X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=2df3300a5ea4aed641c6bde26b0d9e35e395bf60;hb=3151d60c1ecc9462e4c335282ee6c31672f45111;hp=926ba56323d2c05fbfe6d25638160c4fee92663e;hpb=c1cc5cf147babcd834ba0dbbdd4b1c1d4ae010b6;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp
index 926ba5632..2df3300a5 100644
--- a/src/modules/m_password_hash.cpp
+++ b/src/modules/m_password_hash.cpp
@@ -1,8 +1,14 @@
 /*
  * InspIRCd -- Internet Relay Chat Daemon
  *
+ *   Copyright (C) 2014 Daniel Vassdal <shutter@canternet.org>
+ *   Copyright (C) 2013, 2017-2018 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2012, 2019 Robby <robby@chatbelgie.be>
+ *   Copyright (C) 2012, 2014-2015 Attila Molnar <attilamolnar@hush.com>
  *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
- *   Copyright (C) 2008 Thomas Stagner <aquanight@inspircd.org>
+ *   Copyright (C) 2007-2008 Robin Burchell <robin+git@viroteck.net>
+ *   Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
+ *   Copyright (C) 2006, 2010 Craig Edwards <brain@inspircd.org>
  *
  * This file is part of InspIRCd.  InspIRCd is free software: you can
  * redistribute it and/or modify it under the terms of the GNU General Public
@@ -28,55 +34,57 @@ class CommandMkpasswd : public Command
  public:
 	CommandMkpasswd(Module* Creator) : Command(Creator, "MKPASSWD", 2)
 	{
-		syntax = "<hashtype> <any-text>";
+		syntax = "<hashtype> <plaintext>";
 		Penalty = 5;
 	}
 
-	void MakeHash(User* user, const std::string& algo, const std::string& stuff)
+	CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE
 	{
-		if (!algo.compare(0, 5, "hmac-", 5))
+		if (!parameters[0].compare(0, 5, "hmac-", 5))
 		{
-			std::string type = algo.substr(5);
+			std::string type(parameters[0], 5);
 			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
 			if (!hp)
 			{
 				user->WriteNotice("Unknown hash type");
-				return;
+				return CMD_FAILURE;
 			}
-			std::string salt = ServerInstance->GenRandomStr(6, false);
-			std::string target = hp->hmac(salt, stuff);
+
+			if (hp->IsKDF())
+			{
+				user->WriteNotice(type + " does not support HMAC");
+				return CMD_FAILURE;
+			}
+
+			std::string salt = ServerInstance->GenRandomStr(hp->out_size, false);
+			std::string target = hp->hmac(salt, parameters[1]);
 			std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
 
-			user->WriteNotice(algo + " hashed password for " + stuff + " is " + str);
-			return;
+			user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + str);
+			return CMD_SUCCESS;
 		}
-		HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + algo);
-		if (hp)
-		{
-			/* Now attempt to generate a hash */
-			std::string hexsum = hp->hexsum(stuff);
-			user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum);
-		}
-		else
+
+		HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + parameters[0]);
+		if (!hp)
 		{
 			user->WriteNotice("Unknown hash type");
+			return CMD_FAILURE;
 		}
-	}
-
-	CmdResult Handle (const std::vector<std::string>& parameters, User *user)
-	{
-		MakeHash(user, parameters[0], parameters[1]);
 
+		std::string hexsum = hp->Generate(parameters[1]);
+		user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + hexsum);
 		return CMD_SUCCESS;
 	}
 };
 
-class ModuleOperHash : public Module
+class ModulePasswordHash : public Module
 {
+ private:
 	CommandMkpasswd cmd;
- public:
 
-	ModuleOperHash() : cmd(this)
+ public:
+	ModulePasswordHash()
+		: cmd(this)
 	{
 	}
 
@@ -84,10 +92,17 @@ class ModuleOperHash : public Module
 	{
 		if (!hashtype.compare(0, 5, "hmac-", 5))
 		{
-			std::string type = hashtype.substr(5);
+			std::string type(hashtype, 5);
 			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
 			if (!hp)
 				return MOD_RES_PASSTHRU;
+
+			if (hp->IsKDF())
+			{
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str());
+				return MOD_RES_DENY;
+			}
+
 			// this is a valid hash, from here on we either accept or deny
 			std::string::size_type sep = data.find('$');
 			if (sep == std::string::npos)
@@ -106,8 +121,7 @@ class ModuleOperHash : public Module
 		/* Is this a valid hash name? */
 		if (hp)
 		{
-			// Use the timing-safe compare function to compare the hashes
-			if (InspIRCd::TimingSafeCompare(data, hp->hexsum(input)))
+			if (hp->Compare(input, data))
 				return MOD_RES_ALLOW;
 			else
 				/* No match, and must be hashed, forbid */
@@ -120,8 +134,8 @@ class ModuleOperHash : public Module
 
 	Version GetVersion() CXX11_OVERRIDE
 	{
-		return Version("Allows for hashed oper passwords",VF_VENDOR);
+		return Version("Adds the /MKPASSWD command which allows the generation of hashed passwords for use in the server configuration.", VF_VENDOR);
 	}
 };
 
-MODULE_INIT(ModuleOperHash)
+MODULE_INIT(ModulePasswordHash)