added support for different encryption types

2003-10-05 10:38:31 +00:00 · 2003-10-05 10:38:31 +00:00 · bba0d4b01b
parent e75a2edc87
commit bba0d4b01b
1 changed files with 37 additions and 54 deletions
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@ -534,14 +534,10 @@ function loaduser($dn) { // Will load all needed values from an existing account
 	if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]);
 	if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]);
 	if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]);
 	// New password code. should work with every kind of encryption ({CRYPT}, {SHA}
 	if ( ereg('^[{]([A-Z]|[a-z]|[0-9])+[}][!]', $attr['userPassword'][0])) $return->unix_deactivated=true;
 	// next line is old code
 	//if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true;
 	if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0];
 	if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
 	if (in_array('sambaSamAccount', $attr['objectClass'])) {
@ -828,8 +824,8 @@ function createuser($values) { // Will create the LDAP-Account
 	if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType);
 	// posixAccount_may shadowAccount_may
 	if ($values->unix_password_no) $values->unix_password = '';
-	if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
+	if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
-	    else $attr['userPassword'] = '{CRYPT}'. crypt($values->unix_password);
+	    else $attr['userPassword'] = pwd_hash($values->unix_password, false);
 	$attr['shadowLastChange'] = getdays(); // shadowAccount_may
 	$attr['loginShell'] = $values->general_shell; // posixAccount_may
 	$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
@ -938,50 +934,30 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
 	if ($values->general_homedir != $values_old->general_homedir)
 		$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
 	// posixAccount_may shadowAccount_may
-	// new password code
+
-	// Why doesn't ldap encrypt the password if now {???} is given?
+	// Set new password
 	// change password if new password is used or account es (un)locked
 	/*
 	if ($values->unix_password=='') {
-		// check if account has been (un)locked
+		if ($values->unix_deactivated != $values_old->unix_deactivated) {
-		if ($values->unix_deactivated && !$values_old->unix_deactivated) {
+			$i = 0;
-			// Put ! between {??} andPassword Hash
+			while ($values_old->unix_password{$i} != '}') $i++;
-			for ($i=0; $i<strlen($values_old->unix_password); $i++)
+			$passwd = substr($values_old->unix_password, $i+1 );
-				if ($values_old->unix_password{$i} == '}') $char = $i;
+			$crypt = substr($values_old->unix_password, 0, $i+1 );
-			//$attr['userPassword'] = substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1);
+			if ($passwd{0} == '!') $passwd = substr($passwd, 1);
-			echo $values_old->unix_password."---";
+			if ($values->unix_deactivated) $attr['userPassword'] = $crypt.'!'.$passwd;
-			echo substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1);
+				else $attr['userPassword'] = $crypt.$passwd;
 			}
-		if (!$values->unix_deactivated && $values_old->unix_deactivated) {
+		if ($values->unix_password_no) {
-			// Remov ! between {??} andPassword Hash
+			if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash('', false);
-			for ($i=0; $i<strlen($values_old->unix_password); $i++)
+				else $attr['userPassword'] = pwd_hash('');
-				if ($values_old->unix_password{$i} == '}') $char = $i;
+			$attr['shadowLastChange'] = getdays(); // shadowAccount_may
 			$attr['userPassword'] = substr($values_old->unix_password,0,$char). substr($values_old->unix_password,$char+2,-1);
 			}
 		}
 	else {
-		// Create new password
+		if ($values->unix_password_no) $values->unix_password = '';
 		if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
 		else $attr['userPassword'] = pwd_hash($values->unix_password);
 		$attr['shadowLastChange'] = getdays(); // shadowAccount_may
-		if ($values->unix_deactivated) $attr['userPassword'] = '!'. $values->unix_password;
+		}
 		else $attr['userPassword'] = $values->unix_password;
 	} */
 	// old password code
 	$password_old = str_replace('{CRYPT}', '',$values_old->unix_password);
 	if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
       if ($values->unix_password=='') {
                if ($values->unix_password_no) {
                        $password_old = '';
                        $attr['shadowLastChange'] = getdays(); // shadowAccount_may
                        }
                if ($values->unix_deactivated && !$values_old->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . $password_old;
                if (!$values->unix_deactivated && $values_old->unix_deactivated) $attr['userPassword'] = '{CRYPT}' . $password_old;
                }
         else {
                if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
                else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
                $attr['shadowLastChange'] = getdays(); // shadowAccount_may
                }
 	if ($_SESSION['config']->is_samba3()) {
 		if ($values->smb_password_no) {
@ -1357,8 +1333,8 @@ function createhost($values) { // Will create the LDAP-Account
 	$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
 	$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
-	if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . crypt('');
+	if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
-	else $attr['userPassword'] = '{CRYPT}' . crypt('');
+	else $attr['userPassword'] = pwd_hash('');
 	$attr['shadowLastChange'] = getdays(); // shadowAccount_may
 	$attr['loginShell'] = $values->general_shell; // posixAccount_may
@ -1407,15 +1383,22 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
 			}
 		}
-	// Lock unix password if Account should be disbaled
+
-	$password_old = str_replace('{CRYPT}', '',$values_old->unix_password);
+
-	if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
+	if ($values->smb_flagsD != $values_old->smb_flagsD) {
-	if ($values->smb_password_no) {
+		$i = 0;
-		$password_old = '';
+		while ($values_old->unix_password{$i} != '}') $i++;
-		$attr['shadowLastChange'] = getdays();
+		$passwd = substr($values_old->unix_password, $i+1 );
 		$crypt = substr($values_old->unix_password, 0, $i+1 );
 		if ($passwd{0} == '!') $passwd = substr($passwd, 1);
 		if ($values->smb_flagsD ) $attr['userPassword'] = $crypt.'!'.$passwd;
 			else $attr['userPassword'] = $crypt.$passwd;
 		}
 	if ($values->smb_password_no) {
 		if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
 			else $attr['userPassword'] = pwd_hash('');
 		$attr['shadowLastChange'] = getdays(); // shadowAccount_may
 		}
 	if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . $password_old;
 		else $attr['userPassword'] = '{CRYPT}' . $password_old;
 	// Add missing objectclasses to group
 	if (!in_array('posixAccount', $values->general_objectClass)) {