Add support for hashing operator passwords in the config.

Closes #327.
author: Sadie Powell <sadie@witchery.services> 2025-04-24 12:46:58 +0100
committer: Sadie Powell <sadie@witchery.services> 2025-04-24 12:46:58 +0100
commit: fad0a4a0e888b8025b0ae4e456085e28415b0453 (patch)
tree: 98bf9f117eaed9c0cad6af2dd049cf55c2ef0dd7 /modules
parent: 1630ccedb11842dbe56d8ce2b9e9f54a53b01b8c (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/modules/operserv/os_login.cpp b/modules/operserv/os_login.cpp
index f453bd8f0..21c5897f6 100644
--- a/modules/operserv/os_login.cpp
+++ b/modules/operserv/os_login.cpp
@@ -10,10 +10,25 @@
  */
 
 #include "module.h"
+#include "modules/encryption.h"
 
 class CommandOSLogin final
 	: public Command
 {
+private:
+	bool ComparePassword(const Oper *o, const Anope::string &password)
+	{
+		if (o->password_hash.empty())
+			return o->password.equals_cs(password); // Plaintext password.
+
+		auto *service = Service::FindService("Encryption::Provider", o->password_hash);
+		if (!service)
+			return false; // Malformed hash.
+
+		auto *hashprov = static_cast<Encryption::Provider *>(service);
+		return hashprov->Compare(o->password, password);
+	}
+
 public:
 	CommandOSLogin(Module *creator) : Command(creator, "operserv/login", 0, 1)
 	{
@@ -31,7 +46,7 @@ public:
 			source.Reply(_("Your oper block doesn't require logging in."));
 		else if (u->HasExt("os_login"))
 			source.Reply(_("You are already identified."));
-		else if (params.empty() || o->password != params[0])
+		else if (params.empty() || !ComparePassword(o, params[0]))
 		{
 			source.Reply(PASSWORD_INCORRECT);
 			u->BadPassword();
author	Sadie Powell <sadie@witchery.services>	2025-04-24 12:46:58 +0100
committer	Sadie Powell <sadie@witchery.services>	2025-04-24 12:46:58 +0100
commit	fad0a4a0e888b8025b0ae4e456085e28415b0453 (patch)
tree	98bf9f117eaed9c0cad6af2dd049cf55c2ef0dd7 /modules
parent	1630ccedb11842dbe56d8ce2b9e9f54a53b01b8c (diff)