Push password comparison logic into ComparePass, fixes authentication bug noticed by HiroP

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11195 e03df62e-2008-0410-955e-edbf42e46eb7
author: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-03-10 16:15:29 +0000
committer: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-03-10 16:15:29 +0000
commit: 63041954b1cfda4aaf1e89d4b16fb6d1411caa3e (patch)
tree: 33cabfd60aa16958f36c9600e75de1bd17e03739 /src/modules/m_spanningtree/hmac.cpp
parent: 5a5a061c48af830ca90b699993cac079a9311b08 (diff)
1 files changed, 5 insertions, 9 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 74462fe1c..6dceafe22 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -130,16 +130,12 @@ std::string TreeSocket::RandString(unsigned int ilength)
 
 bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs)
 {
-	if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12)))
+	if (Utils->ChallengeResponse)
 	{
-		/* One or both of us specified hmac sha256, but we don't have sha256 module loaded!
-		 * We can't allow this password as valid.
-		  */
-		if (!ServerInstance->Modules->Find("m_sha256.so") || !Utils->ChallengeResponse)
-			return false;
-		else
-			/* Straight string compare of hashes */
-			return ours == theirs;
+		std::string our_hmac = this->MakePass(ours, this->GetOurChallenge());
+
+		/* Straight string compare of hashes */
+		return our_hmac == theirs;
 	}
 	else
 		/* Straight string compare of plaintext */
author	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-03-10 16:15:29 +0000
committer	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-03-10 16:15:29 +0000
commit	63041954b1cfda4aaf1e89d4b16fb6d1411caa3e (patch)
tree	33cabfd60aa16958f36c9600e75de1bd17e03739 /src/modules/m_spanningtree/hmac.cpp
parent	5a5a061c48af830ca90b699993cac079a9311b08 (diff)