alvaro-cuesta/qauth.py

## qauth.py
# Update 0.2 by alvaro-cuesta@GitHub
#
# Saw in http://www.nuxified.org/quakenet_q_challenge_response_auth_for_xchat
#
# - new protocol (uses HMAC-SHA-1)
# - added /QHASH <sha-1 hashed password> to auth via hash
# - added /QGEN <password> to generate a password hash (done noce)
# - autoauth (uses your network's NickServ password as a hash, leave blank to disable)
# - autocloak
# - autojoin channels once cloaked (see CHANNELS)
#
# ORIGINAL NOTICE:

# to autoload, put into the xchat directory, for example as ~/.xchat2/qauth.py
# commands:
#   /QAUTH <password> auth to Q via challenge-response on QuakeNet
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation
#
# have fun and get Nuxified.ORG !!!

"Q challenge-response authentication using HMAC-SHA1"

__module_name__ = "qauth"
__module_version__ = "0.2"
__module_description__ = "Q challenge-response authentication using HMAC-SHA1"

import xchat
import hashlib, hmac

# CHANNELS = '#chan1,#chan2,#chan3 pass1,pass2'
# or
# CHANNELS = None
CHANNELS = None

# TWEAKING
NETWORK = 'QuakeNet'
SERVER = '.quakenet.org'
SERVICE = 'Q@CServe.quakenet.org'
PREFIX = ':Q!TheQBot@CServe.quakenet.org'

pw = None

def qauth_cb(word, word_eol, udata):
    if not check_server():
        print 'You do not seam to be on %s (*.%s).' % (NETWORK, SERVER)
        return xchat.EAT_ALL

    if len(word) < 2:
        print 'You must give a password.'
        return xchat.EAT_ALL

    global pw
    pw = hashlib.sha1(word[1]).hexdigest()
    xchat.command('MSG %s CHALLENGE' % SERVICE)
    return xchat.EAT_ALL

def qhash_cb(word, word_eol, udata):
    if not check_server():
        print 'You do not seam to be on %s (*.%s).' % (NETWORK, SERVER)
        return xchat.EAT_ALL

    if len(word) < 2:
        print 'You must give a password.'
        return xchat.EAT_ALL

    global pw
    pw = word[1]
    xchat.command('MSG %s CHALLENGE' % SERVICE)
    return xchat.EAT_ALL

def qgen_cb(word, word_eol, udata):
    if len(word) < 2:
        print 'You must give a password.'
        return xchat.EAT_ALL

    global pw
    print hashlib.sha1(word[1]).hexdigest()
    return xchat.EAT_ALL

def check_server():
    network = xchat.get_info('network')
    server = xchat.get_info('server')

    return network == NETWORK and server[-len(SERVER):] == SERVER

def welcome_cb(word, word_eol, udata):
    if check_server() and xchat.get_info('nickserv') is not None:
        xchat.command('MSG %s CHALLENGE' % SERVICE)

def notice_cb(word, word_eol, udata):
    network = xchat.get_info('network')
    server = xchat.get_info('server')
    user = xchat.get_info('nick')

    if not (check_server() and word[0] == PREFIX):
        return

    if word[3] == ":CHALLENGE":
        challenge = word[4]
        algorithms = word_eol[5]

        if 'HMAC-SHA-1' not in algorithms:
            print "'HMAC-SHA-1' not supported: %s." % algorithms
            print "You may want to update qauth.py."
        else:
            global pw
            config_pw = xchat.get_info('nickserv')
            pw = pw or config_pw

            key = hashlib.sha1("%s:%s" % (user.lower(), pw)).hexdigest()
            response = hmac.new(key, challenge, hashlib.sha1).hexdigest()
            xchat.command('MSG %s CHALLENGEAUTH %s %s HMAC-SHA-1'
                % (SERVICE, user, response))

            pw = None
    elif word_eol[3] == ":You are now logged in as %s." % user:
        xchat.command("MODE %s +x" % user)

def hidden_cb(word, word_eol, udata):
    if CHANNELS is None or not (check_server()):
        return

    if word_eol[4] == ':is now your hidden host':
        xchat.command("JOIN %s" % CHANNELS)

xchat.hook_command('QAUTH', qauth_cb,
    help='/QAUTH <passwd> auth to Q via challenge-response ')
xchat.hook_command('QHASH', qhash_cb,
    help='/QHASH <hash> auth to Q via challenge-response using a hash')
xchat.hook_command('QGEN', qgen_cb,
    help='/QGEN <passwd> generate password hash')
xchat.hook_server('NOTICE', notice_cb)
xchat.hook_server('001', welcome_cb)
xchat.hook_server('396', hidden_cb)
	# Update 0.2 by alvaro-cuesta@GitHub
	#
	# Saw in http://www.nuxified.org/quakenet_q_challenge_response_auth_for_xchat
	#
	# - new protocol (uses HMAC-SHA-1)
	# - added /QHASH <sha-1 hashed password> to auth via hash
	# - added /QGEN <password> to generate a password hash (done noce)
	# - autoauth (uses your network's NickServ password as a hash, leave blank to disable)
	# - autocloak
	# - autojoin channels once cloaked (see CHANNELS)
	#
	# ORIGINAL NOTICE:

