Bug #847: Perform sha1 for new passwords if the core driver is used

2025-03-13 12:58:17 +03:00 · 2011-10-20 19:22:42 +02:00 · 2011-10-20 19:22:42 +02:00 · 86c127320e
commit 86c127320e
parent 303d17b260
2 changed files with 20 additions and 1 deletions
--- a/include/User.h
+++ b/include/User.h
@ -60,7 +60,7 @@ public:

    /**
     *  Returns user password
-     *     @return username User's hostname
+     *     @return the User's password
     */
    const string& get_password() const
    {
@ -126,6 +126,15 @@ public:
        return rc;
    };

+    /**
+     *  Returns user password
+     *     @return the user's auth driver
+     */
+    const string& get_auth_driver() const
+    {
+        return auth_driver;
+    };
+
    /**
     *  Sets the user auth driver.
     *
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@ -61,6 +61,11 @@ int UserChangePassword::user_action(User * user,

    string new_pass = xmlrpc_c::value_string(paramList.getString(2));

+    if (user->get_auth_driver() == UserPool::CORE_AUTH)
+    {
+        new_pass = SSLTools::sha1_digest(new_pass);
+    }
+
    int rc = user->set_password(new_pass, error_str);

    if ( rc == 0 )
@ -85,6 +90,11 @@ int UserChangeAuth::user_action(User * user,

    int rc;

+    if (new_auth == UserPool::CORE_AUTH)
+    {
+        new_pass = SSLTools::sha1_digest(new_pass);
+    }
+
    // The password may be invalid, try to change it first
    rc = user->set_password(new_pass, error_str);