/usr/share/perl5/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm is in liblemonldap-ng-common-perl 1.9.16-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | #############################################################################
#
# Lemonldap::NG::Common::Apache::Session::Generate::SHA256
# Generates session identifier tokens using SHA-256
# Distribute under the Perl License
#
############################################################################
package Lemonldap::NG::Common::Apache::Session::Generate::SHA256;
use strict;
use Digest::SHA qw(sha256 sha256_hex sha256_base64);
our $VERSION = '1.9.1';
sub generate {
my $session = shift;
my $length = 64;
if ( exists $session->{args}->{IDLength} ) {
$length = $session->{args}->{IDLength};
}
$session->{data}->{_session_id} = substr(
Digest::SHA::sha256_hex(
Digest::SHA::sha256_hex( time() . {} . rand() . $$ )
),
0, $length
);
}
sub validate {
#This routine checks to ensure that the session ID is in the form
#we expect. This must be called before we start diddling around
#in the database or the disk.
my $session = shift;
if ( $session->{data}->{_session_id} =~ /^([a-fA-F0-9]+)$/ ) {
$session->{data}->{_session_id} = $1;
}
else {
die "Invalid session ID: " . $session->{data}->{_session_id};
}
}
1;
|