X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_spanningtree%2Ftreesocket2.cpp;h=6c0418a0bd9a9bb414c86bc2741be8f5d4049aa1;hb=7f00015727fab50e37de46aa90d218b31c852c87;hp=1e915cddcdb9376784c835b2259b750c70917074;hpb=663a113180ceeab1fe5e86412de3c2afc1e23d4f;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp index 1e915cddc..6c0418a0b 100644 --- a/src/modules/m_spanningtree/treesocket2.cpp +++ b/src/modules/m_spanningtree/treesocket2.cpp @@ -814,6 +814,24 @@ bool TreeSocket::RemoteServer(const std::string &prefix, std::deque return true; } +bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs) +{ + if ((!strncmp(ours.c_str(), "HMAC-SHA256:", 12)) || (!strncmp(theirs.c_str(), "HMAC-SHA256:", 12))) + { + /* One or both of us specified hmac sha256, but we don't have sha256 module loaded! + * We can't allow this password as valid. + */ + if (!Instance->FindModule("m_sha256.so") || !Utils->ChallengeResponse) + return false; + else + /* Straight string compare of hashes */ + return ours == theirs; + } + else + /* Straight string compare of plaintext */ + return ours == theirs; +} + bool TreeSocket::Outbound_Reply_Server(std::deque ¶ms) { if (params.size() < 4) @@ -833,7 +851,7 @@ bool TreeSocket::Outbound_Reply_Server(std::deque ¶ms) std::string description = params[3]; for (std::vector::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) { - if ((x->Name == servername) && (x->RecvPass == password)) + if ((x->Name == servername) && (ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password))) { TreeServer* CheckDupe = Utils->FindServer(sname); if (CheckDupe) @@ -882,7 +900,7 @@ bool TreeSocket::Inbound_Server(std::deque ¶ms) std::string description = params[3]; for (std::vector::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) { - if ((x->Name == servername) && (x->RecvPass == password)) + if ((x->Name == servername) && (ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password))) { TreeServer* CheckDupe = Utils->FindServer(sname); if (CheckDupe) @@ -902,7 +920,7 @@ bool TreeSocket::Inbound_Server(std::deque ¶ms) this->InboundDescription = description; // this is good. Send our details: Our server name and description and hopcount of 0, // along with the sendpass from this block. - this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+this->MakePass(x->SendPass)+" 0 :"+this->Instance->Config->ServerDesc); + this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+this->MakePass(x->SendPass, this->GetTheirChallenge())+" 0 :"+this->Instance->Config->ServerDesc); // move to the next state, we are now waiting for THEM. this->LinkState = WAIT_AUTH_2; return true; @@ -1069,6 +1087,10 @@ bool TreeSocket::ProcessLine(std::string &line) { return this->Error(params); } + else if (command == "CAPAB") + { + return this->Capab(params); + } break; case CONNECTED: // This is the 'authenticated' state, when all passwords