/[imapfilter]/imapfilter/passwd.c
ViewVC logotype

Contents of /imapfilter/passwd.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.12 - (show annotations)
Mon May 26 08:29:58 2003 UTC (20 years, 10 months ago) by lefcha
Branch: MAIN
Changes since 1.11: +19 -14 lines
File MIME type: text/plain
Dynamic memory allocation for encrypted passwords editor.

1 #include <stdio.h>
2 #include <string.h>
3 #include <stdlib.h>
4 #include <limits.h>
5
6 #include "config.h"
7 #include "imapfilter.h"
8 #include "data.h"
9
10 #ifdef ENCRYPTED_PASSWORDS
11 #include <openssl/evp.h>
12 #endif
13
14
15 extern unsigned int flags;
16 extern account_t *accounts;
17
18 #ifdef ENCRYPTED_PASSWORDS
19 extern char *passphr;
20
21 #endif
22
23 /*
24 * Get password from user interactively.
25 */
26 void
27 get_password(char *passwd, size_t pwlen)
28 {
29 char *c;
30
31 tty_disable_echo();
32
33 if (fgets(passwd, pwlen, stdin))
34 if ((c = strchr(passwd, '\n')))
35 *c = '\0';
36
37 tty_restore();
38
39 putchar('\n');
40 }
41
42
43 #ifdef ENCRYPTED_PASSWORDS
44 /*
45 * Encrypt and Base64 encode passwords. Append the MD5 checksum of the
46 * passwords before encrypting them.
47 */
48 int
49 encrypt_passwords(FILE * fd, account_t ** accts)
50 {
51 int i;
52 char *c;
53 unsigned char iv[EVP_MAX_IV_LENGTH];
54 unsigned char *key;
55 unsigned char buf[ENCRYPTION_BUF];
56 unsigned char ebuf[ENCRYPTION_BUF];
57 unsigned char bbuf[ENCRYPTION_BUF];
58 unsigned char mdv[EVP_MAX_MD_SIZE];
59 int mdl, ebufl, bbufl;
60 EVP_CIPHER_CTX ctx;
61 EVP_MD_CTX mdctx;
62 EVP_ENCODE_CTX bctx;
63
64 key = (unsigned char *)smalloc(EVP_MAX_KEY_LENGTH);
65
66 srandom(time(NULL));
67
68 /* Initialization vector. */
69 c = ultostr(1 + random() % 100000000, 10);
70 snprintf(iv, EVP_MAX_IV_LENGTH, "%08s", c);
71 fprintf(fd, "%s\n", iv);
72
73 EVP_CIPHER_CTX_init(&ctx);
74
75 EVP_BytesToKey(EVP_bf_cbc(), EVP_md5(), NULL, passphr, strlen(passphr), 1,
76 key, NULL);
77
78 EVP_DigestInit(&mdctx, EVP_md5());
79 EVP_EncryptInit(&ctx, EVP_bf_cbc(), key, iv);
80 EVP_EncodeInit(&bctx);
81
82 for (i = 0; accts[i] != NULL; i++) {
83 snprintf(buf, ENCRYPTION_BUF, "%s %s %s\n", accts[i]->server,
84 accts[i]->username, accts[i]->password);
85 EVP_DigestUpdate(&mdctx, buf, strlen(buf));
86 EVP_EncryptUpdate(&ctx, ebuf, &ebufl, buf, strlen(buf));
87 EVP_EncodeUpdate(&bctx, bbuf, &bbufl, ebuf, ebufl);
88
89 fwrite(bbuf, sizeof(char), bbufl, fd);
90 }
91
92 EVP_DigestFinal(&mdctx, mdv, &mdl);
93
94 xstrncpy(buf, ".\n", ENCRYPTION_BUF - 1);
95
96 /* MD5 checksum of data. */
97 for (i = 0; i < mdl; i++)
98 snprintf(2 + buf + i * 2, ENCRYPTION_BUF - 3 - i * 2, "%02x",
99 mdv[i]);
100
101 EVP_EncryptUpdate(&ctx, ebuf, &ebufl, buf, strlen(buf));
102 EVP_EncodeUpdate(&bctx, bbuf, &bbufl, ebuf, ebufl);
103 fwrite(bbuf, sizeof(char), bbufl, fd);
104
105 EVP_EncryptFinal(&ctx, ebuf, &ebufl);
106
107 EVP_EncodeUpdate(&bctx, bbuf, &bbufl, ebuf, ebufl);
108 fwrite(bbuf, sizeof(char), bbufl, fd);
109
110 EVP_EncodeFinal(&bctx, bbuf, &bbufl);
111 fwrite(bbuf, sizeof(char), bbufl, fd);
112
113 EVP_CIPHER_CTX_cleanup(&ctx);
114
115 return 0;
116 }
117
118
119 /*
120 * Decode (Base64) passwords, decrypt them and verify the MD5 checksum.
