Fixed password authentication

This commit is contained in:
Erik Ekman 2006-11-18 16:08:47 +00:00
parent 8b81909b5b
commit 1c7f63e97a
11 changed files with 689 additions and 39 deletions

View File

@ -7,6 +7,10 @@ iodine - IP over DNS is now easy
CHANGES:
xxxx-xx-xx: 0.3.5
- Added authentication (password entered as argument or on stdin)
- Changed directory structure
2006-11-08: 0.3.4
- Fixed handshake() buffer overflow
(Found by poplix, Secunia: SA22674 / FrSIRT/ADV-2006-4333)

4
README
View File

@ -118,3 +118,7 @@ INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
MD5 implementation by L. Peter Deutsch (license and source in src/login.[ch])
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.

2
TODO
View File

@ -9,8 +9,6 @@ STUFF TO DO:
- Handle multiple concurrent users on one server
- Some kind of authentication?
- Detect if EDNS0 can be used, probe MTU size
- Port to more platforms (Solaris? Windows?)

View File

@ -1,8 +1,8 @@
CC = gcc
CLIENT = ../bin/iodine
CLIENTOBJS = iodine.o tun.o dns.o read.o encoding.o
CLIENTOBJS = iodine.o tun.o dns.o read.o encoding.o login.o
SERVER = ../bin/iodined
SERVEROBJS = iodined.o tun.o dns.o read.o encoding.o
SERVEROBJS = iodined.o tun.o dns.o read.o encoding.o login.o
OS = `uname | tr "a-z" "A-Z"`

View File

@ -172,13 +172,27 @@ dns_ping(int dns_fd)
dns_write(dns_fd, ++pingid, data, 2, 'P');
}
void
dns_handshake(int dns_fd)
void
dns_login(int dns_fd, char *login, int len)
{
char data[2];
data[0] = (pingid & 0xFF00) >> 8;
data[1] = (pingid & 0xFF);
dns_write(dns_fd, ++pingid, data, 2, 'H');
char data[18];
memcpy(data, login, MIN(len, 16));
data[16] = (pingid & 0xFF00) >> 8;
data[17] = (pingid & 0xFF);
dns_write(dns_fd, ++pingid, data, 18, 'L');
}
void
dns_send_version(int dns_fd, int version)
{
char data[6];
int v;
v = htonl(version);
memcpy(data, &v, 4);
data[4] = (pingid & 0xFF00) >> 8;
data[5] = (pingid & 0xFF);
dns_write(dns_fd, ++pingid, data, 6, 'V');
}
static void

View File

@ -24,7 +24,8 @@ void close_dns(int);
int dns_sending();
void dns_handle_tun(int, char *, int);
void dns_ping(int);
void dns_handshake(int);
void dns_send_version(int, int);
void dns_login(int, char *, int);
int dns_read(int, char *, int);
int dns_encode_hostname(const char *, char *, int);

