Permalink
Browse files

Merge pull request #9942 from Chocobo1/pbkdf2

Do password hashing properly
  • Loading branch information...
Chocobo1 committed Dec 6, 2018
2 parents 1eef5b6 + 593052d commit 6bb4eb825b8ec5abc63493c0dc6f69949050116f
@@ -80,7 +80,7 @@ before_install:
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
qbtconf="$qbtconf --prefix="$qbt_path" PKG_CONFIG_PATH=/opt/qt55/lib/pkgconfig:$PKG_CONFIG_PATH"
else
qbtconf="$qbtconf --prefix="$qbt_path""
qbtconf="$qbtconf --prefix="$qbt_path" PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH"
fi
# options for specific branches
@@ -120,7 +120,8 @@ install:
# dependencies
brew update > /dev/null
brew outdated "pkg-config" || brew upgrade "pkg-config"
brew install colormake ccache zlib qt libtorrent-rasterbar
brew install colormake ccache zlib qt openssl libtorrent-rasterbar
PATH="/usr/local/opt/ccache/libexec:$PATH"
brew link --force zlib qt
@@ -130,9 +131,9 @@ install:
sudo ln -s /usr/local/opt/qt/mkspecs /usr/local/mkspecs
sudo ln -s /usr/local/opt/qt/plugins /usr/local/plugins
fi
MY_CMAKE_OPENSSL_HINT="-DOPENSSL_ROOT_DIR=/usr/local/opt/openssl/"
MY_CMAKE_OPENSSL_HINT="-DOPENSSL_ROOT_DIR=/usr/local/opt/openssl/"
fi
fi
- |
if [ "$TRAVIS_BRANCH" != "$coverity_branch" ]; then
@@ -159,8 +160,8 @@ script:
# For some reason for RC_1_1 we need to also specify the OpenSSL compiler/linker flags
# Homebrew doesn't symlink OpenSSL for security reasons
./bootstrap.sh
./configure $qbtconf CXXFLAGS="$CXXFLAGS $(PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" pkg-config --cflags openssl) -std=c++14" \
LDFLAGS="$LDFLAGS $(PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" pkg-config --libs openssl)"
./configure $qbtconf CXXFLAGS="$CXXFLAGS -std=c++14"
sed -i "" -e "s/^\(CC.*&&\).*$/\1 $CC/" src/Makefile # workaround for Qt & ccache: https://bugreports.qt.io/browse/QTBUG-31034
sed -i "" -e "s/^\(CXX.*&&\).*$/\1 $CXX/" src/Makefile
sed -i "" -e 's/^\(CXXFLAGS.*\)$/\1 -Wno-unused-local-typedefs -Wno-inconsistent-missing-override/' src/Makefile
@@ -32,6 +32,7 @@ include(FeatureSummary)
# version requirements
set(requiredBoostVersion 1.35)
set(requiredQtVersion 5.5.1)
set(requiredOpensslVersion 1.0)
if(WIN32)
include(winconf)
101 configure
@@ -601,6 +601,8 @@ EXPAND_BINDIR
EXPAND_PREFIX
zlib_LIBS
zlib_CFLAGS
openssl_LIBS
openssl_CFLAGS
libtorrent_LIBS
libtorrent_CFLAGS
BOOST_SYSTEM_LIB
@@ -745,6 +747,8 @@ Qt5Svg_CFLAGS
Qt5Svg_LIBS
libtorrent_CFLAGS
libtorrent_LIBS
openssl_CFLAGS
openssl_LIBS
zlib_CFLAGS
zlib_LIBS'
@@ -1433,6 +1437,10 @@ Some influential environment variables:
C compiler flags for libtorrent, overriding pkg-config
libtorrent_LIBS
linker flags for libtorrent, overriding pkg-config
openssl_CFLAGS
C compiler flags for openssl, overriding pkg-config
openssl_LIBS
linker flags for openssl, overriding pkg-config
zlib_CFLAGS C compiler flags for zlib, overriding pkg-config
zlib_LIBS linker flags for zlib, overriding pkg-config
@@ -5391,6 +5399,99 @@ $as_echo "yes" >&6; }
fi
pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl" >&5
$as_echo_n "checking for openssl... " >&6; }
if test -n "$openssl_CFLAGS"; then
pkg_cv_openssl_CFLAGS="$openssl_CFLAGS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.0\""; } >&5
($PKG_CONFIG --exists --print-errors "openssl >= 1.0") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 1.0" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test -n "$openssl_LIBS"; then
pkg_cv_openssl_LIBS="$openssl_LIBS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.0\""; } >&5
($PKG_CONFIG --exists --print-errors "openssl >= 1.0") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_openssl_LIBS=`$PKG_CONFIG --libs "openssl >= 1.0" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test $pkg_failed = yes; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 1.0" 2>&1`
else
openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 1.0" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$openssl_PKG_ERRORS" >&5
as_fn_error $? "Package requirements (openssl >= 1.0) were not met:
$openssl_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables openssl_CFLAGS
and openssl_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details." "$LINENO" 5
elif test $pkg_failed = untried; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively, you may set the environment variables openssl_CFLAGS
and openssl_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
To get pkg-config, see <http://pkg-config.freedesktop.org/>.
