Update password hashes from SHA-256 to Argon2id

These days salted SHA-256 is considered quite weak for passwords.

Transparently upgrade existing hashes upon login.

Bump cmake requirement to able to use IMPORTED_TARGET, this will allow
further cleanup in next commits.

include/znc/User.h

@@ -45,24 +45,27 @@ class CUser : private CCoreTranslationMixin {
 
     bool ParseConfig(CConfig* Config, CString& sError);
 
-    // TODO refactor this
     enum eHashType {
         HASH_NONE,
         HASH_MD5,
         HASH_SHA256,
+        HASH_ARGON2ID,
 
-        HASH_DEFAULT = HASH_SHA256
+        // This should be kept in sync with CUtils::SaltedHash
+#if ZNC_HAVE_ARGON
+        HASH_DEFAULT = HASH_ARGON2ID,
+#else
+        HASH_DEFAULT = HASH_SHA256,
+#endif
     };
 
-    // If you change the default hash here and in HASH_DEFAULT,
-    // don't forget CUtils::sDefaultHash!
-    // TODO refactor this
     static CString SaltedHash(const CString& sPass, const CString& sSalt) {
-        return CUtils::SaltedSHA256Hash(sPass, sSalt);
+        return CUtils::SaltedHash(sPass, sSalt);
     }
 
     CConfig ToConfig() const;
-    bool CheckPass(const CString& sPass) const;
+    /** Checks password, may upgrade the hash method. */
+    bool CheckPass(const CString& sPass);
     bool AddAllowedHost(const CString& sHostMask);
     bool RemAllowedHost(const CString& sHostMask);
     void ClearAllowedHosts();

include/znc/Utils.h

@@ -51,15 +51,16 @@ class CUtils {
     static void PrintAction(const CString& sMessage);
     static void PrintStatus(bool bSuccess, const CString& sMessage = "");
 
-#ifndef SWIGPERL
-    // TODO refactor this
-    static const CString sDefaultHash;
-#endif
+	/** Asks password from stdin, with confirmation.
+	 *
+	 * @returns Piece of znc.conf with <Pass> block
+	 * */
+    static CString AskSaltedHashPassForConfig();
 
-    static CString GetSaltedHashPass(CString& sSalt);
     static CString GetSalt();
     static CString SaltedMD5Hash(const CString& sPass, const CString& sSalt);
     static CString SaltedSHA256Hash(const CString& sPass, const CString& sSalt);
+    static CString SaltedHash(const CString& sPass, const CString& sSalt);
     static CString GetPass(const CString& sPrompt);
     static bool GetInput(const CString& sPrompt, CString& sRet,
                          const CString& sDefault = "",

include/znc/version.h

@@ -57,9 +57,16 @@ extern const char* ZNC_VERSION_EXTRA;
 #define ZNC_VERSION_TEXT_I18N "no"
 #endif
 
+// This is only here because HASH_DEFAULT has different value
+#ifdef ZNC_HAVE_ARGON
+#define ZNC_VERSION_TEXT_ARGON "yes"
+#else
+#define ZNC_VERSION_TEXT_ARGON "no"
+#endif
+
 #define ZNC_COMPILE_OPTIONS_STRING                                    \
     "IPv6: " ZNC_VERSION_TEXT_IPV6 ", SSL: " ZNC_VERSION_TEXT_SSL     \
     ", DNS: " ZNC_VERSION_TEXT_DNS ", charset: " ZNC_VERSION_TEXT_ICU \
-    ", i18n: " ZNC_VERSION_TEXT_I18N
+    ", i18n: " ZNC_VERSION_TEXT_I18N ", Argon2: " ZNC_VERSION_TEXT_ARGON
 
 #endif  // !ZNC_VERSION_H

include/znc/zncconfig.h.cmake.in

@@ -35,6 +35,7 @@
 #cmakedefine HAVE_IPV6 1
 #cmakedefine HAVE_ZLIB 1
 #cmakedefine HAVE_I18N 1
+#cmakedefine ZNC_HAVE_ARGON 1
 #cmakedefine CSOCK_USE_POLL 1
 
 #cmakedefine HAVE_GETOPT_LONG 1