]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_spanningtree/hmac.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove m_halfop from list in compat linking mode
[user/henk/code/inspircd.git] / src / modules / m_spanningtree / hmac.cpp
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index b7cddc47ac750ce23ef349f043a830a051202a0a..bf98b16d127ca26b621f40524af96c744d8eeb99 100644 (file)
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -14,8 +14,8 @@
 #include "inspircd.h"
 #include "socket.h"
 #include "xline.h"
-#include "../transport.h"
 #include "../m_hash.h"
+#include "../ssl.h"
 #include "socketengine.h"
 
 #include "main.h"
@@ -24,7 +24,6 @@
 #include "link.h"
 #include "treesocket.h"
 #include "resolvers.h"
-#include "handshaketimer.h"
 
 /* $ModDep: m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h m_hash.h */
 
@@ -78,12 +77,10 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string
                }
 
                hmac2 += challenge;
-               HashResetRequest(Utils->Creator, sha256).Send();
-               hmac2 = HashSumRequest(Utils->Creator, sha256, hmac2).Send();
-
-               HashResetRequest(Utils->Creator, sha256).Send();
+               hmac2 = HashRequest(Utils->Creator, sha256, hmac2).hex();
+               
                std::string hmac = hmac1 + hmac2;
-               hmac = HashSumRequest(Utils->Creator, sha256, hmac).Send();
+               hmac = HashRequest(Utils->Creator, sha256, hmac).hex();
 
                return "HMAC-SHA256:"+ hmac;
        }
@@ -131,15 +128,28 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
        std::string fp;
        if (GetIOHook())
        {
-               BufferedSocketCertificateRequest req(this, Utils->Creator, GetIOHook());
-               req.Send();
+               SSLCertificateRequest req(this, Utils->Creator);
                if (req.cert)
                {
                        fp = req.cert->GetFingerprint();
-                       ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
                }
        }
 
+       if (auth_challenge)
+       {
+               std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
+
+               /* Straight string compare of hashes */
+               if (our_hmac != theirs)
+                       return false;
+       }
+       else
+       {
+               /* Straight string compare of plaintext */
+               if (link.RecvPass != theirs)
+                       return false;
+       }
+
        if (auth_fingerprint)
        {
                /* Require fingerprint to exist and match */
@@ -147,18 +157,13 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
                {
                        ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need '%s' got '%s'", 
                                link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
+                       SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
                        return false;
                }
        }
-
-       if (auth_challenge)
+       else if (!fp.empty())
        {
-               std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
-
-               /* Straight string compare of hashes */
-               return our_hmac == theirs;
+               ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is %s", link.Name.c_str(), fp.c_str());
        }
-
-       /* Straight string compare of plaintext */
-       return link.RecvPass == theirs;
+       return true;
 }