/* mo_mkpasswd - mkpasswd message handler
* parv[1] = password
* parv[2] = type
*/
static int
mo_mkpasswd(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
char *salt;
const char *hashtype;
const char hashdefault[] = "SHA512";
if(EmptyString(parv[1])) {
sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "MKPASSWD");
return 0;
}
if(parc < 3)
hashtype = hashdefault;
else
hashtype = parv[2];
if(!irccmp(hashtype, "SHA256"))
salt = make_sha256_salt(16);
else if(!irccmp(hashtype, "SHA512"))
salt = make_sha512_salt(16);
else if(!irccmp(hashtype, "MD5"))
salt = make_md5_salt(8);
else {
sendto_one_notice(source_p,
":MKPASSWD syntax error: MKPASSWD pass [SHA256|SHA512|MD5]");
return 0;
}
sendto_one_notice(source_p, ":Hash [%s] for %s: %s", hashtype, parv[1], rb_crypt(parv[1], salt));
return 0;
}
/*
* match_oper_password
*
* inputs - pointer to given password
* - pointer to Conf
* output - YES or NO if match
* side effects - none
*/
static int
match_oper_password(const char *password, struct oper_conf *oper_p)
{
const char *encr;
/* passwd may be NULL pointer. Head it off at the pass... */
if(EmptyString(oper_p->passwd))
return NO;
if(IsOperConfEncrypted(oper_p)) {
/* use first two chars of the password they send in as salt */
/* If the password in the conf is MD5, and ircd is linked
* to scrypt on FreeBSD, or the standard crypt library on
* glibc Linux, then this code will work fine on generating
* the proper encrypted hash for comparison.
*/
if(!EmptyString(password))
encr = rb_crypt(password, oper_p->passwd);
else
encr = "";
} else
encr = password;
if(strcmp(encr, oper_p->passwd) == 0)
return YES;
else
return NO;
}
/* m_mkpasswd - mkpasswd message handler
* parv[1] = password
* parv[2] = type
*/
static int
m_mkpasswd(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
static time_t last_used = 0;
char *salt;
const char *hashtype;
const char hashdefault[] = "SHA512";
if (EmptyString(parv[1])) {
sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "MKPASSWD");
return 0;
}
if (parc < 3)
hashtype = hashdefault;
else
hashtype = parv[2];
if ((last_used + ConfigFileEntry.pace_wait) > rb_current_time()) {
/* safe enough to give this on a local connect only */
sendto_one(source_p, form_str(RPL_LOAD2HI), me.name, source_p->name, "MKPASSWD");
return 0;
} else
last_used = rb_current_time();
if (!irccmp(hashtype, "SHA256"))
salt = make_sha256_salt(16);
else if (!irccmp(hashtype, "SHA512"))
salt = make_sha512_salt(16);
else if (!irccmp(hashtype, "MD5"))
salt = make_md5_salt(8);
else {
sendto_one_notice(source_p,
":MKPASSWD syntax error: MKPASSWD pass [SHA256|SHA512|MD5]");
return 0;
}
sendto_one_notice(source_p, ":Hash [%s] for %s: %s", hashtype, parv[1], rb_crypt(parv[1], salt));
return 0;
}
int
main(int argc, char *argv[])
{
char *plaintext = NULL;
int c;
char *saltpara = NULL;
char *salt;
int flag = 0;
int length = 0; /* Not Set */
int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs
** 4 by default, a side effect of this being the encryption
** type parameter must be specified before the rounds
** parameter.
*/
while((c = getopt(argc, argv, "xymdber:h?l:s:p:")) != -1)
{
switch (c)
{
case 'm':
flag |= FLAG_MD5;
break;
case 'd':
flag |= FLAG_DES;
break;
case 'b':
flag |= FLAG_BLOWFISH;
rounds = 4;
break;
case 'e':
flag |= FLAG_EXT;
rounds = 25;
break;
case 'l':
flag |= FLAG_LENGTH;
length = atoi(optarg);
break;
case 'r':
flag |= FLAG_ROUNDS;
rounds = atoi(optarg);
break;
case 's':
flag |= FLAG_SALT;
saltpara = optarg;
break;
case 'p':
flag |= FLAG_PASS;
plaintext = optarg;
break;
case 'x':
flag |= FLAG_SHA256;
break;
case 'y':
flag |= FLAG_SHA512;
break;
case 'h':
full_usage();
/* NOT REACHED */
break;
case '?':
brief_usage();
/* NOT REACHED */
break;
default:
printf("Invalid Option: -%c\n", c);
break;
}
}
if(flag & FLAG_MD5)
{
if(length == 0)
length = 8;
if(flag & FLAG_SALT)
salt = make_md5_salt_para(saltpara);
else
salt = make_md5_salt(length);
}
else if(flag & FLAG_BLOWFISH)
{
if(length == 0)
length = 22;
if(flag & FLAG_SALT)
salt = make_bf_salt_para(rounds, saltpara);
else
salt = make_bf_salt(rounds, length);
}
else if(flag & FLAG_SHA256)
{
if(length == 0)
length = 16;
if(flag & FLAG_SALT)
salt = make_sha256_salt_para(saltpara);
else
salt = make_sha256_salt(length);
}
else if(flag & FLAG_SHA512)
{
if(length == 0)
length = 16;
if(flag & FLAG_SALT)
salt = make_sha512_salt_para(saltpara);
else
salt = make_sha512_salt(length);
