From 04cab7c72227c290224ab0c0b0a52c0893516552 Mon Sep 17 00:00:00 2001 From: "Steinar H. Gunderson" Date: Sat, 4 Jul 2009 22:56:42 +0200 Subject: [PATCH] Auto-update the Digest auth hash on successful Basica auth. --- perl/Sesse/pr0n/Common.pm | 18 ++++++++++++------ sql/pr0n.sql | 4 ++-- sql/upgrade-v2.71.sql | 2 ++ 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/perl/Sesse/pr0n/Common.pm b/perl/Sesse/pr0n/Common.pm index ebcf408..828df6a 100644 --- a/perl/Sesse/pr0n/Common.pm +++ b/perl/Sesse/pr0n/Common.pm @@ -369,19 +369,25 @@ sub check_basic_auth { my ($raw_user, $pass) = split /:/, MIME::Base64::decode_base64($auth); my ($user, $takenby) = extract_takenby($raw_user); - my $oldpass = $pass; - $pass = Digest::SHA1::sha1_base64($pass); - my $ref = $dbh->selectrow_hashref('SELECT count(*) AS auth FROM users WHERE username=? AND sha1password=? AND vhost=?', - undef, $user, $pass, $r->get_server_name); - if ($ref->{'auth'} != 1) { + my $ref = $dbh->selectrow_hashref('SELECT sha1password,digest_ha1_hex FROM users WHERE username=? AND vhost=?', + undef, $user, $r->get_server_name); + if (!defined($ref) || $ref->{'sha1password'} ne Digest::SHA1::sha1_base64($pass)) { $r->content_type('text/plain; charset=utf-8'); $r->log->warn("Authentication failed for $user/$takenby"); output_401($r); return undef; } - $r->log->info("Authentication succeeded for $user/$takenby"); + # Make sure we can use Digest authentication in the future with this password. + my $ha1 = Digest::MD5::md5_hex($user . ':pr0n.sesse.net:' . $pass); + if (!defined($ref->{'digest_ha1_hex'}) || $ref->{'digest_ha1_hex'} ne $ha1) { + $dbh->do('UPDATE users SET digest_ha1_hex=? WHERE username=? AND vhost=?', + undef, $ha1, $user, $r->get_server_name) + or die "Couldn't update: " . $dbh->errstr; + $r->log->info("Updated Digest auth hash for for $user"); + } + return ($user, $takenby); } diff --git a/sql/pr0n.sql b/sql/pr0n.sql index c8901e2..fe749b9 100644 --- a/sql/pr0n.sql +++ b/sql/pr0n.sql @@ -71,7 +71,7 @@ CREATE TABLE shadow_files ( CREATE TABLE users ( username character varying NOT NULL, - sha1password character(28) NOT NULL, + sha1password character(27) NOT NULL, vhost character varying NOT NULL, digest_ha1_hex character(32) ); @@ -103,7 +103,7 @@ GRANT INSERT,SELECT,UPDATE,DELETE ON TABLE fake_files TO pr0n; GRANT SELECT,UPDATE ON TABLE images_id_seq TO pr0n; GRANT INSERT,SELECT,UPDATE,DELETE ON TABLE images TO pr0n; GRANT INSERT,SELECT,UPDATE,DELETE ON TABLE shadow_files TO pr0n; -GRANT SELECT ON TABLE users TO pr0n; +GRANT SELECT,UPDATE ON TABLE users TO pr0n; GRANT SELECT,INSERT,DELETE ON TABLE exif_info TO pr0n; GRANT SELECT,INSERT,DELETE ON TABLE tags TO pr0n; GRANT INSERT,SELECT,UPDATE,DELETE ON TABLE last_picture_cache TO pr0n; diff --git a/sql/upgrade-v2.71.sql b/sql/upgrade-v2.71.sql index 8fce91d..a4335ea 100644 --- a/sql/upgrade-v2.71.sql +++ b/sql/upgrade-v2.71.sql @@ -4,4 +4,6 @@ ALTER TABLE last_picture_cache ADD COLUMN last_update TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(); ALTER TABLE events DROP COLUMN last_update; ALTER TABLE users ADD COLUMN digest_ha1_hex character(32); +ALTER TABLE users ALTER COLUMN sha1password TYPE character(27); +GRANT UPDATE ON TABLE users TO pr0n; -- 2.39.2