Move new password functions into tlsutility

2017-12-22 12:14:31 +01:00 · 2017-12-22 12:14:31 +01:00 · 6387f5442e
parent 6504606e23
commit 6387f5442e
7 changed files with 38 additions and 37 deletions
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@ -761,4 +761,28 @@ bool VerifyCertificate(const boost::shared_ptr<X509>& caCertificate, const boost
 	return rc == 1;
 }
 bool ComparePassword(const String hash, const String password, const String salt)
 {
 	String otherHash = HashPassword(password, salt);
 	const char *p1 = otherHash.CStr();
 	const char *p2 = hash.CStr();
 	volatile char c = 0;
 	for (size_t i=0; i<64; ++i)
 		c |= p1[i] ^ p2[i];
 	return (c == 0);
 }
 String HashPassword(const String& password, const String& salt, const bool shadow)
 {
 	if (shadow)
 		//Using /etc/shadow password format. The 5 means SHA256 is being used
 		return String("$5$" + salt + "$" + PBKDF2_SHA256(password, salt, 1000));
 	else
 		return PBKDF2_SHA256(password, salt, 1000);
 }
 }
--- a/lib/base/tlsutility.hpp
+++ b/lib/base/tlsutility.hpp
@ -57,6 +57,8 @@ String I2_BASE_API SHA1(const String& s, bool binary = false);
 String I2_BASE_API SHA256(const String& s);
 String I2_BASE_API RandomString(int length);
 bool I2_BASE_API VerifyCertificate(const boost::shared_ptr<X509>& caCertificate, const boost::shared_ptr<X509>& certificate);
 bool I2_BASE_API ComparePassword(const String hash, const String password, const String Salt);
 String I2_BASE_API HashPassword(const String& password, const String& salt, const bool shadow = false);
 class I2_BASE_API openssl_error : virtual public std::exception, virtual public boost::exception { };
--- a/lib/cli/apiusercommand.cpp
+++ b/lib/cli/apiusercommand.cpp
@ -68,7 +68,7 @@ int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const s
 	String passwd = vm["passwd"].as<std::string>();
 	String salt = vm.count("salt") ? String(vm["salt"].as<std::string>()) : RandomString(8);
-	String hashedPassword = ApiUser::CreateHashedPasswordString(passwd, salt, true);
+	String hashedPassword = HashPassword(passwd, salt, true);
 	std::cout
 		<< "object ApiUser \"" << user << "\" {\n"
--- a/lib/remote/apiuser.cpp
+++ b/lib/remote/apiuser.cpp
@ -32,7 +32,7 @@ void ApiUser::OnConfigLoaded(void)
 	ObjectImpl<ApiUser>::OnConfigLoaded();
 	if (this->GetPasswordHash().IsEmpty())
-		SetPasswordHash(CreateHashedPasswordString(GetPassword(), RandomString(8), true));
+		SetPasswordHash(HashPassword(GetPassword(), RandomString(8), true));
 }
 ApiUser::Ptr ApiUser::GetByClientCN(const String& cn)
@ -65,31 +65,17 @@ ApiUser::Ptr ApiUser::GetByAuthHeader(const String& auth_header)
 	const ApiUser::Ptr& user = ApiUser::GetByName(username);
 	/* Deny authentication if 1) given password is empty 2) configured password does not match. */
-	if (password.IsEmpty())
+	if (!user || password.IsEmpty())
 		return nullptr;
 	else if (user && user->GetPassword() != password)
 		return nullptr;
 	else {
 		Dictionary::Ptr passwordDict = user->GetPasswordDict();
 		if (!ComparePassword(passwordDict->Get("password"), password, passwordDict->Get("salt")))
 			return nullptr;
 	}
 	return user;
 }
 bool ApiUser::ComparePassword(String password) const
 {
 	Dictionary::Ptr passwordDict = this->GetPasswordDict();
 	String thisPassword = passwordDict->Get("password");
 	String otherPassword = CreateHashedPasswordString(password, passwordDict->Get("salt"), false);
 	const char *p1 = otherPassword.CStr();
 	const char *p2 = thisPassword.CStr();
 	volatile char c = 0;
 	for (size_t i=0; i<64; ++i)
 		c |= p1[i] ^ p2[i];
 	return (c == 0);
 }
 Dictionary::Ptr ApiUser::GetPasswordDict(void) const
 {
 	String password = this->GetPasswordHash();
@ -109,13 +95,3 @@ Dictionary::Ptr ApiUser::GetPasswordDict(void) const
 	return passwordDict;
 }
 String ApiUser::CreateHashedPasswordString(const String& password, const String& salt, const bool shadow)
 {
 	if (shadow)
 		//Using /etc/shadow password format. The 5 means SHA256 is being used
 		return String("$5$" + salt + "$" + PBKDF2_SHA256(password, salt, 1000));
 	else
 		return PBKDF2_SHA256(password, salt, 1000);
 }
--- a/lib/remote/apiuser.hpp
+++ b/lib/remote/apiuser.hpp
@ -39,10 +39,8 @@ public:
 	static ApiUser::Ptr GetByClientCN(const String& cn);
 	static ApiUser::Ptr GetByAuthHeader(const String& auth_header);
 	static String CreateHashedPasswordString(const String& password, const String& salt, const bool shadow = false);
 	Dictionary::Ptr GetPasswordDict(void) const;
 	bool ComparePassword(String password) const;
 };
 }
--- a/lib/remote/httpserverconnection.cpp
+++ b/lib/remote/httpserverconnection.cpp
@ -30,6 +30,7 @@
 #include "base/logger.hpp"
 #include "base/objectlock.hpp"
 #include "base/timer.hpp"
 #include "base/tlsutility.hpp"
 #include "base/utility.hpp"
 #include <boost/thread/once.hpp>
--- a/test/remote-user.cpp
+++ b/test/remote-user.cpp
@ -36,7 +36,7 @@ BOOST_AUTO_TEST_CASE(password)
 	String passwd = RandomString(16);
 	String salt = RandomString(8);
 	user->SetPassword("ThisShouldBeIgnored");
-	user->SetPasswordHash(ApiUser::CreateHashedPasswordString(passwd, salt, true));
+	user->SetPasswordHash(HashPassword(passwd, salt, true));
 	BOOST_CHECK(user->GetPasswordHash() != passwd);
@ -44,8 +44,8 @@ BOOST_AUTO_TEST_CASE(password)
 	BOOST_CHECK(passwdd);
 	BOOST_CHECK(passwdd->Get("salt") == salt);
-	BOOST_CHECK(user->ComparePassword(passwd));
+	BOOST_CHECK(ComparePassword(passwdd->Get("password"), passwd, salt));
-	BOOST_CHECK(!user->ComparePassword("wrong password uwu!"));
+	BOOST_CHECK(!ComparePassword(passwdd->Get("password"), "wrong password uwu!", salt));
 #endif
 }