Permalink
Browse files

Merge pull request #48 from grampajoe/password_hash

Password MD5 in shell-fm.rc
  • Loading branch information...
2 parents 003b219 + 693a8b0 commit b8ff1d9d903e1a343a2cf883058a5f24fdc18b43 Jonas Kramer committed Mar 8, 2012
Showing with 26 additions and 12 deletions.
  1. +4 −0 manual/shell-fm.1
  2. +1 −0 source/include/service.h
  3. +4 −2 source/main.c
  4. +17 −10 source/service.c
View
@@ -160,6 +160,10 @@ it on startup anymore.
This is your (clear text) Last.FM password. If this and your login is provided
in the configuration, shell-fm won't ask you on startup.
.TP
+.B password-md5 = your-password-md5
+An MD5 hash of your Last.FM password. This can be used instead of a clear text
+password if you're worried about someone reading your shell-fm.rc file.
+.TP
.B default-radio = lastfm://...
If this is provided (and valid), shell-fm will play this station by default
after startup. If there's another station URI given on the command line, it
View
@@ -8,6 +8,7 @@
#include "hash.h"
#include "playlist.h"
+extern int authenticate_plaintext(const char *, const char *);
extern int authenticate(const char *, const char *);
extern int station(const char *);
extern int update(struct hash *);
View
@@ -217,7 +217,7 @@ int main(int argc, char ** argv) {
/* Ask for username/password if they weren't specified in the .rc file. */
- if(!haskey(& rc, "password")) {
+ if(!haskey(& rc, "password") && !haskey(& rc, "password-md5")) {
char * password;
if(!haskey(& rc, "username")) {
@@ -292,7 +292,9 @@ int main(int argc, char ** argv) {
/* Authenticate to the Last.FM server. */
- if(!authenticate(value(& rc, "username"), value(& rc, "password")))
+ if(haskey(& rc, "password-md5") && !authenticate(value(& rc, "username"), value(& rc, "password-md5")))
+ exit(EXIT_FAILURE);
+ else if (!haskey(& rc, "password-md5") && !authenticate_plaintext(value(& rc, "username"), value(& rc, "password")))
exit(EXIT_FAILURE);
/* Store session key for use by external tools. */
View
@@ -39,11 +39,23 @@ char * current_station = NULL;
#define HTTP_STATION_PREFIX "http://www.last.fm/listen/"
-int authenticate(const char * username, const char * password) {
+int authenticate_plaintext(const char * username, const char * password) {
const unsigned char * md5;
- char hexmd5[32 + 1] = { 0 }, url[512] = { 0 }, ** response;
+ char hexmd5[32 + 1] = { 0 };
+ unsigned ndigit;
+
+ /* create the hash, then convert to ASCII */
+ md5 = MD5((const unsigned char *) password, strlen(password));
+ for(ndigit = 0; ndigit < 16; ++ndigit)
+ sprintf(2 * ndigit + hexmd5, "%02x", md5[ndigit]);
+
+ return authenticate(username, hexmd5);
+}
+
+int authenticate(const char * username, const char * passwordmd5) {
+ char url[512] = { 0 }, ** response;
char * encuser = NULL;
- unsigned ndigit, i = 0;
+ unsigned i = 0;
const char * session, * fmt =
"http://ws.audioscrobbler.com/radio/handshake.php"
"?version=0.1"
@@ -55,18 +67,13 @@ int authenticate(const char * username, const char * password) {
memset(& data, 0, sizeof(struct hash));
- /* create the hash, then convert to ASCII */
- md5 = MD5((const unsigned char *) password, strlen(password));
- for(ndigit = 0; ndigit < 16; ++ndigit)
- sprintf(2 * ndigit + hexmd5, "%02x", md5[ndigit]);
-
- set(& rc, "password", hexmd5);
+ set(& rc, "password", passwordmd5);
/* escape username for URL */
encode(username, & encuser);
/* put handshake URL together and fetch initial data from server */
- snprintf(url, sizeof(url), fmt, encuser, hexmd5);
+ snprintf(url, sizeof(url), fmt, encuser, passwordmd5);
free(encuser);
response = fetch(url, NULL, NULL, NULL);

0 comments on commit b8ff1d9

Please sign in to comment.