2016-05-14 20:05:40 +02:00
|
|
|
##@file
|
|
|
|
# DBI common functions
|
|
|
|
|
|
|
|
##@class
|
|
|
|
# DBI common functions
|
|
|
|
package Lemonldap::NG::Portal::Lib::DBI;
|
|
|
|
|
|
|
|
use DBI;
|
2017-06-23 11:23:29 +02:00
|
|
|
use MIME::Base64;
|
2016-05-14 20:05:40 +02:00
|
|
|
use strict;
|
|
|
|
use Mouse;
|
|
|
|
|
2016-06-02 23:20:36 +02:00
|
|
|
extends 'Lemonldap::NG::Common::Module';
|
2016-05-14 20:05:40 +02:00
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
2016-06-09 20:40:20 +02:00
|
|
|
# PROPERTIES
|
|
|
|
|
2016-07-20 09:28:20 +02:00
|
|
|
# _dbh object: DB connection object
|
|
|
|
has _dbh => (
|
2016-05-14 20:05:40 +02:00
|
|
|
is => 'rw',
|
2016-05-19 07:11:50 +02:00
|
|
|
lazy => 1,
|
2016-07-20 09:28:20 +02:00
|
|
|
builder => 'dbh',
|
2016-05-14 20:05:40 +02:00
|
|
|
);
|
|
|
|
|
2016-07-20 09:28:20 +02:00
|
|
|
sub dbh {
|
|
|
|
my $conf = $_[0]->{conf};
|
|
|
|
$_[0]->{_dbh} = eval {
|
|
|
|
DBI->connect_cached(
|
|
|
|
$conf->{dbiAuthChain}, $conf->{dbiAuthUser},
|
|
|
|
$conf->{dbiAuthPassword}, { RaiseError => 1 }
|
|
|
|
);
|
|
|
|
};
|
|
|
|
if ($@) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$_[0]->{p}->logger->error("DBI connection error: $@");
|
2016-07-20 09:28:20 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return $_[0]->{_dbh};
|
|
|
|
}
|
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
2016-07-20 22:47:43 +02:00
|
|
|
# All DBI modules have just to verify that DBI connection is available
|
2016-07-20 09:28:20 +02:00
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
|
|
|
return $self->_dbh;
|
|
|
|
}
|
|
|
|
|
2016-06-09 20:40:20 +02:00
|
|
|
# RUNNING METHODS
|
|
|
|
|
2016-05-14 20:05:40 +02:00
|
|
|
# Return hashed password for use in SQL statement
|
|
|
|
# @param password clear password
|
|
|
|
# @param hash hash mechanism
|
|
|
|
# @return SQL statement string
|
|
|
|
sub hash_password {
|
|
|
|
my ( $self, $password, $hash ) = @_;
|
|
|
|
if ( $hash =~ /^(md5|sha|sha1|encrypt)$/i ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug( "Using " . uc($hash) . " to hash password" );
|
2016-05-14 20:05:40 +02:00
|
|
|
return uc($hash) . "($password)";
|
|
|
|
}
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->notice(
|
|
|
|
"No valid password hash, using clear text for password");
|
2016-05-14 20:05:40 +02:00
|
|
|
return $password;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
# Return hashed password for use in SQL SELECT statement
|
|
|
|
# Call hash_password unless encrypt hash is choosen
|
|
|
|
# @param password clear password
|
|
|
|
# @param hash hash mechanism
|
|
|
|
# @return SQL statement string
|
|
|
|
sub hash_password_for_select {
|
2016-05-19 07:11:50 +02:00
|
|
|
my ( $self, $password, $hash ) = @_;
|
2016-05-14 20:05:40 +02:00
|
|
|
my $passwordCol = $self->conf->{dbiAuthPasswordCol};
|
|
|
|
|
|
|
|
if ( $hash =~ /^encrypt$/i ) {
|
|
|
|
return uc($hash) . "($password,$passwordCol)";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return $self->hash_password( $password, $hash );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
## @method protected Lemonldap::NG::Portal::_DBI get_password(ref dbh, string user)
|
|
|
|
# Get password from database
|
|
|
|
# @param dbh database handler
|
|
|
|
# @param user user
|
|
|
|
# @return password
|
|
|
|
sub get_password {
|
|
|
|
my $self = shift;
|
|
|
|
my $dbh = shift;
|
|
|
|
my $user = shift || $self->{user};
|
|
|
|
my $table = $self->conf->{dbiAuthTable};
|
|
|
|
my $loginCol = $self->conf->{dbiAuthLoginCol};
|
|
|
|
my $passwordCol = $self->conf->{dbiAuthPasswordCol};
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
my @rows = ();
|
|
|
|
eval {
|
2017-06-23 11:57:07 +02:00
|
|
|
my $sth =
|
