diff options
57 files changed, 1622 insertions, 941 deletions
@@ -1,6 +1,6 @@ Anope Version S V N -------------------- - +10/17 F Encryption, users can now pick none, old or real md5. [ #00] Anope Version 1.7.17 -------------------- diff --git a/Changes.conf b/Changes.conf index 80fe9cf9f..554edc020 100644 --- a/Changes.conf +++ b/Changes.conf @@ -1,6 +1,30 @@ Anope Version S V N -------------------- ** ADDED CONFIGURATION DIRECTIVES ** +########################################################################### +# +# Encryption settings +# +########################################################################### + +# EncModule <module_name> [REQUIRED] +# The encryption module to use when dealing with passwords. +# This determines how the passwords are stored in the databases, +# and does not add any security as far as transmitting passwords over +# the network goes. +# enc_none provides no password encryption, storing the password in +# plain text, this is the most versiatle as passwords can easily be +# recovered. +# +# NOTE: users of anope's previous (broken) md5 implementation should +# select the enc_old option, or things may break. +# +# Plain Text - enc_none +# Previous (broken) MD5 - enc_old +# MD5 - enc_md5 +# + +EncModule "enc_none" ** MODIFIED CONFIGURATION DIRECTIVES ** @@ -53,10 +53,6 @@ if [ "$DATDEST" != "" ] ; then WITH_DATA=" --with-datadir=$DATDEST" fi -if [ "$ENCRYPTION" != "" ] ; then - WITH_ENC=" --with-encryption" -fi - if [ "$RUNGROUP" != "" ] ; then WITH_RUN=" --with-rungroup=$RUNGROUP" fi @@ -97,7 +93,6 @@ DATDEST=$HOME/services RUNGROUP= UMASK= IRCTYPE="no default" -ENCRYPTION= CAN_QUICK="no" ########################################################################### @@ -277,42 +272,6 @@ echo "" #### -if [ "$ENCRYPTION" = "ENCRYPT_MD5" ] ; then - DEF=yes -else - DEF=no -fi - -ok=0 -echo "Do you want to use the MD5 message-digest algorithm to encrypt passwords?" -echo "(Selecting "\"yes\"" protects your passwords from being stolen if someone" -echo "gains access to the Services databases, but makes it impossible to recover" -echo "forgotten passwords. There is no way to reverse this operation, so make" -echo "sure you really want to enable it.)" -while [ $ok -eq 0 ] ; do - echo2 "[$DEF] " - if read INPUT ; then : ; else echo "" ; exit 1 ; fi - if [ ! "$INPUT" ] ; then - INPUT=$DEF - fi - case $INPUT in - n*|N*) - ENCRYPTION= - ok=1 - ;; - y*|Y*) - ENCRYPTION=ENCRYPT_MD5 - ok=1 - ;; - *) - echo "Please enter 'yes' or 'no'." - ;; - esac -done -echo "" - -#### - ok=0 DEF=yes echo "Allow anope to automatically check for mysql libaries?" @@ -355,7 +314,6 @@ RUNGROUP="$RUNGROUP" UMASK=$UMASK IRCTYPE="$IRCTYPE" IRCTYPE_DEF="$IRCTYPE_DEF" -ENCRYPTION="$ENCRYPTION" MYSQL="$MYSQL" EOT echo "done." @@ -846,7 +846,6 @@ Optional Packages: --with-permissions=permissions Specify the default permissions for anope --with-bindir=bindir Specify the default binary dir for anope --with-datadir=datadir Specify the location of the services data folder - --with-encryption Use md5 database encryption Some influential environment variables: CC C compiler command @@ -948,7 +947,7 @@ esac else echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi - cd "$ac_popdir" + cd $ac_popdir done fi @@ -1872,7 +1871,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -1930,7 +1930,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2046,7 +2047,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2100,7 +2102,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2145,7 +2148,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2189,7 +2193,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2263,7 +2268,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2488,7 +2494,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2555,7 +2562,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2622,7 +2630,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2689,7 +2698,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -2887,7 +2897,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3219,7 +3230,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3389,7 +3401,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3452,7 +3465,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3638,7 +3652,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3703,7 +3718,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3787,7 +3803,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3935,7 +3952,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -3997,7 +4015,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4037,7 +4056,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4093,7 +4113,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4133,7 +4154,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4197,7 +4219,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4228,8 +4251,10 @@ See \`config.log' for more details." >&2;} esac else if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: internal error: not reached in cross-compile" >&5 -echo "$as_me: error: internal error: not reached in cross-compile" >&2;} + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run test program while cross compiling +See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF @@ -4341,7 +4366,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4403,7 +4429,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4443,7 +4470,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4499,7 +4527,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4539,7 +4568,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4603,7 +4633,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4634,8 +4665,10 @@ See \`config.log' for more details." >&2;} esac else if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: internal error: not reached in cross-compile" >&5 -echo "$as_me: error: internal error: not reached in cross-compile" >&2;} + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run test program while cross compiling +See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF @@ -4747,7 +4780,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4809,7 +4843,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4849,7 +4884,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4905,7 +4941,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -4945,7 +4982,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5009,7 +5047,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5040,8 +5079,10 @@ See \`config.log' for more details." >&2;} esac else if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: internal error: not reached in cross-compile" >&5 -echo "$as_me: error: internal error: not reached in cross-compile" >&2;} + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run test program while cross compiling +See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF @@ -5154,7 +5195,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5219,7 +5261,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5285,7 +5328,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5350,7 +5394,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5421,7 +5466,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5486,7 +5532,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5552,7 +5599,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5617,7 +5665,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5683,7 +5732,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5748,7 +5798,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5818,7 +5869,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -5963,7 +6015,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6108,7 +6161,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6293,7 +6347,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6397,7 +6452,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6501,7 +6557,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6605,7 +6662,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6709,7 +6767,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6813,7 +6872,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -6917,7 +6977,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7021,7 +7082,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7125,7 +7187,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7229,7 +7292,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7333,7 +7397,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7437,7 +7502,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7541,7 +7607,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7645,7 +7712,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7749,7 +7817,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7853,7 +7922,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? @@ -7964,24 +8034,6 @@ fi; - -# Check whether --with-encryption or --without-encryption was given. -if test "${with_encryption+set}" = set; then - withval="$with_encryption" - - -cat >>confdefs.h <<_ACEOF -#define USE_ENCRYPTION -_ACEOF - - -cat >>confdefs.h <<_ACEOF -#define ENCRYPT_MD5 -_ACEOF - - -fi; - ac_config_files="$ac_config_files Makefile src/bin/anoperc" @@ -8783,6 +8835,11 @@ esac + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ @@ -8821,12 +8878,6 @@ echo "$as_me: error: cannot find input file: $f" >&2;} fi;; esac done` || { (exit 1); exit 1; } - - if test x"$ac_file" != x-; then - { echo "$as_me:$LINENO: creating $ac_file" >&5 -echo "$as_me: creating $ac_file" >&6;} - rm -f "$ac_file" - fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF sed "$ac_vpsub diff --git a/configure.in b/configure.in index 5d5b69d0f..6ce19e665 100644 --- a/configure.in +++ b/configure.in @@ -262,11 +262,6 @@ AC_ARG_WITH(datadir, [ --with-datadir=datadir Specify the location of the se AC_SUBST(DATDEST) AC_SUBST(MODULE_PATH) -AC_ARG_WITH(encryption, [ --with-encryption Use md5 database encryption], [ - AC_DEFINE_UNQUOTED(USE_ENCRYPTION,,"has encryption") - AC_DEFINE_UNQUOTED(ENCRYPT_MD5,,"Use md5") -]) - AC_CONFIG_FILES( \ Makefile \ src/bin/anoperc \ diff --git a/data/example.conf b/data/example.conf index 6c6edb727..59097c4f1 100644 --- a/data/example.conf +++ b/data/example.conf @@ -96,6 +96,30 @@ #IRCDModule "unreal32" +########################################################################### +# +# Encryption settings +# +########################################################################### + +# EncModule <module_name> [REQUIRED] +# The encryption module to use when dealing with passwords. +# This determines how the passwords are stored in the databases, +# and does not add any security as far as transmitting passwords over +# the network goes. +# enc_none provides no password encryption, storing the password in +# plain text, this is the most versiatle as passwords can easily be +# recovered. +# +# NOTE: users of anope's previous (broken) md5 implementation should +# select the enc_old option, or things may break. +# +# Plain Text - enc_none +# Previous (broken) MD5 - enc_old +# MD5 - enc_md5 +# + +EncModule "enc_none" ########################################################################### # diff --git a/include/encrypt.h b/include/encrypt.h index 45569b5fb..fd17a00ee 100644 --- a/include/encrypt.h +++ b/include/encrypt.h @@ -12,4 +12,11 @@ * */ -E int encrypt(const char *src, int len, char *dest, int size); +typedef struct encryption_ { + int (*encrypt)(const char *src, int len, char *dest, int size); + int (*encrypt_in_place)(char *buf, int size); + int (*encrypt_check_len)(int passlen, int bufsize); + int (*decrypt)(const char *src, char *dest, int size); + int (*check_password)(const char *plaintext, const char *password); +} Encryption; + diff --git a/include/extern.h b/include/extern.h index efe5fb85c..873a4146e 100644 --- a/include/extern.h +++ b/include/extern.h @@ -17,19 +17,22 @@ #ifndef _WIN32 #define E extern -#define I extern +#define EI extern #else #ifndef MODULE_COMPILE #define E extern __declspec(dllexport) -#define I extern __declspec(dllimport) +#define EI extern __declspec(dllimport) #else #define E extern __declspec(dllimport) -#define I extern __declspec(dllexport) +#define