summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/inspstring.h4
-rw-r--r--src/inspstring.cpp72
-rw-r--r--src/modules/extra/m_ziplink.cpp370
-rw-r--r--src/modules/m_hash.h9
-rw-r--r--src/modules/m_httpd_acl.cpp57
-rw-r--r--src/modules/m_password_hash.cpp57
6 files changed, 139 insertions, 430 deletions
diff --git a/include/inspstring.h b/include/inspstring.h
index dc7e00152..b11739999 100644
--- a/include/inspstring.h
+++ b/include/inspstring.h
@@ -41,6 +41,10 @@ CoreExport bool charremove(char* mp, char remove);
/** Binary to hexadecimal conversion */
CoreExport std::string BinToHex(const std::string& data);
+/** Base64 encode */
+CoreExport std::string BinToBase64(const std::string& data, const char* table = NULL, char pad = 0);
+/** Base64 decode */
+CoreExport std::string Base64ToBin(const std::string& data, const char* table = NULL);
#endif
diff --git a/src/inspstring.cpp b/src/inspstring.cpp
index 816e37a19..74629bf55 100644
--- a/src/inspstring.cpp
+++ b/src/inspstring.cpp
@@ -152,3 +152,75 @@ std::string BinToHex(const std::string& data)
}
return rv;
}
+
+static const char b64table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+std::string BinToBase64(const std::string& data_str, const char* table, char pad)
+{
+ if (!table)
+ table = b64table;
+
+ uint32_t buffer;
+ uint8_t* data = (uint8_t*)data_str.data();
+ std::string rv;
+ size_t i = 0;
+ while (i + 2 < data_str.length())
+ {
+ buffer = (data[i] << 16 | data[i+1] << 8 | data[i+2]);
+ rv.push_back(table[0x3F & (buffer >> 18)]);
+ rv.push_back(table[0x3F & (buffer >> 12)]);
+ rv.push_back(table[0x3F & (buffer >> 6)]);
+ rv.push_back(table[0x3F & (buffer >> 0)]);
+ i += 3;
+ }
+ if (data_str.length() == i)
+ {
+ // no extra characters
+ }
+ else if (data_str.length() == i + 1)
+ {
+ buffer = data[i] << 16;
+ rv.push_back(table[0x3F & (buffer >> 18)]);
+ rv.push_back(table[0x3F & (buffer >> 12)]);
+ if (pad)
+ {
+ rv.push_back(pad);
+ rv.push_back(pad);
+ }
+ }
+ else if (data_str.length() == i + 2)
+ {
+ buffer = (data[i] << 16 | data[i] << 8);
+ rv.push_back(table[0x3F & (buffer >> 18)]);
+ rv.push_back(table[0x3F & (buffer >> 12)]);
+ rv.push_back(table[0x3F & (buffer >> 6)]);
+ if (pad)
+ rv.push_back(pad);
+ }
+ return rv;
+}
+
+std::string Base64ToBin(const std::string& data_str, const char* table)
+{
+ if (!table)
+ table = b64table;
+
+ bool ok = true;
+ int bitcount = 0;
+ uint32_t buffer;
+ const char* data = data_str.c_str();
+ std::string rv;
+ while (ok)
+ {
+ const char* find = strchr(table, *data);
+ ok = (find && find < table + 64);
+ buffer = (buffer << 6) | (ok ? find - table : 0);
+ bitcount += 6;
+ if (bitcount >= 8)
+ {
+ bitcount -= 8;
+ rv.push_back((buffer >> bitcount) & 0xFF);
+ }
+ }
+ return rv;
+}
diff --git a/src/modules/extra/m_ziplink.cpp b/src/modules/extra/m_ziplink.cpp
deleted file mode 100644
index 391ba7583..000000000
--- a/src/modules/extra/m_ziplink.cpp
+++ /dev/null
@@ -1,370 +0,0 @@
-/* +------------------------------------+
- * | Inspire Internet Relay Chat Daemon |
- * +------------------------------------+
- *
- * InspIRCd: (C) 2002-2010 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
- *
- * This program is free but copyrighted software; see
- * the file COPYING for details.
- *
- * ---------------------------------------------------
- */
-
-#include "inspircd.h"
-#include <zlib.h>
-#include <iostream>
-
-/* $ModDesc: Provides zlib link support for servers */
-/* $LinkerFlags: -lz */
-
-/*
- * ZLIB_BEST_COMPRESSION (9) is used for all sending of data with
- * a flush after each chunk. A frame may contain multiple lines
- * and should be treated as raw binary data.
