X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=09cdbb402c180dd15e95cf15aabb75458f14af1d;hb=3ccae741b8c60acc2d95f2dc54d7e69014090807;hp=6c4145c4edd3bcd02c4255fe5fb4c25cb2a6bfd7;hpb=d9d99cd02dadf34bfcc220734ba0c422f0acb3e6;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index 6c4145c4e..09cdbb402 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -18,8 +18,6 @@ */ -/* $ModDesc: Allows for hashed oper passwords */ - #include "inspircd.h" #include "modules/hash.h" @@ -36,16 +34,23 @@ class CommandMkpasswd : public Command void MakeHash(User* user, const std::string& algo, const std::string& stuff) { - if (algo.substr(0,5) == "hmac-") + if (!algo.compare(0, 5, "hmac-", 5)) { - std::string type = algo.substr(5); + std::string type(algo, 5); HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); if (!hp) { user->WriteNotice("Unknown hash type"); return; } - std::string salt = ServerInstance->GenRandomStr(6, false); + + if (hp->IsKDF()) + { + user->WriteNotice(type + " does not support HMAC"); + return; + } + + std::string salt = ServerInstance->GenRandomStr(hp->out_size, false); std::string target = hp->hmac(salt, stuff); std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); @@ -56,7 +61,7 @@ class CommandMkpasswd : public Command if (hp) { /* Now attempt to generate a hash */ - std::string hexsum = hp->hexsum(stuff); + std::string hexsum = hp->Generate(stuff); user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum); } else @@ -82,24 +87,21 @@ class ModuleOperHash : public Module { } - void init() CXX11_OVERRIDE - { - /* Read the config file first */ - OnRehash(NULL); - - ServerInstance->Modules->AddService(cmd); - Implementation eventlist[] = { I_OnPassCompare }; - ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); - } - ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) CXX11_OVERRIDE { - if (hashtype.substr(0,5) == "hmac-") + if (!hashtype.compare(0, 5, "hmac-", 5)) { - std::string type = hashtype.substr(5); + std::string type(hashtype, 5); HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); if (!hp) return MOD_RES_PASSTHRU; + + if (hp->IsKDF()) + { + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str()); + return MOD_RES_DENY; + } + // this is a valid hash, from here on we either accept or deny std::string::size_type sep = data.find('$'); if (sep == std::string::npos) @@ -118,15 +120,14 @@ class ModuleOperHash : public Module /* Is this a valid hash name? */ if (hp) { - /* Compare the hash in the config to the generated hash */ - if (data == hp->hexsum(input)) + if (hp->Compare(input, data)) return MOD_RES_ALLOW; else /* No match, and must be hashed, forbid */ return MOD_RES_DENY; } - /* Not a hash, fall through to strcmp in core */ + // We don't handle this type, let other mods or the core decide return MOD_RES_PASSTHRU; }