X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=926ba56323d2c05fbfe6d25638160c4fee92663e;hb=acccaa39641500b8a691db4136e6571102a438ed;hp=aa2c21cd56abfd8b7ed5a51148de011811731d1d;hpb=fcacc8e0306382bc3f938073092c3729d77e2b41;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index aa2c21cd5..926ba5632 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -18,10 +18,8 @@ */ -/* $ModDesc: Allows for hashed oper passwords */ - #include "inspircd.h" -#include "hash.h" +#include "modules/hash.h" /* Handle /MKPASSWD */ @@ -36,33 +34,32 @@ class CommandMkpasswd : public Command void MakeHash(User* user, const std::string& algo, const std::string& stuff) { - if (algo.substr(0,5) == "hmac-") + if (!algo.compare(0, 5, "hmac-", 5)) { std::string type = algo.substr(5); HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); if (!hp) { - user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str()); + user->WriteNotice("Unknown hash type"); return; } std::string salt = ServerInstance->GenRandomStr(6, false); std::string target = hp->hmac(salt, stuff); std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); - user->WriteServ("NOTICE %s :%s hashed password for %s is %s", - user->nick.c_str(), algo.c_str(), stuff.c_str(), str.c_str()); + user->WriteNotice(algo + " hashed password for " + stuff + " is " + str); return; } HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + algo); if (hp) { /* Now attempt to generate a hash */ - user->WriteServ("NOTICE %s :%s hashed password for %s is %s", - user->nick.c_str(), algo.c_str(), stuff.c_str(), hp->hexsum(stuff).c_str()); + std::string hexsum = hp->hexsum(stuff); + user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum); } else { - user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str()); + user->WriteNotice("Unknown hash type"); } } @@ -81,17 +78,11 @@ class ModuleOperHash : public Module ModuleOperHash() : cmd(this) { - /* Read the config file first */ - OnRehash(NULL); - - ServerInstance->AddCommand(&cmd); - Implementation eventlist[] = { I_OnPassCompare }; - ServerInstance->Modules->Attach(eventlist, this, 1); } - virtual ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) + ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) CXX11_OVERRIDE { - if (hashtype.substr(0,5) == "hmac-") + if (!hashtype.compare(0, 5, "hmac-", 5)) { std::string type = hashtype.substr(5); HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); @@ -115,19 +106,19 @@ class ModuleOperHash : public Module /* Is this a valid hash name? */ if (hp) { - /* Compare the hash in the config to the generated hash */ - if (data == hp->hexsum(input)) + // Use the timing-safe compare function to compare the hashes + if (InspIRCd::TimingSafeCompare(data, hp->hexsum(input))) return MOD_RES_ALLOW; else /* No match, and must be hashed, forbid */ return MOD_RES_DENY; } - /* Not a hash, fall through to strcmp in core */ + // We don't handle this type, let other mods or the core decide return MOD_RES_PASSTHRU; } - virtual Version GetVersion() + Version GetVersion() CXX11_OVERRIDE { return Version("Allows for hashed oper passwords",VF_VENDOR); }