hashed password
This commit is contained in:
parent
6260184600
commit
b23002ad67
|
@ -1,3 +1,9 @@
|
|||
??? 2.2.0
|
||||
- allow to switch sorting in the account lists
|
||||
- use suffix from account list as default for new accounts (patch 1823583)
|
||||
- Security: passwords in configuration files are now saved as hash values
|
||||
|
||||
|
||||
07.11.2007 2.1.0
|
||||
- tabular design for account pages
|
||||
- show DN on account pages
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# password to add/delete/rename configuration profiles
|
||||
password: lam
|
||||
# password to add/delete/rename configuration profiles (default: lam)
|
||||
password: {SSHA}D6AaX93kPmck9wAxNlq3GF93S7A= R7gkjQ==
|
||||
|
||||
# default profile, without ".conf"
|
||||
default: lam
|
||||
|
|
|
@ -8,8 +8,8 @@ serverURL: ldap://localhost:389
|
|||
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
||||
admins: cn=Manager,dc=my-domain,dc=com
|
||||
|
||||
# password to change these preferences via webfrontend
|
||||
passwd: lam
|
||||
# password to change these preferences via webfrontend (default: lam)
|
||||
passwd: {SSHA}RjBruJcTxZEdcBjPQdRBkDaSQeY= iueleA==
|
||||
|
||||
# suffix of tree view
|
||||
# e.g. dc=yourdomain,dc=org
|
||||
|
|
|
@ -467,12 +467,23 @@ class LAMConfig {
|
|||
}
|
||||
|
||||
/**
|
||||
* Returns the password to access the preferences wizard
|
||||
* Checks if the given password matches.
|
||||
*
|
||||
* @return string the password
|
||||
* @param String $password
|
||||
* @return boolean true, if matches
|
||||
*/
|
||||
public function get_Passwd() {
|
||||
return $this->Passwd;
|
||||
public function check_Passwd($password) {
|
||||
if (substr($this->Passwd, 0, 6) == "{SSHA}") {
|
||||
// check hashed password
|
||||
$value = substr($this->Passwd, 6);
|
||||
$parts = explode(" ", $value);
|
||||
$salt = base64_decode($parts[1]);
|
||||
return ($this->hashPassword($password, $salt) === $this->Passwd);
|
||||
}
|
||||
else {
|
||||
// old nonhashed password
|
||||
return ($password === $this->Passwd);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -482,10 +493,29 @@ class LAMConfig {
|
|||
* @return boolean true if $value has correct format
|
||||
*/
|
||||
public function set_Passwd($value) {
|
||||
if (is_string($value)) $this->Passwd = $value;
|
||||
else return false;
|
||||
if (is_string($value)) {
|
||||
mt_srand((microtime() * 1000000));
|
||||
$rand = mt_rand();
|
||||
$salt0 = substr(pack("h*", md5($rand)), 0, 8);
|
||||
$salt = substr(pack("H*", sha1($salt0 . $value)), 0, 4);
|
||||
$this->Passwd = $this->hashPassword($value, $salt);
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the hashed password.
