diff options
| author | 2009-06-07 02:57:54 +0000 | |
|---|---|---|
| committer | 2009-06-07 02:57:54 +0000 | |
| commit | 885d37630ef4b5b69c26c6eb3fc97e9cd2e35eae (patch) | |
| tree | 51624b6cb5e5bb06531bc127bb1d0cd465502641 /src/modules/m_spanningtree/hmac.cpp | |
| parent | Don't display locally bound SSL ports in SSL= (for hidden services and such) (diff) | |
Allow SSL fingerprint-based server authentication
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11404 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_spanningtree/hmac.cpp')
| -rw-r--r-- | src/modules/m_spanningtree/hmac.cpp | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 31f384c63..50b7db9df 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -128,16 +128,33 @@ std::string TreeSocket::RandString(unsigned int ilength) return out; } -bool TreeSocket::ComparePass(const std::string &ours, const std::string &theirs) +bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) { - if (Utils->ChallengeResponse && !ourchallenge.empty() && !theirchallenge.empty()) + this->auth_fingerprint = !link.Fingerprint.empty(); + this->auth_challenge = !ourchallenge.empty() && !theirchallenge.empty(); + + const char* fp = NULL; + if (GetHook()) + fp = BufferedSocketFingerprintRequest(this, Utils->Creator, GetHook()).Send(); + + if (fp) + ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp); + + if (auth_fingerprint) + { + /* Require fingerprint to exist and match */ + if (!fp || link.Fingerprint != std::string(fp)) + return false; + } + + if (auth_challenge) { - std::string our_hmac = this->MakePass(ours, ourchallenge); + std::string our_hmac = MakePass(link.RecvPass, ourchallenge); /* Straight string compare of hashes */ return our_hmac == theirs; } - else - /* Straight string compare of plaintext */ - return ours == theirs; + + /* Straight string compare of plaintext */ + return link.RecvPass == theirs; } |
