Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
LemonLDAP NG
lemonldap-ng
Commits
9738b3db
Commit
9738b3db
authored
Nov 02, 2017
by
Yadd
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
perltidy
parent
6823a6e0
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
96 additions
and
80 deletions
+96
-80
lemonldap-ng-portal/t/20-Auth-and-password-DBI-dynamic-hash.t
...nldap-ng-portal/t/20-Auth-and-password-DBI-dynamic-hash.t
+96
-80
No files found.
lemonldap-ng-portal/t/20-Auth-and-password-DBI-dynamic-hash.t
View file @
9738b3db
...
...
@@ -2,64 +2,77 @@ use Lemonldap::NG::Portal::Lib::DBI;
use
MIME::
Base64
;
{
no
warnings
'
redefine
';
sub
Lemonldap
::NG::Portal::Lib::DBI::hash_password_from_database {
# Remark: database function must get hexadecimal input
# and send back hexadecimal output
my
$self
=
shift
;
my
$dbh
=
shift
;
my
$dbmethod
=
shift
;
my
$dbsalt
=
shift
;
my
$password
=
shift
;
# Create functions
use
Digest::
SHA
;
$dbh
->
sqlite_create_function
(
'
sha256
',
1
,
sub
{
my
$p
=
shift
;
return
unpack
('
H*
',
Digest::
SHA
->
new
(
256
)
->
add
(
pack
('
H*
',
$p
))
->
digest
);
}
);
$dbh
->
sqlite_create_function
(
'
sha512
',
1
,
sub
{
my
$p
=
shift
;
return
unpack
('
H*
',
Digest::
SHA
->
new
(
512
)
->
add
(
pack
('
H*
',
$p
))
->
digest
);
}
);
# convert password to hexa
my
$passwordh
=
unpack
"
H*
",
$password
;
my
@rows
=
();
eval
{
my
$sth
=
$dbh
->
prepare
("
SELECT
$dbmethod
('
$passwordh$dbsalt
')
");
$sth
->
execute
();
@rows
=
$sth
->
fetchrow_array
();
};
if
(
$@
)
{
$self
->
logger
->
error
(
"
DBI error while hashing with '
$dbmethod
' hash function: $@
");
$self
->
userLogger
->
warn
("
Unable to check password
");
return
"";
}
if
(
@rows
==
1
)
{
$self
->
logger
->
debug
(
"
Successfully hashed password with
$dbmethod
hash function in database
"
);
# convert salt to binary
my
$dbsaltb
=
pack
'
H*
',
$dbsalt
;
# convert result to binary
my
$res
=
pack
'
H*
',
$rows
[
0
];
return
encode_base64
(
$res
.
$dbsaltb
,
''
);
}
else
{
$self
->
userLogger
->
warn
("
Unable to check password with '
$dbmethod
'
");
return
"";
}
# Return encode_base64(SQL_METHOD(password + salt) + salt)
}
}
no
warnings
'
redefine
';
sub
Lemonldap
::NG::Portal::Lib::DBI::hash_password_from_database {
# Remark: database function must get hexadecimal input
# and send back hexadecimal output
my
$self
=
shift
;
my
$dbh
=
shift
;
my
$dbmethod
=
shift
;
my
$dbsalt
=
shift
;
my
$password
=
shift
;
# Create functions
use
Digest::
SHA
;
$dbh
->
sqlite_create_function
(
'
sha256
',
1
,
sub
{
my
$p
=
shift
;
return
unpack
(
'
H*
',
Digest::
SHA
->
new
(
256
)
->
add
(
pack
(
'
H*
',
$p
)
)
->
digest
);
}
);
$dbh
->
sqlite_create_function
(
'
sha512
',
1
,
sub
{
my
$p
=
shift
;
return
unpack
(
'
H*
',
Digest::
SHA
->
new
(
512
)
->
add
(
pack
(
'
H*
',
$p
)
)
->
digest
);
}
);
# convert password to hexa
my
$passwordh
=
unpack
"
H*
",
$password
;
my
@rows
=
();
eval
{
my
$sth
=
$dbh
->
prepare
("
SELECT
$dbmethod
('
$passwordh$dbsalt
')
");
$sth
->
execute
();
@rows
=
$sth
->
fetchrow_array
();
};
if
(
$@
)
{
$self
->
logger
->
error
(
"
DBI error while hashing with '
$dbmethod
' hash function: $@
");
$self
->
userLogger
->
warn
("
Unable to check password
");
return
"";
}
if
(
@rows
==
1
)
{
$self
->
logger
->
debug
(
"
Successfully hashed password with
$dbmethod
hash function in database
"
);
# convert salt to binary
my
$dbsaltb
=
pack
'
H*
',
$dbsalt
;
# convert result to binary
my
$res
=
pack
'
H*
',
$rows
[
0
];
return
encode_base64
(
$res
.
$dbsaltb
,
''
);
}
else
{
$self
->
userLogger
->
warn
(
"
Unable to check password with '
$dbmethod
'
");
return
"";
}
# Return encode_base64(SQL_METHOD(password + salt) + salt)
}
}
use
Test::
More
;
use
strict
;
...
