Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SHA2, :smd5, :sha1 & :ssha1 password generation support #201

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add SHA2, :smd5, :sha1 & :ssha1 password generation support #201

wants to merge 1 commit into from

Conversation

ojab
Copy link
Contributor

@ojab ojab commented May 19, 2015

Haven't tested this PR on rubies < 2.2 yet, please consider it RFC.

With this patch net/ldap will support md5, sha, sha1, sha256, sha384, sha512 password schemes (and salted variants).

Given that comment says "I vote no because then should you also provide ssha1 for symmetry?" -- should I remove :sha1/:ssha1 support?

Is the code overall looks ok for you or something should be changed?

@mattcg
Copy link

mattcg commented Jan 24, 2017

@jch @mtodd is there anything holding this back? It'd be useful to have it merged!

@mattcg
Copy link

mattcg commented Jan 24, 2017

Note that in this pull request, if the password contains accented characters, the following error will be thrown:

Encoding::CompatibilityError (incompatible character encodings: UTF-8 and ASCII-8BIT)

There's the option of forcing the encoding of the password to ASCII, but I think the more elegant solution is to use digest.update:

    algo = Digest.module_eval(digest.upcase).new
    algo.update(str)
    algo.update(salt)
   "{#{type.upcase}}#{Base64.encode64(algo.digest + salt).chomp}"

@jch
Copy link
Member

jch commented Jan 25, 2017

@ojab @mattcg I think the idea is good, but I would prefer the changes to be more explicit and to have less metaprogramming. Comments inline.

jch
jch suggested changes Jan 25, 2017
View reviewed changes
lib/net/ldap/password.rb
attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
when :ssha
salt = SecureRandom.random_bytes(16)
attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we keep the same pattern here without introducing a KNOWN constant? Yes, there is more duplication, but it's simpler to reason about in my opinion and more obvious to grep for than hiding the information via lookups and module_evals.

@bamthomas bamthomas mentioned this pull request Apr 16, 2018
Merged
@HarlemSquirrel
Copy link
Member

@ojab would you like to update this branch and get these other hash algorithms in here now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jch jch jch requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ojab @mattcg @jch @HarlemSquirrel