void MakeHash(User* user, const std::string& algo, const std::string& stuff)
{
if (!algo.compare(0, 5, "hmac-", 5))
{
std::string type = algo.substr(5);
HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
if (!hp)
{
user->WriteNotice("Unknown hash type");
return;
}
std::string salt = ServerInstance->GenRandomStr(6, false);
std::string target = hp->hmac(salt, stuff);
std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
user->WriteNotice(algo + " hashed password for " + stuff + " is " + str);
return;
}
HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + algo);
if (hp)
{
/* Now attempt to generate a hash */
std::string hexsum = hp->hexsum(stuff);
user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum);
}
else
{
user->WriteNotice("Unknown hash type");
}
}
std::string Sanitize(const std::string &str)
{
std::string ret;
ret.reserve(str.length() * 2);
for (std::string::const_iterator x = str.begin(); x != str.end(); ++x)
{
std::map<char, char const*>::const_iterator it = entities.find(*x);
if (it != entities.end())
{
ret += '&';
ret += it->second;
ret += ';';
}
else if (*x == 0x09 || *x == 0x0A || *x == 0x0D || ((*x >= 0x20) && (*x <= 0x7e)))
{
// The XML specification defines the following characters as valid inside an XML document:
// Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
ret += *x;
}
else
{
// If we reached this point then the string contains characters which can
// not be represented in XML, even using a numeric escape. Therefore, we
// Base64 encode the entire string and wrap it in a CDATA.
ret.clear();
ret += "<![CDATA[";
ret += BinToBase64(str);
ret += "]]>";
break;
}
}
return ret;
}
CmdResult Handle(User* user, const Params& parameters) override
{
if (!parameters[0].compare(0, 5, "hmac-", 5))
{
std::string type(parameters[0], 5);
HashProvider* hp = ServerInstance->Modules.FindDataService<HashProvider>("hash/" + type);
if (!hp)
{
user->WriteNotice("Unknown hash type");
return CMD_FAILURE;
}
if (hp->IsKDF())
{
user->WriteNotice(type + " does not support HMAC");
return CMD_FAILURE;
}
std::string salt = ServerInstance->GenRandomStr(hp->out_size, false);
std::string target = hp->hmac(salt, parameters[1]);
std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + str);
return CMD_SUCCESS;
}
HashProvider* hp = ServerInstance->Modules.FindDataService<HashProvider>("hash/" + parameters[0]);
if (!hp)
{
user->WriteNotice("Unknown hash type");
return CMD_FAILURE;
}
std::string hexsum = hp->Generate(parameters[1]);
user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + hexsum);
return CMD_SUCCESS;
}
std::string TreeSocket::MakePass(const std::string &password, const std::string &challenge)
{
/* This is a simple (maybe a bit hacky?) HMAC algorithm, thanks to jilles for
* suggesting the use of HMAC to secure the password against various attacks.
*
* Note: If m_sha256.so is not loaded, we MUST fall back to plaintext with no
* HMAC challenge/response.
*/
HashProvider* sha256 = ServerInstance->Modules->FindDataService<HashProvider>("hash/sha256");
if (Utils->ChallengeResponse && sha256 && !challenge.empty())
return "AUTH:" + BinToBase64(sha256->hmac(password, challenge));
if (!challenge.empty() && !sha256)
ServerInstance->Logs->Log("m_spanningtree",DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!");
return password;
}
ModResult OnUserRegister(LocalUser* user)
{
if (user->password.find(":") != std::string::npos) {
user->WriteServ("NOTICE * :We are attempting authentication on your behalf. If granted, you will receive a \"You are now logged in\" message.");
std::size_t found = user->password.find(':');
std::string saslstart, saslmsg, crs, ce;
std::string b64p, passuser, passpass;
passuser.append(user->password.substr(0, found));
passpass.append(user->password.substr(found+1));
b64p.append(BinToBase64('\0'+passuser+'\0'+passpass));
ServerInstance->Parser->ProcessBuffer(crs,user);
crs.append("CAP REQ :sasl");
ce.append("CAP END");
saslstart.append("AUTHENTICATE PLAIN");
saslmsg.append("AUTHENTICATE ");
saslmsg.append(b64p);
ServerInstance->Parser->ProcessBuffer(saslstart,user);
ServerInstance->Parser->ProcessBuffer(saslmsg,user);
usleep(10000);
ServerInstance->Parser->ProcessBuffer(ce,user);
}
return MOD_RES_ALLOW;
}
std::string ToString()
{
if (!IsValid())
return "";
return ConvToStr(this->iterations) + ":" + BinToBase64(this->hash) + ":" + BinToBase64(this->salt);
}
