[rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Adrian Stel
adisan82 at gmail.com
Wed Nov 16 04:09:44 EST 2011
Hi,
DBI.pm
this is the place with p_enc_sub:
sub GetAuth {
my ($service, $username, $password) = @_;
my $config = $RT::ExternalSettings->{$service};
$RT::Logger->debug( "Trying external auth service:",$service);
my $db_table = $config->{'table'};
my $db_u_field = $config->{'u_field'};
my $db_p_field = $config->{'p_field'};
my $db_p_enc_pkg = $config->{'p_enc_pkg'};
my $db_p_enc_sub = $config->{'p_enc_sub'};
my $db_p_salt = $config->{'p_salt'};
Place where the password is submitted to that method as a string parameter.
In my opinion could be here:
# Get the user's password from the database query result
my $pass_from_db = $results_hashref->{$username}->{$db_p_field};
# This is the encryption package & subroutine passed in by the config file
$RT::Logger->debug( "Encryption Package:",
$db_p_enc_pkg);
$RT::Logger->debug( "Encryption Subroutine:",
$db_p_enc_sub);
# Use config info to auto-load the perl package needed for
password encryption
# I know it uses a string eval - but I don't think there's a
better way to do this
# Jump to next external authentication service on failure
eval "require $db_p_enc_pkg" or
$RT::Logger->error("AUTH FAILED, Couldn't Load Password
Encryption Package. Error: $@") && return 0;
my $encrypt = $db_p_enc_pkg->can($db_p_enc_sub);
if (defined($encrypt)) {
# If the package given can perform the subroutine given, then
use it to compare the
# password given with the password pulled from the database.
# Jump to the next external authentication service if they don't match
if(defined($db_p_salt)) {
$RT::Logger->debug("Using salt:",$db_p_salt);
if(${encrypt}->($password,$db_p_salt) ne $pass_from_db){
$RT::Logger->info( $service,
"AUTH FAILED",
$username,
"Password Incorrect");
return 0;
}
} else {
if(${encrypt}->($password) ne $pass_from_db){
$RT::Logger->info( $service,
"AUTH FAILED",
$username,
"Password Incorrect");
return 0;
}
}
} else {
# If the encryption package can't perform the request subroutine,
# dump an error and jump to the next external authentication service.
$RT::Logger->error($service,
"AUTH FAILED",
"The encryption package you gave me (",
$db_p_enc_pkg,
") does not support the encryption method
you specified (",
$db_p_enc_sub,
")");
return 0;
}
But i'm not shure where exactly. And how I can convert string to hash.
I'm not familiar with perl ;/
Best
Adrian
2011/11/15 Zordrak <zordrak at tpa.me.uk>:
> Adrian Stel wrote:
>> Hi,
>>
>>
>> Can't use string ("user password") as a HASH ref while "strict refs"
>> in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm
>> line 278.
>>
>> Problem is with type of user password.
>>
>> Still need to know where I should search.
>
> Search for the text "p_enc_sub". There's only one place it should be
> defined and it will be very close to where the password is submitted to
> that method as a string parameter.
> --
> Zordrak
> zordrak at tpa.me.uk
>
>
--
Pozdrawiam
Adrian Stelmaszyk
More information about the rt-users
mailing list