diff options
author | Matthias Schiffer <matthias@gamezock.de> | 2009-08-24 04:47:54 +0200 |
---|---|---|
committer | Matthias Schiffer <matthias@gamezock.de> | 2009-08-24 04:47:54 +0200 |
commit | c964aa2708ed2839ded3c35eed7338f3e81f568f (patch) | |
tree | 21f17452e648cd25c7cdf80d844b1a366767f14b /src/Client | |
parent | 84a5ceeb7db03d75425d72e8a23a0bb0f267bc01 (diff) | |
download | mad-c964aa2708ed2839ded3c35eed7338f3e81f568f.tar mad-c964aa2708ed2839ded3c35eed7338f3e81f568f.zip |
Authentifikation: Übertrage Passwörter gehasht
Diffstat (limited to 'src/Client')
-rw-r--r-- | src/Client/Authenticators/PasswordAuthenticator.cpp | 48 | ||||
-rw-r--r-- | src/Client/Authenticators/PasswordAuthenticator.h | 6 |
2 files changed, 50 insertions, 4 deletions
diff --git a/src/Client/Authenticators/PasswordAuthenticator.cpp b/src/Client/Authenticators/PasswordAuthenticator.cpp index 3aa9f41..6690b22 100644 --- a/src/Client/Authenticators/PasswordAuthenticator.cpp +++ b/src/Client/Authenticators/PasswordAuthenticator.cpp @@ -19,7 +19,9 @@ #include "PasswordAuthenticator.h" +#include <Common/Hash.h> #include <Common/RequestManager.h> +#include <Common/Requests/AuthMethodRequest.h> namespace Mad { namespace Client { @@ -29,9 +31,14 @@ void PasswordAuthenticator::PasswordAuthRequest::sendRequest() { Common::XmlPacket packet; packet.setType("Authenticate"); packet.set("method", "Password"); + packet.set("subMethod", hash); packet.set("user", username); - packet.set("data", std::vector<boost::uint8_t>(password.begin(), password.end())); + + if(hash == "Clear") + packet.set("data", password); + else + packet.set("data", Common::Hash::hash(std::vector<boost::uint8_t>(password.begin(), password.end()), hash)); sendPacket(packet); } @@ -51,7 +58,44 @@ void PasswordAuthenticator::PasswordAuthRequest::handlePacket(boost::shared_ptr< } void PasswordAuthenticator::authenticate(Common::Application *application, Common::Connection *con, const std::string &username, const std::string &password) throw (Core::Exception) { - boost::shared_ptr<PasswordAuthRequest> request(new PasswordAuthRequest(application, username, password)); + std::string hash; + + { + boost::shared_ptr<Common::Requests::AuthMethodRequest> request(new Common::Requests::AuthMethodRequest(application)); + + application->getRequestManager()->sendRequest(con, request); + request->wait(); + + std::pair<boost::shared_ptr<const Common::XmlPacket>, Core::Exception> result = request->getResult(); + + if(!result.first || result.second) + throw result.second; + + const Common::XmlPacket::List *methods = result.first->getList("methods"); + + for(Common::XmlPacket::List::const_iterator method = methods->begin(); method != methods->end(); ++method) { + if(method->get<const std::string&>("name") != "Password") + continue; + + const Common::XmlPacket::List *subMethods = method->getList("subMethods"); + + for(Common::XmlPacket::List::const_iterator subMethod = subMethods->begin(); subMethod != subMethods->end(); ++subMethod) { + if(Common::Hash::isHashSupported(subMethod->get<const std::string&>("name"))) { + hash = subMethod->get<const std::string&>("name"); + break; + } + } + + break; + } + + if(hash.empty()) + throw Core::Exception(Core::Exception::NOT_AVAILABLE); + } + + application->logf(Core::LoggerBase::LOG_VERBOSE, "Authenticating with method 'Password' using hash '%s'...", hash.c_str()); + + boost::shared_ptr<PasswordAuthRequest> request(new PasswordAuthRequest(application, username, password, hash)); application->getRequestManager()->sendRequest(con, request); request->wait(); diff --git a/src/Client/Authenticators/PasswordAuthenticator.h b/src/Client/Authenticators/PasswordAuthenticator.h index 70c3cf1..8fdd87c 100644 --- a/src/Client/Authenticators/PasswordAuthenticator.h +++ b/src/Client/Authenticators/PasswordAuthenticator.h @@ -35,13 +35,15 @@ class MAD_CLIENT_EXPORT PasswordAuthenticator { std::string username; std::string password; + std::string hash; + protected: virtual void sendRequest(); virtual void handlePacket(boost::shared_ptr<const Common::XmlPacket> packet); public: - PasswordAuthRequest(Common::Application *application, const std::string &username0, const std::string &password0) - : Common::Request(application), username(username0), password(password0) {} + PasswordAuthRequest(Common::Application *application, const std::string &username0, const std::string &password0, const std::string &hash0) + : Common::Request(application), username(username0), password(password0), hash(hash0) {} }; PasswordAuthenticator(); |