summaryrefslogtreecommitdiff
path: root/src/modules/m_spanningtree/server.cpp
diff options
context:
space:
mode:
authorGravatar brain2008-04-08 23:27:49 +0000
committerGravatar brain2008-04-08 23:27:49 +0000
commit2e1cd4fb317ca2f0bd453b8c43670ff6adb3bb8f (patch)
tree61b22f9cb45ececa4cb4087ffad65d8fb23e4c80 /src/modules/m_spanningtree/server.cpp
parentAllow remote users to bypass Q:Line (why on earth wasn't this the case) (diff)
Fix authentication logic, someone forgot to change an || to an &&, because we use continue now the logic is reversed, we continue if auth method one fails AND auth method two fails
(instead of if auth method one fails OR auth method two fails) Also, fix bug where credentials of outbound server are leaked on successful auth to other ircds behind it git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9437 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_spanningtree/server.cpp')
-rw-r--r--src/modules/m_spanningtree/server.cpp19
1 files changed, 15 insertions, 4 deletions
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index b609202d5..55bb98008 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -130,9 +130,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
if (x->Name != servername && x->Name != "*") // open link allowance
continue;
- if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) ||
- (x->RecvPass != password && !this->GetTheirChallenge().empty()))
+ if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+ (x->RecvPass != password && this->GetTheirChallenge().empty()))
+ {
+ this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
continue;
+ }
TreeServer* CheckDupe = Utils->FindServer(sname);
if (CheckDupe)
@@ -163,7 +166,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
Utils->TreeRoot->AddChild(Node);
params[4] = ":" + params[4];
+
+
+ /* IMPORTANT: Take password/hmac hash OUT of here before we broadcast the introduction! */
+ params[1] = "*";
Utils->DoOneToAllButSender(Instance->Config->GetSID(),"SERVER",params,sname);
+
Node->bursting = true;
this->DoBurst(Node);
return true;
@@ -218,9 +226,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
if (x->Name != servername && x->Name != "*") // open link allowance
continue;
- if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) ||
- (x->RecvPass != password && !this->GetTheirChallenge().empty()))
+ if (!ComparePass(this->MakePass(x->RecvPass, this->GetOurChallenge()), password) &&
+ (x->RecvPass != password && this->GetTheirChallenge().empty()))
+ {
+ this->Instance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str());
continue;
+ }
/* Check for fully initialized instances of the server by id */
Instance->Logs->Log("m_spanningtree",DEBUG,"Looking for dupe SID %s", sid.c_str());