From 63b97b733aa7c8ee9779af0fd0ba6fe2951481b5 Mon Sep 17 00:00:00 2001 From: Michael Poole Date: Sat, 6 May 2006 23:40:26 +0000 Subject: [PATCH] Fix client password checks when iauth is disabled. git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1646 c9e4aea6-c8fd-4c43-8297-357d70d61c8c --- ChangeLog | 6 ++++++ ircd/s_auth.c | 34 +++++++++++++++++++++------------- 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 02ff6c2..fc55856 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2006-05-06 Michael Poole + + * ircd/s_auth.c (AuthRequestFlag): Add AR_PASSWORD_CHECKED. + (check_auth_finished): Move password check out of iauth-only part + and use AR_PASSWORD_CHECKED to make sure we only check it once. + 2006-04-28 Michael Poole * ircd/s_auth.c (AuthRequest): Clarify comment on 'timeout' field. diff --git a/ircd/s_auth.c b/ircd/s_auth.c index e64de67..e7d7acf 100644 --- a/ircd/s_auth.c +++ b/ircd/s_auth.c @@ -83,6 +83,7 @@ enum AuthRequestFlag { AR_IAUTH_HURRY, /**< we told iauth to hurry up */ AR_IAUTH_USERNAME, /**< iauth sent a username (preferred or forced) */ AR_IAUTH_FUSERNAME, /**< iauth sent a forced username */ + AR_PASSWORD_CHECKED, /**< client password already checked */ AR_NUM_FLAGS }; @@ -378,30 +379,37 @@ static int check_auth_finished(struct AuthRequest *auth, int send_reports) && preregister_user(auth->client)) return CPTR_KILLED; + /* If we have not done so, check client password. Do this as soon + * as possible so that iauth's challenge/response (which uses PASS + * for responses) is not confused with the client's password. + */ + if (!FlagHas(&auth->flags, AR_PASSWORD_CHECKED)) + { + struct ConfItem *aconf; + + aconf = cli_confs(auth->client)->value.aconf; + if (!EmptyString(aconf->passwd) + && strcmp(cli_passwd(auth->client), aconf->passwd)) + { + ServerStats->is_ref++; + send_reply(auth->client, ERR_PASSWDMISMATCH); + return exit_client(auth->client, auth->client, &me, "Bad Password"); + } + FlagSet(&auth->flags, AR_PASSWORD_CHECKED); + } + /* Check if iauth is done. */ if (FlagHas(&auth->flags, AR_IAUTH_PENDING)) { /* Switch auth request to hurry-up state. */ if (!FlagHas(&auth->flags, AR_IAUTH_HURRY)) { - struct ConfItem* aconf; - /* Set "hurry" flag in auth request. */ FlagSet(&auth->flags, AR_IAUTH_HURRY); - /* Check password now (to avoid challenge/response conflicts). */ - aconf = cli_confs(auth->client)->value.aconf; - if (!EmptyString(aconf->passwd) - && strcmp(cli_passwd(auth->client), aconf->passwd)) - { - ServerStats->is_ref++; - send_reply(auth->client, ERR_PASSWDMISMATCH); - return exit_client(auth->client, auth->client, &me, "Bad Password"); - } - /* If iauth wants it, send notification. */ if (IAuthHas(iauth, IAUTH_UNDERNET)) - sendto_iauth(auth->client, "H %s", ConfClass(aconf)); + sendto_iauth(auth->client, "H %s", get_client_class(auth->client)); /* If iauth wants it, give client more time. */ if (IAuthHas(iauth, IAUTH_EXTRAWAIT)) -- 2.20.1