dnsdist: We want to know if the password was hashed, not if it is now

diff --git a/pdns/credentials.cc b/pdns/credentials.cc
index e829a412885b20f6a3c6b359c616860cc349e463..24672e142a1db82709e23a65fa3ee9dc97b9f324 100644 (file)
--- a/pdns/credentials.cc
+++ b/pdns/credentials.cc
@@ -96,13 +96,12 @@ CredentialsHolder::CredentialsHolder(std::string&& password)
   bool locked = false;
 
   if (isHashingAvailable()) {
-    d_hashed = true;
-
     if (!isPasswordHashed(password)) {
       d_credentials = hashPassword(password);
       locked = true;
     }
     else {
+      d_wasHashed = true;
       d_credentials = std::move(password);
     }
   }
@@ -131,7 +130,7 @@ CredentialsHolder::~CredentialsHolder()
 
 bool CredentialsHolder::matches(const std::string& password) const
 {
-  if (d_hashed) {
+  if (isHashingAvailable()) {
     return verifyPassword(d_credentials, password);
   }
   else {

diff --git a/pdns/credentials.hh b/pdns/credentials.hh
index 03978d1655fcc65f562749811d2d89564bb11341..970aa3fbcd1f6d406ebb90e78f018d86db1702ae 100644 (file)
--- a/pdns/credentials.hh
+++ b/pdns/credentials.hh
@@ -39,9 +39,10 @@ public:
   CredentialsHolder& operator=(const CredentialsHolder&) = delete;
 
   bool matches(const std::string& password) const;
-  bool isHashed() const
+  /* whether it was constructed from a hashed and salted string */
+  bool wasHashed() const
   {
-    return d_hashed;
+    return d_wasHashed;
   }
 
   static bool isHashingAvailable();
@@ -50,5 +51,6 @@ private:
   std::string d_credentials;
   uint32_t d_fallbackHashPerturb;
   uint32_t d_fallbackHash{0};
-  bool d_hashed{false};
+  /* whether it was constructed from a hashed and salted string */
+  bool d_wasHashed{false};
 };

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 8bdc9551bc2ae0ae7365996c6dfab3d2bf56b041..404f7272567858337fcf339752167b8ce0cde389 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -945,7 +945,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
         auto launch=[sock, local, password, apiKey, customHeaders, acl]() {
           if (password) {
             auto holder = make_unique<CredentialsHolder>(std::string(*password));
-            if (!holder->isHashed() && holder->isHashingAvailable()) {
+            if (!holder->wasHashed() && holder->isHashingAvailable()) {
               warnlog("Passing a plain-text password to 'webserver()' is deprecated, please use 'setWebserverConfig()' instead.");
             }
 
@@ -993,7 +993,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
       if (vars->count("password")) {
         std::string password = boost::get<std::string>(vars->at("password"));
         auto holder = make_unique<CredentialsHolder>(std::move(password));
-        if (!holder->isHashed() && holder->isHashingAvailable()) {
+        if (!holder->wasHashed() && holder->isHashingAvailable()) {
           warnlog("Passing a plain-text password via the 'password' parameter to 'setWebserverConfig()' is deprecated, please generate a hashed one using 'hashPassword()' instead.");
         }
 
@@ -1003,7 +1003,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
       if (vars->count("apiKey")) {
         std::string apiKey = boost::get<std::string>(vars->at("apiKey"));
         auto holder = make_unique<CredentialsHolder>(std::move(apiKey));
-        if (!holder->isHashed() && holder->isHashingAvailable()) {
+        if (!holder->wasHashed() && holder->isHashingAvailable()) {
           warnlog("Passing a plain-text API key via the 'apiKey' parameter to 'setWebserverConfig()' is deprecated, please generate a hashed one using 'hashPassword()' instead.");
         }