[Da-tools-commits] ./debian/userdir-ldap-cgi r114: Verify confirmed hmac in web display, showing status as either 'confirmed'
Peter Palfrader
peter at palfrader.org
Tue Sep 16 20:11:07 UTC 2008
------------------------------------------------------------
revno: 114
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap-cgi
timestamp: Tue 2008-09-16 22:11:07 +0200
message:
Verify confirmed hmac in web display, showing status as either 'confirmed'
(which now means also verified, i.e. it will make it to the host), or
'invalid'.
modified:
debian/changelog
update.cgi
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog 2008-09-16 14:42:09 +0000
+++ b/debian/changelog 2008-09-16 20:11:07 +0000
@@ -1,3 +1,11 @@
+userdir-ldap-cgi (0.3.22) unstable; urgency=low
+
+ * Verify confirmed hmac in web display, showing status as either 'confirmed'
+ (which now means also verified, i.e. it will make it to the host), or
+ 'invalid'.
+
+ -- Peter Palfrader <weasel at debian.org> Tue, 16 Sep 2008 22:10:27 +0200
+
userdir-ldap-cgi (0.3.21) unstable; urgency=low
* Slightly change find call in cronjob.
=== modified file 'update.cgi'
--- a/update.cgi 2008-09-16 14:29:40 +0000
+++ b/update.cgi 2008-09-16 20:11:07 +0000
@@ -127,7 +127,15 @@
$sudopassword .= "<tr><td>Unparseable line!</td></tr>\n";
next;
}
- $status =~ s/:.*//; # remove verification hmac, it's just noise here.
+ if ($status =~ /^confirmed:/) {
+ my $data = join(':', 'password-is-confirmed', $uuid, $hosts, $crypted);
+ my $hmac = hmac_sha1_hex( $data, $hmac_key);
+ if ($status eq "confirmed:$hmac") {
+ $status = 'confirmed';
+ } else {
+ $status = 'INVALID';
+ }
+ }
my $e = "<tr><td>".CGI::escapeHTML($hosts)."</td>
<td>".CGI::escapeHTML($status)."</td>
<td><small>not shown</small></td>
More information about the Da-tools-commits
mailing list