Added salted sha1 support to password generator. Successfully tested with OpenLDAP 2.4
This commit is contained in:
parent
51597eae9a
commit
aa677d0471
1 changed files with 20 additions and 14 deletions
|
@ -1,31 +1,37 @@
|
||||||
# -*- ruby encoding: utf-8 -*-
|
# -*- ruby encoding: utf-8 -*-
|
||||||
require 'digest/sha1'
|
require 'digest/sha1'
|
||||||
require 'digest/md5'
|
require 'digest/md5'
|
||||||
|
require 'base64'
|
||||||
|
|
||||||
class Net::LDAP::Password
|
class Net::LDAP::Password
|
||||||
class << self
|
class << self
|
||||||
# Generate a password-hash suitable for inclusion in an LDAP attribute.
|
# Generate a password-hash suitable for inclusion in an LDAP attribute.
|
||||||
# Pass a hash type (currently supported: :md5 and :sha) and a plaintext
|
# Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
|
||||||
# password. This function will return a hashed representation.
|
# password. This function will return a hashed representation.
|
||||||
#
|
#
|
||||||
#--
|
#--
|
||||||
# STUB: This is here to fulfill the requirements of an RFC, which
|
# STUB: This is here to fulfill the requirements of an RFC, which
|
||||||
# one?
|
# one?
|
||||||
#
|
#
|
||||||
# TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
|
# TODO:
|
||||||
# sha1 as a synonym for sha1? I vote no because then should you also
|
# * maybe salted-md5
|
||||||
# provide ssha1 for symmetry?
|
# * Should we provide sha1 as a synonym for sha1? I vote no because then
|
||||||
|
# should you also provide ssha1 for symmetry?
|
||||||
|
#
|
||||||
|
attribute_value = ""
|
||||||
def generate(type, str)
|
def generate(type, str)
|
||||||
digest, digest_name = case type
|
case type
|
||||||
when :md5
|
when :md5
|
||||||
[Digest::MD5.new, 'MD5']
|
attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
|
||||||
when :sha
|
when :sha
|
||||||
[Digest::SHA1.new, 'SHA']
|
attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
|
||||||
|
when :ssha
|
||||||
|
srand; salt = (rand * 1000).to_i.to_s
|
||||||
|
attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
|
||||||
else
|
else
|
||||||
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
|
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
|
||||||
end
|
end
|
||||||
digest << str.to_s
|
return attribute_value
|
||||||
return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue