add fallback/new csrf token recognition

author Oguz Bektas <o.bektas@proxmox.com>

Wed, 19 Jun 2019 07:39:31 +0000 (09:39 +0200)

committer Thomas Lamprecht <t.lamprecht@proxmox.com>

Wed, 19 Jun 2019 10:02:36 +0000 (12:02 +0200)
author Oguz Bektas <o.bektas@proxmox.com>
Wed, 19 Jun 2019 07:39:31 +0000 (09:39 +0200)
committer Thomas Lamprecht <t.lamprecht@proxmox.com>
Wed, 19 Jun 2019 10:02:36 +0000 (12:02 +0200)
diff --git a/src/PVE/Ticket.pm b/src/PVE/Ticket.pm

index 5935ba52b6f795503c281b791137ca5ced5efd26..b5d275862754710889964d00c3b6cd6ebe9f5e3c 100644 (file)
--- a/src/PVE/Ticket.pm
+++ b/src/PVE/Ticket.pm
@@ -33,7 +33,13 @@ sub verify_csrf_prevention_token {
         my $timestamp = $1;
         my $ttime = hex($timestamp);
  
-       my $digest = Digest::SHA::sha1_base64("$timestamp:$username", $secret);
+       my $digest;
+       if (length($sig) == 27) {
+           # detected sha1 csrf token from older proxy, switching to fallback. FIXME: remove with 7.0
+           $digest = Digest::SHA::sha1_base64("$timestamp:$username", "$secret");
+       } else {
+           $digest = Digest::SHA::hmac_sha256_base64("$timestamp:$username", "$secret");
+       }
  
         my $age = time() - $ttime;
         return 1 if ($digest eq $sig) && ($age > $min_age) &&
author	Oguz Bektas <o.bektas@proxmox.com>
	Wed, 19 Jun 2019 07:39:31 +0000 (09:39 +0200)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Wed, 19 Jun 2019 10:02:36 +0000 (12:02 +0200)