diff options
| author | Sadie Powell <sadie@witchery.services> | 2024-03-18 22:07:31 +0000 |
|---|---|---|
| committer | Sadie Powell <sadie@witchery.services> | 2024-03-18 22:17:14 +0000 |
| commit | 5a72d8783ec5ac12d0a0c33e0b4f7e928a51157b (patch) | |
| tree | d2428715124f6a077f635143e9ee56b16e57323b /modules | |
| parent | e6770bc2fd090ea60751a66492912b953e2979f8 (diff) | |
Add verify-only support for POSIX crypt() hashes from Atheme.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/database/db_atheme.cpp | 9 | ||||
| -rw-r--r-- | modules/extra/enc_posix.cpp | 51 |
2 files changed, 57 insertions, 3 deletions
diff --git a/modules/database/db_atheme.cpp b/modules/database/db_atheme.cpp index c0a628bfd..ca53e955b 100644 --- a/modules/database/db_atheme.cpp +++ b/modules/database/db_atheme.cpp @@ -411,9 +411,9 @@ private: // base64 Converted to the first encryption algorithm // bcrypt Converted to enc_bcrypt // crypt3-des NO - // crypt3-md5 NO - // crypt3-sha2-256 NO - // crypt3-sha2-512 NO + // crypt3-md5 Converted to enc_posix + // crypt3-sha2-256 Converted to enc_posix + // crypt3-sha2-512 Converted to enc_posix // ircservices Converted to enc_old // pbkdf2 NO // pbkdf2v2 NO @@ -462,6 +462,9 @@ private: else if (pass.compare(0, 11, "$rawsha512$", 11) == 0) nc->pass = "raw-sha512:" + pass.substr(11); + else if (pass.compare(0, 3, "$1$", 3) == 0 || pass.compare(0, 3, "$5", 3) == 0 || pass.compare(0, 3, "$6", 3) == 0) + nc->pass = "posix:" + pass; + else if (pass.compare(0, 4, "$2a$", 4) == 0 || pass.compare(0, 4, "$2b$", 4) == 0) nc->pass = "bcrypt:" + pass; diff --git a/modules/extra/enc_posix.cpp b/modules/extra/enc_posix.cpp new file mode 100644 index 000000000..a33f272fc --- /dev/null +++ b/modules/extra/enc_posix.cpp @@ -0,0 +1,51 @@ +/* Module for providing POSIX crypt() hashing + * + * (C) 2003-2024 Anope Team + * Contact us at team@anope.org + * + * This program is free but copyrighted software; see the file COPYING for + * details. + * + */ + +/* RequiredLibraries: crypt */ + +#include "module.h" + +class EPOSIX final + : public Module +{ +public: + EPOSIX(const Anope::string &modname, const Anope::string &creator) + : Module(modname, creator, ENCRYPTION | VENDOR) + { + } + + void OnCheckAuthentication(User *, IdentifyRequest *req) override + { + const auto *na = NickAlias::Find(req->GetAccount()); + if (!na) + return; + + NickCore *nc = na->nc; + auto pos = nc->pass.find(':'); + if (pos == Anope::string::npos) + return; + + Anope::string hash_method(nc->pass.begin(), nc->pass.begin() + pos); + if (!hash_method.equals_cs("posix")) + return; + + Anope::string pass_hash(nc->pass.begin() + pos + 1, nc->pass.end()); + if (pass_hash.equals_cs(crypt(req->GetPassword().c_str(), pass_hash.c_str()))) + { + // If we are NOT the first encryption module we want to re-encrypt + // the password with the primary encryption method. + if (ModuleManager::FindFirstOf(ENCRYPTION) != this) + Anope::Encrypt(req->GetPassword(), nc->pass); + req->Success(this); + } + } +}; + +MODULE_INIT(EPOSIX) |