121 */
122 int
123 decrypt_passwords(unsigned char **buf, FILE * fd)
124 {
125 int i, j;
126 unsigned char iv[EVP_MAX_IV_LENGTH];
127 unsigned char *key;
128 unsigned char *c;
129 unsigned char ebuf[LINE_MAX];
130 unsigned char bbuf[LINE_MAX];
131 unsigned char mdv[EVP_MAX_MD_SIZE];
132 unsigned char mdc[EVP_MAX_MD_SIZE * 2 + 1];
133 int mdl, bufl, ebufl;
134 EVP_CIPHER_CTX *ctx;
135 EVP_MD_CTX mdctx;
136 EVP_ENCODE_CTX bctx;
137
138 j = 1;
139
140 c = *buf = (unsigned char *)smalloc(DECRYPTION_BUF * sizeof(char));
141 key = (unsigned char *)smalloc(EVP_MAX_KEY_LENGTH);
142 ctx = (EVP_CIPHER_CTX *) smalloc(sizeof(EVP_CIPHER_CTX));
143
144 fgets(bbuf, LINE_MAX, fd);
145
146 memcpy(iv, bbuf, EVP_MAX_IV_LENGTH);
147
148 EVP_CIPHER_CTX_init(ctx);
149
150 EVP_BytesToKey(EVP_bf_cbc(), EVP_md5(), NULL, passphr, strlen(passphr),
151 1, key, NULL);
152
153 EVP_DecryptInit(ctx, EVP_bf_cbc(), key, iv);
154 EVP_DecodeInit(&bctx);
155
156 while (fgets(bbuf, LINE_MAX, fd)) {
157 EVP_DecodeUpdate(&bctx, ebuf, &ebufl, bbuf, strlen(bbuf));
158 if (!EVP_DecryptUpdate(ctx, c, &bufl, ebuf, ebufl))
159 goto fail;
160
161 c += bufl;
162 *c = '\0';
163
164 if (c - *buf > DECRYPTION_BUF * j - 64) {
165 i = c - *buf;
166 *buf = (char *)srealloc(*buf, DECRYPTION_BUF * ++j);
167 c = *buf + i;
168 *c = '\0';
169 }
170 }
171
172 EVP_DecodeFinal(&bctx, ebuf, &ebufl);
173 if (!EVP_DecryptFinal(ctx, c, &bufl))
174 goto fail;
175
176 c += bufl;
177 *c = '\0';
178
179 /* Calculate the MD5 checksum and check if it is correct. */
180 if (!(c = strstr(*buf, "\n.\n")))
181 goto fail;
182
183 EVP_DigestInit(&mdctx, EVP_md5());
184 EVP_DigestUpdate(&mdctx, *buf, c - *buf + 1);
185 EVP_DigestFinal(&mdctx, mdv, &mdl);
186
187 for (i = 0; i < mdl; i++)
188 snprintf(mdc + i * 2, EVP_MAX_MD_SIZE * 2 + 1 - i * 2, "%02x",
189 mdv[i]);
190
191 c += 3;
192
193 if (strncmp(c, mdc, 32))
194 goto fail;
195
196 EVP_CIPHER_CTX_cleanup(ctx);
197
198 sfree(key);
199 sfree(ctx);
200
201 return 0;
202
203 fail:
204 error("Wrong master passphrase.\n");
205 EVP_CIPHER_CTX_cleanup(ctx);
206 sfree(*buf);
207 sfree(key);
208 sfree(ctx);
209
210 return ERROR_DECRYPT;
211 }
212
213
214 /*
215 * Interactive encrypted passwords editor.
