X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=137ddb96c93cd359f02fb3d128b22d7e4f1090d5;hb=f020429fd33ec1a7bf1114b2db1b2fd5d6bc1650;hp=d27856b3e31d16fdfeab8036391bc822565b08fc;hpb=f91a61fa22b239384c31526fd11da1e3030aaa96;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp
index d27856b3e..137ddb96c 100644
--- a/src/modules/m_password_hash.cpp
+++ b/src/modules/m_password_hash.cpp
@@ -1,33 +1,25 @@
-/*       +------------------------------------+
- *       | Inspire Internet Relay Chat Daemon |
- *       +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
  *
- *  InspIRCd: (C) 2002-2010 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
+ *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2008 Thomas Stagner <aquanight@inspircd.org>
  *
- * This program is free but copyrighted software; see
- *            the file COPYING for details.
+ * This file is part of InspIRCd.  InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
  *
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-/* $ModDesc: Allows for hashed oper passwords */
 
 #include "inspircd.h"
-#include "m_hash.h"
-
-static std::string hmac(HashProvider* hp, const std::string& key, const std::string& msg)
-{
-	std::string hmac1, hmac2;
-	for (size_t n = 0; n < key.length(); n++)
-	{
-		hmac1.push_back(static_cast<char>(key[n] ^ 0x5C));
-		hmac2.push_back(static_cast<char>(key[n] ^ 0x36));
-	}
-	hmac2.append(msg);
-	hmac1.append(hp->sum(hmac2));
-	return hp->sum(hmac1);
-}
+#include "modules/hash.h"
 
 /* Handle /MKPASSWD
  */
@@ -40,68 +32,71 @@ class CommandMkpasswd : public Command
 		Penalty = 5;
 	}
 
-	void MakeHash(User* user, const std::string& algo, const std::string& stuff)
+	CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE
 	{
-		if (algo.substr(0,5) == "hmac-")
+		if (!parameters[0].compare(0, 5, "hmac-", 5))
 		{
-			std::string type = algo.substr(5);
+			std::string type(parameters[0], 5);
 			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
 			if (!hp)
 			{
-				user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str());
-				return;
+				user->WriteNotice("Unknown hash type");
+				return CMD_FAILURE;
 			}
-			std::string salt = GenRandomStr(6, false);
-			std::string target = hmac(hp, salt, stuff);
+
+			if (hp->IsKDF())
+			{
+				user->WriteNotice(type + " does not support HMAC");
+				return CMD_FAILURE;
+			}
+
+			std::string salt = ServerInstance->GenRandomStr(hp->out_size, false);
+			std::string target = hp->hmac(salt, parameters[1]);
 			std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
 
-			user->WriteServ("NOTICE %s :%s hashed password for %s is %s",
-				user->nick.c_str(), algo.c_str(), stuff.c_str(), str.c_str());
-		}
-		HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + algo);
-		if (hp)
-		{
-			/* Now attempt to generate a hash */
-			user->WriteServ("NOTICE %s :%s hashed password for %s is %s",
-				user->nick.c_str(), algo.c_str(), stuff.c_str(), hp->hexsum(stuff).c_str());
+			user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + str);
+			return CMD_SUCCESS;
 		}
-		else
+
+		HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + parameters[0]);
+		if (!hp)
 		{
-			user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str());
+			user->WriteNotice("Unknown hash type");
+			return CMD_FAILURE;
 		}
-	}
-
-	CmdResult Handle (const std::vector<std::string>& parameters, User *user)
-	{
-		MakeHash(user, parameters[0], parameters[1]);
 
+		std::string hexsum = hp->Generate(parameters[1]);
+		user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + hexsum);
 		return CMD_SUCCESS;
 	}
 };
 
-class ModuleOperHash : public Module
+class ModulePasswordHash : public Module
 {
+ private:
 	CommandMkpasswd cmd;
- public:
 
-	ModuleOperHash() : cmd(this)
+ public:
+	ModulePasswordHash()
+		: cmd(this)
 	{
-		/* Read the config file first */
-		OnRehash(NULL);
-
-		ServerInstance->AddCommand(&cmd);
-		Implementation eventlist[] = { I_OnPassCompare };
-		ServerInstance->Modules->Attach(eventlist, this, 1);
 	}
 
-	virtual ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype)
+	ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) CXX11_OVERRIDE
 	{
-		if (hashtype.substr(0,5) == "hmac-")
+		if (!hashtype.compare(0, 5, "hmac-", 5))
 		{
-			std::string type = hashtype.substr(5);
+			std::string type(hashtype, 5);
 			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
 			if (!hp)
 				return MOD_RES_PASSTHRU;
+
+			if (hp->IsKDF())
+			{
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str());
+				return MOD_RES_DENY;
+			}
+
 			// this is a valid hash, from here on we either accept or deny
 			std::string::size_type sep = data.find('$');
 			if (sep == std::string::npos)
@@ -109,15 +104,7 @@ class ModuleOperHash : public Module
 			std::string salt = Base64ToBin(data.substr(0, sep));
 			std::string target = Base64ToBin(data.substr(sep + 1));
 
-			std::string hmac1, hmac2;
-			for (size_t n = 0; n < salt.length(); n++)
-			{
-				hmac1.push_back(static_cast<char>(salt[n] ^ 0x5C));
-				hmac2.push_back(static_cast<char>(salt[n] ^ 0x36));
-			}
-			hmac2.append(input);
-			hmac1.append(hp->sum(hmac2));
-			if (target == hp->sum(hmac1))
+			if (target == hp->hmac(salt, input))
 				return MOD_RES_ALLOW;
 			else
 				return MOD_RES_DENY;
@@ -128,22 +115,21 @@ class ModuleOperHash : public Module
 		/* Is this a valid hash name? */
 		if (hp)
 		{
-			/* Compare the hash in the config to the generated hash */
-			if (data == hp->hexsum(input))
+			if (hp->Compare(input, data))
 				return MOD_RES_ALLOW;
 			else
 				/* No match, and must be hashed, forbid */
 				return MOD_RES_DENY;
 		}
 
-		/* Not a hash, fall through to strcmp in core */
+		// We don't handle this type, let other mods or the core decide
 		return MOD_RES_PASSTHRU;
 	}
 
-	virtual Version GetVersion()
+	Version GetVersion() CXX11_OVERRIDE
 	{
-		return Version("Allows for hashed oper passwords",VF_VENDOR);
+		return Version("Provides the ability to hash passwords to other modules", VF_VENDOR);
 	}
 };
 
-MODULE_INIT(ModuleOperHash)
+MODULE_INIT(ModulePasswordHash)