first working version of dynamic hash passwords in trunk (LEMONLDAP-1245)
This commit is contained in:
David COUTADEUR
parent
5e4ef360e0
commit
6533b0a36b
|
|
@ -5,250 +5,234 @@ our $VERSION = '2.0.0';
|
|||
|
||||
sub defaultValues {
|
||||
return {
|
||||
'activeTimer' => 1,
|
||||
'ADPwdExpireWarning' => 0,
|
||||
'ADPwdMaxAge' => 0,
|
||||
'apacheAuthnLevel' => 4,
|
||||
'applicationList' => {
|
||||
'default' => {
|
||||
'catname' => 'Default category',
|
||||
'type' => 'category'
|
||||
}
|
||||
},
|
||||
'authChoiceParam' => 'lmAuth',
|
||||
'authentication' => 'Demo',
|
||||
'captcha_mail_enabled' => 1,
|
||||
'captcha_register_enabled' => 1,
|
||||
'captcha_size' => 6,
|
||||
'casAccessControlPolicy' => 'none',
|
||||
'casAuthnLevel' => 1,
|
||||
'checkXSS' => 1,
|
||||
'confirmFormMethod' => 'post',
|
||||
'cookieName' => 'lemonldap',
|
||||
'cspConnect' => '\'self\'',
|
||||
'cspDefault' => '\'self\'',
|
||||
'cspFont' => '\'self\'',
|
||||
'cspImg' => '\'self\' data:',
|
||||
'cspScript' => '\'self\'',
|
||||
'cspStyle' => '\'self\'',
|
||||
'dbiAuthnLevel' => 2,
|
||||
'dbiExportedVars' => {},
|
||||
'demoExportedVars' => {
|
||||
'cn' => 'cn',
|
||||
'mail' => 'mail',
|
||||
'uid' => 'uid'
|
||||
},
|
||||
'domain' => 'example.com',
|
||||
'exportedVars' => {
|
||||
'UA' => 'HTTP_USER_AGENT'
|
||||
},
|
||||
'ext2fActivation' => 0,
|
||||
'facebookAuthnLevel' => 1,
|
||||
'facebookExportedVars' => {},
|
||||
'failedLoginNumber' => 5,
|
||||
'formTimeout' => 120,
|
||||
'globalStorage' => 'Apache::Session::File',
|
||||
'globalStorageOptions' => {
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'generateModule' =>
|
||||
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
|
||||
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
||||
},
|
||||
'groups' => {},
|
||||
'hiddenAttributes' => '_password',
|
||||
'httpOnly' => 1,
|
||||
'infoFormMethod' => 'get',
|
||||
'issuerDBCASPath' => '^/cas/',
|
||||
'issuerDBCASRule' => 1,
|
||||
'issuerDBGetParameters' => {},
|
||||
'issuerDBGetPath' => '^/get/',
|
||||
'issuerDBGetRule' => 1,
|
||||
'issuerDBOpenIDConnectPath' => '^/oauth2/',
|
||||
'issuerDBOpenIDConnectRule' => 1,
|
||||
'issuerDBOpenIDPath' => '^/openidserver/',
|
||||
'issuerDBOpenIDRule' => 1,
|
||||
'issuerDBSAMLPath' => '^/saml/',
|
||||
'issuerDBSAMLRule' => 1,
|
||||
'jsRedirect' => 0,
|
||||
'krbAuthnLevel' => 3,
|
||||
'ldapAuthnLevel' => 2,
|
||||
'ldapBase' => 'dc=example,dc=com',
|
||||
'ldapExportedVars' => {
|
||||
'cn' => 'cn',
|
||||
'mail' => 'mail',
|
||||
'uid' => 'uid'
|
||||
},
|
||||
'ldapGroupAttributeName' => 'member',
|
||||
'ldapGroupAttributeNameGroup' => 'dn',
|
||||
'ldapGroupAttributeNameSearch' => 'cn',
|
||||
'ldapGroupAttributeNameUser' => 'dn',
|
||||
'ldapGroupObjectClass' => 'groupOfNames',
|
||||
'ldapPasswordResetAttribute' => 'pwdReset',
|
||||
'ldapPasswordResetAttributeValue' => 'TRUE',
|
||||
'ldapPort' => 389,
|
||||
'ldapPwdEnc' => 'utf-8',
|
||||
'ldapSearchDeref' => 'find',
|
||||
'ldapServer' => 'ldap://localhost',
|
||||
'ldapTimeout' => 120,
|
||||
'ldapUsePasswordResetAttribute' => 1,
|
||||
'ldapVersion' => 3,
|
||||
'localSessionStorage' => 'Cache::FileCache',
|
||||
'localSessionStorageOptions' => {
|
||||
'cache_depth' => 3,
|
||||
'cache_root' => '/tmp',
|
||||
'default_expires_in' => 600,
|
||||
'directory_umask' => '007',
|
||||
'namespace' => 'lemonldap-ng-sessions'
|
||||
},
|
||||
'locationRules' => {
|
||||
'default' => 'deny'
|
||||
},
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'multiValuesSeparator' => '; ',
|
||||
'notificationStorage' => 'File',
|
||||
'notificationStorageOptions' => {
|
||||
'dirName' => '/var/lib/lemonldap-ng/notifications'
|
||||
},
|
||||
'notificationWildcard' => 'allusers',
|
||||
'notifyDeleted' => 1,
|
||||
'nullAuthnLevel' => 0,
|
||||
'oidcAuthnLevel' => 1,
|
||||
'oidcRPCallbackGetParam' => 'openidconnectcallback',
|
||||
'oidcRPStateTimeout' => 600,
|
||||
'oidcServiceAllowAuthorizationCodeFlow' => 1,
|
||||
'oidcServiceMetaDataAuthnContext' => {
|
||||
'loa-1' => 1,
|
||||
'loa-2' => 2,
|
||||
'loa-3' => 3,
|
||||
'loa-4' => 4,
|
||||
'loa-5' => 5
|
||||
},
|
||||
'oidcServiceMetaDataAuthorizeURI' => 'authorize',
|
||||
'oidcServiceMetaDataBackChannelURI' => 'blogout',
