/* mo_mkpasswd - mkpasswd message handler * parv[1] = password * parv[2] = type */ static int mo_mkpasswd(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { char *salt; const char *hashtype; const char hashdefault[] = "SHA512"; if(EmptyString(parv[1])) { sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "MKPASSWD"); return 0; } if(parc < 3) hashtype = hashdefault; else hashtype = parv[2]; if(!irccmp(hashtype, "SHA256")) salt = make_sha256_salt(16); else if(!irccmp(hashtype, "SHA512")) salt = make_sha512_salt(16); else if(!irccmp(hashtype, "MD5")) salt = make_md5_salt(8); else { sendto_one_notice(source_p, ":MKPASSWD syntax error: MKPASSWD pass [SHA256|SHA512|MD5]"); return 0; } sendto_one_notice(source_p, ":Hash [%s] for %s: %s", hashtype, parv[1], rb_crypt(parv[1], salt)); return 0; }
/* * match_oper_password * * inputs - pointer to given password * - pointer to Conf * output - YES or NO if match * side effects - none */ static int match_oper_password(const char *password, struct oper_conf *oper_p) { const char *encr; /* passwd may be NULL pointer. Head it off at the pass... */ if(EmptyString(oper_p->passwd)) return NO; if(IsOperConfEncrypted(oper_p)) { /* use first two chars of the password they send in as salt */ /* If the password in the conf is MD5, and ircd is linked * to scrypt on FreeBSD, or the standard crypt library on * glibc Linux, then this code will work fine on generating * the proper encrypted hash for comparison. */ if(!EmptyString(password)) encr = rb_crypt(password, oper_p->passwd); else encr = ""; } else encr = password; if(strcmp(encr, oper_p->passwd) == 0) return YES; else return NO; }
/* m_mkpasswd - mkpasswd message handler * parv[1] = password * parv[2] = type */ static int m_mkpasswd(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { static time_t last_used = 0; char *salt; const char *hashtype; const char hashdefault[] = "SHA512"; if (EmptyString(parv[1])) { sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "MKPASSWD"); return 0; } if (parc < 3) hashtype = hashdefault; else hashtype = parv[2]; if ((last_used + ConfigFileEntry.pace_wait) > rb_current_time()) { /* safe enough to give this on a local connect only */ sendto_one(source_p, form_str(RPL_LOAD2HI), me.name, source_p->name, "MKPASSWD"); return 0; } else last_used = rb_current_time(); if (!irccmp(hashtype, "SHA256")) salt = make_sha256_salt(16); else if (!irccmp(hashtype, "SHA512")) salt = make_sha512_salt(16); else if (!irccmp(hashtype, "MD5")) salt = make_md5_salt(8); else { sendto_one_notice(source_p, ":MKPASSWD syntax error: MKPASSWD pass [SHA256|SHA512|MD5]"); return 0; } sendto_one_notice(source_p, ":Hash [%s] for %s: %s", hashtype, parv[1], rb_crypt(parv[1], salt)); return 0; }
int main(int argc, char *argv[]) { char *plaintext = NULL; int c; char *saltpara = NULL; char *salt; int flag = 0; int length = 0; /* Not Set */ int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs ** 4 by default, a side effect of this being the encryption ** type parameter must be specified before the rounds ** parameter. */ while((c = getopt(argc, argv, "xymdber:h?l:s:p:")) != -1) { switch (c) { case 'm': flag |= FLAG_MD5; break; case 'd': flag |= FLAG_DES; break; case 'b': flag |= FLAG_BLOWFISH; rounds = 4; break; case 'e': flag |= FLAG_EXT; rounds = 25; break; case 'l': flag |= FLAG_LENGTH; length = atoi(optarg); break; case 'r': flag |= FLAG_ROUNDS; rounds = atoi(optarg); break; case 's': flag |= FLAG_SALT; saltpara = optarg; break; case 'p': flag |= FLAG_PASS; plaintext = optarg; break; case 'x': flag |= FLAG_SHA256; break; case 'y': flag |= FLAG_SHA512; break; case 'h': full_usage(); /* NOT REACHED */ break; case '?': brief_usage(); /* NOT REACHED */ break; default: printf("Invalid Option: -%c\n", c); break; } } if(flag & FLAG_MD5) { if(length == 0) length = 8; if(flag & FLAG_SALT) salt = make_md5_salt_para(saltpara); else salt = make_md5_salt(length); } else if(flag & FLAG_BLOWFISH) { if(length == 0) length = 22; if(flag & FLAG_SALT) salt = make_bf_salt_para(rounds, saltpara); else salt = make_bf_salt(rounds, length); } else if(flag & FLAG_SHA256) { if(length == 0) length = 16; if(flag & FLAG_SALT) salt = make_sha256_salt_para(saltpara); else salt = make_sha256_salt(length); } else if(flag & FLAG_SHA512) { if(length == 0) length = 16; if(flag & FLAG_SALT) salt = make_sha512_salt_para(saltpara); else salt = make_sha512_salt(length); } else