]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0b7cc5f)
Don't use slow hashing to check the LDAP binding 32284/head
authorCarl Schwan <carl@carlschwan.eu>
Mon, 2 May 2022 19:46:42 +0000 (21:46 +0200)
committerbackportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>
Thu, 5 May 2022 16:59:49 +0000 (16:59 +0000)
Using password_hash is expensive and should be used for hashing
passwords when saving them in the database. Here we just want to see if
the bind was already done with the given password, so use a fast hashing
algorythm.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
apps/user_ldap/lib/Connection.php patch | blob | history

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index 4abea708a0de3a4c3b3655a81fb15f44c570cfcb..bfddee566588d76d0f077426019d9ab6fcf9ace1 100644 (file)
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -125,7 +125,7 @@ class Connection extends LDAPUtility {
        protected $ignoreValidation = false;
 
        /**
-        * @var array{dn?: mixed, hash?: string, result?: bool}
+        * @var array{sum?: string, result?: bool}
         */
        protected $bindResult = [];
 
@@ -669,11 +669,7 @@ class Connection extends LDAPUtility {
 
                if (
                        count($this->bindResult) !== 0
-                       && $this->bindResult['dn'] === $this->configuration->ldapAgentName
-                       && \OC::$server->getHasher()->verify(
-                               $this->configPrefix . $this->configuration->ldapAgentPassword,
-                               $this->bindResult['hash']
-                       )
+                       && $this->bindResult['sum'] === md5($this->configuration->ldapAgentName . $this->configPrefix . $this->configuration->ldapAgentPassword)
                ) {
                        // don't attempt to bind again with the same data as before
                        // bind might have been invoked via getConnectionResource(),
@@ -686,8 +682,7 @@ class Connection extends LDAPUtility {
                                                                                $this->configuration->ldapAgentPassword);
 
                $this->bindResult = [
-                       'dn' => $this->configuration->ldapAgentName,
-                       'hash' => \OC::$server->getHasher()->hash($this->configPrefix . $this->configuration->ldapAgentPassword),
+                       'sum' => md5($this->configuration->ldapAgentName . $this->configPrefix . $this->configuration->ldapAgentPassword),
                        'result' => $ldapLogin,
                ];
 
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server