mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove phpass and migrate to new Hasher interface 

This PR removes phpass and migrates to the new Hasher interface.

Please notice that due to https://github.com/owncloud/core/issues/10671 old hashes are not updated but the hashes are backwards compatible so this shouldn't hurt.
Once the sharing classes have a possibility to update the passwords of single shares those methods should be used within the newHash if block.
This commit is contained in:
Lukas Reschke 2014-11-17 13:10:15 +01:00
parent 9df50c7be6
commit 8595b76df2
6 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
3rdparty

@ -1 +1 @@
Subproject commit 912a45c3458685a1105fba38a39a3a71c7348ed9 Subproject commit dd0e7b6dcec142c790a6325b74a7c4fd3c6d7233

24
apps/files_sharing/lib/connector/publicauth.php
View File

@ -48,12 +48,26 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
if (isset($linkItem['share_with'])) { if (isset($linkItem['share_with'])) {
if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
// Check Password // Check Password
$forcePortable = (CRYPT_BLOWFISH != 1); $newHash = '';
$hasher = new \PasswordHash(8, $forcePortable); if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
if (!$hasher->CheckPassword($password . $this->config->getSystemValue('passwordsalt', ''), $linkItem['share_with'])) { /**
return false; * FIXME: Migrate old hashes to new hash format
} else { * Due to the fact that there is no reasonable functionality to update the password
* of an existing share no migration is yet performed there.
* The only possibility is to update the existing share which will result in a new
* share ID and is a major hack.
*
* In the future the migration should be performed once there is a proper method
* to update the share's password. (for example `$share->updatePassword($password)`
*
* @link https://github.com/owncloud/core/issues/10671
*/
if(!empty($newHash)) {
}
return true; return true;
} else {
return false;
} }
} else { } else {
return false; return false;

1
apps/files_sharing/lib/controllers/sharecontroller.php
View File

@ -99,6 +99,7 @@ class ShareController extends Controller {
/** /**
* @PublicPage * @PublicPage
* @UseSession
* *
* Authenticates against password-protected shares * Authenticates against password-protected shares
* @param $token * @param $token

27
apps/files_sharing/lib/helper.php
View File

@ -3,7 +3,6 @@
namespace OCA\Files_Sharing; namespace OCA\Files_Sharing;
use OC_Config; use OC_Config;
use PasswordHash;
class Helper { class Helper {
@ -99,14 +98,28 @@ class Helper {
if ($password !== null) { if ($password !== null) {
if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
// Check Password // Check Password
$forcePortable = (CRYPT_BLOWFISH != 1); $newHash = '';
$hasher = new PasswordHash(8, $forcePortable); if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''),
$linkItem['share_with']))) {
return false;
} else {
// Save item id in session for future requests // Save item id in session for future requests
\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']); \OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
/**
* FIXME: Migrate old hashes to new hash format
* Due to the fact that there is no reasonable functionality to update the password
* of an existing share no migration is yet performed there.
* The only possibility is to update the existing share which will result in a new
* share ID and is a major hack.
*
* In the future the migration should be performed once there is a proper method
* to update the share's password. (for example `$share->updatePassword($password)`
*
* @link https://github.com/owncloud/core/issues/10671
*/
if(!empty($newHash)) {
}
} else {
return false;
} }
} else { } else {
\OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type'] \OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']

3
lib/base.php
View File

@ -464,8 +464,7 @@ class OC {
// setup 3rdparty autoloader // setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) { if (file_exists($vendorAutoLoad)) {
$loader = require_once $vendorAutoLoad; require_once $vendorAutoLoad;
$loader->add('PasswordHash', OC::$THIRDPARTYROOT . '/3rdparty/phpass');
} else { } else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printErrorPage('Composer autoloader not found, unable to continue.'); OC_Template::printErrorPage('Composer autoloader not found, unable to continue.');

4
lib/private/share/share.php
View File

@ -627,9 +627,7 @@ class Share extends \OC\Share\Constants {
// Generate hash of password - same method as user passwords // Generate hash of password - same method as user passwords
if (!empty($shareWith)) { if (!empty($shareWith)) {
$forcePortable = (CRYPT_BLOWFISH != 1); $shareWith = \OC::$server->getHasher()->hash($shareWith);
$hasher = new \PasswordHash(8, $forcePortable);
$shareWith = $hasher->HashPassword($shareWith.\OC_Config::getValue('passwordsalt', ''));
} else { } else {
// reuse the already set password, but only if we change permissions // reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection // otherwise the user disabled the password protection