if(flag & FLAG_EXT) { /* XXX - rounds needs to be done */ if(flag & FLAG_SALT) { if((strlen(saltpara) == 4)) { salt = make_ext_salt_para(rounds, saltpara); } else { printf("Invalid salt, please enter 4 alphanumeric characters\n"); exit(1); } } else { salt = make_ext_salt(rounds); } } else { if(flag & FLAG_SALT) { if((strlen(saltpara) == 2)) { salt = saltpara; } else { printf("Invalid salt, please enter 2 alphanumeric characters\n"); exit(1); } } else { salt = make_des_salt(); } } if(flag & FLAG_PASS) { if(!plaintext) printf("Please enter a valid password\n"); } else { plaintext = getpass("plaintext: "); } printf("%s\n", rb_crypt(plaintext, salt)); return 0; }
/* * mr_webirc - webirc message handler * parv[1] = password * parv[2] = fake username (we ignore this) * parv[3] = fake hostname * parv[4] = fake ip */ static int mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { struct ConfItem *aconf; const char *encr; if (!strchr(parv[4], '.') && !strchr(parv[4], ':')) { sendto_one(source_p, "NOTICE * :Invalid IP"); return 0; } aconf = find_address_conf(client_p->host, client_p->sockhost, IsGotId(client_p) ? client_p->username : "******", IsGotId(client_p) ? client_p->username : "******", (struct sockaddr *) &client_p->localClient->ip, client_p->localClient->ip.ss_family, NULL); if (aconf == NULL || !(aconf->status & CONF_CLIENT)) return 0; if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc.")) { /* XXX */ sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block"); return 0; } if (EmptyString(aconf->passwd)) { sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password"); return 0; } if (EmptyString(parv[1])) encr = ""; else if (IsConfEncrypted(aconf)) encr = rb_crypt(parv[1], aconf->passwd); else encr = parv[1]; if (strcmp(encr, aconf->passwd)) { sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect"); return 0; } rb_strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost)); if(strlen(parv[3]) <= HOSTLEN) rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host)); else rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host)); rb_inet_pton_sock(parv[4], (struct sockaddr *)&source_p->localClient->ip); /* Check dlines now, klines will be checked on registration */ if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip, source_p->localClient->ip.ss_family))) { if(!(aconf->status & CONF_EXEMPTDLINE)) { exit_client(client_p, source_p, &me, "D-lined"); return 0; } } sendto_one(source_p, "NOTICE * :Congratulations, your host is reset via I:line: %s %s", parv[3], parv[4]); return 0; }
/* * mr_webirc - webirc message handler * parv[1] = password * parv[2] = fake username (we ignore this) * parv[3] = fake hostname * parv[4] = fake ip */ static void mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { struct ConfItem *aconf; const char *encr; struct rb_sockaddr_storage addr; aconf = find_address_conf(client_p->host, client_p->sockhost, IsGotId(client_p) ? client_p->username : "******", IsGotId(client_p) ? client_p->username : "******", (struct sockaddr *) &client_p->localClient->ip, GET_SS_FAMILY(&client_p->localClient->ip), NULL); if (aconf == NULL || !(aconf->status & CONF_CLIENT)) return; if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc.")) { /* XXX */ sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block"); return; } if (EmptyString(aconf->passwd)) { sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password"); return; } if (EmptyString(parv[1])) encr = ""; else if (IsConfEncrypted(aconf)) encr = rb_crypt(parv[1], aconf->passwd); else encr = parv[1]; if (encr == NULL || strcmp(encr, aconf->passwd)) { sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect"); return; } if (rb_inet_pton_sock(parv[4], (struct sockaddr *)&addr) <= 0) { sendto_one(source_p, "NOTICE * :Invalid IP"); return; } source_p->localClient->ip = addr; rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost)); if(strlen(parv[3]) <= HOSTLEN) rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host)); else rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host)); /* Check dlines now, klines will be checked on registration */ if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip, GET_SS_FAMILY(&source_p->localClient->ip)))) { if(!(aconf->status & CONF_EXEMPTDLINE)) { exit_client(client_p, source_p, &me, "D-lined"); return; } } sendto_one(source_p, "NOTICE * :CGI:IRC host/IP set to %s %s", parv[3], parv[4]); }