summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-03-10 16:15:29 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-03-10 16:15:29 +0000
commit63041954b1cfda4aaf1e89d4b16fb6d1411caa3e (patch)
tree33cabfd60aa16958f36c9600e75de1bd17e03739
parent5a5a061c48af830ca90b699993cac079a9311b08 (diff)
Push password comparison logic into ComparePass, fixes authentication bug noticed by HiroP
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11195 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--src/modules/m_spanningtree/hmac.cpp14
-rw-r--r--src/modules/m_spanningtree/server.cpp6
2 files changed, 7 insertions, 13 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 74462fe1c..6dceafe22 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -130,16 +130,12 @@ std::string TreeSocket::RandString(unsigned int ilength)
bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs)
{
- if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12)))
+ if (Utils->ChallengeResponse)
{
- /* One or both of us specified hmac sha256, but we don't have sha256 module loaded!
- * We can't allow this password as valid.
- */
- if (!ServerInstance->Modules->Find("m_sha256.so") || !Utils->ChallengeResponse)
- return false;
- else
- /* Straight string compare of hashes */
- return ours == theirs;
+ std::string our_hmac = this->MakePass(ours, this->GetOurChallenge());
+
+ /* Straight string compare of hashes */
+ return our_hmac == theirs;
}
else
/* Straight string compare of plaintext */
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index e7aef1451..da44452ba 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -128,8 +128,7 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
if (x->Name != servername && x->Name != "*") // open link allowance
continue;
- if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
- (x->RecvPass != password && this->GetTheirChallenge().empty()))
+ if (!ComparePass(x->RecvPass, password))
{
this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
continue;
@@ -226,8 +225,7 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
if (x->Name != servername && x->Name != "*") // open link allowance
continue;
- if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
- (x->RecvPass != password && this->GetTheirChallenge().empty()))
+ if (!ComparePass(x->RecvPass, password))
{
this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
continue;