support SASL as password hash
This commit is contained in:
Roland Gruber
parent
8ab35a11de
commit
b57015ff3f
|
|
@ -188,9 +188,9 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
|||
function getSupportedHashTypes() {
|
||||
if (version_compare(phpversion(), '5.3.2') < 0) {
|
||||
// CRYPT-SHA512 requires PHP 5.3.2 or higher
|
||||
return array('CRYPT', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN');
|
||||
return array('CRYPT', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN', 'SASL');
|
||||
}
|
||||
return array('CRYPT', 'CRYPT-SHA512', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN');
|
||||
return array('CRYPT', 'CRYPT-SHA512', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN', 'SASL');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -271,6 +271,10 @@ function pwd_is_lockable($password) {
|
|||
if (($password == null) || (strlen($password) < 5)) {
|
||||
return false;
|
||||
}
|
||||
// SASL is not lockable
|
||||
if (strpos($password, '{SASL}') === 0) {
|
||||
return false;
|
||||
}
|
||||
return ((substr($password, 0, 1) == "{") || (substr($password, 1, 1) == "{")) && (strpos($password, "}") > 3);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1163,6 +1163,12 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
if (isset($_POST['removePassword'])) {
|
||||
unset($this->attributes['userPassword']);
|
||||
}
|
||||
// set SASL password for new and renamed users
|
||||
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')
|
||||
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
||||
$this->attributes['userPassword'][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -2387,15 +2393,22 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
}
|
||||
}
|
||||
// password
|
||||
if (($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") && (get_preg($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], 'password'))) {
|
||||
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccounts[$i][$ids['inetOrgPerson_userPassword']]; // for custom scripts etc.
|
||||
// set SASL password
|
||||
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||
$partialAccounts[$i]['userPassword'] = '{SASL}' . $partialAccounts[$i]['uid'];
|
||||
}
|
||||
elseif ($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") {
|
||||
$errMsg = $this->messages['userPassword'][0];
|
||||
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
||||
array_push($errMsg, array($i));
|
||||
$errors[] = $errMsg;
|
||||
// set normal password
|
||||
else {
|
||||
if (($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") && (get_preg($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], 'password'))) {
|
||||
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccounts[$i][$ids['inetOrgPerson_userPassword']]; // for custom scripts etc.
|
||||
}
|
||||
elseif ($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") {
|
||||
$errMsg = $this->messages['userPassword'][0];
|
||||
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
||||
array_push($errMsg, array($i));
|
||||
$errors[] = $errMsg;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -3513,7 +3526,15 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
}
|
||||
// set new password
|
||||
$this->clearTextPassword = $password;
|
||||
$this->attributes['userPassword'][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
// set SASL password
|
||||
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||
$this->attributes['userPassword'][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||
}
|
||||
// set normal password
|
||||
else {
|
||||
$this->attributes['userPassword'][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
}
|
||||
return array();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -666,11 +666,12 @@ class posixAccount extends baseModule implements passwordService {
|
|||
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
|
||||
*/
|
||||
function save_attributes() {
|
||||
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
|
||||
if (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass'])) {
|
||||
// skip saving if the extension was not added/modified
|
||||
return array();
|
||||
}
|
||||
// get default changes
|
||||
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
|
||||
// add information about clear text password and password status change
|
||||
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
|
||||
$pwdAttrName = $this->getPasswordAttrName();
|
||||
|
|
@ -1226,6 +1227,14 @@ class posixAccount extends baseModule implements passwordService {
|
|||
}
|
||||
}
|
||||
}
|
||||
if ($this->get_scope() == 'user') {
|
||||
// set SASL password for new and renamed users
|
||||
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')
|
||||
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
||||
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||
}
|
||||
}
|
||||
// Return error-messages
|
||||
return $errors;
|
||||
}
|
||||
|
|
@ -2146,15 +2155,22 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$errors[] = $errMsg;
|
||||
}
|
||||
// password
|
||||
if (($rawAccount[$ids['posixAccount_password']] != "") && (get_preg($rawAccount[$ids['posixAccount_password']], 'password'))) {
|
||||
$partialAccounts[$i][$pwdAttrName] = pwd_hash($rawAccount[$ids['posixAccount_password']], $pwd_enabled, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccount[$ids['posixAccount_password']]; // for custom scripts etc.
|
||||
// set SASL passwords
|
||||
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||
$partialAccounts[$i][$pwdAttrName] = '{SASL}' . $partialAccounts[$i]['uid'];
|
||||
}
|
||||
elseif ($rawAccount[$ids['posixAccount_password']] != "") {
|
||||
$errMsg = $this->messages['userPassword'][4];
|
||||
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
||||
array_push($errMsg, array($i));
|
||||
$errors[] = $errMsg;
|
||||
// set normal password
|
||||
else {
|
||||
if (($rawAccount[$ids['posixAccount_password']] != "") && (get_preg($rawAccount[$ids['posixAccount_password']], 'password'))) {
|
||||
$partialAccounts[$i][$pwdAttrName] = pwd_hash($rawAccount[$ids['posixAccount_password']], $pwd_enabled, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccount[$ids['posixAccount_password']]; // for custom scripts etc.
|
||||
}
|
||||
elseif ($rawAccount[$ids['posixAccount_password']] != "") {
|
||||
$errMsg = $this->messages['userPassword'][4];
|
||||
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
||||
array_push($errMsg, array($i));
|
||||
$errors[] = $errMsg;
|
||||
}
|
||||
}
|
||||
// cn
|
||||
if ($this->manageCn()) {
|
||||
|
|
@ -2705,7 +2721,15 @@ class posixAccount extends baseModule implements passwordService {
|
|||
}
|
||||
// set new password
|
||||
$this->clearTextPassword = $password;
|
||||
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
// set SASL password
|
||||
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||
}
|
||||
// set normal password
|
||||
else {
|
||||
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||
}
|
||||
return array();
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue