Commit 5d05ca7f authored by Francesc Guasch's avatar Francesc Guasch
Browse files

wip(auth): different PBKDF2 releases stored different

issue #1208
parent 0d2774fb
...@@ -108,8 +108,11 @@ sub _password_pbkdf2($password, $algorithm='SHA-256') { ...@@ -108,8 +108,11 @@ sub _password_pbkdf2($password, $algorithm='SHA-256') {
$algorithm = 'SHA-256' if ! defined $algorithm; $algorithm = 'SHA-256' if ! defined $algorithm;
my $salt = encode('ascii', 'random_name'); my $salt = encode('ascii', 'random_name');
my $iters = 100; my $info = $algorithm;
return "{PBKDF2_$algorithm}".derive_hex( $algorithm, encode('ascii',$password), $salt ); $info =~ s/-//;
$info = "PBKDF2_$info";
my $pass="{$info}".derive_hex( $algorithm, encode('ascii',$password), $salt );
return $pass;
} }
sub _password_rfc2307($password, $algorithm='MD5') { sub _password_rfc2307($password, $algorithm='MD5') {
...@@ -477,21 +480,24 @@ sub _match_password { ...@@ -477,21 +480,24 @@ sub _match_password {
# .sha1_hex($password); # .sha1_hex($password);
my ($storage) = $password_ldap =~ /^{([a-z0-9]+)[_}]/i; my ($storage) = $password_ldap =~ /^{([a-z0-9]+)[_}]/i;
my ($password_ldap_hex) = $password_ldap =~ /.*?}(.*)/;
return Authen::Passphrase->from_rfc2307($password_ldap)->match($password) return Authen::Passphrase->from_rfc2307($password_ldap)->match($password)
if $storage =~ /rfc2307|md5/i; if $storage =~ /rfc2307|md5/i;
my $salt = encode('ascii', 'random_name'); my $salt = encode('ascii', 'random_name');
if ( lc($storage) eq 'pbkdf2') { if ( lc($storage) =~ /pbkdf2|SSHA/i) {
my ($algorithm,$n) = $password_ldap =~ /^{[a-z0-9]+_([a-z]+)([0-9]+)}/i; my ($algorithm,$n);
confess "Error: I can't find the algorithm in $password_ldap" ($algorithm, $n) = $password_ldap =~ /^{[a-z0-9]+_([a-z]+)([0-9]+)}/i;
if !$algorithm; ($algorithm, $n) = $password_ldap =~ /^{([a-z]+)([0-9]+)}/i if !$algorithm;
return verify_hex($password_ldap, "$algorithm-$n"
$algorithm = "$algorithm-$n";
return verify_hex($password_ldap_hex, $algorithm
, encode('ascii',$password) , encode('ascii',$password)
, $salt) , $salt)
} }
confess "Error: Unknown password storage $storage"; confess "Error: Unknown password storage $storage $password_ldap";
} }
sub _dc_base { sub _dc_base {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment