Allow making the MKPASSWD command only usable by opers.

2025-03-09 18:49:03 -04:00 · 2021-06-20 21:29:45 +01:00 · 2021-06-20 21:29:45 +01:00 · 5c8b212a3c
commit 5c8b212a3c
parent 9f3b933371
2 changed files with 9 additions and 0 deletions
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@ -1748,6 +1748,9 @@
 #
 # Generate hashes using the /MKPASSWD command on the server.
 # Don't run it on a server you don't trust with your password.
+#
+# You can also make the MKPASSWD command oper only by uncommenting this:
+#<mkpasswd operonly="yes">

 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # PBKDF2 module: Allows other modules to generate PBKDF2 hashes,
--- a/src/modules/m_password_hash.cpp
+++ b/src/modules/m_password_hash.cpp
@ -88,6 +88,12 @@ class ModulePasswordHash : public Module
 	{
 	}

+	void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
+	{
+		ConfigTag* tag = ServerInstance->Config->ConfValue("mkpasswd");
+		cmd.flags_needed = tag->getBool("operonly") ? 'o' : 0;
+	}
+
 	ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) CXX11_OVERRIDE
 	{
 		if (!hashtype.compare(0, 5, "hmac-", 5))