From e6fabf4ccdf96658e5952c5a597bb68b0b801741 Mon Sep 17 00:00:00 2001
From: MadCamel <madcamel@gmail.com>
Date: Tue, 26 Jan 2010 18:44:06 -0500
Subject: Added password encryption to the accounts database, removed logging
 of plaintext passwords Will auto-convert accounts DB to new format.

---
 src/ladmin/md5calc.c | 42 +++++++++++++++++++++++++++++++++++++++++-
 src/ladmin/md5calc.h |  5 ++++-
 2 files changed, 45 insertions(+), 2 deletions(-)

(limited to 'src/ladmin')

diff --git a/src/ladmin/md5calc.c b/src/ladmin/md5calc.c
index 49a4aaa..cf9d958 100644
--- a/src/ladmin/md5calc.c
+++ b/src/ladmin/md5calc.c
@@ -1,4 +1,4 @@
-// $Id: md5calc.c,v 1.1.1.1 2004/09/10 17:26:53 MagicalTux Exp $
+// $Id: md5calc.c,v 1.1.1.1 2004/09/10 17:26:54 MagicalTux Exp $
 /***********************************************************
  * md5 calculation algorithm
  *
@@ -10,6 +10,7 @@
 #include "md5calc.h"
 #include <string.h>
 #include <stdio.h>
+#include "mt_rand.h"
 
 #ifndef UINT_MAX
 #define UINT_MAX 4294967295U
@@ -291,3 +292,42 @@ void MD5_String (const char *string, char *output)
              digest[8], digest[9], digest[10], digest[11],
              digest[12], digest[13], digest[14], digest[15]);
 }
+
+// Hash a password with a salt.
+char *MD5_saltcrypt(const char *key, const char *salt)
+{
+	char buf[66], *sbuf = buf+32;
+	static char obuf[33];
+
+	// hash the key then the salt
+	// buf ends up as a 64char null terminated string
+	MD5_String(key, buf);
+	MD5_String(salt, sbuf);
+
+	// Hash the buffer back into sbuf
+	MD5_String(buf, sbuf);
+
+	snprintf(obuf, 32, "!%s$%s", salt, sbuf);
+	return(obuf);
+}
+
+char *make_salt() {
+	static char salt[6];
+	int i;
+	for (i=0; i<5; i++)
+		salt[i] = (char)((mt_rand() % 78) + 48);
+	salt[5] = '\0';
+	return(salt);
+}
+
+int pass_ok(const char *password, const char *crypted) {
+	char buf[40], *salt=buf+1;
+
+	strncpy(buf, crypted, 40);
+	*strchr(buf, '$') = '\0';
+
+	if (!strcmp(crypted, MD5_saltcrypt(password, salt)))
+		return(1);
+
+	return(0);
+}
diff --git a/src/ladmin/md5calc.h b/src/ladmin/md5calc.h
index ddf176c..3571466 100644
--- a/src/ladmin/md5calc.h
+++ b/src/ladmin/md5calc.h
@@ -1,8 +1,11 @@
-// $Id: md5calc.h,v 1.1.1.1 2004/09/10 17:26:53 MagicalTux Exp $
+// $Id: md5calc.h,v 1.1.1.1 2004/09/10 17:26:54 MagicalTux Exp $
 #ifndef _MD5CALC_H_
 #define _MD5CALC_H_
 
 void MD5_String (const char *string, char *output);
 void MD5_String2binary (const char *string, char *output);
+char *MD5_saltcrypt(const char *key, const char *salt);
+char *make_salt();
+int pass_ok(const char *password, const char *crypted);
 
 #endif
-- 
cgit v1.2.3-70-g09d2