Added extra key length checks, documented encryption in example conf

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@2576 e03df62e-2008-0410-955e-edbf42e46eb7
author: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> 2005-12-19 15:44:40 +0000
committer: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> 2005-12-19 15:44:40 +0000
commit: a37f75ae6d967f2193ee1796d75b61eb63946093 (patch)
tree: edbf2c9540468d3035e403750a0f883d55084175
parent: adc3349b11cb396b1c957245f8e5a89396959144 (diff)
2 files changed, 39 insertions, 15 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example
index ac48be1ee..b77df99c1 100644
--- a/conf/inspircd.conf.example
+++ b/conf/inspircd.conf.example
@@ -240,17 +240,29 @@
 # Defines which servers can link to this one, and which servers this  #
 # server may create outbound links to.                                #
 #                                                                     #
-# name        - The name is the canocial name of the server, it does  #
-#               not have to resolve - but it is expected to be sent   #
-#               in the remote servers connection info.                #
-# ipaddr      - Valid host or ip address for remote server. *         #
-# port        - Valid listening UDP port for remote server.           #
-# sendpass    - Password to send to create an outbound connection to  #
-#               this server.                                          #
-# recvpass    - Password to receive to accept an inbound connection   #
-#               from this server.                                     #
-# autoconnect - Sets the server to autoconnect. Where x is the number #
-# (optional)    of seconds between attempts.  300 = 5 minutes         #
+# name          - The name is the canocial name of the server, it does#
+#                 not have to resolve - but it is expected to be sent #
+#                 in the remote servers connection info.              #
+#                                                                     #
+# ipaddr        - Valid host or ip address for remote server. *       #
+#                                                                     #
+# port          - Valid listening UDP port for remote server.         #
+#                                                                     #
+# sendpass      - Password to send to create an outbound connection   #
+#                 to this server.                                     #
+#                                                                     #
+# recvpass      - Password to receive to accept an inbound connection #
+#                 from this server.                                   #
+#                                                                     #
+# autoconnect   - Sets the server to autoconnect. x is the number     #
+# (optional)      of seconds between attempts.  300 = 5 minutes       #
+#                                                                     #
+# encryptionkey - The encryption key to use to encrypt this link.     #
+# (optional)      Applicable when using m_spanningtree.so, the key    #
+#                 must be EXACTLY 16, 24 or 32 characters long and    #
+#                 must match on both ends of the link. Each link may  #
+#                 have its own key so long as both ends of the link   #
+#                 use the same key string.                            #
 #                                                                     #
 # to u:line a server (give it extra privilages required for running   #
 # services, Q, etc) you must include the <uline server> tag as shown  #
@@ -272,7 +284,8 @@
 	port="7000"
         autoconnect="300"
 	sendpass="outgoing!password"
-	recvpass="incoming!password">
+	recvpass="incoming!password"
+	encryptionkey="0123456789123456">
 
 <link name="services.antarctic.com"
 	ipaddr="localhost"
diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index 10da3222c..6e2760e62 100644
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -612,8 +612,15 @@ class TreeSocket : public InspSocket
 				{
 					if (x->EncryptionKey != "")
 					{
-						this->WriteLine("AES "+Srv->GetServerName());
-						this->InitAES(x->EncryptionKey,x->Name);
+						if (!(x->EncryptionKey.length() == 16 || x->EncryptionKey.length() == 24 || x->EncryptionKey.length() == 32))
+						{
+							WriteOpers("\2WARNING\2: Your encryption key is NOT 16, 24 or 32 characters in length, encryption will \2NOT\2 be enabled.");
+						}
+						else
+						{
+							this->WriteLine("AES "+Srv->GetServerName());
+							this->InitAES(x->EncryptionKey,x->Name);
+						}
 					}
 					/* found who we're supposed to be connecting to, send the neccessary gubbins. */
 					this->WriteLine("SERVER "+Srv->GetServerName()+" "+x->SendPass+" 0 :"+Srv->GetServerDescription());
@@ -1719,7 +1726,11 @@ class TreeSocket : public InspSocket
                         }
                         return true;
 		}
-		
+		else if ((this->ctx) && (command == "AES"))
+		{
+			WriteOpers("\2AES\2: Encryption already enabled on this connection yet %s is trying to enable it twice!",params[0].c_str());
+		}
+
 		switch (this->LinkState)
 		{
 			TreeServer* Node;
author	brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>	2005-12-19 15:44:40 +0000
committer	brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>	2005-12-19 15:44:40 +0000
commit	a37f75ae6d967f2193ee1796d75b61eb63946093 (patch)
tree	edbf2c9540468d3035e403750a0f883d55084175
parent	adc3349b11cb396b1c957245f8e5a89396959144 (diff)