fix: use appropriate hashing method for passwords
This commit is contained in:
Jonathan Capps
Michael Murphy
parent
33559861bd
commit
ca101c431d
1 changed files with 40 additions and 3 deletions
|
|
@ -11,12 +11,13 @@ use cosmic::{
|
||||||
widget::{self, Space, column, icon, row, settings, text},
|
widget::{self, Space, column, icon, row, settings, text},
|
||||||
};
|
};
|
||||||
use cosmic_settings_page::{self as page, Section, section};
|
use cosmic_settings_page::{self as page, Section, section};
|
||||||
use pwhash::bcrypt;
|
use pwhash::{bcrypt, md5_crypt, sha256_crypt, sha512_crypt};
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
use slab::Slab;
|
use slab::Slab;
|
||||||
use slotmap::SlotMap;
|
use slotmap::SlotMap;
|
||||||
use std::{
|
use std::{
|
||||||
collections::HashMap,
|
collections::HashMap,
|
||||||
|
fs::File,
|
||||||
future::Future,
|
future::Future,
|
||||||
io::{BufRead, BufReader},
|
io::{BufRead, BufReader},
|
||||||
path::PathBuf,
|
path::PathBuf,
|
||||||
|
|
@ -557,7 +558,7 @@ impl Page {
|
||||||
self.dialog = None;
|
self.dialog = None;
|
||||||
|
|
||||||
let uid = user.id;
|
let uid = user.id;
|
||||||
let password_hashed = bcrypt::hash(user.password).unwrap();
|
let password_hashed = hash_password(&user.password);
|
||||||
|
|
||||||
return cosmic::Task::future(async move {
|
return cosmic::Task::future(async move {
|
||||||
let Ok(conn) = zbus::Connection::system().await else {
|
let Ok(conn) = zbus::Connection::system().await else {
|
||||||
|
|
@ -655,7 +656,7 @@ impl Page {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let password_hashed = bcrypt::hash(password).unwrap();
|
let password_hashed = hash_password(&password);
|
||||||
match accounts_zbus::UserProxy::new(&conn, user_object_path).await {
|
match accounts_zbus::UserProxy::new(&conn, user_object_path).await {
|
||||||
Ok(user) => {
|
Ok(user) => {
|
||||||
_ = user.set_password(&password_hashed, "").await;
|
_ = user.set_password(&password_hashed, "").await;
|
||||||
|
|
@ -941,3 +942,39 @@ fn permission_was_denied(result: &zbus::Error) -> bool {
|
||||||
_ => false,
|
_ => false,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Should we allow deprecated methods?
|
||||||
|
fn hash_password(password_plain: &str) -> String {
|
||||||
|
match get_encrypt_method().as_str() {
|
||||||
|
"SHA512" => sha512_crypt::hash(password_plain).unwrap(),
|
||||||
|
"SHA256" => sha256_crypt::hash(password_plain).unwrap(),
|
||||||
|
"MD5" => md5_crypt::hash(password_plain).unwrap(),
|
||||||
|
_ => bcrypt::hash(password_plain).unwrap(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: In the future loading in the whole login.defs file into an object might be handy?
|
||||||
|
// For now, just grabbing what we need
|
||||||
|
fn get_encrypt_method() -> String {
|
||||||
|
let mut value = String::new();
|
||||||
|
let login_defs = if let Ok(file) = File::open("/etc/login.defs") {
|
||||||
|
file
|
||||||
|
} else {
|
||||||
|
return value;
|
||||||
|
};
|
||||||
|
let reader = BufReader::new(login_defs);
|
||||||
|
|
||||||
|
for line in reader.lines() {
|
||||||
|
if let Ok(line) = line {
|
||||||
|
if !line.trim().is_empty() {
|
||||||
|
if let Some(index) = line.find(|c: char| c.is_whitespace()) {
|
||||||
|
let key = line[0..index].trim();
|
||||||
|
if key == "ENCRYPT_METHOD" {
|
||||||
|
value = line[(index + 1)..].trim().to_string();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
value
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue