From 105f119efae8592763dcb689d0edaec6f68795de Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 5 Oct 2003 10:51:01 +0000 Subject: [PATCH] added plain text passwords, fixed empty passwords --- lam/HISTORY | 2 +- lam/config/lam.conf_sample | 2 +- lam/help/help.inc | 2 +- lam/lib/config.inc | 4 ++-- lam/lib/ldap.inc | 10 +++++++++- lam/templates/config/confmain.php | 1 + 6 files changed, 15 insertions(+), 6 deletions(-) diff --git a/lam/HISTORY b/lam/HISTORY index 9151a732..fdbc0166 100644 --- a/lam/HISTORY +++ b/lam/HISTORY @@ -4,7 +4,7 @@ - Fixed possible error which could delete entries if objectclass didn't fit - Fixed many samba 3.0 related bugs, most related to SIDs - edit group members directly - - support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5) + - support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5/PLAIN) - PDF output for groups and hosts diff --git a/lam/config/lam.conf_sample b/lam/config/lam.conf_sample index 547d9504..ca476dbd 100644 --- a/lam/config/lam.conf_sample +++ b/lam/config/lam.conf_sample @@ -75,6 +75,6 @@ samba3: no # Number of minutes LAM caches LDAP searches. cachetimeout: 5 -# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA). +# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA/PLAIN). pwdhash: SSHA diff --git a/lam/help/help.inc b/lam/help/help.inc index ba8e291e..1dba0b58 100644 --- a/lam/help/help.inc +++ b/lam/help/help.inc @@ -105,7 +105,7 @@ $helpArray = array ( "214" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Cache timeout"), "Text" => _("This is the time in minutes which LAM caches its LDAP searches. Shorter times will stress LDAP more but decrease the possibility that changes are not identified.")), "215" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Password hash type"), - "Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of an user password. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters.")), + "Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of an user password. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")), "230" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Add profile"), "Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")), "231" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Rename profile"), diff --git a/lam/lib/config.inc b/lam/lib/config.inc index 97be6833..67447924 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -239,7 +239,7 @@ class Config { if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Server of external Script\n" . "scriptServer: " . $this->scriptServer . "\n"); if (!in_array("samba3", $saved)) array_push($file_array, "\n\n# Set to \"yes\" only if you use the new Samba 3.x schema.\n" . "samba3: " . $this->samba3 . "\n"); if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n"); - if (!in_array("pwdhash", $saved)) array_push($file_array, "\n\n# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA).\n" . "pwdhash: " . $this->pwdhash . "\n"); + if (!in_array("pwdhash", $saved)) array_push($file_array, "\n\n# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA/PLAIN).\n" . "pwdhash: " . $this->pwdhash . "\n"); $file = fopen($conffile, "w"); if ($file) { for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); @@ -596,7 +596,7 @@ class Config { // set the password hash type (CRYPT/SHA/SSHA/MD5/SMD5) function set_pwdhash($value) { - if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5)$", $value)) { + if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5|plain)$", $value)) { $this->pwdhash = $value; } else return false; diff --git a/lam/lib/ldap.inc b/lam/lib/ldap.inc index 120e8413..97890217 100644 --- a/lam/lib/ldap.inc +++ b/lam/lib/ldap.inc @@ -31,11 +31,16 @@ include_once("config.inc"); // $password: the password string // $enabled: marks the hash as enabled/disabled (e.g. by prefixing "!") function pwd_hash($password, $enabled=true) { + // check for empty password + if (! $password || ($password == "")) { + if ($enabled) return ""; + else return "!"; + } // hash password with algorithm from config file $hash = ""; switch ($_SESSION['config']->get_pwdhash()) { case 'CRYPT': - $hash = "{crypt}" . crypt($password); + $hash = "{CRYPT}" . crypt($password); break; case 'MD5': $hash = "{MD5}" . base64_encode(mHash(MHASH_MD5, $password)); @@ -54,6 +59,9 @@ function pwd_hash($password, $enabled=true) { $hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt); $hash = "{SSHA}" . $hash; break; + case 'PLAIN': + $hash = $password; + break; // use SSHA if the setting is invalid default: $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5(mt_rand())), 0, 8), 4); diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php index 63d5a75e..7359d389 100644 --- a/lam/templates/config/confmain.php +++ b/lam/templates/config/confmain.php @@ -155,6 +155,7 @@ if ($conf->get_pwdhash() != "SHA") echo("\n"); if ($conf->get_pwdhash() != "SSHA") echo("\n"); if ($conf->get_pwdhash() != "MD5") echo("\n"); if ($conf->get_pwdhash() != "SMD5") echo("\n"); +if ($conf->get_pwdhash() != "PLAIN") echo("\n"); echo ("\n"); echo ("" . _("Help") . "\n");