void MakeHash(User* user, const std::string& algo, const std::string& stuff) { if (!algo.compare(0, 5, "hmac-", 5)) { std::string type = algo.substr(5); HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type); if (!hp) { user->WriteNotice("Unknown hash type"); return; } std::string salt = ServerInstance->GenRandomStr(6, false); std::string target = hp->hmac(salt, stuff); std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); user->WriteNotice(algo + " hashed password for " + stuff + " is " + str); return; } HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + algo); if (hp) { /* Now attempt to generate a hash */ std::string hexsum = hp->hexsum(stuff); user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum); } else { user->WriteNotice("Unknown hash type"); } }
std::string Sanitize(const std::string &str) { std::string ret; ret.reserve(str.length() * 2); for (std::string::const_iterator x = str.begin(); x != str.end(); ++x) { std::map<char, char const*>::const_iterator it = entities.find(*x); if (it != entities.end()) { ret += '&'; ret += it->second; ret += ';'; } else if (*x == 0x09 || *x == 0x0A || *x == 0x0D || ((*x >= 0x20) && (*x <= 0x7e))) { // The XML specification defines the following characters as valid inside an XML document: // Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] ret += *x; } else { // If we reached this point then the string contains characters which can // not be represented in XML, even using a numeric escape. Therefore, we // Base64 encode the entire string and wrap it in a CDATA. ret.clear(); ret += "<![CDATA["; ret += BinToBase64(str); ret += "]]>"; break; } } return ret; }
CmdResult Handle(User* user, const Params& parameters) override { if (!parameters[0].compare(0, 5, "hmac-", 5)) { std::string type(parameters[0], 5); HashProvider* hp = ServerInstance->Modules.FindDataService<HashProvider>("hash/" + type); if (!hp) { user->WriteNotice("Unknown hash type"); return CMD_FAILURE; } if (hp->IsKDF()) { user->WriteNotice(type + " does not support HMAC"); return CMD_FAILURE; } std::string salt = ServerInstance->GenRandomStr(hp->out_size, false); std::string target = hp->hmac(salt, parameters[1]); std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + str); return CMD_SUCCESS; } HashProvider* hp = ServerInstance->Modules.FindDataService<HashProvider>("hash/" + parameters[0]); if (!hp) { user->WriteNotice("Unknown hash type"); return CMD_FAILURE; } std::string hexsum = hp->Generate(parameters[1]); user->WriteNotice(parameters[0] + " hashed password for " + parameters[1] + " is " + hexsum); return CMD_SUCCESS; }
std::string TreeSocket::MakePass(const std::string &password, const std::string &challenge) { /* This is a simple (maybe a bit hacky?) HMAC algorithm, thanks to jilles for * suggesting the use of HMAC to secure the password against various attacks. * * Note: If m_sha256.so is not loaded, we MUST fall back to plaintext with no * HMAC challenge/response. */ HashProvider* sha256 = ServerInstance->Modules->FindDataService<HashProvider>("hash/sha256"); if (Utils->ChallengeResponse && sha256 && !challenge.empty()) return "AUTH:" + BinToBase64(sha256->hmac(password, challenge)); if (!challenge.empty() && !sha256) ServerInstance->Logs->Log("m_spanningtree",DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!"); return password; }
ModResult OnUserRegister(LocalUser* user) { if (user->password.find(":") != std::string::npos) { user->WriteServ("NOTICE * :We are attempting authentication on your behalf. If granted, you will receive a \"You are now logged in\" message."); std::size_t found = user->password.find(':'); std::string saslstart, saslmsg, crs, ce; std::string b64p, passuser, passpass; passuser.append(user->password.substr(0, found)); passpass.append(user->password.substr(found+1)); b64p.append(BinToBase64('\0'+passuser+'\0'+passpass)); ServerInstance->Parser->ProcessBuffer(crs,user); crs.append("CAP REQ :sasl"); ce.append("CAP END"); saslstart.append("AUTHENTICATE PLAIN"); saslmsg.append("AUTHENTICATE "); saslmsg.append(b64p); ServerInstance->Parser->ProcessBuffer(saslstart,user); ServerInstance->Parser->ProcessBuffer(saslmsg,user); usleep(10000); ServerInstance->Parser->ProcessBuffer(ce,user); } return MOD_RES_ALLOW; }
std::string ToString() { if (!IsValid()) return ""; return ConvToStr(this->iterations) + ":" + BinToBase64(this->hash) + ":" + BinToBase64(this->salt); }