|
@@ -2159,16 +2159,45 @@ func passHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Resp
|
2159
|
2159
|
rb.Add(nil, server.name, ERR_ALREADYREGISTRED, client.nick, client.t("You may not reregister"))
|
2160
|
2160
|
return false
|
2161
|
2161
|
}
|
|
2162
|
+ if rb.session.passStatus != serverPassUnsent {
|
|
2163
|
+ return false
|
|
2164
|
+ }
|
|
2165
|
+
|
|
2166
|
+ password := msg.Params[0]
|
|
2167
|
+ config := server.Config()
|
|
2168
|
+
|
|
2169
|
+ if config.Accounts.LoginViaPassCommand {
|
|
2170
|
+ colonIndex := strings.IndexByte(password, ':')
|
|
2171
|
+ if colonIndex != -1 && client.Account() == "" {
|
|
2172
|
+ // TODO consolidate all login throttle checks into AccountManager
|
|
2173
|
+ throttled, _ := client.loginThrottle.Touch()
|
|
2174
|
+ if !throttled {
|
|
2175
|
+ account, accountPass := password[:colonIndex], password[colonIndex+1:]
|
|
2176
|
+ err := server.accounts.AuthenticateByPassphrase(client, account, accountPass)
|
|
2177
|
+ if err == nil {
|
|
2178
|
+ sendSuccessfulAccountAuth(client, rb, false, true)
|
|
2179
|
+ // login-via-pass-command entails that we do not need to check
|
|
2180
|
+ // an actual server password (either no password or skip-server-password)
|
|
2181
|
+ rb.session.passStatus = serverPassSuccessful
|
|
2182
|
+ return false
|
|
2183
|
+ }
|
|
2184
|
+ }
|
|
2185
|
+ }
|
|
2186
|
+ }
|
|
2187
|
+
|
|
2188
|
+ serverPassword := config.Server.passwordBytes
|
2162
|
2189
|
|
2163
|
2190
|
// if no password exists, skip checking
|
2164
|
|
- serverPassword := server.Config().Server.passwordBytes
|
2165
|
2191
|
if serverPassword == nil {
|
2166
|
2192
|
return false
|
2167
|
2193
|
}
|
2168
|
2194
|
|
2169
|
2195
|
// check the provided password
|
2170
|
|
- password := []byte(msg.Params[0])
|
2171
|
|
- rb.session.sentPassCommand = bcrypt.CompareHashAndPassword(serverPassword, password) == nil
|
|
2196
|
+ if bcrypt.CompareHashAndPassword(serverPassword, []byte(password)) == nil {
|
|
2197
|
+ rb.session.passStatus = serverPassSuccessful
|
|
2198
|
+ } else {
|
|
2199
|
+ rb.session.passStatus = serverPassFailed
|
|
2200
|
+ }
|
2172
|
2201
|
|
2173
|
2202
|
// if they failed the check, we'll bounce them later when they try to complete registration
|
2174
|
2203
|
return false
|