Blowfish update

This commit is contained in:
Roland Gruber 2004-01-10 11:08:10 +00:00
parent 2b80daee2d
commit 9fd6df2f03
15 changed files with 114 additions and 118 deletions

View File

@ -1,3 +1,9 @@
??? 0.4.2
- added config wizard
- MHash is only needed for PHP < 4.3
- use Blowfish for encryption instead of MCrypt
29.12.2003 0.4.1
- better error handling at login

View File

@ -6,7 +6,7 @@ Installation Instructions for LAM
1. Requirements
- Apache webserver (SSL optional) with installed PHP-Module (PHP-Module with
ldap, gettext, mcrypt, mhash)
ldap, gettext, mcrypt+mhash optional)
- Perl
- Openldap (>2.0)
- A web browser :-)

View File

@ -80,8 +80,9 @@ LAM - Readme
LAM needs to store your LDAP username + password in the session. The session
files are saved in sess/ and are accessible only by the web server. To increase
security username and password are encrypted with AES (256 bit). The key and iv
are generated at random when you log in. They are stored in two cookies.
security username and password are encrypted with MCrypt/AES or Blowfish.
The key and iv are generated at random when you log in. They are stored in two
cookies.
Have fun!

View File

@ -25,7 +25,7 @@
4. LDAP-password protection
Your LDAP-password is stored encrypted in the session file. The key and IV to decrypt
it are stored in two cookies. We use AES to encrypt the passwort.
it are stored in two cookies. We use MCrypt/AES or Blowfish to encrypt the password.
5. Protection of new user passwords

View File

@ -856,7 +856,7 @@ class accountContainer {
function lamdaemon($commands) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION[$this->ldap]->decrypt();
$ldap_q = $_SESSION[$this->ldap]->decrypt_login();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add'
* use escapeshellarg to make exec() shell-safe
@ -1084,7 +1084,7 @@ function getquotas($users) {
if (is_array($users)) $return = $users;
else $return[0] = $users;
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt();
$ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
* use escapeshellarg to make exec() shell-safe
@ -1182,7 +1182,7 @@ function getquotas($users) {
*/
function setquotas($values2) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt();
$ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
* use escapeshellarg to make exec() shell-safe
@ -1273,7 +1273,7 @@ function setquotas($values2) {
*/
function remquotas($users, $type) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt();
$ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
* use escapeshellarg to make exec() shell-safe
@ -1338,7 +1338,7 @@ function remquotas($users, $type) {
*/
function addhomedir($users) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt();
$ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add'
* use escapeshellarg to make exec() shell-safe
@ -1404,7 +1404,7 @@ function addhomedir($users) {
*/
function remhomedir($users) {
// get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt();
$ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add'
* use escapeshellarg to make exec() shell-safe
@ -2192,15 +2192,11 @@ function createuser($values, $uselamdaemon=true) {
// Create DN for new user account
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password because we don't want to store them unencrypted in session
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
}
if ($values->smb_password != '') {
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
$values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
}
// Attributes which are required
@ -2382,15 +2378,11 @@ function modifyuser($values,$values_old,$uselamdaemon=true) { // Will modify the
// Create DN for new user account
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password because we don't want to store them unencrypted in session
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
$values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
}
if ($values->smb_password != '') {
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
$values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
}
// Attributes which are required
if ($values->general_username != $values_old->general_username) {

