diff options
| author | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-04-09 15:18:13 +0000 |
|---|---|---|
| committer | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-04-09 15:18:13 +0000 |
| commit | fdecf7fb707c415a54c3f41fd45fbc41f6ae4f3d (patch) | |
| tree | 7730255f3fddbbc2d2707af7a0a5b9964aab05fb | |
| parent | 663a113180ceeab1fe5e86412de3c2afc1e23d4f (diff) | |
Add basic HMAC suggested by jilles to make the auth not suck -- this is probably buggy, and the other side doesnt auth yet. do not use.
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@6769 e03df62e-2008-0410-955e-edbf42e46eb7
| -rw-r--r-- | src/modules/m_spanningtree/handshaketimer.cpp | 4 | ||||
| -rw-r--r-- | src/modules/m_spanningtree/treesocket.h | 2 | ||||
| -rw-r--r-- | src/modules/m_spanningtree/treesocket1.cpp | 29 | ||||
| -rw-r--r-- | src/modules/m_spanningtree/treesocket2.cpp | 2 |
4 files changed, 29 insertions, 8 deletions
diff --git a/src/modules/m_spanningtree/handshaketimer.cpp b/src/modules/m_spanningtree/handshaketimer.cpp index e57141a7c..a82ea7ea0 100644 --- a/src/modules/m_spanningtree/handshaketimer.cpp +++ b/src/modules/m_spanningtree/handshaketimer.cpp @@ -45,7 +45,7 @@ void HandshakeTimer::Tick(time_t TIME) { sock->SendCapabilities(); if (sock->GetLinkState() == CONNECTING) - sock->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+sock->MakePass(lnk->SendPass)+" 0 :"+this->Instance->Config->ServerDesc); + sock->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+sock->MakePass(lnk->SendPass, sock->GetTheirChallenge())+" 0 :"+this->Instance->Config->ServerDesc); } else { @@ -54,7 +54,7 @@ void HandshakeTimer::Tick(time_t TIME) InspSocketAttachCertRequest(sock, (Module*)Utils->Creator, sock->GetHook()).Send(); sock->SendCapabilities(); if (sock->GetLinkState() == CONNECTING) - sock->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+sock->MakePass(lnk->SendPass)+" 0 :"+this->Instance->Config->ServerDesc); + sock->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+sock->MakePass(lnk->SendPass, sock->GetTheirChallenge())+" 0 :"+this->Instance->Config->ServerDesc); } else { diff --git a/src/modules/m_spanningtree/treesocket.h b/src/modules/m_spanningtree/treesocket.h index 82a066be6..5af0b0eb9 100644 --- a/src/modules/m_spanningtree/treesocket.h +++ b/src/modules/m_spanningtree/treesocket.h @@ -152,7 +152,7 @@ class TreeSocket : public InspSocket /** Construct a password, optionally hashed with the other side's * challenge string */ - std::string MakePass(const std::string &password); + std::string MakePass(const std::string &password, const std::string &challenge); /** When an outbound connection finishes connecting, we receive * this event, and must send our SERVER string to the other diff --git a/src/modules/m_spanningtree/treesocket1.cpp b/src/modules/m_spanningtree/treesocket1.cpp index 8ccd83b3a..f145783bc 100644 --- a/src/modules/m_spanningtree/treesocket1.cpp +++ b/src/modules/m_spanningtree/treesocket1.cpp @@ -22,6 +22,7 @@ #include "wildcard.h" #include "xline.h" #include "transport.h" +#include "m_hash.h" #include "socketengine.h" #include "m_spanningtree/main.h" @@ -32,7 +33,7 @@ #include "m_spanningtree/resolvers.h" #include "m_spanningtree/handshaketimer.h" -/* $ModDep: m_spanningtree/timesynctimer.h m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h */ +/* $ModDep: m_spanningtree/timesynctimer.h m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h m_hash.h */ /** Because most of the I/O gubbins are encapsulated within * InspSocket, we just call the superclass constructor for @@ -121,12 +122,32 @@ void TreeSocket::SetTheirChallenge(const std::string &c) this->theirchallenge = c; } -std::string TreeSocket::MakePass(const std::string &password) +std::string TreeSocket::MakePass(const std::string &password, const std::string &challenge) { - if ((this->GetOurChallenge() != "") && (this->GetTheirChallenge() != "")) + Module* sha256 = Instance->FindModule("m_sha256.so"); + if (sha256 && !challenge.empty()) { - return password + ":" + this->GetTheirChallenge(); + /* sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) ) */ + std::string hmac1, hmac2; + + for (size_t n = 0; n < password.length(); n++) + { + hmac1 += static_cast<char>(password[n] ^ 0x5C); + hmac2 += static_cast<char>(password[n] ^ 0x36); + } + + HashResetRequest(Utils->Creator, sha256).Send(); + hmac2 = HashSumRequest(Utils->Creator, sha256, hmac2).Send(); + + HashResetRequest(Utils->Creator, sha256).Send(); + std::string hmac = hmac1 + hmac2 + challenge; + hmac = HashSumRequest(Utils->Creator, sha256, hmac).Send(); + + return hmac; } + else if (!challenge.empty() && !sha256) + Instance->Log(DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!"); + return password; } diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp index 1e915cddc..0971a87c5 100644 --- a/src/modules/m_spanningtree/treesocket2.cpp +++ b/src/modules/m_spanningtree/treesocket2.cpp @@ -902,7 +902,7 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> ¶ms) this->InboundDescription = description; // this is good. Send our details: Our server name and description and hopcount of 0, // along with the sendpass from this block. - this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+this->MakePass(x->SendPass)+" 0 :"+this->Instance->Config->ServerDesc); + this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+this->MakePass(x->SendPass, this->GetTheirChallenge())+" 0 :"+this->Instance->Config->ServerDesc); // move to the next state, we are now waiting for THEM. this->LinkState = WAIT_AUTH_2; return true; |