support K5KEY
This commit is contained in:
parent
bc0505db1c
commit
7d124bb77c
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
2009 - 2015 Roland Gruber
|
2009 - 2016 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -140,7 +140,7 @@ function ntPassword($password) {
|
||||||
*
|
*
|
||||||
* @param string $password the password string
|
* @param string $password the password string
|
||||||
* @param boolean $enabled marks the hash as enabled/disabled (e.g. by prefixing "!")
|
* @param boolean $enabled marks the hash as enabled/disabled (e.g. by prefixing "!")
|
||||||
* @param string $hashType password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN)
|
* @param string $hashType password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN, K5KEY)
|
||||||
* @return string the password hash
|
* @return string the password hash
|
||||||
*/
|
*/
|
||||||
function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
||||||
|
@ -169,6 +169,9 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
||||||
case 'PLAIN':
|
case 'PLAIN':
|
||||||
$hash = $password;
|
$hash = $password;
|
||||||
break;
|
break;
|
||||||
|
case 'K5KEY':
|
||||||
|
$hash = '{K5KEY}';
|
||||||
|
break;
|
||||||
case 'SSHA':
|
case 'SSHA':
|
||||||
default: // use SSHA if the setting is invalid
|
default: // use SSHA if the setting is invalid
|
||||||
$salt = generateSalt(4);
|
$salt = generateSalt(4);
|
||||||
|
@ -186,7 +189,7 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
||||||
* @return array hash types
|
* @return array hash types
|
||||||
*/
|
*/
|
||||||
function getSupportedHashTypes() {
|
function getSupportedHashTypes() {
|
||||||
return array('CRYPT', 'CRYPT-SHA512', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN', 'SASL');
|
return array('CRYPT', 'CRYPT-SHA512', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN', 'SASL', 'K5KEY');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
2005 - 2015 Roland Gruber
|
2005 - 2016 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -833,6 +833,7 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
'pwdHash' => array(
|
'pwdHash' => array(
|
||||||
"Headline" => _("Password hash type"),
|
"Headline" => _("Password hash type"),
|
||||||
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||||
|
. ' ' . _('K5KEY is only needed if you use Kerberos with smbk5pwd.')
|
||||||
),
|
),
|
||||||
'ou' => array(
|
'ou' => array(
|
||||||
"Headline" => _("Organisational unit"), 'attr' => 'ou',
|
"Headline" => _("Organisational unit"), 'attr' => 'ou',
|
||||||
|
@ -1209,6 +1210,10 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
||||||
$this->attributes['userPassword'][0] = '{SASL}' . $this->attributes['uid'][0];
|
$this->attributes['userPassword'][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||||
}
|
}
|
||||||
|
// set K5KEY password for new users
|
||||||
|
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'K5KEY')) {
|
||||||
|
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2327,6 +2332,10 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||||
$partialAccounts[$i]['userPassword'] = '{SASL}' . $partialAccounts[$i]['uid'];
|
$partialAccounts[$i]['userPassword'] = '{SASL}' . $partialAccounts[$i]['uid'];
|
||||||
}
|
}
|
||||||
|
// set K5KEY password
|
||||||
|
elseif (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'K5KEY')) {
|
||||||
|
$partialAccounts[$i]['userPassword'] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
|
}
|
||||||
// set normal password
|
// set normal password
|
||||||
else {
|
else {
|
||||||
if (($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") && (get_preg($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], 'password'))) {
|
if (($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") && (get_preg($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], 'password'))) {
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
Copyright (C) 2005 - 2015 Roland Gruber
|
Copyright (C) 2005 - 2016 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -488,6 +488,7 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
'pwdHash' => array(
|
'pwdHash' => array(
|
||||||
"Headline" => _("Password hash type"),
|
"Headline" => _("Password hash type"),
|
||||||
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
"Text" => _("LAM supports CRYPT, CRYPT-SHA512, SHA, SSHA, MD5 and SMD5 to generate the hash value of passwords. SSHA and CRYPT are the most common but CRYPT does not support passwords greater than 8 letters. We do not recommend to use plain text passwords.")
|
||||||
|
. ' ' . _('K5KEY is only needed if you use Kerberos with smbk5pwd.')
|
||||||
),
|
),
|
||||||
'uidNumber' => array(
|
'uidNumber' => array(
|
||||||
"Headline" => _("UID number"), 'attr' => 'uidNumber',
|
"Headline" => _("UID number"), 'attr' => 'uidNumber',
|
||||||
|
@ -1282,6 +1283,10 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
||||||
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
|
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||||
}
|
}
|
||||||
|
// set K5KEY password for new users
|
||||||
|
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'K5KEY')) {
|
||||||
|
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// Return error-messages
|
// Return error-messages
|
||||||
return $errors;
|
return $errors;
|
||||||
|
@ -2226,6 +2231,10 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||||
$partialAccounts[$i][$pwdAttrName] = '{SASL}' . $partialAccounts[$i]['uid'];
|
$partialAccounts[$i][$pwdAttrName] = '{SASL}' . $partialAccounts[$i]['uid'];
|
||||||
}
|
}
|
||||||
|
// set K5KEY password
|
||||||
|
elseif (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'K5KEY')) {
|
||||||
|
$partialAccounts[$i][$pwdAttrName] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
|
}
|
||||||
// set normal password
|
// set normal password
|
||||||
else {
|
else {
|
||||||
if (($rawAccount[$ids['posixAccount_password']] != "") && (get_preg($rawAccount[$ids['posixAccount_password']], 'password'))) {
|
if (($rawAccount[$ids['posixAccount_password']] != "") && (get_preg($rawAccount[$ids['posixAccount_password']], 'password'))) {
|
||||||
|
|
Loading…
Reference in New Issue