From 907a37967c2d18475ae32f00113431768cf71229 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sun, 15 Oct 2017 13:38:50 +0100 Subject: Add support for hashed WebIRC passwords to m_cgiirc. --- src/modules/m_cgiirc.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index c00c9bba3..f5584e264 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -41,18 +41,20 @@ class WebIRCHost private: const std::string hostmask; const std::string password; + const std::string passhash; public: - WebIRCHost(const std::string& mask, const std::string& pass) + WebIRCHost(const std::string& mask, const std::string& pass, const std::string& hash) : hostmask(mask) , password(pass) + , passhash(hash) { } bool Matches(LocalUser* user, const std::string& pass) const { // Did the user send a valid password? - if (!InspIRCd::TimingSafeCompare(password, pass)) + if (!ServerInstance->PassCompare(user, password, pass, passhash)) return false; // Does the user's hostname match our hostmask? @@ -294,7 +296,7 @@ public: if (password.empty()) throw ModuleException("When using the password field is required, at " + tag->getTagLocation()); - webirchosts.push_back(WebIRCHost(mask, password)); + webirchosts.push_back(WebIRCHost(mask, password, tag->getString("hash"))); } else { -- cgit v1.2.3