2011-03-18 02:51:52 +01:00
|
|
|
# -*- ruby encoding: utf-8 -*-
|
2010-03-27 20:36:31 +01:00
|
|
|
require 'digest/sha1'
|
|
|
|
require 'digest/md5'
|
2012-03-08 01:03:32 +01:00
|
|
|
require 'base64'
|
2010-03-27 20:36:31 +01:00
|
|
|
|
|
|
|
class Net::LDAP::Password
|
|
|
|
class << self
|
|
|
|
# Generate a password-hash suitable for inclusion in an LDAP attribute.
|
2012-03-08 01:03:32 +01:00
|
|
|
# Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
|
2010-03-27 20:36:31 +01:00
|
|
|
# password. This function will return a hashed representation.
|
|
|
|
#
|
|
|
|
#--
|
|
|
|
# STUB: This is here to fulfill the requirements of an RFC, which
|
|
|
|
# one?
|
|
|
|
#
|
2012-03-08 01:03:32 +01:00
|
|
|
# TODO:
|
|
|
|
# * maybe salted-md5
|
|
|
|
# * Should we provide sha1 as a synonym for sha1? I vote no because then
|
|
|
|
# should you also provide ssha1 for symmetry?
|
|
|
|
#
|
|
|
|
attribute_value = ""
|
2010-03-27 20:36:31 +01:00
|
|
|
def generate(type, str)
|
2012-03-08 01:03:32 +01:00
|
|
|
case type
|
|
|
|
when :md5
|
|
|
|
attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
|
|
|
|
when :sha
|
|
|
|
attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
|
|
|
|
when :ssha
|
|
|
|
srand; salt = (rand * 1000).to_i.to_s
|
|
|
|
attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
|
|
|
|
else
|
|
|
|
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
|
|
|
|
end
|
|
|
|
return attribute_value
|
2010-03-27 20:36:31 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|