added plain text passwords, fixed empty passwords

This commit is contained in:
Roland Gruber 2003-10-05 10:51:01 +00:00
parent bba0d4b01b
commit 105f119efa
6 changed files with 15 additions and 6 deletions

View File

@ -4,7 +4,7 @@
- Fixed possible error which could delete entries if objectclass didn't fit
- Fixed many samba 3.0 related bugs, most related to SIDs
- edit group members directly
- support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5)
- support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5/PLAIN)
- PDF output for groups and hosts

View File

@ -75,6 +75,6 @@ samba3: no
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA).
# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA/PLAIN).
pwdhash: SSHA

View File

@ -105,7 +105,7 @@ $helpArray = array (
"214" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Cache timeout"),
"Text" => _("This is the time in minutes which LAM caches its LDAP searches. Shorter times will stress LDAP more but decrease the possibility that changes are not identified.")),
"215" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Password hash type"),
"Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of an user password. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters.")),
"Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of an user password. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")),
"230" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Add profile"),
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
"231" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Rename profile"),

View File

@ -239,7 +239,7 @@ class Config {
if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Server of external Script\n" . "scriptServer: " . $this->scriptServer . "\n");
if (!in_array("samba3", $saved)) array_push($file_array, "\n\n# Set to \"yes\" only if you use the new Samba 3.x schema.\n" . "samba3: " . $this->samba3 . "\n");
if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n");
if (!in_array("pwdhash", $saved)) array_push($file_array, "\n\n# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA).\n" . "pwdhash: " . $this->pwdhash . "\n");
if (!in_array("pwdhash", $saved)) array_push($file_array, "\n\n# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA/PLAIN).\n" . "pwdhash: " . $this->pwdhash . "\n");
$file = fopen($conffile, "w");
if ($file) {
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
@ -596,7 +596,7 @@ class Config {
// set the password hash type (CRYPT/SHA/SSHA/MD5/SMD5)
function set_pwdhash($value) {
if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5)$", $value)) {
if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5|plain)$", $value)) {
$this->pwdhash = $value;
}
else return false;

View File

@ -31,11 +31,16 @@ include_once("config.inc");
// $password: the password string
// $enabled: marks the hash as enabled/disabled (e.g. by prefixing "!")
function pwd_hash($password, $enabled=true) {
// check for empty password
if (! $password || ($password == "")) {
if ($enabled) return "";
else return "!";
}
// hash password with algorithm from config file
$hash = "";
switch ($_SESSION['config']->get_pwdhash()) {
case 'CRYPT':
$hash = "{crypt}" . crypt($password);
$hash = "{CRYPT}" . crypt($password);
break;
case 'MD5':
$hash = "{MD5}" . base64_encode(mHash(MHASH_MD5, $password));
@ -54,6 +59,9 @@ function pwd_hash($password, $enabled=true) {
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
$hash = "{SSHA}" . $hash;
break;
case 'PLAIN':
$hash = $password;
break;
// use SSHA if the setting is invalid
default:
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5(mt_rand())), 0, 8), 4);

View File

@ -155,6 +155,7 @@ if ($conf->get_pwdhash() != "SHA") echo("<option>SHA</option>\n");
if ($conf->get_pwdhash() != "SSHA") echo("<option>SSHA</option>\n");
if ($conf->get_pwdhash() != "MD5") echo("<option>MD5</option>\n");
if ($conf->get_pwdhash() != "SMD5") echo("<option>SMD5</option>\n");
if ($conf->get_pwdhash() != "PLAIN") echo("<option>PLAIN</option>\n");
echo ("</select></td>\n");
echo ("<td><a href=\"../help.php?HelpNumber=215\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n");