This will be made a hard failure in v4.
*/
insp::flat_set<int> ports;
+ /** If non-empty then the password a user must specify in PASS to be assigned to this class. */
+ std::string password;
+
+ /** If non-empty then the hash algorithm that the password field is hashed with. */
+ std::string passwordhash;
+
/** Create a new connect class with no settings.
*/
ConnectClass(ConfigTag* tag, char type, const std::string& mask);
me->maxconnwarn = tag->getBool("maxconnwarn", me->maxconnwarn);
me->limit = tag->getUInt("limit", me->limit);
me->resolvehostnames = tag->getBool("resolvehostnames", me->resolvehostnames);
+ me->password = tag->getString("password", me->password);
+
+ me->passwordhash = tag->getString("hash", me->passwordhash);
+ if (!me->password.empty() && (me->passwordhash.empty() || stdalgo::string::equalsci(me->passwordhash, "plaintext")))
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEFAULT, "<connect> tag '%s' at %s contains an plain text password, this is insecure!",
+ name.c_str(), tag->getTagLocation().c_str());
+ }
std::string ports = tag->getString("port");
if (!ports.empty())
// The IP address will be received via the WEBIRC command.
const std::string fingerprint = tag->getString("fingerprint");
const std::string password = tag->getString("password");
+ const std::string passwordhash = tag->getString("hash", "plaintext", 1);
// WebIRC blocks require a password.
if (fingerprint.empty() && password.empty())
throw ModuleException("When using <cgihost type=\"webirc\"> either the fingerprint or password field is required, at " + tag->getTagLocation());
- webirchosts.push_back(WebIRCHost(mask, fingerprint, password, tag->getString("hash")));
+ if (!password.empty() && stdalgo::string::equalsci(passwordhash, "plaintext"))
+ {
+ ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "<cgihost> tag at %s contains an plain text password, this is insecure!",
+ tag->getTagLocation().c_str());
+ }
+
+ webirchosts.push_back(WebIRCHost(mask, fingerprint, password, passwordhash));
}
else
{
if (pass.empty())
throw ModuleException("<title:password> is empty at " + tag->getTagLocation());
- std::string hash = tag->getString("hash");
+ const std::string hash = tag->getString("hash", "plaintext", 1);
+ if (stdalgo::string::equalsci(hash, "plaintext"))
+ {
+ ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "<title> tag for %s at %s contains an plain text password, this is insecure!",
+ name.c_str(), tag->getTagLocation().c_str());
+ }
+
std::string host = tag->getString("host", "*@*");
std::string title = tag->getString("title");
std::string vhost = tag->getString("vhost");
std::string mask = tag->getString("host");
if (mask.empty())
throw ModuleException("<vhost:host> is empty! at " + tag->getTagLocation());
+
std::string username = tag->getString("user");
if (username.empty())
throw ModuleException("<vhost:user> is empty! at " + tag->getTagLocation());
+
std::string pass = tag->getString("pass");
if (pass.empty())
throw ModuleException("<vhost:pass> is empty! at " + tag->getTagLocation());
- std::string hash = tag->getString("hash");
+
+ const std::string hash = tag->getString("hash", "plaintext", 1);
+ if (stdalgo::string::equalsci(hash, "plaintext"))
+ {
+ ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "<vhost> tag for %s at %s contains an plain text password, this is insecure!",
+ username.c_str(), tag->getTagLocation().c_str());
+ }
CustomVhost vhost(username, pass, hash, mask);
newhosts.insert(std::make_pair(username, vhost));
}
}
- if (regdone && !c->config->getString("password").empty())
+ if (regdone && !c->password.empty())
{
- if (!ServerInstance->PassCompare(this, c->config->getString("password"), password, c->config->getString("hash")))
+ if (!ServerInstance->PassCompare(this, c->password, password, c->passwordhash))
{
ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Bad password, skipping");
continue;
limit = src->limit;
resolvehostnames = src->resolvehostnames;
ports = src->ports;
+ password = src->password;
+ passwordhash = src->passwordhash;
}