> In filed/authenticate.c, line 116, you refer to the
> password as director->password . From debugging, I can see that this
> representation of the password has already been transformed in some way
> (presumably so as to hide it when printed on console). Where is the code
> which performs this transformation?
OK, there is one line here which I don't understand. (Sorry, am not a C programmer). Line 46 you do the following to each char of the md5'd password:
sprintf(&sig[j], "%02x", digest[i]);
Is this converting to Hex?
> 3) Using the JCE (Java Cryptography Extensions) of the JDK, the result of
> my HMAC-MD5 is somewhat different (in the second half of the output) from
> what lib/hmac.c is producing. Has anyone else come across this? If no-one
> has any suggestions I will simply reimplement the algorithm in lib/hmac.c,
> in Java.
In fact, the Java implementation of hmac.c, and the JCE HmacMD5 implementation give exactly the same output. The problem is in the Base64 Encoding. I am using a different flavour from Bacula (see below string pairs which are Bacula's mine).
I will try a Java implementation of base64.c's algorithm!