diff options
| -rw-r--r-- | data/example.conf | 7 | ||||
| -rw-r--r-- | include/extern.h | 5 | ||||
| -rw-r--r-- | include/modules.h | 3 | ||||
| -rw-r--r-- | src/config.c | 9 | ||||
| -rw-r--r-- | src/core/enc_md5.c | 11 | ||||
| -rw-r--r-- | src/core/enc_none.c | 12 | ||||
| -rw-r--r-- | src/core/enc_old.c | 11 | ||||
| -rw-r--r-- | src/core/enc_sha1.c | 11 | ||||
| -rw-r--r-- | src/encrypt.c | 2 | ||||
| -rw-r--r-- | src/init.c | 6 | ||||
| -rw-r--r-- | src/messages.c | 2 | ||||
| -rw-r--r-- | src/modulemanager.cpp | 6 | ||||
| -rw-r--r-- | src/modules.c | 13 | ||||
| -rw-r--r-- | src/protocol/inspircd11.c | 2 | ||||
| -rw-r--r-- | src/protocol/inspircd12.cpp | 2 |
15 files changed, 60 insertions, 42 deletions
diff --git a/data/example.conf b/data/example.conf index 980740932..8e21845ba 100644 --- a/data/example.conf +++ b/data/example.conf @@ -255,8 +255,13 @@ options * - enc_old (old, broken MD5 encryption) * - enc_md5 (working MD5 encryption) * - enc_sha1 (SHA1 encryption) + * + * The first module in this list is the active encryption module. All new passwords are + * encrypted by this module. Old passwords stored in another encryption method are + * automatically re-encrypted by the active encryption module on next identify. + * Changing the order of the modules requires the services to restart. */ - encryption = "enc_none" + encryption = "enc_none enc_sha1 enc_md5 enc_old" /* * These keys are used to initiate the random number generator. These numbers diff --git a/include/extern.h b/include/extern.h index eda18ebc0..c73a27de0 100644 --- a/include/extern.h +++ b/include/extern.h @@ -405,13 +405,14 @@ E long unsigned int UserKey3; E int convert_ircservices_44(); /**** encrypt.c ****/ -E char *EncModule; +E char **EncModuleList; +E int EncModulesNumber; E void initEncryption(); E int enc_encrypt(const char *src, int len, char *dest, int size); E int enc_encrypt_in_place(char *buf, int size); E int enc_encrypt_check_len(int passlen, int bufsize); E int enc_decrypt(const char *src, char *dest, int size); -E int enc_check_password(const char *plaintext, const char *password); +E int enc_check_password(const char *plaintext, char *password); E void encmodule_encrypt(int (*func)(const char *src, int len, char *dest, int size)); E void encmodule_encrypt_in_place(int (*func)(char *buf, int size)); E void encmodule_encrypt_check_len(int (*func)(int passlen, int bufsize)); diff --git a/include/modules.h b/include/modules.h index 4cdbdaacc..021276dce 100644 --- a/include/modules.h +++ b/include/modules.h @@ -607,7 +607,7 @@ class CoreExport Module virtual EventReturn OnEncryptInPlace(char *buf, int size) { return EVENT_CONTINUE; } virtual EventReturn OnEncryptCheckLen(int passlen, int bufsize) { return EVENT_CONTINUE; } virtual EventReturn OnDecrypt(const char *src, char *dest, int size) { return EVENT_CONTINUE; } - virtual EventReturn OnCheckPassword(const char *plaintext, const char *password) { return EVENT_CONTINUE; } + virtual EventReturn OnCheckPassword(const char *plaintext, char *password) { return EVENT_CONTINUE; } /** Called on fantasy command * @param command The command @@ -1151,7 +1151,6 @@ struct MessageHash_ { /* Module Managment Functions */ MDE Module *findModule(const char *name); /* Find a module */ -int encryption_module_init(); /* Load the encryption module */ int protocol_module_init(); /* Load the IRCD Protocol Module up*/ MDE void moduleDisplayHelp(const char *service, User *u); diff --git a/src/config.c b/src/config.c index 89342ff13..f136ffc9a 100644 --- a/src/config.c +++ b/src/config.c @@ -23,7 +23,6 @@ ServerConfig serverConfig; /* Configurable variables: */ char *IRCDModule; -char *EncModule; std::list<Uplink *> Uplinks; @@ -206,6 +205,10 @@ int ModulesNumber; /** * Core Module Stuff **/ +char **EncModuleList; +char *EncModules; +int EncModulesNumber; + static char *HostCoreModules; char **HostServCoreModules; int HostServCoreNumber; @@ -831,7 +834,7 @@ int ServerConfig::Read(bool bail) {"networkinfo", "logbot", "no", new