ynerant/django-cas-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CRYPT-DES hash method for LDAP

Browse Source 
The LDAP-formatted passwords using
[Crypt encoding](https://en.wikipedia.org/wiki/Crypt_(C))
can be hashed in many ways, inlcuding the old and deprecated DES and
BSDi methods.

The usual formatting for Crypt method consists in
  $method$salt$pass_hash
but those two deprecated methods are not encoded this way, and
`get_salt` would fail on those, yielding Error 500.
This commit is contained in:
Théophile Bastian 2020-04-09 18:57:33 +02:00 committed by Valentin Samir
parent aa88bf7a67
commit f4b4428b94
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cas_server/utils.py
View File

@ -593,7 +593,9 @@ class LdapHashUserPassword(object):
if scheme in cls.schemes_nosalt: if scheme in cls.schemes_nosalt:
return b"" return b""
elif scheme == b'{CRYPT}': elif scheme == b'{CRYPT}':
if b'$' in hashed_passord:
return b'$'.join(hashed_passord.split(b'$', 3)[:-1])[len(scheme):] return b'$'.join(hashed_passord.split(b'$', 3)[:-1])[len(scheme):]
return hashed_passord.split(b'}', 1)[-1]
else: else:
try: try:
hashed_passord = base64.b64decode(hashed_passord[len(scheme):]) hashed_passord = base64.b64decode(hashed_passord[len(scheme):])