From 63041954b1cfda4aaf1e89d4b16fb6d1411caa3e Mon Sep 17 00:00:00 2001 From: danieldg Date: Tue, 10 Mar 2009 16:15:29 +0000 Subject: Push password comparison logic into ComparePass, fixes authentication bug noticed by HiroP git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11195 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/m_spanningtree/hmac.cpp | 14 +++++--------- src/modules/m_spanningtree/server.cpp | 6 ++---- 2 files changed, 7 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 74462fe1c..6dceafe22 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -130,16 +130,12 @@ std::string TreeSocket::RandString(unsigned int ilength) bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs) { - if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12))) + if (Utils->ChallengeResponse) { - /* One or both of us specified hmac sha256, but we don't have sha256 module loaded! - * We can't allow this password as valid. - */ - if (!ServerInstance->Modules->Find("m_sha256.so") || !Utils->ChallengeResponse) - return false; - else - /* Straight string compare of hashes */ - return ours == theirs; + std::string our_hmac = this->MakePass(ours, this->GetOurChallenge()); + + /* Straight string compare of hashes */ + return our_hmac == theirs; } else /* Straight string compare of plaintext */ diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index e7aef1451..da44452ba 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -128,8 +128,7 @@ bool TreeSocket::Outbound_Reply_Server(std::deque ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && - (x->RecvPass != password && this->GetTheirChallenge().empty())) + if (!ComparePass(x->RecvPass, password)) { this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; @@ -226,8 +225,7 @@ bool TreeSocket::Inbound_Server(std::deque ¶ms) if (x->Name != servername && x->Name != "*") // open link allowance continue; - if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) && - (x->RecvPass != password && this->GetTheirChallenge().empty())) + if (!ComparePass(x->RecvPass, password)) { this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); continue; -- cgit v1.2.3