View File

@ -33,12 +33,15 @@
#include "tun.h"
#include "structs.h"
#include "dns.h"
#include "version.h"
#include "login.h"
#ifndef MAX
#define MAX(a,b) ((a)>(b)?(a):(b))
#endif
int running = 1;
char password[33];
static void
sighandler(int sig) {
@ -114,21 +117,21 @@ handshake(int dns_fd)
struct timeval tv;
char server[65];
char client[65];
char login[16];
char in[4096];
int timeout;
fd_set fds;
int read;
int mtu;
int seed;
int version;
int i;
int r;
timeout = 1;
for (i=0; running && i<5 ;i++) {
tv.tv_sec = timeout++;
tv.tv_sec = i + 1;
tv.tv_usec = 0;
dns_handshake(dns_fd);
dns_send_version(dns_fd, VERSION);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
@ -144,14 +147,60 @@ handshake(int dns_fd)
}
if (read > 0) {
if (sscanf(in, "%64[^-]-%64[^-]-%d",
if (strncmp("VACK", in, 4) == 0) {
if (read >= 8) {
memcpy(&seed, in + 4, 4);
seed = ntohl(seed);
printf("Version ok, both running 0x%08x\n", VERSION);
break;
} else {
printf("Version ok but did not receive proper login challenge\n");
}
} else {
memcpy(&version, in + 4, 4);
version = ntohl(version);
printf("You run 0x%08x, server runs 0x%08x. Giving up\n", VERSION, version);
return 1;
}
}
}
if (i == 4)
return 1;
printf("Retrying version check...\n");
}
login_calculate(login, 16, password, seed);
for (i=0; running && i<5 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
dns_login(dns_fd, login, 16);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
read = dns_read(dns_fd, in, sizeof(in));
if(read <= 0) {
perror("read");
continue;
}
if (read > 0) {
if (strncmp("LNAK", in, 4) == 0) {
printf("Bad password\n");
return 1;
} else if (sscanf(in, "%64[^-]-%64[^-]-%d",
server, client, &mtu) == 3) {
server[64] = 0;
client[64] = 0;
if (tun_setip(client) == 0 &&
tun_setmtu(mtu) == 0) {
return 0;
} else {
warn("Received handshake with bad data");
@ -162,7 +211,7 @@ handshake(int dns_fd)
}
}
printf("Retrying...\n");
printf("Retrying login...\n");
}
return 1;
@ -216,11 +265,12 @@ main(int argc, char **argv)
int dns_fd;
username = NULL;
memset(password, 0, 33);
foreground = 0;
newroot = NULL;
device = NULL;
while ((choice = getopt(argc, argv, "vfhu:t:d:")) != -1) {
while ((choice = getopt(argc, argv, "vfhu:t:d:P:")) != -1) {
switch(choice) {
case 'v':
version();
@ -240,6 +290,10 @@ main(int argc, char **argv)
case 'd':
device = optarg;
break;
case 'P':
strncpy(password, optarg, 32);
password[32] = 0;
break;
default:
usage();
break;
@ -264,6 +318,12 @@ main(int argc, char **argv)
usage();
}
}
if (strlen(password) == 0) {
printf("Enter password on stdin:\n");
scanf("%32s", password);
password[32] = 0;
}
if ((tun_fd = open_tun(device)) == -1)
goto cleanup1;
@ -272,13 +332,13 @@ main(int argc, char **argv)
if (dns_settarget(argv[0]) == -1)
goto cleanup2;
printf("Sending queries for %s to %s\n", argv[1], argv[0]);
signal(SIGINT, sighandler);
signal(SIGTERM, sighandler);
if(handshake(dns_fd))
goto cleanup2;
printf("Sending queries for %s to %s\n", argv[1], argv[0]);
if (newroot) {
if (chroot(newroot) != 0 || chdir("/") != 0)

