store passwords encrypted

This commit is contained in:
katagia 2003-06-15 20:02:33 +00:00
parent 27929526e9
commit 2be6020068
2 changed files with 87 additions and 71 deletions

View File

@ -291,12 +291,12 @@ function checkglobal($values, $type, $values_old=false) { // This functions chec
function checkunix($values, $type) { // This function checks all unix account paramters function checkunix($values, $type) { // This function checks all unix account paramters
$key = $_COOKIE['Key']; if ($values->unix_password != '') {
$iv = $_COOKIE['IV']; $iv = base64_decode($_COOKIE["IV"]);
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($key), $key = base64_decode($_COOKIE["Key"]);
base64_decode($values->unix_password), MRYPT_MODE_ECB, $values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
base64_decode($iv));
$values->unix_password = str_replace(chr(00), '', $values->unix_password); $values->unix_password = str_replace(chr(00), '', $values->unix_password);
}
if ($type=='user' && !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $values->unix_password)) if ($type=='user' && !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $values->unix_password))
$errors[] = array('ERROR', _('Password'), _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $errors[] = array('ERROR', _('Password'), _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
if ( !ereg('^([0-9]*)$', $values->unix_pwdminage)) $errors[] = array('ERROR', _('Password Minage'), _('Password Minage must be are natural number.')); if ( !ereg('^([0-9]*)$', $values->unix_pwdminage)) $errors[] = array('ERROR', _('Password Minage'), _('Password Minage must be are natural number.'));
@ -313,10 +313,12 @@ function checkunix($values, $type) { // This function checks all unix account pa
} }
function checksamba($values, $type) { // This function checks all samba account paramters function checksamba($values, $type) { // This function checks all samba account paramters
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), if ($values->unix_password != '') {
base64_decode($values->smb_password), MRYPT_MODE_ECB, $iv = base64_decode($_COOKIE["IV"]);
base64_decode($_COOKIE['IV'])); $key = base64_decode($_COOKIE["Key"]);
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password); $values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
$return = new account(); $return = new account();
if ($values->smb_useunixpwd) $return->smb_password = $values->unix_password; if ($values->smb_useunixpwd) $return->smb_password = $values->unix_password;
switch ($type) { switch ($type) {
@ -800,14 +802,16 @@ function createuser($values) { // Will create the LDAP-Account
settype($date, 'integer'); settype($date, 'integer');
$values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_UserSuffix(); $values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_UserSuffix();
// decrypt password // decrypt password
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), $iv = base64_decode($_COOKIE["IV"]);
base64_decode($values->unix_password), MRYPT_MODE_ECB, $key = base64_decode($_COOKIE["Key"]);
base64_decode($_COOKIE['IV'])); if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password); $values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), }
base64_decode($values->smb_password), MRYPT_MODE_ECB, if ($values->smb_password != '') {
base64_decode($_COOKIE['IV'])); $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password); $values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
// All Values need for an user-account // All Values need for an user-account
// General Objectclasses // General Objectclasses
@ -895,14 +899,16 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
// 5 == Error while modifying Account // 5 == Error while modifying Account
// Value stored in shadowExpire, days since 1.1.1970 // Value stored in shadowExpire, days since 1.1.1970
// decrypt password // decrypt password
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), $iv = base64_decode($_COOKIE["IV"]);
base64_decode($values->unix_password), MRYPT_MODE_ECB, $key = base64_decode($_COOKIE["Key"]);
base64_decode($_COOKIE['IV'])); if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password); $values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), }
base64_decode($values->smb_password), MRYPT_MODE_ECB, if ($values->smb_password != '') {
base64_decode($_COOKIE['IV'])); $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password); $values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
$date = mktime(10,0,0, $values->unix_pwdexpire_mon, $values->unix_pwdexpire_day, $values->unix_pwdexpire_yea) / 86400 ; $date = mktime(10,0,0, $values->unix_pwdexpire_mon, $values->unix_pwdexpire_day, $values->unix_pwdexpire_yea) / 86400 ;
settype($date, 'integer'); settype($date, 'integer');
@ -1085,15 +1091,16 @@ function createhost($values) { // Will create the LDAP-Account
$values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_HostSuffix(); $values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_HostSuffix();
// decrypt password // decrypt password
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), $iv = base64_decode($_COOKIE["IV"]);
base64_decode($values->unix_password), MRYPT_MODE_ECB, $key = base64_decode($_COOKIE["Key"]);
base64_decode($_COOKIE['IV'])); if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password); $values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), }
base64_decode($values->smb_password), MRYPT_MODE_ECB, if ($values->smb_password != '') {
base64_decode($_COOKIE['IV'])); $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password); $values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
// All Values need for an host-account // All Values need for an host-account
// General Objectclasses // General Objectclasses
$attr['objectClass'][0] = 'posixAccount'; $attr['objectClass'][0] = 'posixAccount';
@ -1162,15 +1169,16 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
settype($date, 'integer'); settype($date, 'integer');
// decrypt password // decrypt password
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), $iv = base64_decode($_COOKIE["IV"]);
base64_decode($values->unix_password), MRYPT_MODE_ECB, $key = base64_decode($_COOKIE["Key"]);
base64_decode($_COOKIE['IV'])); if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password); $values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), }
base64_decode($values->smb_password), MRYPT_MODE_ECB, if ($values->smb_password != '') {
base64_decode($_COOKIE['IV'])); $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password); $values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_HostSuffix(); $values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_HostSuffix();
if ($values->general_username != $values_old->general_username) { if ($values->general_username != $values_old->general_username) {
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may $attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
@ -1297,15 +1305,16 @@ function creategroup($values) { // Will create the LDAP-Group
$values->general_dn = 'cn=' . $values->general_username . ',' . $_SESSION['config']->get_GroupSuffix(); $values->general_dn = 'cn=' . $values->general_username . ',' . $_SESSION['config']->get_GroupSuffix();
// decrypt password // decrypt password
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), $iv = base64_decode($_COOKIE["IV"]);
base64_decode($values->unix_password), MRYPT_MODE_ECB, $key = base64_decode($_COOKIE["Key"]);
base64_decode($_COOKIE['IV'])); if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password); $values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), }
base64_decode($values->smb_password), MRYPT_MODE_ECB, if ($values->smb_password != '') {
base64_decode($_COOKIE['IV'])); $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password); $values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
$attr['objectClass'] = 'posixGroup'; $attr['objectClass'] = 'posixGroup';
$attr['cn'] = $values->general_username; $attr['cn'] = $values->general_username;
$attr['gidNumber'] = $values->general_uidNumber; $attr['gidNumber'] = $values->general_uidNumber;
@ -1324,15 +1333,16 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
$values->general_dn = 'cn=' . $values->general_username . ',' . $_SESSION['config']->get_GroupSuffix(); $values->general_dn = 'cn=' . $values->general_username . ',' . $_SESSION['config']->get_GroupSuffix();
// decrypt password // decrypt password
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), $iv = base64_decode($_COOKIE["IV"]);
base64_decode($values->unix_password), MRYPT_MODE_ECB, $key = base64_decode($_COOKIE["Key"]);
base64_decode($_COOKIE['IV'])); if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password); $values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), }
base64_decode($values->smb_password), MRYPT_MODE_ECB, if ($values->smb_password != '') {
base64_decode($_COOKIE['IV'])); $values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password); $values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
if ($values->general_username != $values_old->general_username) $attr['cn'] = $values->general_username; if ($values->general_username != $values_old->general_username) $attr['cn'] = $values->general_username;
if ($values->general_uidNumber != $values_old->general_uidNumber) $attr['gidNumber'] = $values->general_uidNumber; if ($values->general_uidNumber != $values_old->general_uidNumber) $attr['gidNumber'] = $values->general_uidNumber;
if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = $values->general_gecos; if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = $values->general_gecos;

