WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added plain text passwords, fixed empty passwords

This commit is contained in:
Roland Gruber 2003-10-05 10:51:01 +00:00
parent bba0d4b01b
commit 105f119efa
6 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lam/HISTORY
View File

@ -4,7 +4,7 @@
- Fixed possible error which could delete entries if objectclass didn't fit - Fixed possible error which could delete entries if objectclass didn't fit
- Fixed many samba 3.0 related bugs, most related to SIDs - Fixed many samba 3.0 related bugs, most related to SIDs
- edit group members directly - edit group members directly
- support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5) - support for several password hashes (CRYPT/SHA/SSHA/MD5/SMD5/PLAIN)
- PDF output for groups and hosts - PDF output for groups and hosts

2
lam/config/lam.conf_sample
View File

@ -75,6 +75,6 @@ samba3: no
# Number of minutes LAM caches LDAP searches. # Number of minutes LAM caches LDAP searches.
cachetimeout: 5 cachetimeout: 5
# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA). # Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA/PLAIN).
pwdhash: SSHA pwdhash: SSHA

2
lam/help/help.inc
View File

@ -105,7 +105,7 @@ $helpArray = array (
"214" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Cache timeout"), "214" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Cache timeout"),
"Text" => _("This is the time in minutes which LAM caches its LDAP searches. Shorter times will stress LDAP more but decrease the possibility that changes are not identified.")), "Text" => _("This is the time in minutes which LAM caches its LDAP searches. Shorter times will stress LDAP more but decrease the possibility that changes are not identified.")),
"215" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Password hash type"), "215" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Password hash type"),
"Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of an user password. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters.")), "Text" => _("LAM supports CRYPT, SHA, SSHA, MD5 and SMD5 to generate the hash value of an user password. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")),
"230" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Add profile"), "230" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Add profile"),
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")), "Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
"231" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Rename profile"), "231" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Rename profile"),

4
lam/lib/config.inc
View File

@ -239,7 +239,7 @@ class Config {
if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Server of external Script\n" . "scriptServer: " . $this->scriptServer . "\n"); if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Server of external Script\n" . "scriptServer: " . $this->scriptServer . "\n");
if (!in_array("samba3", $saved)) array_push($file_array, "\n\n# Set to \"yes\" only if you use the new Samba 3.x schema.\n" . "samba3: " . $this->samba3 . "\n"); if (!in_array("samba3", $saved)) array_push($file_array, "\n\n# Set to \"yes\" only if you use the new Samba 3.x schema.\n" . "samba3: " . $this->samba3 . "\n");
if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n"); if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n");
if (!in_array("pwdhash", $saved)) array_push($file_array, "\n\n# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA).\n" . "pwdhash: " . $this->pwdhash . "\n"); if (!in_array("pwdhash", $saved)) array_push($file_array, "\n\n# Password hash algorithm (CRYPT/MD5/SMD5/SHA/SSHA/PLAIN).\n" . "pwdhash: " . $this->pwdhash . "\n");
$file = fopen($conffile, "w"); $file = fopen($conffile, "w");
if ($file) { if ($file) {
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
@ -596,7 +596,7 @@ class Config {
// set the password hash type (CRYPT/SHA/SSHA/MD5/SMD5) // set the password hash type (CRYPT/SHA/SSHA/MD5/SMD5)
function set_pwdhash($value) { function set_pwdhash($value) {
if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5)$", $value)) { if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5|plain)$", $value)) {
$this->pwdhash = $value; $this->pwdhash = $value;
} }
else return false; else return false;

10
lam/lib/ldap.inc
View File

@ -31,11 +31,16 @@ include_once("config.inc");
// $password: the password string // $password: the password string
// $enabled: marks the hash as enabled/disabled (e.g. by prefixing "!") // $enabled: marks the hash as enabled/disabled (e.g. by prefixing "!")
function pwd_hash($password, $enabled=true) { function pwd_hash($password, $enabled=true) {
// check for empty password
if (! $password || ($password == "")) {
if ($enabled) return "";
else return "!";
}
// hash password with algorithm from config file // hash password with algorithm from config file
$hash = ""; $hash = "";
switch ($_SESSION['config']->get_pwdhash()) { switch ($_SESSION['config']->get_pwdhash()) {
case 'CRYPT': case 'CRYPT':
$hash = "{crypt}" . crypt($password); $hash = "{CRYPT}" . crypt($password);
break; break;
case 'MD5': case 'MD5':
$hash = "{MD5}" . base64_encode(mHash(MHASH_MD5, $password)); $hash = "{MD5}" . base64_encode(mHash(MHASH_MD5, $password));
@ -54,6 +59,9 @@ function pwd_hash($password, $enabled=true) {
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt); $hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
$hash = "{SSHA}" . $hash; $hash = "{SSHA}" . $hash;
break; break;
case 'PLAIN':
$hash = $password;
break;
// use SSHA if the setting is invalid // use SSHA if the setting is invalid
default: default:
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5(mt_rand())), 0, 8), 4); $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5(mt_rand())), 0, 8), 4);

1
lam/templates/config/confmain.php
View File

@ -155,6 +155,7 @@ if ($conf->get_pwdhash() != "SHA") echo("<option>SHA</option>\n");
if ($conf->get_pwdhash() != "SSHA") echo("<option>SSHA</option>\n"); if ($conf->get_pwdhash() != "SSHA") echo("<option>SSHA</option>\n");
if ($conf->get_pwdhash() != "MD5") echo("<option>MD5</option>\n"); if ($conf->get_pwdhash() != "MD5") echo("<option>MD5</option>\n");
if ($conf->get_pwdhash() != "SMD5") echo("<option>SMD5</option>\n"); if ($conf->get_pwdhash() != "SMD5") echo("<option>SMD5</option>\n");
if ($conf->get_pwdhash() != "PLAIN") echo("<option>PLAIN</option>\n");
echo ("</select></td>\n"); echo ("</select></td>\n");
echo ("<td><a href=\"../help.php?HelpNumber=215\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n"); echo ("<td><a href=\"../help.php?HelpNumber=215\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n");