rustdesk/hbb_common
1
0
Fork 0
mirror of https://github.com/rustdesk/hbb_common.git synced 2026-04-02 22:16:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(password): do not update salt when updating permanent password

Browse Source 
Signed-off-by: fufesou <linlong1266@gmail.com>
This commit is contained in:
fufesou
2026-03-20 21:55:38 +08:00
parent 5d5f12a5ac
commit 4435f19066
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/config.rs
View File

@@ -1267,9 +1267,11 @@ impl Config {
config: &mut Config,
password: &str,
) -> String {
// Rotate salt on permanent password updates so the verifier changes even if the user
// reuses a previous password. (No-op updates are handled in `set_permanent_password()`.)
// Keep salt stable for user-initiated permanent password updates.
// Salt should only change when service->user sync updates storage and salt as a pair.
if config.salt.is_empty() {
config.salt = Config::get_auto_password(DEFAULT_SALT_LEN);
}
let h1 = compute_permanent_password_h1(password, &config.salt);
encode_permanent_password_storage_from_h1(&h1)
}
@@ -1379,6 +1381,10 @@ impl Config {
.map_or(false, |v| !v.is_empty())
}
pub fn has_local_permanent_password() -> bool {
!CONFIG.read().unwrap().password.is_empty()
}
pub fn set_salt(salt: &str) {
let mut config = CONFIG.write().unwrap();
if salt == config.salt {