|
||||
'oidcServiceMetaDataCheckSessionURI' => 'checksession.html',
|
||||
'oidcServiceMetaDataEndSessionURI' => 'logout',
|
||||
'oidcServiceMetaDataFrontChannelURI' => 'flogout',
|
||||
'oidcServiceMetaDataIssuer' => 'http://auth.example.com',
|
||||
'oidcServiceMetaDataJWKSURI' => 'jwks',
|
||||
'oidcServiceMetaDataRegistrationURI' => 'register',
|
||||
'oidcServiceMetaDataTokenURI' => 'token',
|
||||
'oidcServiceMetaDataUserInfoURI' => 'userinfo',
|
||||
'openIdAuthnLevel' => 1,
|
||||
'openIdExportedVars' => {},
|
||||
'openIdIDPList' => '0;',
|
||||
'openIdSPList' => '0;',
|
||||
'openIdSreg_email' => 'mail',
|
||||
'openIdSreg_fullname' => 'cn',
|
||||
'openIdSreg_nickname' => 'uid',
|
||||
'openIdSreg_timezone' => '_timezone',
|
||||
'pamAuthnLevel' => 2,
|
||||
'pamService' => 'login',
|
||||
'passwordDB' => 'Demo',
|
||||
'portal' => 'http://auth.example.com/',
|
||||
'portalAntiFrame' => 1,
|
||||
'portalCheckLogins' => 1,
|
||||
'portalDisplayAppslist' => 1,
|
||||
'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
|
||||
'portalDisplayLoginHistory' => 1,
|
||||
'portalDisplayLogout' => 1,
|
||||
'portalDisplayRegister' => 1,
|
||||
'portalErrorOnExpiredSession' => 1,
|
||||
'portalForceAuthnInterval' => 5,
|
||||
'portalPingInterval' => 60000,
|
||||
'portalRequireOldPassword' => 1,
|
||||
'portalSkin' => 'bootstrap',
|
||||
'portalUserAttr' => '_user',
|
||||
'proxyAuthnLevel' => 2,
|
||||
'radiusAuthnLevel' => 3,
|
||||
'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}',
|
||||
'redirectFormMethod' => 'get',
|
||||
'registerDB' => 'Null',
|
||||
'registerTimeout' => 0,
|
||||
'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
|
||||
'remoteGlobalStorageOptions' => {
|
||||
'ns' =>
|
||||
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
|
||||
'proxy' => 'http://auth.example.com/sessions'
|
||||
},
|
||||
'requireToken' => 1,
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
'samlAuthnContextMapKerberos' => 4,
|
||||
'samlAuthnContextMapPassword' => 2,
|
||||
'samlAuthnContextMapPasswordProtectedTransport' => 3,
|
||||
'samlAuthnContextMapTLSClient' => 5,
|
||||
'samlEntityID' => '#PORTAL#/saml/metadata',
|
||||
'samlIdPResolveCookie' => 'lemonldapidp',
|
||||
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
|
||||
'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
|
||||
'samlIDPSSODescriptorSingleLogoutServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
|
||||
'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
|
||||
'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
|
||||
'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
|
||||
'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1,
|
||||
'samlMetadataForceUTF8' => 1,
|
||||
'samlNameIDFormatMapEmail' => 'mail',
|
||||
'samlNameIDFormatMapKerberos' => 'uid',
|
||||
'samlNameIDFormatMapWindows' => 'uid',
|
||||
'samlNameIDFormatMapX509' => 'mail',
|
||||
'samlOrganizationDisplayName' => 'Example',
|
||||
'samlOrganizationName' => 'Example',
|
||||
'samlOrganizationURL' => 'http://www.example.com',
|
||||
'samlRelayStateTimeout' => 600,
|
||||
'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
|
||||
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' =>
|
||||
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
'samlSPSSODescriptorSingleLogoutServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
|
||||
'samlSPSSODescriptorWantAssertionsSigned' => 1,
|
||||
'securedCookie' => 0,
|
||||
'slaveAuthnLevel' => 2,
|
||||
'slaveExportedVars' => {},
|
||||
'SMTPServer' => '',
|
||||
'SMTPTLS' => '',
|
||||
'SSLAuthnLevel' => 5,
|
||||
'successLoginNumber' => 5,
|
||||
'timeout' => 72000,
|
||||
'timeoutActivity' => 0,
|
||||
'timeoutActivityInterval' => 60,
|
||||
'trustedProxies' => '',
|
||||
'twitterAuthnLevel' => 1,
|
||||
'u2fActivation' => 0,
|
||||
'upgradeSession' => 1,
|
||||
'userControl' => '^[\\w\\.\\-@]+$',
|
||||
'userDB' => 'Same',
|
||||
'useRedirectOnError' => 1,
|
||||
'useSafeJail' => 1,
|
||||
'webIDAuthnLevel' => 1,
|
||||
'webIDExportedVars' => {},
|
||||
'whatToTrace' => 'uid',
|
||||
'yubikeyAuthnLevel' => 3,
|
||||
'yubikeyPublicIDSize' => 12
|
||||
};
|
||||
'activeTimer' => 1,
|
||||
'ADPwdExpireWarning' => 0,
|
||||
'ADPwdMaxAge' => 0,
|