2017-06-23 16:54:35 +02:00
|
|
|
$dbh->prepare("SELECT $passwordCol FROM $table WHERE $loginCol=?");
|
2017-06-23 11:57:07 +02:00
|
|
|
$sth->execute($user);
|
2017-06-23 11:23:29 +02:00
|
|
|
@rows = $sth->fetchrow_array();
|
|
|
|
};
|
|
|
|
if ($@) {
|
2017-06-23 18:37:16 +02:00
|
|
|
$self->logger->error("DBI error while getting password: $@");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "";
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
if ( @rows == 1 ) {
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->logger->debug("Successfully got password from database");
|
2017-06-23 11:23:29 +02:00
|
|
|
return $rows[0];
|
|
|
|
}
|
|
|
|
else {
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->userLogger->warn("Unable to check password for $user");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "";
|
|
|
|
}
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
## @method protected Lemonldap::NG::Portal::_DBI hash_password_from_database
|
|
|
|
## (ref dbh, string dbmethod, string dbsalt, string password)
|
|
|
|
# Hash the given password calling the dbmethod function in database
|
|
|
|
# @param dbh database handler
|
|
|
|
# @param dbmethod the database method for hashing
|
|
|
|
# @param salt the salt used for hashing
|
|
|
|
# @param password the password to hash
|
|
|
|
# @return hashed password
|
|
|
|
sub hash_password_from_database {
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Remark: database function must get hexadecimal input
|
|
|
|
# and send back hexadecimal output
|
2017-06-23 11:57:07 +02:00
|
|
|
my $self = shift;
|
|
|
|
my $dbh = shift;
|
|
|
|
my $dbmethod = shift;
|
|
|
|
my $dbsalt = shift;
|
|
|
|
my $password = shift;
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# convert password to hexa
|
|
|
|
my $passwordh = unpack "H*", $password;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
my @rows = ();
|
|
|
|
eval {
|
|
|
|
my $sth = $dbh->prepare("SELECT $dbmethod('$passwordh$dbsalt')");
|
|
|
|
$sth->execute();
|
|
|
|
@rows = $sth->fetchrow_array();
|
|
|
|
};
|
|
|
|
if ($@) {
|
2017-06-23 18:37:16 +02:00
|
|
|
$self->logger->error(
|
|
|
|
"DBI error while hashing with '$dbmethod' hash function: $@");
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->userLogger->warn("Unable to check password");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "";
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
if ( @rows == 1 ) {
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->logger->debug(
|
|
|
|
"Successfully hashed password with $dbmethod hash function in database"
|
|
|
|
);
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# convert salt to binary
|
|
|
|
my $dbsaltb = pack 'H*', $dbsalt;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# convert result to binary
|
|
|
|
my $res = pack 'H*', $rows[0];
|
2017-06-23 11:57:07 +02:00
|
|
|
|
|
|
|
return encode_base64( $res . $dbsaltb, '' );
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
|
|
|
else {
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->userLogger->warn("Unable to check password with '$dbmethod'");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "";
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
|
|
|
# Return encode_base64(SQL_METHOD(password + salt) + salt)
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
## @method protected Lemonldap::NG::Portal::_DBI get_salt(string dbhash)
|
|
|
|
# Return salt from salted hash password
|
|
|
|
# @param dbhash hash password
|
|
|
|
# @return extracted salt
|
|
|
|
sub get_salt {
|
2017-06-23 11:57:07 +02:00
|
|
|
my $self = shift;
|
|
|
|
my $dbhash = shift;
|
2017-06-23 11:23:29 +02:00
|
|
|
my $dbsalt;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# get rid of scheme ({sha256})
