X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=98462780b09a7fda288759b029d0a9bd327ca845;hb=4c751dbbe8945e5efc230a59b0ed51c2ba10cf92;hp=e91bedd70ce4f08f63ad707535570ee55c9ad27f;hpb=2630a87bb13b089e6d0fdcff4bcd0f3a9612e52f;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index e91bedd70..98462780b 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -1,165 +1,140 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team - * See: http://wiki.inspircd.org/Credits + * Copyright (C) 2009-2010 Daniel De Graaf + * Copyright (C) 2008 Thomas Stagner * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + /* $ModDesc: Allows for hashed oper passwords */ -/* $ModDep: m_hash.h */ #include "inspircd.h" -#include "m_hash.h" - -typedef std::map hashymodules; +#include "hash.h" /* Handle /MKPASSWD */ class CommandMkpasswd : public Command { - Module* Sender; - hashymodules &hashers; - std::deque &names; public: - CommandMkpasswd (InspIRCd* Instance, Module* S, hashymodules &h, std::deque &n) - : Command(Instance,"MKPASSWD", 0, 2), Sender(S), hashers(h), names(n) + CommandMkpasswd(Module* Creator) : Command(Creator, "MKPASSWD", 2) { - this->source = "m_password_hash.so"; syntax = " "; + Penalty = 5; } - void MakeHash(User* user, const char* algo, const char* stuff) + void MakeHash(User* user, const std::string& algo, const std::string& stuff) { - /* Lets see if they gave us an algorithm which has been implemented */ - hashymodules::iterator x = hashers.find(algo); - if (x != hashers.end()) + if (algo.substr(0,5) == "hmac-") { - /* Yup, reset it first (Always ALWAYS do this) */ - HashResetRequest(Sender, x->second).Send(); - /* Now attempt to generate a hash */ - user->WriteServ("NOTICE %s :%s hashed password for %s is %s",user->nick.c_str(), algo, stuff, HashSumRequest(Sender, x->second, stuff).Send() ); + std::string type = algo.substr(5); + HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); + if (!hp) + { + user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str()); + return; + } + std::string salt = ServerInstance->GenRandomStr(6, false); + std::string target = hp->hmac(salt, stuff); + std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); + + user->WriteServ("NOTICE %s :%s hashed password for %s is %s", + user->nick.c_str(), algo.c_str(), stuff.c_str(), str.c_str()); + return; } - else if (names.empty()) + HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + algo); + if (hp) { - /* same idea as bug #569 */ - user->WriteServ("NOTICE %s :No hash provider modules are loaded", user->nick.c_str()); + /* Now attempt to generate a hash */ + std::string hexsum = hp->hexsum(stuff); + user->WriteServ("NOTICE %s :%s hashed password for %s is %s", + user->nick.c_str(), algo.c_str(), stuff.c_str(), hexsum.c_str()); } else { - /* I dont do flying, bob. */ - user->WriteServ("NOTICE %s :Unknown hash type, valid hash types are: %s", user->nick.c_str(), irc::stringjoiner(", ", names, 0, names.size() - 1).GetJoined().c_str() ); + user->WriteServ("NOTICE %s :Unknown hash type", user->nick.c_str()); } } CmdResult Handle (const std::vector& parameters, User *user) { - MakeHash(user, parameters[0].c_str(), parameters[1].c_str()); - // this hashing could take some time, increasing server load. - // Slow down the user if they are trying to flood mkpasswd requests - user->IncreasePenalty(5); + MakeHash(user, parameters[0], parameters[1]); - return CMD_LOCALONLY; + return CMD_SUCCESS; } }; class ModuleOperHash : public Module { - CommandMkpasswd cmd; - hashymodules hashers; /* List of modules which implement HashRequest */ - std::deque names; /* Module names which implement HashRequest */ - - bool diduseiface; /* If we've called UseInterface yet. */ public: - ModuleOperHash(InspIRCd* Me) - : Module(Me), cmd(Me, this, hashers, names) + ModuleOperHash() : cmd(this) { - diduseiface = false; + } + void init() + { /* Read the config file first */ -// Conf = NULL; OnRehash(NULL); - /* Find all modules which implement the interface 'HashRequest' */ - modulelist* ml = ServerInstance->Modules->FindInterface("HashRequest"); - - /* Did we find any modules? */ - if (ml) - { - /* Yes, enumerate them all to find out the hashing algorithm name */ - for (modulelist::iterator m = ml->begin(); m != ml->end(); m++) - { - /* Make a request to it for its name, its implementing - * HashRequest so we know its safe to do this - */ - std::string name = HashNameRequest(this, *m).Send(); - /* Build a map of them */ - hashers[name.c_str()] = *m; - names.push_back(name); - } - /* UseInterface doesn't do anything if there are no providers, so we'll have to call it later if a module gets loaded later on. */ - ServerInstance->Modules->UseInterface("HashRequest"); - diduseiface = true; - } - - ServerInstance->AddCommand(&cmd); - Implementation eventlist[] = { I_OnPassCompare, I_OnLoadModule }; - ServerInstance->Modules->Attach(eventlist, this, 2); + ServerInstance->Modules->AddService(cmd); + Implementation eventlist[] = { I_OnPassCompare }; + ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } - virtual ~ModuleOperHash() + virtual ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) { - if (diduseiface) ServerInstance->Modules->DoneWithInterface("HashRequest"); - } - - - virtual void OnLoadModule(Module* mod, const std::string& name) - { - if (ServerInstance->Modules->ModuleHasInterface(mod, "HashRequest")) + if (hashtype.substr(0,5) == "hmac-") { - ServerInstance->Logs->Log("m_password-hash",DEBUG, "Post-load registering hasher: %s", name.c_str()); - std::string sname = HashNameRequest(this, mod).Send(); - hashers[sname.c_str()] = mod; - names.push_back(sname); - if (!diduseiface) - { - ServerInstance->Modules->UseInterface("HashRequest"); - diduseiface = true; - } + std::string type = hashtype.substr(5); + HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); + if (!hp) + return MOD_RES_PASSTHRU; + // this is a valid hash, from here on we either accept or deny + std::string::size_type sep = data.find('$'); + if (sep == std::string::npos) + return MOD_RES_DENY; + std::string salt = Base64ToBin(data.substr(0, sep)); + std::string target = Base64ToBin(data.substr(sep + 1)); + + if (target == hp->hmac(salt, input)) + return MOD_RES_ALLOW; + else + return MOD_RES_DENY; } - } - virtual int OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) - { - /* First, lets see what hash theyre using on this oper */ - hashymodules::iterator x = hashers.find(hashtype.c_str()); + HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + hashtype); - /* Is this a valid hash name? (case insensitive) */ - if (x != hashers.end()) + /* Is this a valid hash name? */ + if (hp) { - /* Reset the hashing module */ - HashResetRequest(this, x->second).Send(); /* Compare the hash in the config to the generated hash */ - if (!strcasecmp(data.c_str(), HashSumRequest(this, x->second, input.c_str()).Send())) - return 1; - /* No match, and must be hashed, forbid */ - else return -1; + if (data == hp->hexsum(input)) + return MOD_RES_ALLOW; + else + /* No match, and must be hashed, forbid */ + return MOD_RES_DENY; } /* Not a hash, fall through to strcmp in core */ - return 0; + return MOD_RES_PASSTHRU; } virtual Version GetVersion() { - return Version("$Id$",VF_VENDOR,API_VERSION); + return Version("Allows for hashed oper passwords",VF_VENDOR); } };