auth: adding tests (should have attached with a previous commit)

This commit is contained in:
Matt Simerson 2012-05-21 18:17:34 -04:00
parent 4e2ae484a2
commit b7cb9eaf3d

View File

@ -40,55 +40,4 @@ sub run_tests {
}
}
sub validate_password {
my ( $self, %a ) = @_;
my ($pkg, $file, $line) = caller();
my $src_clear = $a{src_clear};
my $src_crypt = $a{src_crypt};
my $attempt_clear = $a{attempt_clear};
my $attempt_hash = $a{attempt_hash};
my $method = $a{method} or die "missing method";
my $ticket = $a{ticket};
my $deny = $a{deny} || DENY;
if ( ! $src_crypt && ! $src_clear ) {
$self->log(LOGINFO, "fail: missing password");
return ( $deny, "$file - no such user" );
};
if ( ! $src_clear && $method =~ /CRAM-MD5/i ) {
$self->log(LOGINFO, "skip: cram-md5 not supported w/o clear pass");
return ( DECLINED, $file );
}
if ( defined $attempt_clear ) {
if ( $src_clear && $src_clear eq $attempt_clear ) {
$self->log(LOGINFO, "pass: clear match");
return ( OK, $file );
};
if ( $src_crypt && $src_crypt eq crypt( $attempt_clear, $src_crypt ) ) {
$self->log(LOGINFO, "pass: crypt match");
return ( OK, $file );
}
};
if ( defined $attempt_hash && $src_clear ) {
if ( ! $ticket ) {
$self->log(LOGERROR, "skip: missing ticket");
return ( DECLINED, $file );
};
if ( $attempt_hash eq hmac_md5_hex( $ticket, $src_clear ) ) {
$self->log(LOGINFO, "pass: hash match");
return ( OK, $file );
};
};
$self->log(LOGINFO, "fail: wrong password");
return ( $deny, "$file - wrong password" );
};
1;