|
|
|
|
$dbhash =~ s/^\{[^}]+\}(.*)$/$1/;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# get binary hash
|
|
|
|
my $decoded = &decode_base64($dbhash);
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# get last 8 bytes
|
|
|
|
$dbsalt = substr $decoded, -8;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# get hexadecimal version of salt
|
|
|
|
$dbsalt = unpack "H*", $dbsalt;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
return $dbsalt;
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
## @method protected Lemonldap::NG::Portal::_DBI gen_salt()
|
|
|
|
# Generate 8 bytes of hexadecimal random salt
|
|
|
|
# @return generated salt
|
|
|
|
sub gen_salt {
|
2017-06-23 11:57:07 +02:00
|
|
|
my $self = shift;
|
2017-06-23 11:23:29 +02:00
|
|
|
my $dbsalt;
|
2017-06-23 11:57:07 +02:00
|
|
|
my @set = ( '0' .. '9', 'A' .. 'F' );
|
|
|
|
|
|
|
|
$dbsalt = join '' => map $set[ rand @set ], 1 .. 16;
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
return $dbsalt;
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_password(ref dbh,
|
|
|
|
## string user, string password, string table, string loginCol, string passwordCol)
|
|
|
|
# Return hashed password for use in SQL statement
|
|
|
|
# @param dbh database handler
|
|
|
|
# @param user connected user
|
|
|
|
# @param password clear password
|
|
|
|
# @param table authentication table name
|
|
|
|
# @param loginCol name of the row containing the login
|
|
|
|
# @param passwordCol name of the row containing the password
|
|
|
|
# @return hashed password
|
|
|
|
sub dynamic_hash_password {
|
2017-06-23 11:57:07 +02:00
|
|
|
my $self = shift;
|
|
|
|
my $dbh = shift;
|
|
|
|
my $user = shift;
|
|
|
|
my $password = shift;
|
|
|
|
my $table = shift;
|
|
|
|
my $loginCol = shift;
|
2017-06-23 11:23:29 +02:00
|
|
|
my $passwordCol = shift;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Authorized hash schemes and salted hash schemes
|
|
|
|
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
|
2017-06-23 11:57:07 +02:00
|
|
|
my @validSaltedSchemes = split / /,
|
|
|
|
$self->conf->{dbiDynamicHashValidSaltedSchemes};
|
|
|
|
|
|
|
|
my $dbhash; # hash currently stored in database
|
|
|
|
my $dbscheme; # current hash scheme stored in database
|
|
|
|
my $dbmethod; # static hash method corresponding to a database function
|
|
|
|
my $dbsalt; # current salt stored in database
|
|
|
|
my $hash; # hash to compute from user password
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Search hash from database
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->logger->debug("Hash scheme is to be found in database");
|
|
|
|
$dbhash =
|
|
|
|
$self->get_password( $dbh, $user, $table, $loginCol, $passwordCol );
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Get the scheme
|
|
|
|
$dbscheme = $dbhash;
|
|
|
|
$dbscheme =~ s/^\{([^}]+)\}.*/$1/;
|
|
|
|
$dbscheme = "" if $dbscheme eq $dbhash;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# no hash scheme => assume clear text
|
2017-06-23 11:57:07 +02:00
|
|
|
if ( $dbscheme eq "" ) {
|
|
|
|
$self->logger->info("Password has no hash scheme");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "?";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# salted hash scheme
|
2017-06-23 11:57:07 +02:00
|
|
|
elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) {
|
|
|
|
$self->logger->info(
|
|
|
|
"Valid salted hash scheme: $dbscheme found for user $user");
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# extract non salted hash scheme
|
|
|
|
$dbmethod = $dbscheme;
|
|
|
|
$dbmethod =~ s/^s//i;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# extract the salt
|
|
|
|
$dbsalt = $self->get_salt($dbhash);
