X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=b092a37f4899d7a79874ebf3e8562030318795b1;hb=b7716ed57704b2b2bcc665a590aecc8f02de631d;hp=37effc79ec321a46ef001bbd5466ed246d0b6c29;hpb=0c0a7b6404c5de51241cdaa3eb159d014ef51024;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index 37effc79e..b092a37f4 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -32,51 +32,53 @@ class CommandMkpasswd : public Command Penalty = 5; } - void MakeHash(User* user, const std::string& algo, const std::string& stuff) + CmdResult Handle(const std::vector& parameters, User* user) CXX11_OVERRIDE { - if (!algo.compare(0, 5, "hmac-", 5)) + if (!parameters[0].compare(0, 5, "hmac-", 5)) { - std::string type = algo.substr(5); + std::string type(parameters[0], 5); HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); if (!hp) { user->WriteNotice("Unknown hash type"); - return; + return CMD_FAILURE; } + + if (hp->IsKDF()) + { + user->WriteNotice(type + " does not support HMAC"); + return CMD_FAILURE; + } + std::string salt = ServerInstance->GenRandomStr(hp->out_size, false); - std::string target = hp->hmac(salt, stuff); + std::string target = hp->hmac(salt, parameters[1]); std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); - user->WriteNotice(algo + " hashed password for " + stuff + " is " + str); - return; + user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + str); + return CMD_SUCCESS; } - HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + algo); - if (hp) - { - /* Now attempt to generate a hash */ - std::string hexsum = hp->hexsum(stuff); - user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum); - } - else + + HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + parameters[0]); + if (!hp) { user->WriteNotice("Unknown hash type"); + return CMD_FAILURE; } - } - - CmdResult Handle (const std::vector& parameters, User *user) - { - MakeHash(user, parameters[0], parameters[1]); + std::string hexsum = hp->Generate(parameters[1]); + user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + hexsum); return CMD_SUCCESS; } }; -class ModuleOperHash : public Module +class ModulePasswordHash : public Module { + private: CommandMkpasswd cmd; - public: - ModuleOperHash() : cmd(this) + public: + ModulePasswordHash() + : cmd(this) { } @@ -84,10 +86,17 @@ class ModuleOperHash : public Module { if (!hashtype.compare(0, 5, "hmac-", 5)) { - std::string type = hashtype.substr(5); + std::string type(hashtype, 5); HashProvider* hp = ServerInstance->Modules->FindDataService("hash/" + type); if (!hp) return MOD_RES_PASSTHRU; + + if (hp->IsKDF()) + { + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str()); + return MOD_RES_DENY; + } + // this is a valid hash, from here on we either accept or deny std::string::size_type sep = data.find('$'); if (sep == std::string::npos) @@ -106,8 +115,7 @@ class ModuleOperHash : public Module /* Is this a valid hash name? */ if (hp) { - // Use the timing-safe compare function to compare the hashes - if (InspIRCd::TimingSafeCompare(data, hp->hexsum(input))) + if (hp->Compare(input, data)) return MOD_RES_ALLOW; else /* No match, and must be hashed, forbid */ @@ -120,8 +128,8 @@ class ModuleOperHash : public Module Version GetVersion() CXX11_OVERRIDE { - return Version("Allows for hashed oper passwords",VF_VENDOR); + return Version("Provides the ability to hash passwords to other modules", VF_VENDOR); } }; -MODULE_INIT(ModuleOperHash) +MODULE_INIT(ModulePasswordHash)