diff options
-rw-r--r-- | src/modules/m_spanningtree/hmac.cpp | 14 | ||||
-rw-r--r-- | src/modules/m_spanningtree/server.cpp | 6 |
2 files changed, 7 insertions, 13 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 74462fe1c..6dceafe22 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -130,16 +130,12 @@ std::string TreeSocket::RandString(unsigned int ilength) bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs) { - if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12))) + if (Utils->ChallengeResponse) { - /* One or both of us specified hmac sha256, but we don't have sha256 module loaded! - * We can't allow this password as valid. - */ - if (!ServerInstance->Modules->Find("m_sha256.so") || !Utils->ChallengeResponse) - return false; - else - /* Straight string compare of hashes */ - return ours == theirs; + std::string our_hmac = this->MakePass(ours, this->GetOurChallenge()); + + /* Straight string compare of hashes */ + return our_hmac == theirs; } else /* Straight string compare of plaintext */ diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index e7aef1451..da44452ba 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -128,8 +128,7 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && - (x->RecvPass != password && this->GetTheirChallenge().empty())) + if (!ComparePass(x->RecvPass, password)) { this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; @@ -226,8 +225,7 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && - (x->RecvPass != password && this->GetTheirChallenge().empty())) + if (!ComparePass(x->RecvPass, password)) { this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; |