diff options
Diffstat (limited to 'src/proxyfunc.c')
-rw-r--r-- | src/proxyfunc.c | 48 |
1 files changed, 37 insertions, 11 deletions
diff --git a/src/proxyfunc.c b/src/proxyfunc.c index 54b7789..95257c2 100644 --- a/src/proxyfunc.c +++ b/src/proxyfunc.c @@ -1,4 +1,5 @@ #include "astmanproxy.h" +#include "md5.h" extern struct mansession *sessions; extern struct iohandler *iohandlers; @@ -106,6 +107,28 @@ void *ProxySetAutoFilter(struct mansession *s, struct message *m) { return 0; } +int AuthMD5(char *key, char *challenge, char *password) { + int x; + int len=0; + char md5key[256] = ""; + struct MD5Context md5; + unsigned char digest[16]; + + if (!*challenge || !*password || !*key) + return 1; + + MD5Init(&md5); + MD5Update(&md5, (unsigned char *) challenge, strlen(challenge)); + MD5Update(&md5, (unsigned char *) password, strlen(password)); + MD5Final(digest, &md5); + for (x=0;x<16;x++) + len += sprintf(md5key + len, "%2.2x", digest[x]); + if (!strcmp(md5key, key)) + return 0; + + return 1; +} + void *ProxyLogin(struct mansession *s, struct message *m) { struct message mo; struct proxy_user *pu; @@ -122,17 +145,20 @@ void *ProxyLogin(struct mansession *s, struct message *m) { pthread_mutex_lock(&userslock); pu = pc.userlist; while( pu ) { - if ( !strcmp(user, pu->username) && !strcmp(secret, pu->secret) ) { - AddHeader(&mo, "Response: Success"); - AddHeader(&mo, "Message: Authentication accepted"); - s->output->write(s, &mo); - s->authenticated = 1; - strcpy(s->user.channel, pu->channel); - strcpy(s->user.icontext, pu->icontext); - strcpy(s->user.ocontext, pu->ocontext); - if( debug ) - debugmsg("Login as: %s", user); - break; + if ( !strcmp(user, pu->username) ) { + if (!AuthMD5(md5key, s->challenge, pu->secret) || + !strcmp(secret, pu->secret) ) { + AddHeader(&mo, "Response: Success"); + AddHeader(&mo, "Message: Authentication accepted"); + s->output->write(s, &mo); + s->authenticated = 1; + strcpy(s->user.channel, pu->channel); + strcpy(s->user.icontext, pu->icontext); + strcpy(s->user.ocontext, pu->ocontext); + if( debug ) + debugmsg("Login as: %s", user); + break; + } } pu = pu->next; } |