X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=2df3300a5ea4aed641c6bde26b0d9e35e395bf60;hb=3151d60c1ecc9462e4c335282ee6c31672f45111;hp=f064e9cf0cafc0540542752606094229c9846858;hpb=54fb0cd5aa7d090d5c3da5ab54988c86ba8a2e8e;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index f064e9cf0..2df3300a5 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -1,20 +1,31 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team - * See: http://wiki.inspircd.org/Credits + * Copyright (C) 2014 Daniel Vassdal + * Copyright (C) 2013, 2017-2018 Sadie Powell + * Copyright (C) 2012, 2019 Robby + * Copyright (C) 2012, 2014-2015 Attila Molnar + * Copyright (C) 2009-2010 Daniel De Graaf + * Copyright (C) 2007-2008 Robin Burchell + * Copyright (C) 2007 Dennis Friis + * Copyright (C) 2006, 2010 Craig Edwards * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ -/* $ModDesc: Allows for hashed oper passwords */ #include "inspircd.h" -#include "m_hash.h" +#include "modules/hash.h" /* Handle /MKPASSWD */ @@ -23,72 +34,108 @@ class CommandMkpasswd : public Command public: CommandMkpasswd(Module* Creator) : Command(Creator, "MKPASSWD", 2) { - syntax = " "; + syntax = " "; Penalty = 5; } - void MakeHash(User* user, const std::string& algo, const std::string& stuff) + CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE { - HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + algo); - if (hp) + if (!parameters[0].compare(0, 5, "hmac-", 5)) { - /* Now attempt to generate a hash */ - user->WriteServ("NOTICE %s :%s hashed password for %s is %s", - user->nick.c_str(), algo.c_str(), stuff.c_str(), hp->hexsum(stuff).c_str()); + std::string type(parameters[0], 5); + HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type); + if (!hp) + { + user->WriteNotice("Unknown hash type"); + return CMD_FAILURE; + } + + if (hp->IsKDF()) + { + user->WriteNotice(type + " does not support HMAC"); + return CMD_FAILURE; + } + + std::string salt = ServerInstance->GenRandomStr(hp->out_size, false); + std::string target = hp->hmac(salt, parameters[1]); + std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); + + user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + str); + return CMD_SUCCESS; } - else + + HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + parameters[0]); + if (!hp) { - /* I dont do flying, bob. */ - user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str()); + user->WriteNotice("Unknown hash type"); + return CMD_FAILURE; } - } - - CmdResult Handle (const std::vector<std::string>& parameters, User *user) - { - MakeHash(user, parameters[0], parameters[1]); + std::string hexsum = hp->Generate(parameters[1]); + user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + hexsum); return CMD_SUCCESS; } }; -class ModuleOperHash : public Module +class ModulePasswordHash : public Module { + private: CommandMkpasswd cmd; - public: - ModuleOperHash() : cmd(this) + public: + ModulePasswordHash() + : cmd(this) { - /* Read the config file first */ - OnRehash(NULL); - - ServerInstance->AddCommand(&cmd); - Implementation eventlist[] = { I_OnPassCompare }; - ServerInstance->Modules->Attach(eventlist, this, 1); } - virtual ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) + ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) CXX11_OVERRIDE { + if (!hashtype.compare(0, 5, "hmac-", 5)) + { + std::string type(hashtype, 5); + HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type); + if (!hp) + return MOD_RES_PASSTHRU; + + if (hp->IsKDF()) + { + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str()); + return MOD_RES_DENY; + } + + // this is a valid hash, from here on we either accept or deny + std::string::size_type sep = data.find('$'); + if (sep == std::string::npos) + return MOD_RES_DENY; + std::string salt = Base64ToBin(data.substr(0, sep)); + std::string target = Base64ToBin(data.substr(sep + 1)); + + if (target == hp->hmac(salt, input)) + return MOD_RES_ALLOW; + else + return MOD_RES_DENY; + } + HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + hashtype); /* Is this a valid hash name? */ if (hp) { - /* Compare the hash in the config to the generated hash */ - if (data == hp->hexsum(input)) + if (hp->Compare(input, data)) return MOD_RES_ALLOW; else /* No match, and must be hashed, forbid */ return MOD_RES_DENY; } - /* Not a hash, fall through to strcmp in core */ + // We don't handle this type, let other mods or the core decide return MOD_RES_PASSTHRU; } - virtual Version GetVersion() + Version GetVersion() CXX11_OVERRIDE { - return Version("Allows for hashed oper passwords",VF_VENDOR); + return Version("Adds the /MKPASSWD command which allows the generation of hashed passwords for use in the server configuration.", VF_VENDOR); } }; -MODULE_INIT(ModuleOperHash) +MODULE_INIT(ModulePasswordHash)