Fix certificate matching in handleAuthenticate

2025-12-20 06:10:00 -08:00 · 2011-04-11 22:44:52 +02:00 · 2011-04-11 22:44:52 +02:00 · 96684f41d4
commit 96684f41d4
parent 5607764dfa
2 changed files with 7 additions and 5 deletions
--- a/freeze.go
+++ b/freeze.go
@ -256,7 +256,9 @@ func NewServerFromFrozen(filename string) (s *Server, err os.Error) {

 		s.Users[u.Id] = u
 		s.UserNameMap[u.Name] = u
-		s.UserCertMap[u.CertHash] = u
+		if len(u.CertHash) > 0 {
+			s.UserCertMap[u.CertHash] = u
+		}
 	}

 	return s, nil
--- a/server.go
+++ b/server.go
@ -351,7 +351,7 @@ func (server *Server) handleAuthenticate(client *Client, msg *Message) {
 	}

 	// Did we get a username?
-	if auth.Username == nil {
+	if auth.Username == nil || len(*auth.Username) == 0 {
 		client.RejectAuth("InvalidUsername", "Please specify a username to log in")
 		return
 	}
@ -392,16 +392,16 @@ func (server *Server) handleAuthenticate(client *Client, msg *Message) {
 		// First look up registration by name.
 		user, exists := server.UserNameMap[client.Username]
 		if exists {
-			if user.CertHash == client.CertHash {
+			if len(client.CertHash) > 0 && user.CertHash == client.CertHash {
 				client.user = user
 			} else {
-				client.Panic("Invalid cert hash for user")
+				client.RejectAuth("WrongUserPW", "Wrong certificate hash")
 				return
 			}
 		}

 		// Name matching didn't do.  Try matching by certificate.
-		if client.user == nil {
+		if client.user == nil && len(client.CertHash) > 0 {
 			user, exists := server.UserCertMap[client.CertHash]
 			if exists {
 				client.user = user