tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-23 13:45:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Code style

Browse Source
This commit is contained in:
Jean Flach 2018-02-16 10:31:00 +01:00
parent 6e3347b5bf
commit 0a0795f09d
5 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/base/tlsutility.cpp
View File

@ -810,28 +810,34 @@ std::string to_string(const errinfo_openssl_error& e)
return "[errinfo_openssl_error]" + tmp.str() + "\n"; return "[errinfo_openssl_error]" + tmp.str() + "\n";
} }
bool ComparePassword(const String hash, const String password, const String salt) bool ComparePassword(const String& hash, const String& password, const String& salt)
{ {
String otherHash = HashPassword(password, salt); String otherHash = PBKDF2_SHA256(password, salt, 1000);
VERIFY(otherHash.GetLength() == 64 && hash.GetLength() == 64);
const char *p1 = otherHash.CStr(); const char *p1 = otherHash.CStr();
const char *p2 = hash.CStr(); const char *p2 = hash.CStr();
/* By Novelocrat, https://stackoverflow.com/a/25374036 */
volatile char c = 0; volatile char c = 0;
for (size_t i=0; i<64; ++i) for (size_t i = 0; i < 64; ++i)
c |= p1[i] ^ p2[i]; c |= p1[i] ^ p2[i];
return (c == 0); return (c == 0);
} }
String HashPassword(const String& password, const String& salt, const bool shadow) /* Returns a String in the format $algorithm$salt$hash or returns an empty string in case of an error */
String CreateHashedPasswordString(const String& password, const String& salt, int algorithm)
{ {
if (shadow) // We currently only support SHA256
//Using /etc/shadow password format. The 5 means SHA256 is being used if (algorithm != 5)
return String("$5$" + salt + "$" + PBKDF2_SHA256(password, salt, 1000)); return String();
else
return PBKDF2_SHA256(password, salt, 1000); if (salt.FindFirstOf('$') != String::NPos)
return String();
return String("$5$" + salt + "$" + PBKDF2_SHA256(password, salt, 1000));
} }
} }

4
lib/base/tlsutility.hpp
View File

@ -56,8 +56,8 @@ String SHA1(const String& s, bool binary = false);
String SHA256(const String& s); String SHA256(const String& s);
String RandomString(int length); String RandomString(int length);
bool VerifyCertificate(const std::shared_ptr<X509>& caCertificate, const std::shared_ptr<X509>& certificate); bool VerifyCertificate(const std::shared_ptr<X509>& caCertificate, const std::shared_ptr<X509>& certificate);
bool ComparePassword(const String hash, const String password, const String Salt); bool ComparePassword(const String& hash, const String& password, const String& Salt);
String HashPassword(const String& password, const String& salt, const bool shadow = false); String CreateHashedPasswordString(const String& password, const String& salt, int algorithm = 5);
class openssl_error : virtual public std::exception, virtual public boost::exception { }; class openssl_error : virtual public std::exception, virtual public boost::exception { };

12
lib/cli/apiusercommand.cpp
View File

@ -44,7 +44,7 @@ void ApiUserCommand::InitParameters(boost::program_options::options_description&
{ {
visibleDesc.add_options() visibleDesc.add_options()
("user", po::value<std::string>(), "API username") ("user", po::value<std::string>(), "API username")
("passwd", po::value<std::string>(), "Password in clear text") ("password", po::value<std::string>(), "Password in clear text")
("salt", po::value<std::string>(), "Optional salt (default: 8 random chars)") ("salt", po::value<std::string>(), "Optional salt (default: 8 random chars)")
("oneline", "Print only the password hash"); ("oneline", "Print only the password hash");
} }
@ -63,8 +63,8 @@ int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const s
} else } else
user = vm["user"].as<std::string>(); user = vm["user"].as<std::string>();
if (!vm.count("passwd")) { if (!vm.count("password")) {
Log(LogCritical, "cli", "Password (--passwd) must be specified."); Log(LogCritical, "cli", "Password (--password) must be specified.");
return 1; return 1;
} }
@ -76,7 +76,11 @@ int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const s
return 1; return 1;
} }
String hashedPassword = HashPassword(passwd, salt, true); String hashedPassword = CreateHashedPasswordString(passwd, salt, 5);
if (hashedPassword == String()) {
Log(LogCritical, "cli") << "Failed to hash password \"" << passwd << "\" with salt \"" << salt << "\"";
return 1;
}
if (vm.count("oneline")) if (vm.count("oneline"))
std::cout << '"' << hashedPassword << "\"\n"; std::cout << '"' << hashedPassword << "\"\n";

8
lib/remote/apiuser.cpp
View File

@ -30,8 +30,12 @@ void ApiUser::OnConfigLoaded(void)
{ {
ObjectImpl<ApiUser>::OnConfigLoaded(); ObjectImpl<ApiUser>::OnConfigLoaded();
if (this->GetPasswordHash().IsEmpty()) if (GetPasswordHash().IsEmpty()) {
SetPasswordHash(HashPassword(GetPassword(), RandomString(8), true)); String hashedPassword = CreateHashedPasswordString(GetPassword(), RandomString(8), 5);
VERIFY(hashedPassword != String());
SetPasswordHash(hashedPassword);
SetPassword("********");
}
} }
ApiUser::Ptr ApiUser::GetByClientCN(const String& cn) ApiUser::Ptr ApiUser::GetByClientCN(const String& cn)

2
test/remote-user.cpp
View File

@ -36,7 +36,7 @@ BOOST_AUTO_TEST_CASE(password)
String passwd = RandomString(16); String passwd = RandomString(16);
String salt = RandomString(8); String salt = RandomString(8);
user->SetPassword("ThisShouldBeIgnored"); user->SetPassword("ThisShouldBeIgnored");
user->SetPasswordHash(HashPassword(passwd, salt, true)); user->SetPasswordHash(CreateHashedPasswordString(passwd, salt, true));
BOOST_CHECK(user->GetPasswordHash() != passwd); BOOST_CHECK(user->GetPasswordHash() != passwd);