From 2e1cd4fb317ca2f0bd453b8c43670ff6adb3bb8f Mon Sep 17 00:00:00 2001
From: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Tue, 8 Apr 2008 23:27:49 +0000
Subject: Fix authentication logic, someone forgot to change an || to an &&,
 because we use continue now the logic is reversed, we continue if auth method
 one fails AND auth method two fails (instead of if auth method one fails OR
 auth method two fails) Also, fix bug where credentials of outbound server are
 leaked on successful auth to other ircds behind it

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9437 e03df62e-2008-0410-955e-edbf42e46eb7
---
 src/modules/m_spanningtree/server.cpp | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index b609202d5..55bb98008 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -130,9 +130,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
 		if (x->Name != servername && x->Name != "*") // open link allowance
 			continue;
 
-		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) ||
-			(x->RecvPass != password && !this->GetTheirChallenge().empty()))
+		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+			(x->RecvPass != password && this->GetTheirChallenge().empty()))
+		{
+			this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
 			continue;
+		}
 
 		TreeServer* CheckDupe = Utils->FindServer(sname);
 		if (CheckDupe)
@@ -163,7 +166,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
 
 		Utils->TreeRoot->AddChild(Node);
 		params[4] = ":" + params[4];
+
+
+		/* IMPORTANT: Take password/hmac hash OUT of here before we broadcast the introduction! */
+		params[1] = "*";
 		Utils->DoOneToAllButSender(Instance->Config->GetSID(),"SERVER",params,sname);
+
 		Node->bursting = true;
 		this->DoBurst(Node);
 		return true;
@@ -218,9 +226,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
 		if (x->Name != servername && x->Name != "*") // open link allowance
 			continue;
 
-		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) ||
-			(x->RecvPass != password && !this->GetTheirChallenge().empty()))
+		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+			(x->RecvPass != password && this->GetTheirChallenge().empty()))
+		{
+			this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
 			continue;
+		}
 
 		/* Check for fully initialized instances of the server by id */
 		Instance->Logs->Log("m_spanningtree",DEBUG,"Looking for dupe SID %s", sid.c_str());
-- 
cgit v1.2.3