package Bugzilla::Auth;
use strict;
-use base qw(Exporter);
-@Bugzilla::Auth::EXPORT = qw(bz_crypt);
use Bugzilla::Config;
use Bugzilla::Constants;
}
}
-sub bz_crypt ($) {
- my ($password) = @_;
-
- # The list of characters that can appear in a salt. Salts and hashes
- # are both encoded as a sequence of characters from a set containing
- # 64 characters, each one of which represents 6 bits of the salt/hash.
- # The encoding is similar to BASE64, the difference being that the
- # BASE64 plus sign (+) is replaced with a forward slash (/).
- my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/');
-
- # Generate the salt. We use an 8 character (48 bit) salt for maximum
- # security on systems whose crypt uses MD5. Systems with older
- # versions of crypt will just use the first two characters of the salt.
- my $salt = '';
- for ( my $i=0 ; $i < 8 ; ++$i ) {
- $salt .= $saltchars[rand(64)];
- }
-
- # Crypt the password.
- my $cryptedpassword = crypt($password, $salt);
-
- # Return the crypted password.
- return $cryptedpassword;
-}
-
# PRIVATE
# A number of features, like password change requests, require the DB
Bugzilla::Auth - Authentication handling for Bugzilla users
-=head1 SYNOPSIS
-
- # Class Functions
- $crypted = bz_crypt($password);
-
=head1 DESCRIPTION
Handles authentication for Bugzilla users.
=over 4
-=item C<bz_crypt($password)>
-
-Takes a string and returns a C<crypt>ed value for it, using a random salt.
-
-Please always use this function instead of the built-in perl "crypt"
-when initially encrypting a password.
-
-=begin undocumented
-
-Random salts are generated because the alternative is usually
-to use the first two characters of the password itself, and since
-the salt appears in plaintext at the beginning of the encrypted
-password string this has the effect of revealing the first two
-characters of the password to anyone who views the encrypted version.
-
-=end undocumented
-
=item C<Bugzilla::Auth::get_netaddr($ipaddr)>
Given an ip address, this returns the associated network address, using
use Bugzilla::Config;
use Bugzilla::Constants;
use Bugzilla::Util;
-# Because of the screwy way that Auth works, it thinks
-# that we're redefining subroutines if we "use" anything
-# that "uses" Bugzilla::Auth.
-require Bugzilla::User;
+use Bugzilla::User;
my $edit_options = {
'new' => 1,
use Bugzilla::Util;
use Bugzilla::Constants;
use Bugzilla::User::Setting;
-use Bugzilla::Auth;
use base qw(Exporter);
@Bugzilla::User::EXPORT = qw(insert_new_user is_available_username
diff_arrays diff_strings
trim wrap_comment find_wrap_point
format_time format_time_decimal
- file_mod_time);
+ file_mod_time
+ bz_crypt);
use Bugzilla::Config;
use Bugzilla::Error;
return $mtime;
}
+sub bz_crypt ($) {
+ my ($password) = @_;
+
+ # The list of characters that can appear in a salt. Salts and hashes
+ # are both encoded as a sequence of characters from a set containing
+ # 64 characters, each one of which represents 6 bits of the salt/hash.
+ # The encoding is similar to BASE64, the difference being that the
+ # BASE64 plus sign (+) is replaced with a forward slash (/).
+ my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/');
+
+ # Generate the salt. We use an 8 character (48 bit) salt for maximum
+ # security on systems whose crypt uses MD5. Systems with older
+ # versions of crypt will just use the first two characters of the salt.
+ my $salt = '';
+ for ( my $i=0 ; $i < 8 ; ++$i ) {
+ $salt .= $saltchars[rand(64)];
+ }
+
+ # Crypt the password.
+ my $cryptedpassword = crypt($password, $salt);
+
+ # Return the crypted password.
+ return $cryptedpassword;
+}
+
sub ValidateDate {
my ($date, $format) = @_;
my $date2;
# Functions for dealing with files
$time = file_mod_time($filename);
+ # Cryptographic Functions
+ $crypted_password = bz_crypt($password);
+
=head1 DESCRIPTION
This package contains various utility functions which do not belong anywhere
=back
+=head2 Cryptography
+
+=over 4
+
+=item C<bz_crypt($password)>
+
+Takes a string and returns a C<crypt>ed value for it, using a random salt.
+
+Please always use this function instead of the built-in perl "crypt"
+when initially encrypting a password.
+
+=begin undocumented
+
+Random salts are generated because the alternative is usually
+to use the first two characters of the password itself, and since
+the salt appears in plaintext at the beginning of the encrypted
+password string this has the effect of revealing the first two
+characters of the password to anyone who views the encrypted version.
+
+=end undocumented
+
+=back
# This is done here, because some modules require params to be set up, which
# won't have happened earlier.
-# The only use for loading globals.pl is for Crypt(), which should at some
-# point probably be factored out into Bugzilla::Auth::*
+# It's never safe to directly "use" a module in checksetup. If a module
+# prerequisite is missing, and you "use" a module that requires it,
+# then instead of our nice normal checksetup message the user would
+# get a cryptic perl error about the missing module.
-# XXX - bug 278792: Crypt has been moved to Bugzilla::Auth::bz_crypt.
-# This section is probably no longer needed, but we need to make sure
-# that things still work if we remove globals.pl. So that's for later.
-
-# It's safe to use Bugzilla::Auth here because parameters have now been
-# defined.
-require Bugzilla::Auth;
-import Bugzilla::Auth 'bz_crypt';
+# So, we always wrap our "use" statements in checksetup in a string eval.
# This is done so we can add new settings as developers need them.
require Bugzilla::User::Setting;
import Bugzilla::User::Setting qw(add_setting);
+eval("use Bugzilla:Util");
+
# globals.pl clears the PATH, but File::Find uses Cwd::cwd() instead of
# Cwd::getcwd(), which we need to do because `pwd` isn't in the path - see
# http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2001-09/msg00115.html
use Bugzilla::User;
use Bugzilla::Config;
use Bugzilla::Constants;
-use Bugzilla::Auth;
use Bugzilla::Util;
Bugzilla->login(LOGIN_REQUIRED);
# Bring ChmodDataFile in until this is all moved to the module
use Bugzilla::Config qw(:DEFAULT ChmodDataFile $localconfig $datadir);
use Bugzilla::BugMail;
-use Bugzilla::Auth;
use Bugzilla::User;
# Shut up misguided -w warnings about "used only once". For some reason,
use Bugzilla;
use Bugzilla::Constants;
-use Bugzilla::Auth;
+use Bugzilla::Util;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::Search;
-use Bugzilla::Auth;
+use Bugzilla::Util;
use Bugzilla::User;
require "CGI.pl";
projects / thirdparty / bugzilla.git / commitdiff
