31 lines
1.1 KiB
Ruby
31 lines
1.1 KiB
Ruby
|
require 'digest/sha1'
|
||
|
require 'digest/md5'
|
||
|
|
||
|
class Net::LDAP::Password
|
||
|
class << self
|
||
|
# Generate a password-hash suitable for inclusion in an LDAP attribute.
|
||
|
# Pass a hash type (currently supported: :md5 and :sha) and a plaintext
|
||
|
# password. This function will return a hashed representation.
|
||
|
#
|
||
|
#--
|
||
|
# STUB: This is here to fulfill the requirements of an RFC, which
|
||
|
# one?
|
||
|
#
|
||
|
# TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
|
||
|
# sha1 as a synonym for sha1? I vote no because then should you also
|
||
|
# provide ssha1 for symmetry?
|
||
|
def generate(type, str)
|
||
|
digest, digest_name = case type
|
||
|
when :md5
|
||
|
[Digest::MD5.new, 'MD5']
|
||
|
when :sha
|
||
|
[Digest::SHA1.new, 'SHA']
|
||
|
else
|
||
|
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
|
||
|
end
|
||
|
digest << str.to_s
|
||
|
return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
|
||
|
end
|
||
|
end
|
||
|
end
|