Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision d0c2cfbe

Von Moritz Bunkus vor mehr als 13 Jahren hinzugefügt

  • ID d0c2cfbef2bfa708dad6df15c76daa81d4fda3ab
  • Vorgänger 58fdd50d
  • Nachfolger 38a4efa7

Das Benutzer-Passwort nicht im Klartext in Session-Tabelle ablegen

Unterschiede anzeigen:

SL/Auth.pm
11 11 
use SL::Auth::Constants qw(:all);
12 12 
use SL::Auth::DB;
13 13 
use SL::Auth::LDAP;
14 
use SL::Auth::Password;
14 15 

  		




  15
  16
  
    
use SL::SessionFile;


  		




  16
  17
  
    
use SL::User;


  		




  ......




  163
  164
  
    
  return $result;


  		




  164
  165
  
    
}


  		




  165
  166
  
    

  		




  
  167
  
    
sub store_credentials_in_session {


  		




  
  168
  
    
  my ($self, %params) = @_;


  		




  
  169
  
    

  		




  
  170
  
    
  $params{password} = SL::Auth::Password->hash_if_unhashed(login => $params{login}, password => $params{password})


  		




  
  171
  
    
    unless $self->{authenticator}->requires_cleartext_password;


  		




  
  172
  
    

  		




  
  173
  
    
  $self->set_session_value(login => $params{login}, password => $params{password});


  		




  
  174
  
    
}


  		




  
  175
  
    

  		




  166
  176
  
    
sub dbconnect {


  		




  167
  177
  
    
  $main::lxdebug->enter_sub(2);


  		




  168
  178
  
    

  		












  

    
      SL/Auth/DB.pm
    
  





  48
  48
  
    
  # passwords. Hash it for easier comparison.


  		




  49
  49
  
    
  $stored_password               = SL::Auth::Password->hash(password => $stored_password) unless $stored_password;


  		




  50
  50
  
    
  ($algorithm, $stored_password) = SL::Auth::Password->parse($stored_password);


  		




  51
  
  
    
  ($algorithm2, $password)       = SL::Auth::Password->parse(SL::Auth::Password->hash(password => $password, algorithm => $algorithm, login => $login));


  		




  
  51
  
    
  ($algorithm2, $password)       = SL::Auth::Password->parse(SL::Auth::Password->hash_if_unhashed(password => $password, algorithm => $algorithm, login => $login));


  		




  52
  52
  
    

  		




  53
  53
  
    
  $main::lxdebug->leave_sub();


  		




  54
  54
  
    

  		




  ......




  59
  59
  
    
  return 1;


  		




  60
  60
  
    
}


  		




  61
  61
  
    

  		




  
  62
  
    
sub requires_cleartext_password {


  		




  
  63
  
    
  return 0;


  		




  
  64
  
    
}


  		




  
  65
  
    

  		




  62
  66
  
    
sub change_password {


  		




  63
  67
  
    
  $main::lxdebug->enter_sub();


  		




  64
  68
  
    

  		












  

    
      SL/Auth/LDAP.pm
    
  





  180
  180
  
    
  return 0;


  		




  181
  181
  
    
}


  		




  182
  182
  
    

  		




  
  183
  
    
sub requires_cleartext_password {


  		




  
  184
  
    
  return 1;


  		




  
  185
  
    
}


  		




  
  186
  
    

  		




  183
  187
  
    
sub change_password {


  		




  184
  188
  
    
  return ERR_BACKEND;


  		




  185
  189
  
    
}


  		












  

    
      SL/Auth/Password.pm
    
  





  35
  35
  
    
  }


  		




  36
  36
  
    
}


  		




  37
  37
  
    

  		




  
  38
  
    
sub hash_if_unhashed {


  		




  
  39
  
    
  my ($class, %params) = @_;


  		




  
  40
  
    

  		




  
  41
  
    
  my ($algorithm, $password) = $class->parse($params{password}, 'NONE');


  		




  
  42
  
    

  		




  
  43
  
    
  return $algorithm eq 'NONE' ? $class->hash(%params) : $params{password};


  		




  
  44
  
    
}


  		




  
  45
  
    

  		




  38
  46
  
    
sub parse {


  		




  39
  
  
    
  my ($class, $password) = @_;


  		




  
  47
  
    
  my ($class, $password, $default_algorithm) = @_;


  		




  40
  48
  
    

  		




  41
  49
  
    
  return ($1, $2) if $password =~ m/^\{ ([^\}]+) \} (.+)/x;


  		




  42
  
  
    
  return ('CRYPT', $password);


  		




  
  50
  
    
  return ($default_algorithm || 'CRYPT', $password);


  		




  43
  51
  
    
}


  		




  44
  52
  
    

  		




  45
  53
  
    
1;


  		












  

    
      SL/Dispatcher.pm
    
  





  202
  202
  
    

  		




  203
  203
  
    
      show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($::form->{login}, $::form->{password});


  		




  204
  204
  
    

  		




  205
  
  
    
      $::auth->set_session_value('login', $::form->{login}, 'password', $::form->{password});


  		




  
  205
  
    
      $::auth->store_credentials_in_session(login => $::form->{login}, password => $::form->{password});


  		




  206
  206
  
    
      $::auth->create_or_refresh_session;


  		




  207
  207
  
    
      $::auth->delete_session_value('FLASH');


  		




  208
  208
  
    
      delete $::form->{password};


  		












  

    
      bin/mozilla/login.pl
    
  





  69
  69
  
    
      $form->{error_message} = $::locale->text('Incorrect username or password!');


  		




  70
  70
  
    
      login_screen();


  		




  71
  71
  
    
    } else {


  		




  72
  
  
    
      $auth->set_session_value('login', $form->{login}, 'password', $form->{password});


  		




  
  72
  
    
      $auth->store_credentials_in_session(login => $form->{login}, password => $form->{password});


  		




  73
  73
  
    
      $auth->create_or_refresh_session();


  		




  
  74
  
    
      delete $form->{password};


  		




  74
  75
  
    

  		




  75
  76
  
    
      $form->{titlebar} .= " - $::myconfig{name} - $::myconfig{dbname}";


  		




  76
  77
  
    
      call_sub($::locale->findsub($action));


  		












Auch abrufbar als:  Unified diff