View File

@ -24,6 +24,7 @@ $Id$
// ldap.inc provides basic functions to connect to the OpenLDAP server.
include_once("config.inc");
include_once("blowfish.inc");
// converts a HEX string to a binary value
function hex2bin($value) {
@ -233,7 +234,7 @@ class Ldap{
return false;
}
// save password und username encrypted
$this->encrypt($user, $passwd);
$this->encrypt_login($user, $passwd);
$this->server = @ldap_connect($this->conf->get_ServerURL());
if ($this->server) {
// use LDAPv3
@ -386,7 +387,7 @@ class Ldap{
// reconnects to LDAP server when deserialized
function __wakeup() {
$data = $this->decrypt();
$data = $this->decrypt_login();
$this->connect($data[0], $data[1]);
// change random number
mt_srand($this->rand + (microtime() * 1000000));
@ -415,32 +416,74 @@ class Ldap{
$this->rand = mt_rand();
}
// encrypts username and password
// $username: LDAP user name
// $password: LDAP password
function encrypt($username, $password) {
// encrypts a string
// $data: string to encrypt
// return: encrypted string
function encrypt($data) {
// use MCrypt if available
if (function_exists(mcrypt_create_iv)) {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// encrypt string
return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
}
// use Blowfish if MCrypt is not available
else {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$b_key = $iv . $key;
// encrypt string
$b_fish = new Cipher_blowfish();
return $b_fish->encrypt($data, $b_key);
}
}
// decrypts a string
// $data: string to decrypt
// return: decrypted string
function decrypt($data) {
// use MCrypt if available
if (function_exists(mcrypt_create_iv)) {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// decrypt string
$ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
$ret = str_replace(chr(00), "", $ret);
return $ret;
}
// use Blowfish if MCrypt is not available
else {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$b_key = $iv . $key;
// decrypt string
$b_fish = new Cipher_blowfish();
return $b_fish->decrypt($data, $b_key);
}
}
// encrypts username and password
// $username: LDAP user name
// $password: LDAP password
function encrypt_login($username, $password) {
// encrypt username and password
$this->username = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $username, MCRYPT_MODE_ECB, $iv));
$this->password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password, MCRYPT_MODE_ECB, $iv));
$this->username = base64_encode($this->encrypt($username));
$this->password = base64_encode($this->encrypt($password));
}
// decrypts username and password
// returns an array
// return[0]: user name
// return[1]: password
function decrypt() {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
function decrypt_login() {
// decrypt username and password
$username = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->username), MCRYPT_MODE_ECB, $iv);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->password), MCRYPT_MODE_ECB, $iv);
$username = $this->decrypt(base64_decode($this->username));
$password = $this->decrypt(base64_decode($this->password));
$ret = array($username, $password);
$ret[0] = str_replace(chr(00), "", $ret[0]);
$ret[1] = str_replace(chr(00), "", $ret[1]);
return $ret;
}

View File

@ -119,9 +119,7 @@ class posixAccount {
if (is_string($newpassword)) {
// Write new password
if ($newpassword!='') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
$this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
}
else $this->attributes['userPassword'][0] = '';
return 0;
@ -129,10 +127,7 @@ class posixAccount {
else {
if ($this->attributes['userPassword'][0]!='') {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
$password = $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0]));
return $password;
}
else return '';

View File

@ -108,9 +108,7 @@ class posixGroup {
if (is_string($newpassword)) {
// Write new password
if ($newpassword!='') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$this->attributes['userPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
$this->attributes['userPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
}
else $this->attributes['userPassword'][0] = '';
return 0;
@ -118,10 +116,7 @@ class posixGroup {
else {
if ($this->attributes['userPassword'][0]!='') {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
$password = $_SESSION['ldap']->decrypt(base64_decode($this->attributes['userPassword'][0]));
return $password;
}
else return '';

View File

@ -109,19 +109,14 @@ class sambaAccount {
function lmPassword($newpassword=false) {
if (is_string($newpassword)) {
// Write new password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$this->attributes['lmPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
$this->attributes['lmPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0;
}
else {
if ($this->useunixpwd) return $_SESSION[$this->base]->module['posixAccount']->userPassword();
if ($this->attributes['lmPassword'][0]!='') {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['lmPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
$password = $_SESSION['ldap']->decrypt(base64_decode($this->attributes['lmPassword'][0]));
return $password;
}
else return '';

View File

@ -109,19 +109,14 @@ class sambaSamAccount {
function sambaLMPassword($newpassword=false) {
if (is_string($newpassword)) {
// Write new password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$this->attributes['sambaLMPassword'][0] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
$this->attributes['sambaLMPassword'][0] = base64_encode($_SESSION['ldap']->encrypt($newpassword));
return 0;
}
else {
if ($this->useunixpwd) return $_SESSION[$this->base]->module['posixAccount']->userPassword();
if ($this->attributes['sambaLMPassword'][0]!='') {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['sambaLMPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
$password = $_SESSION['ldap']->decrypt(base64_decode($this->attributes['sambaLMPassword'][0]));
return $password;
}
else return '';

