aboutsummaryrefslogtreecommitdiff
path: root/src/modules/m_spanningtree/hmac.cpp
diff options
context:
space:
mode:
authorGravatar danieldg2009-06-07 02:57:54 +0000
committerGravatar danieldg2009-06-07 02:57:54 +0000
commit885d37630ef4b5b69c26c6eb3fc97e9cd2e35eae (patch)
tree51624b6cb5e5bb06531bc127bb1d0cd465502641 /src/modules/m_spanningtree/hmac.cpp
parentDon't display locally bound SSL ports in SSL= (for hidden services and such) (diff)
Allow SSL fingerprint-based server authentication
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11404 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_spanningtree/hmac.cpp')
-rw-r--r--src/modules/m_spanningtree/hmac.cpp29
1 files changed, 23 insertions, 6 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 31f384c63..50b7db9df 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -128,16 +128,33 @@ std::string TreeSocket::RandString(unsigned int ilength)
return out;
}
-bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs)
+bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
{
- if (Utils->ChallengeResponse && !ourchallenge.empty() && !theirchallenge.empty())
+ this->auth_fingerprint = !link.Fingerprint.empty();
+ this->auth_challenge = !ourchallenge.empty() && !theirchallenge.empty();
+
+ const char* fp = NULL;
+ if (GetHook())
+ fp = BufferedSocketFingerprintRequest(this, Utils->Creator, GetHook()).Send();
+
+ if (fp)
+ ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
+
+ if (auth_fingerprint)
+ {
+ /* Require fingerprint to exist and match */
+ if (!fp || link.Fingerprint != std::string(fp))
+ return false;
+ }
+
+ if (auth_challenge)
{
- std::string our_hmac = this->MakePass(ours, ourchallenge);
+ std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
/* Straight string compare of hashes */
return our_hmac == theirs;
}
- else
- /* Straight string compare of plaintext */
- return ours == theirs;
+
+ /* Straight string compare of plaintext */
+ return link.RecvPass == theirs;
}