Skip to content

Commit 9de9bc7

Browse files
author
Rory O'Connell
committed
Merge pull request ruby-ldap#34 from jessehub/master
salted sha1 for password generator()
2 parents b6d9fbe + aa677d0 commit 9de9bc7

File tree

1 file changed

+20
-14
lines changed

1 file changed

+20
-14
lines changed

lib/net/ldap/password.rb

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,37 @@
11
# -*- ruby encoding: utf-8 -*-
22
require 'digest/sha1'
33
require 'digest/md5'
4+
require 'base64'
45

56
class Net::LDAP::Password
67
class << self
78
# Generate a password-hash suitable for inclusion in an LDAP attribute.
8-
# Pass a hash type (currently supported: :md5 and :sha) and a plaintext
9+
# Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
910
# password. This function will return a hashed representation.
1011
#
1112
#--
1213
# STUB: This is here to fulfill the requirements of an RFC, which
1314
# one?
1415
#
15-
# TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
16-
# sha1 as a synonym for sha1? I vote no because then should you also
17-
# provide ssha1 for symmetry?
16+
# TODO:
17+
# * maybe salted-md5
18+
# * Should we provide sha1 as a synonym for sha1? I vote no because then
19+
# should you also provide ssha1 for symmetry?
20+
#
21+
attribute_value = ""
1822
def generate(type, str)
19-
digest, digest_name = case type
20-
when :md5
21-
[Digest::MD5.new, 'MD5']
22-
when :sha
23-
[Digest::SHA1.new, 'SHA']
24-
else
25-
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
26-
end
27-
digest << str.to_s
28-
return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
23+
case type
24+
when :md5
25+
attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
26+
when :sha
27+
attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
28+
when :ssha
29+
srand; salt = (rand * 1000).to_i.to_s
30+
attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
31+
else
32+
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
33+
end
34+
return attribute_value
2935
end
3036
end
3137
end

0 commit comments

Comments
 (0)