]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_spanningtree/hmac.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove m_halfop from list in compat linking mode
[user/henk/code/inspircd.git] / src / modules / m_spanningtree / hmac.cpp
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index ad35a585f4a1294ffd008a165f7032a18f155301..bf98b16d127ca26b621f40524af96c744d8eeb99 100644 (file)
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -77,10 +77,10 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string
                }
 
                hmac2 += challenge;
-               hmac2 = HashRequest(Utils->Creator, sha256, hmac2).result;
+               hmac2 = HashRequest(Utils->Creator, sha256, hmac2).hex();
                
                std::string hmac = hmac1 + hmac2;
-               hmac = HashRequest(Utils->Creator, sha256, hmac).result;
+               hmac = HashRequest(Utils->Creator, sha256, hmac).hex();
 
                return "HMAC-SHA256:"+ hmac;
        }
@@ -132,10 +132,24 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
                if (req.cert)
                {
                        fp = req.cert->GetFingerprint();
-                       ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
                }
        }
 
+       if (auth_challenge)
+       {
+               std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
+
+               /* Straight string compare of hashes */
+               if (our_hmac != theirs)
+                       return false;
+       }
+       else
+       {
+               /* Straight string compare of plaintext */
+               if (link.RecvPass != theirs)
+                       return false;
+       }
+
        if (auth_fingerprint)
        {
                /* Require fingerprint to exist and match */
@@ -143,18 +157,13 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
                {
                        ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need '%s' got '%s'", 
                                link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
+                       SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
                        return false;
                }
        }
-
-       if (auth_challenge)
+       else if (!fp.empty())
        {
-               std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
-
-               /* Straight string compare of hashes */
-               return our_hmac == theirs;
+               ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is %s", link.Name.c_str(), fp.c_str());
        }
-
-       /* Straight string compare of plaintext */
-       return link.RecvPass == theirs;
+       return true;
 }