||||
'apacheAuthnLevel' => 4,
|
||||
'applicationList' => {
|
||||
'default' => {
|
||||
'catname' => 'Default category',
|
||||
'type' => 'category'
|
||||
}
|
||||
},
|
||||
'authChoiceParam' => 'lmAuth',
|
||||
'authentication' => 'Demo',
|
||||
'captcha_mail_enabled' => 1,
|
||||
'captcha_register_enabled' => 1,
|
||||
'captcha_size' => 6,
|
||||
'casAccessControlPolicy' => 'none',
|
||||
'casAuthnLevel' => 1,
|
||||
'checkXSS' => 1,
|
||||
'confirmFormMethod' => 'post',
|
||||
'cookieName' => 'lemonldap',
|
||||
'cspConnect' => '\'self\'',
|
||||
'cspDefault' => '\'self\'',
|
||||
'cspFont' => '\'self\'',
|
||||
'cspImg' => '\'self\' data:',
|
||||
'cspScript' => '\'self\'',
|
||||
'cspStyle' => '\'self\'',
|
||||
'dbiAuthnLevel' => 2,
|
||||
'dbiExportedVars' => {},
|
||||
'demoExportedVars' => {
|
||||
'cn' => 'cn',
|
||||
'mail' => 'mail',
|
||||
'uid' => 'uid'
|
||||
},
|
||||
'domain' => 'example.com',
|
||||
'exportedVars' => {
|
||||
'UA' => 'HTTP_USER_AGENT'
|
||||
},
|
||||
'ext2fActivation' => 0,
|
||||
'facebookAuthnLevel' => 1,
|
||||
'facebookExportedVars' => {},
|
||||
'failedLoginNumber' => 5,
|
||||
'formTimeout' => 120,
|
||||
'globalStorage' => 'Apache::Session::File',
|
||||
'globalStorageOptions' => {
|
||||
'Directory' => '/var/lib/lemonldap-ng/sessions/',
|
||||
'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
|
||||
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
||||
},
|
||||
'groups' => {},
|
||||
'hiddenAttributes' => '_password',
|
||||
'httpOnly' => 1,
|
||||
'infoFormMethod' => 'get',
|
||||
'issuerDBCASPath' => '^/cas/',
|
||||
'issuerDBCASRule' => 1,
|
||||
'issuerDBGetParameters' => {},
|
||||
'issuerDBGetPath' => '^/get/',
|
||||
'issuerDBGetRule' => 1,
|
||||
'issuerDBOpenIDConnectPath' => '^/oauth2/',
|
||||
'issuerDBOpenIDConnectRule' => 1,
|
||||
'issuerDBOpenIDPath' => '^/openidserver/',
|
||||
'issuerDBOpenIDRule' => 1,
|
||||
'issuerDBSAMLPath' => '^/saml/',
|
||||
'issuerDBSAMLRule' => 1,
|
||||
'jsRedirect' => 0,
|
||||
'krbAuthnLevel' => 3,
|
||||
'ldapAuthnLevel' => 2,
|
||||
'ldapBase' => 'dc=example,dc=com',
|
||||
'ldapExportedVars' => {
|
||||
'cn' => 'cn',
|
||||
'mail' => 'mail',
|
||||
'uid' => 'uid'
|
||||
},
|
||||
'ldapGroupAttributeName' => 'member',
|
||||
'ldapGroupAttributeNameGroup' => 'dn',
|
||||
'ldapGroupAttributeNameSearch' => 'cn',
|
||||
'ldapGroupAttributeNameUser' => 'dn',
|
||||
'ldapGroupObjectClass' => 'groupOfNames',
|
||||
'ldapPasswordResetAttribute' => 'pwdReset',
|
||||
'ldapPasswordResetAttributeValue' => 'TRUE',
|
||||
'ldapPort' => 389,
|
||||
'ldapPwdEnc' => 'utf-8',
|
||||
'ldapSearchDeref' => 'find',
|
||||
'ldapServer' => 'ldap://localhost',
|
||||
'ldapTimeout' => 120,
|
||||
'ldapUsePasswordResetAttribute' => 1,
|
||||
'ldapVersion' => 3,
|
||||
'localSessionStorage' => 'Cache::FileCache',
|
||||
'localSessionStorageOptions' => {
|
||||
'cache_depth' => 3,
|
||||
'cache_root' => '/tmp',
|
||||
'default_expires_in' => 600,
|
||||
'directory_umask' => '007',
|
||||
'namespace' => 'lemonldap-ng-sessions'
|
||||
},
|
||||
'locationRules' => {
|
||||
'default' => 'deny'
|
||||
},
|
||||
'logoutServices' => {},
|
||||
'macros' => {},
|
||||
'mailCharset' => 'utf-8',
|
||||
'mailFrom' => 'noreply@example.com',
|
||||
'mailSessionKey' => 'mail',
|
||||
'mailTimeout' => 0,
|
||||
'mailUrl' => 'http://auth.example.com/resetpwd',
|
||||
'managerDn' => '',
|
||||
'managerPassword' => '',
|
||||
'multiValuesSeparator' => '; ',
|
||||
'notificationStorage' => 'File',
|
||||
'notificationStorageOptions' => {
|
||||
'dirName' => '/var/lib/lemonldap-ng/notifications'
|
||||
},
|
||||
'notificationWildcard' => 'allusers',
|
||||
'notifyDeleted' => 1,
|
||||
'nullAuthnLevel' => 0,
|
||||
'oidcAuthnLevel' => 1,
|
||||
'oidcRPCallbackGetParam' => 'openidconnectcallback',
|
||||
'oidcRPStateTimeout' => 600,
|
||||
'oidcServiceAllowAuthorizationCodeFlow' => 1,
|
||||
'oidcServiceMetaDataAuthnContext' => {
|
||||
'loa-1' => 1,
|
||||
'loa-2' => 2,
|
||||
'loa-3' => 3,
|
||||
'loa-4' => 4,
|
||||
'loa-5' => 5
|
||||
},
|
||||
'oidcServiceMetaDataAuthorizeURI' => 'authorize',
|
||||
'oidcServiceMetaDataBackChannelURI' => 'blogout',
|
||||
'oidcServiceMetaDataCheckSessionURI' => 'checksession.html',
|
||||
