]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_spanningtree/treesocket2.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add config <options:disablehmac> to support disabling of HMAC, and tidy up to detect...
[user/henk/code/inspircd.git] / src / modules / m_spanningtree / treesocket2.cpp
diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp
index 1aa4fc8c71d252968b258f44578ef2047f7f4fe2..6c0418a0bd9a9bb414c86bc2741be8f5d4049aa1 100644 (file)
--- a/src/modules/m_spanningtree/treesocket2.cpp
+++ b/src/modules/m_spanningtree/treesocket2.cpp
@@ -814,6 +814,24 @@ bool TreeSocket::RemoteServer(const std::string &prefix, std::deque<std::string>
        return true;
 }
 
+bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs)
+{
+       if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12)))
+       {
+               /* One or both of us specified hmac sha256, but we don't have sha256 module loaded!
+                * We can't allow this password as valid.
+                */
+               if (!Instance->FindModule("m_sha256.so") || !Utils->ChallengeResponse)
+                               return false;
+               else
+                       /* Straight string compare of hashes */
+                       return ours == theirs;
+       }
+       else
+               /* Straight string compare of plaintext */
+               return ours == theirs;
+}
+
 bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
 {
        if (params.size() < 4)
@@ -833,7 +851,7 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
        std::string description = params[3];
        for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++)
        {
-               if ((x->Name == servername) && (this->MakePass(x->RecvPass,this->GetOurChallenge()) == this->MakePass(password,this->GetOurChallenge())))
+               if ((x->Name == servername) && (ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password)))
                {
                        TreeServer* CheckDupe = Utils->FindServer(sname);
                        if (CheckDupe)
@@ -882,7 +900,7 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
        std::string description = params[3];
        for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++)
        {
-               if ((x->Name == servername) && (this->MakePass(x->RecvPass,this->GetOurChallenge()) == this->MakePass(password,this->GetOurChallenge())))
+               if ((x->Name == servername) && (ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password)))
                {
                        TreeServer* CheckDupe = Utils->FindServer(sname);
                        if (CheckDupe)
@@ -1069,6 +1087,10 @@ bool TreeSocket::ProcessLine(std::string &line)
                        {
                                return this->Error(params);
                        }
+                       else if (command == "CAPAB")
+                       {
+                               return this->Capab(params);
+                       }
                break;
                case CONNECTED:
                        // This is the 'authenticated' state, when all passwords