From c196a7c7c44d25e3832b1960781253b85eb0c8ec Mon Sep 17 00:00:00 2001 From: ss23 Date: Mon, 6 Nov 2017 18:51:42 +1300 Subject: [PATCH] Modify authentication function to support alternative algorithms The existing usage of crypt() was borderline incorrect. This simplified function will allow hashes of other types (e.g. bcrypt) and thus mitigate #2954 (use password_hash) until this can be implemented. The getSalt protected method was also removed as this is no longer required, though this can be added again in future. --- .../Icinga/Authentication/User/DbUserBackend.php | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/library/Icinga/Authentication/User/DbUserBackend.php b/library/Icinga/Authentication/User/DbUserBackend.php index 6d6e11c52..d81319b60 100644 --- a/library/Icinga/Authentication/User/DbUserBackend.php +++ b/library/Icinga/Authentication/User/DbUserBackend.php @@ -225,9 +225,7 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec { try { $passwordHash = $this->getPasswordHash($user->getUsername()); - $passwordSalt = $this->getSalt($passwordHash); - $hashToCompare = $this->hashPassword($password, $passwordSalt); - return $hashToCompare === $passwordHash; + return crypt($password, $passwordHash) === $passwordHash; } catch (Exception $e) { throw new AuthenticationException( 'Failed to authenticate user "%s" against backend "%s". An exception was thrown:', @@ -238,18 +236,6 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec } } - /** - * Extract salt from the given password hash - * - * @param string $hash The hashed password - * - * @return string - */ - protected function getSalt($hash) - { - return substr($hash, strlen(self::HASH_ALGORITHM), self::SALT_LENGTH); - } - /** * Return a random salt *