View File

@ -41,8 +41,6 @@ function createUserPDF($accounts) {
$pdfFile->setCreator("LDAP Account Manager (pdf.inc)");
// Loop for every sumbitted account and print its values on a extra page
foreach ($accounts as $account) {
$iv = base64_decode($_COOKIE['IV']);
$key = base64_decode($_COOKIE['Key']);
$pdfFile->addPage();
// Load string with additional information from session
$info_string = $_SESSION['config']->pdftext;
@ -141,8 +139,7 @@ function createUserPDF($accounts) {
elseif($account->unix_password == "") {
}
else {
$account->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account->unix_password), MCRYPT_MODE_ECB, $iv);
$account->unix_password = str_replace(chr(00), '', $account->unix_password);
$account->unix_password = $_SESSION['ldap']->decrypt(base64_decode($account->unix_password));
$pdfFile->setFont("times","B",10);
$pdfFile->Cell(50,5,_("Unix password") . ":",0,0,"R",0);
$pdfFile->setFont("times","",10);
@ -199,8 +196,7 @@ function createUserPDF($accounts) {
elseif($account->smb_password == "") {
}
else {
$account->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account->smb_password), MCRYPT_MODE_ECB, $iv);
$account->smb_password = str_replace(chr(00), '', $account->smb_password);
$account->smb_password = $_SESSION['ldap']->decrypt(base64_decode($account->smb_password));
$pdfFile->setFont("times","B",10);
$pdfFile->Cell(50,5,_("Windows password") . ":",0,0,"R",0);
$pdfFile->setFont("times","",10);

View File

@ -122,9 +122,9 @@ confwiz/*.php
- confwiz_config: Config-Objekt mit Optionen
- confwiz_ldap: LDAP-Objekt
- conwiz_masterpwd: Hauptpasswort für Einstellungen, zur Überprüfung des Admins
- confwiz_domainsid: Domänen-SID der erstellten/zuerst gefundenen Domäne
- confwiz_missing_groups: Array mit fehlenden Standard-Samba-Gruppen
- confwiz_optional: Array mit optionalen Seiten, die angezeigt werden sollen

View File

@ -311,13 +311,11 @@ switch ($_POST['select']) {
// Write all general values into $account_new
if (isset($_POST['f_unix_password'])) {
// Encraypt password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($_POST['f_unix_password'] != $_POST['f_unix_password2']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
unset ($_POST['f_unix_password2']);
}
else $account_new->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $_POST['f_unix_password'], MCRYPT_MODE_ECB, $iv));
else $account_new->unix_password = base64_encode($_SESSION['ldap']->encrypt($_POST['f_unix_password']));
}
else $account_new->unix_password = '';
if ($_POST['f_unix_password_no']) $account_new->unix_password_no = true;
@ -333,9 +331,7 @@ switch ($_POST['select']) {
else $account_new->unix_deactivated = false;
if ($_POST['genpass']) {
// Generate a random password if generate-button was pressed
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$account_new->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, genpasswd(), MCRYPT_MODE_ECB, $iv));
$account_new->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
unset ($_POST['f_unix_password2']);
// Keep unix-page acitve
$select_local = 'unix';
@ -343,10 +339,7 @@ switch ($_POST['select']) {
// Check if values are OK and set automatic values. if not error-variable will be set
else { // account.inc
if ($account_new->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
$password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
}
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
@ -412,8 +405,6 @@ switch ($_POST['select']) {
break;
}
}
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// Set Samba password
if (isset($_POST['f_smb_password']) && !$account_new->smb_useunixpwd) {
// Encraypt password
@ -421,14 +412,13 @@ switch ($_POST['select']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
unset ($_POST['f_smb_password2']);
}
else $account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $_POST['f_smb_password'], MCRYPT_MODE_ECB, $iv));
else $account_new->smb_password = base64_encode($_SESSION['ldap']->encrypt($_POST['f_smb_password']));
}
else $account_new->smb_password = '';
if ( (($account_new->smb_useunixpwd && !$account_old) || ($account_new->smb_useunixpwd && $account_new->unix_password!='')) && isset($account_new->unix_password) ) {
// Set Samba-Password to unix-password if option is set
$unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$smb_password = str_replace(chr(00), '', $unix_password);
$account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $smb_password, MCRYPT_MODE_ECB, $iv));
$unix_password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
$account_new->smb_password = base64_encode($_SESSION['ldap']->encrypt($smb_password));
}
// Check values
$account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath);
@ -1034,10 +1024,7 @@ switch ($select_local) {
// Unix Password Settings
// decrypt password
if ($account_new->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
$password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
}
else $password='';
// Use dd-mm-yyyy format of date because it's easier to read for humans
@ -1145,10 +1132,7 @@ switch ($select_local) {
// Samba Settings
// decrypt password
if ($account_new->smb_password != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->smb_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
$password = $_SESSION['ldap']->decrypt(base64_decode($account_new->smb_password));
}
else $password = "";
if ($config_intern->is_samba3()) $samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix());

View File

@ -47,6 +47,14 @@ function display_LoginPage($config_object,$profile)
$iv = mcrypt_create_iv(32, MCRYPT_RAND);
}
}
// use Blowfish if MCrypt is not available
else {
// generate iv and key for encryption
$key = "";
$iv = "";
while (strlen($key) < 30) $key .= mt_rand();
while (strlen($iv) < 30) $iv .= mt_rand();
}
// save both in cookie
setcookie("Key", base64_encode($key), 0, "/");
@ -113,16 +121,8 @@ function display_LoginPage($config_object,$profile)
</table>
<hr><br><br>
<?php
if(! function_exists('mcrypt_create_iv')) {
StatusMessage("ERROR", "Your PHP does not support MCrypt, you will not be able to log in! Please install the required package.","See http://lam.sf.net/documentation/faq.html#2 for Suse/RedHat");
?>
</body>
</html>
<?php
exit;
}
if(! function_exists('mHash')) {
StatusMessage("WARN", "Your PHP does not support MHash, you will only be able to use CRYPT/PLAIN for user passwords! Please install the required package.","See http://lam.sf.net/documentation/faq.html#2 for Suse/RedHat");
if ((! function_exists('mHash')) && (! function_exists('sha1'))) {
StatusMessage("INFO", "Your PHP does not support MHash or sha1(), you will only be able to use CRYPT/PLAIN/MD5/SMD5 for user passwords!", "Please install MHash or update to PHP >4.3.");
}
?>
<p align="center">

View File

@ -161,8 +161,6 @@ switch ($select) {
echo _('Creating users. Please stand by ....');
echo "</b></legend>\n<table border=0 width=\"100%\">\n";
// Keys needed to encrypt passwords from session
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$stay=true;
// Stay in loop as long there are still users to create and no error did ocour
while (($_SESSION['pointer'] < sizeof($_SESSION['accounts'])) && $stay) {
@ -227,8 +225,7 @@ switch ($select) {
$_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath);
$_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$user', $_SESSION['accounts'][$_SESSION['pointer']]->general_username, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome);
$_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome);
$_SESSION['accounts'][$_SESSION['pointer']]->unix_password = base64_encode(mcrypt_encrypt(
MCRYPT_RIJNDAEL_256, $key, genpasswd(), MCRYPT_MODE_ECB, $iv));
$_SESSION['accounts'][$_SESSION['pointer']]->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
$_SESSION['accounts'][$_SESSION['pointer']]->smb_password = $_SESSION['accounts'][$_SESSION['pointer']]->unix_password;
// Only create user if we have at least 5sec time to create the user
if ( (time()-$time)<(get_cfg_var('max_execution_time')-10)) {
@ -474,8 +471,6 @@ function loadfile() {
$profile->quota = array_values($profile->quota);
}
// Get keys to en/decrypt passwords
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
for ($row=0; $line_array=fgetcsv($handle,2048); $row++) {
// loops for every row
// Set corrent user to profile
@ -508,8 +503,7 @@ function loadfile() {
// Set DN without uid=$username
else $_SESSION['accounts'][$row]->general_dn = $_POST['f_general_suffix'];
// Create Random Password
$_SESSION['accounts'][$row]->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,
$key, genpasswd(), MCRYPT_MODE_ECB, $iv));
$_SESSION['accounts'][$row]->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
$_SESSION['accounts'][$row]->smb_password=$_SESSION['accounts'][$row]->unix_password;
}
}