diff options
| author | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2008-04-08 23:27:49 +0000 |
|---|---|---|
| committer | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2008-04-08 23:27:49 +0000 |
| commit | 2e1cd4fb317ca2f0bd453b8c43670ff6adb3bb8f (patch) | |
| tree | 61b22f9cb45ececa4cb4087ffad65d8fb23e4c80 /src/modules/m_spanningtree | |
| parent | 149ed936a85e5483f8fd99060ab1acbc4d360ba9 (diff) | |
Fix authentication logic, someone forgot to change an || to an &&, because we use continue now the logic is reversed, we continue if auth method one fails AND auth method two fails
(instead of if auth method one fails OR auth method two fails)
Also, fix bug where credentials of outbound server are leaked on successful auth to other ircds behind it
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9437 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_spanningtree')
| -rw-r--r-- | src/modules/m_spanningtree/server.cpp | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index b609202d5..55bb98008 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -130,9 +130,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) || - (x->RecvPass != password && !this->GetTheirChallenge().empty())) + if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && + (x->RecvPass != password && this->GetTheirChallenge().empty())) + { + this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; + } TreeServer* CheckDupe = Utils->FindServer(sname); if (CheckDupe) @@ -163,7 +166,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> ¶ms) Utils->TreeRoot->AddChild(Node); params[4] = ":" + params[4]; + + + /* IMPORTANT: Take password/hmac hash OUT of here before we broadcast the introduction! */ + params[1] = "*"; Utils->DoOneToAllButSender(Instance->Config->GetSID(),"SERVER",params,sname); + Node->bursting = true; this->DoBurst(Node); return true; @@ -218,9 +226,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) || - (x->RecvPass != password && !this->GetTheirChallenge().empty())) + if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && + (x->RecvPass != password && this->GetTheirChallenge().empty())) + { + this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; + } /* Check for fully initialized instances of the server by id */ Instance->Logs->Log("m_spanningtree",DEBUG,"Looking for dupe SID %s", sid.c_str()); |