'oidcServiceMetaDataEndSessionURI' => 'logout',
|
||||
'oidcServiceMetaDataFrontChannelURI' => 'flogout',
|
||||
'oidcServiceMetaDataIssuer' => 'http://auth.example.com',
|
||||
'oidcServiceMetaDataJWKSURI' => 'jwks',
|
||||
'oidcServiceMetaDataRegistrationURI' => 'register',
|
||||
'oidcServiceMetaDataTokenURI' => 'token',
|
||||
'oidcServiceMetaDataUserInfoURI' => 'userinfo',
|
||||
'openIdAuthnLevel' => 1,
|
||||
'openIdExportedVars' => {},
|
||||
'openIdIDPList' => '0;',
|
||||
'openIdSPList' => '0;',
|
||||
'openIdSreg_email' => 'mail',
|
||||
'openIdSreg_fullname' => 'cn',
|
||||
'openIdSreg_nickname' => 'uid',
|
||||
'openIdSreg_timezone' => '_timezone',
|
||||
'pamAuthnLevel' => 2,
|
||||
'pamService' => 'login',
|
||||
'passwordDB' => 'Demo',
|
||||
'portal' => 'http://auth.example.com/',
|
||||
'portalAntiFrame' => 1,
|
||||
'portalCheckLogins' => 1,
|
||||
'portalDisplayAppslist' => 1,
|
||||
'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
|
||||
'portalDisplayLoginHistory' => 1,
|
||||
'portalDisplayLogout' => 1,
|
||||
'portalDisplayRegister' => 1,
|
||||
'portalErrorOnExpiredSession' => 1,
|
||||
'portalForceAuthnInterval' => 5,
|
||||
'portalPingInterval' => 60000,
|
||||
'portalRequireOldPassword' => 1,
|
||||
'portalSkin' => 'bootstrap',
|
||||
'portalUserAttr' => '_user',
|
||||
'proxyAuthnLevel' => 2,
|
||||
'radiusAuthnLevel' => 3,
|
||||
'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}',
|
||||
'redirectFormMethod' => 'get',
|
||||
'registerDB' => 'Null',
|
||||
'registerTimeout' => 0,
|
||||
'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
|
||||
'remoteGlobalStorageOptions' => {
|
||||
'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
|
||||
'proxy' => 'http://auth.example.com/sessions'
|
||||
},
|
||||
'requireToken' => 1,
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
'samlAuthnContextMapKerberos' => 4,
|
||||
'samlAuthnContextMapPassword' => 2,
|
||||
'samlAuthnContextMapPasswordProtectedTransport' => 3,
|
||||
'samlAuthnContextMapTLSClient' => 5,
|
||||
'samlEntityID' => '#PORTAL#/saml/metadata',
|
||||
'samlIdPResolveCookie' => 'lemonldapidp',
|
||||
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
|
||||
'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
|
||||
'samlIDPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
|
||||
'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
|
||||
'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
|
||||
'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
|
||||
'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1,
|
||||
'samlMetadataForceUTF8' => 1,
|
||||
'samlNameIDFormatMapEmail' => 'mail',
|
||||
'samlNameIDFormatMapKerberos' => 'uid',
|
||||
'samlNameIDFormatMapWindows' => 'uid',
|
||||
'samlNameIDFormatMapX509' => 'mail',
|
||||
'samlOrganizationDisplayName' => 'Example',
|
||||
'samlOrganizationName' => 'Example',
|
||||
'samlOrganizationURL' => 'http://www.example.com',
|
||||
'samlRelayStateTimeout' => 600,
|
||||
'samlSPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
|
||||
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
|
||||
'samlSPSSODescriptorAuthnRequestsSigned' => 1,
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
|
||||
'samlSPSSODescriptorWantAssertionsSigned' => 1,
|
||||
'securedCookie' => 0,
|
||||
'slaveAuthnLevel' => 2,
|
||||
'slaveExportedVars' => {},
|
||||
'SMTPServer' => '',
|
||||
'SMTPTLS' => '',
|
||||
'SSLAuthnLevel' => 5,
|
||||
'successLoginNumber' => 5,
|
||||
'timeout' => 72000,
|
||||
'timeoutActivity' => 0,
|
||||
'timeoutActivityInterval' => 60,
|
||||
'trustedProxies' => '',
|
||||
'twitterAuthnLevel' => 1,
|
||||
'u2fActivation' => 0,
|
||||
'upgradeSession' => 1,
|
||||
'userControl' => '^[\\w\\.\\-@]+$',
|
||||
'userDB' => 'Same',
|
||||
'useRedirectOnError' => 1,
|
||||
'useSafeJail' => 1,
|
||||
'webIDAuthnLevel' => 1,
|
||||
'webIDExportedVars' => {},
|
||||
'whatToTrace' => 'uid',
|
||||
'yubikeyAuthnLevel' => 3,
|
||||
'yubikeyPublicIDSize' => 12
|
||||
};
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ our $authParameters = {
|
|||
choiceParams => [qw(authChoiceParam authChoiceModules)],
|
||||
combinationParams => [qw(combination combModules)],
|
||||
customParams => [qw(customAuth customUserDB customPassword customRegister customAddParams)],