View File

@ -34,6 +34,8 @@
#include "tun.h"
#include "structs.h"
#include "dns.h"
#include "login.h"
#include "version.h"
#ifndef MAX
#define MAX(a,b) ((a)>(b)?(a):(b))
@ -47,6 +49,9 @@ int outid;
struct query q;
struct user u;
char password[33];
int my_mtu;
in_addr_t my_ip;
@ -64,10 +69,14 @@ tunnel(int tun_fd, int dns_fd)
char out[64*1024];
char in[64*1024];
char *tmp[2];
char logindata[16];
long outlen;
fd_set fds;
int read;
int code;
int version;
int seed;
int nseed;
int i;
while (running) {
@ -114,21 +123,54 @@ tunnel(int tun_fd, int dns_fd)
if (read <= 0)
continue;
if(in[0] == 'H' || in[0] == 'h') {
myip.s_addr = my_ip;
clientip.s_addr = my_ip + inet_addr("0.0.0.1");
if(in[0] == 'V' || in[0] == 'v') {
// Version greeting, compare and send ack/nak
if (read >= 5) { // Received V + 32bits version
memcpy(&version, in + 1, 4);
version = ntohl(version);
if (version == VERSION) {
seed = rand();
nseed = htonl(seed);
strcpy(out, "VACK");
memcpy(out+4, &nseed, 4);
dnsd_send(dns_fd, &q, out, 8);
tmp[0] = strdup(inet_ntoa(myip));
tmp[1] = strdup(inet_ntoa(clientip));
read = snprintf(out, sizeof(out), "%s-%s-%d",
tmp[0], tmp[1], my_mtu);
memcpy(&(u.host), &(q.from), q.fromlen);
u.addrlen = q.fromlen;
} else {
version = htonl(VERSION);
strcpy(out, "VNAK");
memcpy(out+4, &version, 4);
dnsd_send(dns_fd, &q, out, 8);
}
} else {
version = htonl(VERSION);
strcpy(out, "VNAK");
memcpy(out+4, &version, 4);
dnsd_send(dns_fd, &q, out, 8);
}
} else if(in[0] == 'L' || in[0] == 'l') {
// Login phase, handle auth
login_calculate(logindata, 16, password, seed);
if (read >= 17 && (memcmp(logindata, in+1, 16) == 0)) {
// Login ok, send ip/mtu info
myip.s_addr = my_ip;
clientip.s_addr = my_ip + inet_addr("0.0.0.1");
dnsd_send(dns_fd, &q, out, read);
q.id = 0;
tmp[0] = strdup(inet_ntoa(myip));
tmp[1] = strdup(inet_ntoa(clientip));
read = snprintf(out, sizeof(out), "%s-%s-%d",
tmp[0], tmp[1], my_mtu);
free(tmp[1]);
free(tmp[0]);
dnsd_send(dns_fd, &q, out, read);
q.id = 0;
free(tmp[1]);
free(tmp[0]);
} else {
dnsd_send(dns_fd, &q, "LNAK", 4);
}
} else if((in[0] >= '0' && in[0] <= '9')
|| (in[0] >= 'a' && in[0] <= 'f')
|| (in[0] >= 'A' && in[0] <= 'F')) {
@ -168,8 +210,9 @@ static void
usage() {
extern char *__progname;
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] [-l ip address to listen on] [-p port]"
" tunnel_ip topdomain\n", __progname);
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
"[-l ip address to listen on] [-p port] [-P password]"
" tunnel_ip topdomain\n", __progname);
exit(2);
}
@ -178,8 +221,9 @@ help() {
extern char *__progname;
printf("iodine IP over DNS tunneling server\n");
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] [-l ip address to listen on] [-p port]"
" tunnel_ip topdomain\n", __progname);
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
"[-l ip address to listen on] [-p port] [-P password]"
" tunnel_ip topdomain\n", __progname);
printf(" -v to print version info and exit\n");
printf(" -h to print this help and exit\n");
printf(" -f to keep running in foreground\n");
@ -189,6 +233,7 @@ help() {
printf(" -m mtu to set tunnel device mtu\n");
printf(" -l ip address to listen on for incoming dns traffic (default 0.0.0.0)\n");
printf(" -p port to listen on for incoming dns traffic (default 53)\n");
printf(" -P password used for authentication (max 32 chars will be used)\n");
printf("tunnel_ip is the IP number of the local tunnel interface.\n");
printf("topdomain is the FQDN that is delegated to this server.\n");
exit(0);
@ -229,8 +274,9 @@ main(int argc, char **argv)
packetbuf.offset = 0;
outpacket.len = 0;
q.id = 0;
memset(password, 0, 33);
while ((choice = getopt(argc, argv, "vfhu:t:d:m:l:p:")) != -1) {
while ((choice = getopt(argc, argv, "vfhu:t:d:m:l:p:P:")) != -1) {
switch(choice) {
case 'v':
version();
@ -263,6 +309,10 @@ main(int argc, char **argv)
printf("You must manually forward port 53 to port %d for things to work.\n", port);
}
break;
case 'P':
strncpy(password, optarg, 32);
password[32] = 0;
break;
default:
usage();
break;
@ -298,6 +348,12 @@ main(int argc, char **argv)
usage();
}
if (strlen(password) == 0) {
printf("Enter password on stdin:\n");
scanf("%32s", password);
password[32] = 0;
}
if ((tun_fd = open_tun(device)) == -1)
goto cleanup0;
if (tun_setip(argv[0]) != 0 || tun_setmtu(mtu) != 0)

