Authentifikation: Übertrage Passwörter gehasht

2 files changed, 50 insertions, 4 deletions

diff --git a/src/Client/Authenticators/PasswordAuthenticator.cpp b/src/Client/Authenticators/PasswordAuthenticator.cpp
index 3aa9f41..6690b22 100644
--- a/src/Client/Authenticators/PasswordAuthenticator.cpp
+++ b/src/Client/Authenticators/PasswordAuthenticator.cpp
@@ -19,7 +19,9 @@
 
 #include "PasswordAuthenticator.h"
 
+#include <Common/Hash.h>
 #include <Common/RequestManager.h>
+#include <Common/Requests/AuthMethodRequest.h>
 
 namespace Mad {
 namespace Client {
@@ -29,9 +31,14 @@ void PasswordAuthenticator::PasswordAuthRequest::sendRequest() {
   Common::XmlPacket packet;
   packet.setType("Authenticate");
   packet.set("method", "Password");
+  packet.set("subMethod", hash);
 
   packet.set("user", username);
-  packet.set("data", std::vector<boost::uint8_t>(password.begin(), password.end()));
+
+  if(hash == "Clear")
+    packet.set("data", password);
+  else
+    packet.set("data", Common::Hash::hash(std::vector<boost::uint8_t>(password.begin(), password.end()), hash));
 
   sendPacket(packet);
 }
@@ -51,7 +58,44 @@ void PasswordAuthenticator::PasswordAuthRequest::handlePacket(boost::shared_ptr<
 }
 
 void PasswordAuthenticator::authenticate(Common::Application *application, Common::Connection *con, const std::string &username, const std::string &password) throw (Core::Exception) {
-  boost::shared_ptr<PasswordAuthRequest> request(new PasswordAuthRequest(application, username, password));
+  std::string hash;
+
+  {
+    boost::shared_ptr<Common::Requests::AuthMethodRequest> request(new Common::Requests::AuthMethodRequest(application));
+
+    application->getRequestManager()->sendRequest(con, request);
+    request->wait();
+
+    std::pair<boost::shared_ptr<const Common::XmlPacket>, Core::Exception> result = request->getResult();
+
+    if(!result.first || result.second)
+      throw result.second;
+
+    const Common::XmlPacket::List *methods = result.first->getList("methods");
+
+    for(Common::XmlPacket::List::const_iterator method = methods->begin(); method != methods->end(); ++method) {
+      if(method->get<const std::string&>("name") != "Password")
+        continue;
+
+      const Common::XmlPacket::List *subMethods = method->getList("subMethods");
+
+      for(Common::XmlPacket::List::const_iterator subMethod = subMethods->begin(); subMethod != subMethods->end(); ++subMethod) {
+        if(Common::Hash::isHashSupported(subMethod->get<const std::string&>("name"))) {
+          hash = subMethod->get<const std::string&>("name");
+          break;
+        }
+      }
+
+      break;
+    }
+
+    if(hash.empty())
+      throw Core::Exception(Core::Exception::NOT_AVAILABLE);
+  }
+
+  application->logf(Core::LoggerBase::LOG_VERBOSE, "Authenticating with method 'Password' using hash '%s'...", hash.c_str());
+
+  boost::shared_ptr<PasswordAuthRequest> request(new PasswordAuthRequest(application, username, password, hash));
 
   application->getRequestManager()->sendRequest(con, request);
   request->wait();
diff --git a/src/Client/Authenticators/PasswordAuthenticator.h b/src/Client/Authenticators/PasswordAuthenticator.h
index 70c3cf1..8fdd87c 100644
--- a/src/Client/Authenticators/PasswordAuthenticator.h
+++ b/src/Client/Authenticators/PasswordAuthenticator.h
@@ -35,13 +35,15 @@ class MAD_CLIENT_EXPORT PasswordAuthenticator {
         std::string username;
         std::string password;
 
+        std::string hash;
+
       protected:
           virtual void sendRequest();
           virtual void handlePacket(boost::shared_ptr<const Common::XmlPacket> packet);
 
       public:
-          PasswordAuthRequest(Common::Application *application, const std::string &username0, const std::string &password0)
-      : Common::Request(application), username(username0), password(password0) {}
+          PasswordAuthRequest(Common::Application *application, const std::string &username0, const std::string &password0, const std::string &hash0)
+      : Common::Request(application), username(username0), password(password0), hash(hash0) {}
     };
 
     PasswordAuthenticator();