|
||||
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
|
||||
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
|
||||
demoParams => [qw(demoExportedVars)],
|
||||
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
|
||||
kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel)],
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -2269,6 +2269,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
userPivot => { type => 'text', },
|
||||
dbiAuthPasswordHash =>
|
||||
{ type => 'text', help => 'authdbi.html#password', },
|
||||
dbiDynamicHashEnabled =>
|
||||
{ type => 'bool', help => 'authdbi.html#password', },
|
||||
dbiDynamicHashValidSchemes =>
|
||||
{ type => 'text', help => 'authdbi.html#password', },
|
||||
dbiDynamicHashValidSaltedSchemes =>
|
||||
{ type => 'text', help => 'authdbi.html#password', },
|
||||
dbiDynamicHashNewPasswordScheme =>
|
||||
{ type => 'text', help => 'authdbi.html#password', },
|
||||
dbiExportedVars => {
|
||||
type => 'keyTextContainer',
|
||||
keyTest => qr/^!?[a-zA-Z][a-zA-Z0-9_-]*$/,
|
||||
|
|
|
|||
|
|
@ -172,7 +172,19 @@ sub tree {
|
|||
title => 'dbiPassword',
|
||||
help => 'authdbi.html#password',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => ['dbiAuthPasswordHash']
|
||||
nodes => ['dbiAuthPasswordHash',
|
||||
{
|
||||
title => 'dbiDynamicHash',
|
||||
help => 'authdbi.html#password',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'dbiDynamicHashEnabled',
|
||||
'dbiDynamicHashValidSchemes',
|
||||
'dbiDynamicHashValidSaltedSchemes',
|
||||
'dbiDynamicHashNewPasswordScheme'
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
|
|||
|
|
@ -179,6 +179,11 @@
|
|||
"dbiAuthPassword": "كلمة المرور",
|
||||
"dbiAuthPasswordCol": "اسم حقل كلمة المرور",
|
||||
"dbiAuthPasswordHash": "هاش المخطط",
|
||||
"dbiDynamicHash": "dynamic hashing",
|
||||
"dbiDynamicHashEnabled": "dynamic hash activation",
|
||||
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
|
||||
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
|
||||
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
|
||||
"dbiAuthTable": "جدول إثبات الهوية",
|
||||
"dbiAuthUser": "المستخدم",
|
||||
"dbiConnection": "الاتصال",
|
||||
|
|
|
|||
|
|
@ -179,6 +179,11 @@
|
|||
"dbiAuthPassword": "Password",
|
||||
"dbiAuthPasswordCol": "Password field name",
|
||||
"dbiAuthPasswordHash": "Hash scheme",
|
||||
"dbiDynamicHash": "dynamic hashing",
|
||||
"dbiDynamicHashEnabled": "dynamic hash activation",
|
||||
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
|
||||
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
|
||||
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
|
||||
"dbiAuthTable": "Authentication table",
|
||||
"dbiAuthUser": "User",
|
||||
"dbiConnection": "Connection",
|
||||
|
|
|
|||
|
|
@ -179,6 +179,11 @@
|
|||
"dbiAuthPassword": "Mot de passe",
|
||||
"dbiAuthPasswordCol": "Champ mot de passe",
|
||||
"dbiAuthPasswordHash": "Schéma de hachage",
|
||||
"dbiDynamicHash": "Hashage dynamique",
|
||||
"dbiDynamicHashEnabled": "Activation des hashes dynamiques",
|
||||
"dbiDynamicHashValidSchemes": "Schémas non salés supportés",
|
||||
"dbiDynamicHashValidSaltedSchemes": "Schémas salés supportés",
|
||||
"dbiDynamicHashNewPasswordScheme": "Schéma de hashage dynamique pour la création de mots de passe",
|
||||
"dbiAuthTable": "Table authentification",
|
||||
"dbiAuthUser": "Utilisateur",
|
||||
"dbiConnection": "Connexion",
|
||||
|
|
|
|||
|
|
@ -179,6 +179,11 @@
|
|||
"dbiAuthPassword": "Password",
|
||||
"dbiAuthPasswordCol": "Nome del campo password",
|
||||
"dbiAuthPasswordHash": "Schema Hash",
|
||||
"dbiDynamicHash": "dynamic hashing",
|
||||
"dbiDynamicHashEnabled": "dynamic hash activation",
|
||||
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
|
||||
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
|
||||
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
|
||||
"dbiAuthTable": "Tabella di autenticazione",
|
||||
"dbiAuthUser": "Utente",
|
||||
"dbiConnection": "Connessione",
|
||||
|
|
|
|||
|
|
@ -179,6 +179,11 @@
|
|||
"dbiAuthPassword": "Mật khẩu",
|
||||
"dbiAuthPasswordCol": "Tên trường mật khẩu",
|
||||
"dbiAuthPasswordHash": "Giản đồ Hash",
|
||||
"dbiDynamicHash": "dynamic hashing",
