Fix client password checks when iauth is disabled.

git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1646 c9e4aea6-c8fd-4c43-8297-357d70d61c8c

diff --git a/ChangeLog b/ChangeLog
index 02ff6c2c495a4b73cf649c4e14e9b0552616a3e8..fc55856c0f5e9a9ca0f6eded760d22ae1b6c79a9 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-05-06  Michael Poole <mdpoole@troilus.org>
+
+       * ircd/s_auth.c (AuthRequestFlag): Add AR_PASSWORD_CHECKED.
+       (check_auth_finished): Move password check out of iauth-only part
+       and use AR_PASSWORD_CHECKED to make sure we only check it once.
+
 2006-04-28  Michael Poole <mdpoole@troilus.org>
 
        * ircd/s_auth.c (AuthRequest): Clarify comment on 'timeout' field.

diff --git a/ircd/s_auth.c b/ircd/s_auth.c
index e64de671bbb9ddecf855b14570263192d3c5eb52..e7d7acfe98034c615093d5cd7cc30701feba0703 100644 (file)
--- a/ircd/s_auth.c
+++ b/ircd/s_auth.c
@@ -83,6 +83,7 @@ enum AuthRequestFlag {
     AR_IAUTH_HURRY,     /**< we told iauth to hurry up */
     AR_IAUTH_USERNAME,  /**< iauth sent a username (preferred or forced) */
     AR_IAUTH_FUSERNAME, /**< iauth sent a forced username */
+    AR_PASSWORD_CHECKED, /**< client password already checked */
     AR_NUM_FLAGS
 };
 
@@ -378,30 +379,37 @@ static int check_auth_finished(struct AuthRequest *auth, int send_reports)
       && preregister_user(auth->client))
     return CPTR_KILLED;
 
+  /* If we have not done so, check client password.  Do this as soon
+   * as possible so that iauth's challenge/response (which uses PASS
+   * for responses) is not confused with the client's password.
+   */
+  if (!FlagHas(&auth->flags, AR_PASSWORD_CHECKED))
+  {
+    struct ConfItem *aconf;
+
+    aconf = cli_confs(auth->client)->value.aconf;
+    if (!EmptyString(aconf->passwd)
+        && strcmp(cli_passwd(auth->client), aconf->passwd))
+    {
+      ServerStats->is_ref++;
+      send_reply(auth->client, ERR_PASSWDMISMATCH);
+      return exit_client(auth->client, auth->client, &me, "Bad Password");
+    }
+    FlagSet(&auth->flags, AR_PASSWORD_CHECKED);
+  }
+
   /* Check if iauth is done. */
   if (FlagHas(&auth->flags, AR_IAUTH_PENDING))
   {
     /* Switch auth request to hurry-up state. */
     if (!FlagHas(&auth->flags, AR_IAUTH_HURRY))
     {
-      struct ConfItem* aconf;
-
       /* Set "hurry" flag in auth request. */
       FlagSet(&auth->flags, AR_IAUTH_HURRY);
 
-      /* Check password now (to avoid challenge/response conflicts). */
-      aconf = cli_confs(auth->client)->value.aconf;
-      if (!EmptyString(aconf->passwd)
-          && strcmp(cli_passwd(auth->client), aconf->passwd))
-      {
-        ServerStats->is_ref++;
-        send_reply(auth->client, ERR_PASSWDMISMATCH);
-        return exit_client(auth->client, auth->client, &me, "Bad Password");
-      }
-
       /* If iauth wants it, send notification. */
       if (IAuthHas(iauth, IAUTH_UNDERNET))
-        sendto_iauth(auth->client, "H %s", ConfClass(aconf));
+        sendto_iauth(auth->client, "H %s", get_client_class(auth->client));
 
       /* If iauth wants it, give client more time. */
       if (IAuthHas(iauth, IAUTH_EXTRAWAIT))