("Produces the SHA-1 hash of a file, or stdin if no file is specified."); + exit(0); + } + if (argc < 2) { + file = stdin; + } + else { + if (!(file = fopen(argv[1], "rb"))) { + fputs("Unable to open file.", stderr); + exit(-1); + } + } + SHA1Init(&context); + while (!feof(file)) { + i = fread(buffer, 1, 16384, file); + SHA1Update(&context, buffer, i); + } + SHA1Final(digest, &context); + fclose(file); + for (i = 0; i < 5; i++) { + for (j = 0; j < 4; j++) { + printf("%02X", digest[i*4+j]); + } + putchar(' '); + } + putchar('\n'); + exit(0); +} + */ + +/*****************************************************************************/ + +int sha1_encrypt(const char *src, int len, char *dest, int size) +{ + SHA1_CTX context; + unsigned char tmp[41]; + + if (size < 20) + return -1; + + memset(dest,0,20); + + SHA1Init(&context); + SHA1Update(&context, src, len); + SHA1Final(dest, &context); + + if(debug) { + memset(tmp,0,41); + binary_to_hex(dest,tmp,20); + /* Dont log source if we were encrypting in place :) */ + if (memcmp(src, dest, 20) != 0) { + alog("enc_sha1: hashed from [%s] to [%s]",src,tmp); + } else { + alog("enc_sha1: hashed password to [%s]",tmp); + } + } + + return 0; +} + + +int sha1_encrypt_in_place(char *buf, int size) +{ + char tmp[41]; + memset(tmp,0,41); + if(sha1_encrypt(buf, strlen(buf), tmp, size)==0) { + memcpy(buf,tmp,40); + } else { + return -1; + } + return 0; +} + + +int sha1_encrypt_check_len(int passlen, int bufsize) +{ + if (bufsize < 20) + fatal("enc_sha1: sha1_check_len(): buffer too small (%d)", bufsize); + return 0; +} + + +int sha1_decrypt(const char *src, char *dest, int size) +{ + return 0; +} + + +int sha1_check_password(const char *plaintext, const char *password) +{ + char buf[BUFSIZE]; + + if (sha1_encrypt(plaintext, strlen(plaintext), buf, sizeof(buf)) < 0) + return -1; + if (memcmp(buf, password, 20) == 0) + return 1; + return 0; +} + +/*************************************************************************/ + +/* Module stuff. */ + +int AnopeInit(int argc, char **argv) { + + moduleAddAuthor("Anope"); + moduleAddVersion("$Id$"); + moduleSetType(ENCRYPTION); + + encmodule_encrypt(sha1_encrypt); + encmodule_encrypt_in_place(sha1_encrypt_in_place); + encmodule_encrypt_check_len(sha1_encrypt_check_len); + encmodule_decrypt(sha1_decrypt); + encmodule_check_password(sha1_check_password); + + return MOD_CONT; +} + +void AnopeFini(void) { + encmodule_encrypt(NULL); + encmodule_encrypt_in_place(NULL); + encmodule_encrypt_check_len(NULL); + encmodule_decrypt(NULL); + encmodule_check_password(NULL); +} + diff --git a/src/users.c b/src/users.c index d2142b882..140fac592 100644 --- a/src/users.c +++ b/src/users.c @@ -667,9 +667,11 @@ User *do_nick(const char *source, char *nick, char *username, char *host, if (LogUsers) { logrealname = normalizeBuffer(user->realname); if (ircd->vhost) { - alog("LOGUSERS: %s (%s@%s => %s) (%s) changed his nick to %s (%s).", user->nick, user->username, user->host, (user->vhost ? user->vhost : "(none)"), logrealname, nick, user->server->name); + alog("LOGUSERS: %s (%s@%s => %s) (%s) changed nick to %s (%s).", user->nick, user->username, user->host, (user->vhost ? user->vhost : "(none)"), logrealname, nick, user->server->name); } else { - alog("LOGUSERS: %s (%s@%s) (%s) changed his nick to %s (%s).", user->nick, user->username, user->host, logrealname, nick, user->server->name); + alog("LOGUSERS: %s (%s@%s) (%s) changed nick to %s (%s).", + user->nick, user->username, user->host, logrealname, + nick, user->server->name); } if (logrealname) { free(logrealname); diff --git a/version.log b/version.log index 9183245cd..f563aeb6f 100644 --- a/version.log +++ b/version.log @@ -9,10 +9,14 @@ VERSION_MAJOR="1" VERSION_MINOR="7" VERSION_PATCH="17" VERSION_EXTRA="-svn" -VERSION_BUILD="1189" +VERSION_BUILD="1190" # $Log$ # +# BUILD : 1.7.17 (1190) +# BUGS : N/A +# NOTES : sha1 is a valid choice of encryption hash +# # BUILD : 1.7.17 (1189) # BUGS : # NOTES : Support for mlocking +c on ultimate3 was missing |