From c964aa2708ed2839ded3c35eed7338f3e81f568f Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <matthias@gamezock.de>
Date: Mon, 24 Aug 2009 04:47:54 +0200
Subject: =?UTF-8?q?Authentifikation:=20=C3=9Cbertrage=20Passw=C3=B6rter=20?=
 =?UTF-8?q?gehasht?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/modules/AuthBackendFile/AuthBackendFile.cpp | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'src/modules/AuthBackendFile/AuthBackendFile.cpp')

diff --git a/src/modules/AuthBackendFile/AuthBackendFile.cpp b/src/modules/AuthBackendFile/AuthBackendFile.cpp
index ac7a1db..b05b2db 100644
--- a/src/modules/AuthBackendFile/AuthBackendFile.cpp
+++ b/src/modules/AuthBackendFile/AuthBackendFile.cpp
@@ -74,11 +74,11 @@ bool AuthBackendFile::handleConfigEntry(const Core::ConfigEntry &entry, bool /*h
   return true;
 }
 
-boost::shared_ptr<Common::AuthContext> AuthBackendFile::authenticate(const std::string &method, const std::string &user,
-    const std::vector<boost::uint8_t> &data, std::vector<boost::uint8_t>& /*response*/,
+boost::shared_ptr<Common::AuthContext> AuthBackendFile::authenticate(const std::string &method, const std::string &subMethod,
+    const std::string &user, const std::vector<boost::uint8_t> &data, std::vector<boost::uint8_t>& /*response*/,
     boost::shared_ptr<Common::AuthContext> context) throw(Core::Exception) {
   if(method != "Password")
-    throw(Core::Exception(Core::Exception::INVALID_INPUT));
+    throw(Core::Exception(Core::Exception::NOT_IMPLEMENTED));
 
   if(context.get() != 0 && dynamic_cast<AuthContextFile*>(context.get()) == 0)
     throw(Core::Exception(Core::Exception::INVALID_INPUT));
@@ -86,12 +86,20 @@ boost::shared_ptr<Common::AuthContext> AuthBackendFile::authenticate(const std::
   if(context.get() == 0)
     context.reset(new AuthContextFile);
 
-  std::string password(data.begin(), data.end());
-
   std::map<std::string, std::string>::iterator userIt = userMap.find(user);
-  if(userIt == userMap.end() || password != userIt->second)
+  if(userIt == userMap.end())
     throw(Core::Exception(Core::Exception::AUTHENTICATION));
 
+  if(subMethod == "Clear") {
+    if(userIt->second != std::string(data.begin(), data.end()))
+      throw(Core::Exception(Core::Exception::AUTHENTICATION));
+  }
+  else {
+    if(!std::equal(data.begin(), data.end(), Common::Hash::hash(userIt->second, subMethod).begin()))
+      throw(Core::Exception(Core::Exception::AUTHENTICATION));
+  }
+
+
   return context;
 }
 
-- 
cgit v1.2.3