]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_spanningtree/hmac.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix a bunch of weird indentation and spacing issues.
[user/henk/code/inspircd.git] / src / modules / m_spanningtree / hmac.cpp
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 15cfbc37a0af1e592bc98c147ac7a9430996539e..07062f0726b4ecfe9861e690982c47439323d7bd 100644 (file)
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -1,7 +1,13 @@
 /*
  * InspIRCd -- Internet Relay Chat Daemon
  *
+ *   Copyright (C) 2014 Matthew Martin <phy1729@gmail.com>
+ *   Copyright (C) 2013-2014 Attila Molnar <attilamolnar@hush.com>
+ *   Copyright (C) 2013 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2012 Robby <robby@chatbelgie.be>
+ *   Copyright (C) 2010 Craig Edwards <brain@inspircd.org>
  *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2009 Uli Schlachter <psychon@inspircd.org>
  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
  *
  * This file is part of InspIRCd.  InspIRCd is free software: you can
@@ -75,31 +81,35 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
                /* Require fingerprint to exist and match */
                if (link.Fingerprint != fp)
                {
-                       ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need \"%s\" got \"%s\"",
+                       ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL certificate fingerprint on link %s: need \"%s\" got \"%s\"",
                                link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
-                       SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
+                       SendError("Invalid SSL certificate fingerprint " + fp + " - expected " + link.Fingerprint);
                        return false;
                }
        }
-       else if (!fp.empty())
-       {
-               ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". "
-                       "You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
-       }
 
        if (capab->auth_challenge)
        {
                std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge);
 
-               /* Straight string compare of hashes */
-               if (our_hmac != theirs)
+               // Use the timing-safe compare function to compare the hashes
+               if (!InspIRCd::TimingSafeCompare(our_hmac, theirs))
                        return false;
        }
        else
        {
-               /* Straight string compare of plaintext */
-               if (link.RecvPass != theirs)
+               // Use the timing-safe compare function to compare the passwords
+               if (!InspIRCd::TimingSafeCompare(link.RecvPass, theirs))
                        return false;
        }
+
+       // Tell opers to set up fingerprint verification if it's not already set up and the SSL mod gave us a fingerprint
+       // this time
+       if ((!capab->auth_fingerprint) && (!fp.empty()))
+       {
+               ServerInstance->SNO->WriteToSnoMask('l', "SSL certificate fingerprint for link %s is \"%s\". "
+                       "You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
+       }
+
        return true;
 }