View File

@ -102,7 +102,9 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
else $_SESSION['account']->unix_deactivated = false; else $_SESSION['account']->unix_deactivated = false;
if ($_POST['genpass']) { if ($_POST['genpass']) {
// Generate a random password if generate-button was pressed // Generate a random password if generate-button was pressed
$_SESSION['account']->unix_password = genpasswd(); $iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$_SESSION['account']->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, genpasswd(), MCRYPT_MODE_ECB, $iv));
// Keep unix-page acitve // Keep unix-page acitve
$select_local = 'unix'; $select_local = 'unix';
} }
@ -555,10 +557,12 @@ switch ($select_local) { // Select which part of page will be loaded
case 'unix': case 'unix':
// Unix Password Settings // Unix Password Settings
// decrypt password // decrypt password
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), if ($_SESSION['account']->unix_password != '') {
base64_decode($_SESSION['account']->unix_password), MRYPT_MODE_ECB, $iv = base64_decode($_COOKIE["IV"]);
base64_decode($_COOKIE['IV'])); $key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($_SESSION['account']->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password); $password = str_replace(chr(00), '', $password);
}
echo '<tr><td><input name="select" type="hidden" value="unix">'; echo '<tr><td><input name="select" type="hidden" value="unix">';
echo _('Unix Properties'); echo _('Unix Properties');
echo '</td></tr>'."\n".''; echo '</td></tr>'."\n".'';
@ -697,10 +701,12 @@ switch ($select_local) { // Select which part of page will be loaded
// Samba Settings // Samba Settings
echo '<tr><td><input name="select" type="hidden" value="samba">'; echo _('Samba Properties'); echo '</td></tr>'."\n"; echo '<tr><td><input name="select" type="hidden" value="samba">'; echo _('Samba Properties'); echo '</td></tr>'."\n";
// decrypt password // decrypt password
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, base64_decode($_COOKIE['Key']), if ($_SESSION['account']->smb_password != '') {
base64_decode($_SESSION['account']->smb_password), MRYPT_MODE_ECB, $iv = base64_decode($_COOKIE["IV"]);
base64_decode($_COOKIE['IV'])); $key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($_SESSION['account']->smb_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password); $password = str_replace(chr(00), '', $password);
}
switch ( $_SESSION['type2'] ) { switch ( $_SESSION['type2'] ) {
case 'user': case 'user':
// Set Account is samba-workstation to false // Set Account is samba-workstation to false