EI extern __declspec(dllexport) #endif #endif #include "slist.h" + + + E char *uplink; /* IRC Variables */ @@ -39,7 +42,7 @@ E IRCDCAPAB *ircdcap; E char *flood_mode_char_set; E char *flood_mode_char_remove; E int UseTSMODE; /* hack to get around bahamut clones that don't send TSMODE */ -I unsigned long umodes[128]; +EI unsigned long umodes[128]; E char csmodes[128]; E CMMode cmmodes[128]; E CBMode cbmodes[128]; @@ -553,7 +556,18 @@ E long unsigned int UserKey3; E int convert_ircservices_44(void); /**** encrypt.c ****/ -E int check_password(const char *plaintext, const char *password); +E char *EncModule; +E void initEncryption(); +E int enc_encrypt(const char *src, int len, char *dest, int size); +E int enc_encrypt_in_place(char *buf, int size); +E int enc_encrypt_check_len(int passlen, int bufsize); +E int enc_decrypt(const char *src, char *dest, int size); +E int enc_check_password(const char *plaintext, const char *password); +E void encmodule_encrypt(int (*func)(const char *src, int len, char *dest, int size)); +E void encmodule_encrypt_in_place(int (*func)(char *buf, int size)); +E void encmodule_encrypt_check_len(int (*func)(int passlen, int bufsize)); +E void encmodule_decrypt(int (*func)(const char *src, char *dest, int size)); +E void encmodule_check_password(int (*func)(const char *plaintext, const char *password)); /**** helpserv.c ****/ E void helpserv(User * u, char *buf); @@ -846,6 +860,7 @@ E char *str_signed(unsigned char *str); E void ntoa(struct in_addr addr, char *ipaddr, int len); E char **buildStringList(char *src, int *number); +E void binary_to_hex(unsigned char *bin, char *hex, int length); @@ -905,7 +920,7 @@ E int nick_identified(User * u); E int nick_recognized(User * u); E void expire_nicks(void); E void expire_requests(void); -I int ns_do_register(User * u); +EI int ns_do_register(User * u); E int delnick(NickAlias * na); E NickAlias *findnick(const char *nick); E NickCore *findcore(const char *nick); @@ -1156,11 +1171,6 @@ E void db_mysql_load_news(void); E unsigned int mysql_rand(void); #endif -#ifdef USE_ENCRYPTION -E int encrypt_in_place(char *buf, int size); -#endif - - E void privmsg(char *source, char *dest, const char *fmt, ...); E void notice(char *source, char *dest, const char *fmt, ...); @@ -1248,72 +1258,72 @@ E void anope_cmd_burst(); /* BURST - use eob to send burst 0 */ E void anope_cmd_svswatch(char *sender, char *nick, char *parm); E void anope_cmd_ctcp(char *source, char *dest, const char *fmt, ...); /* CTCP */ -I int anope_event_482(char *source, int ac, char **av); -I int anope_event_436(char *source, int ac, char **av); -I int anope_event_away(char *source, int ac, char **av); -I int anope_event_ping(char *source, int ac, char **av); -I int anope_event_motd(char *source, int ac, char **av); -I int anope_event_join(char *source, int ac, char **av); -I int anope_event_kick(char *source, int ac, char **av); -I int anope_event_kill(char *source, int ac, char **av); -I int anope_event_mode(char *source, int ac, char **av); -I int anope_event_tmode(char *source, int ac, char **av); -I int anope_event_quit(char *source, int ac, char **av); -I int anope_event_squit(char *source, int ac, char **av); -I int anope_event_topic(char *source, int ac, char **av); -I int anope_event_whois(char *source, int ac, char **av); -I int anope_event_part(char *source, int ac, char **av); -I int anope_event_server(char *source, int ac, char **av); -I int anope_event_sid(char *source, int ac, char **av); -I int anope_event_nick(char *source, int ac, char **av); -I int anope_event_bmask(char *source, int ac, char **av); -I int anope_event_gnotice(char *source, int ac, char **av); -I int anope_event_privmsg(char *source, int ac, char **av); -I int anope_event_capab(char *source, int ac, char **av); -I int anope_event_sjoin(char *source, int ac, char **av); -I int anope_event_cs(char *source, int ac, char **av); -I int anope_event_hs(char *source, int ac, char **av); -I int anope_event_ms(char *source, int ac, char **av); -I int anope_event_ns(char *source, int ac, char **av); -I int anope_event_os(char *source, int ac, char **av); -I int anope_event_vs(char *source, int ac, char **av); -I int anope_event_svinfo(char *source, int ac, char **av); -I int anope_event_chghost(char *source, int ac, char **av); -I int anope_event_sethost(char *source, int ac, char **av); -I int anope_event_chgident(char *source, int ac, char **av); -I int anope_event_setident(char *source, int ac, char **av); -I int anope_event_chgname(char *source, int ac, char **av); -I int anope_event_setname(char *source, int ac, char **av); -I int anope_event_svsinfo(char *source, int ac, char **av); -I int anope_event_snick(char *source, int ac, char **av); -I int anope_event_vhost(char *source, int ac, char **av); -I int anope_event_tkl(char *source, int ac, char **av); -I int anope_event_eos(char *source, int ac, char **av); -I int anope_event_eob(char *source, int ac, char **av); -I int anope_event_pass(char *source, int ac, char **av); -I int anope_event_netinfo(char *source, int ac, char **av); -I int anope_event_error(char *source, int ac, char **av); -I int anope_event_eb(char *source, int ac, char **av); -I int anope_event_netctrl(char *source, int ac, char **av); -I int anope_event_notice(char *source, int ac, char **av); -I int anope_event_snotice(char *source, int ac, char **av); -I int anope_event_sqline(char *source, int ac, char **av); -I int anope_event_smo(char *source, int ac, char **av); -I int anope_event_myid(char *source, int ac, char **av); -I int anope_event_vctrl(char *source, int ac, char **av); -I int anope_event_tctrl(char *source, int ac, char **av); -I int anope_event_snetinfo(char *source, int ac, char **av); -I int anope_event_umode2(char *source, int ac, char **av); -I int anope_event_globops(char *source, int ac, char **av); -I int anope_event_swhois(char *source, int ac, char **av); -I int anope_event_burst(char *source, int ac, char **av); -I int anope_event_luserslock(char *source, int ac, char **av); -I int anope_event_admin(char *source, int ac, char **av); -I int anope_event_credits(char *source, int ac, char **av); -I int anope_event_rehash(char *source, int ac, char **av); -I int anope_event_sdesc(char *source, int ac, char **av); -I int anope_event_netglobal(char *source, int ac, char **av); -I int anope_event_invite(char *source, int ac, char **av); +EI int anope_event_482(char *source, int ac, char **av); +EI int anope_event_436(char *source, int ac, char **av); +EI int anope_event_away(char *source, int ac, char **av); +EI int anope_event_ping(char *source, int ac, char **av); +EI int anope_event_motd(char *source, int ac, char **av); +EI int anope_event_join(char *source, int ac, char **av); +EI int anope_event_kick(char *source, int ac, char **av); +EI int anope_event_kill(char *source, int ac, char **av); +EI int anope_event_mode(char *source, int ac, char **av); +EI int anope_event_tmode(char *source, int ac, char **av); +EI int anope_event_quit(char *source, int ac, char **av); +EI int anope_event_squit(char *source, int ac, char **av); +EI int anope_event_topic(char *source, int ac, char **av); +EI int anope_event_whois(char *source, int ac, char **av); +EI int anope_event_part(char *source, int ac, char **av); +EI int anope_event_server(char *source, int ac, char **av); +EI int anope_event_sid(char *source, int ac, char **av); +EI int anope_event_nick(char *source, int ac, char **av); +EI int anope_event_bmask(char *source, int ac, char **av); +EI int anope_event_gnotice(char *source, int ac, char **av); +EI int anope_event_privmsg(char *source, int ac, char **av); +EI int anope_event_capab(char *source, int ac, char **av); +EI int anope_event_sjoin(char *source, int ac, char **av); +EI int anope_event_cs(char *source, int ac, char **av); +EI int anope_event_hs(char *source, int ac, char **av); +EI int anope_event_ms(char *source, int ac, char **av); +EI int anope_event_ns(char *source, int ac, char **av); +EI int anope_event_os(char *source, int ac, char **av); +EI int anope_event_vs(char *source, int ac, char **av); +EI int anope_event_svinfo(char *source, int ac, char **av); +EI int anope_event_chghost(char *source, int ac, char **av); +EI int anope_event_sethost(char *source, int ac, char **av); +EI int anope_event_chgident(char *source, int ac, char **av); +EI int anope_event_setident(char *source, int ac, char **av); +EI int anope_event_chgname(char *source, int ac, char **av); +EI int anope_event_setname(char *source, int ac, char **av); +EI int anope_event_svsinfo(char *source, int ac, char **av); +EI int anope_event_snick(char *source, int ac, char **av); +EI int anope_event_vhost(char *source, int ac, char **av); +EI int anope_event_tkl(char *source, int ac, char **av); +EI int anope_event_eos(char *source, int ac, char **av); +EI int anope_event_eob(char *source, int ac, char **av); +EI int anope_event_pass(char *source, int ac, char **av); +EI int anope_event_netinfo(char *source, int ac, char **av); +EI int anope_event_error(char *source, int ac, char **av); +EI int anope_event_eb(char *source, int ac, char **av); +EI int anope_event_netctrl(char *source, int ac, char **av); +EI int anope_event_notice(char *source, int ac, char **av); +EI int anope_event_snotice(char *source, int ac, char **av); +EI int anope_event_sqline(char *source, int ac, char **av); +EI int anope_event_smo(char *source, int ac, char **av); +EI int anope_event_myid(char *source, int ac, char **av); +EI int anope_event_vctrl(char *source, int ac, char **av); +EI int anope_event_tctrl(char *source, int ac, char **av); +EI int anope_event_snetinfo(char *source, int ac, char **av); +EI int anope_event_umode2(char *source, int ac, char **av); +EI int anope_event_globops(char *source, int ac, char **av); +EI int anope_event_swhois(char *source, int ac, char **av); +EI int anope_event_burst(char *source, int ac, char **av); +EI int anope_event_luserslock(char *source, int ac, char **av); +EI int anope_event_admin(char *source, int ac, char **av); +EI int anope_event_credits(char *source, int ac, char **av); +EI int anope_event_rehash(char *source, int ac, char **av); +EI int anope_event_sdesc(char *source, int ac, char **av); +EI int anope_event_netglobal(char *source, int ac, char **av); +EI int anope_event_invite(char *source, int ac, char **av); E int anope_event_null(char *source, int ac, char **av); E void anope_set_umode(User * user, int ac, char **av); diff --git a/include/modules.h b/include/modules.h index 30d346150..46b573992 100644 --- a/include/modules.h +++ b/include/modules.h @@ -97,7 +97,7 @@ typedef void * ano_module_t; #endif /*************************************************************************/ -typedef enum { CORE,PROTOCOL,THIRD,SUPPORTED,QATESTED } MODType; +typedef enum { CORE,PROTOCOL,THIRD,SUPPORTED,QATESTED,ENCRYPTION } MODType; typedef enum { MOD_OP_LOAD, MOD_OP_UNLOAD } ModuleOperation; /*************************************************************************/ diff --git a/include/sysconf.h.in b/include/sysconf.h.in index 1aa83e421..d54f58617 100644 --- a/include/sysconf.h.in +++ b/include/sysconf.h.in @@ -6,9 +6,6 @@ /* "No prefix needed for dlopen" */ #undef DL_PREFIX -/* "Use md5" */ -#undef ENCRYPT_MD5 - /* "Has sys/types.h" */ #undef HAS_SYS_TYPES_H @@ -141,9 +138,6 @@ /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS -/* "has encryption" */ -#undef USE_ENCRYPTION - /* "Modules available" */ #undef USE_MODULES diff --git a/include/version.sh b/include/version.sh index b83c58af9..80a9c70d4 100644 --- a/include/version.sh +++ b/include/version.sh @@ -58,16 +58,6 @@ cat >version.h <<EOF # define VER_DEBUG #endif -#if defined(USE_ENCRYPTION) -# if defined(ENCRYPT_MD5) -# define VER_ENCRYPTION "E" -# else -# define VER_ENCRYPTION "E" -# endif -#else -# define VER_ENCRYPTION -#endif - #if defined(_WIN32) # if _MSC_VER >= 1400 # define VER_OS "W" diff --git a/src/chanserv.c b/src/chanserv.c index 1b05f8202..908cb1e69 100644 --- a/src/chanserv.c +++ b/src/chanserv.c @@ -496,25 +496,7 @@ void load_cs_dbase(void) SAFE(read_int32(&tmp32, f)); ci->last_topic_time = tmp32; SAFE(read_int32(&ci->flags, f)); -#ifdef USE_ENCRYPTION - if (!