From 73e6656986569d0bdf7d87efb31efee19d4bdd4f Mon Sep 17 00:00:00 2001
From: Serghey Rodin <skid@vestacp.com>
Date: Thu, 26 Apr 2018 16:32:34 +0300
Subject: [PATCH] RACK911LABS.COM: simpler and safer hash check

---
 bin/v-check-user-hash | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bin/v-check-user-hash b/bin/v-check-user-hash
index 7fd55789..a18aba0e 100755
--- a/bin/v-check-user-hash
+++ b/bin/v-check-user-hash
@@ -75,15 +75,15 @@ else
     method='des'
 fi
 
+# Checking salt
 if [ -z "$salt" ]; then
     echo "Error: password missmatch"
     echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
     exit 9
 fi
 
-# Checking hash
-result=$(grep "^$user:$hash:" /etc/shadow 2>/dev/null)
-if [[ -z "$result" ]]; then
+# Comparing hashes
+if [[ "$shadow" != "$hash" ]]; then
     echo "Error: password missmatch"
     echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
     exit 9