if (!tb)
return UBUS_STATUS_INVALID_ARGUMENT;
+ if (!strcmp(blobmsg_get_string(tb), RPC_DEFAULT_SESSION_ID))
+ return UBUS_STATUS_PERMISSION_DENIED;
+
ses = rpc_session_get(blobmsg_data(tb));
if (!ses)
return UBUS_STATUS_NOT_FOUND;
#endif
}
- crypt_hash = crypt(hash, password);
+ crypt_hash = crypt(password, hash);
return !strcmp(crypt_hash, hash);
}
rpc_login_test_login(struct uci_context *uci,
const char *username, const char *password)
{
- struct uci_package *p;
+ struct uci_package *p = NULL;
struct uci_section *s;
struct uci_element *e;
struct uci_ptr ptr = { .package = "rpcd" };
int timeout = RPC_DEFAULT_SESSION_TIMEOUT;
int rv = 0;
- blobmsg_parse(acl_policy, __RPC_L_MAX, tb, blob_data(msg), blob_len(msg));
+ blobmsg_parse(login_policy, __RPC_L_MAX, tb, blob_data(msg), blob_len(msg));
if (!tb[RPC_L_USERNAME] || !tb[RPC_L_PASSWORD]) {
rv = UBUS_STATUS_INVALID_ARGUMENT;