(ci->flags & (CI_ENCRYPTEDPW | CI_VERBOTEN))) { - if (debug) - alog("debug: %s: encrypting password for %s on load", - s_ChanServ, ci->name); - if (encrypt_in_place(ci->founderpass, PASSMAX) < 0) - fatal("%s: load database: Can't encrypt %s password!", - s_ChanServ, ci->name); - ci->flags |= CI_ENCRYPTEDPW; - } -#else - if (ci->flags & CI_ENCRYPTEDPW) { - /* Bail: it makes no sense to continue with encrypted - * passwords, since we won't be able to verify them */ - fatal("%s: load database: password for %s encrypted " - "but encryption disabled, aborting", - s_ChanServ, ci->name); - } -#endif + /* Leaveops cleanup */ if (ver <= 13 && (ci->flags & 0x00000020)) ci->flags &= ~0x00000020; diff --git a/src/config.c b/src/config.c index 50ffab865..b6728f0ca 100644 --- a/src/config.c +++ b/src/config.c @@ -19,7 +19,7 @@ /* Configurable variables: */ char *IRCDModule; - +char *EncModule; char *RemoteServer; int RemotePort; char *RemotePassword; @@ -445,6 +445,7 @@ Directive directives[] = { {{PARAM_STRING, PARAM_RELOAD, &DefConAkillReason}}}, {"DefConOffMessage", {{PARAM_STRING, PARAM_RELOAD, &DefConOffMessage}}}, + {"EncModule", {{PARAM_STRING, 0, &EncModule}}}, {"ExceptionDB", {{PARAM_STRING, PARAM_RELOAD, &ExceptionDBName}}}, {"ExceptionExpiry", {{PARAM_TIME, PARAM_RELOAD, &ExceptionExpiry}}}, {"ExpireTimeout", {{PARAM_TIME, PARAM_RELOAD, &ExpireTimeout}}}, @@ -968,6 +969,7 @@ int read_config(int reload) } CHECK(IRCDModule); + CHECK(EncModule); CHECK(NetworkName); if (!reload) { diff --git a/src/core/cs_getpass.c b/src/core/cs_getpass.c index ef9ea3cbb..fd1f241e1 100644 --- a/src/core/cs_getpass.c +++ b/src/core/cs_getpass.c @@ -38,11 +38,8 @@ int AnopeInit(int argc, char **argv) moduleAddCommand(CHANSERV, c, MOD_UNIQUE); moduleSetChanHelp(myChanServHelp); -#ifdef USE_ENCRYPTION - return MOD_STOP; -#else + return MOD_CONT; -#endif } /** @@ -75,6 +72,7 @@ void myChanServHelp(User * u) int do_getpass(User * u) { char *chan = strtok(NULL, " "); + char tmp_pass[PASSMAX]; ChannelInfo *ci; if (!chan) { @@ -86,15 +84,19 @@ int do_getpass(User * u) } else if (CSRestrictGetPass && !is_services_root(u)) { notice_lang(s_ChanServ, u, PERMISSION_DENIED); } else { - alog("%s: %s!%s@%s used GETPASS on %s", - s_ChanServ, u->nick, u->username, u->host, ci->name); - if (WallGetpass) { - anope_cmd_global(s_ChanServ, - "\2%s\2 used GETPASS on channel \2%s\2", - u->nick, chan); - } - notice_lang(s_ChanServ, u, CHAN_GETPASS_PASSWORD_IS, - chan, ci->founderpass); + if(enc_decrypt(ci->founderpass,tmp_pass,PASSMAX)==1) { + alog("%s: %s!%s@%s used GETPASS on %s", + s_ChanServ, u->nick, u->username, u->host, ci->name); + if (WallGetpass) { + anope_cmd_global(s_ChanServ, + "\2%s\2 used GETPASS on channel \2%s\2", + u->nick, chan); + } + notice_lang(s_ChanServ, u, CHAN_GETPASS_PASSWORD_IS, + chan, ci->founderpass); + } else { + notice_lang(s_ChanServ, u, CHAN_GETPASS_UNAVAILABLE); + } } return MOD_CONT; } diff --git a/src/core/cs_identify.c b/src/core/cs_identify.c index 33091c01a..6979c0f08 100644 --- a/src/core/cs_identify.c +++ b/src/core/cs_identify.c @@ -17,9 +17,6 @@ int do_identify(User * u); void myChanServHelp(User * u); -#ifdef _WIN32 -extern MDE int check_password(const char *plaintext, const char *password); -#endif /** * Create the command, and tell anope about it. @@ -92,7 +89,7 @@ int do_identify(User * u) } else { int res; - if ((res = check_password(pass, ci->founderpass)) == 1) { + if ((res = enc_check_password(pass, ci->founderpass)) == 1) { if (!is_identified(u, ci)) { uc = scalloc(sizeof(*uc), 1); uc->next = u->founder_chans; diff --git a/src/core/cs_register.c b/src/core/cs_register.c index d480f03c0..6d0167a1d 100644 --- a/src/core/cs_register.c +++ b/src/core/cs_register.c @@ -75,9 +75,8 @@ int do_register(User * u) ChannelInfo *ci; struct u_chaninfolist *uc; int is_servadmin = is_services_admin(u); -#ifdef USE_ENCRYPTION char founderpass[PASSMAX + 1]; -#endif + char tmp_pass[PASSMAX]; if (readonly) { notice_lang(s_ChanServ, u, CHAN_REGISTER_DISABLED); @@ -130,15 +129,12 @@ int do_register(User * u) alog("%s: makechan() failed for REGISTER %s", s_ChanServ, chan); notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED); -#ifdef USE_ENCRYPTION } else if (strscpy(founderpass, pass, PASSMAX + 1), - encrypt_in_place(founderpass, PASSMAX) < 0) { + enc_encrypt_in_place(founderpass, PASSMAX) < 0) { alog("%s: Couldn't encrypt password for %s (REGISTER)", s_ChanServ, chan); notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED); delchan(ci); -#endif - } else { c->ci = ci; ci->c = c; @@ -148,17 +144,12 @@ int do_register(User * u) ci->memos.memomax = MSMaxMemos; ci->last_used = ci->time_registered; ci->founder = nc; -#ifdef USE_ENCRYPTION if (strlen(pass) > PASSMAX) notice_lang(s_ChanServ, u, PASSWORD_TRUNCATED, PASSMAX); memset(pass, 0, strlen(pass)); memcpy(ci->founderpass, founderpass, PASSMAX); - ci->flags |= CI_ENCRYPTEDPW; -#else - if (strlen(pass) > PASSMAX - 1) /* -1 for null byte */ - notice_lang(s_ChanServ, u, PASSWORD_TRUNCATED, PASSMAX - 1); - strscpy(ci->founderpass, pass, PASSMAX); -#endif +// ci->flags |= CI_ENCRYPTEDPW; +// ci->desc = sstrdup(desc); if (c->topic) { ci->last_topic = sstrdup(c->topic); @@ -174,9 +165,11 @@ int do_register(User * u) alog("%s: Channel '%s' registered by %s!%s@%s", s_ChanServ, chan, u->nick, u->username, u->host); notice_lang(s_ChanServ, u, CHAN_REGISTERED, chan, u->nick); -#ifndef USE_ENCRYPTION - notice_lang(s_ChanServ, u, CHAN_PASSWORD_IS, ci->founderpass); -#endif + + if(enc_decrypt(ci->founderpass,tmp_pass,PASSMAX) == 1) { + notice_lang(s_ChanServ, u, CHAN_PASSWORD_IS, ci->founderpass); + } + uc = scalloc(sizeof(*uc), 1); uc->next = u->founder_chans; uc->prev = NULL; diff --git a/src/core/cs_sendpass.c b/src/core/cs_sendpass.c index 61eb70524..ee31287df 100644 --- a/src/core/cs_sendpass.c +++ b/src/core/cs_sendpass.c @@ -37,15 +37,12 @@ int AnopeInit(int argc, char **argv) moduleAddCommand(CHANSERV, c, MOD_UNIQUE); moduleSetChanHelp(myChanServHelp); -#ifdef USE_ENCRYPTION - return MOD_STOP; -#else + if (UseMail) { return MOD_CONT; } else { return MOD_STOP; } -#endif } /** @@ -89,35 +86,40 @@ int do_sendpass(User * u) notice_lang(s_ChanServ, u, CHAN_X_FORBIDDEN, chan); } else { char buf[BUFSIZE]; - MailInfo *mail; - - snprintf(buf, sizeof(buf), - getstring2(founder, CHAN_SENDPASS_SUBJECT), ci->name); - mail = MailBegin(u, founder, buf, s_ChanServ); - if (!mail) - return MOD_CONT; - - fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_HEAD)); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_1), - ci->name); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_2), - ci->founderpass); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_3)); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_4)); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_5), - NetworkName); - fprintf(mail->pipe, "\n.\n"); - - MailEnd(mail); - - alog("%s: %s!%s@%s used SENDPASS on %s", s_ChanServ, u->nick, - u->username, u->host, chan); - notice_lang(s_ChanServ, u, CHAN_SENDPASS_OK, chan); + char tmp_pass[PASSMAX]; + if(enc_decrypt(ci->founderpass,tmp_pass,PASSMAX)==1) { + MailInfo *mail; + + snprintf(buf, sizeof(buf), + getstring2(founder, CHAN_SENDPASS_SUBJECT), ci->name); + mail = MailBegin(u, founder, buf, s_ChanServ); + if (!mail) + return MOD_CONT; + + fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_HEAD)); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_1), + ci->name); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_2), + tmp_pass); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_3)); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_4)); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring2(founder, CHAN_SENDPASS_LINE_5), + NetworkName); + fprintf(mail->pipe, "\n.\n"); + + MailEnd(mail); + + alog("%s: %s!%s@%s used SENDPASS on %s", s_ChanServ, u->nick, + u->username, u->host, chan); + notice_lang(s_ChanServ, u, CHAN_SENDPASS_OK, chan); + } else { + notice_lang(s_ChanServ, u, CHAN_SENDPASS_UNAVAILABLE); + } } return MOD_CONT; } diff --git a/src/core/cs_set.c b/src/core/cs_set.c index 15a0395be..c926ea583 100644 --- a/src/core/cs_set.c +++ b/src/core/cs_set.c @@ -14,9 +14,7 @@ /*************************************************************************/ #include "module.h" -#ifdef USE_ENCRYPTION #include "encrypt.h" -#endif int do_set(User * u); int do_set_founder(User * u, ChannelInfo * ci, char *param); @@ -368,14 +366,14 @@ int do_set_password(User * u, ChannelInfo * ci, char *param) notice_lang(s_ChanServ, u, MORE_OBSCURE_PASSWORD); return MOD_CONT; } -#ifdef USE_ENCRYPTION + if (len > PASSMAX) { len = PASSMAX; param[len] = 0; notice_lang(s_ChanServ, u, PASSWORD_TRUNCATED, PASSMAX); } - if (encrypt(param, len, ci->founderpass, PASSMAX) < 0) { + if (enc_encrypt(param, len, ci->founderpass, PASSMAX) < 0) { memset(param, 0, strlen(param)); alog("%s: Failed to encrypt password for %s (set)", s_ChanServ, ci->name); @@ -386,14 +384,6 @@ int do_set_password(User * u, ChannelInfo * ci, char *param) memset(param, 0, strlen(param)); notice_lang(s_ChanServ, u, CHAN_PASSWORD_CHANGED, ci->name); -#else /* !USE_ENCRYPTION */ - if (strlen(param) > PASSMAX - 1) /* -1 for null byte */ - notice_lang(s_ChanServ, u, PASSWORD_TRUNCATED, PASSMAX - 1); - strscpy(ci->founderpass, param, PASSMAX); - notice_lang(s_ChanServ, u, CHAN_PASSWORD_CHANGED_TO, ci->name, - ci->founderpass); -#endif /* USE_ENCRYPTION */ - if (get_access(u, ci) < ACCESS_FOUNDER) { alog("%s: %s!%s@%s set password as Services admin for %s", s_ChanServ, u->nick, u->username, u->host, ci->name); diff --git a/src/core/enc_md5.c b/src/core/enc_md5.c new file mode 100644 index 000000000..411e9f2a4 --- /dev/null +++ b/src/core/enc_md5.c @@ -0,0 +1,422 @@ +/* Module for encryption using MD5. + * + * Modified for Anope. + * (C) 2003-2006 Anope Team + * Contact us at dev@anope.org + * + * Taken from IRC Services and is copyright (c) 1996-2002 Andrew Church. + * E-mail: <achurch@achurch.org> + * Parts written by Andrew Kempe and others. + * This program is free but copyrighted software; see the file COPYING for + * details. + */ + +#include "module.h" + + +/*************************************************************************/ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ + +#include <string.h> + +typedef unsigned int UINT4; + +/* MD5 context. */ +typedef struct { + UINT4 state[4]; /* state (ABCD) */ + UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ + unsigned char buffer[64]; /* input buffer */ +} MD5_CTX; + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +typedef void *POINTER; + +/* Constants for MD5Transform routine. + */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + +void MD5Transform (UINT4 [4], unsigned char [64]); +void Encode (unsigned char *, UINT4 *, unsigned int); +void Decode (UINT4 *, unsigned char *, unsigned int); + +static unsigned char PADDING[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* F, G, H and I are basic MD5 functions. + */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | (~z))) + +/* ROTATE_LEFT rotates x left n bits. + */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. +Rotation is separate from addition to prevent recomputation. + */ +#define FF(a, b, c, d, x, s, ac) { \ + (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) { \ + (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) { \ + (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) { \ + (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } + +/* MD5 initialization. Begins an MD5 operation, writing a new context. + */ +void MD5Init (context) +MD5_CTX *context; /* context */ +{ + context->count[0] = context->count[1] = 0; + /* Load magic initialization constants. +*/ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* MD5 block update operation. Continues an MD5 message-digest + operation, processing another message block, and updating the + context. + */ +void MD5Update (context, input, inputLen) +MD5_CTX *context; /* context */ +unsigned char *input; /* input block */ +unsigned int inputLen; /* length of input block */ +{ + unsigned int i, index, partLen; + + /* Compute number of bytes mod 64 */ + index = (unsigned int)((context->count[0] >> 3) & 0x3F); + + /* Update number of bits */ + if ((context->count[0] += ((UINT4)inputLen << 3)) + < ((UINT4)inputLen << 3)) + context->count[1]++; + context->count[1] += ((UINT4)inputLen >> 29); + + partLen = 64 - index; + + /* Transform as many times as possible. +*/ + if (inputLen >= partLen) { + memcpy + ((POINTER)&context->buffer[index], (POINTER)input, partLen); + MD5Transform (context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + MD5Transform (context->state, &input[i]); + + index = 0; + } + else + i = 0; + + /* Buffer remaining input */ + memcpy + ((POINTER)&context->buffer[index], (POINTER)&input[i], + inputLen-i); +} + +/* MD5 finalization. Ends an MD5 message-digest operation, writing the + the message digest and zeroizing the context. + */ +void MD5Final (digest, context) +unsigned char digest[16]; /* message digest */ +MD5_CTX *context; /* context */ +{ + unsigned char bits[8]; + unsigned int index, padLen; + + /* Save number of bits */ + Encode (bits, context->count, 8); + + /* Pad out to 56 mod 64. +*/ + index = (unsigned int)((context->count[0] >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + MD5Update (context, PADDING, padLen); + + /* Append length (before padding) */ + MD5Update (context, bits, 8); + /* Store state in digest */ + Encode (digest, context->state, 16); + + /* Zeroize sensitive information. +*/ + memset ((POINTER)context, 0, sizeof (*context)); +} + +/* MD5 basic transformation. Transforms state based on block. + */ +void MD5Transform (state, block) +UINT4 state[4]; +unsigned char block[64]; +{ + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + + Decode (x, block, 64); + + /* Round 1 */ + FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ + FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ + FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ + FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ + FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ + FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ + FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ + FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ + FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ + FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ + FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + + /* Round 2 */ + GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ + GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ + GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ + GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ + GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ + GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ + GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ + GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ + GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ + GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ + GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + + /* Round 3 */ + HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ + HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ + HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ + HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ + HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ + HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ + HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ + HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ + HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ + HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ + + /* Round 4 */ + II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ + II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ + II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ + II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ + II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ + II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ + II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ + II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ + II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ + II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. +*/ + memset ((POINTER)x, 0, sizeof (x)); +} + +/* Encodes input (UINT4) into output (unsigned char). Assumes len is + a multiple of 4. + */ +void Encode (output, input, len) +unsigned char *output; +UINT4 *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = (unsigned char)(input[i] & 0xff); + output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); + output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); + output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); + } +} + +/* Decodes input (unsigned char) into output (UINT4). Assumes len is + a multiple of 4. + */ +void Decode (output, input, len) +UINT4 *output; +unsigned char *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | + (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); +} + +/*************************************************************************/ + +/* Our own high-level routines. See encrypt.h for documentation. */ + +#define XTOI(c) ((c)>9 ? (c)-'A'+10 : (c)-'0') + +int md5_encrypt(const char *src, int len, char *dest, int size) +{ + MD5_CTX context; + char tmp[33]; + + if (size < 16) + return -1; + + MD5Init(&context); + MD5Update(&context, src, len); + MD5Final(dest, &context); + + if(debug) { + memset(tmp,0,33); + binary_to_hex(dest,tmp,16); + alog("enc_md5: Converted [%s] to [%s]",src,tmp); + } + + return 0; +} + + +int md5_encrypt_in_place(char *buf, int size) +{ + return md5_encrypt(buf, strlen(buf), buf, size); +} + + +int md5_encrypt_check_len(int passlen, int bufsize) +{ + if (bufsize < 16) + fatal("enc_md5: md5_check_len(): buffer too small (%d)", bufsize); + return 0; +} + + +int md5_decrypt(const char *src, char *dest, int size) +{ + return 0; +} + + +int md5_check_password(const char *plaintext, const char *password) +{ + char buf[BUFSIZE]; + + if (md5_encrypt(plaintext, strlen(plaintext), buf, sizeof(buf)) < 0) + return -1; + if (memcmp(buf, password, 16) == 0) + return 1; + return 0; +} + +/*************************************************************************/ + +/* Module stuff. */ + +int AnopeInit(int argc, char **argv) { + + moduleAddAuthor("Anope"); + moduleAddVersion("$Id$"); + moduleSetType(ENCRYPTION); + + encmodule_encrypt(md5_encrypt); + encmodule_encrypt_in_place(md5_encrypt_in_place); + encmodule_encrypt_check_len(md5_encrypt_check_len); + encmodule_decrypt(md5_decrypt); + encmodule_check_password(md5_check_password); + + return MOD_CONT; +} + +void AnopeFini(void) { + encmodule_encrypt(NULL); + encmodule_encrypt_in_place(NULL); + encmodule_encrypt_check_len(NULL); + encmodule_decrypt(NULL); + encmodule_check_password(NULL); +} + + + + +/*************************************************************************/ + diff --git a/src/core/enc_none.c b/src/core/enc_none.c new file mode 100644 index 000000000..6d7f699ab --- /dev/null +++ b/src/core/enc_none.c @@ -0,0 +1,76 @@ +/* Module for encryption using MD5. + * + * (C) 2003-2006 Anope Team + * Contact us at dev@anope.org + * + * This program is free but copyrighted software; see the file COPYING for + * details. + */ + +#include "module.h" + +int plain_encrypt(const char *src,int len,char *dest,int size); +int plain_encrypt_in_place(char *buf, int size); +int plain_encrypt_check_len(int passlen, int bufsize); +int plain_decrypt(const char *src, char *dest, int size); +int plain_check_password(const char *plaintext, const char *password); + + +int AnopeInit(int argc, char **argv) { + + moduleAddAuthor("Anope"); + moduleAddVersion("$Id$"); + moduleSetType(ENCRYPTION); + + encmodule_encrypt(plain_encrypt); + encmodule_encrypt_in_place(plain_encrypt_in_place); + encmodule_encrypt_check_len(plain_encrypt_check_len); + encmodule_decrypt(plain_decrypt); + encmodule_check_password(plain_check_password); + + return MOD_CONT; +} + +void AnopeFini(void) { + encmodule_encrypt(NULL); + encmodule_encrypt_in_place(NULL); + encmodule_encrypt_check_len(NULL); + encmodule_decrypt(NULL); + encmodule_check_password(NULL); +} + +int plain_encrypt(const char *src,int len,char *dest,int size) { + if(size>=len) { + memset(dest,0,size); + strncpy(dest,src,len); + return 0; + } + return -1; +} + +int plain_encrypt_in_place(char *buf, int size) { + return 0; +} + +int plain_encrypt_check_len(int passlen, int bufsize) { + if(bufsize>=passlen) { + return 0; + } + return bufsize; +} + +int plain_decrypt(const char *src, char *dest, int size) { + memset(dest,0,size); + strncpy(dest,src,size); + return 1; +} + +int plain_check_password(const char *plaintext, const char *password) { + if(strcmp(plaintext,password)==0) { + return 1; + } + return 0; +} + +/* EOF */ + diff --git a/src/core/enc_old.c b/src/core/enc_old.c new file mode 100644 index 000000000..befd1748a --- /dev/null +++ b/src/core/enc_old.c @@ -0,0 +1,451 @@ +/* Include file for high-level encryption routines. + * + * (C) 2003-2005 Anope Team + * Contact us at info@anope.org + * + * Please read COPYING and README for further details. + * + * Based on the original code of Epona by Lara. + * Based on the original code of Services by Andy Church. + * + * $Id: encrypt.c 953 2006-01-14 11:36:29Z certus $ + * + */ + +#include "module.h" + +void binary_to_hex(unsigned char *bin, char *hex, int length) +{ + static const char trans[] = "0123456789ABCDEF"; + int i; + + for(i = 0; i < length; i++) + { + hex[i << 1] = trans[bin[i] >> 4]; + hex[(i << 1) + 1] = trans[bin[i] & 0xf]; + } + + hex[i << 1] = '\0'; +} + + +/*************************************************************************/ + +/******** Code specific to the type of encryption. ********/ + + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ + +#include <string.h> + +typedef unsigned int UINT4; + +/* MD5 context. */ +typedef struct { + UINT4 state[4]; /* state (ABCD) */ + UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ + unsigned char buffer[64]; /* input buffer */ +} MD5_CTX; + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +typedef void *POINTER; + +/* Constants for MD5Transform routine. + */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + +static void MD5Transform(UINT4[4], unsigned char[64]); +static void Encode(unsigned char *, UINT4 *, unsigned int); +static void Decode(UINT4 *, unsigned char *, unsigned int); + +static unsigned char PADDING[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* F, G, H and I are basic MD5 functions. + */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define MD5_I(x, y, z) ((y) ^ ((x) | (~z))) + +/* ROTATE_LEFT rotates x left n bits. + */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. +Rotation is separate from addition to prevent recomputation. + */ +#define FF(a, b, c, d, x, s, ac) { \ + (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) { \ + (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) { \ + (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) { \ + (a) += MD5_I ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } + +/* MD5 initialization. Begins an MD5 operation, writing a new context. + */ +static void MD5Init(context) +MD5_CTX *context; /* context */ +{ + context->count[0] = context->count[1] = 0; + /* Load magic initialization constants. + */ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* MD5 block update operation. Continues an MD5 message-digest + operation, processing another message block, and updating the + context. + */ +static void MD5Update(context, input, inputLen) +MD5_CTX *context; /* context */ +unsigned char *input; /* input block */ +unsigned int inputLen; /* length of input block */ +{ + unsigned int i, index, partLen; + + /* Compute number of bytes mod 64 */ + index = (unsigned int) ((context->count[0] >> 3) & 0x3F); + + /* Update number of bits */ + if ((context->count[0] += ((UINT4) inputLen << 3)) + < ((UINT4) inputLen << 3)) + context->count[1]++; + context->count[1] += ((UINT4) inputLen >> 29); + + partLen = 64 - index; + + /* Transform as many times as possible. + */ + if (inputLen >= partLen) { + memcpy + ((POINTER) & context->buffer[index], (POINTER) input, partLen); + MD5Transform(context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + MD5Transform(context->state, &input[i]); + + index = 0; + } else + i = 0; + + /* Buffer remaining input */ + memcpy + ((POINTER) & context->buffer[index], (POINTER) & input[i], + inputLen - i); +} + +/* MD5 finalization. Ends an MD5 message-digest operation, writing the + the message digest and zeroizing the context. + */ +static void MD5Final(digest, context) +unsigned char digest[16]; /* message digest */ +MD5_CTX *context; /* context */ +{ + unsigned char bits[8]; + unsigned int index, padLen; + + /* Save number of bits */ + Encode(bits, context->count, 8); + + /* Pad out to 56 mod 64. + */ + index = (unsigned int) ((context->count[0] >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + MD5Update(context, PADDING, padLen); + + /* Append length (before padding) */ + MD5Update(context, bits, 8); + /* Store state in digest */ + Encode(digest, context->state, 16); + + /* Zeroize sensitive information. + */ + memset((POINTER) context, 0, sizeof(*context)); +} + +/* MD5 basic transformation. Transforms state based on block. + */ +static void MD5Transform(state, block) +UINT4 state[4]; +unsigned char block[64]; +{ + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + + Decode(x, block, 64); + + /* Round 1 */ + FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */ + FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */ + FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */ + FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */ + FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */ + FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */ + FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */ + FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */ + FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */ + FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */ + FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + + /* Round 2 */ + GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */ + GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */ + GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */ + GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */ + GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */ + GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */ + GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */ + GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */ + GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */ + GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */ + GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + + /* Round 3 */ + HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */ + HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */ + HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */ + HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */ + HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */ + HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */ + HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */ + HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */ + HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */ + HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */ + + /* Round 4 */ + II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */ + II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */ + II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */ + II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */ + II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */ + II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */ + II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */ + II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */ + II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */ + II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. + */ + memset((POINTER) x, 0, sizeof(x)); +} + +/* Encodes input (UINT4) into output (unsigned char). Assumes len is + a multiple of 4. + */ +static void Encode(output, input, len) +unsigned char *output; +UINT4 *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = (unsigned char) (input[i] & 0xff); + output[j + 1] = (unsigned char) ((input[i] >> 8) & 0xff); + output[j + 2] = (unsigned char) ((input[i] >> 16) & 0xff); + output[j + 3] = (unsigned char) ((input[i] >> 24) & 0xff); + } +} + +/* Decodes input (unsigned char) into output (UINT4). Assumes len is + a multiple of 4. + */ +static void Decode(output, input, len) +UINT4 *output; +unsigned char *input; +unsigned int len; +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) | + (((UINT4) input[j + 2]) << 16) | (((UINT4) input[j + 3]) << + 24); +} + +/*************************************************************************/ + +/******** Our own high-level routines. ********/ + + +#define XTOI(c) ((c)>9 ? (c)-'A'+10 : (c)-'0') + + +/* Encrypt `src' of length `len' and store the result in `dest'. If the + * resulting string would be longer than `size', return -1 and leave `dest' + * unchanged; else return 0. + */ +int old_encrypt(const char *src, int len, char *dest, int size) +{ + + MD5_CTX context; + char digest[33]; + char tmp[33]; + int i; + + if (size < 16) + return -1; + + memset(&context, 0, sizeof(context)); + memset(&digest, 0, sizeof(digest)); + + MD5Init(&context); + MD5Update(&context, src, len); + MD5Final(digest, &context); + for (i = 0; i < 32; i += 2) + dest[i / 2] = XTOI(digest[i]) << 4 | XTOI(digest[i + 1]); + + if(debug) { + memset(tmp,0,33); + binary_to_hex(dest,tmp,16); + alog("enc_old: Converted [%s] to [%s]",src,tmp); + } + + return 0; + +} + + +/* Shortcut for encrypting a null-terminated string in place. */ +int old_encrypt_in_place(char *buf, int size) +{ + return old_encrypt(buf, strlen(buf), buf, size); +} + +int old_encrypt_check_len(int passlen, int bufsize) +{ + if (bufsize < 16) + fatal("enc_old: old_check_len(): buffer too small (%d)", bufsize); + return 0; +} + + +/* Compare a plaintext string against an encrypted password. Return 1 if + * they match, 0 if not, and -1 if something went wrong. */ + +int old_check_password(const char *plaintext, const char *password) +{ + char buf[BUFSIZE]; + + if (old_encrypt(plaintext, strlen(plaintext), buf, sizeof(buf)) < 0) + return -1; + if (memcmp(buf, password, 16) == 0) + return 1; + else + return 0; +} + +int old_decrypt(const char *src, char *dest, int size) +{ + return 0; +} + +int AnopeInit(int argc, char **argv) { + + moduleAddAuthor("Anope"); + moduleAddVersion("$Id$"); + moduleSetType(ENCRYPTION); + + encmodule_encrypt(old_encrypt); + encmodule_encrypt_in_place(old_encrypt_in_place); + encmodule_encrypt_check_len(old_encrypt_check_len); + encmodule_decrypt(old_decrypt); + encmodule_check_password(old_check_password); + + return MOD_CONT; +} + +void AnopeFini(void) { + encmodule_encrypt(NULL); + encmodule_encrypt_in_place(NULL); + encmodule_encrypt_check_len(NULL); + encmodule_decrypt(NULL); + encmodule_check_password(NULL); +} + +/*************************************************************************/ + diff --git a/src/core/ns_getpass.c b/src/core/ns_getpass.c index afacd63a9..4a526a10a 100644 --- a/src/core/ns_getpass.c +++ b/src/core/ns_getpass.c @@ -39,11 +39,7 @@ int AnopeInit(int argc, char **argv) moduleSetNickHelp(myNickServHelp); -#ifdef USE_ENCRYPTION - return MOD_STOP; -#else return MOD_CONT; -#endif } /** @@ -73,6 +69,7 @@ void myNickServHelp(User * u) int do_getpass(User * u) { char *nick = strtok(NULL, " "); + char tmp_pass[PASSMAX]; NickAlias *na; NickRequest *nr = NULL; @@ -99,13 +96,17 @@ int do_getpass(User * u) } else if (NSRestrictGetPass && !is_services_root(u)) { notice_lang(s_NickServ, u, PERMISSION_DENIED); } else { - alog("%s: %s!%s@%s used GETPASS on %s", s_NickServ, u->nick, - u->username, u->host, nick); - if (WallGetpass) - anope_cmd_global(s_NickServ, "\2%s\2 used GETPASS on \2%s\2", - u->nick, nick); - notice_lang(s_NickServ, u, NICK_GETPASS_PASSWORD_IS, nick, - na->nc->pass); + if(enc_decrypt(na->nc->pass,tmp_pass,PASSMAX)==1) { + alog("%s: %s!%s@%s used GETPASS on %s", s_NickServ, u->nick, + u->username, u->host, nick); + if (WallGetpass) + anope_cmd_global(s_NickServ, "\2%s\2 used GETPASS on \2%s\2", + u->nick, nick); + notice_lang(s_NickServ, u, NICK_GETPASS_PASSWORD_IS, nick, + na->nc->pass); + } else { + notice_lang(s_NickServ, u, NICK_GETPASS_UNAVAILABLE); + } } return MOD_CONT; } diff --git a/src/core/ns_ghost.c b/src/core/ns_ghost.c index d97cc39ff..bc56afc2f 100644 --- a/src/core/ns_ghost.c +++ b/src/core/ns_ghost.c @@ -85,7 +85,7 @@ int do_ghost(User * u) } else if (stricmp(nick, u->nick) == 0) { notice_lang(s_NickServ, u, NICK_NO_GHOST_SELF); } else if (pass) { - int res = check_password(pass, na->nc->pass); + int res = enc_check_password(pass, na->nc->pass); if (res == 1) { char buf[NICKMAX + 32]; snprintf(buf, sizeof(buf), "GHOST command used by %s", diff --git a/src/core/ns_group.c b/src/core/ns_group.c index e29a225da..8cbbac3e8 100644 --- a/src/core/ns_group.c +++ b/src/core/ns_group.c @@ -165,7 +165,7 @@ int do_group(User * u) && !nick_is_services_admin(target->nc)) { notice_lang(s_NickServ, u, NICK_GROUP_TOO_MANY, target->nick, s_NickServ, s_NickServ); - } else if (check_password(pass, target->nc->pass) != 1) { + } else if (enc_check_password(pass, target->nc->pass) != 1) { alog("%s: Failed GROUP for %s!%s@%s (invalid password)", s_NickServ, u->nick, u->username, u->host); notice_lang(s_NickServ, u, PASSWORD_INCORRECT); diff --git a/src/core/ns_identify.c b/src/core/ns_identify.c index ae7b70aa9..ccd620775 100644 --- a/src/core/ns_identify.c +++ b/src/core/ns_identify.c @@ -96,7 +96,7 @@ int do_identify(User * u) notice_lang(s_NickServ, u, NICK_X_SUSPENDED, na->nick); } else if (nick_identified(u)) { notice_lang(s_NickServ, u, NICK_ALREADY_IDENTIFIED); - } else if (!(res = check_password(pass, na->nc->pass))) { + } else if (!(res = enc_check_password(pass, na->nc->pass))) { alog("%s: Failed IDENTIFY for %s!%s@%s", s_NickServ, u->nick, u->username, u->host); notice_lang(s_NickServ, u, PASSWORD_INCORRECT); diff --git a/src/core/ns_recover.c b/src/core/ns_recover.c index 2b72d94fb..485645e83 100644 --- a/src/core/ns_recover.c +++ b/src/core/ns_recover.c @@ -83,7 +83,7 @@ int do_recover(User * u) } else if (stricmp(nick, u->nick) == 0) { notice_lang(s_NickServ, u, NICK_NO_RECOVER_SELF); } else if (pass) { - int res = check_password(pass, na->nc->pass); + int res = enc_check_password(pass, na->nc->pass); if (res == 1) { notice_lang(s_NickServ, u2, FORCENICKCHANGE_NOW); diff --git a/src/core/ns_register.c b/src/core/ns_register.c index ec37a867f..69a95bb7a 100644 --- a/src/core/ns_register.c +++ b/src/core/ns_register.c @@ -14,9 +14,7 @@ /*************************************************************************/ #include "module.h" -#ifdef USE_ENCRYPTION #include "encrypt.h" -#endif int do_confirm(User * u); int do_register(User * u); @@ -190,17 +188,10 @@ int do_register(User * u) } else if (email && !MailValidate(email)) { notice_lang(s_NickServ, u, MAIL_X_INVALID, email); } else { -#ifdef USE_ENCRYPTION if (strlen(pass) > PASSMAX) { pass[PASSMAX] = 0; notice_lang(s_NickServ, u, PASSWORD_TRUNCATED, PASSMAX); } -#else - if (strlen(pass) > PASSMAX - 1) { /* -1 for null byte */ - pass[PASSMAX] = 0; - notice_lang(s_NickServ, u, PASSWORD_TRUNCATED, PASSMAX - 1); - } -#endif for (idx = 0; idx < 9; idx++) { passcode[idx] = chars[(1 + @@ -316,11 +307,11 @@ int do_confirm(User * u) if (na) { int i; char tsbuf[16]; + char tmp_pass[PASSMAX]; -#ifdef USE_ENCRYPTION len = strlen(pass); na->nc->pass = smalloc(PASSMAX); - if (encrypt(pass, len, na->nc->pass, PASSMAX) < 0) { + if (enc_encrypt(pass, len, na->nc->pass, PASSMAX) < 0) { memset(pass, 0, strlen(pass)); alog("%s: Failed to encrypt password for %s (register)", s_NickServ, nr->nick); @@ -329,11 +320,8 @@ int do_confirm(User * u) } memset(pass, 0, strlen(pass)); na->status = (int16) (NS_IDENTIFIED | NS_RECOGNIZED); - na->nc->flags |= NI_ENCRYPTEDPW; -#else - na->nc->pass = sstrdup(pass); - na->status = (int16) (NS_IDENTIFIED | NS_RECOGNIZED); -#endif +/* na->nc->flags |= NI_ENCRYPTEDPW; */ + na->nc->flags |= NSDefFlags; for (i = 0; i < RootNumber; i++) { if (!stricmp(ServicesRoots[i], nr->nick)) { @@ -378,9 +366,10 @@ int do_confirm(User * u) notice_lang(s_NickServ, u, NICK_REGISTERED_NO_MASK, u->nick); send_event(EVENT_NICK_REGISTERED, 1, u->nick); -#ifndef USE_ENCRYPTION - notice_lang(s_NickServ, u, NICK_PASSWORD_IS, na->nc->pass); -#endif + + if(enc_decrypt(na->nc->pass,tmp_pass,PASSMAX)==1) + notice_lang(s_NickServ, u, NICK_PASSWORD_IS, tmp_pass); + u->lastnickreg = time(NULL); if (ircd->modeonreg) { len = strlen(ircd->modeonreg); @@ -507,3 +496,4 @@ int do_sendregmail(User * u, NickRequest * nr) MailEnd(mail); return 0; } + diff --git a/src/core/ns_release.c b/src/core/ns_release.c index 4112c4606..02d75021a 100644 --- a/src/core/ns_release.c +++ b/src/core/ns_release.c @@ -82,7 +82,7 @@ int do_release(User * u) } else if (!(na->status & NS_KILL_HELD)) { notice_lang(s_NickServ, u, NICK_RELEASE_NOT_HELD, nick); } else if (pass) { - int res = check_password(pass, na->nc->pass); + int res = enc_check_password(pass, na->nc->pass); if (res == 1) { release(na, 0); notice_lang(s_NickServ, u, NICK_RELEASED); diff --git a/src/core/ns_saset.c b/src/core/ns_saset.c index 8b166a29b..c521c15b8 100644 --- a/src/core/ns_saset.c +++ b/src/core/ns_saset.c @@ -14,9 +14,7 @@ /*************************************************************************/ #include "module.h" -#ifdef USE_ENCRYPTION
