Module: ActiveLdap::UserPassword

Defined in:

lib/active_ldap/user_password.rb

Defined Under Namespace

Modules: Salt

Class Method Summary

• .crypt(password, salt = nil) ⇒ Object
• .extract_salt_for_crypt(crypted_password) ⇒ Object
• .extract_salt_for_smd5(smd5ed_password) ⇒ Object
• .extract_salt_for_ssha(sshaed_password) ⇒ Object
• .md5(password) ⇒ Object
• .sha(password) ⇒ Object
• .smd5(password, salt = nil) ⇒ Object
• .ssha(password, salt = nil) ⇒ Object
• .valid?(password, hashed_password) ⇒ Boolean

Class Method Details

.crypt(password, salt = nil) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 33

def crypt(password, salt=nil)
  salt ||= "$1$#{Salt.generate(8)}"
  "{CRYPT}#{password.crypt(salt)}"
end

.extract_salt_for_crypt(crypted_password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 38

def extract_salt_for_crypt(crypted_password)
  if /^\$1\$/ =~ crypted_password
    $MATCH + $POSTMATCH[0, 8].sub(/\$.*/, '') + "$"
  else
    crypted_password[0, 2]
  end
end

.extract_salt_for_smd5(smd5ed_password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 59

def extract_salt_for_smd5(smd5ed_password)
  Base64.decode64(smd5ed_password)[-4, 4]
end

.extract_salt_for_ssha(sshaed_password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 76

def extract_salt_for_ssha(sshaed_password)
  extract_salt_for_smd5(sshaed_password)
end

.md5(password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 46

def md5(password)
  "{MD5}#{Base64.encode64(MD5.md5(password).digest).chomp}"
end

.sha(password) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 63

def sha(password)
  "{SHA}#{Base64.encode64(SHA1.sha1(password).digest).chomp}"
end

.smd5(password, salt = nil) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 50

def smd5(password, salt=nil)
  if salt and salt.size != 4
    raise ArgumentError, _("salt size must be == 4: %s") % salt.inspect
  end
  salt ||= Salt.generate(4)
  md5_hash_with_salt = "#{MD5.md5(password + salt).digest}#{salt}"
  "{SMD5}#{Base64.encode64(md5_hash_with_salt).chomp}"
end

.ssha(password, salt = nil) ⇒ Object

# File 'lib/active_ldap/user_password.rb', line 67

def ssha(password, salt=nil)
  if salt and salt.size != 4
    raise ArgumentError, _("salt size must be == 4: %s") % salt.inspect
  end
  salt ||= Salt.generate(4)
  sha1_hash_with_salt = "#{SHA1.sha1(password + salt).digest}#{salt}"
  "{SSHA}#{Base64.encode64(sha1_hash_with_salt).chomp}"
end

.valid?(password, hashed_password) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_ldap/user_password.rb', line 9

def valid?(password, hashed_password)
  unless /^\{([A-Z][A-Z\d]+)\}/ =~ hashed_password
    raise ArgumentError, _("Invalid hashed password: %s") % hashed_password
  end
  type = $1
  hashed_password_without_type = $POSTMATCH
  normalized_type = type.downcase
  unless respond_to?(normalized_type)
    raise ArgumentError, _("Unknown Hash type: %s") % type
  end
  salt_extractor = "extract_salt_for_#{normalized_type}"
  if respond_to?(salt_extractor)
    salt = send(salt_extractor, hashed_password_without_type)
    if salt.nil?
      raise ArgumentError,
        _("Can't extract salt from hashed password: %s") % hashed_password
    end
    generated_password = send(normalized_type, password, salt)
  else
    generated_password = send(normalized_type, password)
  end
  hashed_password == generated_password
end