viewing paste Unknown #251 | C

Posted on the
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
static int authcheck_md5(aClient *cptr, anAuthStruct *as, char *para)
{
static char buf[512];
int i, r;
char *saltstr, *hashstr;
 
    if (!para)
        return -1;
    r = parsepass(as->data, &saltstr, &hashstr);
    if (r == 0) /* Old method without salt: b64(MD5(<pass>)) */
    {
        char result[16];
        
        DoMD5(result, para, strlen(para));
        if ((i = b64_encode(result, sizeof(result), buf, sizeof(buf))))
        {
            if (!strcmp(buf, as->data))
                return 2;
            else
                return -1;
        } else
            return -1;
    } else {
        /* New method with salt: b64(MD5(MD5(<pass>)+salt)) */
        char result1[MAXSALTLEN+16+1];
        char result2[16];
        char rsalt[MAXSALTLEN+1];
        int rsaltlen;
        
        /* First, decode the salt to something real... */
        rsaltlen = b64_decode(saltstr, rsalt, sizeof(rsalt));
        if (rsaltlen <= 0)
            return -1;
        
        /* Then hash the password (1st round)... */
        DoMD5(result1, para, strlen(para));
 
        /* Add salt to result */
        memcpy(result1+16, rsalt, rsaltlen); /* b64_decode already made sure bounds are ok */
 
        /* Then hash it all together again (2nd round)... */
        DoMD5(result2, result1, rsaltlen+16);
        
        /* Then base64 encode it all and we are done... */
        if ((i = b64_encode(result2, sizeof(result2), buf, sizeof(buf))))
        {
            if (!strcmp(buf, hashstr))
                return 2;
            else
                return -1;
        } else
            return -1;
    }
    return -1; /* NOTREACHED */
}static int authcheck_md5(aClient *cptr, anAuthStruct *as, char *para)
{
static char buf[512];
int i, r;
char *saltstr, *hashstr;
 
    if (!para)
        return -1;
    r = parsepass(as->data, &saltstr, &hashstr);
    if (r == 0) /* Old method without salt: b64(MD5(<pass>)) */
    {
        char result[16];
        
        DoMD5(result, para, strlen(para));
        if ((i = b64_encode(result, sizeof(result), buf, sizeof(buf))))
        {
            if (!strcmp(buf, as->data))
                return 2;
            else
                return -1;
        } else
            return -1;
    } else {
        /* New method with salt: b64(MD5(MD5(<pass>)+salt)) */
        char result1[MAXSALTLEN+16+1];
        char result2[16];
        char rsalt[MAXSALTLEN+1];
        int rsaltlen;
        
        /* First, decode the salt to something real... */
        rsaltlen = b64_decode(saltstr, rsalt, sizeof(rsalt));
        if (rsaltlen <= 0)
            return -1;
        
        /* Then hash the password (1st round)... */
        DoMD5(result1, para, strlen(para));
 
        /* Add salt to result */
        memcpy(result1+16, rsalt, rsaltlen); /* b64_decode already made sure bounds are ok */
 
        /* Then hash it all together again (2nd round)... */
        DoMD5(result2, result1, rsaltlen+16);
        
        /* Then base64 encode it all and we are done... */
        if ((i = b64_encode(result2, sizeof(result2), buf, sizeof(buf))))
        {
            if (!strcmp(buf, hashstr))
                return 2;
            else
                return -1;
        } else
            return -1;
    }
    return -1; /* NOTREACHED */
}
Viewed 777 times, submitted by Guest.