-#include "encrypt.h"
-#endif +#include "encrypt.h" int do_saset(User * u); int do_saset_display(User * u, NickCore * nc, char *param); @@ -221,6 +219,7 @@ int do_saset_display(User * u, NickCore * nc, char *param) int do_saset_password(User * u, NickCore * nc, char *param) { int len = strlen(param); + char tmp_pass[PASSMAX]; if (NSSecureAdmins && u->na->nc != nc && nick_is_services_admin(nc) && !is_services_root(u)) { @@ -235,10 +234,9 @@ int do_saset_password(User * u, NickCore * nc, char *param) if (nc->pass) free(nc->pass); -#ifdef USE_ENCRYPTION nc->pass = smalloc(PASSMAX); - if (encrypt(param, len, nc->pass, PASSMAX) < 0) { + if (enc_encrypt(param, len, nc->pass, PASSMAX) < 0) { memset(param, 0, len); alog("%s: Failed to encrypt password for %s (set)", s_NickServ, nc->display); @@ -248,12 +246,13 @@ int do_saset_password(User * u, NickCore * nc, char *param) } memset(param, 0, len); - notice_lang(s_NickServ, u, NICK_SASET_PASSWORD_CHANGED, nc->display); -#else - nc->pass = sstrdup(param); - notice_lang(s_NickServ, u, NICK_SASET_PASSWORD_CHANGED_TO, nc->display, - nc->pass); -#endif + + if(enc_decrypt(nc->pass,tmp_pass,PASSMAX)==1) { + notice_lang(s_NickServ, u, NICK_SASET_PASSWORD_CHANGED_TO, nc->display, + nc->pass); + } else { + notice_lang(s_NickServ, u, NICK_SASET_PASSWORD_CHANGED, nc->display); + } alog("%s: %s!%s@%s used SASET PASSWORD on %s (e-mail: %s)", s_NickServ, u->nick, u->username, u->host, nc->display, diff --git a/src/core/ns_sendpass.c b/src/core/ns_sendpass.c index 14f766252..ce12c21f7 100644 --- a/src/core/ns_sendpass.c +++ b/src/core/ns_sendpass.c @@ -41,11 +41,8 @@ int AnopeInit(int argc, char **argv) if (!UseMail) { return MOD_STOP; } -#ifdef USE_ENCRYPTION - return MOD_STOP; -#else + return MOD_CONT; -#endif } /** @@ -86,34 +83,39 @@ int do_sendpass(User * u) notice_lang(s_NickServ, u, NICK_X_FORBIDDEN, na->nick); } else { char buf[BUFSIZE]; - MailInfo *mail; - - snprintf(buf, sizeof(buf), getstring(na, NICK_SENDPASS_SUBJECT), - na->nick); - mail = MailBegin(u, na->nc, buf, s_NickServ); - if (!mail) - return MOD_CONT; - - fprintf(mail->pipe, getstring(na, NICK_SENDPASS_HEAD)); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_1), na->nick); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_2), - na->nc->pass); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_3)); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_4)); - fprintf(mail->pipe, "\n\n"); - fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_5), - NetworkName); - fprintf(mail->pipe, "\n.\n"); - - MailEnd(mail); - - alog("%s: %s!%s@%s used SENDPASS on %s", s_NickServ, u->nick, - u->username, u->host, nick); - notice_lang(s_NickServ, u, NICK_SENDPASS_OK, nick); + char tmp_pass[PASSMAX]; + if(enc_decrypt(na->nc->pass,tmp_pass,PASSMAX)==1) { + MailInfo *mail; + + snprintf(buf, sizeof(buf), getstring(na, NICK_SENDPASS_SUBJECT), + na->nick); + mail = MailBegin(u, na->nc, buf, s_NickServ); + if (!mail) + return MOD_CONT; + + fprintf(mail->pipe, getstring(na, NICK_SENDPASS_HEAD)); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_1), na->nick); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_2), + tmp_pass); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_3)); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_4)); + fprintf(mail->pipe, "\n\n"); + fprintf(mail->pipe, getstring(na, NICK_SENDPASS_LINE_5), + NetworkName); + fprintf(mail->pipe, "\n.\n"); + + MailEnd(mail); + + alog("%s: %s!%s@%s used SENDPASS on %s", s_NickServ, u->nick, + u->username, u->host, nick); + notice_lang(s_NickServ, u, NICK_SENDPASS_OK, nick); + } else { + notice_lang(s_NickServ, u, NICK_SENDPASS_UNAVAILABLE); + } } return MOD_CONT; diff --git a/src/core/ns_set.c b/src/core/ns_set.c index 41a8424ca..ad493b104 100644 --- a/src/core/ns_set.c +++ b/src/core/ns_set.c @@ -14,9 +14,7 @@ /*************************************************************************/ #include "module.h" -#ifdef USE_ENCRYPTION #include "encrypt.h" -#endif int do_set(User * u); int do_set_display(User * u, NickCore * nc, char *param); @@ -205,6 +203,7 @@ int do_set_display(User * u, NickCore * nc, char *param) int do_set_password(User * u, NickCore * nc, char *param) { int len = strlen(param); + char tmp_pass[PASSMAX]; if (stricmp(nc->display, param) == 0 || (StrictPasswords && len < 5)) { notice_lang(s_NickServ, u, MORE_OBSCURE_PASSWORD); @@ -214,10 +213,9 @@ int do_set_password(User * u, NickCore * nc, char *param) if (nc->pass) free(nc->pass); -#ifdef USE_ENCRYPTION nc->pass = smalloc(PASSMAX); - if (encrypt(param, len, nc->pass, PASSMAX) < 0) { + if (enc_encrypt(param, len, nc->pass, PASSMAX) < 0) { memset(param, 0, len); alog("%s: Failed to encrypt password for %s (set)", s_NickServ, nc->display); @@ -226,11 +224,12 @@ int do_set_password(User * u, NickCore * nc, char *param) } memset(param, 0, len); - notice_lang(s_NickServ, u, NICK_SET_PASSWORD_CHANGED); -#else - nc->pass = sstrdup(param); - notice_lang(s_NickServ, u, NICK_SET_PASSWORD_CHANGED_TO, nc->pass); -#endif + + if(enc_decrypt(nc->pass,tmp_pass,PASSMAX)==1) { + notice_lang(s_NickServ, u, NICK_SET_PASSWORD_CHANGED_TO, nc->pass); + } else { + notice_lang(s_NickServ, u, NICK_SET_PASSWORD_CHANGED); + } alog("%s: %s!%s@%s (e-mail: %s) changed its password.", s_NickServ, u->nick, u->username, u->host, (nc->email ? nc->email : "none")); diff --git a/src/core/os_modlist.c b/src/core/os_modlist.c index 11aee77ed..bdd2ddbea 100644 --- a/src/core/os_modlist.c +++ b/src/core/os_modlist.c @@ -73,6 +73,7 @@ int do_modlist(User * u) int showCore = 0; int showThird = 1; int showProto = 1; + int showEnc = 1; int showSupported = 1; int showQA = 1; @@ -82,6 +83,7 @@ int do_modlist(User * u) char core[] = "Core"; char third[] = "3rd"; char proto[] = "Protocol"; + char enc[] = "Encryption"; char supported[] = "Supported"; char qa[] = "QATested"; @@ -91,6 +93,7 @@ int do_modlist(User * u) showCore = 1; showThird = 0; showProto = 0; + showEnc = 0; showSupported = 0; showQA = 0; } else if (stricmp(param, third) == 0) { @@ -99,10 +102,12 @@ int do_modlist(User * u) showSupported = 0; showQA = 0; showProto = 0; + showEnc = 0; } else if (stricmp(param, proto) == 0) { showCore = 0; showThird = 0; showProto = 1; + showEnc = 0; showSupported = 0; showQA = 0; } else if (stricmp(param, supported) == 0) { @@ -110,13 +115,22 @@ int do_modlist(User * u) showThird = 0; showProto = 0; showSupported = 1; + showEnc = 0; showQA = 0; } else if (stricmp(param, qa) == 0) { showCore = 0; showThird = 0; showProto = 0; showSupported = 0; + showEnc = 0; showQA = 1; + } else if (stricmp(param, enc) == 0) { + showCore = 0; + showThird = 0; + showProto = 0; + showSupported = 0; + showEnc = 1; + showQA = 0; } } @@ -161,6 +175,14 @@ int do_modlist(User * u) count++; } break; + case ENCRYPTION: + if (showEnc) { + notice_lang(s_OperServ, u, OPER_MODULE_LIST, + current->name, current->m->version, enc); + count++; + } + break; + } } diff --git a/src/encrypt.c b/src/encrypt.c index 31f43ce75..904a7a97d 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -15,420 +15,109 @@ #include "services.h" #include "encrypt.h" -#ifdef USE_ENCRYPTION +Encryption encryption; -/*************************************************************************/ - -/******** Code specific to the type of encryption. ********/ - -#ifdef /********/ ENCRYPT_MD5 /********/ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -#include <string.h> - -typedef unsigned int UINT4; - -/* MD5 context. */ -typedef struct { - UINT4 state[4]; /* state (ABCD) */ - UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; - -/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm - */ - -typedef void *POINTER; - -/* Constants for MD5Transform routine. - */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - -static void MD5Transform(UINT4[4], unsigned char[64]); -static void Encode(unsigned char *, UINT4 *, unsigned int); -static void Decode(UINT4 *, unsigned char *, unsigned int); - -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* F, G, H and I are basic MD5 functions. - */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define MD5_I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. - */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. -Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) { \ - (a) += MD5_I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -/* MD5 initialization. Begins an MD5 operation, writing a new context. - */ -static void MD5Init(context) -MD5_CTX *context; /* context */ +/******************************************************************************/ +void +encmodule_encrypt(int (*func) + (const char *src, int len, char *dest, int size)) { - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. - */ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD5 block update operation. Continues an MD5 message-digest - operation, processing another message block, and updating the - context. - */ -static void MD5Update(context, input, inputLen) -MD5_CTX *context; /* context */ -unsigned char *input; /* input block */ -unsigned int inputLen; /* length of input block */ -{ - unsigned int i, index, partLen; - - /* Compute number of bytes mod 64 */ - index = (unsigned int) ((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += ((UINT4) inputLen << 3)) - < ((UINT4) inputLen << 3)) - context->count[1]++; - context->count[1] += ((UINT4) inputLen >> 29); - - partLen = 64 - index; - - /* Transform as many times as possible. - */ - if (inputLen >= partLen) { - memcpy - ((POINTER) & context->buffer[index], (POINTER) input, partLen); - MD5Transform(context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform(context->state, &input[i]); - - index = 0; - } else - i = 0; - - /* Buffer remaining input */ - memcpy - ((POINTER) & context->buffer[index], (POINTER) & input[i], - inputLen - i); + encryption.encrypt = func; } -/* MD5 finalization. Ends an MD5 message-digest operation, writing the - the message digest and zeroizing the context. - */ -static void MD5Final(digest, context) -unsigned char digest[16]; /* message digest */ -MD5_CTX *context; /* context */ +void encmodule_encrypt_in_place(int (*func) (char *buf, int size)) { - unsigned char bits[8]; - unsigned int index, padLen; - - /* Save number of bits */ - Encode(bits, context->count, 8); - - /* Pad out to 56 mod 64. - */ - index = (unsigned int) ((context->count[0] >> 3) & 0x3f); - padLen = (index < 56) ? (56 - index) : (120 - index); - MD5Update(context, PADDING, padLen); - - /* Append length (before padding) */ - MD5Update(context, bits, 8); - /* Store state in digest */ - Encode(digest, context->state, 16); - - /* Zeroize sensitive information. - */ - memset((POINTER) context, 0, sizeof(*context)); + encryption.encrypt_in_place = func; } -/* MD5 basic transformation. Transforms state based on block. - */ -static void MD5Transform(state, block) -UINT4 state[4]; -unsigned char block[64]; +void encmodule_encrypt_check_len(int (*func) (int passlen, int bufsize)) { - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode(x, block, 64); - - /* Round 1 */ - FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */ - FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */ - FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */ - FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */ - FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */ - FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */ - FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */ - FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */ - FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */ - FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */ - FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */ - GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */ - GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */ - GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */ - GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */ - GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */ - GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */ - GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */ - GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */ - GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */ - GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */ - HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */ - HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */ - HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */ - HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */ - HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */ - HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */ - HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */ - HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */ - HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */ - II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */ - II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */ - II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */ - II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */ - II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */ - II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */ - II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */ - II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */ - II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. - */ - memset((POINTER) x, 0, sizeof(x)); + encryption.encrypt_check_len = func; } -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - a multiple of 4. - */ -static void Encode(output, input, len) -unsigned char *output; -UINT4 *input; -unsigned int len; +void encmodule_decrypt(int (*func) (const char *src, char *dest, int size)) { - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char) (input[i] & 0xff); - output[j + 1] = (unsigned char) ((input[i] >> 8) & 0xff); - output[j + 2] = (unsigned char) ((input[i] >> 16) & 0xff); - output[j + 3] = (unsigned char) ((input[i] >> 24) & 0xff); - } + encryption.decrypt = func; } -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - a multiple of 4. - */ -static void Decode(output, input, len) -UINT4 *output; -unsigned char *input; -unsigned int len; +void +encmodule_check_password(int (*func) + (const char *plaintext, const char *password)) { - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) | - (((UINT4) input[j + 2]) << 16) | (((UINT4) input[j + 3]) << - 24); + encryption.check_password = func; } -#endif /******** ENCRYPT_MD5 ********/ - -/*************************************************************************/ - -/******** Our own high-level routines. ********/ +/******************************************************************************/ -#define XTOI(c) ((c)>9 ? (c)-'A'+10 : (c)-'0') - -/* Encrypt `src' of length `len' and store the result in `dest'. If the - * resulting string would be longer than `size', return -1 and leave `dest' - * unchanged; else return 0. - */ -int encrypt(const char *src, int len, char *dest, int size) +/** + * Encrypt string `src' of length `len', placing the result in buffer + * `dest' of size `size'. Returns 0 on success, -1 on error. + **/ +int enc_encrypt(const char *src, int len, char *dest, int size) { - -#ifdef ENCRYPT_MD5 - - MD5_CTX context; - char digest[33]; - int i; - - if (size < 16) - return -1; - - memset(&context, 0, sizeof(context)); - memset(&digest, 0, sizeof(digest)); - - MD5Init(&context); - MD5Update(&context, src, len); - MD5Final(digest, &context); - for (i = 0; i < 32; i += 2) - dest[i / 2] = XTOI(digest[i]) << 4 | XTOI(digest[i + 1]); - return 0; - -#endif - - return -1; /* unknown encryption algorithm */ - -} - - -/* Shortcut for encrypting a null-terminated string in place. */ -int encrypt_in_place(char *buf, int size) -{ - return encrypt(buf, strlen(buf), buf, size); + if (encryption.encrypt) { + return encryption.encrypt(src, len, dest, size); + } + return -1; } - -/* Compare a plaintext string against an encrypted password. Return 1 if - * they match, 0 if not, and -1 if something went wrong. */ - -int check_password(const char *plaintext, const char *password) +/** + * Encrypt null-terminated string stored in buffer `buf' of size `size', + * placing the result in the same buffer. Returns 0 on success, -1 on + * error. + **/ +int enc_encrypt_in_place(char *buf, int size) { - char buf[BUFSIZE]; - - if (encrypt(plaintext, strlen(plaintext), buf, sizeof(buf)) < 0) - return -1; -#ifdef ENCRYPT_MD5 - if (memcmp(buf, password, 16) == 0) -#else - if (0) -#endif - return 1; - else - return 0; + if (encryption.encrypt_in_place) { + return encryption.encrypt_in_place(buf, size); + } + return -1; } -/*************************************************************************/ - -#else /* !USE_ENCRYPTION */ - -int encrypt(const char *src, int len, char *dest, int size) +/** + * Check whether the result of encrypting a password of length `passlen' + * will fit in a buffer of size `bufsize'. Returns 0 if the encrypted + * password would fit in the buffer, otherwise returns the maximum length + * password that would fit (this value will be smaller than `passlen'). + * If the result of encrypting even a 1-byte password would exceed the + * specified buffer size, generates a fatal error. + **/ +int enc_encrypt_check_len(int passlen, int bufsize) { - if (size < len) - return -1; - memcpy(dest, src, len); - return 0; + if (encryption.encrypt_check_len) { + return encryption.encrypt_check_len(passlen, bufsize); + } + return -1; } -int encrypt_in_place(char *buf, int size) +/** + * Decrypt encrypted string `src' into buffer `dest' of length `len'. + * Returns 1 (not 0) on success, 0 if the encryption algorithm does not + * allow decryption, and -1 if another failure occurred (e.g. destination + * buffer too small). + **/ +int enc_decrypt(const char *src, char *dest, int size) { - return 0; + if (encryption.decrypt) { + return encryption.decrypt(src, dest, size); + } + return -1; } -int check_password(const char *plaintext, const char *password) +/** + * Check an input password `plaintext' against a stored, encrypted password + * `password'. Return value is: + * 1 if the password matches + * 0 if the password does not match + * -1 if an error occurred while checking + **/ +int enc_check_password(const char *plaintext, const char *password) { - if (strcmp(plaintext, password) == 0) - return 1; - else - return 0; + if (encryption.check_password) { + return encryption.check_password(plaintext, password); + } + return -1; } -#endif /* USE_ENCRYPTION */ - -/*************************************************************************/ +/* EOF */ diff --git a/src/init.c b/src/init.c index 6f78e018c..f188505b6 100644 --- a/src/init.c +++ b/src/init.c @@ -457,6 +457,10 @@ int init_primary(int ac, char **av) return -1; } + /* Add Encryption Module; exit if there are errors */ + if (encryption_module_init()) { + return -1; + } return 0; } diff --git a/src/main.c b/src/main.c index 5bde61f91..a013b8e29 100644 --- a/src/main.c +++ b/src/main.c @@ -84,8 +84,7 @@ const char version_number_dotted[] = VERSION_STRING_DOTTED; const char version_build[] = "build #" BUILD ", compiled " __DATE__ " " __TIME__; /* the space is needed cause if you build with nothing it will complain */ -const char version_flags[] = - " " VER_DEBUG VER_ENCRYPTION VER_OS VER_MYSQL VER_MODULE; +const char version_flags[] = " " VER_DEBUG VER_OS VER_MYSQL VER_MODULE; extern char *mod_current_buffer; diff --git a/src/misc.c b/src/misc.c index cf684870c..5a16bfa07 100644 --- a/src/misc.c +++ b/src/misc.c @@ -62,6 +62,27 @@ int tolower(char c) /*************************************************************************/ /** + * Simple function to convert binary data to hex. + * Taken from hybrid-ircd ( http://ircd-hybrid.com/ ) + */ +void binary_to_hex(unsigned char *bin, char *hex, int length) +{ + static const char trans[] = "0123456789ABCDEF"; + int i; + + for(i = 0; i < length; i++) + { + hex[i << 1] = trans[bin[i] >> 4]; + hex[(i << 1) + 1] = trans[bin[i] & 0xf]; + } + + hex[i << 1] = '\0'; +} + + +/*************************************************************************/ + +/** * strscpy: Copy at most len-1 characters from a string to a buffer, and * add a null terminator after the last character copied. * @param d Buffer to copy into diff --git a/src/modules.c b/src/modules.c index e1c2225da..44d7e4815 100644 --- a/src/modules.c +++ b/src/modules.c @@ -145,6 +145,26 @@ void modules_core_init(int number, char **list) } } } +/** + * + **/ +int encryption_module_init(void) { + int ret = 0; + Module *m; + + m = createModule(EncModule); + mod_current_module = m; + mod_current_user = NULL; + alog("Loading Encryption Module: [%s]", mod_current_module->name); + ret = loadModule(mod_current_module, NULL); + moduleSetType(ENCRYPTION); + alog("status: [%d][%s]", ret, ModuleGetErrStr(ret)); + mod_current_module = NULL; + if (ret != MOD_ERR_OK) { + destroyModule(m); + } + return ret; +} /** * Load the ircd protocol module up @@ -458,6 +478,25 @@ int protocolModuleLoaded() return 0; } +/** + * Search all loaded modules looking for an encryption module. + * @ return 1 if one is loaded + **/ +int encryptionModuleLoaded() +{ + int idx = 0; + ModuleHash *current = NULL; + + for (idx = 0; idx != MAX_CMD_HASH; idx++) { + for (current = MODULE_HASH[idx]; current; current = current->next) { + if (current->m->type == ENCRYPTION) { + return 1; + } + } + } + return 0; +} + /** * Copy the module from the modules folder to the runtime folder. * This will prevent module updates while the modules is loaded from @@ -624,6 +663,9 @@ int loadModule(Module * m, User * u) if (m->type == PROTOCOL && protocolModuleLoaded()) { alog("You cannot load two protocol modules"); ret = MOD_STOP; + } else if (m->type == ENCRYPTION && encryptionModuleLoaded()) { + alog("You cannot load two encryption modules"); + ret = MOD_STOP; } if (ret == MOD_STOP) { alog("%s requested unload...", m->name); @@ -671,6 +713,11 @@ int unloadModule(Module * m, User * u) notice_lang(s_OperServ, u, OPER_MODULE_NO_UNLOAD); } return MOD_ERR_NOUNLOAD; + } else if(m->type == ENCRYPTION) { + if (u) { + notice_lang(s_OperServ, u, OPER_MODULE_NO_UNLOAD); + } + return MOD_ERR_NOUNLOAD; } if (prepForUnload(mod_current_module) != MOD_ERR_OK) { diff --git a/src/mysql.c b/src/mysql.c index db84f0d27..d58a4a9e9 100644 --- a/src/mysql.c +++ b/src/mysql.c @@ -233,38 +233,33 @@ void db_mysql_save_ns_req(NickRequest * nr) char *db_mysql_secure(char *pass) { - char epass[BUFSIZE]; + char tmp_pass[PASSMAX]; /* Initialize the buffer. Bug #86 */ memset(epass, '\0', BUFSIZE); -#ifdef USE_ENCRYPTION - if (pass) { - /* If we use the builtin encryption don't double encrypt! */ - snprintf(epass, sizeof(epass), "'%s'", pass); - } -#else - - if (!pass) { - snprintf(epass, sizeof(epass), "''"); - } else if ((!MysqlSecure) || (strcmp(MysqlSecure, "") == 0)) { + /* We couldnt decrypt the pass... */ + if(enc_decrypt(pass,tmp_pass,PASSMAX)!