Ensure that verify-only encryption modules can never encrypt passwords.

If another module was loaded first and then later unloaded it was possible for a deprecated module to encrypt passwords.
author: Sadie Powell <sadie@witchery.services> 2024-03-10 20:06:53 +0000
committer: Sadie Powell <sadie@witchery.services> 2024-03-10 20:46:03 +0000
commit: e2df7d4d01f8fdb41c49ce8efc462cab005e7d5c (patch)
tree: dd9d66c45dd69ee01a700dfa62438999beaaada7 /modules/encryption/enc_md5.cpp
parent: 9a984a814810306f2ca2690a0c8c25bcb1e87258 (diff)
1 files changed, 2 insertions, 11 deletions
diff --git a/modules/encryption/enc_md5.cpp b/modules/encryption/enc_md5.cpp
index 1582c5224..023e04656 100644
--- a/modules/encryption/enc_md5.cpp
+++ b/modules/encryption/enc_md5.cpp
@@ -61,18 +61,10 @@ public:
 		});
 	}
 
-	EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) override
-	{
-		auto enc = "md5:" + Anope::Hex(md5provider.Encrypt(src));
-		Log(LOG_DEBUG_2) << "(enc_md5) hashed password from [" << src << "] to [" << enc << "]";
-		dest = enc;
-		return EVENT_ALLOW;
-	}
-
 	void OnCheckAuthentication(User *, IdentifyRequest *req) override
 	{
 		const auto *na = NickAlias::Find(req->GetAccount());
-		if (na == NULL)
+		if (!na)
 			return;
 
 		NickCore *nc = na->nc;
@@ -84,8 +76,7 @@ public:
 		if (!hash_method.equals_cs("md5"))
 			return;
 
-		Anope::string enc;
-		this->OnEncrypt(req->GetPassword(), enc);
+		auto enc = "md5:" + Anope::Hex(md5provider.Encrypt(req->GetPassword()));
 		if (nc->pass.equals_cs(enc))
 		{
 			// If we are NOT the first encryption module we want to re-encrypt
author	Sadie Powell <sadie@witchery.services>	2024-03-10 20:06:53 +0000
committer	Sadie Powell <sadie@witchery.services>	2024-03-10 20:46:03 +0000
commit	e2df7d4d01f8fdb41c49ce8efc462cab005e7d5c (patch)
tree	dd9d66c45dd69ee01a700dfa62438999beaaada7 /modules/encryption/enc_md5.cpp
parent	9a984a814810306f2ca2690a0c8c25bcb1e87258 (diff)