409
src/login.c Normal file
View File

@ -0,0 +1,409 @@
/*
Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved.
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
L. Peter Deutsch
ghost@aladdin.com
*/
/* $Id: md5.c,v 1.6 2002/04/13 19:20:28 lpd Exp $ */
/*
Independent implementation of MD5 (RFC 1321).
This code implements the MD5 Algorithm defined in RFC 1321, whose
text is available at
http://www.ietf.org/rfc/rfc1321.txt
The code is derived from the text of the RFC, including the test suite
(section A.5) but excluding the rest of Appendix A. It does not include
any code or documentation that is identified in the RFC as being
copyrighted.
The original and principal author of md5.c is L. Peter Deutsch
<ghost@aladdin.com>. Other authors are noted in the change history
that follows (in reverse chronological order):
2002-04-13 lpd Clarified derivation from RFC 1321; now handles byte order
either statically or dynamically; added missing #include <string.h>
in library.
2002-03-11 lpd Corrected argument list for main(), and added int return
type, in test program and T value program.
2002-02-21 lpd Added missing #include <stdio.h> in test program.
2000-07-03 lpd Patched to eliminate warnings about "constant is
unsigned in ANSI C, signed in traditional"; made test program
self-checking.
1999-11-04 lpd Edited comments slightly for automatic TOC extraction.
1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5).
1999-05-03 lpd Original version.
*/
#include "login.h"
#include <string.h>
#undef BYTE_ORDER /* 1 = big-endian, -1 = little-endian, 0 = unknown */
#ifdef ARCH_IS_BIG_ENDIAN
# define BYTE_ORDER (ARCH_IS_BIG_ENDIAN ? 1 : -1)
#else
# define BYTE_ORDER 0
#endif
#define T_MASK ((md5_word_t)~0)
#define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87)
#define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9)
#define T3 0x242070db
#define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111)
#define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050)
#define T6 0x4787c62a
#define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec)
#define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe)
#define T9 0x698098d8
#define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850)
#define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e)
#define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841)
#define T13 0x6b901122
#define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c)
#define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71)
#define T16 0x49b40821
#define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d)
#define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf)
#define T19 0x265e5a51
#define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855)
#define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2)
#define T22 0x02441453
#define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e)
#define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437)
#define T25 0x21e1cde6
#define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829)
#define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278)
#define T28 0x455a14ed
#define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa)
#define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07)
#define T31 0x676f02d9
#define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375)
#define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd)
#define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e)
#define T35 0x6d9d6122
#define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3)
#define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb)
#define T38 0x4bdecfa9
#define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f)
#define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f)
#define T41 0x289b7ec6
#define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805)
#define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a)
#define T44 0x04881d05
#define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6)
#define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a)
#define T47 0x1fa27cf8
#define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a)
#define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb)
#define T50 0x432aff97
#define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58)
#define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6)
#define T53 0x655b59c3
#define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d)
#define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82)
#define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e)
#define T57 0x6fa87e4f
#define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f)
#define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb)
#define T60 0x4e0811a1
#define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d)
#define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca)
#define T63 0x2ad7d2bb
#define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e)
static void
md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
{
md5_word_t
a = pms->abcd[0], b = pms->abcd[1],
c = pms->abcd[2], d = pms->abcd[3];
md5_word_t t;
#if BYTE_ORDER > 0
/* Define storage only for big-endian CPUs. */
md5_word_t X[16];
#else
/* Define storage for little-endian or both types of CPUs. */
md5_word_t xbuf[16];
const md5_word_t *X;
#endif
{
#if BYTE_ORDER == 0
/*
* Determine dynamically whether this is a big-endian or
* little-endian machine, since we can use a more efficient
* algorithm on the latter.
*/
static const int w = 1;
if (*((const md5_byte_t *)&w)) /* dynamic little-endian */
#endif
#if BYTE_ORDER <= 0 /* little-endian */
{
/*
* On little-endian machines, we can process properly aligned