}
else if(flag & FLAG_EXT)
{
/* XXX - rounds needs to be done */
if(flag & FLAG_SALT)
{
if((strlen(saltpara) == 4))
{
salt = make_ext_salt_para(rounds, saltpara);
}
else
{
printf("Invalid salt, please enter 4 alphanumeric characters\n");
exit(1);
}
}
else
{
salt = make_ext_salt(rounds);
}
}
else
{
if(flag & FLAG_SALT)
{
if((strlen(saltpara) == 2))
{
salt = saltpara;
}
else
{
printf("Invalid salt, please enter 2 alphanumeric characters\n");
exit(1);
}
}
else
{
salt = make_des_salt();
}
}
if(flag & FLAG_PASS)
{
if(!plaintext)
printf("Please enter a valid password\n");
}
else
{
plaintext = getpass("plaintext: ");
}
printf("%s\n", rb_crypt(plaintext, salt));
return 0;
}
/*
* mr_webirc - webirc message handler
* parv[1] = password
* parv[2] = fake username (we ignore this)
* parv[3] = fake hostname
* parv[4] = fake ip
*/
static int
mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct ConfItem *aconf;
const char *encr;
if (!strchr(parv[4], '.') && !strchr(parv[4], ':'))
{
sendto_one(source_p, "NOTICE * :Invalid IP");
return 0;
}
aconf = find_address_conf(client_p->host, client_p->sockhost,
IsGotId(client_p) ? client_p->username : "******",
IsGotId(client_p) ? client_p->username : "******",
(struct sockaddr *) &client_p->localClient->ip,
client_p->localClient->ip.ss_family, NULL);
if (aconf == NULL || !(aconf->status & CONF_CLIENT))
return 0;
if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc."))
{
/* XXX */
sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block");
return 0;
}
if (EmptyString(aconf->passwd))
{
sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password");
return 0;
}
if (EmptyString(parv[1]))
encr = "";
else if (IsConfEncrypted(aconf))
encr = rb_crypt(parv[1], aconf->passwd);
else
encr = parv[1];
if (strcmp(encr, aconf->passwd))
{
sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect");
return 0;
}
rb_strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));
if(strlen(parv[3]) <= HOSTLEN)
rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host));
else
rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
rb_inet_pton_sock(parv[4], (struct sockaddr *)&source_p->localClient->ip);
/* Check dlines now, klines will be checked on registration */
if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip,
source_p->localClient->ip.ss_family)))
{
if(!(aconf->status & CONF_EXEMPTDLINE))
{
exit_client(client_p, source_p, &me, "D-lined");
return 0;
}
}
sendto_one(source_p, "NOTICE * :Congratulations, your host is reset via I:line: %s %s", parv[3], parv[4]);
return 0;
}
/*
* mr_webirc - webirc message handler
* parv[1] = password
* parv[2] = fake username (we ignore this)
* parv[3] = fake hostname
* parv[4] = fake ip
*/
static void
mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct ConfItem *aconf;
const char *encr;
struct rb_sockaddr_storage addr;
aconf = find_address_conf(client_p->host, client_p->sockhost,
IsGotId(client_p) ? client_p->username : "******",
IsGotId(client_p) ? client_p->username : "******",
(struct sockaddr *) &client_p->localClient->ip,
GET_SS_FAMILY(&client_p->localClient->ip), NULL);
if (aconf == NULL || !(aconf->status & CONF_CLIENT))
return;
if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc."))
{
/* XXX */
sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block");
return;
}
if (EmptyString(aconf->passwd))
{
sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password");
return;
}
if (EmptyString(parv[1]))
encr = "";
else if (IsConfEncrypted(aconf))
encr = rb_crypt(parv[1], aconf->passwd);
else
encr = parv[1];
if (encr == NULL || strcmp(encr, aconf->passwd))
{
sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect");
return;
}
if (rb_inet_pton_sock(parv[4], (struct sockaddr *)&addr) <= 0)
{
sendto_one(source_p, "NOTICE * :Invalid IP");
return;
}
source_p->localClient->ip = addr;
rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost));
if(strlen(parv[3]) <= HOSTLEN)
rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host));
else
rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
/* Check dlines now, klines will be checked on registration */
if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip,
GET_SS_FAMILY(&source_p->localClient->ip))))
{
if(!(aconf->status & CONF_EXEMPTDLINE))
{
exit_client(client_p, source_p, &me, "D-lined");
return;
}
}
sendto_one(source_p, "NOTICE * :CGI:IRC host/IP set to %s %s", parv[3], parv[4]);
}