See \`config.log' for more details" "$LINENO" 5; }
else
openssl_CFLAGS=$pkg_cv_openssl_CFLAGS
openssl_LIBS=$pkg_cv_openssl_LIBS
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
CXXFLAGS="$openssl_CFLAGS $CXXFLAGS"
LIBS="$openssl_LIBS $LIBS"
fi
pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for zlib" >&5
$as_echo_n "checking for zlib... " >&6; }
@@ -195,6 +195,11 @@ PKG_CHECK_MODULES(libtorrent,
[CXXFLAGS="$libtorrent_CFLAGS $CXXFLAGS"
LIBS="$libtorrent_LIBS $LIBS"])
PKG_CHECK_MODULES(openssl,
[openssl >= 1.0],
[CXXFLAGS="$openssl_CFLAGS $CXXFLAGS"
LIBS="$openssl_LIBS $LIBS"])
PKG_CHECK_MODULES(zlib,
[zlib >= 1.2.5.2],
[CXXFLAGS="$zlib_CFLAGS $CXXFLAGS"
@@ -207,7 +212,7 @@ AC_COMPILE_IFELSE([DETECT_CPP11_PROGRAM()],
QBT_CXX11_FOUND="yes"],
[AC_MSG_RESULT([no])
QBT_CXX11_FOUND="no"])
# In case of no, check if the compiler can support at least C++11
# and if yes, enable it leaving a warning to the user
AS_IF([test "x$QBT_CXX11_FOUND" = "xno"],
@@ -16,6 +16,7 @@ include(QbtTargetSources)
find_package(Boost ${requiredBoostVersion} REQUIRED)
find_package(LibtorrentRasterbar REQUIRED)
find_package(OpenSSL ${requiredOpensslVersion} REQUIRED)
if (Boost_VERSION VERSION_LESS 106000)
add_definitions(-DBOOST_NO_CXX11_RVALUE_REFERENCES)
@@ -522,12 +522,12 @@ int Application::exec(const QStringList &params)
// Display some information to the user
const QString mesg = QString("\n******** %1 ********\n").arg(tr("Information"))
+ tr("To control qBittorrent, access the Web UI at %1")
.arg(QString("http://localhost:") + QString::number(pref->getWebUiPort())) + '\n'
+ tr("The Web UI administrator user name is: %1").arg(pref->getWebUiUsername()) + '\n';
.arg(QString("http://localhost:") + QString::number(pref->getWebUiPort())) + '\n';
printf("%s", qUtf8Printable(mesg));
qDebug() << "Password:" << pref->getWebUiPassword();
if (pref->getWebUiPassword() == "f6fdffe48c908deb0f4c3bd36c032e72") {
const QString warning = tr("The Web UI administrator password is still the default one: %1").arg("adminadmin") + '\n'
if (pref->getWebUIPassword() == "ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==") {
const QString warning = tr("The Web UI administrator username is: %1").arg(pref->getWebUiUsername()) + '\n'
+ tr("The Web UI administrator password is still the default one: %1").arg("adminadmin") + '\n'
+ tr("This is a security risk, please consider changing your password from program preferences.") + '\n';
printf("%s", qUtf8Printable(warning));
}
@@ -54,6 +54,7 @@ utils/fs.h
utils/gzip.h
utils/misc.h
utils/net.h
utils/password.h
utils/random.h
utils/string.h
utils/version.h
@@ -123,6 +124,7 @@ utils/fs.cpp
utils/gzip.cpp
utils/misc.cpp
utils/net.cpp
utils/password.cpp
utils/random.cpp
utils/string.cpp
asyncfilestorage.cpp
@@ -69,6 +69,7 @@ HEADERS += \
$$PWD/utils/gzip.h \
$$PWD/utils/misc.h \
$$PWD/utils/net.h \
$$PWD/utils/password.h \
$$PWD/utils/random.h \
$$PWD/utils/string.h \
$$PWD/utils/version.h
@@ -133,5 +134,6 @@ SOURCES += \
$$PWD/utils/gzip.cpp \
$$PWD/utils/misc.cpp \
$$PWD/utils/net.cpp \
$$PWD/utils/password.cpp \
