Changeset 8072


Ignore:
Timestamp:
Mar 17, 2009, 9:50:20 PM (13 years ago)
Author:
livings124
Message:

#1276 encrypt the password to access web client interface using SHA-2

Location:
trunk/libtransmission
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/libtransmission/crypto.c

    r7870 r8072  
    2020
    2121#include <openssl/bn.h>
     22#include <openssl/des.h>
    2223#include <openssl/dh.h>
    2324#include <openssl/err.h>
     
    350351}
    351352
     353/***
     354****
     355***/
     356
     357char*
     358tr_crypt( const void * plaintext )
     359{
     360    static const char * salter = "0123456789"
     361                                 "abcdefghijklmnopqrstuvwxyz"
     362                                 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
     363                                 "./";
     364    static const size_t salter_len = 64;
     365
     366    int i;
     367    char salt[12];
     368
     369    memcpy( salt, "$1$", 3 );
     370    for( i=0; i<8; ++i )
     371        salt[3+i] = salter[ tr_cryptoRandInt( salter_len ) ];
     372    salt[11] = '\0';
     373
     374    return tr_strdup( DES_crypt( plaintext, salt ) );
     375}
  • trunk/libtransmission/crypto.h

    r7658 r8072  
    9696                                 size_t         len );
    9797
     98char*          tr_crypt( const void * plaintext );
     99
     100
    98101#endif
  • trunk/libtransmission/rpc-server.c

    r7914 r8072  
    3030#include "transmission.h"
    3131#include "bencode.h"
     32#include "crypto.h"
    3233#include "list.h"
    3334#include "platform.h"
     
    314315        if( errno )
    315316        {
    316             send_simple_response( req, HTTP_NOTFOUND, NULL );
     317            send_simple_response( req, HTTP_NOTFOUND, filename );
    317318        }
    318319        else
     
    465466                user = p;
    466467                *pass++ = '\0';
     468                pass = tr_crypt( pass );
    467469            }
    468470        }
     
    507509        else
    508510        {
    509             send_simple_response( req, HTTP_NOTFOUND, NULL );
    510         }
    511 
     511            send_simple_response( req, HTTP_NOTFOUND, req->uri );
     512        }
     513
     514        tr_free( pass );
    512515        tr_free( user );
    513516    }
     
    669672{
    670673    tr_free( server->password );
    671     server->password = tr_strdup( password );
     674    server->password = tr_crypt( password );
    672675    dbgmsg( "setting our Password to [%s]", server->password );
    673676}
  • trunk/libtransmission/session.c

    r8047 r8072  
    298298    tr_bencDictAddInt( d, TR_PREFS_KEY_RPC_AUTH_REQUIRED,        tr_sessionIsRPCPasswordEnabled( s ) );
    299299    tr_bencDictAddInt( d, TR_PREFS_KEY_RPC_ENABLED,              tr_sessionIsRPCEnabled( s ) );
    300     tr_bencDictAddStr( d, TR_PREFS_KEY_RPC_PASSWORD,             freeme[n++] = tr_sessionGetRPCPassword( s ) );
    301300    tr_bencDictAddInt( d, TR_PREFS_KEY_RPC_PORT,                 tr_sessionGetRPCPort( s ) );
    302301    tr_bencDictAddStr( d, TR_PREFS_KEY_RPC_USERNAME,             freeme[n++] = tr_sessionGetRPCUsername( s ) );
     
    14551454}
    14561455
    1457 char*
    1458 tr_sessionGetRPCPassword( const tr_session * session )
    1459 {
    1460     assert( tr_isSession( session ) );
    1461 
    1462     return tr_rpcGetPassword( session->rpcServer );
    1463 }
    1464 
    14651456void
    14661457tr_sessionSetRPCUsername( tr_session * session,
  • trunk/libtransmission/transmission.h

    r8021 r8072  
    371371                                const char * username );
    372372
    373 /** @brief get the password used to restrict RPC requests.
    374     @return the password string. tr_free() when done.
    375     @see tr_sessionInit()
    376     @see tr_sessionSetRPCPassword() */
    377 char* tr_sessionGetRPCPassword( const tr_session * session );
    378 
    379373char* tr_sessionGetRPCUsername( const tr_session * session  );
    380374
Note: See TracChangeset for help on using the changeset viewer.