- */
-
-/* Status of a connection */
-enum izip_status { IZIP_CLOSED = 0, IZIP_OPEN };
-
-/** Represents an zipped connections extra data
- */
-class izip_session
-{
- public:
- z_stream c_stream; /* compression stream */
- z_stream d_stream; /* uncompress stream */
- izip_status status; /* Connection status */
- std::string outbuf; /* Holds output buffer (compressed) */
- std::string inbuf; /* Holds input buffer (compressed) */
-};
-
-class ModuleZLib : public Module
-{
- izip_session* sessions;
-
- /* Used for stats z extensions */
- float total_out_compressed;
- float total_in_compressed;
- float total_out_uncompressed;
- float total_in_uncompressed;
-
- /* Used for reading data from the wire and compressing data to. */
- char *net_buffer;
- unsigned int net_buffer_size;
- public:
-
- ModuleZLib()
- {
- sessions = new izip_session[ServerInstance->SE->GetMaxFds()];
- for (int i = 0; i < ServerInstance->SE->GetMaxFds(); i++)
- sessions[i].status = IZIP_CLOSED;
-
- total_out_compressed = total_in_compressed = 0;
- total_out_uncompressed = total_in_uncompressed = 0;
- Implementation eventlist[] = { I_OnStats };
- ServerInstance->Modules->Attach(eventlist, this, 1);
-
- // Allocate a buffer which is used for reading and writing data
- net_buffer_size = ServerInstance->Config->NetBufferSize;
- net_buffer = new char[net_buffer_size];
- }
-
- ~ModuleZLib()
- {
- delete[] sessions;
- delete[] net_buffer;
- }
-
- Version GetVersion()
- {
- return Version("Provides zlib link support for servers", VF_VENDOR);
- }
-
- /* Handle stats z (misc stats) */
- ModResult OnStats(char symbol, User* user, string_list &results)
- {
- if (symbol == 'z')
- {
- std::string sn = ServerInstance->Config->ServerName;
-
- /* Yeah yeah, i know, floats are ew.
- * We used them here because we'd be casting to float anyway to do this maths,
- * and also only floating point numbers can deal with the pretty large numbers
- * involved in the total throughput of a server over a large period of time.
- * (we dont count 64 bit ints because not all systems have 64 bit ints, and floats
- * can still hold more.
- */
- float outbound_r = (total_out_compressed / (total_out_uncompressed + 0.001)) * 100;
- float inbound_r = (total_in_compressed / (total_in_uncompressed + 0.001)) * 100;
-
- float total_compressed = total_in_compressed + total_out_compressed;
- float total_uncompressed = total_in_uncompressed + total_out_uncompressed;
-
- float total_r = (total_compressed / (total_uncompressed + 0.001)) * 100;
-
- char outbound_ratio[MAXBUF], inbound_ratio[MAXBUF], combined_ratio[MAXBUF];
-
- sprintf(outbound_ratio, "%3.2f%%", outbound_r);
- sprintf(inbound_ratio, "%3.2f%%", inbound_r);
- sprintf(combined_ratio, "%3.2f%%", total_r);
-
- results.push_back(sn+" 304 "+user->nick+" :ZIPSTATS outbound_compressed = "+ConvToStr(total_out_compressed));
- results.push_back(sn+" 304 "+user->nick+" :ZIPSTATS inbound_compressed = "+ConvToStr(total_in_compressed));
- results.push_back(sn+" 304 "+user->nick+" :ZIPSTATS outbound_uncompressed = "+ConvToStr(total_out_uncompressed));
- results.push_back(sn+" 304 "+user->nick+" :ZIPSTATS inbound_uncompressed = "+ConvToStr(total_in_uncompressed));
- results.push_back(sn+" 304 "+user->nick+" :ZIPSTATS percentage_of_original_outbound_traffic = "+outbound_ratio);
- results.push_back(sn+" 304 "+user->nick+" :ZIPSTATS percentage_of_orignal_inbound_traffic = "+inbound_ratio);
- results.push_back(sn+" 304 "+user->nick+" :ZIPSTATS total_size_of_original_traffic = "+combined_ratio);
- return MOD_RES_PASSTHRU;
- }
-
- return MOD_RES_PASSTHRU;
- }
-
- void OnStreamSocketConnect(StreamSocket* user)
- {
- OnStreamSocketAccept(user, 0, 0);
- }
-
- void OnRawSocketAccept(StreamSocket* user, irc::sockets::sockaddrs*, irc::sockets::sockaddrs*)
- {
- int fd = user->GetFd();
-
