Changeset 2041 for trunk/LATMOS-Accounts


Ignore:
Timestamp:
06/13/17 19:28:43 (7 years ago)
Author:
nanardon
Message:

Allow to choose crypt algorythm per configuration

Location:
trunk/LATMOS-Accounts
Files:
8 edited

Legend:

Unmodified
Added
Removed

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts.pm

    r2033 r2041  
    142142    my %params = 
    143143        map { $_ => ($self->val($section, $_)) } 
    144         $self->Parameters($section); 
     144        ($self->Parameters($section), $self->Parameters('_default_')); 
    145145  
    146146    my %defattr = 

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases.pm

    r1992 r2041  
    77use LATMOS::Accounts::Bases::Attributes; 
    88use LATMOS::Accounts::Log; 
    9 use LATMOS::Accounts::Utils qw(exec_command to_ascii ); 
     9use LATMOS::Accounts::Utils qw( exec_command to_ascii ); 
    1010 
    1111our $VERSION = (q$Rev$ =~ /^Rev: (\d+) /)[0]; 
     
    11551155} 
    11561156 
     1157=head2 passCrypt($clear_pass) 
     1158 
     1159Return an encrypted password using method set in config 
     1160 
     1161=cut 
     1162 
     1163sub passCrypt { 
     1164    my ($self, $clear_pass) = @_; 
     1165 
     1166    my $method = $self->config('crypt_method'); 
     1167 
     1168    LATMOS::Accounts::Utils::Crypt($clear_pass, $method); 
     1169} 
     1170 
    11571171=head2 connect($username, $password) 
    11581172 

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ldap/User.pm

    r1983 r2041  
    276276    my ($self, $clear_pass) = @_; 
    277277 
    278     my @salt_char = (('a' .. 'z'), ('A' .. 'Z'), (0 .. 9), '/', '.'); 
    279     my $salt = join('', map { $salt_char[rand(scalar(@salt_char))] } (1 .. 8)); 
    280278    # openldap use prefix to identify encryption passwd 
    281279    # {CRYPT} is system dependant, eg use crypt from system 
     
    283281    # as we use perl crypt() which does the same 
    284282    # This code will have to be changed if we use openldap on other UNIX 
    285     my $md5 = '{CRYPT}' . crypt($clear_pass, '$1$' . $salt); 
     283    my $crypt = '{CRYPT}' . $self->base->passCrypt($clear_pass); 
    286284 
    287285    my ($lm, $nt) = ntlmgen $clear_pass; 
    288286 
    289287    my $res = $self->set_fields( 
    290         userPassword    => $md5, 
     288        userPassword    => $crypt, 
    291289        sambaLMPassword => $lm, 
    292290        sambaNTPassword => $nt, 

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Objects.pm

    r2005 r2041  
    543543    my ($self, $clear_pass) = @_; 
    544544    if (my $attribute = $self->base->attribute($self->type, 'userPassword')) { 
    545         my @salt_char = (('a' .. 'z'), ('A' .. 'Z'), (0 .. 9), '/', '.'); 
    546         my $salt = join('', map { $salt_char[rand(scalar(@salt_char))] } (1 .. 8)); 
    547         my $res = $self->set_fields($attribute->iname, crypt($clear_pass, '$1$' . $salt)); 
     545        my $res = $self->set_fields($attribute->iname, $self->base->passCrypt($clear_pass)); 
    548546        $self->base->log(LA_NOTICE, 'Mot de passe changé pour %s', $self->id) 
    549547            if($res); 

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/User.pm

    r2040 r2041  
    19471947        } 
    19481948 
    1949         my @salt_char = (('a' .. 'z'), ('A' .. 'Z'), (0 .. 9), '/', '.'); 
    1950         my $salt = join('', map { $salt_char[rand(scalar(@salt_char))] } (1 .. 8)); 
    1951         my $res = $self->set_fields($field, crypt($clear_pass, '$1$' . $salt)); 
     1949        my $res = $self->set_fields($field, $self->base->passCrypt($clear_pass)); 
    19521950        if ($res) { 
    19531951            if ($self->base->get_global_value('rsa_public_key')) { 