* data without copying it.
*/
if (!((data - (const md5_byte_t *)0) & 3)) {
/* data are properly aligned */
X = (const md5_word_t *)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
}
#endif
#if BYTE_ORDER == 0
else /* dynamic big-endian */
#endif
#if BYTE_ORDER >= 0 /* big-endian */
{
/*
* On big-endian machines, we must arrange the bytes in the
* right order.
*/
const md5_byte_t *xp = data;
int i;
# if BYTE_ORDER == 0
X = xbuf; /* (dynamic only) */
# else
# define xbuf X /* (static only) */
# endif
for (i = 0; i < 16; ++i, xp += 4)
xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
}
#endif
}
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
/* Round 1. */
/* Let [abcd k s i] denote the operation
a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */
#define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + F(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 0, 7, T1);
SET(d, a, b, c, 1, 12, T2);
SET(c, d, a, b, 2, 17, T3);
SET(b, c, d, a, 3, 22, T4);
SET(a, b, c, d, 4, 7, T5);
SET(d, a, b, c, 5, 12, T6);
SET(c, d, a, b, 6, 17, T7);
SET(b, c, d, a, 7, 22, T8);
SET(a, b, c, d, 8, 7, T9);
SET(d, a, b, c, 9, 12, T10);
SET(c, d, a, b, 10, 17, T11);
SET(b, c, d, a, 11, 22, T12);
SET(a, b, c, d, 12, 7, T13);
SET(d, a, b, c, 13, 12, T14);
SET(c, d, a, b, 14, 17, T15);
SET(b, c, d, a, 15, 22, T16);
#undef SET
/* Round 2. */
/* Let [abcd k s i] denote the operation
a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */
#define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + G(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 1, 5, T17);
SET(d, a, b, c, 6, 9, T18);
SET(c, d, a, b, 11, 14, T19);
SET(b, c, d, a, 0, 20, T20);
SET(a, b, c, d, 5, 5, T21);
SET(d, a, b, c, 10, 9, T22);
SET(c, d, a, b, 15, 14, T23);
SET(b, c, d, a, 4, 20, T24);
SET(a, b, c, d, 9, 5, T25);
SET(d, a, b, c, 14, 9, T26);
SET(c, d, a, b, 3, 14, T27);
SET(b, c, d, a, 8, 20, T28);
SET(a, b, c, d, 13, 5, T29);
SET(d, a, b, c, 2, 9, T30);
SET(c, d, a, b, 7, 14, T31);
SET(b, c, d, a, 12, 20, T32);
#undef SET
/* Round 3. */
/* Let [abcd k s t] denote the operation
a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define SET(a, b, c, d, k, s, Ti)\
t = a + H(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 5, 4, T33);
SET(d, a, b, c, 8, 11, T34);
SET(c, d, a, b, 11, 16, T35);
SET(b, c, d, a, 14, 23, T36);
SET(a, b, c, d, 1, 4, T37);
SET(d, a, b, c, 4, 11, T38);
SET(c, d, a, b, 7, 16, T39);
SET(b, c, d, a, 10, 23, T40);
SET(a, b, c, d, 13, 4, T41);
SET(d, a, b, c, 0, 11, T42);
SET(c, d, a, b, 3, 16, T43);
SET(b, c, d, a, 6, 23, T44);
SET(a, b, c, d, 9, 4, T45);
SET(d, a, b, c, 12, 11, T46);
SET(c, d, a, b, 15, 16, T47);
SET(b, c, d, a, 2, 23, T48);
#undef SET
/* Round 4. */
/* Let [abcd k s t] denote the operation
a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */
#define I(x, y, z) ((y) ^ ((x) | ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + I(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d, 0, 6, T49);
SET(d, a, b, c, 7, 10, T50);
SET(c, d, a, b, 14, 15, T51);
SET(b, c, d, a, 5, 21, T52);
SET(a, b, c, d, 12, 6, T53);
SET(d, a, b, c, 3, 10, T54);
SET(c, d, a, b, 10, 15, T55);
SET(b, c, d, a, 1, 21, T56);
SET(a, b, c, d, 8, 6, T57);
SET(d, a, b, c, 15, 10, T58);
SET(c, d, a, b, 6, 15, T59);
SET(b, c, d, a, 13, 21, T60);
SET(a, b, c, d, 4, 6, T61);
SET(d, a, b, c, 11, 10, T62);
SET(c, d, a, b, 2, 15, T63);
SET(b, c, d, a, 9, 21, T64);
#undef SET
/* Then perform the following additions. (That is increment each
of the four registers by the value it had before this block
was started.) */
pms->abcd[0] += a;
pms->abcd[1] += b;
pms->abcd[2] += c;
pms->abcd[3] += d;
}
void
md5_init(md5_state_t *pms)
{
pms->count[0] = pms->count[1] = 0;
pms->abcd[0] = 0x67452301;
pms->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476;
pms->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301;
pms->abcd[3] = 0x10325476;
}
void
md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes)
{
const md5_byte_t *p = data;
int left = nbytes;
int offset = (pms->count[0] >> 3) & 63;
md5_word_t nbits = (md5_word_t)(nbytes << 3);
if (nbytes <= 0)
return;
/* Update the message length. */
pms->count[1] += nbytes >> 29;
pms->count[0] += nbits;
if (pms->count[0] < nbits)
pms->count[1]++;
/* Process an initial partial block. */
if (offset) {
int copy = (offset + nbytes > 64 ? 64 - offset : nbytes);
memcpy(pms->buf + offset, p, copy);
if (offset + copy < 64)
return;
p += copy;
left -= copy;
md5_process(pms, pms->buf);
}
/* Process full blocks. */
for (; left >= 64; p += 64, left -= 64)
md5_process(pms, p);
/* Process a final partial block. */
if (left)
memcpy(pms->buf, p, left);
}
void
md5_finish(md5_state_t *pms, md5_byte_t digest[16])
{
static const md5_byte_t pad[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
md5_byte_t data[8];
int i;
/* Save the length before padding. */
for (i = 0; i < 8; ++i)
data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
/* Pad to 56 bytes mod 64. */
md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
/* Append the length. */
md5_append(pms, data, 8);
for (i = 0; i < 16; ++i)
digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
}
/***********************************************************/
/********** end of md5 code - login functions below ********/
/***********************************************************/
// Needs a 16byte array for output, and 32 bytes password
void login_calculate(char *out, int len, char *pass, int seed) {
char temp[32];
md5_state_t ctx;
int i;
int *ix;
if (len < 16) {
return;
}
memcpy(temp, pass, 32);
ix = (int *) temp;
for (i = 0; i < 8; i++) {
*ix++ ^= seed;
}
md5_init(&ctx);
md5_append(&ctx, temp, 32);
md5_finish(&ctx, out);
}

