[Catalyst-commits] r9821 - Catalyst-Authentication-Credential-HTTP/1.000/branches/ntlm_support/lib/Catalyst/Authentication/Credential

[abraxxa at dev.catalyst.perl.org]

Author: abraxxa
Date: 2009-04-24 13:52:46 +0100 (Fri, 24 Apr 2009)
New Revision: 9821

Modified:
   Catalyst-Authentication-Credential-HTTP/1.000/branches/ntlm_support/lib/Catalyst/Authentication/Credential/HTTP.pm
Log:
added password checking for NTLM authentication
added a check for clear password support in the store in case of NTLM authentication


Modified: Catalyst-Authentication-Credential-HTTP/1.000/branches/ntlm_support/lib/Catalyst/Authentication/Credential/HTTP.pm
===================================================================
--- Catalyst-Authentication-Credential-HTTP/1.000/branches/ntlm_support/lib/Catalyst/Authentication/Credential/HTTP.pm	2009-04-24 09:54:04 UTC (rev 9820)
+++ Catalyst-Authentication-Credential-HTTP/1.000/branches/ntlm_support/lib/Catalyst/Authentication/Credential/HTTP.pm	2009-04-24 12:52:46 UTC (rev 9821)
@@ -36,7 +36,7 @@
     ntlm_domain
 /) if NTLM_SUPPORT;
 
-our $VERSION = '1.00999_02';
+our $VERSION = '1.00999_03';
 
 sub new {
     my ($class, $config, $app, $realm) = @_;
@@ -62,6 +62,12 @@
     if (!grep /$type/, @available_types) {
         Catalyst::Exception->throw(__PACKAGE__ . " used with unsupported authentication type: " . $type);
     }
+
+    # check if the configured store supports cleartext passwords
+    if ($type eq 'ntlm' && not $self->realm->store->user_supports(qw/password clear/)) {
+        Catalyst::Exception->throw(__PACKAGE__ . " used with unsupported store (needs to support cleartext passwords)");
+    }
+
     $self->type($type);
 }
 
@@ -257,14 +263,16 @@
                 $c->log->debug("NTLM type 3 msg received: flags: $t3_flags\ndomain: $t3_user_domain\nuser: $t3_username\nmachine: $t3_machine\n") if $c->debug;
                 
                 # check if the configured domain matches the clients one
-            if ($t3_user_domain ne $ntlm_domain) {
+                if ($t3_user_domain ne $ntlm_domain) {
                     $c->log->debug("NTLM client domain $t3_user_domain doesn't match ours $ntlm_domain") if $c->debug;
                     return;
                 }
 
                 my $user_obj = $realm->find_user( { $self->username_field => $t3_username }, $c);
+                my $lm_hash = lm_hash($user_obj->password_field);
+                my $nt_hash = nt_hash($user_obj->password_field);
                 
-                if ($user_obj) {
+                if ($user_obj && $lm_hash eq $t3_lm_resp && $nt_hash eq $t3_nt_resp) {
                     return $user_obj;
                 }
                 else {