summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2014-07-27 18:21:10 +0200
committerAttila Molnar <attilamolnar@hush.com>2014-07-27 18:21:10 +0200
commitab9c42107fb1c1dcc013d3269270b1900d752b96 (patch)
treee87228af5e42256282b61612fec56c7639eb9665
parent05e594030ccfc044ac69f650eccaba8e981ce329 (diff)
m_spanningtree Deduplicate server auth code
-rw-r--r--src/modules/m_spanningtree/server.cpp83
-rw-r--r--src/modules/m_spanningtree/treesocket.h9
2 files changed, 37 insertions, 55 deletions
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index 5a12497bc..8686b43e5 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -70,17 +70,12 @@ CmdResult CommandServer::HandleServer(TreeServer* ParentOfThis, std::vector<std:
return CMD_SUCCESS;
}
-
-/*
- * This is used after the other side of a connection has accepted our credentials.
- * They are then introducing themselves to us, BEFORE either of us burst. -- w
- */
-bool TreeSocket::Outbound_Reply_Server(parameterlist &params)
+Link* TreeSocket::AuthRemote(const parameterlist& params)
{
if (params.size() < 5)
{
SendError("Protocol error - Not enough parameters for SERVER command");
- return false;
+ return NULL;
}
irc::string servername = params[0].c_str();
@@ -94,7 +89,7 @@ bool TreeSocket::Outbound_Reply_Server(parameterlist &params)
if (!ServerInstance->IsSID(sid))
{
this->SendError("Invalid format server ID: "+sid+"!");
- return false;
+ return NULL;
}
for (std::vector<reference<Link> >::iterator i = Utils->LinkBlocks.begin(); i < Utils->LinkBlocks.end(); i++)
@@ -110,8 +105,26 @@ bool TreeSocket::Outbound_Reply_Server(parameterlist &params)
}
if (!CheckDuplicate(sname, sid))
- return false;
+ return NULL;
+ ServerInstance->SNO->WriteToSnoMask('l',"Verified server connection " + linkID + " ("+description+")");
+ return x;
+ }
+
+ this->SendError("Mismatched server name or password (check the other server's snomask output for details - e.g. umode +s +Ll)");
+ ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials");
+ return NULL;
+}
+
+/*
+ * This is used after the other side of a connection has accepted our credentials.
+ * They are then introducing themselves to us, BEFORE either of us burst. -- w
+ */
+bool TreeSocket::Outbound_Reply_Server(parameterlist &params)
+{
+ const Link* x = AuthRemote(params);
+ if (x)
+ {
/*
* They're in WAIT_AUTH_2 (having accepted our credentials).
* Set our state to CONNECTED (since everything's peachy so far) and send our
@@ -120,13 +133,11 @@ bool TreeSocket::Outbound_Reply_Server(parameterlist &params)
* While we're at it, create a treeserver object so we know about them.
* -- w
*/
- FinishAuth(sname, sid, description, x->Hidden);
+ FinishAuth(params[0], params[3], params.back(), x->Hidden);
return true;
}
- this->SendError("Mismatched server name or password (check the other server's snomask output for details - e.g. umode +s +Ll)");
- ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials");
return false;
}
@@ -163,50 +174,14 @@ bool TreeSocket::CheckDuplicate(const std::string& sname, const std::string& sid
*/
bool TreeSocket::Inbound_Server(parameterlist &params)
{
- if (params.size() < 5)
+ const Link* x = AuthRemote(params);
+ if (x)
{
- SendError("Protocol error - Missing SID");
- return false;
- }
-
- irc::string servername = params[0].c_str();
- std::string sname = params[0];
- std::string password = params[1];
- std::string sid = params[3];
- std::string description = params[4];
-
- this->SendCapabilities(2);
-
- if (!ServerInstance->IsSID(sid))
- {
- this->SendError("Invalid format server ID: "+sid+"!");
- return false;
- }
-
- for (std::vector<reference<Link> >::iterator i = Utils->LinkBlocks.begin(); i < Utils->LinkBlocks.end(); i++)
- {
- Link* x = *i;
- if (x->Name != servername && x->Name != "*") // open link allowance
- continue;
-
- if (!ComparePass(*x, password))
- {
- ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
- continue;
- }
-
- if (!CheckDuplicate(sname, sid))
- return false;
-
- ServerInstance->SNO->WriteToSnoMask('l',"Verified incoming server connection " + linkID + " ("+description+")");
-
- this->SendCapabilities(2);
-
// Save these for later, so when they accept our credentials (indicated by BURST) we remember them
this->capab->hidden = x->Hidden;
- this->capab->sid = sid;
- this->capab->description = description;
- this->capab->name = sname;
+ this->capab->sid = params[3];
+ this->capab->description = params.back();
+ this->capab->name = params[0];
// Send our details: Our server name and description and hopcount of 0,
// along with the sendpass from this block.
@@ -217,8 +192,6 @@ bool TreeSocket::Inbound_Server(parameterlist &params)
return true;
}
- this->SendError("Mismatched server name or password (check the other server's snomask output for details - e.g. umode +s +Ll)");
- ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials");
return false;
}
diff --git a/src/modules/m_spanningtree/treesocket.h b/src/modules/m_spanningtree/treesocket.h
index 9dbc212a1..bee8b3069 100644
--- a/src/modules/m_spanningtree/treesocket.h
+++ b/src/modules/m_spanningtree/treesocket.h
@@ -139,6 +139,15 @@ class TreeSocket : public BufferedSocket
*/
void FinishAuth(const std::string& remotename, const std::string& remotesid, const std::string& remotedesc, bool hidden);
+ /** Authenticate the remote server.
+ * Validate the parameters and find the link block that matches the remote server. In case of an error,
+ * an appropriate snotice is generated, an ERROR message is sent and the connection is closed.
+ * Failing to find a matching link block counts as an error.
+ * @param params Parameters they sent in the SERVER command
+ * @return Link block for the remote server, or NULL if an error occurred
+ */
+ Link* AuthRemote(const parameterlist& params);
+
public:
const time_t age;