[IRCServices] ircservices-5.0.57 convert-db utility crashes when converting from anope db.

Tue Jun 20 23:02:02 PDT 2006

This worked, thank you.

>      Okay, I took a look and (with a pointer from Craig McLure) discovered
> that Anope still has the bug present in old versions of IRC Services (and
> fixed in Services 4.5) which causes passwords to be encrypted incorrectly.
> Try applying the patch below to your copy of Services; if it works, I'll
> release a new version of Services with the patch included.
>
>   --Andrew Church
>     achurch at achurch.org
>     http://achurch.org/
>
> ---------------------------------------------------------------------------
>
> Index: defs.h
> ===================================================================
> RCS file: /var/local/cvsroot/ircservices/defs.h,v
> retrieving revision 2.29.2.3
> diff -u -r2.29.2.3 defs.h
> --- defs.h	8 Jan 2006 16:48:11 -0000	2.29.2.3
> +++ defs.h	21 Jun 2006 04:05:47 -0000
> @@ -41,6 +41,14 @@
>   * only).  These commands are undocumented; "use the source, Luke!" */
>  #define DEBUG_COMMANDS
>
> +
> +/******** Other configuration ********/
> +
> +/* Define this to enable compatibility mode for encrypted passwords as
> + * used in the Epona and Anope (through at least version 1.7.14)
> programs.
> + * Note that this may have a detrimental effect on password security. */
> +#define ANOPE_MD5_HACK
> +
>  /*************************************************************************/
>  /******************* END OF USER-CONFIGURABLE SECTION
> ********************/
>  /*************************************************************************/
> Index: modules/encryption/md5.c
> ===================================================================
> RCS file: /var/local/cvsroot/ircservices/modules/encryption/md5.c,v
> retrieving revision 2.11.2.4
> diff -u -r2.11.2.4 md5.c
> --- modules/encryption/md5.c	8 Jan 2006 16:48:13 -0000	2.11.2.4
> +++ modules/encryption/md5.c	21 Jun 2006 04:05:47 -0000
> @@ -16,6 +16,10 @@
>
>  static Module *module;
>
> +#ifdef ANOPE_MD5_HACK
> +# define XTOI(c) ((c)>9 ? (c)-'A'+10 : (c)-'0')
> +#endif
> +
>  /*************************************************************************/
>
>  /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
> @@ -335,8 +339,6 @@
>
>  /* Our own high-level routines.  See encrypt.h for documentation. */
>
> -#define XTOI(c) ((c)>9 ? (c)-'A'+10 : (c)-'0')
> -
>  static int md5_encrypt(const char *src, int len, char *dest, int size)
>  {
>      MD5_CTX context;
> @@ -376,11 +378,21 @@
>  static int md5_check_password(const char *plaintext, const char
> *password)
>  {
>      char buf[BUFSIZE];
> +#ifdef ANOPE_MD5_HACK
> +    char tmpbuf[8];
> +    int i;
> +#endif
>
>      if (encrypt(plaintext, strlen(plaintext), buf, sizeof(buf)) < 0)
>  	return -1;
>      if (memcmp(buf, password, 16) == 0)
>  	return 1;
> +#ifdef ANOPE_MD5_HACK
> +    for (i = 0; i < 16; i += 2)
> +	tmpbuf[i/2] = XTOI(buf[i])<<4 | XTOI(buf[i+1]);
> +    if (memcmp(tmpbuf, password, 8) == 0)
> +	return 1;
> +#endif
>      return 0;
>  }
>
> ------------------------------------------------------------------
> To unsubscribe or change your subscription options, visit:
> http://lists.ircservices.za.net/mailman/listinfo/ircservices
>