Bug 851: Fix SNPP authentication

Helge Oldach points out that authentication on SNPP is broken.

We weren't checking if a password was required, and were actually
authenticating the already known password, not the user supplied password.

diff --git a/hfaxd/SNPPServer.c++ b/hfaxd/SNPPServer.c++
index bcfbc48b8140f7aa0beefd00cb967f066e4c7cd2..730d84900f01fe679b722c1a5fd25266c49e1ad6 100644 (file)
--- a/hfaxd/SNPPServer.c++
+++ b/hfaxd/SNPPServer.c++
@@ -997,7 +997,7 @@ SNPPServer::loginCmd(const char* loginID, const char* pass)
     passwd = "*";                      // just in case...
 
     if (checkUser(loginID)) {
-       if (! checkPasswd(passwd)) {
+       if (passwd != "" && ! checkPasswd(pass)) {
                if (++loginAttempts >= maxLoginAttempts) {
                    reply(421, "Login incorrect (closing connection).");
                    logNotice("Repeated SNPP login failures for user %s from %s [%s]"