freenode
The "/" character in the user's password
Hi I just noticed that I had several users who put the "/" character in their password. This one is not accepted in JBNC
df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart
Just imagine that the password is: PassWord/
Should we change the args "/" in JBNC to put another character? If so which one should I put?
We'll have to address that for sure. I wonder if the RFC accepts spaces for the password, in which case we could use that.
That said, we could also address how jbnc parses it to detect the /. (e.g., PassWord///irc.site.com:+6697 becomes part[0] PassWord/ and part[1] is irc.site.com:+6697
@realrasengan Should use exec :
let test = "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart";
let regex = /(.*)\|\|(.*)\/(.*)\|\|(.*)\/(.*)\/(.*)/g;
let out = regex.exec(test);
console.log(out);
Result of out :
Array(7) [ "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart", "df9260cxxxxxxxxxxxxxxxxxxxx", "PassWord/", "irc.site.com:+6697", "df9xxxxxxxxxxxxxxxecxxxxxxx", "mobile", "mozart" ]
0: "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart"
1: "df9260cxxxxxxxxxxxxxxxxxxxx"
2: "PassWord/"
3: "irc.site.com:+6697"
4: "df9xxxxxxxxxxxxxxxecxxxxxxx"
5: "mobile"
6: "mozart"
groups: undefined
index: 0
input: "df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart"
length: 7
it could do it, but just have to want to integrate it into jbnc
I put this and it seems to work:
case 'PASS':
if(commands[1]) {
if(BOUNCER_PASSWORD.length>0 && commands[1].split("||")[0]!=BOUNCER_PASSWORD) {
this.write(":*jbnc NOTICE * :*** Incorrect Password ***\n");
this.badauth=true;
this.end();
}
else {
this.irc.server=SERVER;
this.irc.port=SERVER_PORT;
this.irc.nick=null;
this.irc.user=null;
this.irc.password=null;
this.irc.realname=null;
this.irc.serverpassword=null;
this.irc.nickpassword=null;
this.irc.accountsasl=null;
if ( /(.*)\|\|(.*)\/(.*)\|\|(.*)\/(.*)\/(.*)/g.test(commands[1].trim()) ) {
/* df9260cxxxxxxxxxxxxxxxxxxxx||PassWord//irc.site.com:+6697||df9xxxxxxxxxxxxxxxecxxxxxxx/mobile/mozart */
origin = /(.*)\|\|(.*)\/(.*)\|\|(.*)\/(.*)\/(.*)/g.exec(commands[1].trim());
this.irc.password = origin[2]; // PassWord/ (2)
if(this.irc.password.length < 6) {
this.write(":*jbnc NOTICE * :*** Password too short (min length 6) ***\n");
this.badauth=true;
this.end();
}
// hash password
this.irc.password = hash(this.irc.password);
if(BOUNCER_MODE=="gateway") {
if(origin.length!=1 && origin.length!=2)
this.end();
else {
if(origin[3] && origin[4])
this.clientbuffer=origin[3].trim()+"||"+origin[4].trim();
}
}
else {
/*if(origin.length!=2 && origin.length!=3 && origin.length!=4)
this.end();
else {*/
_server_pass = origin[3];
_server = _server_pass.split(":");
this.irc.server = _server[0];
this.irc.port = (_server[1] ? _server[1].trim() : 6667);
if(origin[4]) {
this.irc.serverpassword=origin[4];
}
if(origin[2]) {
this.irc.nickpassword=origin[2];
}
if(origin[5])
this.clientbuffer=origin[5].trim();
if(origin[6])
this.irc.accountsasl=origin[6].trim();
//}
}
} else {
origin = commands[1].trim().split("/");
if(origin[0].indexOf("||")>0)
this.irc.password = origin[0].split("||")[1];
else
this.irc.password = origin[0];
if(this.irc.password.length < 6) {
this.write(":*jbnc NOTICE * :*** Password too short (min length 6) ***\n");
this.badauth=true;
this.end();
}
// hash password
this.irc.password = hash(this.irc.password);
if(BOUNCER_MODE=="gateway") {
if(origin.length!=1 && origin.length!=2)
this.end();
else {
if(origin[1])
this.clientbuffer=origin[1].trim();
}
}
else {
if(origin.length!=2 && origin.length!=3 && origin.length!=4)
this.end();
else {
_server_pass = origin[1].split("||");
_server = _server_pass[0].split(":");
this.irc.server = _server[0];
this.irc.port = (_server[1] ? _server[1].trim() : 6667);
if(origin[1].split("||")[1]) {
this.irc.serverpassword=origin[1].split("||")[1];
}
if(origin[0].split("||")[1]) {
this.irc.nickpassword=origin[0].split("||")[1];
}
if(origin[2])
this.clientbuffer=origin[2].trim();
if(origin[3])
this.irc.accountsasl=origin[3].trim();
}
}
}
}
}
else {
this.write(":*jbnc NOTICE * :*** This is a JBNC Server. You must set a password.\n");
this.badauth=true;
this.end();
}
break;
I will test tomorrow morning in production