ValueContainerBool(&LogBot), DT_BOOLEAN, NoValidation}, {"networkinfo", "networkname", "", new ValueContainerChar(&NetworkName), DT_CHARPTR, ValidateNotEmpty}, {"networkinfo", "nicklen", "0", new ValueContainerUInt(&NickLen), DT_UINTEGER | DT_NORELOAD, ValidateNickLen}, - {"options", "encryption", "", new ValueContainerChar(&EncModule), DT_CHARPTR | DT_NORELOAD, ValidateNotEmpty}, + {"options", "encryption", "", new ValueContainerChar(&EncModules), DT_CHARPTR | DT_NORELOAD, ValidateNotEmpty}, {"options", "userkey1", "0", new ValueContainerLUInt(&UserKey1), DT_LUINTEGER, NoValidation}, {"options", "userkey2", "0", new ValueContainerLUInt(&UserKey2), DT_LUINTEGER, NoValidation}, {"options", "userkey3", "0", new ValueContainerLUInt(&UserKey3), DT_LUINTEGER, NoValidation}, @@ -1907,6 +1910,8 @@ int read_config(int reload) /* Modules Autoload building... :P */ ModulesAutoload = buildStringList(Modules, &ModulesNumber); + EncModuleList = + buildStringList(EncModules ? EncModules : "", &EncModulesNumber); HostServCoreModules = buildStringList(HostCoreModules ? HostCoreModules : "", &HostServCoreNumber); MemoServCoreModules = diff --git a/src/core/enc_md5.c b/src/core/enc_md5.c index 00d9a40ae..103f4bbe7 100644 --- a/src/core/enc_md5.c +++ b/src/core/enc_md5.c @@ -397,7 +397,7 @@ class EMD5 : public Module } - EventReturn OnCheckPassword(const char *plaintext, const char *password) + EventReturn OnCheckPassword(const char *plaintext, char *password) { char buf[BUFSIZE]; @@ -405,9 +405,16 @@ class EMD5 : public Module return EVENT_STOP; if (memcmp(buf, password, 16) == 0) { + /* if we are NOT the first module in the list, + * we want to re-encrypt the pass with the new encryption + */ + if (stricmp(EncModuleList[0], this->name.c_str())) + { + enc_encrypt(plaintext, strlen(password), password, PASSMAX -1 ); + } return EVENT_ALLOW; } - return EVENT_STOP; + return EVENT_CONTINUE; } }; diff --git a/src/core/enc_none.c b/src/core/enc_none.c index 91784bca4..99b3e17a4 100644 --- a/src/core/enc_none.c +++ b/src/core/enc_none.c @@ -56,12 +56,20 @@ class ENone : public Module return EVENT_ALLOW; } - EventReturn OnCheckPassword(const char *plaintext, const char *password) { + EventReturn OnCheckPassword(const char *plaintext, char *password) + { if(strcmp(plaintext,password)==0) { + /* if we are NOT the first module in the list, + * we want to re-encrypt the pass with the new encryption + */ + if (stricmp(EncModuleList[0], this->name.c_str())) + { + enc_encrypt(plaintext, strlen(password), password, PASSMAX -1 ); + } return EVENT_ALLOW; } - return EVENT_STOP; + return EVENT_CONTINUE; } }; diff --git a/src/core/enc_old.c b/src/core/enc_old.c index 3da4e5155..c3db6c4b3 100644 --- a/src/core/enc_old.c +++ b/src/core/enc_old.c @@ -398,7 +398,7 @@ class EOld : public Module /* Compare a plaintext string against an encrypted password. Return 1 if * they match, 0 if not, and -1 if something went wrong. */ - EventReturn OnCheckPassword(const char *plaintext, const char *password) + EventReturn OnCheckPassword(const char *plaintext, char *password) { char buf[BUFSIZE]; @@ -406,9 +406,16 @@ class EOld : public Module return EVENT_STOP; if (memcmp(buf, password, 16) == 0) { + /* when we are NOT the first module in the list, + * we want to re-encrypt the pass with the new encryption + */ + if (stricmp(EncModuleList[0], this->name.c_str())) + { + enc_encrypt(plaintext, strlen(password), password, PASSMAX -1 ); + } return EVENT_ALLOW; } - return EVENT_STOP; + return EVENT_CONTINUE; } EventReturn OnDecrypt(const char *src, char *dest, int size) diff --git a/src/core/enc_sha1.c b/src/core/enc_sha1.c index 398b052fb..9c86875fe 100644 --- a/src/core/enc_sha1.c +++ b/src/core/enc_sha1.c @@ -259,16 +259,23 @@ class ESHA1 : public Module } - EventReturn OnCheckPassword(const char *plaintext, const char *password) + EventReturn OnCheckPassword(const char *plaintext, char *password) { char buf[BUFSIZE]; if (OnEncrypt(plaintext, strlen(plaintext), buf, sizeof(buf)) == EVENT_STOP) return EVENT_STOP; if (memcmp(buf, password, 20) == 0) { + /* when we are NOT