	# to autoload, put into the xchat directory, for example as ~/.xchat2/qauth.py
	# commands:
	# /QAUTH <password> auth to Q via challenge-response on QuakeNet
	#
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of the GNU General Public License version 2 as
	# published by the Free Software Foundation
	#
	# have fun and get Nuxified.ORG !!!

	"Q challenge-response authentication using HMAC-SHA1"

	__module_name__ = "qauth"
	__module_version__ = "0.2"
	__module_description__ = "Q challenge-response authentication using HMAC-SHA1"

	import xchat
	import hashlib, hmac

	# CHANNELS = '#chan1,#chan2,#chan3 pass1,pass2'
	# or
	# CHANNELS = None
	CHANNELS = None

	# TWEAKING
	NETWORK = 'QuakeNet'
	SERVER = '.quakenet.org'
	SERVICE = 'Q@CServe.quakenet.org'
	PREFIX = ':Q!TheQBot@CServe.quakenet.org'

	pw = None

	def qauth_cb(word, word_eol, udata):
	if not check_server():
	print 'You do not seam to be on %s (*.%s).' % (NETWORK, SERVER)
	return xchat.EAT_ALL

	if len(word) < 2:
	print 'You must give a password.'
	return xchat.EAT_ALL

	global pw
	pw = hashlib.sha1(word[1]).hexdigest()
	xchat.command('MSG %s CHALLENGE' % SERVICE)
	return xchat.EAT_ALL

	def qhash_cb(word, word_eol, udata):
	if not check_server():
	print 'You do not seam to be on %s (*.%s).' % (NETWORK, SERVER)
	return xchat.EAT_ALL

	if len(word) < 2:
	print 'You must give a password.'
	return xchat.EAT_ALL

	global pw
	pw = word[1]
	xchat.command('MSG %s CHALLENGE' % SERVICE)
	return xchat.EAT_ALL

	def qgen_cb(word, word_eol, udata):
	if len(word) < 2:
	print 'You must give a password.'
	return xchat.EAT_ALL

	global pw
	print hashlib.sha1(word[1]).hexdigest()
	return xchat.EAT_ALL

	def check_server():
	network = xchat.get_info('network')
	server = xchat.get_info('server')

	return network == NETWORK and server[-len(SERVER):] == SERVER

	def welcome_cb(word, word_eol, udata):
	if check_server() and xchat.get_info('nickserv') is not None:
	xchat.command('MSG %s CHALLENGE' % SERVICE)

	def notice_cb(word, word_eol, udata):
	network = xchat.get_info('network')
	server = xchat.get_info('server')
	user = xchat.get_info('nick')

	if not (check_server() and word[0] == PREFIX):
	return

	if word[3] == ":CHALLENGE":
	challenge = word[4]
	algorithms = word_eol[5]

	if 'HMAC-SHA-1' not in algorithms:
	print "'HMAC-SHA-1' not supported: %s." % algorithms
	print "You may want to update qauth.py."
	else:
	global pw
	config_pw = xchat.get_info('nickserv')
	pw = pw or config_pw

	key = hashlib.sha1("%s:%s" % (user.lower(), pw)).hexdigest()
	response = hmac.new(key, challenge, hashlib.sha1).hexdigest()
	xchat.command('MSG %s CHALLENGEAUTH %s %s HMAC-SHA-1'
	% (SERVICE, user, response))

	pw = None
	elif word_eol[3] == ":You are now logged in as %s." % user:
	xchat.command("MODE %s +x" % user)

	def hidden_cb(word, word_eol, udata):
	if CHANNELS is None or not (check_server()):
	return

	if word_eol[4] == ':is now your hidden host':
	xchat.command("JOIN %s" % CHANNELS)

	xchat.hook_command('QAUTH', qauth_cb,
	help='/QAUTH <passwd> auth to Q via challenge-response ')
	xchat.hook_command('QHASH', qhash_cb,
	help='/QHASH <hash> auth to Q via challenge-response using a hash')
	xchat.hook_command('QGEN', qgen_cb,
	help='/QGEN <passwd> generate password hash')
	xchat.hook_server('NOTICE', notice_cb)
	xchat.hook_server('001', welcome_cb)
	xchat.hook_server('396', hidden_cb)