Add <oper:autologin> to allow SSL fingerprint-based automatic oper login

[user/henk/code/inspircd.git] / src / modules / m_spanningtree / hmac.cpp

diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 172883f3f01c1d8a155b90c1adca89b201206310..52128b17b6a43652c0d212ac5c9e702ce679a6d0 100644 (file)
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -25,8 +25,6 @@
 #include "treesocket.h"
 #include "resolvers.h"
 
-/* $ModDep: m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h m_hash.h */
-
 const std::string& TreeSocket::GetOurChallenge()
 {
        return capab->ourchallenge;
@@ -98,36 +96,6 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string
        return password;
 }
 
-std::string TreeSocket::RandString(unsigned int ilength)
-{
-       char* randombuf = new char[ilength+1];
-       std::string out;
-#ifndef WINDOWS
-       int f = open("/dev/urandom", O_RDONLY, 0);
-
-       if (f >= 0)
-       {
-               if (read(f, randombuf, ilength) < (int)ilength)
-                       ServerInstance->Logs->Log("m_spanningtree", DEFAULT, "Entropy source has gone predictable (did not return enough data)");
-               close(f);
-       }
-       else
-#endif
-       {
-               for (unsigned int i = 0; i < ilength; i++)
-                       randombuf[i] = rand();
-       }
-
-       for (unsigned int i = 0; i < ilength; i++)
-       {
-               char randchar = static_cast<char>(0x3F + (randombuf[i] & 0x3F));
-               out += randchar;
-       }
-
-       delete[] randombuf;
-       return out;
-}
-
 bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 {
        capab->auth_fingerprint = !link.Fingerprint.empty();
@@ -136,7 +104,7 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
        std::string fp;
        if (GetIOHook())
        {
-               SocketCertificateRequest req(this, Utils->Creator, GetIOHook());
+               SocketCertificateRequest req(this, Utils->Creator);
                if (req.cert)
                {
                        fp = req.cert->GetFingerprint();
@@ -163,7 +131,7 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
                /* Require fingerprint to exist and match */
                if (link.Fingerprint != fp)
                {
-                       ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need '%s' got '%s'", 
+                       ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need \"%s\" got \"%s\"",
                                link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
                        SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
                        return false;
@@ -171,7 +139,8 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
        }
        else if (!fp.empty())
        {
-               ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is %s", link.Name.c_str(), fp.c_str());
+               ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". "
+                       "You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
        }
        return true;
 }