diff options
author | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-03-10 16:15:29 +0000 |
---|---|---|
committer | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-03-10 16:15:29 +0000 |
commit | 63041954b1cfda4aaf1e89d4b16fb6d1411caa3e (patch) | |
tree | 33cabfd60aa16958f36c9600e75de1bd17e03739 | |
parent | 5a5a061c48af830ca90b699993cac079a9311b08 (diff) |
Push password comparison logic into ComparePass, fixes authentication bug noticed by HiroP
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11195 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r-- | src/modules/m_spanningtree/hmac.cpp | 14 | ||||
-rw-r--r-- | src/modules/m_spanningtree/server.cpp | 6 |
2 files changed, 7 insertions, 13 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 74462fe1c..6dceafe22 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -130,16 +130,12 @@ std::string TreeSocket::RandString(unsigned int ilength) bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs) { - if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12))) + if (Utils->ChallengeResponse) { - /* One or both of us specified hmac sha256, but we don't have sha256 module loaded! - * We can't allow this password as valid. - */ - if (!ServerInstance->Modules->Find("m_sha256.so") || !Utils->ChallengeResponse) - return false; - else - /* Straight string compare of hashes */ - return ours == theirs; + std::string our_hmac = this->MakePass(ours, this->GetOurChallenge()); + + /* Straight string compare of hashes */ + return our_hmac == theirs; } else /* Straight string compare of plaintext */ diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index e7aef1451..da44452ba 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -128,8 +128,7 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && - (x->RecvPass != password && this->GetTheirChallenge().empty())) + if (!ComparePass(x->RecvPass, password)) { this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; @@ -226,8 +225,7 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && - (x->RecvPass != password && this->GetTheirChallenge().empty())) + if (!ComparePass(x->RecvPass, password)) { this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; |