the first module in the list, + * we want to re-encrypt the pass with the new encryption + */ + if (stricmp(EncModuleList[0], this->name.c_str())) + { + enc_encrypt(plaintext, strlen(password), password, PASSMAX -1 ); + } return EVENT_ALLOW; } - return EVENT_STOP; + return EVENT_CONTINUE; } }; diff --git a/src/encrypt.c b/src/encrypt.c index 4b5db587e..6faac199c 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -84,7 +84,7 @@ int enc_decrypt(const char *src, char *dest, int size) * 0 if the password does not match * 0 if an error occurred while checking **/ -int enc_check_password(const char *plaintext, const char *password) +int enc_check_password(const char *plaintext, char *password) { EventReturn MOD_RESULT; FOREACH_RESULT(I_OnCheckPassword, OnCheckPassword(plaintext, password)); diff --git a/src/init.c b/src/init.c index 4acf9540d..c7d733e4e 100644 --- a/src/init.c +++ b/src/init.c @@ -386,10 +386,8 @@ int init_primary(int ac, char **av) return -1; } - /* Add Encryption Module; exit if there are errors */ - if (encryption_module_init()) { - return -1; - } + /* Add Encryption Modules */ + ModuleManager::LoadModuleList(EncModulesNumber, EncModuleList); return 0; } diff --git a/src/messages.c b/src/messages.c index 0c2f816f6..dc9a86d1b 100644 --- a/src/messages.c +++ b/src/messages.c @@ -277,7 +277,7 @@ int m_stats(const char *source, int ac, const char **av) int m_version(const char *source, int ac, const char **av) { if (source) ircdproto->SendNumeric(ServerName, 351, source, "Anope-%s %s :%s - %s (%s) -- %s", version_number, ServerName, ircd->name, version_flags, - EncModule, version_build); + EncModuleList[0], version_build); return MOD_CONT; } diff --git a/src/modulemanager.cpp b/src/modulemanager.cpp index 35a2280a8..3058f216f 100644 --- a/src/modulemanager.cpp +++ b/src/modulemanager.cpp @@ -245,12 +245,6 @@ int ModuleManager::LoadModule(const std::string &modname, User * u) alog("You cannot load two protocol modules"); return MOD_STOP; } - else if (m->type == ENCRYPTION && IsOneOfModuleTypeLoaded(ENCRYPTION)) - { - DeleteModule(m); - alog("You cannot load two encryption modules"); - return MOD_STOP; - } if (u) { diff --git a/src/modules.c b/src/modules.c index 7eefd0c0a..ee8dae409 100644 --- a/src/modules.c +++ b/src/modules.c @@ -54,19 +54,6 @@ char *ModuleGetErrStr(int status) /************************************************/ /** - * - **/ -int encryption_module_init() { - int ret = 0; - - alog("Loading Encryption Module: [%s]", EncModule); - ret = ModuleManager::LoadModule(EncModule, NULL); - if (ret == MOD_ERR_OK) - findModule(EncModule)->SetType(ENCRYPTION); - return ret; -} - -/** * Load the ircd protocol module up **/ int protocol_module_init() diff --git a/src/protocol/inspircd11.c b/src/protocol/inspircd11.c index 892187d1e..49f85bb0b 100644 --- a/src/protocol/inspircd11.c +++ b/src/protocol/inspircd11.c @@ -348,7 +348,7 @@ class InspIRCdProto : public IRCDProto me_server = new_server(NULL, ServerName, ServerDesc, SERVER_ISME, NULL); SendServer(me_server); send_cmd(NULL, "BURST"); - send_cmd(ServerName, "VERSION :Anope-%s %s :%s - %s (%s) -- %s", version_number, ServerName, ircd->name, version_flags, EncModule, version_build); + send_cmd(ServerName, "VERSION :Anope-%s %s :%s - %s (%s) -- %s", version_number, ServerName, ircd->name, version_flags, EncModuleList[0], version_build); } /* CHGIDENT */ diff --git a/src/protocol/inspircd12.cpp b/src/protocol/inspircd12.cpp index 5f1eeb39c..145434c46 100644 --- a/src/protocol/inspircd12.cpp +++ b/src/protocol/inspircd12.cpp @@ -358,7 +358,7 @@ class InspIRCdProto : public IRCDProto me_server = new_server(NULL, ServerName, ServerDesc, SERVER_ISME, TS6SID); SendServer(me_server); send_cmd(TS6SID, "BURST"); - send_cmd(TS6SID, "VERSION :Anope-%s %s :%s - %s (%s) -- %s", version_number, ServerName, ircd->name, version_flags, EncModule, version_build); + send_cmd(TS6SID, "VERSION :Anope-%s %s :%s - %s (%s) -- %s", version_number, ServerName, ircd->name, version_flags, EncModuleList[0], version_build); } /* CHGIDENT */ |