projects / mirror / userdir-ldap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Change the hmac that protect sudopassword entries to also hash the purpose
[mirror/userdir-ldap.git] / ud-mailgate
diff --git a/ud-mailgate b/ud-mailgate
index a8c1090..1ba2c53 100755 (executable)
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -490,15 +490,15 @@ def FinishConfirmSudopassword(l, uid, Attrs):
          confirmedHosts = SudoPasswd[uuid][0]
          confirmedHmac = SudoPasswd[uuid][1]
          if status.startswith('confirmed:'):
-            if status == 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass):
+            if status == 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, ,uuid, hosts, cryptedpass):
                result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts)
             else:
                result = result + "Entry %s for sudo password on hosts %s is listed as confirmed, but HMAC does not verify.\n"%(uuid, hosts)
          elif confirmedHosts != hosts:
             result = result + "Entry %s hostlist mismatch (%s vs. %s).\n"%(uuid, hosts, confirmedHosts)
-         elif make_sudopasswd_hmac('confirm-new-password', uuid, hosts, cryptedpass) == confirmedHmac:
+         elif make_passwd_hmac('confirm-new-password', 'sudo', uid, uuid, hosts, cryptedpass) == confirmedHmac:
             result = result + "Entry %s for sudo password on hosts %s now confirmed.\n"%(uuid, hosts)
-            status = 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass)
+            status = 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass)
          else:
             result = result + "Entry %s for sudo password on hosts %s HMAC verify failed.\n"%(uuid, hosts)
          del SudoPasswd[uuid]
Mirror of Debian's userdir-ldap repository