From ed85aff9c410c7c5e8478f9c52ecf73c43e171d9 Mon Sep 17 00:00:00 2001
From: Frank Walentowski <frank.walentowski@inchron.com>
Date: Tue, 8 Oct 2024 15:04:05 +0200
Subject: [PATCH] Add support for UTF-8 encoded passwords when using the hash
 types :ssha and ssha256

---
 lib/net/ldap/password.rb | 8 ++++++--
 test/test_password.rb    | 7 +++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/net/ldap/password.rb b/lib/net/ldap/password.rb
index 9a6658ed..4a6a1ae7 100644
--- a/lib/net/ldap/password.rb
+++ b/lib/net/ldap/password.rb
@@ -28,10 +28,14 @@ def generate(type, str)
          '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(str))
       when :ssha
          salt = SecureRandom.random_bytes(16)
-         '{SSHA}' + Base64.strict_encode64(Digest::SHA1.digest(str + salt) + salt)
+         digest = Digest::SHA1.new
+         digest << str << salt
+         '{SSHA}' + Base64.strict_encode64(digest.digest + salt)
       when :ssha256
         salt = SecureRandom.random_bytes(16)
-        '{SSHA256}' + Base64.strict_encode64(Digest::SHA256.digest(str + salt) + salt)
+        digest = Digest::SHA256.new
+        digest << str << salt
+        '{SSHA256}' + Base64.strict_encode64(digest.digest + salt)
       else
          raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})"
       end
diff --git a/test/test_password.rb b/test/test_password.rb
index cc1878da..407cde94 100644
--- a/test/test_password.rb
+++ b/test/test_password.rb
@@ -12,4 +12,11 @@ def test_psw_with_ssha256_should_not_contain_linefeed
     flexmock(SecureRandom).should_receive(:random_bytes).and_return('\xE5\x8A\x99\xF8\xCB\x15GW\xE8\xEA\xAD\x0F\xBF\x95\xB0\xDC')
     assert_equal("{SSHA256}Cc7MXboTyUP5PnPAeJeCrgMy8+7Gus0sw7kBJuTrmf1ceEU1XHg4QVx4OTlceEY4XHhDQlx4MTVHV1x4RThceEVBXHhBRFx4MEZceEJGXHg5NVx4QjBceERD", Net::LDAP::Password.generate(:ssha256, "cashflow"))
   end
+
+  def test_utf8_psw
+    flexmock(SecureRandom).should_receive(:random_bytes).and_return('\xE5\x8A\x99\xF8\xCB\x15GW\xE8\xEA\xAD\x0F\xBF\x95\xB0\xDC')
+    utf8_psw = "iHVh©NjrLR§h!cru"
+    assert_equal("{SSHA}shzNiWgSPr3DoDm+Re7QPCcu1g1ceEU1XHg4QVx4OTlceEY4XHhDQlx4MTVHV1x4RThceEVBXHhBRFx4MEZceEJGXHg5NVx4QjBceERD", Net::LDAP::Password.generate(:ssha, utf8_psw))
+    assert_equal("{SSHA256}/aS06GodUyRYx+z436t+WZsH2aQCSac9FY4ewaXzhSNceEU1XHg4QVx4OTlceEY4XHhDQlx4MTVHV1x4RThceEVBXHhBRFx4MEZceEJGXHg5NVx4QjBceERD", Net::LDAP::Password.generate(:ssha256, utf8_psw))
+  end
 end