X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_spanningtree%2Ftreesocket1.cpp;h=acc6c7fe2f4cf9fa22d3a18b848f1f928cfda414;hb=715074dd10079a3ed846e8815290ba0d13cd4bd8;hp=836fc34772aaab3a581e33337341054905a61d11;hpb=96798509aca60b4359bb0e1e697a751cce0d6b51;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_spanningtree/treesocket1.cpp b/src/modules/m_spanningtree/treesocket1.cpp index 836fc3477..acc6c7fe2 100644 --- a/src/modules/m_spanningtree/treesocket1.cpp +++ b/src/modules/m_spanningtree/treesocket1.cpp @@ -35,6 +35,7 @@ /* $ModDep: m_spanningtree/timesynctimer.h m_spanningtree/resolvers.h m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/link.h m_spanningtree/treesocket.h m_hash.h */ + /** Because most of the I/O gubbins are encapsulated within * InspSocket, we just call the superclass constructor for * most of the action, and append a few of our own values @@ -75,7 +76,7 @@ TreeSocket::TreeSocket(SpanningTreeUtilities* Util, InspIRCd* SI, int newfd, cha if (Hook) InspSocketHookRequest(this, (Module*)Utils->Creator, Hook).Send(); - Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(Utils->LinkBlocks[0]), this->Utils)); + Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(Utils->LinkBlocks[0]), this->Utils, 1)); } ServerState TreeSocket::GetLinkState() @@ -101,7 +102,6 @@ const std::string& TreeSocket::GetOurChallenge() void TreeSocket::SetOurChallenge(const std::string &c) { - Instance->Log(DEBUG,"SetOurChallenge: "+c); this->ourchallenge = c; } @@ -112,7 +112,6 @@ const std::string& TreeSocket::GetTheirChallenge() void TreeSocket::SetTheirChallenge(const std::string &c) { - Instance->Log(DEBUG,"SetTheirChallenge: "+c); this->theirchallenge = c; } @@ -125,9 +124,17 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string * HMAC challenge/response. */ Module* sha256 = Instance->FindModule("m_sha256.so"); - if (sha256 && !challenge.empty()) + if (Utils->ChallengeResponse && sha256 && !challenge.empty()) { - /* sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) ) */ + /* XXX: This is how HMAC is supposed to be done: + * + * sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) ) + * + * Note that we are encoding the hex hash, not the binary + * output of the hash which is slightly different to standard. + * + * Don't ask me why its always 0x5c and 0x36... it just is. + */ std::string hmac1, hmac2; for (size_t n = 0; n < password.length(); n++) @@ -174,7 +181,7 @@ bool TreeSocket::OnConnected() } this->OutboundPass = x->SendPass; /* found who we're supposed to be connecting to, send the neccessary gubbins. */ - Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(*x), this->Utils)); + Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(*x), this->Utils, 2)); return true; } } @@ -258,9 +265,25 @@ std::string TreeSocket::MyCapabilities() std::string TreeSocket::RandString(unsigned int length) { + char* randombuf = new char[length+1]; std::string out; + int fd = open("/dev/urandom", O_RDONLY, 0); + + if (fd >= 0) + { + read(fd, randombuf, length); + close(fd); + } + else + { + for (unsigned int i = 0; i < length; i++) + randombuf[i] = rand(); + } + for (unsigned int i = 0; i < length; i++) - out += static_cast((rand() % 26) + 65); + out += static_cast((randombuf[i] & 0x7F) | 0x21); + + delete[] randombuf; return out; } @@ -296,8 +319,15 @@ void TreeSocket::SendCapabilities() #ifdef SUPPORT_IP6LINKS ip6support = 1; #endif - this->SetOurChallenge(RandString(20)); - this->WriteLine("CAPAB CAPABILITIES :NICKMAX="+ConvToStr(NICKMAX)+" HALFOP="+ConvToStr(this->Instance->Config->AllowHalfop)+" CHANMAX="+ConvToStr(CHANMAX)+" MAXMODES="+ConvToStr(MAXMODES)+" IDENTMAX="+ConvToStr(IDENTMAX)+" MAXQUIT="+ConvToStr(MAXQUIT)+" MAXTOPIC="+ConvToStr(MAXTOPIC)+" MAXKICK="+ConvToStr(MAXKICK)+" MAXGECOS="+ConvToStr(MAXGECOS)+" MAXAWAY="+ConvToStr(MAXAWAY)+" IP6NATIVE="+ConvToStr(ip6)+" IP6SUPPORT="+ConvToStr(ip6support)+" PROTOCOL="+ConvToStr(ProtocolVersion)+" CHALLENGE="+this->GetOurChallenge()); + std::string extra; + /* Do we have sha256 available? If so, we send a challenge */ + if (Utils->ChallengeResponse && (Instance->FindModule("m_sha256.so"))) + { + this->SetOurChallenge(RandString(20)); + extra = " CHALLENGE=" + this->GetOurChallenge(); + } + + this->WriteLine("CAPAB CAPABILITIES :NICKMAX="+ConvToStr(NICKMAX)+" HALFOP="+ConvToStr(this->Instance->Config->AllowHalfop)+" CHANMAX="+ConvToStr(CHANMAX)+" MAXMODES="+ConvToStr(MAXMODES)+" IDENTMAX="+ConvToStr(IDENTMAX)+" MAXQUIT="+ConvToStr(MAXQUIT)+" MAXTOPIC="+ConvToStr(MAXTOPIC)+" MAXKICK="+ConvToStr(MAXKICK)+" MAXGECOS="+ConvToStr(MAXGECOS)+" MAXAWAY="+ConvToStr(MAXAWAY)+" IP6NATIVE="+ConvToStr(ip6)+" IP6SUPPORT="+ConvToStr(ip6support)+" PROTOCOL="+ConvToStr(ProtocolVersion)+extra); this->WriteLine("CAPAB END"); } @@ -408,7 +438,7 @@ bool TreeSocket::Capab(const std::deque ¶ms) /* Challenge response, store their challenge for our password */ std::map::iterator n = this->CapKeys.find("CHALLENGE"); - if (n != this->CapKeys.end()) + if (Utils->ChallengeResponse && (n != this->CapKeys.end()) && (Instance->FindModule("m_sha256.so"))) { /* Challenge-response is on now */ this->SetTheirChallenge(n->second); @@ -417,6 +447,12 @@ bool TreeSocket::Capab(const std::deque ¶ms) this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+this->MakePass(OutboundPass, this->GetTheirChallenge())+" 0 :"+this->Instance->Config->ServerDesc); } } + else + { + /* They didnt specify a challenge or we don't have m_sha256.so, we use plaintext */ + if (this->LinkState == CONNECTING) + this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+OutboundPass+" 0 :"+this->Instance->Config->ServerDesc); + } if (reason.length()) { @@ -1259,11 +1295,10 @@ void TreeSocket::SendUsers(TreeServer* Current) */ void TreeSocket::DoBurst(TreeServer* s) { + std::string name = s->GetName(); std::string burst = "BURST "+ConvToStr(Instance->Time(true)); std::string endburst = "ENDBURST"; - // Because by the end of the netburst, it could be gone! - std::string name = s->GetName(); - this->Instance->SNO->WriteToSnoMask('l',"Bursting to \2"+name+"\2."); + this->Instance->SNO->WriteToSnoMask('l',"Bursting to \2%s\2 (Authentication: %s).", name.c_str(), this->GetTheirChallenge().empty() ? "plaintext password" : "SHA256-HMAC challenge-response"); this->WriteLine(burst); /* send our version string */ this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" VERSION :"+this->Instance->GetVersionString());