=1) { snprintf(epass, sizeof(epass), "'%s'", pass); - } else if (strcmp(MysqlSecure, "des") == 0) { - snprintf(epass, sizeof(epass), "ENCRYPT('%s')", pass); - } else if (strcmp(MysqlSecure, "md5") == 0) { - snprintf(epass, sizeof(epass), "MD5('%s')", pass); - } else if (strcmp(MysqlSecure, "sha") == 0) { - snprintf(epass, sizeof(epass), "SHA('%s')", pass); - } else { - snprintf(epass, sizeof(epass), "ENCODE('%s','%s')", pass, - MysqlSecure); + } else { /* if we could decrypt the pass */ + if (tmp_pass) { + snprintf(epass, sizeof(epass), "''"); + } else if ((!MysqlSecure) || (strcmp(MysqlSecure, "") == 0)) { + snprintf(epass, sizeof(epass), "'%s'", tmp_pass); + } else if (strcmp(MysqlSecure, "des") == 0) { + snprintf(epass, sizeof(epass), "ENCRYPT('%s')", tmp_pass); + } else if (strcmp(MysqlSecure, "md5") == 0) { + snprintf(epass, sizeof(epass), "MD5('%s')", tmp_pass); + } else if (strcmp(MysqlSecure, "sha") == 0) { + snprintf(epass, sizeof(epass), "SHA('%s')", tmp_pass); + } else { + snprintf(epass, sizeof(epass), "ENCODE('%s','%s')", tmp_pass, + MysqlSecure); + } } -#endif - return sstrdup(epass); - } /*************************************************************************/ @@ -1191,23 +1186,7 @@ void db_mysql_load_cs_dbase(void) snprintf(ci->last_topic_setter, NICKMAX, "%s", mysql_row[10]); ci->last_topic_time = atoi(mysql_row[11]); ci->flags = atoi(mysql_row[12]); -#ifdef USE_ENCRYPTION - if (!(ci->flags & (CI_ENCRYPTEDPW | CI_VERBOTEN))) { - if (debug) - alog("debug: %s: encrypting password for %s on load", - s_ChanServ, ci->name); - if (encrypt_in_place(ci->founderpass, PASSMAX) < 0) - fatal("%s: load database: Can't encrypt %s password!", - s_ChanServ, ci->name); - ci->flags |= CI_ENCRYPTEDPW; - } -#else - if (ci->flags & CI_ENCRYPTEDPW) { - fatal - ("%s: load database: password for %s encrypted but encryption disabled, aborting", - s_ChanServ, ci->name); - } -#endif + ci->flags &= ~CI_INHABIT; ci->forbidby = sstrdup(mysql_row[13]); @@ -1478,23 +1457,6 @@ void db_mysql_load_ns_dbase(void) if (!NSAllowKillImmed) nc->flags &= ~NI_KILL_IMMED; -#ifdef USE_ENCRYPTION - if (nc->pass && !(nc->flags & NI_ENCRYPTEDPW)) { - if (debug) - alog("debug: %s: encrypting password for `%s' on load", - s_NickServ, nc->display); - if (encrypt_in_place(nc->pass, PASSMAX) < 0) - fatal("%s: Can't encrypt `%s' nickname password!", - s_NickServ, nc->display); - - nc->flags |= NI_ENCRYPTEDPW; - } -#else - if (nc->flags & NI_ENCRYPTEDPW) - fatal - ("%s: load database: password for %s encrypted but encryption disabled, aborting", - s_NickServ, nc->display); -#endif if (nc->flags & NI_SERVICES_ADMIN) slist_add(&servadmins, nc); diff --git a/src/nickserv.c b/src/nickserv.c index cb51c47b8..b863ba752 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -323,25 +323,7 @@ void load_old_ns_dbase(void) SAFE(read_int16(&na->status, f)); na->status &= ~NS_TEMPORARY; -#ifdef USE_ENCRYPTION - if (!(na->status & (NS_OLD_ENCRYPTEDPW | NS_VERBOTEN))) { - if (debug) - alog("debug: %s: encrypting password for `%s' on load", - s_NickServ, na->nick); - if (encrypt_in_place(bufp, PASSMAX) < 0) - fatal("%s: Can't encrypt `%s' nickname password!", - s_NickServ, na->nick); - na->status |= NS_OLD_ENCRYPTEDPW; - } -#else - if (na->status & NS_OLD_ENCRYPTEDPW) { - /* Bail: it makes no sense to continue with encrypted - * passwords, since we won't be able to verify them */ - fatal - ("%s: load database: password for %s encrypted but encryption disabled, aborting", - s_NickServ, na->nick); - } -#endif + if (ver >= 9) { SAFE(read_string(&forbidby, f)); SAFE(read_string(&forbidreason, f)); @@ -606,25 +588,6 @@ void load_ns_dbase(void) SAFE(read_int32(&nc->flags, f)); if (!NSAllowKillImmed) nc->flags &= ~NI_KILL_IMMED; -#ifdef USE_ENCRYPTION - if (nc->pass && !(nc->flags & NI_ENCRYPTEDPW)) { - if (debug) - alog("debug: %s: encrypting password for `%s' on load", - s_NickServ, nc->display); - if (encrypt_in_place(nc->pass, PASSMAX) < 0) - fatal("%s: Can't encrypt `%s' nickname password!", - s_NickServ, nc->display); - nc->flags |= NI_ENCRYPTEDPW; - } -#else - if (nc->flags & NI_ENCRYPTEDPW) { - /* Bail: it makes no sense to continue with encrypted - * passwords, since we won't be able to verify them */ - fatal - ("%s: load database: password for %s encrypted but encryption disabled, aborting", - s_NickServ, nc->display); - } -#endif SAFE(read_int16(&nc->language, f)); /* Add services opers and admins to the appropriate list, but diff --git a/src/protocol/bahamut.c b/src/protocol/bahamut.c index c71b46958..7e55959ce 100644 --- a/src/protocol/bahamut.c +++ b/src/protocol/bahamut.c @@ -1300,9 +1300,10 @@ int anope_event_ping(char *source, int ac, char **av) void bahamut_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); + } void bahamut_cmd_bot_nick(char *nick, char *user, char *host, char *real, diff --git a/src/protocol/charybdis.c b/src/protocol/charybdis.c index fa9b495b9..9a8822b5b 100644 --- a/src/protocol/charybdis.c +++ b/src/protocol/charybdis.c @@ -1521,8 +1521,8 @@ int anope_event_tmode(char *source, int ac, char **av) void charybdis_cmd_351(char *source) { send_cmd((UseTS6 ? TS6SID : ServerName), - "351 %s Anope-%s %s :%s - %s -- %s", source, version_number, - ServerName, ircd->name, version_flags, version_build); + "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, + ServerName, ircd->name, version_flags, EncModule, version_build); } /* Event: PROTOCTL */ diff --git a/src/protocol/dreamforge.c b/src/protocol/dreamforge.c index 3ff74be52..78718000f 100644 --- a/src/protocol/dreamforge.c +++ b/src/protocol/dreamforge.c @@ -800,9 +800,10 @@ void dreamforge_cmd_serv_privmsg(char *source, char *dest, char *msg) void dreamforge_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); + } /* QUIT */ diff --git a/src/protocol/hybrid.c b/src/protocol/hybrid.c index 20a43f08e..580f1ec8c 100644 --- a/src/protocol/hybrid.c +++ b/src/protocol/hybrid.c @@ -1199,9 +1199,9 @@ int anope_event_mode(char *source, int ac, char **av) void hybrid_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } /* Event: PROTOCTL */ diff --git a/src/protocol/inspircd.c b/src/protocol/inspircd.c index 5a57e4cb0..cb79610b8 100644 --- a/src/protocol/inspircd.c +++ b/src/protocol/inspircd.c @@ -786,9 +786,9 @@ void inspircd_cmd_bot_chan_mode(char *nick, char *chan) void inspircd_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } /* QUIT */ diff --git a/src/protocol/plexus2.c b/src/protocol/plexus2.c index ff8d289cd..6c7f0f2b8 100644 --- a/src/protocol/plexus2.c +++ b/src/protocol/plexus2.c @@ -1475,9 +1475,9 @@ anope_event_mode (char *source, int ac, char **av) void plexus_cmd_351 (char *source) { - send_cmd (ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd (ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } /* Event: PROTOCTL */ diff --git a/src/protocol/plexus3.c b/src/protocol/plexus3.c index c1e3b64de..745a73a6d 100644 --- a/src/protocol/plexus3.c +++ b/src/protocol/plexus3.c @@ -1432,9 +1432,9 @@ anope_event_mode (char *source, int ac, char **av) void plexus_cmd_351 (char *source) { - send_cmd (ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd (ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } /* Event: PROTOCTL */ diff --git a/src/protocol/ptlink.c b/src/protocol/ptlink.c index 935ccd2a3..beb204975 100644 --- a/src/protocol/ptlink.c +++ b/src/protocol/ptlink.c @@ -1339,9 +1339,11 @@ void ptlink_cmd_bot_nick(char *nick, char *user, char *host, char *real, void ptlink_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); + + } /* SVSHOLD - set */ diff --git a/src/protocol/rageircd.c b/src/protocol/rageircd.c index e24658e04..96965a569 100644 --- a/src/protocol/rageircd.c +++ b/src/protocol/rageircd.c @@ -931,9 +931,9 @@ int anope_event_ping(char *source, int ac, char **av) void rageircd_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } void rageircd_cmd_mode(char *source, char *dest, char *buf) diff --git a/src/protocol/ratbox.c b/src/protocol/ratbox.c index bb997a366..3f89c8a1e 100644 --- a/src/protocol/ratbox.c +++ b/src/protocol/ratbox.c @@ -1498,8 +1498,9 @@ int anope_event_tmode(char *source, int ac, char **av) void ratbox_cmd_351(char *source) { send_cmd((UseTS6 ? TS6SID : ServerName), - "351 %s Anope-%s %s :%s - %s -- %s", source, version_number, - ServerName, ircd->name, version_flags, version_build); + "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, + ServerName, ircd->name, version_flags, EncModule, version_build); + } /* Event: PROTOCTL */ diff --git a/src/protocol/shadowircd.c b/src/protocol/shadowircd.c index efcb8fce8..c02b70913 100644 --- a/src/protocol/shadowircd.c +++ b/src/protocol/shadowircd.c @@ -1471,9 +1471,9 @@ int anope_event_tmode(char *source, int ac, char **av) void shadowircd_cmd_351(char *source) { send_cmd(TS6SID, - "351 %s Anope-%s %s :%s (ShadowProtocol %d) - %s -- %s", + "351 %s Anope-%s %s :%s (ShadowProtocol %d) - %s (%s) -- %s", source, version_number, ServerName, ircd->name, - PROTOCOL_REVISION, version_flags, version_build); + PROTOCOL_REVISION, version_flags, EncModule, version_build); } /* Event: PROTOCTL */ diff --git a/src/protocol/solidircd.c b/src/protocol/solidircd.c index 0f1a77baa..280c0d283 100644 --- a/src/protocol/solidircd.c +++ b/src/protocol/solidircd.c @@ -1325,9 +1325,11 @@ int anope_event_ping(char *source, int ac, char **av) void solidircd_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s)-- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); + + } void solidircd_cmd_bot_nick(char *nick, char *user, char *host, char *real, diff --git a/src/protocol/ultimate2.c b/src/protocol/ultimate2.c index 495a23d07..ff3f79d5f 100644 --- a/src/protocol/ultimate2.c +++ b/src/protocol/ultimate2.c @@ -1308,9 +1308,9 @@ void ultimate2_cmd_nick(char *nick, char *name, char *mode) void ultimate2_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } /* QUIT */ diff --git a/src/protocol/ultimate3.c b/src/protocol/ultimate3.c index ac0d6ee44..479be83ff 100644 --- a/src/protocol/ultimate3.c +++ b/src/protocol/ultimate3.c @@ -1154,9 +1154,10 @@ void ultimate3_cmd_bot_chan_mode(char *nick, char *chan) void ultimate3_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule,version_build); + } /* QUIT */ diff --git a/src/protocol/unreal31.c b/src/protocol/unreal31.c index 8f3b62972..fb1585827 100644 --- a/src/protocol/unreal31.c +++ b/src/protocol/unreal31.c @@ -670,9 +670,9 @@ void unreal_cmd_bot_chan_mode(char *nick, char *chan) void unreal_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } /* QUIT */ diff --git a/src/protocol/unreal32.c b/src/protocol/unreal32.c index 704487a6d..4a0ddbf0e 100644 --- a/src/protocol/unreal32.c +++ b/src/protocol/unreal32.c @@ -709,9 +709,9 @@ void unreal_cmd_bot_chan_mode(char *nick, char *chan) void unreal_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, myIrcd->name, - version_flags, version_build); + version_flags, EncModule, version_build); } /* QUIT */ diff --git a/src/protocol/viagra.c b/src/protocol/viagra.c index ed2f6df4f..56ba9b9c8 100644 --- a/src/protocol/viagra.c +++ b/src/protocol/viagra.c @@ -1317,9 +1317,9 @@ void viagra_cmd_211(char *buf) void viagra_cmd_351(char *source) { - send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s -- %s", + send_cmd(ServerName, "351 %s Anope-%s %s :%s - %s (%s) -- %s", source, version_number, ServerName, ircd->name, version_flags, - version_build); + EncModule, version_build); } void viagra_cmd_bot_nick(char *nick, char *user, char *host, char *real, diff --git a/version.log b/version.log index 15ad09b84..0a916fd12 100644 --- a/version.log +++ b/version.log @@ -9,10 +9,15 @@ VERSION_MAJOR="1" VERSION_MINOR="7" VERSION_PATCH="17" VERSION_EXTRA="-svn" -VERSION_BUILD="1184" +VERSION_BUILD="1185" # $Log$ # +# BUILD : 1.7.17 (1185) +# BUGS : N/A +# NOTES : Encryption now offers the choice of none, old and md5 - the md5 module is nicely taken from irc-services and actaully works, yes, real md5, in anope, wow eh? +# +# # BUILD : 1.7.17 (1184) # BUGS : # NOTES : Development Framework |