using the pyu-ruby-sasl gem to calculate digest-md5 challenge response.

2022-11-09 12:31:49 -05:00 · 2010-10-18 16:42:42 -05:00 · 2010-10-18 16:42:42 -05:00 · 0a829adf75
commit 0a829adf75
parent 8ba777f73d
4 changed files with 9 additions and 52 deletions
--- a/.gitignore
+++ b/.gitignore
@ -28,3 +28,4 @@ oa-live
 *.gem
 .bundle
 .project
+.loadpath
--- a/oa-enterprise/lib/omniauth/strategies/ldap.rb
+++ b/oa-enterprise/lib/omniauth/strategies/ldap.rb
@ -1,6 +1,7 @@
 require 'omniauth/enterprise'
 require 'net/ldap'
-
+require 'sasl/base'
+require 'sasl'
 module OmniAuth
  module Strategies
    class LDAP
--- a/oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb
+++ b/oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb
@ -192,60 +192,14 @@ module OmniAuth
 	          end
 	        false
 			  end
-
-      def parse_sasl_digest_md5_credential(cred)
-        params = {}
-        cred.scan(/(\w+)=(\"?)(.+?)\2(?:,|$)/) do |name, sep, value|
-          params[name] = value
-        end
-        params
-      end			  
-      CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
-      def generate_client_nonce(size=32)
-        nonce = ""
-        size.times do |i|
-          nonce << CHARS[rand(CHARS.size)]
-        end
-        nonce
-      end      
+ 
      def sasl_bind_setup_digest_md5(bind_dn, options)
        initial_credential = ""
-        nonce_count = 1
        challenge_response = Proc.new do |cred|
-          params = parse_sasl_digest_md5_credential(cred)
-          qops = params["qop"].split(/,/)
-          unless qops.include?("auth")
-            raise ActiveLdap::AuthenticationError,
-                  _("unsupported qops: %s") % qops.inspect
-          end
-          qop = "auth"
-          server = @connection.instance_variable_get("@conn").addr[2]
-          realm = params['realm']
-          uri = "ldap/#{server}"
-          nc = "%08x" % nonce_count
-          nonce = params["nonce"]
-          cnonce = generate_client_nonce
-          requests = {
-            :username => bind_dn.inspect,
-            :realm => realm.inspect,
-            :nonce => nonce.inspect,
-            :cnonce => cnonce.inspect,
-            :nc => nc,
-            :qop => qop,
-            :maxbuf => "65536",
-            "digest-uri" => uri.inspect,
-          }
-          a1 = "#{bind_dn}:#{realm}:#{options[:password]||@password}"
-          a1 = "#{Digest::MD5.digest(a1)}:#{nonce}:#{cnonce}"
-          ha1 = Digest::MD5.hexdigest(a1)
-          a2 = "AUTHENTICATE:#{uri}"
-          ha2 = Digest::MD5.hexdigest(a2)
-          response = "#{ha1}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{ha2}"
-          requests["response"] = Digest::MD5.hexdigest(response)
-          nonce_count += 1
-          requests.collect do |key, value|
-            "#{key}=#{value}"
-          end.join(",")
+          pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password
+          sasl = SASL.new("DIGEST-MD5", pref)
+          response = sasl.receive("challenge", cred)
+          response[1]
        end
        [initial_credential, challenge_response]
      end
--- a/oa-enterprise/oa-enterprise.gemspec
+++ b/oa-enterprise/oa-enterprise.gemspec
@ -17,6 +17,7 @@ Gem::Specification.new do |gem|
  gem.add_dependency  'nokogiri',   '~> 1.4.2'
  gem.add_dependency  'net-ldap',   '~> 0.1.1'
  gem.add_dependency  'rubyntlm',   '~> 0.1.1'
+  gem.add_dependency  'pyu-ruby-sasl',  '~>0.0.3.1'
  
  eval File.read(File.join(File.dirname(__FILE__), '../development_dependencies.rb'))
 end