Committer : entrope
CVSROOT : /cvsroot/undernet-ircu
Module : ircu2.10
Branch tags: u2_10_12_branch
Commit time: 2006-05-06 23:40:36 UTC
Modified files:
Tag: u2_10_12_branch
ircd/s_auth.c ChangeLog
Log message:
Fix client password checks when iauth is disabled.
---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.710.2.93 ircu2.10/ChangeLog:1.710.2.94
--- ircu2.10/ChangeLog:1.710.2.93 Fri Apr 28 19:34:03 2006
+++ ircu2.10/ChangeLog Sat May 6 16:40:26 2006
@@ -1,3 +1,9 @@
+2006-05-06 Michael Poole <[EMAIL PROTECTED]>
+
+ * ircd/s_auth.c (AuthRequestFlag): Add AR_PASSWORD_CHECKED.
+ (check_auth_finished): Move password check out of iauth-only part
+ and use AR_PASSWORD_CHECKED to make sure we only check it once.
+
2006-04-28 Michael Poole <[EMAIL PROTECTED]>
* ircd/s_auth.c (AuthRequest): Clarify comment on 'timeout' field.
Index: ircu2.10/ircd/s_auth.c
diff -u ircu2.10/ircd/s_auth.c:1.37.2.8 ircu2.10/ircd/s_auth.c:1.37.2.9
--- ircu2.10/ircd/s_auth.c:1.37.2.8 Fri Apr 28 19:34:03 2006
+++ ircu2.10/ircd/s_auth.c Sat May 6 16:40:25 2006
@@ -31,7 +31,7 @@
*/
/** @file
* @brief Implementation of DNS and ident lookups.
- * @version $Id: s_auth.c,v 1.37.2.8 2006/04/29 02:34:03 entrope Exp $
+ * @version $Id: s_auth.c,v 1.37.2.9 2006/05/06 23:40:25 entrope Exp $
*/
#include "config.h"
@@ -83,6 +83,7 @@
AR_IAUTH_HURRY, /**< we told iauth to hurry up */
AR_IAUTH_USERNAME, /**< iauth sent a username (preferred or forced) */
AR_IAUTH_FUSERNAME, /**< iauth sent a forced username */
+ AR_PASSWORD_CHECKED, /**< client password already checked */
AR_NUM_FLAGS
};
@@ -378,30 +379,37 @@
&& preregister_user(auth->client))
return CPTR_KILLED;
+ /* If we have not done so, check client password. Do this as soon
+ * as possible so that iauth's challenge/response (which uses PASS
+ * for responses) is not confused with the client's password.
+ */
+ if (!FlagHas(&auth->flags, AR_PASSWORD_CHECKED))
+ {
+ struct ConfItem *aconf;
+
+ aconf = cli_confs(auth->client)->value.aconf;
+ if (!EmptyString(aconf->passwd)
+ && strcmp(cli_passwd(auth->client), aconf->passwd))
+ {
+ ServerStats->is_ref++;
+ send_reply(auth->client, ERR_PASSWDMISMATCH);
+ return exit_client(auth->client, auth->client, &me, "Bad Password");
+ }
+ FlagSet(&auth->flags, AR_PASSWORD_CHECKED);
+ }
+
/* Check if iauth is done. */
if (FlagHas(&auth->flags, AR_IAUTH_PENDING))
{
/* Switch auth request to hurry-up state. */
if (!FlagHas(&auth->flags, AR_IAUTH_HURRY))
{
- struct ConfItem* aconf;
-
/* Set "hurry" flag in auth request. */
FlagSet(&auth->flags, AR_IAUTH_HURRY);
- /* Check password now (to avoid challenge/response conflicts). */
- aconf = cli_confs(auth->client)->value.aconf;
- if (!EmptyString(aconf->passwd)
- && strcmp(cli_passwd(auth->client), aconf->passwd))
- {
- ServerStats->is_ref++;
- send_reply(auth->client, ERR_PASSWDMISMATCH);
- return exit_client(auth->client, auth->client, &me, "Bad Password");
- }
-
/* If iauth wants it, send notification. */
if (IAuthHas(iauth, IAUTH_UNDERNET))
- sendto_iauth(auth->client, "H %s", ConfClass(aconf));
+ sendto_iauth(auth->client, "H %s", get_client_class(auth->client));
/* If iauth wants it, give client more time. */
if (IAuthHas(iauth, IAUTH_EXTRAWAIT))
----------------------- End of diff -----------------------
_______________________________________________
Patches mailing list
[email protected]
http://undernet.sbg.org/mailman/listinfo/patches