- izip_session* session = &sessions[fd];
-
- /* Just in case... */
- session->outbuf.clear();
-
- session->c_stream.zalloc = (alloc_func)0;
- session->c_stream.zfree = (free_func)0;
- session->c_stream.opaque = (voidpf)0;
-
- session->d_stream.zalloc = (alloc_func)0;
- session->d_stream.zfree = (free_func)0;
- session->d_stream.opaque = (voidpf)0;
-
- /* If we cant call this, well, we're boned. */
- if (inflateInit(&session->d_stream) != Z_OK)
- {
- session->status = IZIP_CLOSED;
- return;
- }
-
- /* Same here */
- if (deflateInit(&session->c_stream, Z_BEST_COMPRESSION) != Z_OK)
- {
- inflateEnd(&session->d_stream);
- session->status = IZIP_CLOSED;
- return;
- }
-
- /* Just in case, do this last */
- session->status = IZIP_OPEN;
- }
-
- void OnStreamSocketClose(StreamSocket* user)
- {
- int fd = user->GetFd();
- CloseSession(&sessions[fd]);
- }
-
- int OnStreamSocketRead(StreamSocket* user, std::string& recvq)
- {
- int fd = user->GetFd();
- /* Find the sockets session */
- izip_session* session = &sessions[fd];
-
- if (session->status == IZIP_CLOSED)
- return -1;
-
- if (session->inbuf.empty())
- {
- /* Read read_buffer_size bytes at a time to the buffer (usually 2.5k) */
- int readresult = read(fd, net_buffer, net_buffer_size);
-
- if (readresult < 0)
- {
- if (errno == EINTR || errno == EAGAIN)
- return 0;
- }
- if (readresult <= 0)
- return -1;
-
- total_in_compressed += readresult;
-
- /* Copy the compressed data into our input buffer */
- session->inbuf.append(net_buffer, readresult);
- }
-
- size_t in_len = session->inbuf.length();
- char* buffer = ServerInstance->GetReadBuffer();
- int count = ServerInstance->Config->NetBufferSize;
-
- /* Prepare decompression */
- session->d_stream.next_in = (Bytef *)session->inbuf.c_str();
- session->d_stream.avail_in = in_len;
-
- session->d_stream.next_out = (Bytef*)buffer;
- /* Last byte is reserved for NULL terminating that beast */
- session->d_stream.avail_out = count - 1;
-
- /* Z_SYNC_FLUSH: Do as much as possible */
- int ret = inflate(&session->d_stream, Z_SYNC_FLUSH);
- /* TODO CloseStream() in here at random places */
- switch (ret)
- {
- case Z_NEED_DICT:
- case Z_STREAM_ERROR:
- /* This is one of the 'not supposed to happen' things.
- * Memory corruption, anyone?
- */
- Error(session, "General Error. This is not supposed to happen :/");
- break;
- case Z_DATA_ERROR:
- Error(session, "Decompression failed, malformed data");
- break;
- case Z_MEM_ERROR:
- Error(session, "Out of memory");
- break;
- case Z_BUF_ERROR:
- /* This one is non-fatal, buffer is just full
- * (can't happen here).
- */
- Error(session, "Internal error. This is not supposed to happen.");
- break;
- case Z_STREAM_END:
- /* This module *never* generates these :/ */
- Error(session, "End-of-stream marker received");
- break;
- case Z_OK:
- break;
- default:
- /* NO WAI! This can't happen. All errors are handled above. */
- Error(session, "Unknown error");
- break;
- }
- if (ret != Z_OK)
- {
- return -1;
- }
-
- /* Update the inbut buffer */
- unsigned int input_compressed = in_len - session->d_stream.avail_in;
- session->inbuf = session->inbuf.substr(input_compressed);
-
- /* Update counters (Old size - new size) */
- unsigned int uncompressed_length = (count - 1) - session->d_stream.avail_out;
- total_in_uncompressed += uncompressed_length;
-
- /* Null-terminate the buffer -- this doesnt harm binary data */
- recvq.append(buffer, uncompressed_length);
- return 1;
- }
-
- int OnStreamSocketWrite(StreamSocket* user, std::string& sendq)
- {
- int fd = user->GetFd();
- izip_session* session = &sessions[fd];
-
- if(session->status != IZIP_OPEN)
- /* Seriously, wtf? */
- return -1;
-
- int ret;
-
- /* This loop is really only supposed to run once, but in case 'compr'
- * is filled up somehow we are prepared to handle this situation.
- */
- unsigned int offset = 0;
- do
- {
- /* Prepare compression */
- session->c_stream.next_in = (Bytef*)sendq.data() + offset;
- session->c_stream.avail_in = sendq.length() - offset;
-
- session->c_stream.next_out = (Bytef*)net_buffer;
- session->c_stream.avail_out = net_buffer_size;
-
- /* Compress the text */
- ret = deflate(&session->c_stream, Z_SYNC_FLUSH);
- /* TODO CloseStream() in here at random places */
- switch (ret)
- {
- case Z_OK:
- break;
- case Z_BUF_ERROR:
- /* This one is non-fatal, buffer is just full
- * (can't happen here).
- */
- Error(session, "Internal error. This is not supposed to happen.");
- break;
- case Z_STREAM_ERROR:
- /* This is one of the 'not supposed to happen' things.
- * Memory corruption, anyone?
- */
- Error(session, "General Error. This is also not supposed to happen.");
- break;
- default:
- Error(session, "Unknown error");
- break;
- }
-
- if (ret != Z_OK)
- return 0;
-
- /* Space before - space after stuff was added to this */
- unsigned int compressed = net_buffer_size - session->c_stream.avail_out;
- unsigned int uncompressed = sendq.length() - session->c_stream.avail_in;
-
- /* Make it skip the data which was compressed already */
- offset += uncompressed;
-
- /* Update stats */
- total_out_uncompressed += uncompressed;
- total_out_compressed += compressed;
-
- /* Add compressed to the output buffer */
- session->outbuf.append((const char*)net_buffer, compressed);
- } while (session->c_stream.avail_in != 0);
-
- /* Lets see how much we can send out */
- ret = write(fd, session->outbuf.data(), session->outbuf.length());
-
- /* Check for errors, and advance the buffer if any was sent */
- if (ret > 0)
- session->outbuf = session->outbuf.substr(ret);
- else if (ret < 1)
- {
- if (errno == EAGAIN)
- return 0;
- else
- {
- session->outbuf.clear();
- return -1;
- }
- }
-
- return 1;
- }
-
- void Error(izip_session* session, const std::string &text)
- {
- ServerInstance->SNO->WriteToSnoMask('l', "ziplink error: " + text);
- }
-
- void CloseSession(izip_session* session)
- {
- if (session->status == IZIP_OPEN)
- {
- session->status = IZIP_CLOSED;
- session->outbuf.clear();
- inflateEnd(&session->d_stream);
- deflateEnd(&session->c_stream);
- }
- }
-
-};
-
-MODULE_INIT(ModuleZLib)
-
diff --git a/src/modules/m_hash.h b/src/modules/m_hash.h
index 7deb4c68c..edc9688b8 100644
--- a/src/modules/m_hash.h
+++ b/src/modules/m_hash.h
@@ -29,18 +29,21 @@ class HashProvider : public DataProvider
return BinToHex(sum(data));
}
+ inline std::string b64sum(const std::string& data)
+ {
+ return BinToBase64(sum(data), NULL, 0);
+ }
+
/** Allows the IVs for the hash to be specified. As the choice of initial IV is
* important for the security of a hash, this should not be used except to
* maintain backwards compatability. This also allows you to change the hex
* sequence from its default of "0123456789abcdef", which does not improve the
* strength of the output, but helps confuse those attempting to implement it.
*
- * Only m_md5 implements this request; only m_cloaking should use it.
- *
* Example:
* \code
* unsigned int iv[] = { 0xFFFFFFFF, 0x00000000, 0xAAAAAAAA, 0xCCCCCCCC };
- * std::string result = Hash.sumIV(iv, "0123456789abcdef", "data");
+ * std::string result = Hash.sumIV(iv, "fedcba9876543210", "data");
* \endcode
*/
virtual std::string sumIV(unsigned int* IV, const char* HexMap, const std::string &sdata) = 0;
diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp
index 94cc4045f..86d06fd25 100644
--- a/src/modules/m_httpd_acl.cpp
+++ b/src/modules/m_httpd_acl.cpp
@@ -105,61 +105,6 @@ class ModuleHTTPAccessList : public Module
response.Send();
}
- bool IsBase64(unsigned char c)
- {
- return (isalnum(c) || (c == '+') || (c == '/'));
- }
-
- std::string Base64Decode(const std::string &base64)
- {
- const std::string base64_chars("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/");
- int inputlen = base64.length();
- int i = 0, j = 0, input = 0;
