diff options
| author | Sadie Powell <sadie@witchery.services> | 2024-03-10 20:06:53 +0000 |
|---|---|---|
| committer | Sadie Powell <sadie@witchery.services> | 2024-03-10 20:46:03 +0000 |
| commit | e2df7d4d01f8fdb41c49ce8efc462cab005e7d5c (patch) | |
| tree | dd9d66c45dd69ee01a700dfa62438999beaaada7 /modules/encryption/enc_none.cpp | |
| parent | 9a984a814810306f2ca2690a0c8c25bcb1e87258 (diff) | |
Ensure that verify-only encryption modules can never encrypt passwords.
If another module was loaded first and then later unloaded it was
possible for a deprecated module to encrypt passwords.
Diffstat (limited to 'modules/encryption/enc_none.cpp')
| -rw-r--r-- | modules/encryption/enc_none.cpp | 35 |
1 files changed, 13 insertions, 22 deletions
diff --git a/modules/encryption/enc_none.cpp b/modules/encryption/enc_none.cpp index a47dedb85..253ffd94c 100644 --- a/modules/encryption/enc_none.cpp +++ b/modules/encryption/enc_none.cpp @@ -13,44 +13,35 @@ class ENone final : public Module { public: - ENone(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, ENCRYPTION | VENDOR) + ENone(const Anope::string &modname, const Anope::string &creator) + : Module(modname, creator, ENCRYPTION | VENDOR) { if (ModuleManager::FindFirstOf(ENCRYPTION) == this) throw ModuleException("enc_none is deprecated and can not be used as a primary encryption method"); } - EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) override - { - Anope::string buf = "plain:"; - Anope::string cpass; - Anope::B64Encode(src, cpass); - buf += cpass; - Log(LOG_DEBUG_2) << "(enc_none) hashed password from [" << src << "] to [" << buf << "]"; - dest = buf; - return EVENT_ALLOW; - } - void OnCheckAuthentication(User *, IdentifyRequest *req) override { - const NickAlias *na = NickAlias::Find(req->GetAccount()); - if (na == NULL) + const auto *na = NickAlias::Find(req->GetAccount()); + if (!na) return; - NickCore *nc = na->nc; - size_t pos = nc->pass.find(':'); + NickCore *nc = na->nc; + auto pos = nc->pass.find(':'); if (pos == Anope::string::npos) return; + Anope::string hash_method(nc->pass.begin(), nc->pass.begin() + pos); if (!hash_method.equals_cs("plain")) return; - Anope::string buf; - this->OnEncrypt(req->GetPassword(), buf); - if (nc->pass.equals_cs(buf)) + Anope::string b64pass; + Anope::B64Encode(req->GetPassword(), b64pass); + auto enc = "plain:" + b64pass; + if (nc->pass.equals_cs(enc)) { - /* if we are NOT the first module in the list, - * we want to re-encrypt the pass with the new encryption - */ + // If we are NOT the first encryption module we want to re-encrypt + // the password with the primary encryption method. if (ModuleManager::FindFirstOf(ENCRYPTION) != this) Anope::Encrypt(req->GetPassword(), nc->pass); req->Success(this); |