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->logger->debug("Get salt from password: $dbsalt");
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Hash password with given hash scheme and salt
|
2017-06-23 11:57:07 +02:00
|
|
|
$hash =
|
|
|
|
$self->hash_password_from_database( $dbh, $dbmethod, $dbsalt,
|
|
|
|
$password );
|
2017-06-23 11:23:29 +02:00
|
|
|
$hash = "{$dbscheme}$hash";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
return "'$hash'";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# static hash scheme
|
2017-06-23 11:57:07 +02:00
|
|
|
elsif ( grep( /^$dbscheme$/, @validSchemes ) ) {
|
|
|
|
$self->logger->info(
|
|
|
|
"Valid hash scheme: $dbscheme found for user $user");
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Hash given password with given hash scheme and no salt
|
2017-06-23 11:57:07 +02:00
|
|
|
$hash =
|
|
|
|
$self->hash_password_from_database( $dbh, $dbscheme, "", $password );
|
2017-06-23 11:23:29 +02:00
|
|
|
$hash = "{$dbscheme}$hash";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
return "'$hash'";
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# no valid hash scheme
|
|
|
|
else {
|
2017-06-23 18:37:16 +02:00
|
|
|
$self->logger->error("No valid hash scheme: $dbscheme for user $user");
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->userLogger->warn("Unable to check password for $user");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "";
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_new_password(ref dbh,
|
|
|
|
## string user, string password)
|
|
|
|
# Return hashed password for use in SQL statement
|
|
|
|
# @param dbh database handler
|
|
|
|
# @param user connected user
|
|
|
|
# @param password clear password
|
|
|
|
# @param dbscheme the scheme to use for hashing
|
|
|
|
# @return hashed password
|
|
|
|
sub dynamic_hash_new_password {
|
|
|
|
my $self = shift;
|
|
|
|
my $dbh = shift;
|
|
|
|
my $user = shift;
|
|
|
|
my $password = shift;
|
2017-06-23 11:57:07 +02:00
|
|
|
my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || "";
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Authorized hash schemes and salted hash schemes
|
|
|
|
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
|
2017-06-23 11:57:07 +02:00
|
|
|
my @validSaltedSchemes = split / /,
|
|
|
|
$self->conf->{dbiDynamicHashValidSaltedSchemes};
|
|
|
|
|
|
|
|
my $dbmethod; # static hash method corresponding to a database function
|
|
|
|
my $dbsalt; # salt to generate for new hashed password
|
|
|
|
my $hash; # hash to compute from user password
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# no hash scheme => assume clear text
|
2017-06-23 11:57:07 +02:00
|
|
|
if ( $dbscheme eq "" ) {
|
|
|
|
$self->logger->info(
|
|
|
|
"No hash scheme selected, storing password in clear text");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "?";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# salted hash scheme
|
2017-06-23 11:57:07 +02:00
|
|
|
elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) {
|
|
|
|
$self->logger->info("Selected salted hash scheme: $dbscheme");
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# extract non salted hash scheme
|
|
|
|
$dbmethod = $dbscheme;
|
|
|
|
$dbmethod =~ s/^s//i;
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# generate the salt
|
|
|
|
$dbsalt = $self->gen_salt();
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->logger->debug("Generated salt: $dbsalt");
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Hash given password with given hash scheme and salt
|
2017-06-23 11:57:07 +02:00
|
|
|
$hash =
|
|
|
|
$self->hash_password_from_database( $dbh, $dbmethod, $dbsalt,
|
|
|
|
$password );
|
2017-06-23 11:23:29 +02:00
