X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap-cgi.git;a=blobdiff_plain;f=update.cgi;h=f78a7ebeae7df753610e759db64fb08ef9036f6b;hp=8e74b3e4a90408d45c098301b5de2ee06151e719;hb=00a6b3538e567017f85d7e92174d15e248133bf0;hpb=e3e22e220f0c98dc60c36168505096cb3284c0ff

diff --git a/update.cgi b/update.cgi
index 8e74b3e..f78a7eb 100755
--- a/update.cgi
+++ b/update.cgi
@@ -127,7 +127,15 @@ if (!($query->param('doupdate'))) {
       $sudopassword .= "<tr><td>Unparseable line!</td></tr>\n";
       next;
     }
-    $status =~ s/:.*//; # remove verification hmac, it's just noise here.
+    if ($status =~ /^confirmed:/) {
+      my $data = join(':', 'password-is-confirmed', $uuid, $hosts, $crypted);
+      my $hmac = hmac_sha1_hex( $data, $hmac_key);
+      if ($status eq "confirmed:$hmac") {
+        $status = 'confirmed';
+      } else {
+        $status = 'INVALID';
+      }
+    }
     my $e = "<tr><td>".CGI::escapeHTML($hosts)."</td>
                  <td>".CGI::escapeHTML($status)."</td>
                  <td><small>not shown</small></td>