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Utils.pm

    r2008 r2041  
    370370} 
    371371 
     372=head2 Crypt($password, $method) 
     373 
     374Build an encrypted password using standard crypt(), $method is the encrypted method to use: 
     375 
     376=over 4 
     377 
     378=item DES: the old DES method, do not use 
     379 
     380=item 1 or md5 
     381 
     382=item 5 or sha-256 
     383 
     384=item 6 or sha-512 
     385 
     386=back 
     387 
     388=cut 
     389 
     390sub Crypt { 
     391    my ($clearpassword, $method) = @_; 
     392 
     393    $method ||= ''; 
     394    my $methNumber = { 
     395        'des'     => -1, 
     396        'md5'     =>  1, 
     397        'sha-256' =>  5, 
     398        'sha-512' =>  6, 
     399    }->{lc($method)} || $method || 1; 
     400 
     401 
     402    if ($methNumber > 0) { 
     403        # Good we're secure 
     404        my @salt_char = (('a' .. 'z'), ('A' .. 'Z'), (0 .. 9), '/', '.'); 
     405        my $salt = join('', map { $salt_char[rand(scalar(@salt_char))] } (1 .. 8)); 
     406 
     407        return crypt($clearpassword, '$' . $methNumber . '$' . $salt); 
     408    } else { 
     409        # Grumpf DES 
     410        my @salt_char = (('a' .. 'z'), ('A' .. 'Z'), (0 .. 9)); 
     411        my $salt = join('', map { $salt_char[rand(scalar(@salt_char))] } (1,2)); 
     412 
     413        return crypt($clearpassword, $salt); 
     414    } 
     415} 
     416 
    372417=head2 buildLogin([$cb, ] @names) 
    373418 

  • trunk/LATMOS-Accounts/man/man5/latmos-accounts.ini.pod

    r1958 r2041  
    5050This parameter is dedicate to set the company or institute name. It is used to 
    5151build the subject of mail send by application. 
     52 
     53=head3 crypt_method 
     54 
     55Specify the C<crypt()> algorythm to use to encrypt password when the work is 
     56done on application side. Can be DES, MD5, SHA-256 or SHA-512, default to MD5. 
     57 
     58Can be specified per base. 
    5259 
    5360=head2 [_defattr_] SECTION 

  • trunk/LATMOS-Accounts/t/05_utils.t

    r1985 r2041  
    11use strict; 
    22use warnings; 
    3 use Test::More tests => 32; 
     3use Test::More tests => 44; 
    44use File::Temp qw(mkstemp); 
    55 
     
    7777is(LATMOS::Accounts::Utils::buildLogin(sub { length($_[0]) > 9 }, 'TotoTataTiti'), 'tototatati', "buildLogin return 8 byte length login"); 
    7878 
     79my $clearpass = 'passwd'; 
     80my $password = ''; 
     81$password = LATMOS::Accounts::Utils::Crypt($clearpass, 'DES'); 
     82like($password, qr/^\w\w.*/, 'Password encrypted using DES'); 
     83is(crypt($clearpass, $password), $password); 
     84 
     85$password = LATMOS::Accounts::Utils::Crypt($clearpass, 'MD5'); 
     86like($password, qr/^\$1\$.*/, 'Password encrypted using MD5'); 
     87is(crypt($clearpass, $password), $password); 
     88 
     89$password = LATMOS::Accounts::Utils::Crypt($clearpass, 'sha-256'); 
     90like($password, qr/^\$5\$.*/, 'Password encrypted using SHA-256'); 
     91is(crypt($clearpass, $password), $password); 
     92 
     93$password = LATMOS::Accounts::Utils::Crypt($clearpass, 'SHA-512'); 
     94like($password, qr/^\$6\$.*/, 'Password encrypted using SHA-512'); 
     95is(crypt($clearpass, $password), $password); 
     96 
     97$password = LATMOS::Accounts::Utils::Crypt($clearpass, '5'); 
     98like($password, qr/^\$5\$.*/, 'Password encrypted using SHA-256 (number)'); 
     99is(crypt($clearpass, $password), $password); 
     100 
     101$password = LATMOS::Accounts::Utils::Crypt($clearpass); 
     102like($password, qr/^\$1\$.*/, 'Password encrypted using MD5 (default)'); 
     103is(crypt($clearpass, $password), $password); 
     104 
    79105is(yesno('yes'),  1, 'yes is true'); 
    80106is(yesno('true'), 1, 'true is true'); 
Note: See TracChangeset for help on using the changeset viewer.