From: Jeff Godin Date: Wed, 13 May 2015 22:41:02 +0000 (-0700) Subject: WIP: client/ils password separation X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=a2da7046fbd332f91899f70dcc9600303a155668;p=working%2FSIPServer.git WIP: client/ils password separation Initial support for having a SIP client password distinct from the ILS password. Signed-off-by: Jeff Godin --- diff --git a/SIPconfig.xml b/SIPconfig.xml index 25039e7..cd86bc5 100644 --- a/SIPconfig.xml +++ b/SIPconfig.xml @@ -67,6 +67,10 @@ + diff --git a/Sip/MsgType.pm b/Sip/MsgType.pm index 779d41d..c3938b8 100644 --- a/Sip/MsgType.pm +++ b/Sip/MsgType.pm @@ -852,7 +852,7 @@ sub handle_login { if (!exists($server->{config}->{accounts}->{$uid})) { syslog("LOG_WARNING", "MsgType::handle_login: Unknown login '$uid'"); $status = 0; - } elsif ($server->{config}->{accounts}->{$uid}->{password} ne $pwd) { + } elsif (_verify_client_password($server->{config}->{accounts}->{$uid}, $pwd) != 1) { syslog("LOG_WARNING", "MsgType::handle_login: Invalid password for login '$uid'"); $status = 0; } else { @@ -866,6 +866,23 @@ sub handle_login { return $status ? LOGIN : ''; } +sub _verify_client_password { + # Accept a config hash representing a single login, and a supplied client password + # Return 1 on match, otherwise 0 + # XXX: implement support for salted + hashed "clientpassword" value + my ($login_config, $pwd_from_client) = @_; + + # if config has a clientpassword, verify against that + if (exists($login_config->{clientpassword})) { + syslog("LOG_INFO", "_verify_client_password: checking supplied password against clientpassword from config"); + return 1 if ($pwd_from_client eq $login_config->{clientpassword}); + } else { # otherwise, verify against "password" attribute + syslog("LOG_INFO", "_verify_client_password: checking supplied password against password from config"); + return 1 if ($pwd_from_client eq $login_config->{password}); + } + return 0; # password did not match +} + sub _load_ils_handler { my ($server, $uid) = @_;