[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better default authentication #870

Merged
merged 22 commits into from
Mar 7, 2019
Merged

Better default authentication #870

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
49d9649
added submodule dir to gitignore
LogicalPhallacy Jan 31, 2019
4519ce2
Upgrade crypto provider, retarget better framework
LogicalPhallacy Jan 31, 2019
8bf88f4
Merge pull request #9 from jellyfin/master
LogicalPhallacy Feb 12, 2019
05bbf71
sha256 with salt auth and sha1 interop
LogicalPhallacy Feb 12, 2019
1dc5a62
fixed gitignore fail
LogicalPhallacy Feb 13, 2019
1ffd443
fixed nul user check to be first per justaman
LogicalPhallacy Feb 13, 2019
77602af
Minor fixes re:PR870, added null checks from PR876
LogicalPhallacy Feb 13, 2019
9e58e31
Update Emby.Server.Implementations/Library/DefaultAuthenticationProvi…
cvium Feb 13, 2019
d8e6808
Update Emby.Server.Implementations/Library/DefaultAuthenticationProvi…
cvium Feb 13, 2019
9f3aa2c
Apply suggestions from code review
LogicalPhallacy Feb 18, 2019
48e7274
added justaman notes, fixed new bug from emty has removals
LogicalPhallacy Feb 18, 2019
56e3063
little fixes for JustAMan
LogicalPhallacy Feb 18, 2019
6bbb968
minor changes and return to netstandard
LogicalPhallacy Feb 20, 2019
a0d31a4
merging with master to clear merge conflict
LogicalPhallacy Feb 20, 2019
098de6b
made newlines into linux newlines
LogicalPhallacy Feb 20, 2019
edba82d
fixed logic flip in auth empty check and fixed crypto algo choice
LogicalPhallacy Feb 28, 2019
2c26517
minor style fixes
LogicalPhallacy Mar 5, 2019
bef665b
Minor fixes to address style issues
LogicalPhallacy Mar 6, 2019
c31b0b3
Apply suggestions from code review
Bond-009 Mar 7, 2019
8f4895e
more fixes for perf and style
LogicalPhallacy Mar 7, 2019
dfb1d70
made hashset static and readonly
LogicalPhallacy Mar 7, 2019
f486f59
Update Emby.Server.Implementations/Library/DefaultAuthenticationProvi…
Bond-009 Mar 7, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -263,5 +263,4 @@ deployment/**/pkg-dist/
deployment/**/pkg-dist-tmp/
deployment/collect-dist/

jellyfin_version.ini
MediaBrowser.WebDashboard/jellyfin-web
jellyfin_version.ini
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
38 changes: 24 additions & 14 deletions Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ namespace Emby.Server.Implementations.Cryptography
{
public class CryptographyProvider : ICryptoProvider
{
private List<string> SupportedHashMethods = new List<string>();
private HashSet<string> SupportedHashMethods;
public string DefaultHashMethod => "SHA256";
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
private RandomNumberGenerator rng;
private int defaultiterations = 1000;
public CryptographyProvider()
{
//Currently supported hash methods from https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptoconfig?view=netcore-2.1
//there might be a better way to autogenerate this list as dotnet updates, but I couldn't find one
SupportedHashMethods = new List<string>
SupportedHashMethods = new HashSet<string>()
{
"MD5"
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
,"System.Security.Cryptography.MD5"
Expand Down Expand Up @@ -71,9 +71,9 @@ public IEnumerable<string> GetSupportedHashMethods()
return SupportedHashMethods;
}

private byte[] PBKDF2(string method, byte[] bytes, byte[] salt)
{
using (var r = new Rfc2898DeriveBytes(bytes, salt, defaultiterations, new HashAlgorithmName(method)))
private byte[] PBKDF2(string method, byte[] bytes, byte[] salt, int iterations)
{
using (var r = new Rfc2898DeriveBytes(bytes, salt, iterations, new HashAlgorithmName(method)))
{
return r.GetBytes(32);
}
Expand Down Expand Up @@ -102,30 +102,40 @@ public byte[] ComputeHash(string HashMethod, byte[] bytes, byte[] salt)
}
else
{
return PBKDF2(HashMethod, bytes, salt);
return PBKDF2(HashMethod, bytes, salt,defaultiterations);
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
}
}
else
{
throw new CryptographicException(String.Format("Requested hash method is not supported: {0}", HashMethod));
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
}
}
}

public byte[] ComputeHashWithDefaultMethod(byte[] bytes, byte[] salt)
{
return PBKDF2(DefaultHashMethod, bytes, salt);
return PBKDF2(DefaultHashMethod, bytes, salt, defaultiterations);
}

public byte[] ComputeHash(PasswordHash hash)
{
return ComputeHash(hash.Id, hash.HashBytes, hash.SaltBytes);
}

{
int iterations = defaultiterations;
if (!hash.Parameters.ContainsKey("iterations"))
{
hash.Parameters.Add("iterations", defaultiterations.ToString());
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
}
else
{
try { iterations = int.Parse(hash.Parameters["iterations"]); }
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
catch (Exception e) { iterations = defaultiterations; throw new Exception($"Couldn't successfully parse iterations value from string:{hash.Parameters["iterations"]}", e); }
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
}
return PBKDF2(hash.Id, hash.HashBytes, hash.SaltBytes,iterations);
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
}

public byte[] GenerateSalt()
{
byte[] salt = new byte[8];
byte[] salt = new byte[64];
rng.GetBytes(salt);
return salt;
}
}
}
}
32 changes: 32 additions & 0 deletions Emby.Server.Implementations/Data/SqliteUserRepository.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ public void Initialize()
{
TryMigrateToLocalUsersTable(connection);
}
RemoveEmptyPasswordHashes();
}
}

Expand All @@ -73,6 +74,37 @@ private void TryMigrateToLocalUsersTable(ManagedConnection connection)
}
}

private void RemoveEmptyPasswordHashes()
{
foreach (var user in RetrieveAllUsers())
{
// If the user password is the sha1 hash of the empty string, remove it
if (!string.Equals(user.Password, "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709") || !string.Equals(user.Password, "$SHA1$DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"))
LogicalPhallacy marked this conversation as resolved.
Show resolved Hide resolved
{
continue;
}

user.Password = null;
var serialized = _jsonSerializer.SerializeToBytes(user);

using (WriteLock.Write())
using (var connection = CreateConnection())
{
connection.RunInTransaction(db =>
{
using (var statement = db.PrepareStatement("update LocalUsersv2 set data=@data where Id=@InternalId"))
JustAMan marked this conversation as resolved.
Show resolved Hide resolved
{
statement.TryBind("@InternalId", user.InternalId);
statement.TryBind("@data", serialized);
statement.MoveNext();
}

}, TransactionMode);
}
}

}

/// <summary>
/// Save a user in the repo
/// </summary>
Expand Down
Loading