Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for certfp migration in 2json scripts #1864

Closed
tacerus opened this issue Dec 10, 2021 · 5 comments
Closed

Support for certfp migration in 2json scripts #1864

tacerus opened this issue Dec 10, 2021 · 5 comments
Assignees
@tacerus
Milestone
v2.9

Comments

@tacerus
Copy link
Contributor

tacerus commented Dec 10, 2021

Hi,

amongst the data migrated in the anope2json and atheme2json scripts (which have come very handy in the past!) are NickServ passwords. Since some users utilize certfp for authentication however, it would be great if the associated fingerprints were included in the migration.

Here is a sample snippet from an Anope database:

OBJECT NickCore
ID 172
DATA display foo    
DATA pass sha1:xxxxxxxxxxxxxx                          
DATA email foo@example.com   
DATA language
DATA access foo@*.example.com    
DATA memomax 20
DATA MEMO_SIGNON 1
DATA MEMO_RECEIVE 1
DATA cert UzScAKbIfiAlkBhpcnNPhpZiH7ZXt4C7RHOwpsfQHFmCNkwaBFWbEWUnUDtnW57x 
DATA HIDE_EMAIL 1
DATA HIDE_MASK 1
DATA NS_PRIVATE 1
DATA AUTOOP 1
DATA NS_SECURE 1
END

Unfortunately I do not have an Atheme one handy.

Thanks for considering.
@slingamn
Copy link
Member

slingamn commented Dec 10, 2021
edited

Right, I remember discussing this with @jlu5 : one of the problems is that the hash algorithm used to produce the fingerprint is not stored in band.

The fingerprint there looks like base64, but assuming it is, it decodes to 384 bits --- what algorithm is that? If it's anything other than SHA-256, it's useless to us.

@tacerus
Copy link
Contributor Author

tacerus commented Dec 10, 2021

That one is SHA256. I think it's the standard for Anope.

@slingamn
Copy link
Member

Resolution: if we see a DATA cert line in anope and the parameter is 64 bytes of hex (i.e. 256 bits encoded as hex), we'll attempt to interpret it as a SHA-256 fingerprint.

Does anyone know how atheme handles this?

@slingamn slingamn added this to the v2.9 milestone Dec 10, 2021
slingamn added a commit to slingamn/ergo that referenced this issue Dec 12, 2021
@slingamn
import certfps from anope
6530bfa 
See ergochat#1864
@tacerus tacerus mentioned this issue Dec 12, 2021
Merged
@slingamn
Copy link
Member

Relevant Atheme code:

https://github.com/atheme/atheme/blob/82866a59bef5f1be76f3b9d16b7016f04a3791e4/modules/backend/corestorage.c#L151-L159

slingamn added a commit to slingamn/ergo that referenced this issue Dec 13, 2021
@slingamn
fix the atheme side of ergochat#1864
8fc20d8 
Import stored certfps from Atheme as well.
@slingamn
Copy link
Member

In the database, it looks like:

MCFP certtest 3d6b11bfb405c3f84b38cd3038fbec0171d50354790407884ca55d23418566c9

including a final space?

slingamn added a commit that referenced this issue Dec 13, 2021
@slingamn
Merge pull request #1869 from slingamn/atheme.1
aa4a82e 
fix the atheme side of #1864
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tacerus tacerus

Labels
None yet
Projects
None yet
Milestone
v2.9
Development

No branches or pull requests
2 participants
@slingamn @tacerus