From 95b5187300a1ace0878e135ce98b1558c1a04355 Mon Sep 17 00:00:00 2001 From: Carl Schwan Date: Mon, 2 May 2022 21:46:42 +0200 Subject: Don't use slow hashing to check the LDAP binding Using password_hash is expensive and should be used for hashing passwords when saving them in the database. Here we just want to see if the bind was already done with the given password, so use a fast hashing algorythm. Signed-off-by: Carl Schwan --- apps/user_ldap/lib/Connection.php | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'apps') diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index 565fb415e58..89b58b7ebfd 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -128,7 +128,7 @@ class Connection extends LDAPUtility { protected $ignoreValidation = false; /** - * @var array{dn?: mixed, hash?: string, result?: bool} + * @var array{sum?: string, result?: bool} */ protected $bindResult = []; @@ -672,11 +672,7 @@ class Connection extends LDAPUtility { if ( count($this->bindResult) !== 0 - && $this->bindResult['dn'] === $this->configuration->ldapAgentName - && \OC::$server->getHasher()->verify( - $this->configPrefix . $this->configuration->ldapAgentPassword, - $this->bindResult['hash'] - ) + && $this->bindResult['sum'] === md5($this->configuration->ldapAgentName . $this->configPrefix . $this->configuration->ldapAgentPassword) ) { // don't attempt to bind again with the same data as before // bind might have been invoked via getConnectionResource(), @@ -689,8 +685,7 @@ class Connection extends LDAPUtility { $this->configuration->ldapAgentPassword); $this->bindResult = [ - 'dn' => $this->configuration->ldapAgentName, - 'hash' => \OC::$server->getHasher()->hash($this->configPrefix . $this->configuration->ldapAgentPassword), + 'sum' => md5($this->configuration->ldapAgentName . $this->configPrefix . $this->configuration->ldapAgentPassword), 'result' => $ldapLogin, ]; -- cgit v1.2.3