darkone, could you please give a short example of how you use the sha1 source to generate the passwords for ioFTPD?

VOID HashString(LPSTR szString, PUCHAR pHash)
{
// Hash String
sha1(pHash, (const PUCHAR)szString, strlen(szString));
}

String hash to binary hash: (szData = password as hex, dwData = length of szData)

case DT_PASSWORD:
// Password hash
ZeroMemory(pHexData, sizeof(pHexData));

for (i = 0;i < lpDataRow->dwMaxLength && dwData >= 2;i++)
{
// Copy to work buffer
pHexData[0] = szData[i << 1];
pHexData[1] = szData[(i << 1) + 1];
// Decrease length
dwData -= 2;
// Convert hex to dec
u8 = (UINT8)strtoul(pHexData, &pCheck, 16);
// Sanity check
if (pCheck != &pHexData[2]) break;
// Store to memory
((PUINT8)lpBuffer)[i] = u8;
}
break;

Binary hash to string hash:

case DT_PASSWORD:
// Password hash
Put_Buffer_Format(lpOutBuffer, "%s ", lpDataRow->szName);
for (i = 0;i < lpDataRow->dwMaxLength;i++)
{
// Store to memory
i32 = (INT32)((PUINT8)lpBuffer)[i];
// Convert dec to hex
Put_Buffer_Format(lpOutBuffer, "%02x", i32);
}
Put_Buffer(lpOutBuffer, "\r\n", 2);
break;

I hope you'll catch the idea.. it's pretty simple :)

I did catch the idea. And it is quite simple. It did take me an hour to figure your code out though. Here below is a simple example for the benefit of others:

#include "sha1.h"
#include <stdio.h>
#include <string.h>

int main(int argc, char* argv[])
{
unsigned char hash[20]; //20 bytes is whats specd
char outbuf[40 + 1]; //result hash is 40 bytes plus NUL
char* pass = "ioFTPD";

sha1(hash, (unsigned char*)pass, strlen(pass));
for (int i = 0; i < 20; ++i)
{
int s = (int)((unsigned char*)hash)[i]; //using int just to avoid loss
sprintf(outbuf + i * 2, "%02x", s); //what we're outputting here is a byte, nothing else
}
outbuf[40] = '\0';
printf("Password hash for user %s is %s\r\n", pass, outbuf);
return 0;
}