deac
/
ruby-net-ldap
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #34 from jessehub/master 

salted sha1 for password generator()
master
Rory O'Connell 2012-08-28 15:52:40 -07:00
parent b6d9fbebfd aa677d0471
commit 9de9bc755b
1 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
lib/net/ldap/password.rb
View File

@ -1,31 +1,37 @@
# -*- ruby encoding: utf-8 -*- # -*- ruby encoding: utf-8 -*-
require 'digest/sha1' require 'digest/sha1'
require 'digest/md5' require 'digest/md5'
require 'base64'
class Net::LDAP::Password class Net::LDAP::Password
class << self class << self
# Generate a password-hash suitable for inclusion in an LDAP attribute. # Generate a password-hash suitable for inclusion in an LDAP attribute.
# Pass a hash type (currently supported: :md5 and :sha) and a plaintext # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
# password. This function will return a hashed representation. # password. This function will return a hashed representation.
# #
#-- #--
# STUB: This is here to fulfill the requirements of an RFC, which # STUB: This is here to fulfill the requirements of an RFC, which
# one? # one?
# #
# TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide # TODO:
# sha1 as a synonym for sha1? I vote no because then should you also # * maybe salted-md5
# provide ssha1 for symmetry? # * Should we provide sha1 as a synonym for sha1? I vote no because then
# should you also provide ssha1 for symmetry?
#
attribute_value = ""
def generate(type, str) def generate(type, str)
digest, digest_name = case type case type
when :md5 when :md5
[Digest::MD5.new, 'MD5'] attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
when :sha when :sha
[Digest::SHA1.new, 'SHA'] attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
else when :ssha
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})" srand; salt = (rand * 1000).to_i.to_s
end attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
digest << str.to_s else
return "{#{digest_name}}#{[digest.digest].pack('m').chomp }" raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
end
return attribute_value
end end
end end
end end