|
|
|
$hash = "{$dbscheme}$hash";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
return "'$hash'";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# static hash scheme
|
2017-06-23 11:57:07 +02:00
|
|
|
elsif ( grep( /^$dbscheme$/, @validSchemes ) ) {
|
|
|
|
$self->logger->info("Selected hash scheme: $dbscheme");
|
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Hash given password with given hash scheme and no salt
|
2017-06-23 11:57:07 +02:00
|
|
|
$hash =
|
|
|
|
$self->hash_password_from_database( $dbh, $dbscheme, "", $password );
|
2017-06-23 11:23:29 +02:00
|
|
|
$hash = "{$dbscheme}$hash";
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
return "'$hash'";
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# no valid hash scheme
|
|
|
|
else {
|
2017-06-23 18:37:16 +02:00
|
|
|
$self->logger->error("No selected hash scheme: $dbscheme is invalid");
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->userLogger->warn("Unable to store password for $user");
|
2017-06-23 11:23:29 +02:00
|
|
|
return "";
|
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
|
|
|
|
2016-05-14 20:05:40 +02:00
|
|
|
# Verify user and password with SQL SELECT
|
|
|
|
# @param user user
|
|
|
|
# @param password password
|
|
|
|
# @return boolean result
|
|
|
|
sub check_password {
|
2016-05-19 07:11:50 +02:00
|
|
|
my ( $self, $user, $password ) = @_;
|
|
|
|
|
|
|
|
# If $user is an object then it's a Lemonldap::NG::Portal::Main::Request
|
|
|
|
# object
|
|
|
|
if ( ref($user) ) {
|
2016-05-19 22:07:46 +02:00
|
|
|
$password = $user->datas->{password};
|
|
|
|
$user = $user->{user};
|
2016-05-19 07:11:50 +02:00
|
|
|
}
|
2016-05-14 20:05:40 +02:00
|
|
|
my $table = $self->conf->{dbiAuthTable};
|
|
|
|
my $loginCol = $self->conf->{dbiAuthLoginCol};
|
|
|
|
my $passwordCol = $self->conf->{dbiAuthPasswordCol};
|
2017-06-23 11:23:29 +02:00
|
|
|
my $dynamicHash = $self->conf->{dbiDynamicHashEnabled} || 0;
|
2016-05-14 20:05:40 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
my $passwordsql;
|
|
|
|
if ( $dynamicHash == 1 ) {
|
2017-06-23 11:57:07 +02:00
|
|
|
|
2017-06-23 11:23:29 +02:00
|
|
|
# Dynamic password hashes
|
|
|
|
$passwordsql =
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->dynamic_hash_password( $self->dbh, $user, $password, $table,
|
|
|
|
$loginCol, $passwordCol );
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2017-06-23 11:57:07 +02:00
|
|
|
else {
|
2017-06-23 11:23:29 +02:00
|
|
|
# Static Password hashes
|
|
|
|
$passwordsql =
|
2017-06-23 11:57:07 +02:00
|
|
|
$self->hash_password_for_select( "?",
|
|
|
|
$self->conf->{dbiAuthPasswordHash} );
|
2017-06-23 11:23:29 +02:00
|
|
|
}
|
2016-05-14 20:05:40 +02:00
|
|
|
|
|
|
|
my @rows = ();
|
|
|
|
eval {
|
|
|
|
my $sth = $self->dbh->prepare(
|
|
|
|
"SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql"
|
|
|
|
);
|
2017-06-23 11:57:07 +02:00
|
|
|
$sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/;
|
|
|
|
$sth->execute($user) unless $passwordsql =~ /.*\?.*/;
|
2016-05-14 20:05:40 +02:00
|
|
|
@rows = $sth->fetchrow_array();
|
|
|
|
};
|
|
|
|
if ($@) {
|
2016-07-20 09:28:20 +02:00
|
|
|
|
|
|
|
# If connection isn't available, error is displayed by dbh()
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("DBI error: $@") if ( $self->_dbh );
|
2016-05-14 20:05:40 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( @rows == 1 ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("One row returned by SQL query");
|
2016-05-14 20:05:40 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
else {
|
2017-02-15 15:16:59 +01:00
|
|
|
$self->userLogger->warn("Bad password for $user");
|
2016-05-14 20:05:40 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|