...
@@ -72,37 +85,43 @@ my $mainTests = 3;
eval
{
unlink
'
t/userdb.db
'
};
SKIP:
{
eval
{
require
DBI
;
require
DBD::
SQLite
;
use
Digest::
SHA
};
eval
{
require
DBI
;
require
DBD::
SQLite
;
use
Digest::
SHA
};
if
(
$@
)
{
skip
'
DBD::SQLite not found
',
$mainTests
;
}
my
$dbh
=
DBI
->
connect
("
dbi:SQLite:dbname=t/userdb.db
");
$dbh
->
do
('
CREATE TABLE users (user text,password text,name text)
');
# password secret1
$dbh
->
do
("
INSERT INTO users VALUES ('dwho','secret1','Doctor who')
");
# password secret2
$dbh
->
do
("
INSERT INTO users VALUES ('rtyler','{sha256}NSJNDTRl106FX41poTbnnHROo1pnXTOTNgoyfL9jWaI=','Rose Tyler')
");
$dbh
->
do
(
"
INSERT INTO users VALUES ('rtyler','{sha256}NSJNDTRl106FX41poTbnnHROo1pnXTOTNgoyfL9jWaI=','Rose Tyler')
"
);
# password secret3
$dbh
->
do
("
INSERT INTO users VALUES ('jsmith','{ssha512}wr0zU/I6f7U4bVoeOlJnNFbhF0a9np59LUeNnhokohVI/wiNzt8Y4JujfOfNQiGuiVgY+xrYggfmgpke6KdjxKS7W0GR1ZCe','John Smith')
");
$dbh
->
do
(
"
INSERT INTO users VALUES ('jsmith','{ssha512}wr0zU/I6f7U4bVoeOlJnNFbhF0a9np59LUeNnhokohVI/wiNzt8Y4JujfOfNQiGuiVgY+xrYggfmgpke6KdjxKS7W0GR1ZCe','John Smith')
"
);
my
$client
=
LLNG::Manager::
Test
->
new
(
{
ini
=>
{
logLevel
=>
'
error
',
useSafeJail
=>
1
,
authentication
=>
'
DBI
',
userDB
=>
'
Same
',
dbiAuthChain
=>
'
dbi:SQLite:dbname=t/userdb.db
',
dbiAuthUser
=>
'',
dbiAuthPassword
=>
'',
dbiAuthTable
=>
'
users
',
dbiAuthLoginCol
=>
'
user
',
dbiAuthPasswordCol
=>
'
password
',
dbiAuthPasswordHash
=>
'',
dbiDynamicHashEnabled
=>
1
,
dbiDynamicHashValidSchemes
=>
'
sha sha256 sha512
',
logLevel
=>
'
error
',
useSafeJail
=>
1
,
authentication
=>
'
DBI
',
userDB
=>
'
Same
',
dbiAuthChain
=>
'
dbi:SQLite:dbname=t/userdb.db
',
dbiAuthUser
=>
'',
dbiAuthPassword
=>
'',
dbiAuthTable
=>
'
users
',
dbiAuthLoginCol
=>
'
user
',
dbiAuthPasswordCol
=>
'
password
',
dbiAuthPasswordHash
=>
'',
dbiDynamicHashEnabled
=>
1
,
dbiDynamicHashValidSchemes
=>
'
sha sha256 sha512
',
dbiDynamicHashValidSaltedSchemes
=>
'
ssha ssha256 ssha512
',
dbiDynamicHashNewPasswordScheme
=>
'
ssha256
',
passwordDB
=>
'
DBI
',
...
...
@@ -114,8 +133,7 @@ SKIP: {
# Try to authenticate against plaintext password
ok
(
$res
=
$client
->
_post
(
'
/
',
IO::
String
->
new
('
user=dwho&password=secret1
'),
'
/
',
IO::
String
->
new
('
user=dwho&password=secret1
'),
length
=>
26
),
'
Authentication against plaintext password
'
...
...
@@ -127,27 +145,25 @@ SKIP: {
# Try to authenticate against static hashed password
ok
(
$res
=
$client
->
_post
(
'
/
',
IO::
String
->
new
('
user=rtyler&password=secret2
'),
'
/
',
IO::
String
->
new
('
user=rtyler&password=secret2
'),
length
=>
28
),
'
Authentication against static SHA-256 hashed password
'
);
expectOK
(
$res
);
my
$id
=
expectCookie
(
$res
);
$id
=
expectCookie
(
$res
);
$client
->
logout
(
$id
);
# Try to authenticate against salted password
ok
(
$res
=
$client
->
_post
(
'
/
',
IO::
String
->
new
('
user=jsmith&password=secret3
'),
'
/
',
IO::
String
->
new
('
user=jsmith&password=secret3
'),
length
=>
28
),
'
Authentication against salted SHA-512 password
'
);
expectOK
(
$res
);
my
$id
=
expectCookie
(
$res
);
$id
=
expectCookie
(
$res
);
$client
->
logout
(
$id
);
clean_sessions
();
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
