mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-28 20:27:03 +00:00
9d27045c76
On Fedora 28, creating an instance of `std::random_device` opens a file descriptor for `/dev/urandom` (observed via `strace`). By declaring static thread-local instances of `std::random_device`, these descriptors will be open (barring optimization by the compiler) for the entire duration of the Scylla process's life. However, the `std::random_device` instance is only necessary for initializing the `RandomNumberEngine` for generating salts. With this change, the file-descriptor is closed immediately after the engine is initialized. I considered generalizing this pattern of initialization into a function, but with only two uses (and simple ones) I think this would only obscure things. Signed-off-by: Jesse Haber-Kucharsky <jhaberku@scylladb.com> Tests: unit (release) Message-Id: <f1b985d99f66e5e64d714fd0f087e235b71557d2.1536697368.git.jhaberku@scylladb.com>
74 lines
2.2 KiB
C++
74 lines
2.2 KiB
C++
/*
|
|
* Copyright (C) 2018 ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* This file is part of Scylla.
|
|
*
|
|
* Scylla is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Scylla is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with Scylla. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#define BOOST_TEST_MODULE core
|
|
|
|
#include <array>
|
|
#include <random>
|
|
#include <unordered_set>
|
|
|
|
#include "auth/passwords.hh"
|
|
|
|
#include <boost/test/unit_test.hpp>
|
|
#include <seastar/core/sstring.hh>
|
|
|
|
#include "seastarx.hh"
|
|
|
|
static auto rng_for_salt = std::default_random_engine(std::random_device{}());
|
|
|
|
//
|
|
// The same password hashed multiple times will result in different strings because the salt will be different.
|
|
//
|
|
BOOST_AUTO_TEST_CASE(passwords_are_salted) {
|
|
const char* const cleartext = "my_excellent_password";
|
|
std::unordered_set<sstring> observed_passwords{};
|
|
|
|
for (int i = 0; i < 10; ++i) {
|
|
const sstring e = auth::passwords::hash(cleartext, rng_for_salt);
|
|
BOOST_REQUIRE_EQUAL(observed_passwords.count(e), 0);
|
|
observed_passwords.insert(e);
|
|
}
|
|
}
|
|
|
|
//
|
|
// A hashed password will authenticate against the same password in cleartext.
|
|
//
|
|
BOOST_AUTO_TEST_CASE(correct_passwords_authenticate) {
|
|
// Common passwords.
|
|
std::array<const char*, 3> passwords{
|
|
"12345",
|
|
"1_am_the_greatest!",
|
|
"password1"
|
|
};
|
|
|
|
for (const char* p : passwords) {
|
|
BOOST_REQUIRE(auth::passwords::check(p, auth::passwords::hash(p, rng_for_salt)));
|
|
}
|
|
}
|
|
|
|
//
|
|
// A hashed password that does not match the password in cleartext does not authenticate.
|
|
//
|
|
BOOST_AUTO_TEST_CASE(incorrect_passwords_do_not_authenticate) {
|
|
const sstring hashed_password = auth::passwords::hash("actual_password", rng_for_salt);
|
|
BOOST_REQUIRE(!auth::passwords::check("password_guess", hashed_password));
|
|
}
|