cherokee at cherokee-project
Jul 1, 2009, 6:48 AM
Views: 106
Permalink
|
|
[3408] cherokee/trunk: Adds support for SHA1 hashed passwords.
|
|
Revision: 3408
http://svn.cherokee-project.com/changeset/3408
Author: alo
Date: 2009-07-01 15:48:36 +0200 (Wed, 01 Jul 2009)
Log Message:
-----------
Adds support for SHA1 hashed passwords. Based on patch by Frank
Groeneveld <frankgroeneveld[at]gmail.com>. Thank you, goog stuff!!
It implements: http://bugs.cherokee-project.com/477
Modified Paths:
--------------
cherokee/trunk/admin/ModuleMysql.py
cherokee/trunk/cherokee/validator_mysql.c
cherokee/trunk/cherokee/validator_mysql.h
Modified: cherokee/trunk/admin/ModuleMysql.py
===================================================================
--- cherokee/trunk/admin/ModuleMysql.py 2009-07-01 10:12:05 UTC (rev 3407)
+++ cherokee/trunk/admin/ModuleMysql.py 2009-07-01 13:48:36 UTC (rev 3408)
@@ -11,8 +11,13 @@
NOTE_PASSWD = N_('Password for connecting to the database.')
NOTE_DB = N_('Database name containing the user/password pair list.')
NOTE_SQL = N_('SQL command to execute. ${user} is replaced with the user name.')
-NOTE_MD5 = N_('Active to use MD5 passwords. Only suitable for the "Basic" authentication mechanism.')
+NOTE_HASH = N_('Choose an encryption type for the password. Only suitable for the "Basic" authentication mechanism.')
+HASHES = [.
+ ('', 'None'),
+ ('md5', 'MD5'),
+ ('sha1', 'SHA1')
+]
HELPS = [.
('modules_validators_mysql', "MySQL")
@@ -22,7 +27,7 @@
PROPERTIES = ModuleAuthBase.PROPERTIES + [.
'host', 'port', 'unix_socket',
'user', 'passwd', 'database',
- 'query', 'use_md5_passwd'
+ 'query', 'hash'
]
METHODS = ['basic', 'digest']
@@ -43,7 +48,11 @@
self.AddPropEntry (table, _("DB Password"), "%s!passwd"%(self._prefix), _(NOTE_PASSWD))
self.AddPropEntry (table, _("Database"), "%s!database"%(self._prefix), _(NOTE_DB))
self.AddPropEntry (table, _("SQL Query"), "%s!query"%(self._prefix), _(NOTE_SQL))
- self.AddPropCheck (table, _('Use MD5 Passwords'), "%s!use_md5_passwd"%(self._prefix), False, _(NOTE_MD5), disabled=not is_basic)
+
+ if not is_basic:
+ self.AddPropOptions (table, _('Password Hash'), "%s!hash"%(self._prefix), HASHES, _(NOTE_HASH), disabled=1)
+ else:
+ self.AddPropOptions (table, _('Password Hash'), "%s!hash"%(self._prefix), HASHES, _(NOTE_HASH))
txt += '<h2>%s</h2>' % (_('MySQL connection'))
txt += self.Indent(table)
@@ -57,14 +66,12 @@
pre = '%s!%s' % (self._prefix, key)
self.Validate_NotEmpty (post, pre, msg + _(' can not be empty'))
- # Check MD5
- md5_pre = "%s!use_md5_passwd"%(self._prefix)
+ # Check Hash
+ hash_pre = "%s!hash"%(self._prefix)
is_basic = (self._cfg.get_val ("%s!methods"%(self._prefix)) == "basic")
if not is_basic:
- self._cfg[md5_pre] = '0'
+ post.pop (hash_pre)
+ del(self._cfg[hash_pre])
- self.ApplyChangesPrefix (self._prefix, ['use_md5_passwd'], post)
- post.pop('use_md5_passwd')
-
ModuleAuthBase._op_apply_changes (self, uri, post)
Modified: cherokee/trunk/cherokee/validator_mysql.c
===================================================================