$$PWD/utils/random.cpp \
$$PWD/utils/string.cpp
@@ -29,7 +29,6 @@
#include "preferences.h"
#include <QCryptographicHash>
#include <QDir>
#include <QLocale>
#include <QMutableListIterator>
@@ -583,28 +582,16 @@ void Preferences::setWebUiUsername(const QString &username)
setValue("Preferences/WebUI/Username", username);
}
QString Preferences::getWebUiPassword() const
QByteArray Preferences::getWebUIPassword() const
{
QString passHa1 = value("Preferences/WebUI/Password_ha1").toString();
if (passHa1.isEmpty()) {
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData("adminadmin");
passHa1 = md5.result().toHex();
}
return passHa1;
// default: adminadmin
const QByteArray defaultValue = "ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==";
return value("Preferences/WebUI/Password_PBKDF2", defaultValue).toByteArray();
}
void Preferences::setWebUiPassword(const QString &newPassword)
void Preferences::setWebUIPassword(const QByteArray &password)
{
// Do not overwrite current password with its hash
if (newPassword == getWebUiPassword())
return;
// Encode to md5 and save
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(newPassword.toLocal8Bit());
setValue("Preferences/WebUI/Password_ha1", md5.result().toHex());
setValue("Preferences/WebUI/Password_PBKDF2", password);
}
bool Preferences::isWebUiClickjackingProtectionEnabled() const
@@ -738,22 +725,14 @@ void Preferences::setDynDNSPassword(const QString &password)
}
// Advanced settings
void Preferences::clearUILockPassword()
{
setValue("Locking/password", QString());
}
QString Preferences::getUILockPasswordMD5() const
QByteArray Preferences::getUILockPassword() const
{
return value("Locking/password").toString();
return value("Locking/password_PBKDF2").toByteArray();
}
void Preferences::setUILockPassword(const QString &clearPassword)
void Preferences::setUILockPassword(const QByteArray &password)
{
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(clearPassword.toLocal8Bit());
QString md5Password = md5.result().toHex();
setValue("Locking/password", md5Password);
setValue("Locking/password_PBKDF2", password);
}
bool Preferences::isUILocked() const
@@ -193,8 +193,8 @@ class Preferences : public QObject
void setWebUiAuthSubnetWhitelist(QStringList subnets);
QString getWebUiUsername() const;
void setWebUiUsername(const QString &username);
QString getWebUiPassword() const;
void setWebUiPassword(const QString &newPassword);
QByteArray getWebUIPassword() const;
void setWebUIPassword(const QByteArray &password);
// WebUI security
bool isWebUiClickjackingProtectionEnabled() const;
@@ -229,9 +229,8 @@ class Preferences : public QObject
void setDynDNSPassword(const QString &password);
// Advanced settings
void setUILockPassword(const QString &clearPassword);
void clearUILockPassword();
QString getUILockPasswordMD5() const;
QByteArray getUILockPassword() const;
void setUILockPassword(const QByteArray &password);
bool isUILocked() const;
void setUILocked(bool locked);
bool isAutoRunEnabled() const;
Oops, something went wrong.

0 comments on commit 6bb4eb8

Please sign in to comment.