added support for different encryption types

This commit is contained in:
katagia 2003-10-05 10:38:31 +00:00
parent e75a2edc87
commit bba0d4b01b
1 changed files with 37 additions and 54 deletions

View File

@ -534,14 +534,10 @@ function loaduser($dn) { // Will load all needed values from an existing account
if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]); if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]);
if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]); if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]);
if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]); if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]);
// New password code. should work with every kind of encryption ({CRYPT}, {SHA}
if ( ereg('^[{]([A-Z]|[a-z]|[0-9])+[}][!]', $attr['userPassword'][0])) $return->unix_deactivated=true; if ( ereg('^[{]([A-Z]|[a-z]|[0-9])+[}][!]', $attr['userPassword'][0])) $return->unix_deactivated=true;
// next line is old code
//if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true;
if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0]; if (isset($attr['userPassword'][0])) $return->unix_password = $attr['userPassword'][0];
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]); if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
if (in_array('sambaSamAccount', $attr['objectClass'])) { if (in_array('sambaSamAccount', $attr['objectClass'])) {
@ -828,8 +824,8 @@ function createuser($values) { // Will create the LDAP-Account
if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType); if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType);
// posixAccount_may shadowAccount_may // posixAccount_may shadowAccount_may
if ($values->unix_password_no) $values->unix_password = ''; if ($values->unix_password_no) $values->unix_password = '';
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password); if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
else $attr['userPassword'] = '{CRYPT}'. crypt($values->unix_password); else $attr['userPassword'] = pwd_hash($values->unix_password, false);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may $attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['loginShell'] = $values->general_shell; // posixAccount_may $attr['loginShell'] = $values->general_shell; // posixAccount_may
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may $attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
@ -938,50 +934,30 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
if ($values->general_homedir != $values_old->general_homedir) if ($values->general_homedir != $values_old->general_homedir)
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req $attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
// posixAccount_may shadowAccount_may // posixAccount_may shadowAccount_may
// new password code
// Why doesn't ldap encrypt the password if now {???} is given? // Set new password
// change password if new password is used or account es (un)locked
/*
if ($values->unix_password=='') { if ($values->unix_password=='') {
// check if account has been (un)locked if ($values->unix_deactivated != $values_old->unix_deactivated) {
if ($values->unix_deactivated && !$values_old->unix_deactivated) { $i = 0;
// Put ! between {??} andPassword Hash while ($values_old->unix_password{$i} != '}') $i++;
for ($i=0; $i<strlen($values_old->unix_password); $i++) $passwd = substr($values_old->unix_password, $i+1 );
if ($values_old->unix_password{$i} == '}') $char = $i; $crypt = substr($values_old->unix_password, 0, $i+1 );
//$attr['userPassword'] = substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1); if ($passwd{0} == '!') $passwd = substr($passwd, 1);
echo $values_old->unix_password."---"; if ($values->unix_deactivated) $attr['userPassword'] = $crypt.'!'.$passwd;
echo substr($values_old->unix_password,0,$char). "!". substr($values_old->unix_password,$char+1,-1); else $attr['userPassword'] = $crypt.$passwd;
} }
if (!$values->unix_deactivated && $values_old->unix_deactivated) { if ($values->unix_password_no) {
// Remov ! between {??} andPassword Hash if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash('', false);
for ($i=0; $i<strlen($values_old->unix_password); $i++) else $attr['userPassword'] = pwd_hash('');
if ($values_old->unix_password{$i} == '}') $char = $i; $attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['userPassword'] = substr($values_old->unix_password,0,$char). substr($values_old->unix_password,$char+2,-1);
} }
} }
else { else {
// Create new password if ($values->unix_password_no) $values->unix_password = '';
if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
else $attr['userPassword'] = pwd_hash($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may $attr['shadowLastChange'] = getdays(); // shadowAccount_may
if ($values->unix_deactivated) $attr['userPassword'] = '!'. $values->unix_password; }
else $attr['userPassword'] = $values->unix_password;
} */
// old password code
$password_old = str_replace('{CRYPT}', '',$values_old->unix_password);
if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
if ($values->unix_password=='') {
if ($values->unix_password_no) {
$password_old = '';
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
}
if ($values->unix_deactivated && !$values_old->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . $password_old;
if (!$values->unix_deactivated && $values_old->unix_deactivated) $attr['userPassword'] = '{CRYPT}' . $password_old;
}
else {
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
}
if ($_SESSION['config']->is_samba3()) { if ($_SESSION['config']->is_samba3()) {
if ($values->smb_password_no) { if ($values->smb_password_no) {
@ -1357,8 +1333,8 @@ function createhost($values) { // Will create the LDAP-Account
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req $attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req $attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . crypt(''); if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
else $attr['userPassword'] = '{CRYPT}' . crypt(''); else $attr['userPassword'] = pwd_hash('');
$attr['shadowLastChange'] = getdays(); // shadowAccount_may $attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['loginShell'] = $values->general_shell; // posixAccount_may $attr['loginShell'] = $values->general_shell; // posixAccount_may
@ -1407,15 +1383,22 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
} }
} }
// Lock unix password if Account should be disbaled
$password_old = str_replace('{CRYPT}', '',$values_old->unix_password);
if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old)); if ($values->smb_flagsD != $values_old->smb_flagsD) {
if ($values->smb_password_no) { $i = 0;
$password_old = ''; while ($values_old->unix_password{$i} != '}') $i++;
$attr['shadowLastChange'] = getdays(); $passwd = substr($values_old->unix_password, $i+1 );
$crypt = substr($values_old->unix_password, 0, $i+1 );
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
if ($values->smb_flagsD ) $attr['userPassword'] = $crypt.'!'.$passwd;
else $attr['userPassword'] = $crypt.$passwd;
}
if ($values->smb_password_no) {
if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
else $attr['userPassword'] = pwd_hash('');
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
} }
if ($values->smb_flagsD) $attr['userPassword'] = '{CRYPT}!' . $password_old;
else $attr['userPassword'] = '{CRYPT}' . $password_old;
// Add missing objectclasses to group // Add missing objectclasses to group
if (!in_array('posixAccount', $values->general_objectClass)) { if (!in_array('posixAccount', $values->general_objectClass)) {