access: fix superuser access

tvheadend · Jun 2, 2015 · f63239e · f63239e
1 parent 430c894
commit f63239e
Showing 1 changed file with 21 additions and 13 deletions.
diff --git a/src/access.c b/src/access.c
@@ -495,23 +495,27 @@ access_get(const char *username, const char *password, struct sockaddr *src)
   if (!passwd_verify(username, password)) {
     a->aa_username = strdup(username);
     a->aa_representative = strdup(username);
+    if(!passwd_verify2(username, password,
+                       superuser_username, superuser_password)) {
+      a->aa_rights = ACCESS_FULL;
+      return a;
+    }
   } else {
-    username = NULL;
     a->aa_representative = malloc(50);
     tcp_get_str_from_ip((struct sockaddr*)src, a->aa_representative, 50);
+    if(!passwd_verify2(username, password,
+                       superuser_username, superuser_password)) {
+      a->aa_rights = ACCESS_FULL;
+      return a;
+    }
+    username = NULL;
   }
 
   if (access_noacl) {
     a->aa_rights = ACCESS_FULL;
     return a;
   }
 
-  if(!passwd_verify2(username, password,
-                     superuser_username, superuser_password)) {
-    a->aa_rights = ACCESS_FULL;
-    return a;
-  }
-
   TAILQ_FOREACH(ae, &access_entries, ae_link) {
 
     if(!ae->ae_enabled)
@@ -559,9 +563,19 @@ access_get_hashed(const char *username, const uint8_t digest[20],
   if (!passwd_verify_digest(username, digest, challenge)) {
     a->aa_username = strdup(username);
     a->aa_representative = strdup(username);
+    if(!passwd_verify_digest2(username, digest, challenge,
+                              superuser_username, superuser_password)) {
+      a->aa_rights = ACCESS_FULL;
+      return a;
+    }
   } else {
     a->aa_representative = malloc(50);
     tcp_get_str_from_ip((struct sockaddr*)src, a->aa_representative, 50);
+    if(!passwd_verify_digest2(username, digest, challenge,
+                              superuser_username, superuser_password)) {
+      a->aa_rights = ACCESS_FULL;
+      return a;
+    }
     username = NULL;
   }
 
@@ -570,12 +584,6 @@ access_get_hashed(const char *username, const uint8_t digest[20],
     return a;
   }
 
-  if(!passwd_verify_digest2(username, digest, challenge,
-                            superuser_username, superuser_password)) {
-    a->aa_rights = ACCESS_FULL;
-    return a;
-  }
-
   TAILQ_FOREACH(ae, &access_entries, ae_link) {
 
     if(!ae->ae_enabled)