diff options
| author | travis%sedsystems.ca <> | 2005-02-01 04:26:00 +0100 |
|---|---|---|
| committer | travis%sedsystems.ca <> | 2005-02-01 04:26:00 +0100 |
| commit | 5ddb84da8800728b887f2497a205fad01c44be8a (patch) | |
| tree | fe0142c706d425c17148cb2f634461e285f247c7 /Bugzilla/Auth.pm | |
| parent | c4b39497330fb3849989b3ebda7fec317643e9db (diff) | |
| download | bugzilla-5ddb84da8800728b887f2497a205fad01c44be8a.tar.gz bugzilla-5ddb84da8800728b887f2497a205fad01c44be8a.tar.xz | |
Bug 278792 : Move Crypt() to Bugzilla::Auth
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
Diffstat (limited to 'Bugzilla/Auth.pm')
| -rw-r--r-- | Bugzilla/Auth.pm | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index 71b125e45..6071d3abd 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -23,6 +23,8 @@ package Bugzilla::Auth; use strict; +use Exporter qw(import); +@Bugzilla::Auth::EXPORT = qw(bz_crypt); use Bugzilla::Config; use Bugzilla::Constants; @@ -42,6 +44,31 @@ BEGIN { } } +sub bz_crypt ($) { + my ($password) = @_; + + # The list of characters that can appear in a salt. Salts and hashes + # are both encoded as a sequence of characters from a set containing + # 64 characters, each one of which represents 6 bits of the salt/hash. + # The encoding is similar to BASE64, the difference being that the + # BASE64 plus sign (+) is replaced with a forward slash (/). + my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/'); + + # Generate the salt. We use an 8 character (48 bit) salt for maximum + # security on systems whose crypt uses MD5. Systems with older + # versions of crypt will just use the first two characters of the salt. + my $salt = ''; + for ( my $i=0 ; $i < 8 ; ++$i ) { + $salt .= $saltchars[rand(64)]; + } + + # Crypt the password. + my $cryptedpassword = crypt($password, $salt); + + # Return the crypted password. + return $cryptedpassword; +} + # PRIVATE # A number of features, like password change requests, require the DB @@ -128,6 +155,11 @@ __END__ Bugzilla::Auth - Authentication handling for Bugzilla users +=head1 SYNOPSIS + + # Class Functions + $crypted = bz_crypt($password); + =head1 DESCRIPTION Handles authentication for Bugzilla users. @@ -147,6 +179,23 @@ authentication or login modules. =over 4 +=item C<bz_crypt($password)> + +Takes a string and returns a C<crypt>ed value for it, using a random salt. + +Please always use this function instead of the built-in perl "crypt" +when initially encrypting a password. + +=begin undocumented + +Random salts are generated because the alternative is usually +to use the first two characters of the password itself, and since +the salt appears in plaintext at the beginning of the encrypted +password string this has the effect of revealing the first two +characters of the password to anyone who views the encrypted version. + +=end undocumented + =item C<Bugzilla::Auth::get_netaddr($ipaddr)> Given an ip address, this returns the associated network address, using |