From: Moritz Bunkus Date: Thu, 16 Jun 2011 08:00:11 +0000 (+0200) Subject: Passwort-Hashing in eigenes Modul ausgelagert X-Git-Tag: release-2.7.0beta1~394^2~2 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=58fdd50dbb6b909d48b2846f36857b2bd2219441;p=kivitendo-erp.git Passwort-Hashing in eigenes Modul ausgelagert --- diff --git a/SL/Auth/DB.pm b/SL/Auth/DB.pm index dd6350623..e70112be1 100644 --- a/SL/Auth/DB.pm +++ b/SL/Auth/DB.pm @@ -6,6 +6,7 @@ use Carp; use Scalar::Util qw(weaken); use SL::Auth::Constants qw(:all); +use SL::Auth::Password; use SL::DBUtils; sub new { @@ -45,9 +46,9 @@ sub authenticate { # Empty password hashes in the database mean just that -- empty # passwords. Hash it for easier comparison. - $stored_password = $self->hash_password(password => $stored_password) unless $stored_password; - ($algorithm, $stored_password) = $self->parse_password_entry($stored_password); - ($algorithm2, $password) = $self->parse_password_entry($self->hash_password(password => $password, algorithm => $algorithm, login => $login)); + $stored_password = SL::Auth::Password->hash(password => $stored_password) unless $stored_password; + ($algorithm, $stored_password) = SL::Auth::Password->parse($stored_password); + ($algorithm2, $password) = SL::Auth::Password->parse(SL::Auth::Password->hash(password => $password, algorithm => $algorithm, login => $login)); $main::lxdebug->leave_sub(); @@ -73,7 +74,7 @@ sub change_password { return ERR_BACKEND; } - $password = $self->hash_password(password => $password) unless $is_crypted; + $password = SL::Auth::Password->hash(password => $password) unless $is_crypted; do_query($main::form, $dbh, qq|UPDATE auth."user" SET password = ? WHERE login = ?|, $password, $login); @@ -88,42 +89,4 @@ sub verify_config { return 1; } -sub hash_password { - my ($self, %params) = @_; - - if (!$params{algorithm}) { - $params{algorithm} = 'SHA1'; - $params{fallback_algorithm} = 'MD5'; - } - - if ($params{algorithm} eq 'SHA1') { - if (eval { require Digest::SHA1; 1 }) { - return '{SHA1}' . Digest::SHA1::sha1_hex($params{password}); - - } elsif ($params{fallback_algorithm}) { - return $self->hash_password(%params, algorithm => $params{fallback_algorithm}); - - } else { - die 'Digest::SHA1 not available'; - } - - } elsif ($params{algorithm} eq 'MD5') { - require Digest::MD5; - return '{MD5}' . Digest::MD5::md5_hex($params{password}); - - } elsif ($params{algorithm} eq 'CRYPT') { - return '{CRYPT}' . crypt($params{password}, substr($params{login}, 0, 2)); - - } else { - croak 'Unsupported hash algorithm ' . $params{algorithm}; - } -} - -sub parse_password_entry { - my ($self, $password) = @_; - - return ($1, $2) if $password =~ m/^\{ ([^\}]+) \} (.+)/x; - return ('CRYPT', $password); -} - 1; diff --git a/SL/Auth/Password.pm b/SL/Auth/Password.pm new file mode 100644 index 000000000..9b0f1aec7 --- /dev/null +++ b/SL/Auth/Password.pm @@ -0,0 +1,45 @@ +package SL::Auth::Password; + +use strict; + +use Carp; + +sub hash { + my ($class, %params) = @_; + + if (!$params{algorithm}) { + $params{algorithm} = 'SHA1'; + $params{fallback_algorithm} = 'MD5'; + } + + if ($params{algorithm} eq 'SHA1') { + if (eval { require Digest::SHA1; 1 }) { + return '{SHA1}' . Digest::SHA1::sha1_hex($params{password}); + + } elsif ($params{fallback_algorithm}) { + return $class->hash_password(%params, algorithm => $params{fallback_algorithm}); + + } else { + die 'Digest::SHA1 not available'; + } + + } elsif ($params{algorithm} eq 'MD5') { + require Digest::MD5; + return '{MD5}' . Digest::MD5::md5_hex($params{password}); + + } elsif ($params{algorithm} eq 'CRYPT') { + return '{CRYPT}' . crypt($params{password}, substr($params{login}, 0, 2)); + + } else { + croak 'Unsupported hash algorithm ' . $params{algorithm}; + } +} + +sub parse { + my ($class, $password) = @_; + + return ($1, $2) if $password =~ m/^\{ ([^\}]+) \} (.+)/x; + return ('CRYPT', $password); +} + +1;