[Asterisk-cvs] asterisk/apps app_authenticate.c,1.9,1.10

kpfleming at lists.digium.com kpfleming at lists.digium.com
Mon Jul 25 14:52:27 CDT 2005 

Update of /usr/cvsroot/asterisk/apps
In directory mongoose.digium.com:/tmp/cvs-serv15891/apps

Modified Files:
	app_authenticate.c 
Log Message:
add MD5-hash matching (bug #4764, with mods)


Index: app_authenticate.c
===================================================================
RCS file: /usr/cvsroot/asterisk/apps/app_authenticate.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- app_authenticate.c	6 Jun 2005 22:39:31 -0000	1.9
+++ app_authenticate.c	25 Jul 2005 18:59:11 -0000	1.10
@@ -46,6 +46,10 @@
 "of the following letters:\n"
 "     a - Set account code to the password that is entered\n"
 "     d - Interpret path as database key, not literal file\n"
+"     m - Interpret path as a file which contains a list of\n"
+"         account codes and password hashes delimited with ':'\n"
+"         one per line. When password matched, corresponding\n"
+"         account code will be set\n"
 "     j - Support jumping to n+101\n"
 "     r - Remove database key upon successful entry (valid with 'd' only)\n"
 "\n"
@@ -115,17 +119,39 @@
 				f = fopen(password, "r");
 				if (f) {
 					char buf[256] = "";
-					while(!feof(f)) {
+					char md5passwd[33] = "";
+					char *md5secret;
+
+					while (!feof(f)) {
 						fgets(buf, sizeof(buf), f);
 						if (!feof(f) && !ast_strlen_zero(buf)) {
-							buf[strlen(buf) - 1] = '\0';
-							if (!ast_strlen_zero(buf) && !strcmp(passwd, buf))
-								break;
+							if (strchr(opts, 'm')) {
+								md5secret = strchr(buf, ':');
+								if (md5secret == NULL)
+									continue;
+								*md5secret = '\0';
+								md5secret++;
+								ast_md5_hash(md5passwd, passwd);
+								if (!strcmp(md5passwd, md5secret)) {
+									ast_cdr_setaccount(chan, buf);
+									break;
+								}
+							} else {
+								if(!strcmp(passwd, buf))
+									break;
+							}
 						}
 					}
 					fclose(f);
-					if (!ast_strlen_zero(buf) && !strcmp(passwd, buf))
-						break;
+					if (!ast_strlen_zero(buf)) {
+						if (strchr(opts, 'm')) {
+							if (!strcmp(md5passwd, md5secret))
+								break;
+						} else {
+							if (!strcmp(passwd, buf))
+								break;
+						}
+					}
 				} else 
 					ast_log(LOG_WARNING, "Unable to open file '%s' for authentication: %s\n", password, strerror(errno));
 			}

More information about the svn-commits mailing list