Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The "/" character in the user's password #60

Open
Madriix opened this issue Jun 27, 2022 · 3 comments
Open

The "/" character in the user's password #60

Madriix opened this issue Jun 27, 2022 · 3 comments

Comments

@Madriix
Copy link
Collaborator

Madriix commented Jun 27, 2022
edited
Loading

Hi
I just noticed that I had several users who put the "/" character in their password. This one is not accepted in JBNC

df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart

Just imagine that the password is: PassWord/

Should we change the args "/" in JBNC to put another character? If so which one should I put?
@realrasengan
Copy link
Collaborator

We'll have to address that for sure. I wonder if the RFC accepts spaces for the password, in which case we could use that.

That said, we could also address how jbnc parses it to detect the /. (e.g., PassWord///irc.site.com:+6697 becomes part[0] PassWord/ and part[1] is irc.site.com:+6697

@Madriix
Copy link
Collaborator Author

Madriix commented Jun 27, 2022
edited
Loading

@realrasengan Should use exec :

let test = "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart";
let regex = /(.*)\|\|(.*)\/(.*)\|\|(.*)\/(.*)\/(.*)/g;
let out = regex.exec(test);
console.log(out);

Result of out :

Array(7) [ "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart", "df9260cxxxxxxxxxxxxxxxxxxxx", "PassWord/", "irc.site.com:+6697", "df9xxxxxxxxxxxxxxxecxxxxxxx", "mobile", "mozart" ]
​
0: "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart"
​
1: "df9260cxxxxxxxxxxxxxxxxxxxx"
​
2: "PassWord/"
​
3: "irc.site.com:+6697"
​
4: "df9xxxxxxxxxxxxxxxecxxxxxxx"
​
5: "mobile"
​
6: "mozart"
​
groups: undefined
​
index: 0
​
input: "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart"
​
length: 7

it could do it, but just have to want to integrate it into jbnc

@Madriix
Copy link
Collaborator Author

Madriix commented Jun 27, 2022

I put this and it seems to work:

            case 'PASS':
              if(commands[1]) {
                if(BOUNCER_PASSWORD.length>0 && commands[1].split("||")[0]!=BOUNCER_PASSWORD) {
                  this.write(":*jbnc NOTICE * :*** Incorrect Password ***\n");
                  this.badauth=true;
                  this.end();
                }
                else {
                  this.irc.server=SERVER;
                  this.irc.port=SERVER_PORT;
                  this.irc.nick=null;
                  this.irc.user=null;
                  this.irc.password=null;
                  this.irc.realname=null;
                  this.irc.serverpassword=null;
                  this.irc.nickpassword=null;
                  this.irc.accountsasl=null;

                  if ( /(.*)\|\|(.*)\/(.*)\|\|(.*)\/(.*)\/(.*)/g.test(commands[1].trim()) ) {
                    /* df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart */
                    origin = /(.*)\|\|(.*)\/(.*)\|\|(.*)\/(.*)\/(.*)/g.exec(commands[1].trim());

                    this.irc.password = origin[2]; // PassWord/ (2)

                    if(this.irc.password.length < 6) {
                      this.write(":*jbnc NOTICE * :*** Password too short (min length 6) ***\n");
                      this.badauth=true;
                      this.end();
                    }
                    // hash password
                    this.irc.password = hash(this.irc.password);
                    if(BOUNCER_MODE=="gateway") {
                      if(origin.length!=1 && origin.length!=2)
                        this.end();
                      else {
                        if(origin[3] && origin[4])
                          this.clientbuffer=origin[3].trim()+"||"+origin[4].trim();
                      }
                    }
                    else {
                      /*if(origin.length!=2 && origin.length!=3 && origin.length!=4)
                        this.end();
                      else {*/
                        _server_pass = origin[3];
                        _server = _server_pass.split(":");
                        this.irc.server = _server[0];
                        this.irc.port = (_server[1] ? _server[1].trim() : 6667);
                        if(origin[4]) {
                          this.irc.serverpassword=origin[4];
                        }
                        if(origin[2]) {
                          this.irc.nickpassword=origin[2];
                        }							
                        if(origin[5])
                          this.clientbuffer=origin[5].trim();
                        if(origin[6])
                          this.irc.accountsasl=origin[6].trim();
                      //}
                    }

                  } else {
                    origin = commands[1].trim().split("/");

                    if(origin[0].indexOf("||")>0)
                      this.irc.password = origin[0].split("||")[1];
                    else
                      this.irc.password = origin[0];

                    if(this.irc.password.length < 6) {
                      this.write(":*jbnc NOTICE * :*** Password too short (min length 6) ***\n");
                      this.badauth=true;
                      this.end();
                    }
                    // hash password
                    this.irc.password = hash(this.irc.password);
                    if(BOUNCER_MODE=="gateway") {
                      if(origin.length!=1 && origin.length!=2)
                        this.end();
                      else {
                        if(origin[1])
                          this.clientbuffer=origin[1].trim();
                      }
                    }
                    else {
                      if(origin.length!=2 && origin.length!=3 && origin.length!=4)
                        this.end();
                      else {
                        _server_pass = origin[1].split("||");
                        _server = _server_pass[0].split(":");
                        this.irc.server = _server[0];
                        this.irc.port = (_server[1] ? _server[1].trim() : 6667);
                        if(origin[1].split("||")[1]) {
                          this.irc.serverpassword=origin[1].split("||")[1];
                        }
                        if(origin[0].split("||")[1]) {
                          this.irc.nickpassword=origin[0].split("||")[1];
                        }							
                        if(origin[2])
                          this.clientbuffer=origin[2].trim();
                        if(origin[3])
                          this.irc.accountsasl=origin[3].trim();
                      }
                    }
                  
                  }
                }
              }
              else {
                this.write(":*jbnc NOTICE * :*** This is a JBNC Server.  You must set a password.\n");
                this.badauth=true;
                this.end();
              }
              break;

I will test tomorrow morning in production

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@realrasengan @Madriix