diff options
Diffstat (limited to 'src/couchdb/couch_httpd_auth.erl')
-rw-r--r-- | src/couchdb/couch_httpd_auth.erl | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 08841fb67..6888f0691 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -368,11 +368,28 @@ authenticate(Pass, UserProps) -> couch_util:get_value(<<"password_sha">>, UserProps, nil)}; <<"pbkdf2">> -> Iterations = couch_util:get_value(<<"iterations">>, UserProps, 10000), + verify_iterations(Iterations), {couch_passwords:pbkdf2(Pass, UserSalt, Iterations), couch_util:get_value(<<"derived_key">>, UserProps, nil)} end, couch_passwords:verify(PasswordHash, ExpectedHash). +verify_iterations(Iterations) when is_integer(Iterations) -> + Min = list_to_integer(couch_config:get("couch_httpd_auth", "min_iterations", "1")), + Max = list_to_integer(couch_config:get("couch_httpd_auth", "max_iterations", "1000000000")), + case Iterations < Min of + true -> + throw({forbidden, <<"Iteration count is too low for this server">>}); + false -> + ok + end, + case Iterations > Max of + true -> + throw({forbidden, <<"Iteration count is too high for this server">>}); + false -> + ok + end. + auth_name(String) when is_list(String) -> [_,_,_,_,_,Name|_] = re:split(String, "[\\W_]", [{return, list}]), ?l2b(Name). |