stv0g/tvheadend
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

access: fix access_get_hashed() the '*' user handling

Browse source
This commit is contained in:
Jaroslav Kysela 2014-08-14 12:59:28 +02:00
parent d32793258d
commit cb5c5d19dc
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/access.c
View file

@ -389,14 +389,16 @@ access_get_hashed(const char *username, const uint8_t digest[20],
if(!netmask_verify(ae, src))
continue; /* IP based access mismatches */
SHA1_Init(&shactx);
SHA1_Update(&shactx, (const uint8_t *)ae->ae_password,
strlen(ae->ae_password));
SHA1_Update(&shactx, challenge, 32);
SHA1_Final(d, &shactx);
if(ae->ae_username[0] != '*') {
SHA1_Init(&shactx);
SHA1_Update(&shactx, (const uint8_t *)ae->ae_password,
strlen(ae->ae_password));
SHA1_Update(&shactx, challenge, 32);
SHA1_Final(d, &shactx);
if(strcmp(ae->ae_username, username) || memcmp(d, digest, 20))
continue;
if(strcmp(ae->ae_username, username) || memcmp(d, digest, 20))
continue;
}
a->aa_match = 1;
access_update(a, ae);