Projet

Général

Profil

0001-hashers-fix-drupal-password-hasher-45576.patch

Valentin Deniaud, 30 juillet 2020 14:27

Télécharger (2,59 ko)

Voir les différences: 

Subject: [PATCH] hashers: fix drupal password hasher (#45576)


 src/authentic2/hashers.py | 12 ++++++------
 tests/test_hashers.py     | 10 ++++++++++
 2 files changed, 16 insertions(+), 6 deletions(-)
src/authentic2/hashers.py
47 47 
        count = len(v)
48 48 
        i = 0
49 49 
        while i < count:
50 
            value = ord(v[i])
50 
            value = v[i]
51 51 
            i += 1
52 52 
            out += self.i64toa(value & 0x3f)
53 53 
            if i < count:
54 
                value |= ord(v[i]) << 8
54 
                value |= v[i] << 8
55 55 
            out += self.i64toa((value >> 6) & 0x3f)
56 56 
            if i == count:
57 57 
                break
58 58 
            i += 1
59 59 
            if i < count:
60 
                value |= ord(v[i]) << 16
60 
                value |= v[i] << 16
61 61 
            out += self.i64toa((value >> 12) & 0x3f)
62 62 
            if i == count:
63 63 
                break
......
74 74 

  		




  75
  75
  
    
    def to_drupal(self, encoded):

  		




  76
  76
  
    
        algo, count, salt, h = encoded.split('$', 3)

  		




  77
  
  
    
        count = self.atoi64(math.ceil(math.log(count, 2)))

  		




  
  77
  
    
        count = self.i64toa(math.ceil(math.log(int(count), 2)))

  		




  78
  78
  
    
        return '$S$%s%s%s' % (count, salt, h)

  		




  79
  79
  
    

  		




  80
  80
  
    
    def encode(self, password, salt, iterations):

  		




  81
  81
  
    
        assert password

  		




  82
  82
  
    
        assert salt and '$' not in salt

  		




  83
  
  
    
        h = force_bytes(salt)

  		




  84
  
  
    
        password = force_bytes(password)

  		




  
  83
  
    
        h = salt.encode()

  		




  
  84
  
    
        password = password.encode()

  		




  85
  85
  
    
        for i in range(iterations + 1):

  		




  86
  86
  
    
            h = self.digest(h + password).digest()

  		




  87
  87
  
    
        return "%s$%d$%s$%s" % (self.algorithm, iterations, salt, self.b64encode(h)[:43])

  		












  

    
      tests/test_hashers.py
    
  





  53
  53
  
    
    assert hasher.verify(

  		




  54
  54
  
    
            'Azerty!123',

  		




  55
  55
  
    
            'plonesha1${SSHA}vS4g4MtzJyAjvhyW7vsrgjpJ6lDCU+Y42a6p')

  		




  
  56
  
    

  		




  
  57
  
    

  		




  
  58
  
    
def test_drupal_hasher():

  		




  
  59
  
    
    hasher = hashers.Drupal7PasswordHasher()

  		




  
  60
  
    
    encoded = '$S$Dynle.OzZaDw.KtHA3F81KvwnKFkFI3YPxe/q9ksun7HjrpEDy6N'

  		




  
  61
  
    
    pwd = 'Azerty!123'

  		




  
  62
  
    
    dj_encoded = hasher.from_drupal(encoded)

  		




  
  63
  
    

  		




  
  64
  
    
    assert hasher.verify(pwd, dj_encoded)

  		




  
  65
  
    
    assert hasher.to_drupal(dj_encoded) == encoded

  		




  56
  
  
    
-