Merge pull request #48 from grampajoe/password_hash

Password MD5 in shell-fm.rc
jkramer · Mar 8, 2012 · b8ff1d9 · b8ff1d9
2 parents 003b219 + 693a8b0
commit b8ff1d9
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 12 deletions.
diff --git a/manual/shell-fm.1 b/manual/shell-fm.1
@@ -160,6 +160,10 @@ it on startup anymore.
 This is your (clear text) Last.FM password. If this and your login is provided
 in the configuration, shell-fm won't ask you on startup.
 .TP
+.B password-md5 = your-password-md5
+An MD5 hash of your Last.FM password. This can be used instead of a clear text
+password if you're worried about someone reading your shell-fm.rc file.
+.TP
 .B default-radio = lastfm://...
 If this is provided (and valid), shell-fm will play this station by default
 after startup. If there's another station URI given on the command line, it

diff --git a/source/include/service.h b/source/include/service.h
@@ -8,6 +8,7 @@
 #include "hash.h"
 #include "playlist.h"
 
+extern int authenticate_plaintext(const char *, const char *);
 extern int authenticate(const char *, const char *);
 extern int station(const char *);
 extern int update(struct hash *);

diff --git a/source/main.c b/source/main.c
@@ -217,7 +217,7 @@ int main(int argc, char ** argv) {
 
 
 	/* Ask for username/password if they weren't specified in the .rc file. */
-	if(!haskey(& rc, "password")) {
+	if(!haskey(& rc, "password") && !haskey(& rc, "password-md5")) {
 		char * password;
 
 		if(!haskey(& rc, "username")) {
@@ -292,7 +292,9 @@ int main(int argc, char ** argv) {
 
 
 	/* Authenticate to the Last.FM server. */
-	if(!authenticate(value(& rc, "username"), value(& rc, "password")))
+	if(haskey(& rc, "password-md5") && !authenticate(value(& rc, "username"), value(& rc, "password-md5")))
+		exit(EXIT_FAILURE);
+	else if (!haskey(& rc, "password-md5") && !authenticate_plaintext(value(& rc, "username"), value(& rc, "password")))
 		exit(EXIT_FAILURE);
 
 	/* Store session key for use by external tools. */

diff --git a/source/service.c b/source/service.c
@@ -39,11 +39,23 @@ char * current_station = NULL;
 
 #define HTTP_STATION_PREFIX "http://www.last.fm/listen/"
 
-int authenticate(const char * username, const char * password) {
+int authenticate_plaintext(const char * username, const char * password) {
 	const unsigned char * md5;
-	char hexmd5[32 + 1] = { 0 }, url[512] = { 0 }, ** response;
+	char hexmd5[32 + 1] = { 0 };
+	unsigned ndigit;
+
+	/* create the hash, then convert to ASCII */
+	md5 = MD5((const unsigned char *) password, strlen(password));
+	for(ndigit = 0; ndigit < 16; ++ndigit)
+		sprintf(2 * ndigit + hexmd5, "%02x", md5[ndigit]);
+
+	return authenticate(username, hexmd5);
+}
+
+int authenticate(const char * username, const char * passwordmd5) {
+	char url[512] = { 0 }, ** response;
 	char * encuser = NULL;
-	unsigned ndigit, i = 0;
+	unsigned i = 0;
 	const char * session, * fmt =
 		"http://ws.audioscrobbler.com/radio/handshake.php"
 		"?version=0.1"
@@ -55,18 +67,13 @@ int authenticate(const char * username, const char * password) {
 
 	memset(& data, 0, sizeof(struct hash));
 
-	/* create the hash, then convert to ASCII */
-	md5 = MD5((const unsigned char *) password, strlen(password));
-	for(ndigit = 0; ndigit < 16; ++ndigit)
-		sprintf(2 * ndigit + hexmd5, "%02x", md5[ndigit]);
-
-	set(& rc, "password", hexmd5);
+	set(& rc, "password", passwordmd5);
 
 	/* escape username for URL */
 	encode(username, & encuser);
 
 	/* put handshake URL together and fetch initial data from server */
-	snprintf(url, sizeof(url), fmt, encuser, hexmd5);
+	snprintf(url, sizeof(url), fmt, encuser, passwordmd5);
 	free(encuser);
 
 	response = fetch(url, NULL, NULL, NULL);