#1276 encrypt the password to access web client interface using SHA-2

diff --git a/libtransmission/crypto.c b/libtransmission/crypto.c
index 4717e10b7c5c807b116dc44fbaf4379a86c9684c..3bb2ba6e59a06d09502283cf7393c299d2b8fa67 100644 (file)
--- a/libtransmission/crypto.c
+++ b/libtransmission/crypto.c
@@ -19,6 +19,7 @@
 #include <stdarg.h>
 
 #include <openssl/bn.h>
+#include <openssl/des.h>
 #include <openssl/dh.h>
 #include <openssl/err.h>
 #include <openssl/rc4.h>
@@ -349,3 +350,26 @@ tr_cryptoRandBuf( unsigned char *buf,
         logErrorFromSSL( );
 }
 
+/***
+****
+***/
+
+char*
+tr_crypt( const void * plaintext )
+{
+    static const char * salter = "0123456789"
+                                 "abcdefghijklmnopqrstuvwxyz"
+                                 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                                 "./";
+    static const size_t salter_len = 64;
+
+    int i;
+    char salt[12];
+
+    memcpy( salt, "$1$", 3 );
+    for( i=0; i<8; ++i )
+        salt[3+i] = salter[ tr_cryptoRandInt( salter_len ) ];
+    salt[11] = '\0';
+
+    return tr_strdup( DES_crypt( plaintext, salt ) );
+}

diff --git a/libtransmission/crypto.h b/libtransmission/crypto.h
index 49ca4bccf058c19d3c13e9e33627be41c24bddef..ef41c41037960b0574d3504c39e7f7e924827ae6 100644 (file)
--- a/libtransmission/crypto.h
+++ b/libtransmission/crypto.h
@@ -95,4 +95,7 @@ int            tr_cryptoWeakRandInt( int n );
 void           tr_cryptoRandBuf( unsigned char *buf,
                                  size_t         len );
 
+char*          tr_crypt( const void * plaintext );
+
+
 #endif

diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
index 6cfff9e4b9fd6a4091c4edc00ae1d1a7fe31d2a6..ef0ecc46460400f2ed40c69718b8595c42e27249 100644 (file)
--- a/libtransmission/rpc-server.c
+++ b/libtransmission/rpc-server.c
@@ -29,6 +29,7 @@
 
 #include "transmission.h"
 #include "bencode.h"
+#include "crypto.h"
 #include "list.h"
 #include "platform.h"
 #include "rpcimpl.h"
@@ -313,7 +314,7 @@ serve_file( struct evhttp_request * req,
 
         if( errno )
         {
-            send_simple_response( req, HTTP_NOTFOUND, NULL );
+            send_simple_response( req, HTTP_NOTFOUND, filename );
         }
         else
         {
@@ -464,6 +465,7 @@ handle_request( struct evhttp_request * req,
             {
                 user = p;
                 *pass++ = '\0';
+                pass = tr_crypt( pass );
             }
         }
 
@@ -506,9 +508,10 @@ handle_request( struct evhttp_request * req,
         }
         else
         {
-            send_simple_response( req, HTTP_NOTFOUND, NULL );
+            send_simple_response( req, HTTP_NOTFOUND, req->uri );
         }
 
+        tr_free( pass );
         tr_free( user );
     }
 }
@@ -668,7 +671,7 @@ tr_rpcSetPassword( tr_rpc_server * server,
                    const char *    password )
 {
     tr_free( server->password );
-    server->password = tr_strdup( password );
+    server->password = tr_crypt( password );
     dbgmsg( "setting our Password to [%s]", server->password );
 }
 

diff --git a/libtransmission/session.c b/libtransmission/session.c
index b0fb10286cfc31eb630abe9c81d6273d13938e47..7cf4dd9805bc18cce14c6ac139eb4d0c705ebac9 100644 (file)
--- a/libtransmission/session.c
+++ b/libtransmission/session.c
@@ -297,7 +297,6 @@ tr_sessionGetSettings( tr_session * s, struct tr_benc * d )
     tr_bencDictAddInt( d, TR_PREFS_KEY_RATIO_ENABLED,            s->isRatioLimited );
     tr_bencDictAddInt( d, TR_PREFS_KEY_RPC_AUTH_REQUIRED,        tr_sessionIsRPCPasswordEnabled( s ) );
     tr_bencDictAddInt( d, TR_PREFS_KEY_RPC_ENABLED,              tr_sessionIsRPCEnabled( s ) );
-    tr_bencDictAddStr( d, TR_PREFS_KEY_RPC_PASSWORD,             freeme[n++] = tr_sessionGetRPCPassword( s ) );
     tr_bencDictAddInt( d, TR_PREFS_KEY_RPC_PORT,                 tr_sessionGetRPCPort( s ) );
     tr_bencDictAddStr( d, TR_PREFS_KEY_RPC_USERNAME,             freeme[n++] = tr_sessionGetRPCUsername( s ) );
     tr_bencDictAddStr( d, TR_PREFS_KEY_RPC_WHITELIST,            freeme[n++] = tr_sessionGetRPCWhitelist( s ) );
@@ -1454,14 +1453,6 @@ tr_sessionSetRPCPassword( tr_session * session,
     tr_rpcSetPassword( session->rpcServer, password );
 }
 
-char*
-tr_sessionGetRPCPassword( const tr_session * session )
-{
-    assert( tr_isSession( session ) );
-
-    return tr_rpcGetPassword( session->rpcServer );
-}
-
 void
 tr_sessionSetRPCUsername( tr_session * session,
                           const char * username )

diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h
index 7fa4c9603f7482f2cbe1a77464ec1bdf971a405f..dbf12634d611917c6127a711e240219543c0500a 100644 (file)
--- a/libtransmission/transmission.h
+++ b/libtransmission/transmission.h
@@ -370,12 +370,6 @@ void  tr_sessionSetRPCPassword( tr_session * session,
 void  tr_sessionSetRPCUsername( tr_session * session,
                                 const char * username );
 
-/** @brief get the password used to restrict RPC requests.
-    @return the password string. tr_free() when done.
-    @see tr_sessionInit()
-    @see tr_sessionSetRPCPassword() */
-char* tr_sessionGetRPCPassword( const tr_session * session );
-
 char* tr_sessionGetRPCUsername( const tr_session * session  );
 
 void  tr_sessionSetRPCPasswordEnabled( tr_session * session,