X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=2df3300a5ea4aed641c6bde26b0d9e35e395bf60;hb=219f8e62623ff0c3002be764c1dbf7201d0293db;hp=61bc742c22ad40039e95538fecdd7b0b9c9902b0;hpb=069a2ef21425007d092342c8c11ec28da2f410d7;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp
index 61bc742c2..2df3300a5 100644
--- a/src/modules/m_password_hash.cpp
+++ b/src/modules/m_password_hash.cpp
@@ -1,164 +1,141 @@
-/*       +------------------------------------+
- *       | Inspire Internet Relay Chat Daemon |
- *       +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
  *
- *  InspIRCd: (C) 2002-2009 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
+ *   Copyright (C) 2014 Daniel Vassdal <shutter@canternet.org>
+ *   Copyright (C) 2013, 2017-2018 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2012, 2019 Robby <robby@chatbelgie.be>
+ *   Copyright (C) 2012, 2014-2015 Attila Molnar <attilamolnar@hush.com>
+ *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2007-2008 Robin Burchell <robin+git@viroteck.net>
+ *   Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
+ *   Copyright (C) 2006, 2010 Craig Edwards <brain@inspircd.org>
  *
- * This program is free but copyrighted software; see
- *            the file COPYING for details.
+ * This file is part of InspIRCd.  InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
  *
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-/* $ModDesc: Allows for hashed oper passwords */
-/* $ModDep: m_hash.h */
 
 #include "inspircd.h"
-#include "m_hash.h"
-
-typedef std::map<irc::string, Module*> hashymodules;
+#include "modules/hash.h"
 
 /* Handle /MKPASSWD
  */
 class CommandMkpasswd : public Command
 {
-	hashymodules &hashers;
-	std::deque<std::string> &names;
  public:
-	CommandMkpasswd(Module* Creator, hashymodules &h, std::deque<std::string> &n) : Command(Creator, "MKPASSWD", 2), hashers(h), names(n)
+	CommandMkpasswd(Module* Creator) : Command(Creator, "MKPASSWD", 2)
 	{
-		syntax = "<hashtype> <any-text>";
+		syntax = "<hashtype> <plaintext>";
+		Penalty = 5;
 	}
 
-	void MakeHash(User* user, const char* algo, const char* stuff)
+	CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE
 	{
-		/* Lets see if they gave us an algorithm which has been implemented */
-		hashymodules::iterator x = hashers.find(algo);
-		if (x != hashers.end())
+		if (!parameters[0].compare(0, 5, "hmac-", 5))
 		{
-			/* Yup, reset it first (Always ALWAYS do this) */
-			HashResetRequest(creator, x->second).Send();
-			/* Now attempt to generate a hash */
-			user->WriteServ("NOTICE %s :%s hashed password for %s is %s",user->nick.c_str(), algo, stuff, HashSumRequest(creator, x->second, stuff).Send() );
-		}
-		else if (names.empty())
-		{
-			/* same idea as bug #569 */
-			user->WriteServ("NOTICE %s :No hash provider modules are loaded", user->nick.c_str());
+			std::string type(parameters[0], 5);
+			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
+			if (!hp)
+			{
+				user->WriteNotice("Unknown hash type");
+				return CMD_FAILURE;
+			}
+
+			if (hp->IsKDF())
+			{
+				user->WriteNotice(type + " does not support HMAC");
+				return CMD_FAILURE;
+			}
+
+			std::string salt = ServerInstance->GenRandomStr(hp->out_size, false);
+			std::string target = hp->hmac(salt, parameters[1]);
+			std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
+
+			user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + str);
+			return CMD_SUCCESS;
 		}
-		else
+
+		HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + parameters[0]);
+		if (!hp)
 		{
-			/* I dont do flying, bob. */
-			user->WriteServ("NOTICE %s :Unknown hash type, valid hash types are: %s", user->nick.c_str(), irc::stringjoiner(", ", names, 0, names.size() - 1).GetJoined().c_str() );
+			user->WriteNotice("Unknown hash type");
+			return CMD_FAILURE;
 		}
-	}
-
-	CmdResult Handle (const std::vector<std::string>& parameters, User *user)
-	{
-		MakeHash(user, parameters[0].c_str(), parameters[1].c_str());
-		// this hashing could take some time, increasing server load.
-		// Slow down the user if they are trying to flood mkpasswd requests
-		user->IncreasePenalty(5);
 
+		std::string hexsum = hp->Generate(parameters[1]);
+		user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + hexsum);
 		return CMD_SUCCESS;
 	}
 };
 
