diff options
| author | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-04-09 15:18:13 +0000 |
|---|---|---|
| committer | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-04-09 15:18:13 +0000 |
| commit | fdecf7fb707c415a54c3f41fd45fbc41f6ae4f3d (patch) | |
| tree | 7730255f3fddbbc2d2707af7a0a5b9964aab05fb /src/modules/m_spanningtree/treesocket1.cpp | |
| parent | 663a113180ceeab1fe5e86412de3c2afc1e23d4f (diff) | |
Add basic HMAC suggested by jilles to make the auth not suck -- this is probably buggy, and the other side doesnt auth yet. do not use.
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@6769 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_spanningtree/treesocket1.cpp')
| -rw-r--r-- | src/modules/m_spanningtree/treesocket1.cpp | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/src/modules/m_spanningtree/treesocket1.cpp b/src/modules/m_spanningtree/treesocket1.cpp index 8ccd83b3a..f145783bc 100644 --- a/src/modules/m_spanningtree/treesocket1.cpp +++ b/src/modules/m_spanningtree/treesocket1.cpp @@ -22,6 +22,7 @@ #include "wildcard.h" #include "xline.h" #include "transport.h" +#include "m_hash.h" #include "socketengine.h" #include "m_spanningtree/main.h" @@ -32,7 +33,7 @@ #include "m_spanningtree/resolvers.h" #include "m_spanningtree/handshaketimer.h" -/* $ModDep: m_spanningtree/timesynctimer.h m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h */ +/* $ModDep: m_spanningtree/timesynctimer.h m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h m_hash.h */ /** Because most of the I/O gubbins are encapsulated within * InspSocket, we just call the superclass constructor for @@ -121,12 +122,32 @@ void TreeSocket::SetTheirChallenge(const std::string &c) this->theirchallenge = c; } -std::string TreeSocket::MakePass(const std::string &password) +std::string TreeSocket::MakePass(const std::string &password, const std::string &challenge) { - if ((this->GetOurChallenge() != "") && (this->GetTheirChallenge() != "")) + Module* sha256 = Instance->FindModule("m_sha256.so"); + if (sha256 && !challenge.empty()) { - return password + ":" + this->GetTheirChallenge(); + /* sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) ) */ + std::string hmac1, hmac2; + + for (size_t n = 0; n < password.length(); n++) + { + hmac1 += static_cast<char>(password[n] ^ 0x5C); + hmac2 += static_cast<char>(password[n] ^ 0x36); + } + + HashResetRequest(Utils->Creator, sha256).Send(); + hmac2 = HashSumRequest(Utils->Creator, sha256, hmac2).Send(); + + HashResetRequest(Utils->Creator, sha256).Send(); + std::string hmac = hmac1 + hmac2 + challenge; + hmac = HashSumRequest(Utils->Creator, sha256, hmac).Send(); + + return hmac; } + else if (!challenge.empty() && !sha256) + Instance->Log(DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!"); + return password; } |