Module: ActiveLdap::UserPassword

Defined in:
lib/active_ldap/user_password.rb

Defined Under Namespace

Modules: Salt

Class Method Summary collapse

Class Method Details

.crypt(password, salt = nil) ⇒ Object 



34
35
36
37
 
# File 'lib/active_ldap/user_password.rb', line 34

def crypt(password, salt=nil)
  salt ||= "$1$#{Salt.generate(8)}"
  "{CRYPT}#{password.crypt(salt)}"
end

.extract_salt_at_pos(hashed_password, position) ⇒ Object 



81
82
83
84
 
# File 'lib/active_ldap/user_password.rb', line 81

def extract_salt_at_pos(hashed_password, position)
  salt = Base64.decode64(hashed_password)[position..-1]
  salt == '' ? nil : salt
end

.extract_salt_for_crypt(crypted_password) ⇒ Object 



39
40
41
42
43
44
45
 
# File 'lib/active_ldap/user_password.rb', line 39

def extract_salt_for_crypt(crypted_password)
  if /^\$1\$/ =~ crypted_password
    $MATCH + $POSTMATCH[0, 8].sub(/\$.*/, '') + "$"
  else
    crypted_password[0, 2]
  end
end

.extract_salt_for_smd5(smd5ed_password) ⇒ Object 



60
61
62
 
# File 'lib/active_ldap/user_password.rb', line 60

def extract_salt_for_smd5(smd5ed_password)
  extract_salt_at_pos(smd5ed_password, 16)
end

.extract_salt_for_ssha(sshaed_password) ⇒ Object 



77
78
79
 
# File 'lib/active_ldap/user_password.rb', line 77

def extract_salt_for_ssha(sshaed_password)
  extract_salt_at_pos(sshaed_password, 20)
end

.md5(password) ⇒ Object 



47
48
49
 
# File 'lib/active_ldap/user_password.rb', line 47

def md5(password)
  "{MD5}#{[Digest::MD5.digest(password)].pack('m').chomp}"
end

.sha(password) ⇒ Object 



64
65
66
 
# File 'lib/active_ldap/user_password.rb', line 64

def sha(password)
  "{SHA}#{[Digest::SHA1.digest(password)].pack('m').chomp}"
end

.smd5(password, salt = nil) ⇒ Object 



51
52
53
54
55
56
57
58
 
# File 'lib/active_ldap/user_password.rb', line 51

def smd5(password, salt=nil)
  if salt and salt.size < 4
    raise ArgumentError, _("salt size must be >= 4: %s") % salt.inspect
  end
  salt ||= Salt.generate(4)
  md5_hash_with_salt = "#{Digest::MD5.digest(password + salt)}#{salt}"
  "{SMD5}#{[md5_hash_with_salt].pack('m').gsub("\n", '')}"
end

.ssha(password, salt = nil) ⇒ Object 



68
69
70
71
72
73
74
75
 
# File 'lib/active_ldap/user_password.rb', line 68

def ssha(password, salt=nil)
  if salt and salt.size < 4
    raise ArgumentError, _("salt size must be >= 4: %s") % salt.inspect
  end
  salt ||= Salt.generate(4)
  sha1_hash_with_salt = "#{Digest::SHA1.digest(password + salt)}#{salt}"
  "{SSHA}#{[sha1_hash_with_salt].pack('m').gsub("\n", '')}"
end

.valid?(password, hashed_password) ⇒ Boolean

Returns:

  • (Boolean) 


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/active_ldap/user_password.rb', line 9

def valid?(password, hashed_password)
  unless /^\{([A-Za-z][A-Za-z\d]+)\}/ =~ hashed_password
    # Plain text password
    return hashed_password == password
  end
  type = $1
  hashed_password_without_type = $POSTMATCH
  normalized_type = type.downcase
  unless respond_to?(normalized_type)
    raise ArgumentError, _("Unknown Hash type: %s") % type
  end
  salt_extractor = "extract_salt_for_#{normalized_type}"
  if respond_to?(salt_extractor)
    salt = send(salt_extractor, hashed_password_without_type)
    if salt.nil?
      raise ArgumentError,
        _("Can't extract salt from hashed password: %s") % hashed_password
    end
    generated_password = send(normalized_type, password, salt)
  else
    generated_password = send(normalized_type, password)
  end
  hashed_password == generated_password
end