216 */
217 void
218 password_editor(void)
219 {
220 int i, q, n, pn;
221 char buf[LINE_MAX];
222 char *c;
223 char *p[2];
224 account_t *a, **accts;
225
226 if (!(flags & FLAG_BLANK_PASSWORD)) {
227 error("no candidate passwords for encryption found\n");
228 return;
229 }
230 q = pn = 0;
231
232 for (a = accounts; a != NULL; a = a->next)
233 if (a->passwdattr == PASSWORD_NONE ||
234 a->passwdattr == PASSWORD_ENCRYPTED)
235 pn++;
236
237 accts = (account_t **) xmalloc((pn + 1) * sizeof(account_t *));
238
239 memset(accts, 0, (pn + 1) * sizeof(account_t *));
240
241 for (i = 0, a = accounts; a != NULL; a = a->next) {
242 if (a->passwdattr == PASSWORD_NONE ||
243 a->passwdattr == PASSWORD_ENCRYPTED)
244 accts[i++] = a;
245 }
246
247 do {
248 printf("cmd: ");
249 fgets(buf, LINE_MAX, stdin);
250 c = buf;
251 for (;; c++) {
252 if (*c == ' ' || *c == '\t')
253 continue;
254 else if (*c == '?' || *c == 'h')
255 printf("c\tclear a password entry\n"
256 "e\tedit a password entry\n"
257 "h\thelp\n"
258 "l\tlist entries\n"
259 "p\tchange master password\n"
260 "q\tquit without saving\n"
261 "w\tsave changes\n"
262 "x\tsave and exit\n");
263 else if (*c == 'q')
264 q = 1;
265 else if (*c == 'l')
266 for (i = 0; i < pn; i++)
267 printf("%d %s %s %s\n", i + 1,
268 accts[i]->server,
269 accts[i]->username,
270 accts[i]->password);
271 else if (*c == 'e') {
272 n = atoi(++c);
273 if (n == 0 || n < 1 ||
274 n > pn ||
275 accts[n - 1] == NULL)
276 break;
277 accts[n - 1]->password[0] = '\0';
278 printf("Enter new password: ");
279 if (fgets(accts[n - 1]->password, PASSWORD_LEN,
280 stdin) &&
281 (c = strchr(accts[n - 1]->password, '\n')))
282 *c = '\0';
283 } else if (*c == 'c') {
284 n = atoi(++c);
285 if (n == 0 || n < 1 ||
286 n > pn ||
287 accts[n - 1] == NULL)
288 break;
289 accts[n - 1]->password[0] = '\0';
290 } else if (*c == 'p') {
291 p[0] = (char *)smalloc(PASSPHRASE_LEN);
292 p[1] = (char *)smalloc(PASSPHRASE_LEN);
293 do {
294 for (i = 0; i < 2; i++) {
295 printf("Enter %snew master "
296 "password: ",
297 i ? "again " : "");
298 get_password(p[i],
299 PASSPHRASE_LEN);
300 }
301 } while (strcmp(p[0], p[1]));
302 xstrncpy(passphr, p[0], PASSPHRASE_LEN - 1);
303 sfree(p[0]);
304 sfree(p[1]);
305 } else if (*c == 'w' || *c == 's') {
306 store_passwords(accts);
307 } else if (*c == 'x') {
308 store_passwords(accts);
309 q = 1;
310 } else
311 break;
312 }
313 } while (!q);
314 }
315
316 #endif /* ENCRYPTED_PASSWORDS */

webmaster@linux.gr
ViewVC Help
Powered by ViewVC 1.1.26