diff options
| author | Martin Willi <martin@strongswan.org> | 2007-09-27 07:15:47 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2007-09-27 07:15:47 +0000 |
| commit | 93720075df0498f1ad60ed1d510045814b5207f1 (patch) | |
| tree | ec3d6739b9019710093d017448d5ca306eaf1880 /src | |
| parent | 324abae2ef4e68d54fc3a3a4271fb5bafff8171a (diff) | |
| download | strongswan-93720075df0498f1ad60ed1d510045814b5207f1.tar.bz2 strongswan-93720075df0498f1ad60ed1d510045814b5207f1.tar.xz | |
implemented SHA1 encrypted passwords for manager
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/chunk.c | 35 | ||||
| -rw-r--r-- | src/libstrongswan/chunk.h | 5 | ||||
| -rw-r--r-- | src/manager/database.c | 20 | ||||
| -rw-r--r-- | src/manager/lib/request.c | 4 | ||||
| -rw-r--r-- | src/manager/manager.db | bin | 12288 -> 12288 bytes |
5 files changed, 57 insertions, 7 deletions
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c index 9134b5af9..0d7841641 100644 --- a/src/libstrongswan/chunk.c +++ b/src/libstrongswan/chunk.c @@ -248,6 +248,35 @@ bool chunk_write(chunk_t chunk, const char *path, const char *label, mode_t mask } } +/** hex conversion digits */ +static char hexdig_upper[] = "0123456789ABCDEF"; +static char hexdig_lower[] = "0123456789abcdef"; + +/** + * Described in header. + */ +char *chunk_to_hex(chunk_t chunk, bool uppercase) +{ + int i; + char *str; + char *hexdig = hexdig_lower; + + if (uppercase) + { + hexdig = hexdig_upper; + } + + str = malloc(chunk.len * 2 + 1); + str[chunk.len * 2] = '\0'; + + for (i = 0; i < chunk.len; i ++) + { + str[i*2] = hexdig[(chunk.ptr[i] >> 4) & 0xF]; + str[i*2+1] = hexdig[(chunk.ptr[i] ) & 0xF]; + } + return str; +} + /** * Described in header. */ @@ -354,10 +383,8 @@ static int print_bytes(FILE *stream, const struct printf_info *info, while (bytes_pos < bytes_roof) { - static char hexdig[] = "0123456789ABCDEF"; - - *buffer_pos++ = hexdig[(*bytes_pos >> 4) & 0xF]; - *buffer_pos++ = hexdig[ *bytes_pos & 0xF]; + *buffer_pos++ = hexdig_upper[(*bytes_pos >> 4) & 0xF]; + *buffer_pos++ = hexdig_upper[ *bytes_pos & 0xF]; ascii_buffer[i++] = (*bytes_pos > 31 && *bytes_pos < 127) ? *bytes_pos : '.'; diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index 70dc2ce44..9c0aabba1 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -84,6 +84,11 @@ void chunk_split(chunk_t chunk, const char *mode, ...); bool chunk_write(chunk_t chunk, const char *path, const char *label, mode_t mask, bool force); /** + * convert a chunk to an allocated hex string + */ +char *chunk_to_hex(chunk_t chunk, bool uppercase); + +/** * Free contents of a chunk */ void chunk_free(chunk_t *chunk); diff --git a/src/manager/database.c b/src/manager/database.c index 46ac5a6a9..ebd9fa971 100644 --- a/src/manager/database.c +++ b/src/manager/database.c @@ -25,6 +25,7 @@ #include <sqlite3.h> #include <library.h> #include <enumerator.h> +#include <crypto/hashers/hasher.h> typedef struct private_database_t private_database_t; @@ -100,20 +101,37 @@ static enumerator_t* empty_enumerator_create() static int login(private_database_t *this, char *username, char *password) { sqlite3_stmt *stmt; + hasher_t *hasher; + chunk_t hash, data; + size_t username_len, password_len; int uid = 0; + char *str; + + /* hash = SHA1( username | password ) */ + hasher = hasher_create(HASH_SHA1); + hash = chunk_alloca(hasher->get_hash_size(hasher)); + username_len = strlen(username); + password_len = strlen(password); + data = chunk_alloca(username_len + password_len); + memcpy(data.ptr, username, username_len); + memcpy(data.ptr + username_len, password, password_len); + hasher->get_hash(hasher, data, hash.ptr); + hasher->destroy(hasher); + str = chunk_to_hex(hash, FALSE); if (sqlite3_prepare_v2(this->db, "SELECT oid FROM users WHERE username = ? AND password = ?;", -1, &stmt, NULL) == SQLITE_OK) { if (sqlite3_bind_text(stmt, 1, username, -1, SQLITE_STATIC) == SQLITE_OK && - sqlite3_bind_text(stmt, 2, password, -1, SQLITE_STATIC) == SQLITE_OK && + sqlite3_bind_text(stmt, 2, str, -1, SQLITE_STATIC) == SQLITE_OK && sqlite3_step(stmt) == SQLITE_ROW) { uid = sqlite3_column_int(stmt, 0); } sqlite3_finalize(stmt); } + free(str); return uid; } diff --git a/src/manager/lib/request.c b/src/manager/lib/request.c index 42cd9df2c..4623b3860 100644 --- a/src/manager/lib/request.c +++ b/src/manager/lib/request.c @@ -62,12 +62,12 @@ struct private_request_t { * ClearSilver cgiwrap is not threadsave, so we use a private * context for each thread. */ -__thread FCGX_Request *req; +static __thread FCGX_Request *req; /** * length of param list in req->envp */ -__thread int req_env_len; +static __thread int req_env_len; /** * fcgiwrap read callback diff --git a/src/manager/manager.db b/src/manager/manager.db Binary files differindex 01c1f2722..23b6ed2e0 100644 --- a/src/manager/manager.db +++ b/src/manager/manager.db |