[LockManager] Use proper hmac function for LSLockManager.

Change-Id: If4a3d25a61bcc7cf26beb32abf3d4cc655ca4c55

diff --git a/includes/filebackend/lockmanager/LSLockManager.php b/includes/filebackend/lockmanager/LSLockManager.php
index 8942818..3de6183 100644 (file)
--- a/includes/filebackend/lockmanager/LSLockManager.php
+++ b/includes/filebackend/lockmanager/LSLockManager.php
@@ -169,7 +169,7 @@ class LSLockManager extends QuorumLockManager {
                $authKey = $this->lockServers[$lockSrv]['authKey'];
                // Build of the command as a flat string...
                $values = implode( '|', $values );
-               $key = sha1( $this->session . $action . $type . $values . $authKey );
+               $key = hash_hmac( 'sha1', "{$this->session}\n{$action}\n{$type}\n{$values}", $authKey );
                // Send out the command...
                if ( fwrite( $conn, "{$this->session}:$key:$action:$type:$values\n" ) === false ) {
                        return false;

diff --git a/maintenance/locking/LockServerDaemon.php b/maintenance/locking/LockServerDaemon.php
index c591665..4358989 100644 (file)
--- a/maintenance/locking/LockServerDaemon.php
+++ b/maintenance/locking/LockServerDaemon.php
@@ -242,7 +242,9 @@ class LockServerDaemon {
                $m = explode( ':', $data ); // <session, key, command, type, values>
                if ( count( $m ) == 5 ) {
                        list( $session, $key, $command, $type, $values ) = $m;
-                       if ( sha1( $session . $command . $type . $values . $this->authKey ) !== $key ) {
+                       $goodKey = hash_hmac( 'sha1',
+                               "{$session}\n{$command}\n{$type}\n{$values}", $this->authKey );
+                       if ( $goodKey !== $key ) {
                                return 'BAD_KEY';
                        } elseif ( strlen( $session ) !== 32 ) {
                                return 'BAD_SESSION';