summaryrefslogtreecommitdiff
path: root/FS
diff options
context:
space:
mode:
Diffstat (limited to 'FS')
-rw-r--r--FS/FS/ClientAPI/MyAccount.pm23
-rw-r--r--FS/FS/ClientAPI/passwd.pm20
-rw-r--r--FS/FS/svc_acct.pm31
3 files changed, 48 insertions, 26 deletions
diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 22f0d4adb..a42c306ce 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -40,24 +40,19 @@ my $cache = new Cache::SharedMemoryCache( {
'namespace' => 'FS::ClientAPI::MyAccount',
} );
-#false laziness w/FS::ClientAPI::passwd::passwd (needs to handle encrypted pw)
+#false laziness w/FS::ClientAPI::passwd::passwd
sub login {
my $p = shift;
my $svc_domain = qsearchs('svc_domain', { 'domain' => $p->{'domain'} } )
- or return { error => "Domain not found" };
-
- my $svc_acct =
- ( length($p->{'password'}) < 13
- && qsearchs( 'svc_acct', { 'username' => $p->{'username'},
- 'domsvc' => $svc_domain->svcnum,
- '_password' => $p->{'password'} } )
- )
- || qsearchs( 'svc_acct', { 'username' => $p->{'username'},
- 'domsvc' => $svc_domain->svcnum,
- '_password' => $p->{'password'} } );
-
- unless ( $svc_acct ) { return { error => 'Incorrect password.' } }
+ or return { error => 'Domain '. $p->{'domain'}. ' not found' };
+
+ my $svc_acct = qsearchs( 'svc_acct', { 'username' => $p->{'username'},
+ 'domsvc' => $svc_domain->svcnum, }
+ );
+ return { error => 'User not found.' } unless $svc_acct;
+ return { error => 'Incorrect password.' }
+ unless $svc_acct->check_password($p->{'password'});
my $session = {
'svcnum' => $svc_acct->svcnum,
diff --git a/FS/FS/ClientAPI/passwd.pm b/FS/FS/ClientAPI/passwd.pm
index 29606227d..4940def59 100644
--- a/FS/FS/ClientAPI/passwd.pm
+++ b/FS/FS/ClientAPI/passwd.pm
@@ -23,18 +23,14 @@ sub passwd {
my $new_gecos = $packet->{'new_gecos'};
my $new_shell = $packet->{'new_shell'};
-#false laziness w/FS::ClientAPI::MyAccount::login (needs to handle encrypted pw)
- my $svc_acct =
- ( length($old_password) < 13
- && qsearchs( 'svc_acct', { 'username' => $packet->{'username'},
- #'domsvc' => $svc_domain->svcnum,
- '_password' => $old_password } )
- )
- || qsearchs( 'svc_acct', { 'username' => $packet->{'username'},
- #'domsvc' => $svc_domain->svcnum,
- '_password' => $old_password } );
-
- unless ( $svc_acct ) { return { error => 'Incorrect password.' } }
+ #false laziness w/FS::ClientAPI::MyAccount::login
+
+ my $svc_acct = qsearchs( 'svc_acct', { 'username' => $packet->{'username'},
+ 'domsvc' => $svc_domain->svcnum, }
+ );
+ return { error => 'User not found.' } unless $svc_acct;
+ return { error => 'Incorrect password.' }
+ unless $svc_acct->check_password($old_password);
my %hash = $svc_acct->hash;
my $new_svc_acct = new FS::svc_acct ( \%hash );
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm
index 9ff26b8e8..2b1dc837e 100644
--- a/FS/FS/svc_acct.pm
+++ b/FS/FS/svc_acct.pm
@@ -15,6 +15,7 @@ use vars qw( @ISA $DEBUG $me $conf
@saltset @pw_set );
use Carp;
use Fcntl qw(:flock);
+use Crypt::PasswdMD5;
use FS::UID qw( datasrc );
use FS::Conf;
use FS::Record qw( qsearch qsearchs fields dbh dbdef );
@@ -1135,6 +1136,36 @@ sub clone_kludge_unsuspend {
new FS::svc_acct \%hash;
}
+=item check_password
+
+Checks the supplied password against the (possibly encrypted) password in the
+database. Returns true for a sucessful authentication, false for no match.
+
+Currently supported encryptions are: classic DES crypt() and MD5
+
+=cut
+
+sub check_password {
+ my($self, $check_password) = @_;
+ #eventually should check a "password-encoding" field
+ if ( length($self->_password) < 13 ) { #plaintext
+ $check_password eq $self->_password;
+ } elsif ( length($self->_password) == 13 ) { #traditional DES crypt
+ crypt($check_password, $self->_password) eq $self->_password;
+ } elsif ( $self->_password =~ /^\$1\$/ ) { #MD5 crypt
+ unix_md5_crypt($check_password, $self->_password) eq $self->_password;
+ } elsif ( $self->_password =~ /^\$2a?\$/ ) { #Blowfish
+ warn "Can't check password: Blowfish encryption not yet supported, svcnum".
+ $self->svcnum. "\n";
+ 0;
+ } else {
+ warn "Can't check password: Unrecognized encryption for svcnum ".
+ $self->svcnum. "\n";
+ 0;
+ }
+
+}
+
=back
=head1 SUBROUTINES
generated by cgit v1.2.1 (git 2.18.0) at 2025-06-18 09:09:26 +0000