--- cherokee/trunk/cherokee/validator_mysql.c 2009-07-01 10:12:05 UTC (rev 3407)
+++ cherokee/trunk/cherokee/validator_mysql.c 2009-07-01 13:48:36 UTC (rev 3408)
@@ -73,8 +73,8 @@
cherokee_buffer_init (&n->database);
cherokee_buffer_init (&n->query);
- n->port = MYSQL_DEFAULT_PORT;
- n->use_md5_passwd = false;
+ n->port = MYSQL_DEFAULT_PORT;
+ n->hash_type = cherokee_mysql_hash_none;
*_props = MODULE_PROPS (n);
}
@@ -105,16 +105,25 @@
} else if (equal_buf_str (&subconf->key, "query")) {
cherokee_buffer_add_buffer (&props->query, &subconf->val);
- } else if (equal_buf_str (&subconf->key, "use_md5_passwd")) {
- props->use_md5_passwd = !!atoi (subconf->val.buf);
+ } else if (equal_buf_str (&subconf->key, "hash")) {
+ if (equal_buf_str (&subconf->val, "md5")) {
+ props->hash_type = cherokee_mysql_hash_md5;
+ } else if (equal_buf_str (&subconf->val, "sha1")) {
+ props->hash_type = cherokee_mysql_hash_sha1;
+
+ } else {
+ LOG_CRITICAL ("Validator MySQL: Unknown hash type: '%s'\n", subconf->val.buf);
+ return ret_error;
+ }
+
} else if ((equal_buf_str (&subconf->key, "methods") ||
equal_buf_str (&subconf->key, "realm")))
{
/* not handled here
*/
} else {
- PRINT_MSG ("ERROR: Validator MySQL: Unknown key: '%s'\n", subconf->key.buf);
+ LOG_CRITICAL ("Validator MySQL: Unknown key: '%s'\n", subconf->key.buf);
return ret_error;
}
}
@@ -271,20 +280,22 @@
row = mysql_fetch_row (result);
lengths = mysql_fetch_lengths (result);
- if ((props->use_md5_passwd) ||
- (conn->req_auth_type == http_auth_digest))
- {
- cherokee_buffer_add_buffer (&user_passwd, &conn->validator->passwd);
- cherokee_buffer_encode_md5_digest (&user_passwd);
- } else {
- cherokee_buffer_add_buffer (&user_passwd, &conn->validator->passwd);
- }
cherokee_buffer_add (&db_passwd, row[0], (size_t) lengths[0]);
/* Check it out
*/
switch (conn->req_auth_type) {
case http_auth_basic:
+ cherokee_buffer_add_buffer (&user_passwd, &conn->validator->passwd);
+
+ /* Hashes */
+ if (props->hash_type == cherokee_mysql_hash_md5) {
+ cherokee_buffer_encode_md5_digest (&user_passwd);
+ } else if (props->hash_type == cherokee_mysql_hash_sha1) {
+ cherokee_buffer_encode_sha1_digest (&user_passwd);
+ }
+
+ /* Compare passwords */
re = cherokee_buffer_case_cmp_buf (&user_passwd, &db_passwd);
ret = (re == 0) ? ret_ok : ret_deny;
break;
Modified: cherokee/trunk/cherokee/validator_mysql.h
===================================================================
--- cherokee/trunk/cherokee/validator_mysql.h 2009-07-01 10:12:05 UTC (rev 3407)
+++ cherokee/trunk/cherokee/validator_mysql.h 2009-07-01 13:48:36 UTC (rev 3408)
@@ -35,6 +35,12 @@
MYSQL *conn;
} cherokee_validator_mysql_t;
+typedef enum {
+ cherokee_mysql_hash_none,
+ cherokee_mysql_hash_md5,
+ cherokee_mysql_hash_sha1
+} cherokee_mysql_hash_t;
+
typedef struct {
cherokee_module_props_t base;
@@ -47,8 +53,7 @@
cherokee_buffer_t database;
cherokee_buffer_t query;
- cherokee_boolean_t use_md5_passwd;
-
+ cherokee_mysql_hash_t hash_type;
} cherokee_validator_mysql_props_t;
#define MYSQL(x) ((cherokee_validator_mysql_t *)(x))
|
[3408] cherokee/trunk: Adds support for SHA1 hashed passwords.