support SASL as password hash
This commit is contained in:
parent
8ab35a11de
commit
b57015ff3f
|
@ -188,9 +188,9 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
||||||
function getSupportedHashTypes() {
|
function getSupportedHashTypes() {
|
||||||
if (version_compare(phpversion(), '5.3.2') < 0) {
|
if (version_compare(phpversion(), '5.3.2') < 0) {
|
||||||
// CRYPT-SHA512 requires PHP 5.3.2 or higher
|
// CRYPT-SHA512 requires PHP 5.3.2 or higher
|
||||||
return array('CRYPT', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN');
|
return array('CRYPT', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN', 'SASL');
|
||||||
}
|
}
|
||||||
return array('CRYPT', 'CRYPT-SHA512', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN');
|
return array('CRYPT', 'CRYPT-SHA512', 'SHA', 'SSHA', 'MD5', 'SMD5', 'PLAIN', 'SASL');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -271,6 +271,10 @@ function pwd_is_lockable($password) {
|
||||||
if (($password == null) || (strlen($password) < 5)) {
|
if (($password == null) || (strlen($password) < 5)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
// SASL is not lockable
|
||||||
|
if (strpos($password, '{SASL}') === 0) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
return ((substr($password, 0, 1) == "{") || (substr($password, 1, 1) == "{")) && (strpos($password, "}") > 3);
|
return ((substr($password, 0, 1) == "{") || (substr($password, 1, 1) == "{")) && (strpos($password, "}") > 3);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1163,6 +1163,12 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
if (isset($_POST['removePassword'])) {
|
if (isset($_POST['removePassword'])) {
|
||||||
unset($this->attributes['userPassword']);
|
unset($this->attributes['userPassword']);
|
||||||
}
|
}
|
||||||
|
// set SASL password for new and renamed users
|
||||||
|
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||||
|
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')
|
||||||
|
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
||||||
|
$this->attributes['userPassword'][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2387,15 +2393,22 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// password
|
// password
|
||||||
if (($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") && (get_preg($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], 'password'))) {
|
// set SASL password
|
||||||
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||||
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccounts[$i][$ids['inetOrgPerson_userPassword']]; // for custom scripts etc.
|
$partialAccounts[$i]['userPassword'] = '{SASL}' . $partialAccounts[$i]['uid'];
|
||||||
}
|
}
|
||||||
elseif ($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") {
|
// set normal password
|
||||||
$errMsg = $this->messages['userPassword'][0];
|
else {
|
||||||
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
if (($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") && (get_preg($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], 'password'))) {
|
||||||
array_push($errMsg, array($i));
|
$partialAccounts[$i]['userPassword'] = pwd_hash($rawAccounts[$i][$ids['inetOrgPerson_userPassword']], true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
$errors[] = $errMsg;
|
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccounts[$i][$ids['inetOrgPerson_userPassword']]; // for custom scripts etc.