|
||||
"dbiDynamicHashEnabled": "dynamic hash activation",
|
||||
"dbiDynamicHashValidSchemes": "Supported non-salted schemes",
|
||||
"dbiDynamicHashValidSaltedSchemes": "Supported salted schemes",
|
||||
"dbiDynamicHashNewPasswordScheme": "Dynamic hash scheme for new passwords",
|
||||
"dbiAuthTable": "Bảng xác thực",
|
||||
"dbiAuthUser": "Người dùng",
|
||||
"dbiConnection": "Kết nối",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -6,6 +6,7 @@
|
|||
package Lemonldap::NG::Portal::Lib::DBI;
|
||||
|
||||
use DBI;
|
||||
use MIME::Base64;
|
||||
use strict;
|
||||
use Mouse;
|
||||
|
||||
|
|
@ -82,6 +83,277 @@ sub hash_password_for_select {
|
|||
}
|
||||
}
|
||||
|
||||
## @method protected Lemonldap::NG::Portal::_DBI get_password(ref dbh, string user)
|
||||
# Get password from database
|
||||
# @param dbh database handler
|
||||
# @param user user
|
||||
# @return password
|
||||
sub get_password {
|
||||
my $self = shift;
|
||||
my $dbh = shift;
|
||||
my $user = shift || $self->{user};
|
||||
my $table = $self->conf->{dbiAuthTable};
|
||||
my $loginCol = $self->conf->{dbiAuthLoginCol};
|
||||
my $passwordCol = $self->conf->{dbiAuthPasswordCol};
|
||||
|
||||
my @rows = ();
|
||||
eval {
|
||||
my $sth = $dbh->prepare(
|
||||
"SELECT $passwordCol FROM $table WHERE $loginCol=?"
|
||||
);
|
||||
$sth->execute( $user);
|
||||
@rows = $sth->fetchrow_array();
|
||||
};
|
||||
if ($@) {
|
||||
$self->lmLog( "DBI error while getting password: $@", 'error' );
|
||||
return "";
|
||||
}
|
||||
|
||||
if ( @rows == 1 ) {
|
||||
$self->logger->debug( "Successfully got password from database" );
|
||||
return $rows[0];
|
||||
}
|
||||
else {
|
||||
$self->userLogger->warn( "Unable to check password for $user" );
|
||||
return "";
|
||||
}
|
||||
}
|
||||
|
||||
## @method protected Lemonldap::NG::Portal::_DBI hash_password_from_database
|
||||
## (ref dbh, string dbmethod, string dbsalt, string password)
|
||||
# Hash the given password calling the dbmethod function in database
|
||||
# @param dbh database handler
|
||||
# @param dbmethod the database method for hashing
|
||||
# @param salt the salt used for hashing
|
||||
# @param password the password to hash
|
||||
# @return hashed password
|
||||
sub hash_password_from_database {
|
||||
# Remark: database function must get hexadecimal input
|
||||
# and send back hexadecimal output
|
||||
my $self = shift;
|
||||
my $dbh = shift;
|
||||
my $dbmethod = shift;
|
||||
my $dbsalt = shift;
|
||||
my $password = shift;
|
||||
|
||||
# convert password to hexa
|
||||
my $passwordh = unpack "H*", $password;
|
||||
|
||||
my @rows = ();
|
||||
eval {
|
||||
my $sth = $dbh->prepare("SELECT $dbmethod('$passwordh$dbsalt')");
|
||||
$sth->execute();
|
||||
@rows = $sth->fetchrow_array();
|
||||
};
|
||||
if ($@) {
|
||||
$self->lmLog( "DBI error while hashing with '$dbmethod' hash function: $@", 'error' );
|
||||
$self->userLogger->warn( "Unable to check password" );
|
||||
return "";
|
||||
}
|
||||
|
||||
if ( @rows == 1 ) {
|
||||
$self->logger->debug( "Successfully hashed password with $dbmethod hash function in database" );
|
||||
|
||||
# convert salt to binary
|
||||
my $dbsaltb = pack 'H*', $dbsalt;
|
||||
|
||||
# convert result to binary
|
||||
my $res = pack 'H*', $rows[0];
|
||||
|
||||
return encode_base64($res . $dbsaltb ,'');
|
||||
}
|
||||
else {
|
||||
$self->userLogger->warn( "Unable to check password with '$dbmethod'" );
|
||||
return "";
|
||||
}
|
||||
|
||||
# Return encode_base64(SQL_METHOD(password + salt) + salt)
|
||||
}
|
||||
|
||||
## @method protected Lemonldap::NG::Portal::_DBI get_salt(string dbhash)
|
||||
# Return salt from salted hash password
|
||||
# @param dbhash hash password
|
||||
# @return extracted salt
|
||||
sub get_salt {
|
||||
my $self = shift;
|
||||
my $dbhash = shift;
|
||||
my $dbsalt;
|
||||
|
||||
# get rid of scheme ({sha256})
|
||||
$dbhash =~ s/^\{[^}]+\}(.*)$/$1/;
|
||||
|
||||
# get binary hash
|
||||
my $decoded = &decode_base64($dbhash);
|
||||
|
||||
# get last 8 bytes
|
||||
$dbsalt = substr $decoded, -8;
|
||||
|
||||
# get hexadecimal version of salt
|
||||
$dbsalt = unpack "H*", $dbsalt;
|
||||
|
||||
return $dbsalt;
|
||||
}
|
||||
|
||||
## @method protected Lemonldap::NG::Portal::_DBI gen_salt()
|
||||
# Generate 8 bytes of hexadecimal random salt
|
||||
# @return generated salt
|
||||
sub gen_salt {
|
||||
my $self = shift;
|
||||
my $dbsalt;
|
||||
my @set = ('0' ..'9', 'A' .. 'F');
|
||||
|
||||
$dbsalt = join '' => map $set[rand @set], 1 .. 16;
|
||||
|
||||
return $dbsalt;
|
||||
}
|
||||
|
||||
## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_password(ref dbh,
|
||||
## string user, string password, string table, string loginCol, string passwordCol)
|
||||
# Return hashed password for use in SQL statement
|
||||
# @param dbh database handler
|
||||
# @param user connected user
|
||||
# @param password clear password
|
||||
# @param table authentication table name
|
||||
# @param loginCol name of the row containing the login
|
||||
# @param passwordCol name of the row containing the password
|
||||
# @return hashed password
|
||||
sub dynamic_hash_password {
|
||||
my $self = shift;
|
||||
my $dbh = shift;
|
||||
my $user = shift;
|
||||
my $password = shift;
|
||||
my $table = shift;
|
||||
my $loginCol = shift;
|
||||
my $passwordCol = shift;
|
||||
# Authorized hash schemes and salted hash schemes
|
||||
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
|
||||
my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes};
|
||||
|
||||
my $dbhash; # hash currently stored in database
|
||||
my $dbscheme; # current hash scheme stored in database
|
||||
my $dbmethod; # static hash method corresponding to a database function
|
||||
my $dbsalt; # current salt stored in database
|
||||
my $hash; # hash to compute from user password
|
||||
|
||||
# Search hash from database
|
||||
$self->logger->debug( "Hash scheme is to be found in database" );
|
||||
$dbhash = $self->get_password($dbh, $user, $table, $loginCol, $passwordCol);
|
||||
|
||||
# Get the scheme
|
||||
$dbscheme = $dbhash;
|
||||
$dbscheme =~ s/^\{([^}]+)\}.*/$1/;
|
||||
$dbscheme = "" if $dbscheme eq $dbhash;
|
||||
|
||||
# no hash scheme => assume clear text
|
||||
if($dbscheme eq "") {
|
||||
$self->logger->info( "Password has no hash scheme" );
|
||||
return "?";
|
||||
|
||||
}
|
||||
# salted hash scheme
|
||||
elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) {
|
||||
$self->logger->info( "Valid salted hash scheme: $dbscheme found for user $user" );
|
||||
|
||||
# extract non salted hash scheme
|
||||
$dbmethod = $dbscheme;
|
||||
$dbmethod =~ s/^s//i;
|
||||
|
||||
# extract the salt
|
||||
$dbsalt = $self->get_salt($dbhash);
|
||||
$self->logger->debug( "Get salt from password: $dbsalt");
|
||||
|
||||
# Hash password with given hash scheme and salt
|
||||
$hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password);
|
||||
$hash = "{$dbscheme}$hash";
|
||||
|
||||
return "'$hash'";
|
||||
|
||||
}
|
||||
# static hash scheme
|
||||
elsif(grep( /^$dbscheme$/, @validSchemes )) {
|
||||
$self->logger->info( "Valid hash scheme: $dbscheme found for user $user" );
|
||||
|
||||
# Hash given password with given hash scheme and no salt
|
||||
$hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password);
|
||||
$hash = "{$dbscheme}$hash";
|
||||
|
||||
return "'$hash'";
|
||||
}
|
||||
# no valid hash scheme
|
||||
else {
|
||||
$self->lmLog( "No valid hash scheme: $dbscheme for user $user", 'error' );
|
||||
$self->userLogger->warn( "Unable to check password for $user" );
|
||||
return "";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
## @method protected Lemonldap::NG::Portal::_DBI dynamic_hash_new_password(ref dbh,
|
||||
## string user, string password)
|
||||
# Return hashed password for use in SQL statement
|
||||
# @param dbh database handler
|
||||
# @param user connected user
|
||||
# @param password clear password
|
||||
# @param dbscheme the scheme to use for hashing
|
||||
# @return hashed password
|
||||
sub dynamic_hash_new_password {
|
||||
my $self = shift;
|
||||
my $dbh = shift;
|
||||
my $user = shift;
|
||||
my $password = shift;
|
||||
my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || "";
|
||||
# Authorized hash schemes and salted hash schemes
|
||||
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
|
||||
my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes};
|
||||
|
||||
my $dbmethod; # static hash method corresponding to a database function
