]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_spanningtree/hmac.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove m_halfop from list in compat linking mode
[user/henk/code/inspircd.git] / src / modules / m_spanningtree / hmac.cpp
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 335972003e75f1cf76259982857290e93ae560c7..bf98b16d127ca26b621f40524af96c744d8eeb99 100644 (file)
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -14,8 +14,8 @@
 #include "inspircd.h"
 #include "socket.h"
 #include "xline.h"
-#include "../transport.h"
 #include "../m_hash.h"
+#include "../ssl.h"
 #include "socketengine.h"
 
 #include "main.h"
@@ -24,7 +24,6 @@
 #include "link.h"
 #include "treesocket.h"
 #include "resolvers.h"
-#include "handshaketimer.h"
 
 /* $ModDep: m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h m_hash.h */
 
@@ -78,12 +77,10 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string
                }
 
                hmac2 += challenge;
-               HashResetRequest(Utils->Creator, sha256).Send();
-               hmac2 = HashSumRequest(Utils->Creator, sha256, hmac2).Send();
-
-               HashResetRequest(Utils->Creator, sha256).Send();
+               hmac2 = HashRequest(Utils->Creator, sha256, hmac2).hex();
+               
                std::string hmac = hmac1 + hmac2;
-               hmac = HashSumRequest(Utils->Creator, sha256, hmac).Send();
+               hmac = HashRequest(Utils->Creator, sha256, hmac).hex();
 
                return "HMAC-SHA256:"+ hmac;
        }
@@ -129,32 +126,44 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
        this->auth_challenge = !ourchallenge.empty() && !theirchallenge.empty();
 
        std::string fp;
-       if (GetHook())
+       if (GetIOHook())
        {
-               BufferedSocketCertificateRequest req(this, Utils->Creator, GetHook());
-               req.Send();
+               SSLCertificateRequest req(this, Utils->Creator);
                if (req.cert)
                {
                        fp = req.cert->GetFingerprint();
-                       ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
                }
        }
 
+       if (auth_challenge)
+       {
+               std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
+
+               /* Straight string compare of hashes */
+               if (our_hmac != theirs)
+                       return false;
+       }
+       else
+       {
+               /* Straight string compare of plaintext */
+               if (link.RecvPass != theirs)
+                       return false;
+       }
+
        if (auth_fingerprint)
        {
                /* Require fingerprint to exist and match */
                if (link.Fingerprint != fp)
+               {
+                       ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need '%s' got '%s'", 
+                               link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
+                       SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
                        return false;
+               }
        }
-
-       if (auth_challenge)
+       else if (!fp.empty())
        {
-               std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
-
-               /* Straight string compare of hashes */
-               return our_hmac == theirs;
+               ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is %s", link.Name.c_str(), fp.c_str());
        }
-
-       /* Straight string compare of plaintext */
-       return link.RecvPass == theirs;
+       return true;
 }