User: Convert to new hashing API

This commit is contained in:
Peter Keresztes Schmidt 2021-05-25 20:50:02 +02:00
parent 2bda413698
commit 837b32ccff
1 changed files with 27 additions and 48 deletions

View File

@ -22,17 +22,8 @@
#include "zm_crypt.h" #include "zm_crypt.h"
#include "zm_logger.h" #include "zm_logger.h"
#include "zm_utils.h" #include "zm_utils.h"
#include <cassert>
#include <cstring> #include <cstring>
#if HAVE_GNUTLS_GNUTLS_H
#include <gnutls/gnutls.h>
#endif
#if HAVE_LIBCRYPTO
#include <openssl/md5.h>
#endif // HAVE_LIBCRYPTO
User::User() { User::User() {
id = 0; id = 0;
username[0] = password[0] = 0; username[0] = password[0] = 0;
@ -189,7 +180,6 @@ User *zmLoadTokenUser(const std::string &jwt_token_str, bool use_remote_addr) {
// Function to validate an authentication string // Function to validate an authentication string
User *zmLoadAuthUser(const char *auth, bool use_remote_addr) { User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
#if HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT
const char *remote_addr = ""; const char *remote_addr = "";
if (use_remote_addr) { if (use_remote_addr) {
remote_addr = getenv("REMOTE_ADDR"); remote_addr = getenv("REMOTE_ADDR");
@ -224,10 +214,8 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
} else { } else {
Debug(1, "AUTH_HASH_TTL is %d, time is %" PRIi64, hours, static_cast<int64>(now)); Debug(1, "AUTH_HASH_TTL is %d, time is %" PRIi64, hours, static_cast<int64>(now));
} }
char auth_key[512] = "";
char auth_md5[32 + 1] = ""; char auth_md5[32 + 1] = "";
constexpr size_t md5len = 16;
uint8 md5sum[md5len];
const char *hex = "0123456789abcdef"; const char *hex = "0123456789abcdef";
while (MYSQL_ROW dbrow = mysql_fetch_row(result)) { while (MYSQL_ROW dbrow = mysql_fetch_row(result)) {
@ -239,7 +227,7 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
for (unsigned int i = 0; i < hours; i++, our_now -= 3600) { for (unsigned int i = 0; i < hours; i++, our_now -= 3600) {
localtime_r(&our_now, &now_tm); localtime_r(&our_now, &now_tm);
snprintf(auth_key, sizeof(auth_key)-1, "%s%s%s%s%d%d%d%d", std::string auth_key = stringtf("%s%s%s%s%d%d%d%d",
config.auth_hash_secret, config.auth_hash_secret,
username, username,
password, password,
@ -249,25 +237,18 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
now_tm.tm_mon, now_tm.tm_mon,
now_tm.tm_year); now_tm.tm_year);
#if HAVE_DECL_MD5 zm::crypto::MD5::Digest md5_digest = zm::crypto::MD5::GetDigestOf(auth_key);
MD5((unsigned char *)auth_key, strlen(auth_key), md5sum);
#elif HAVE_DECL_GNUTLS_FINGERPRINT unsigned char *md5sum_ptr = md5_digest.data();
gnutls_datum_t md5data = {(unsigned char *) auth_key, (unsigned int) strlen(auth_key)};
size_t md5_len_tmp = md5len;
gnutls_fingerprint(GNUTLS_DIG_MD5, &md5data, md5sum, &md5_len_tmp);
assert(md5_len_tmp == md5len);
#endif
unsigned char *md5sum_ptr = md5sum;
char *auth_md5_ptr = auth_md5; char *auth_md5_ptr = auth_md5;
for ( unsigned int j = 0; j < md5len; j++ ) { for (size_t j = 0; j < md5_digest.size(); j++) {
*auth_md5_ptr++ = hex[(*md5sum_ptr >> 4) & 0xf]; *auth_md5_ptr++ = hex[(*md5sum_ptr >> 4) & 0xf];
*auth_md5_ptr++ = hex[(*md5sum_ptr++) & 0xf]; *auth_md5_ptr++ = hex[(*md5sum_ptr++) & 0xf];
} }
*auth_md5_ptr = 0; *auth_md5_ptr = 0;
Debug(1, "Checking auth_key '%s' -> auth_md5 '%s' == '%s'", Debug(1, "Checking auth_key '%s' -> auth_md5 '%s' == '%s'", auth_key.c_str(), auth_md5, auth);
auth_key, auth_md5, auth);
if (!strcmp(auth, auth_md5)) { if (!strcmp(auth, auth_md5)) {
// We have a match // We have a match
@ -281,9 +262,7 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
} // end foreach hour } // end foreach hour
} // end foreach user } // end foreach user
mysql_free_result(result); mysql_free_result(result);
#else // HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT
Error("You need to build with gnutls or openssl to use hash based auth");
#endif // HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT
Debug(1, "No user found for auth_key %s", auth); Debug(1, "No user found for auth_key %s", auth);
return nullptr; return nullptr;
} // end User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) } // end User *zmLoadAuthUser( const char *auth, bool use_remote_addr )