|
||||
my $dbsalt; # salt to generate for new hashed password
|
||||
my $hash; # hash to compute from user password
|
||||
|
||||
# no hash scheme => assume clear text
|
||||
if($dbscheme eq "") {
|
||||
$self->logger->info( "No hash scheme selected, storing password in clear text" );
|
||||
return "?";
|
||||
|
||||
}
|
||||
# salted hash scheme
|
||||
elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) {
|
||||
$self->logger->info( "Selected salted hash scheme: $dbscheme" );
|
||||
|
||||
# extract non salted hash scheme
|
||||
$dbmethod = $dbscheme;
|
||||
$dbmethod =~ s/^s//i;
|
||||
|
||||
# generate the salt
|
||||
$dbsalt = $self->gen_salt();
|
||||
$self->logger->debug( "Generated salt: $dbsalt" );
|
||||
|
||||
# Hash given password with given hash scheme and salt
|
||||
$hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password);
|
||||
$hash = "{$dbscheme}$hash";
|
||||
|
||||
return "'$hash'";
|
||||
|
||||
}
|
||||
# static hash scheme
|
||||
elsif(grep( /^$dbscheme$/, @validSchemes )) {
|
||||
$self->logger->info( "Selected hash scheme: $dbscheme" );
|
||||
|
||||
# Hash given password with given hash scheme and no salt
|
||||
$hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password);
|
||||
$hash = "{$dbscheme}$hash";
|
||||
|
||||
return "'$hash'";
|
||||
}
|
||||
# no valid hash scheme
|
||||
else {
|
||||
$self->lmLog( "No selected hash scheme: $dbscheme is invalid", 'error' );
|
||||
$self->userLogger->warn( "Unable to store password for $user" );
|
||||
return "";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Verify user and password with SQL SELECT
|
||||
# @param user user
|
||||
# @param password password
|
||||
|
|
@ -98,18 +370,28 @@ sub check_password {
|
|||
my $table = $self->conf->{dbiAuthTable};
|
||||
my $loginCol = $self->conf->{dbiAuthLoginCol};
|
||||
my $passwordCol = $self->conf->{dbiAuthPasswordCol};
|
||||
my $dynamicHash = $self->conf->{dbiDynamicHashEnabled} || 0;
|
||||
|
||||
# Password hash
|
||||
my $passwordsql =
|
||||
$self->hash_password_for_select( "?",
|
||||
$self->conf->{dbiAuthPasswordHash} );
|
||||
my $passwordsql;
|
||||
if ( $dynamicHash == 1 ) {
|
||||
# Dynamic password hashes
|
||||
$passwordsql =
|
||||
$self->dynamic_hash_password( $self->dbh, $user, $password, $table, $loginCol, $passwordCol );
|
||||
}
|
||||
else
|
||||
{
|
||||
# Static Password hashes
|
||||
$passwordsql =
|
||||
$self->hash_password_for_select( "?", $self->conf->{dbiAuthPasswordHash} );
|
||||
}
|
||||
|
||||
my @rows = ();
|
||||
eval {
|
||||
my $sth = $self->dbh->prepare(
|
||||
"SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql"
|
||||
);
|
||||
$sth->execute( $user, $password );
|
||||
$sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/;
|
||||
$sth->execute( $user ) unless $passwordsql =~ /.*\?.*/;
|
||||
@rows = $sth->fetchrow_array();
|
||||
};
|
||||
if ($@) {
|
||||
|
|
|
|||
|
|
@ -21,14 +21,29 @@ sub confirm {
|
|||
|
||||
sub modifyPassword {
|
||||
my ( $self, $req, $pwd ) = @_;
|
||||
|
||||
my $userCol = $self->conf->{dbiAuthLoginCol};
|
||||
my $passwordCol = $self->conf->{dbiAuthPasswordCol};
|
||||
my $table = $self->conf->{dbiAuthTable};
|
||||
my $dynamicHash = $self->conf->{dbiDynamicHashEnabled} || 0;
|
||||
|
||||
my $passwordsql;
|
||||
if ( $dynamicHash == 1 ) {
|
||||
# Dynamic password hashes
|
||||
$passwordsql =
|
||||
$self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd, $table, $userCol, $passwordCol );
|
||||
}
|
||||
else
|
||||
{
|
||||
# Static Password hash
|
||||
$passwordsql = $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} );
|
||||
}
|
||||
|
||||
eval {
|
||||
$self->dbh->prepare( 'UPDATE '
|
||||
. $self->conf->{dbiAuthTable} . ' SET '
|
||||
. $self->conf->{dbiAuthPasswordCol} . '='
|
||||
. $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} )
|
||||
. ' WHERE '
|
||||
. $self->conf->{dbiAuthLoginCol}
|
||||
. '=?' )->execute( $pwd, $req->user );
|
||||
my $sth = $self->dbh->prepare(
|
||||
"UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?");
|
||||
$sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/;
|
||||
$sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/;
|
||||
};
|
||||
if ($@) {
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user