docs: Change section title.

[irc/quakenet/newserv.git] / chanserv / chanservcrypto.c

diff --git a/chanserv/chanservcrypto.c b/chanserv/chanservcrypto.c
index 7906f8c7ca7eeac13e8c483adc2ebde72233dd83..ba40f437c7367dd89ae256f8ec60ee4e837a81f1 100644 (file)
--- a/chanserv/chanservcrypto.c
+++ b/chanserv/chanservcrypto.c
@@ -11,7 +11,7 @@
 #include "../lib/hmac.h"
 
 static prngctx rng;
-static sstring *secret, *codesecret;
+static sstring *secret, *codesecret, *ticketsecret;
 
 static sstring *combinesecret(char *str) {
   SHA256_CTX ctx;
@@ -63,12 +63,20 @@ void chanservcryptoinit(void) {
     secret=getsstring(hexbuf, strlen(hexbuf));
   }
   codesecret=combinesecret("codegenerator");
+
+  ticketsecret=getcopyconfigitem("chanserv","ticketsecret","",256);
+  if(!ticketsecret || !ticketsecret->content || !ticketsecret->content[0]) {
+    Error("chanserv",ERR_WARNING,"Ticket secret not set, ticketauth disabled.");
+    freesstring(ticketsecret);
+    ticketsecret = NULL;
+  }
 }
 
 
 void chanservcryptofree(void) {
   freesstring(secret);
   freesstring(codesecret);
+  freesstring(ticketsecret);
 }
 
 ub4 cs_getrandint(void) {
@@ -111,7 +119,7 @@ int crsha1(char *username, const char *password, const char *challenge, const ch
 
   hmac_printhex(digest, hexbuf, sizeof(digest));
 
-  if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+  if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
     return 1;
 
   return 0;
@@ -140,7 +148,7 @@ int crsha256(char *username, const char *password, const char *challenge, const
   hmacsha256_update(&hmac, (unsigned char *)challenge, strlen(challenge));
   hmacsha256_final(&hmac, digest);
 
-  if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+  if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
     return 1;
 
   return 0;
@@ -169,7 +177,7 @@ int crmd5(char *username, const char *password, const char *challenge, const cha
   hmacmd5_update(&hmac, (unsigned char *)challenge, strlen(challenge));
   hmacmd5_final(&hmac, digest);
 
-  if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+  if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
     return 1;
 
   return 0;
@@ -186,7 +194,7 @@ int crlegacymd5(char *username, const char *password, const char *challenge, con
   MD5Update(&ctx, (unsigned char *)challenge, strlen(challenge));
   MD5Final(digest, &ctx);
 
-  if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+  if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
     return 1;
 
   return 0;
@@ -234,7 +242,7 @@ int cs_checkhashpass(const char *username, const char *password, const char *jun
   MD5Update(&ctx, (unsigned char *)buf, strlen(buf));
   MD5Final(digest, &ctx);
 
-  if(strcasecmp(hash, hmac_printhex(digest, hexbuf, sizeof(digest))))
+  if(hmac_strcmp(hash, hmac_printhex(digest, hexbuf, sizeof(digest))))
     return 0;
 
   return 1;
@@ -263,3 +271,23 @@ char *csc_generateresetcode(time_t lockuntil, char *username) {
 
   return hexbuf;
 }
+
+int csc_verifyqticket(char *data, char *digest) {
+  hmacsha256 hmac;
+  unsigned char digestbuf[32];
+  char hexbuf[sizeof(digestbuf) * 2 + 1];
+
+  if(!ticketsecret)
+    return -1;
+
+  hmacsha256_init(&hmac, (unsigned char *)ticketsecret->content, ticketsecret->length);
+  hmacsha256_update(&hmac, (unsigned char *)data, strlen(data));
+  hmacsha256_final(&hmac, digestbuf);
+
+  hmac_printhex(digestbuf, hexbuf, sizeof(digestbuf));
+
+  if(!hmac_strcmp(hexbuf, digest))
+    return 0;
+
+  return 1;
+}