lib/active_ldap/user_password.rb in activeldap-4.0.4 vs lib/active_ldap/user_password.rb in activeldap-4.0.5

@@ -3,10 +3,12 @@
 require 'digest/md5'
 require 'digest/sha1'
 
 module ActiveLdap
   module UserPassword
+    include GetText
+
     module_function
     def valid?(password, hashed_password)
       unless /^\{([A-Za-z][A-Za-z\d]+)\}/ =~ hashed_password
         # Plain text password
         return hashed_password == password
@@ -35,13 +37,21 @@
       salt ||= "$1$#{Salt.generate(8)}"
       "{CRYPT}#{password.crypt(salt)}"
     end
 
     def extract_salt_for_crypt(crypted_password)
-      if /^\$1\$/ =~ crypted_password
-        $MATCH + $POSTMATCH[0, 8].sub(/\$.*/, '') + "$"
+      if /\A\$(?:1|5|6|2a)\$[a-zA-Z0-9.\/]{,16}\$/ =~ crypted_password
+        $MATCH
       else
-        crypted_password[0, 2]
+        salt = crypted_password[0, 2]
+        if salt.size != 2
+          raise ArgumentError, _("salt size must be 2: <%s>") % salt
+        end
+        unless /\A[a-zA-Z0-9.\/]{2}\z/ =~ salt
+          message = _("salt character must be [a-zA-Z0-9./]: <%s>") % salt
+          raise ArgumentError, message
+        end
+        salt
       end
     end
 
     def md5(password)
       "{MD5}#{[Digest::MD5.digest(password)].pack('m').chomp}"