|
||||
*
|
||||
* @param String $password password
|
||||
* @param String $salt salt
|
||||
* @return String hash value
|
||||
*/
|
||||
private function hashPassword($password, $salt) {
|
||||
return "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt))) . " " . base64_encode($salt);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the LDAP suffix for the given account type
|
||||
|
|
|
@ -45,11 +45,10 @@ setlanguage();
|
|||
|
||||
// get password
|
||||
if (isset($_POST['passwd'])) $passwd = $_POST['passwd'];
|
||||
if (isset($_GET["modulesback"]) || isset($_GET["typesback"])) $passwd = $_SESSION['conf_config']->get_Passwd();
|
||||
|
||||
// check if password was entered
|
||||
// if not: load login page
|
||||
if (! $passwd) {
|
||||
if (!$passwd && !isset($_SESSION['conf_isAuthenticated'])) {
|
||||
$_SESSION['conf_message'] = _("No password was entered!");
|
||||
/** go back to login if password is empty */
|
||||
require('conflogin.php');
|
||||
|
@ -63,7 +62,7 @@ $conf = &$_SESSION['conf_config'];
|
|||
|
||||
// check if password is valid
|
||||
// if not: load login page
|
||||
if (!(($conf->get_Passwd()) == $passwd)) {
|
||||
if (!$conf->check_Passwd($passwd) && !($_SESSION['conf_isAuthenticated'] === $conf->file)) {
|
||||
$sessionKeys = array_keys($_SESSION);
|
||||
for ($i = 0; $i < sizeof($sessionKeys); $i++) {
|
||||
if (substr($sessionKeys[$i], 0, 5) == "conf_") unset($_SESSION[$sessionKeys[$i]]);
|
||||
|
@ -73,6 +72,7 @@ if (!(($conf->get_Passwd()) == $passwd)) {
|
|||
require('conflogin.php');
|
||||
exit;
|
||||
}
|
||||
$_SESSION['conf_isAuthenticated'] = $conf->file;
|
||||
|
||||
// check if button was pressed and if we have to save the setting or go back to login
|
||||
if (isset($_POST['back']) || isset($_POST['submitconf']) || isset($_POST['editmodules']) || isset($_POST['edittypes'])){
|
||||
|
|
|
@ -79,7 +79,7 @@ if ($_POST['submit']) {
|
|||
if ($file) {
|
||||
// load as config and write new password
|
||||
$conf = new LAMConfig($_POST['addprofile']);
|
||||
$conf->Passwd = $_POST['addpassword'];
|
||||
$conf->set_Passwd($_POST['addpassword']);
|
||||
$conf->save();
|
||||
$msg = _("Created new profile.");
|
||||
}
|
||||
|
|
|
@ -39,7 +39,6 @@ echo ("<br><br><big><b> Starting Test...</b></big><br><br>");
|
|||
echo ("Loading preferences...");
|
||||
$ServerURL = $conf->get_ServerURL();
|
||||
$cachetimeout = $conf->get_cacheTimeout();
|
||||
$Passwd = $conf->get_Passwd();
|
||||
$Adminstring = $conf->get_Adminstring();
|
||||
$Suff_users = $conf->get_Suffix('user');
|
||||
$Suff_groups = $conf->get_Suffix('group');
|
||||
|
@ -81,7 +80,7 @@ echo ("Loading and comparing...");
|
|||
$conf2 = new LAMConfig('test');
|
||||
if ($conf2->get_ServerURL() != "ldap://123.345.678.123:777") echo ("<br><font color=\"#FF0000\">Saving ServerURL failed!</font><br>");
|
||||
if ($conf2->get_cacheTimeout() != "33") echo ("<br><font color=\"#FF0000\">Saving Cache timeout failed!</font><br>");
|
||||
if ($conf2->get_Passwd() != "123456abcde") echo ("<br><font color=\"#FF0000\">Saving password failed!</font><br>");
|
||||
if (!$conf2->check_Passwd("123456abcde")) echo ("<br><font color=\"#FF0000\">Saving password failed!</font><br>");
|
||||
if ($conf2->get_Adminstring() != "uid=test,o=test,dc=org;uid=root,o=test2,c=de") echo ("<br><font color=\"#FF0000\">Saving admin string failed!</font><br>");
|
||||
if ($conf2->get_Suffix('user') != "ou=test,o=test,c=de") echo ("<br><font color=\"#FF0000\">Saving user suffix failed!</font><br>");
|
||||
if ($conf2->get_Suffix('group') != "ou=testgrp,o=test,c=de") echo ("<br><font color=\"#FF0000\">Saving group suffix failed!</font><br>");
|
||||
|
@ -102,7 +101,7 @@ echo ("done<br>");
|
|||
echo ("Restoring old preferences...");
|
||||
$conf2->set_ServerURL($ServerURL);
|
||||
$conf2->set_cacheTimeout($cachetimeout);
|
||||
$conf2->set_Passwd($Passwd);
|
||||
$conf2->set_Passwd('lam');
|
||||
$conf2->set_Adminstring($Adminstring);
|
||||
$conf2->set_Suffix('user', $Suff_users);
|
||||
$conf2->set_Suffix('group', $Suff_groups);
|
||||
|
|
Loading…
Reference in New Issue