-class ModuleOperHash : public Module
+class ModulePasswordHash : public Module
 {
-
+ private:
 	CommandMkpasswd cmd;
-	hashymodules hashers; /* List of modules which implement HashRequest */
-	std::deque<std::string> names; /* Module names which implement HashRequest */
 
-	bool diduseiface; /* If we've called UseInterface yet. */
  public:
-
-	ModuleOperHash(InspIRCd* Me)
-		: Module(Me), cmd(this, hashers, names)
+	ModulePasswordHash()
+		: cmd(this)
 	{
-		diduseiface = false;
-
-		/* Read the config file first */
-//		Conf = NULL;
-		OnRehash(NULL);
-
-		/* Find all modules which implement the interface 'HashRequest' */
-		modulelist* ml = ServerInstance->Modules->FindInterface("HashRequest");
-
-		/* Did we find any modules? */
-		if (ml)
-		{
-			/* Yes, enumerate them all to find out the hashing algorithm name */
-			for (modulelist::iterator m = ml->begin(); m != ml->end(); m++)
-			{
-				/* Make a request to it for its name, its implementing
-				 * HashRequest so we know its safe to do this
-				 */
-				std::string name = HashNameRequest(this, *m).Send();
-				/* Build a map of them */
-				hashers[name.c_str()] = *m;
-				names.push_back(name);
-			}
-			/* UseInterface doesn't do anything if there are no providers, so we'll have to call it later if a module gets loaded later on. */
-			ServerInstance->Modules->UseInterface("HashRequest");
-			diduseiface = true;
-		}
-
-		ServerInstance->AddCommand(&cmd);
-		Implementation eventlist[] = { I_OnPassCompare, I_OnLoadModule };
-		ServerInstance->Modules->Attach(eventlist, this, 2);
 	}
 
-	virtual ~ModuleOperHash()
+	ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) CXX11_OVERRIDE
 	{
-		if (diduseiface) ServerInstance->Modules->DoneWithInterface("HashRequest");
-	}
-
-
-	virtual void OnLoadModule(Module* mod, const std::string& name)
-	{
-		if (ServerInstance->Modules->ModuleHasInterface(mod, "HashRequest"))
+		if (!hashtype.compare(0, 5, "hmac-", 5))
 		{
-			ServerInstance->Logs->Log("m_password-hash",DEBUG, "Post-load registering hasher: %s", name.c_str());
-			std::string sname = HashNameRequest(this, mod).Send();
-			hashers[sname.c_str()] = mod;
-			names.push_back(sname);
-			if (!diduseiface)
+			std::string type(hashtype, 5);
+			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
+			if (!hp)
+				return MOD_RES_PASSTHRU;
+
+			if (hp->IsKDF())
 			{
-				ServerInstance->Modules->UseInterface("HashRequest");
-				diduseiface = true;
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str());
+				return MOD_RES_DENY;
 			}
+
+			// this is a valid hash, from here on we either accept or deny
+			std::string::size_type sep = data.find('$');
+			if (sep == std::string::npos)
+				return MOD_RES_DENY;
+			std::string salt = Base64ToBin(data.substr(0, sep));
+			std::string target = Base64ToBin(data.substr(sep + 1));
+
+			if (target == hp->hmac(salt, input))
+				return MOD_RES_ALLOW;
+			else
+				return MOD_RES_DENY;
 		}
-	}
 
-	virtual ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype)
-	{
-		/* First, lets see what hash theyre using on this oper */
-		hashymodules::iterator x = hashers.find(hashtype.c_str());
+		HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + hashtype);
 
-		/* Is this a valid hash name? (case insensitive) */
-		if (x != hashers.end())
+		/* Is this a valid hash name? */
+		if (hp)
 		{
-			/* Reset the hashing module */
-			HashResetRequest(this, x->second).Send();
-			/* Compare the hash in the config to the generated hash */
-			if (!strcasecmp(data.c_str(), HashSumRequest(this, x->second, input.c_str()).Send()))
+			if (hp->Compare(input, data))
 				return MOD_RES_ALLOW;
-			/* No match, and must be hashed, forbid */
 			else
+				/* No match, and must be hashed, forbid */
 				return MOD_RES_DENY;
 		}
 
-		/* Not a hash, fall through to strcmp in core */
+		// We don't handle this type, let other mods or the core decide
 		return MOD_RES_PASSTHRU;
 	}
 
-	virtual Version GetVersion()
+	Version GetVersion() CXX11_OVERRIDE
 	{
-		return Version("$Id$",VF_VENDOR,API_VERSION);
+		return Version("Adds the /MKPASSWD command which allows the generation of hashed passwords for use in the server configuration.", VF_VENDOR);
 	}
 };
 
-MODULE_INIT(ModuleOperHash)
+MODULE_INIT(ModulePasswordHash)