diff --git a/Changes b/Changes index a8d796f63..81f92d274 100644 --- a/Changes +++ b/Changes @@ -1361,3 +1361,5 @@ seen. gmtime warning still there - More WinXP IPv6, finished headers, replaced calls to inet_ntoa with Inet_ia2p - Added support for the RIPEMD-160 encryption algorithm for encrypted passwords (supposed to be slightly stronger than SHA1 and much stronger than MD5) +- Added MD5 and SHA1 password encryption support to the win32 version whether SSL is + installed or not using the CryptoAPI library included in Windows. diff --git a/include/auth.h b/include/auth.h index 130725bb6..d8f9eb2dd 100644 --- a/include/auth.h +++ b/include/auth.h @@ -43,7 +43,14 @@ typedef struct { #endif - +#ifdef _WIN32 +#ifndef AUTHENABLE_MD5 +#define AUTHENABLE_MD5 +#endif +#ifndef AUTHENABLE_SHA1 +#define AUTHENABLE_SHA1 +#endif +#endif diff --git a/makefile.win32 b/makefile.win32 index c1c22cad0..a41435c8e 100644 --- a/makefile.win32 +++ b/makefile.win32 @@ -9,12 +9,13 @@ DEBUG=1 FD_SETSIZE=/D SCAN_API=1 /D FD_SETSIZE=16384 !IFNDEF DEBUG CFLAGS=/MT /O2 /G5 /I ./INCLUDE /Fosrc/ /nologo $(FD_SETSIZE) $(NS_ADDRESS) /D STATIC_LINKING /D _WIN32GUI /D NOSPOOF=1 /c -LFLAGS=kernel32.lib user32.lib gdi32.lib shell32.lib ws2_32.lib \ +LFLAGS=kernel32.lib user32.lib gdi32.lib shell32.lib ws2_32.lib advapi32.lib \ oldnames.lib libcmt.lib comctl32.lib comdlg32.lib /nodefaultlib /nologo /out:WIRCD.EXE !ELSE CFLAGS= /MTd /Zi /I ./INCLUDE /Fosrc/ /nologo $(FD_SETSIZE) $(NS_ADDRESS) /D STATIC_LINKING /D _WIN32GUI /D NOSPOOF=1 /c LFLAGS=kernel32.lib user32.lib gdi32.lib shell32.lib wsock32.lib \ - oldnames.lib libcmt.lib comctl32.lib comdlg32.lib /nodefaultlib /nologo /debug /debugtype:BOTH /OUT:WIRCD.EXE + oldnames.lib libcmt.lib comctl32.lib comdlg32.lib \ + advapi32.lib /nodefaultlib /nologo /debug /debugtype:BOTH /OUT:WIRCD.EXE !ENDIF diff --git a/src/auth.c b/src/auth.c index 20df3a0ad..3dd52e434 100644 --- a/src/auth.c +++ b/src/auth.c @@ -182,7 +182,7 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para) case AUTHTYPE_MD5: if (!para) return -1; - +#ifndef _WIN32 if ((i = b64_encode(MD5(para, strlen(para), NULL), MD5_DIGEST_LENGTH, buf, sizeof(buf)))) { @@ -194,11 +194,37 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para) else return -1; break; +#else + { + HCRYPTPROV hProv; + HCRYPTHASH hHash; + char buf2[512]; + DWORD size = 512; + if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) + return -1; + if (!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) + return -1; + if (!CryptHashData(hHash, para, strlen(para), 0)) + return -1; + if (!CryptGetHashParam(hHash, HP_HASHVAL, buf, &size, 0)) + return -1; + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + b64_encode(buf, 16, buf2, sizeof(buf2)); + if (!strcmp(buf2, as->data)) + return 2; + else + return -1; + } + break; + +#endif #endif #ifdef AUTHENABLE_SHA1 case AUTHTYPE_SHA1: if (!para) return -1; +#ifndef _WIN32 if ((i = b64_encode(SHA1(para, strlen(para), NULL), SHA_DIGEST_LENGTH, buf, sizeof(buf)))) @@ -211,6 +237,30 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para) else return -1; break; +#else + { + HCRYPTPROV hProv; + HCRYPTHASH hHash; + char buf2[512]; + DWORD size = 512; + if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) + return -1; + if (!CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash)) + return -1; + if (!CryptHashData(hHash, para, strlen(para), 0)) + return -1; + if (!CryptGetHashParam(hHash, HP_HASHVAL, buf, &size, 0)) + return -1; + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + b64_encode(buf, 20, buf2, sizeof(buf2)); + if (!strcmp(buf2, as->data)) + return 2; + else + return -1; + } + break; +#endif #endif #ifdef AUTHENABLE_RIPEMD160 case AUTHTYPE_RIPEMD160: @@ -282,6 +332,9 @@ char *Auth_Make(short type, char *para) static char buf[512]; int i; #endif +#ifdef _WIN32 + static char buf2[512]; +#endif switch (type) { @@ -303,6 +356,7 @@ char *Auth_Make(short type, char *para) case AUTHTYPE_MD5: if (!para) return NULL; +#ifndef _WIN32 if ((i = b64_encode(MD5(para, strlen(para), NULL), MD5_DIGEST_LENGTH, buf, sizeof(buf)))) @@ -312,12 +366,32 @@ char *Auth_Make(short type, char *para) else return NULL; break; +#else + { + HCRYPTPROV hProv; + HCRYPTHASH hHash; + DWORD size = 512; + if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) + return NULL; + if (!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) + return NULL; + if (!CryptHashData(hHash, para, strlen(para), 0)) + return NULL; + if (!CryptGetHashParam(hHash, HP_HASHVAL, buf, &size, 0)) + return NULL; + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + b64_encode(buf, 16, buf2, sizeof(buf2)); + return (buf2); + } + break; +#endif #endif #ifdef AUTHENABLE_SHA1 case AUTHTYPE_SHA1: if (!para) return NULL; - +#ifndef _WIN32 if ((i = b64_encode(SHA1(para, strlen(para), NULL), SHA_DIGEST_LENGTH, buf, sizeof(buf)))) { @@ -326,6 +400,27 @@ char *Auth_Make(short type, char *para) else return NULL; break; +#else + { + HCRYPTPROV hProv; + HCRYPTHASH hHash; + DWORD size = 512; + if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) + return NULL; + if (!CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash)) + return NULL; + if (!CryptHashData(hHash, para, strlen(para), 0)) + return NULL; + if (!CryptGetHashParam(hHash, HP_HASHVAL, buf, &size, 0)) + return NULL; + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + b64_encode(buf, 20, buf2, sizeof(buf2)); + return (buf2); + } + break; +#endif + #endif #ifdef AUTHENABLE_RIPEMD160 case AUTHTYPE_RIPEMD160: