Commit 6533b0a3 authored by dcoutadeur dcoutadeur's avatar dcoutadeur dcoutadeur

first working version of dynamic hash passwords in trunk (LEMONLDAP-1245)

parent 5e4ef360
......@@ -39,7 +39,7 @@ our $authParameters = {
choiceParams => [qw(authChoiceParam authChoiceModules)],
combinationParams => [qw(combination combModules)],
customParams => [qw(customAuth customUserDB customPassword customRegister customAddParams)],
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
demoParams => [qw(demoExportedVars)],
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel)],
......
......@@ -2269,6 +2269,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
userPivot => { type => 'text', },
dbiAuthPasswordHash =>
{ type => 'text', help => 'authdbi.html#password', },
dbiDynamicHashEnabled =>
{ type => 'bool', help => 'authdbi.html#password', },
dbiDynamicHashValidSchemes =>
{ type => 'text', help => 'authdbi.html#password', },
dbiDynamicHashValidSaltedSchemes =>
{ type => 'text', help => 'authdbi.html#password', },
dbiDynamicHashNewPasswordScheme =>
{ type => 'text', help => 'authdbi.html#password', },
dbiExportedVars => {
type => 'keyTextContainer',
keyTest => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/,
......
......@@ -172,7 +172,19 @@ sub tree {
title => 'dbiPassword',
help => 'authdbi.html#password',
form => 'simpleInputContainer',
nodes => ['dbiAuthPasswordHash']
nodes => ['dbiAuthPasswordHash',
{
title => 'dbiDynamicHash',
help => 'authdbi.html#password',
form => 'simpleInputContainer',
nodes => [
'dbiDynamicHashEnabled',
'dbiDynamicHashValidSchemes',
'dbiDynamicHashValidSaltedSchemes',
'dbiDynamicHashNewPasswordScheme'
]
}
]
}
]
},
......
......@@ -179,6 +179,11 @@
"dbiAuthPassword": "كلمة المرور",
"dbiAuthPasswordCol": "اسم حقل كلمة المرور",
"dbiAuthPasswordHash": "هاش المخطط",
"dbiDynamicHash": "dynamic hashing",
"dbiDynamicHashEnabled": "dynamic hash activation",
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
"dbiAuthTable": "جدول إثبات الهوية",
"dbiAuthUser": "المستخدم",
"dbiConnection": "الاتصال",
......
......@@ -179,6 +179,11 @@
"dbiAuthPassword": "Password",
"dbiAuthPasswordCol": "Password field name",
"dbiAuthPasswordHash": "Hash scheme",
"dbiDynamicHash": "dynamic hashing",
"dbiDynamicHashEnabled": "dynamic hash activation",
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
"dbiAuthTable": "Authentication table",
"dbiAuthUser": "User",
"dbiConnection": "Connection",
......
......@@ -179,6 +179,11 @@
"dbiAuthPassword": "Mot de passe",
"dbiAuthPasswordCol": "Champ mot de passe",
"dbiAuthPasswordHash": "Schéma de hachage",
"dbiDynamicHash": "Hashage dynamique",
"dbiDynamicHashEnabled": "Activation des hashes dynamiques",
"dbiDynamicHashValidSchemes": "Schémas non salés supportés",
"dbiDynamicHashValidSaltedSchemes": "Schémas salés supportés",
"dbiDynamicHashNewPasswordScheme": "Schéma de hashage dynamique pour la création de mots de passe",
"dbiAuthTable": "Table authentification",
"dbiAuthUser": "Utilisateur",
"dbiConnection": "Connexion",
......
......@@ -179,6 +179,11 @@
"dbiAuthPassword": "Password",
"dbiAuthPasswordCol": "Nome del campo password",
"dbiAuthPasswordHash": "Schema Hash",
"dbiDynamicHash": "dynamic hashing",
"dbiDynamicHashEnabled": "dynamic hash activation",
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
"dbiAuthTable": "Tabella di autenticazione",
"dbiAuthUser": "Utente",
"dbiConnection": "Connessione",
......
......@@ -179,6 +179,11 @@
"dbiAuthPassword": "Mật khẩu",
"dbiAuthPasswordCol": "Tên trường mật khẩu",
"dbiAuthPasswordHash": "Giản đồ Hash",
"dbiDynamicHash": "dynamic hashing",
"dbiDynamicHashEnabled": "dynamic hash activation",
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
"dbiAuthTable": "Bảng xác thực",
"dbiAuthUser": "Người dùng",
"dbiConnection": "Kết nối",
......
......@@ -21,14 +21,29 @@ sub confirm {
sub modifyPassword {
my ( $self, $req, $pwd ) = @_;
my $userCol = $self->conf->{dbiAuthLoginCol};
my $passwordCol = $self->conf->{dbiAuthPasswordCol};
my $table = $self->conf->{dbiAuthTable};
my $dynamicHash = $self->conf->{dbiDynamicHashEnabled} || 0;
my $passwordsql;
if ( $dynamicHash == 1 ) {
# Dynamic password hashes
$passwordsql =
$self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd, $table, $userCol, $passwordCol );
}
else
{
# Static Password hash
$passwordsql = $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} );
}
eval {
$self->dbh->prepare( 'UPDATE '
. $self->conf->{dbiAuthTable} . ' SET '
. $self->conf->{dbiAuthPasswordCol} . '='
. $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} )
. ' WHERE '
. $self->conf->{dbiAuthLoginCol}
. '=?' )->execute( $pwd, $req->user );
my $sth = $self->dbh->prepare(
"UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?");
$sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/;
$sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/;
};
if ($@) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment