Module: ActiveLdap::UserPassword

Defined in:

lib/active_ldap/user_password.rb

Defined Under Namespace

Modules: Salt

Class Method Summary

• .crypt(password, salt = nil) ⇒ Object
• .extract_salt_for_crypt(crypted_password) ⇒ Object
• .extract_salt_for_smd5(smd5ed_password) ⇒ Object
• .extract_salt_for_ssha(sshaed_password) ⇒ Object
• .md5(password) ⇒ Object
• .sha(password) ⇒ Object
• .smd5(password, salt = nil) ⇒ Object
• .ssha(password, salt = nil) ⇒ Object
• .valid?(password, hashed_password) ⇒ Boolean

Class Method Details

.crypt(password, salt = nil) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 32

def crypt(password, salt=nil)
  salt ||= "$1$#{Salt.generate(8)}"
  "{CRYPT}#{password.crypt(salt)}"
end

.extract_salt_for_crypt(crypted_password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 37

def extract_salt_for_crypt(crypted_password)
  if /^\$1\$/ =~ crypted_password
    $MATCH + $POSTMATCH[0, 8].sub(/\$.*/, '') + "$"
  else
    crypted_password[0, 2]
  end
end

.extract_salt_for_smd5(smd5ed_password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 58

def extract_salt_for_smd5(smd5ed_password)
  Base64.decode64(smd5ed_password)[-4, 4]
end

.extract_salt_for_ssha(sshaed_password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 75

def extract_salt_for_ssha(sshaed_password)
  extract_salt_for_smd5(sshaed_password)
end

.md5(password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 45

def md5(password)
  "{MD5}#{[Digest::MD5.digest(password)].pack('m').chomp}"
end

.sha(password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 62

def sha(password)
  "{SHA}#{[Digest::SHA1.digest(password)].pack('m').chomp}"
end

.smd5(password, salt = nil) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 49

def smd5(password, salt=nil)
  if salt and salt.size != 4
    raise ArgumentError, _("salt size must be == 4: %s") % salt.inspect
  end
  salt ||= Salt.generate(4)
  md5_hash_with_salt = "#{Digest::MD5.digest(password + salt)}#{salt}"
  "{SMD5}#{[md5_hash_with_salt].pack('m').chomp}"
end

.ssha(password, salt = nil) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 66

def ssha(password, salt=nil)
  if salt and salt.size != 4
    raise ArgumentError, _("salt size must be == 4: %s") % salt.inspect
  end
  salt ||= Salt.generate(4)
  sha1_hash_with_salt = "#{Digest::SHA1.digest(password + salt)}#{salt}"
  "{SSHA}#{[sha1_hash_with_salt].pack('m').chomp}"
end

.valid?(password, hashed_password) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_ldap/user_password.rb', line 8

def valid?(password, hashed_password)
  unless /^\{([A-Z][A-Z\d]+)\}/ =~ hashed_password
    raise ArgumentError, _("Invalid hashed password: %s") % hashed_password
  end
  type = $1
  hashed_password_without_type = $POSTMATCH
  normalized_type = type.downcase
  unless respond_to?(normalized_type)
    raise ArgumentError, _("Unknown Hash type: %s") % type
  end
  salt_extractor = "extract_salt_for_#{normalized_type}"
  if respond_to?(salt_extractor)
    salt = send(salt_extractor, hashed_password_without_type)
    if salt.nil?
      raise ArgumentError,
        _("Can't extract salt from hashed password: %s") % hashed_password
    end
    generated_password = send(normalized_type, password, salt)
  else
    generated_password = send(normalized_type, password)
  end
  hashed_password == generated_password
end