98
src/login.h Normal file
View File

@ -0,0 +1,98 @@
/*
Copyright (C) 1999, 2002 Aladdin Enterprises. All rights reserved.
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
L. Peter Deutsch
ghost@aladdin.com
*/
/* $Id: md5.h,v 1.4 2002/04/13 19:20:28 lpd Exp $ */
/*
Independent implementation of MD5 (RFC 1321).
This code implements the MD5 Algorithm defined in RFC 1321, whose
text is available at
http://www.ietf.org/rfc/rfc1321.txt
The code is derived from the text of the RFC, including the test suite
(section A.5) but excluding the rest of Appendix A. It does not include
any code or documentation that is identified in the RFC as being
copyrighted.
The original and principal author of md5.h is L. Peter Deutsch
<ghost@aladdin.com>. Other authors are noted in the change history
that follows (in reverse chronological order):
2002-04-13 lpd Removed support for non-ANSI compilers; removed
references to Ghostscript; clarified derivation from RFC 1321;
now handles byte order either statically or dynamically.
1999-11-04 lpd Edited comments slightly for automatic TOC extraction.
1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5);
added conditionalization for C++ compilation from Martin
Purschke <purschke@bnl.gov>.
1999-05-03 lpd Original version.
*/
#ifndef md5_INCLUDED
# define md5_INCLUDED
/*
* This package supports both compile-time and run-time determination of CPU
* byte order. If ARCH_IS_BIG_ENDIAN is defined as 0, the code will be
* compiled to run only on little-endian CPUs; if ARCH_IS_BIG_ENDIAN is
* defined as non-zero, the code will be compiled to run only on big-endian
* CPUs; if ARCH_IS_BIG_ENDIAN is not defined, the code will be compiled to
* run on either big- or little-endian CPUs, but will run slightly less
* efficiently on either one than if ARCH_IS_BIG_ENDIAN is defined.
*/
typedef unsigned char md5_byte_t; /* 8-bit byte */
typedef unsigned int md5_word_t; /* 32-bit word */
/* Define the state of the MD5 Algorithm. */
typedef struct md5_state_s {
md5_word_t count[2]; /* message length in bits, lsw first */
md5_word_t abcd[4]; /* digest buffer */
md5_byte_t buf[64]; /* accumulate block */
} md5_state_t;
#ifdef __cplusplus
extern "C"
{
#endif
/* Initialize the algorithm. */
void md5_init(md5_state_t *pms);
/* Append a string to the message. */
void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes);
/* Finish the message and return the digest. */
void md5_finish(md5_state_t *pms, md5_byte_t digest[16]);
#ifdef __cplusplus
} /* end extern "C" */
#endif
/***********************************************************/
/********** end of md5 code - login functions below ********/
/***********************************************************/
void login_calculate(char *, int, char *, int);
#endif /* md5_INCLUDED */

View File

@ -32,4 +32,10 @@ struct query {
int fromlen;
};
struct user {
int id;
struct sockaddr host;
int addrlen;
};
#endif /* _STRUCTS_H_ */