X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_spanningtree%2Fserver.cpp;h=40e12b03a1302b5ffb02c0bff09a0cc4656ebe87;hb=2d4a319d961e3f9e6aa9f7926f9ed320d72de8da;hp=bab3d9adb8e03a602f254726898b77e4b1a27c1e;hpb=eae1a96c3651a3bd1f7948e041c5c83459d2f4b5;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index bab3d9adb..40e12b03a 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -22,13 +22,11 @@
 
 #include "m_spanningtree/main.h"
 #include "m_spanningtree/utils.h"
-#include "m_spanningtree/treeserver.h"
 #include "m_spanningtree/link.h"
+#include "m_spanningtree/treeserver.h"
 #include "m_spanningtree/treesocket.h"
-#include "m_spanningtree/resolvers.h"
-#include "m_spanningtree/handshaketimer.h"
 
-/* $ModDep: m_spanningtree/timesynctimer.h m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h */
+/* $ModDep: m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/treesocket.h m_spanningtree/link.h */
 
 /*
  * Some server somewhere in the network introducing another server.
@@ -130,9 +128,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
 		if (x->Name != servername && x->Name != "*") // open link allowance
 			continue;
 
-		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge(), password)) ||
-			x->RecvPass != password && !this->GetTheirChallenge().empty())
+		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+			(x->RecvPass != password && this->GetTheirChallenge().empty()))
+		{
+			this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
 			continue;
+		}
 
 		TreeServer* CheckDupe = Utils->FindServer(sname);
 		if (CheckDupe)
@@ -163,13 +164,18 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
 
 		Utils->TreeRoot->AddChild(Node);
 		params[4] = ":" + params[4];
+
+
+		/* IMPORTANT: Take password/hmac hash OUT of here before we broadcast the introduction! */
+		params[1] = "*";
 		Utils->DoOneToAllButSender(Instance->Config->GetSID(),"SERVER",params,sname);
+
 		Node->bursting = true;
 		this->DoBurst(Node);
 		return true;
 	}
 
-	this->SendError("Invalid credentials");
+	this->SendError("Invalid credentials (check the other server's linking snomask for more information)");
 	this->Instance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials");
 	return false;
 }
@@ -218,9 +224,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
 		if (x->Name != servername && x->Name != "*") // open link allowance
 			continue;
 
-		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge(), password)) ||
-			x->RecvPass != password && !this->GetTheirChallenge().empty())
+		if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+			(x->RecvPass != password && this->GetTheirChallenge().empty()))
+		{
+			this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
 			continue;
+		}
 
 		/* Check for fully initialized instances of the server by id */
 		Instance->Logs->Log("m_spanningtree",DEBUG,"Looking for dupe SID %s", sid.c_str());