Run custom authentication before checking for the user name
authorArmin Burgmeier <armin@arbur.net>
Sun, 30 Oct 2011 16:10:21 +0000 (17:10 +0100)
committerArmin Burgmeier <armin@arbur.net>
Sun, 30 Oct 2011 16:10:21 +0000 (17:10 +0100)
2011-10-30  Armin Burgmeier  <armin@arbur.net>

* inc/server.hpp: Run custom authentication before checking for the
user name, to prevent unauthorized clients from gathering information
about logged in users (Vasiliy Kulikov).

ChangeLog
inc/server.hpp

index 897d0d2..a16e9a4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2011-10-30  Armin Burgmeier  <armin@arbur.net>
 
+       * inc/server.hpp: Run custom authentication before checking for the
+       user name, to prevent unauthorized clients from gathering information
+       about logged in users (Vasiliy Kulikov).
+
+2011-10-30  Armin Burgmeier  <armin@arbur.net>
+
        * inc/server.hpp:
        * inc/host.hpp: Choose the lowest possible user ID when a new user
        joins instead of increasing the ID counter. This prevents possible
index 84240da..106869f 100644 (file)
@@ -570,6 +570,8 @@ void basic_server<selector_type>::
        const std::string& name =
                pack.get_param(0).parameter::as<std::string>();
 
+       login::error reason;
+
        // Check for valid user name
        if(name.empty() )
        {
@@ -577,6 +579,14 @@ void basic_server<selector_type>::
                pack << static_cast<int>(login::ERROR_NAME_INVALID);
                send(pack, user);
        }
+       // Check for login_auth
+       else if(!on_login_auth(user, pack, reason))
+       {
+               packet pack("net6_login_failed");
+               pack << static_cast<int>(reason);
+               send(pack, user);
+               return;
+       }
        // Check for existing user name
        else if(basic_object<selector_type>::user_find(name) != NULL)
        {
@@ -586,16 +596,6 @@ void basic_server<selector_type>::
        }
        else
        {
-               // Check for login_auth
-               login::error reason;
-               if(!on_login_auth(user, pack, reason) )
-               {
-                       packet pack("net6_login_failed");
-                       pack << static_cast<int>(reason);
-                       send(pack, user);
-                       return;
-               }
-
                // Login succeeded
                user.login(name);
                on_login(user, pack);