- unsigned char longbuf[4], shortbuf[3];
- std::string retval;
-
- if (inputlen == 0)
- return "";
-
- while (inputlen-- && (base64[input] != '=') && IsBase64(base64[input]))
- {
- longbuf[i++] = base64[input];
- input++;
- if (i == 4)
- {
- for (i = 0; i < 4; ++i)
- longbuf[i] = base64_chars.find(longbuf[i]);
-
- shortbuf[0] = (longbuf[0] << 2) + ((longbuf[1] & 0x30) >> 4);
- shortbuf[1] = ((longbuf[1] & 0xf) << 4) + ((longbuf[2] & 0x3c) >> 2);
- shortbuf[2] = ((longbuf[2] & 0x3) << 6) + longbuf[3];
-
- for (i = 0; i < 3; ++i)
- retval += shortbuf[i];
-
- i = 0;
- }
- }
-
- if (i)
- {
- for (j = i; j < 4; ++j)
- longbuf[j] = 0;
-
- for (j = 0; j < 4; ++j)
- longbuf[j] = base64_chars.find(longbuf[j]);
-
- shortbuf[0] = (longbuf[0] << 2) + ((longbuf[1] & 0x30) >> 4);
- shortbuf[1] = ((longbuf[1] & 0xf) << 4) + ((longbuf[2] & 0x3c) >> 2);
- shortbuf[2] = ((longbuf[2] & 0x3) << 6) + longbuf[3];
-
- for (j = 0; j < i - 1; ++j)
- retval += shortbuf[j];
- }
-
- return retval;
- }
-
void OnEvent(Event& event)
{
if (event.id == "httpd_acl")
@@ -230,7 +175,7 @@ class ModuleHTTPAccessList : public Module
std::string pass;
sep.GetToken(base64);
- std::string userpass = Base64Decode(base64);
+ std::string userpass = Base64ToBin(base64);
ServerInstance->Logs->Log("m_httpd_acl", DEBUG, "HTTP authorization: %s (%s)", userpass.c_str(), base64.c_str());
irc::sepstream userpasspair(userpass, ':');
diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp
index a9870c057..d27856b3e 100644
--- a/src/modules/m_password_hash.cpp
+++ b/src/modules/m_password_hash.cpp
@@ -16,6 +16,19 @@
#include "inspircd.h"
#include "m_hash.h"
+static std::string hmac(HashProvider* hp, const std::string& key, const std::string& msg)
+{
+ std::string hmac1, hmac2;
+ for (size_t n = 0; n < key.length(); n++)
+ {
+ hmac1.push_back(static_cast<char>(key[n] ^ 0x5C));
+ hmac2.push_back(static_cast<char>(key[n] ^ 0x36));
+ }
+ hmac2.append(msg);
+ hmac1.append(hp->sum(hmac2));
+ return hp->sum(hmac1);
+}
+
/* Handle /MKPASSWD
*/
class CommandMkpasswd : public Command
@@ -29,6 +42,22 @@ class CommandMkpasswd : public Command
void MakeHash(User* user, const std::string& algo, const std::string& stuff)
{
+ if (algo.substr(0,5) == "hmac-")
+ {
+ std::string type = algo.substr(5);
+ HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
+ if (!hp)
+ {
+ user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str());
+ return;
+ }
+ std::string salt = GenRandomStr(6, false);
+ std::string target = hmac(hp, salt, stuff);
+ std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
+
+ user->WriteServ("NOTICE %s :%s hashed password for %s is %s",
+ user->nick.c_str(), algo.c_str(), stuff.c_str(), str.c_str());
+ }
HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + algo);
if (hp)
{
@@ -38,7 +67,6 @@ class CommandMkpasswd : public Command
}
else
{
- /* I dont do flying, bob. */
user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str());
}
}
@@ -68,6 +96,33 @@ class ModuleOperHash : public Module
virtual ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype)
{
+ if (hashtype.substr(0,5) == "hmac-")
+ {
+ std::string type = hashtype.substr(5);
+ HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
+ if (!hp)
+ return MOD_RES_PASSTHRU;
+ // this is a valid hash, from here on we either accept or deny
+ std::string::size_type sep = data.find('$');
+ if (sep == std::string::npos)
+ return MOD_RES_DENY;
+ std::string salt = Base64ToBin(data.substr(0, sep));
+ std::string target = Base64ToBin(data.substr(sep + 1));
+
+ std::string hmac1, hmac2;
+ for (size_t n = 0; n < salt.length(); n++)
+ {
+ hmac1.push_back(static_cast<char>(salt[n] ^ 0x5C));
+ hmac2.push_back(static_cast<char>(salt[n] ^ 0x36));
+ }
+ hmac2.append(input);
+ hmac1.append(hp->sum(hmac2));
+ if (target == hp->sum(hmac1))
+ return MOD_RES_ALLOW;
+ else
+ return MOD_RES_DENY;
+ }
+
HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + hashtype);
/* Is this a valid hash name? */