From 0a829adf75db5dd9af0b906798819b085d41be49 Mon Sep 17 00:00:00 2001 From: Ping Yu Date: Mon, 18 Oct 2010 16:42:42 -0500 Subject: [PATCH] using the pyu-ruby-sasl gem to calculate digest-md5 challenge response. --- .gitignore | 1 + oa-enterprise/lib/omniauth/strategies/ldap.rb | 3 +- .../lib/omniauth/strategies/ldap/adaptor.rb | 56 ++----------------- oa-enterprise/oa-enterprise.gemspec | 1 + 4 files changed, 9 insertions(+), 52 deletions(-) diff --git a/.gitignore b/.gitignore index 808ae2a..654ce3f 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ oa-live *.gem .bundle .project +.loadpath diff --git a/oa-enterprise/lib/omniauth/strategies/ldap.rb b/oa-enterprise/lib/omniauth/strategies/ldap.rb index f44e0ff..b6688a6 100644 --- a/oa-enterprise/lib/omniauth/strategies/ldap.rb +++ b/oa-enterprise/lib/omniauth/strategies/ldap.rb @@ -1,6 +1,7 @@ require 'omniauth/enterprise' require 'net/ldap' - +require 'sasl/base' +require 'sasl' module OmniAuth module Strategies class LDAP diff --git a/oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb b/oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb index be122ea..31a112a 100644 --- a/oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb +++ b/oa-enterprise/lib/omniauth/strategies/ldap/adaptor.rb @@ -192,60 +192,14 @@ module OmniAuth end false end - - def parse_sasl_digest_md5_credential(cred) - params = {} - cred.scan(/(\w+)=(\"?)(.+?)\2(?:,|$)/) do |name, sep, value| - params[name] = value - end - params - end - CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a - def generate_client_nonce(size=32) - nonce = "" - size.times do |i| - nonce << CHARS[rand(CHARS.size)] - end - nonce - end + def sasl_bind_setup_digest_md5(bind_dn, options) initial_credential = "" - nonce_count = 1 challenge_response = Proc.new do |cred| - params = parse_sasl_digest_md5_credential(cred) - qops = params["qop"].split(/,/) - unless qops.include?("auth") - raise ActiveLdap::AuthenticationError, - _("unsupported qops: %s") % qops.inspect - end - qop = "auth" - server = @connection.instance_variable_get("@conn").addr[2] - realm = params['realm'] - uri = "ldap/#{server}" - nc = "%08x" % nonce_count - nonce = params["nonce"] - cnonce = generate_client_nonce - requests = { - :username => bind_dn.inspect, - :realm => realm.inspect, - :nonce => nonce.inspect, - :cnonce => cnonce.inspect, - :nc => nc, - :qop => qop, - :maxbuf => "65536", - "digest-uri" => uri.inspect, - } - a1 = "#{bind_dn}:#{realm}:#{options[:password]||@password}" - a1 = "#{Digest::MD5.digest(a1)}:#{nonce}:#{cnonce}" - ha1 = Digest::MD5.hexdigest(a1) - a2 = "AUTHENTICATE:#{uri}" - ha2 = Digest::MD5.hexdigest(a2) - response = "#{ha1}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{ha2}" - requests["response"] = Digest::MD5.hexdigest(response) - nonce_count += 1 - requests.collect do |key, value| - "#{key}=#{value}" - end.join(",") + pref = SASL::Preferences.new :digest_uri => "ldap/#{@host}", :username => bind_dn, :has_password? => true, :password => options[:password]||@password + sasl = SASL.new("DIGEST-MD5", pref) + response = sasl.receive("challenge", cred) + response[1] end [initial_credential, challenge_response] end diff --git a/oa-enterprise/oa-enterprise.gemspec b/oa-enterprise/oa-enterprise.gemspec index 5521c6e..e81de47 100644 --- a/oa-enterprise/oa-enterprise.gemspec +++ b/oa-enterprise/oa-enterprise.gemspec @@ -17,6 +17,7 @@ Gem::Specification.new do |gem| gem.add_dependency 'nokogiri', '~> 1.4.2' gem.add_dependency 'net-ldap', '~> 0.1.1' gem.add_dependency 'rubyntlm', '~> 0.1.1' + gem.add_dependency 'pyu-ruby-sasl', '~>0.0.3.1' eval File.read(File.join(File.dirname(__FILE__), '../development_dependencies.rb')) end