Push password comparison logic into ComparePass, fixes authentication bug noticed by HiroP

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11195 e03df62e-2008-0410-955e-edbf42e46eb7
author: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-03-10 16:15:29 +0000
committer: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-03-10 16:15:29 +0000
commit: 63041954b1cfda4aaf1e89d4b16fb6d1411caa3e (patch)
tree: 33cabfd60aa16958f36c9600e75de1bd17e03739 /src/modules
parent: 5a5a061c48af830ca90b699993cac079a9311b08 (diff)
2 files changed, 7 insertions, 13 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 74462fe1c..6dceafe22 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -130,16 +130,12 @@ std::string TreeSocket::RandString(unsigned int ilength)
 
 bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs)
 {
-	if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12)))
+	if (Utils->ChallengeResponse)
 	{
-		/* One or both of us specified hmac sha256, but we don't have sha256 module loaded!
-		 * We can't allow this password as valid.
-		  */
-		if (!ServerInstance->Modules->Find("m_sha256.so") || !Utils->ChallengeResponse)
-			return false;
-		else
-			/* Straight string compare of hashes */
-			return ours == theirs;
+		std::string our_hmac = this->MakePass(ours, this->GetOurChallenge());
+
+		/* Straight string compare of hashes */
+		return our_hmac == theirs;
 	}
 	else
 		/* Straight string compare of plaintext */
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index e7aef1451..da44452ba 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -128,8 +128,7 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
 		if (x->Name != servername && x->Name != "*") // open link allowance
 			continue;
 
-		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
-			(x->RecvPass != password && this->GetTheirChallenge().empty()))
+		if (!ComparePass(x->RecvPass, password))
 		{
 			this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
 			continue;
@@ -226,8 +225,7 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
 		if (x->Name != servername && x->Name != "*") // open link allowance
 			continue;
 
-		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
-			(x->RecvPass != password && this->GetTheirChallenge().empty()))
+		if (!ComparePass(x->RecvPass, password))
 		{
 			this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
 			continue;
author	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-03-10 16:15:29 +0000
committer	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-03-10 16:15:29 +0000
commit	63041954b1cfda4aaf1e89d4b16fb6d1411caa3e (patch)
tree	33cabfd60aa16958f36c9600e75de1bd17e03739 /src/modules
parent	5a5a061c48af830ca90b699993cac079a9311b08 (diff)