aboutsummaryrefslogtreecommitdiffstats
path: root/lib/Fripost/Password.pm
blob: c2905b2f2f4a50550bfb87c02b6bc08360752a82 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package Fripost::Password;

use 5.010_000;
use strict;
use warnings;

=head1 NAME

Password.pm - Hash and generate passwords

=cut

our $VERSION = '0.02';

use Exporter 'import';
use String::MkPasswd;
use Digest::SHA;
use MIME::Base64;

our @EXPORT_OK = qw/hash pwgen/;


=head1 FUNCTIONS

=over 4

=item B<hash> ([I<salt>])

SHA-1 hash the given password. I<salt>, if defined and not empty, is
used to salt the password. If I<salt> is not defined, a random 4 bytes
salt is used. If I<salt> is the empty string, the hash is not salted.

The used scheme precedes the hash, so the output is ready to be inserted
in a LDAP entry for instance.

=cut

sub hash {
    my ($pw, $salt) = @_;

    $salt //= &_make_salt();
    my $str = 'SHA';
    $str = 'SSHA' if &_is_salted( $salt );

    { no strict "refs";
      $str = '{' .$str. '}' .
        &_pad_base64( MIME::Base64::encode(
                        Digest::SHA::sha1( $pw.$salt ) . $salt,
                        '' ) );
    };
    return $str;
}


sub _is_salted { return ( not ( defined $_[0] ) or $_[0] ne '' ) };


# Generate a (random) 4 bytes salt. We only generates 4 bytes here to
# match the other way to hash & salt passwords (`slappasswd' and the
# RoundCube passwords).
sub _make_salt {
    my $len   = 4;
    my @bytes = ();
    for my $i ( 1 .. $len ) {
        push( @bytes, rand(255) );
    }
    return pack( 'C*', @bytes );
}


# Add trailing `='s to the input string to ensure its length is a
# multiple of 4.
sub _pad_base64 {
    my $b64_digest = shift;
    while ( length($b64_digest) % 4 ) {
        $b64_digest .= '=';
    }
    return $b64_digest;
}


=item B<pwgen>

Generate a random password that complies to B<Fripost>'s password
policy.

=cut

sub pwgen {
    return String::MkPasswd::mkpasswd(
        -length => 12,
        -minnum => 2,
        -minspecial => 1
    );
}

=back

=cut


=head1 AUTHORS

Stefan Kangas C<< <skangas at skangas.se> >>

Guilhem Moulin C<< <guilhem at fripost.org> >>

=head1 BUGS

Please report any bugs to C<< <skangas at skangas.se> >>

=head1 COPYRIGHT

Copyright (c) 2010 Dominik Schulz (dominik.schulz@gauner.org). All rights reserved.

Copyright 2010,2011 Stefan Kangas, all rights reserved.

Copyright 2012 Guilhem Moulin, all rights reserved.

=head1 LICENSE

This program is free software; you can redistribute it and/or modify it under
the same terms as Perl itself.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

=cut

1;

__END__