]> git.netwichtig.de Git - user/henk/code/inspircd.git/blob - src/modules/m_password_hash.cpp
projects / user / henk / code / inspircd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
m_password_hash: Use out_size as HMAC-key length, as RFC2104 recommends
[user/henk/code/inspircd.git] / src / modules / m_password_hash.cpp
1 /*
2  * InspIRCd -- Internet Relay Chat Daemon
3  *
4  *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
5  *   Copyright (C) 2008 Thomas Stagner <aquanight@inspircd.org>
6  *
7  * This file is part of InspIRCd.  InspIRCd is free software: you can
8  * redistribute it and/or modify it under the terms of the GNU General Public
9  * License as published by the Free Software Foundation, version 2.
10  *
11  * This program is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
14  * details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18  */
19
20
21 #include "inspircd.h"
22 #include "modules/hash.h"
23
24 /* Handle /MKPASSWD
25  */
26 class CommandMkpasswd : public Command
27 {
28  public:
29         CommandMkpasswd(Module* Creator) : Command(Creator, "MKPASSWD", 2)
30         {
31                 syntax = "<hashtype> <any-text>";
32                 Penalty = 5;
33         }
34
35         void MakeHash(User* user, const std::string& algo, const std::string& stuff)
36         {
37                 if (!algo.compare(0, 5, "hmac-", 5))
38                 {
39                         std::string type = algo.substr(5);
40                         HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
41                         if (!hp)
42                         {
43                                 user->WriteNotice("Unknown hash type");
44                                 return;
45                         }
46                         std::string salt = ServerInstance->GenRandomStr(hp->out_size, false);
47                         std::string target = hp->hmac(salt, stuff);
48                         std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
49
50                         user->WriteNotice(algo + " hashed password for " + stuff + " is " + str);
51                         return;
52                 }
53                 HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + algo);
54                 if (hp)
55                 {
56                         /* Now attempt to generate a hash */
57                         std::string hexsum = hp->hexsum(stuff);
58                         user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum);
59                 }
60                 else
61                 {
62                         user->WriteNotice("Unknown hash type");
63                 }
64         }
65
66         CmdResult Handle (const std::vector<std::string>& parameters, User *user)
67         {
68                 MakeHash(user, parameters[0], parameters[1]);
69
70                 return CMD_SUCCESS;
71         }
72 };
73
74 class ModuleOperHash : public Module
75 {
76         CommandMkpasswd cmd;
77  public:
78
79         ModuleOperHash() : cmd(this)
80         {
81         }
82
83         ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) CXX11_OVERRIDE
84         {
85                 if (!hashtype.compare(0, 5, "hmac-", 5))
86                 {
87                         std::string type = hashtype.substr(5);
88                         HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
89                         if (!hp)
90                                 return MOD_RES_PASSTHRU;
91                         // this is a valid hash, from here on we either accept or deny
92                         std::string::size_type sep = data.find('$');
93                         if (sep == std::string::npos)
94                                 return MOD_RES_DENY;
95                         std::string salt = Base64ToBin(data.substr(0, sep));
96                         std::string target = Base64ToBin(data.substr(sep + 1));
97
98                         if (target == hp->hmac(salt, input))
99                                 return MOD_RES_ALLOW;
100                         else
101                                 return MOD_RES_DENY;
102                 }
103
104                 HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + hashtype);
105
106                 /* Is this a valid hash name? */
107                 if (hp)
108                 {
109                         // Use the timing-safe compare function to compare the hashes
110                         if (InspIRCd::TimingSafeCompare(data, hp->hexsum(input)))
111                                 return MOD_RES_ALLOW;
112                         else
113                                 /* No match, and must be hashed, forbid */
114                                 return MOD_RES_DENY;
115                 }
116
117                 // We don't handle this type, let other mods or the core decide
118                 return MOD_RES_PASSTHRU;
119         }
120
121         Version GetVersion() CXX11_OVERRIDE
122         {
123                 return Version("Allows for hashed oper passwords",VF_VENDOR);
124         }
125 };
126
127 MODULE_INIT(ModuleOperHash)