|
||||||
|
}
|
||||||
|
elseif ($rawAccounts[$i][$ids['inetOrgPerson_userPassword']] != "") {
|
||||||
|
$errMsg = $this->messages['userPassword'][0];
|
||||||
|
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
||||||
|
array_push($errMsg, array($i));
|
||||||
|
$errors[] = $errMsg;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3513,7 +3526,15 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
}
|
}
|
||||||
// set new password
|
// set new password
|
||||||
$this->clearTextPassword = $password;
|
$this->clearTextPassword = $password;
|
||||||
$this->attributes['userPassword'][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
// set SASL password
|
||||||
|
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||||
|
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||||
|
$this->attributes['userPassword'][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||||
|
}
|
||||||
|
// set normal password
|
||||||
|
else {
|
||||||
|
$this->attributes['userPassword'][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
|
}
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -666,11 +666,12 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
|
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
|
||||||
*/
|
*/
|
||||||
function save_attributes() {
|
function save_attributes() {
|
||||||
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
|
|
||||||
if (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass'])) {
|
if (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass'])) {
|
||||||
// skip saving if the extension was not added/modified
|
// skip saving if the extension was not added/modified
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
// get default changes
|
||||||
|
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
|
||||||
// add information about clear text password and password status change
|
// add information about clear text password and password status change
|
||||||
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
|
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
|
||||||
$pwdAttrName = $this->getPasswordAttrName();
|
$pwdAttrName = $this->getPasswordAttrName();
|
||||||
|
@ -1226,6 +1227,14 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if ($this->get_scope() == 'user') {
|
||||||
|
// set SASL password for new and renamed users
|
||||||
|
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||||
|
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')
|
||||||
|
&& ($this->getAccountContainer()->isNewAccount || ($this->attributes['uid'][0] != $this->orig['uid'][0]))) {
|
||||||
|
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||||
|
}
|
||||||
|
}
|
||||||
// Return error-messages
|
// Return error-messages
|
||||||
return $errors;
|
return $errors;
|
||||||
}
|
}
|
||||||
|
@ -2146,15 +2155,22 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
$errors[] = $errMsg;
|
$errors[] = $errMsg;
|
||||||
}
|
}
|
||||||
// password
|
// password
|
||||||
if (($rawAccount[$ids['posixAccount_password']] != "") && (get_preg($rawAccount[$ids['posixAccount_password']], 'password'))) {
|
// set SASL passwords
|
||||||
$partialAccounts[$i][$pwdAttrName] = pwd_hash($rawAccount[$ids['posixAccount_password']], $pwd_enabled, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
if (!empty($this->moduleSettings['posixAccount_pwdHash'][0]) && ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||||
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccount[$ids['posixAccount_password']]; // for custom scripts etc.
|
$partialAccounts[$i][$pwdAttrName] = '{SASL}' . $partialAccounts[$i]['uid'];
|
||||||
}
|
}
|
||||||
elseif ($rawAccount[$ids['posixAccount_password']] != "") {
|
// set normal password
|
||||||
$errMsg = $this->messages['userPassword'][4];
|
else {
|
||||||
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
if (($rawAccount[$ids['posixAccount_password']] != "") && (get_preg($rawAccount[$ids['posixAccount_password']], 'password'))) {
|
||||||
array_push($errMsg, array($i));
|
$partialAccounts[$i][$pwdAttrName] = pwd_hash($rawAccount[$ids['posixAccount_password']], $pwd_enabled, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
$errors[] = $errMsg;
|
$partialAccounts[$i]['INFO.userPasswordClearText'] = $rawAccount[$ids['posixAccount_password']]; // for custom scripts etc.
|
||||||
|
}
|
||||||
|
elseif ($rawAccount[$ids['posixAccount_password']] != "") {
|
||||||
|
$errMsg = $this->messages['userPassword'][4];
|
||||||
|
$errMsg[2] = str_replace('%', '%%', $errMsg[2]); // double "%" because of later sprintf
|
||||||
|
array_push($errMsg, array($i));
|
||||||
|
$errors[] = $errMsg;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// cn
|
// cn
|
||||||
if ($this->manageCn()) {
|
if ($this->manageCn()) {
|
||||||
|
@ -2705,7 +2721,15 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
}
|
}
|
||||||
// set new password
|
// set new password
|
||||||
$this->clearTextPassword = $password;
|
$this->clearTextPassword = $password;
|
||||||
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
// set SASL password
|
||||||
|
if (!empty($this->attributes['uid'][0]) && !empty($this->moduleSettings['posixAccount_pwdHash'][0])
|
||||||
|
&& ($this->moduleSettings['posixAccount_pwdHash'][0] === 'SASL')) {
|
||||||
|
$this->attributes[$this->getPasswordAttrName()][0] = '{SASL}' . $this->attributes['uid'][0];
|
||||||
|
}
|
||||||
|
// set normal password
|
||||||
|
else {
|
||||||
|
$this->attributes[$this->getPasswordAttrName()][0] = pwd_hash($password, true, $this->moduleSettings['posixAccount_pwdHash'][0]);
|
||||||
|
}
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue